Fix gitea on bekkalokk #7
Binary file not shown.
After Width: | Height: | Size: 254 KiB |
|
@ -0,0 +1,172 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||||
|
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
||||||
|
|
||||||
|
<svg
|
||||||
|
width="200mm"
|
||||||
|
height="200mm"
|
||||||
|
viewBox="0 0 200 200"
|
||||||
|
version="1.1"
|
||||||
|
id="svg5"
|
||||||
|
inkscape:version="1.1.2 (b8e25be833, 2022-02-05)"
|
||||||
|
sodipodi:docname="logo_blue_thicc.svg"
|
||||||
|
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||||
|
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||||
|
xmlns="http://www.w3.org/2000/svg"
|
||||||
|
xmlns:svg="http://www.w3.org/2000/svg">
|
||||||
|
<sodipodi:namedview
|
||||||
|
id="namedview7"
|
||||||
|
pagecolor="#505050"
|
||||||
|
bordercolor="#ffffff"
|
||||||
|
borderopacity="1"
|
||||||
|
inkscape:pageshadow="0"
|
||||||
|
inkscape:pageopacity="0"
|
||||||
|
inkscape:pagecheckerboard="1"
|
||||||
|
inkscape:document-units="mm"
|
||||||
|
showgrid="false"
|
||||||
|
inkscape:zoom="3.9730533"
|
||||||
|
inkscape:cx="359.54715"
|
||||||
|
inkscape:cy="690.40101"
|
||||||
|
inkscape:window-width="1920"
|
||||||
|
inkscape:window-height="1057"
|
||||||
|
inkscape:window-x="-8"
|
||||||
|
inkscape:window-y="-8"
|
||||||
|
inkscape:window-maximized="1"
|
||||||
|
inkscape:current-layer="Layer_4"
|
||||||
|
width="200mm" />
|
||||||
|
<defs
|
||||||
|
id="defs2" />
|
||||||
|
<g
|
||||||
|
inkscape:label="Layer 1"
|
||||||
|
inkscape:groupmode="layer"
|
||||||
|
id="layer1">
|
||||||
|
<g
|
||||||
|
id="g98"
|
||||||
|
transform="scale(0.25)">
|
||||||
|
<g
|
||||||
|
id="Layer_2"
|
||||||
|
style="fill:#283681;fill-opacity:1">
|
||||||
|
<rect
|
||||||
|
y="0"
|
||||||
|
class="st0"
|
||||||
|
width="800"
|
||||||
|
height="800"
|
||||||
|
id="rect4"
|
||||||
|
x="0"
|
||||||
|
style="fill:#283681;fill-opacity:1"
|
||||||
|
inkscape:export-filename="C:\Users\al3xk\OneDrive - NTNU\PVV\Gogs\PR\logoer\logo_blue.png"
|
||||||
|
inkscape:export-xdpi="480"
|
||||||
|
inkscape:export-ydpi="480" />
|
||||||
|
</g>
|
||||||
|
<g
|
||||||
|
id="Layer_4"
|
||||||
|
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1">
|
||||||
|
<line
|
||||||
|
class="st1"
|
||||||
|
x1="478.39999"
|
||||||
|
y1="720.29999"
|
||||||
|
x2="313.20001"
|
||||||
|
y2="720.29999"
|
||||||
|
id="line9"
|
||||||
|
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
|
||||||
|
<path
|
||||||
|
class="st1"
|
||||||
|
d="M 478.4,720.3"
|
||||||
|
id="path11"
|
||||||
|
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
|
||||||
|
<polyline
|
||||||
|
class="st2"
|
||||||
|
points="717.1,223.3 717.1,720.3 497.3,720.3 "
|
||||||
|
id="polyline13"
|
||||||
|
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
|
||||||
|
<path
|
||||||
|
class="st2"
|
||||||
|
d="m 498.39888,720.3 c 0,-5.6 -4.5,-10.1 -10.1,-10.1 -5.6,0 -10.1,4.5 -10.1,10.1 h -163.8 c 0,-5.6 -4.5,-10.1 -10.1,-10.1 -5.6,0 -10.1,4.5 -10.1,10.1 -69.7592,0 -145.68417,0 -217.599996,0 V 79.7 H 717.09888 v 120 0 h -17.3 v 24.8 h 17.3"
|
||||||
|
id="path15"
|
||||||
|
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-linecap:square;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
|
||||||
|
sodipodi:nodetypes="csccsccccccccc" />
|
||||||
|
</g>
|
||||||
|
<g
|
||||||
|
id="Layer_3"
|
||||||
|
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1">
|
||||||
|
<circle
|
||||||
|
class="st2"
|
||||||
|
cx="396.79999"
|
||||||
|
cy="400"
|
||||||
|
id="circle18"
|
||||||
|
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
|
||||||
|
r="320.29999" />
|
||||||
|
</g>
|
||||||
|
<g
|
||||||
|
id="Layer_1"
|
||||||
|
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1">
|
||||||
|
<polyline
|
||||||
|
class="st2"
|
||||||
|
points="514.5,173.5 170.2,173.5 170.3,626.6 623.3,626.5 623.3,215.7 584.4,173.4 557,173.4 548,180.6 526.5,180.7 "
|
||||||
|
id="polyline21"
|
||||||
|
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
|
||||||
|
<path
|
||||||
|
class="st2"
|
||||||
|
d="m 526.5,331.8 c 0,7.6 -5.4,13.7 -12,13.7 H 227.7 c -6.6,0 -12,-6.1 -12,-13.7 V 187.2 c 0,-7.6 5.4,-13.7 12,-13.7 h 286.8 c 6.6,0 12,6.1 12,13.7 z"
|
||||||
|
id="path27"
|
||||||
|
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
|
||||||
|
<path
|
||||||
|
class="st2"
|
||||||
|
d="m 526.7,333.6 c 0,6.6 -5.4,12 -12,12 H 296.8 c -6.6,0 -12,-5.4 -12,-12 V 185.5 c 0,-6.6 5.4,-12 12,-12 h 217.9 c 6.6,0 12,5.4 12,12 z"
|
||||||
|
id="path29"
|
||||||
|
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
|
||||||
|
<path
|
||||||
|
class="st2"
|
||||||
|
d="m 577.9,613.7 c 0,6.6 -5.4,12 -12,12 H 227.7 c -6.6,0 -12,-5.4 -12,-12 V 381.1 c 0,-6.6 5.4,-12 12,-12 h 338.2 c 6.6,0 12,5.4 12,12 z"
|
||||||
|
id="path31"
|
||||||
|
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
|
||||||
|
<rect
|
||||||
|
x="179.89999"
|
||||||
|
y="590.20001"
|
||||||
|
class="st2"
|
||||||
|
width="25.700001"
|
||||||
|
height="23"
|
||||||
|
id="rect33"
|
||||||
|
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
|
||||||
|
<rect
|
||||||
|
x="587.59998"
|
||||||
|
y="590.20001"
|
||||||
|
class="st2"
|
||||||
|
width="25.700001"
|
||||||
|
height="23"
|
||||||
|
id="rect35"
|
||||||
|
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
|
||||||
|
<rect
|
||||||
|
x="433.60001"
|
||||||
|
y="193.5"
|
||||||
|
class="st2"
|
||||||
|
width="64.900002"
|
||||||
|
height="137.8"
|
||||||
|
id="rect37"
|
||||||
|
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
|
||||||
|
</g>
|
||||||
|
<path
|
||||||
|
d="m 274.9401,541.572 c 0,3.528 2.772,6.426 6.3,6.426 3.528,0 6.426,-2.898 6.426,-6.426 v -30.996 h 30.87 c 10.458,0 19.152,-8.694 19.152,-19.152 v -22.68 c 0,-10.332 -8.694,-19.026 -19.152,-19.026 h -43.596 z m 12.726,-43.722 v -35.406 h 30.87 c 3.276,0 6.426,2.898 6.426,6.3 v 22.68 c 0,3.528 -3.024,6.426 -6.426,6.426 z"
|
||||||
|
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:126px;font-family:OCRA;-inkscape-font-specification:OCRA;fill:#ffffff;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
|
||||||
|
id="path55-2" />
|
||||||
|
<path
|
||||||
|
d="m 365.99479,478.824 25.326,65.142 c 1.008,2.394 3.276,4.032 6.048,4.032 2.646,0 4.914,-1.638 5.922,-4.032 l 25.452,-65.268 v -22.68 c 0,-3.402 -2.898,-6.3 -6.426,-6.3 -3.528,0 -6.3,2.898 -6.3,6.3 v 20.286 l -18.648,47.628 -18.648,-47.628 v -20.286 c 0,-3.402 -2.898,-6.3 -6.426,-6.3 -3.528,0 -6.3,2.898 -6.3,6.3 z"
|
||||||
|
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:126px;font-family:OCRA;-inkscape-font-specification:OCRA;fill:#ffffff;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
|
||||||
|
id="path57-8" />
|
||||||
|
<path
|
||||||
|
d="m 457.04947,478.824 25.326,65.142 c 1.008,2.394 3.276,4.032 6.048,4.032 2.646,0 4.914,-1.638 5.922,-4.032 l 25.452,-65.268 v -22.68 c 0,-3.402 -2.898,-6.3 -6.426,-6.3 -3.528,0 -6.3,2.898 -6.3,6.3 v 20.286 l -18.648,47.628 -18.648,-47.628 v -20.286 c 0,-3.402 -2.898,-6.3 -6.426,-6.3 -3.528,0 -6.3,2.898 -6.3,6.3 z"
|
||||||
|
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:126px;font-family:OCRA;-inkscape-font-specification:OCRA;fill:#ffffff;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
|
||||||
|
id="path59-1" />
|
||||||
|
</g>
|
||||||
|
</g>
|
||||||
|
<style
|
||||||
|
type="text/css"
|
||||||
|
id="style2">
|
||||||
|
.st0{fill:#ffffff;}
|
||||||
|
.st1{fill:none;stroke:#ffffff;stroke-width:2;stroke-miterlimit:10;}
|
||||||
|
.st2{fill:none;stroke:#000000;stroke-width:2;stroke-miterlimit:10;}
|
||||||
|
.st3{fill:none;}
|
||||||
|
.st4{stroke:#000000;stroke-miterlimit:10;}
|
||||||
|
.st5{font-family:'OCRAStd';}
|
||||||
|
.st6{font-size:126px;}
|
||||||
|
</style>
|
||||||
|
</svg>
|
After Width: | Height: | Size: 8.2 KiB |
|
@ -9,10 +9,10 @@
|
||||||
#./services/keycloak.nix
|
#./services/keycloak.nix
|
||||||
|
|
||||||
# TODO: set up authentication for the following:
|
# TODO: set up authentication for the following:
|
||||||
# ./services/website/website.nix
|
# ./services/website.nix
|
||||||
./services/website/nginx.nix
|
./services/nginx.nix
|
||||||
# ./services/website/gitea.nix
|
./services/gitea/default.nix
|
||||||
./services/website/mediawiki.nix
|
# ./services/mediawiki.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml;
|
sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml;
|
||||||
|
|
|
@ -0,0 +1,102 @@
|
||||||
|
{ config, values, pkgs, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.services.gitea;
|
||||||
|
domain = "git.pvv.ntnu.no";
|
||||||
|
sshPort = 2222;
|
||||||
|
in {
|
||||||
|
sops.secrets = {
|
||||||
|
"gitea/database" = {
|
||||||
|
owner = "gitea";
|
||||||
|
group = "gitea";
|
||||||
|
};
|
||||||
|
"gitea/passwd-ssh-key" = { };
|
||||||
|
"gitea/ssh-known-hosts" = { };
|
||||||
|
"gitea/import-user-env" = { };
|
||||||
|
};
|
||||||
|
|
||||||
|
services.gitea = {
|
||||||
|
enable = true;
|
||||||
|
stateDir = "/data/gitea";
|
||||||
|
appName = "PVV Git";
|
||||||
|
|
||||||
|
database = {
|
||||||
|
type = "postgres";
|
||||||
|
host = "postgres.pvv.ntnu.no";
|
||||||
|
port = config.services.postgresql.port;
|
||||||
|
passwordFile = config.sops.secrets."gitea/database".path;
|
||||||
|
createDatabase = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
server = {
|
||||||
|
DOMAIN = domain;
|
||||||
|
ROOT_URL = "https://${domain}/";
|
||||||
|
PROTOCOL = "http+unix";
|
||||||
|
SSH_PORT = sshPort;
|
||||||
|
START_SSH_SERVER = true;
|
||||||
|
};
|
||||||
|
indexer = {
|
||||||
|
REPO_INDEXER_ENABLED = true;
|
||||||
|
};
|
||||||
|
service.DISABLE_REGISTRATION = true;
|
||||||
|
session.COOKIE_SECURE = true;
|
||||||
|
database.LOG_SQL = false;
|
||||||
|
picture = {
|
||||||
|
DISABLE_GRAVATAR = true;
|
||||||
|
ENABLE_FEDERATED_AVATAR = false;
|
||||||
|
};
|
||||||
|
"ui.meta".DESCRIPTION = "Bokstavelig talt programvareverkstedet";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
environment.systemPackages = [ cfg.package ];
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."${domain}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://unix:${cfg.settings.server.HTTP_ADDR}";
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
extraConfig = ''
|
||||||
|
client_max_body_size 512M;
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ sshPort ];
|
||||||
|
|
||||||
|
# Automatically import users
|
||||||
|
systemd.services.gitea-import-users = {
|
||||||
|
enable = true;
|
||||||
|
preStart=''${pkgs.rsync}/bin/rsync -e "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=$CREDENTIALS_DIRECTORY/ssh-known-hosts -i $CREDENTIALS_DIRECTORY/sshkey" -a pvv@smtp.pvv.ntnu.no:/etc/passwd /tmp/passwd-import'';
|
||||||
|
serviceConfig = {
|
||||||
|
ExecStart = pkgs.writers.writePython3 "gitea-import-users" { libraries = [ pkgs.python3Packages.requests ]; } (builtins.readFile ./gitea-import-users.py);
|
||||||
|
LoadCredential=[
|
||||||
|
"sshkey:${config.sops.secrets."gitea/passwd-ssh-key".path}"
|
||||||
|
"ssh-known-hosts:${config.sops.secrets."gitea/ssh-known-hosts".path}"
|
||||||
|
];
|
||||||
|
DynamicUser="yes";
|
||||||
|
EnvironmentFile=config.sops.secrets."gitea/import-user-env".path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.timers.gitea-import-users = {
|
||||||
|
enable = true;
|
||||||
|
requires = [ "gitea.service" ];
|
||||||
|
after = [ "gitea.service" ];
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = "*-*-* 02:00:00";
|
||||||
|
Persistent = true;
|
||||||
|
Unit = "gitea-import-users.service";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
system.activationScripts.linkGiteaLogo.text = let
|
||||||
|
logo-svg = ../../../../assets/logo_blue_regular.svg;
|
||||||
|
logo-png = ../../../../assets/logo_blue_regular.png;
|
||||||
|
in ''
|
||||||
|
install -Dm444 ${logo-svg} ${cfg.stateDir}/custom/public/img/logo.svg
|
||||||
|
install -Dm444 ${logo-png} ${cfg.stateDir}/custom/public/img/logo.png
|
||||||
|
install -Dm444 ${./loading.apng} ${cfg.stateDir}/custom/public/img/loading.png
|
||||||
|
'';
|
||||||
|
}
|
|
@ -0,0 +1,94 @@
|
||||||
|
import requests
|
||||||
|
import secrets
|
||||||
|
import os
|
||||||
|
|
||||||
|
EMAIL_DOMAIN = os.getenv('EMAIL_DOMAIN')
|
||||||
|
if EMAIL_DOMAIN is None:
|
||||||
|
EMAIL_DOMAIN = 'pvv.ntnu.no'
|
||||||
|
|
||||||
|
API_TOKEN = os.getenv('API_TOKEN')
|
||||||
|
if API_TOKEN is None:
|
||||||
|
raise Exception('API_TOKEN not set')
|
||||||
|
|
||||||
|
GITEA_API_URL = os.getenv('GITEA_API_URL')
|
||||||
|
if GITEA_API_URL is None:
|
||||||
|
GITEA_API_URL = 'https://git.pvv.ntnu.no/api/v1'
|
||||||
|
|
||||||
|
BANNED_SHELLS = [
|
||||||
|
"/usr/bin/nologin",
|
||||||
|
"/usr/sbin/nologin",
|
||||||
|
"/sbin/nologin",
|
||||||
|
"/bin/false",
|
||||||
|
"/bin/msgsh",
|
||||||
|
]
|
||||||
|
|
||||||
|
existing_users = {}
|
||||||
|
|
||||||
|
|
||||||
|
# This function should only ever be called when adding users
|
||||||
|
# from the passwd file
|
||||||
|
def add_user(username, name):
|
||||||
|
user = {
|
||||||
|
"full_name": name,
|
||||||
|
"username": username,
|
||||||
|
"login_name": username,
|
||||||
|
"visibility": "public",
|
||||||
|
"source_id": 1, # 1 = SMTP
|
||||||
|
}
|
||||||
|
|
||||||
|
if username not in existing_users:
|
||||||
|
user["password"] = secrets.token_urlsafe(32)
|
||||||
|
user["must_change_password"] = False
|
||||||
|
user["visibility"] = "private"
|
||||||
|
user["email"] = username + '@' + EMAIL_DOMAIN
|
||||||
|
|
||||||
|
r = requests.post(GITEA_API_URL + '/admin/users', json=user,
|
||||||
|
headers={'Authorization': 'token ' + API_TOKEN})
|
||||||
|
if r.status_code != 201:
|
||||||
|
print('ERR: Failed to create user ' + username + ': ' + r.text)
|
||||||
|
return
|
||||||
|
|
||||||
|
print('Created user ' + username)
|
||||||
|
existing_users[username] = user
|
||||||
|
|
||||||
|
else:
|
||||||
|
r = requests.patch(GITEA_API_URL + f'/admin/users/{username}',
|
||||||
|
json=user,
|
||||||
|
headers={'Authorization': 'token ' + API_TOKEN})
|
||||||
|
if r.status_code != 200:
|
||||||
|
print('ERR: Failed to update user ' + username + ': ' + r.text)
|
||||||
|
return
|
||||||
|
|
||||||
|
print('Updated user ' + username)
|
||||||
|
|
||||||
|
|
||||||
|
def main():
|
||||||
|
# Fetch existing users
|
||||||
|
r = requests.get(GITEA_API_URL + '/admin/users',
|
||||||
|
headers={'Authorization': 'token ' + API_TOKEN})
|
||||||
|
|
||||||
|
if r.status_code != 200:
|
||||||
|
raise Exception('Failed to get users: ' + r.text)
|
||||||
|
|
||||||
|
for user in r.json():
|
||||||
|
existing_users[user['login']] = user
|
||||||
|
|
||||||
|
# Read the file, add each user
|
||||||
|
with open("/tmp/passwd-import", 'r') as f:
|
||||||
|
for line in f.readlines():
|
||||||
|
uid = int(line.split(':')[2])
|
||||||
|
if uid < 1000:
|
||||||
|
continue
|
||||||
|
|
||||||
|
shell = line.split(':')[-1]
|
||||||
|
if shell in BANNED_SHELLS:
|
||||||
|
continue
|
||||||
|
|
||||||
|
username = line.split(':')[0]
|
||||||
|
name = line.split(':')[4].split(',')[0]
|
||||||
|
|
||||||
|
add_user(username, name)
|
||||||
|
|
||||||
|
|
||||||
|
if __name__ == '__main__':
|
||||||
|
main()
|
Binary file not shown.
After Width: | Height: | Size: 1.1 MiB |
|
@ -28,7 +28,7 @@ in {
|
||||||
|
|
||||||
database = {
|
database = {
|
||||||
type = "postgres";
|
type = "postgres";
|
||||||
host = values.hosts.postgres.ipv4;
|
host = "postgres.pvv.ntnu.no";
|
||||||
port = config.services.postgresql.port;
|
port = config.services.postgresql.port;
|
||||||
passwordFile = config.sops.secrets."keys/postgres/mediawiki".path;
|
passwordFile = config.sops.secrets."keys/postgres/mediawiki".path;
|
||||||
createLocally = false;
|
createLocally = false;
|
|
@ -0,0 +1,18 @@
|
||||||
|
{ pkgs, config, ... }:
|
||||||
|
{
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
defaults.email = "drift@pvv.ntnu.no";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
recommendedProxySettings = true;
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
recommendedGzipSettings = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
}
|
|
@ -1,26 +0,0 @@
|
||||||
{ config, values, ... }:
|
|
||||||
{
|
|
||||||
sops.secrets."postgres/gitea/password" = { };
|
|
||||||
|
|
||||||
services.gitea = {
|
|
||||||
enable = true;
|
|
||||||
rootUrl = "https://git2.pvv.ntnu.no/";
|
|
||||||
stateDir = "/data/gitea";
|
|
||||||
appName = "PVV Git";
|
|
||||||
|
|
||||||
enableUnixSocket = true;
|
|
||||||
|
|
||||||
database = {
|
|
||||||
type = "postgres";
|
|
||||||
host = values.bicep.ipv4;
|
|
||||||
port = config.services.postgresql.port;
|
|
||||||
passwordFile = config.sops.secrets."postgres/gitea/password".path;
|
|
||||||
createDatabase = false;
|
|
||||||
};
|
|
||||||
|
|
||||||
settings = {
|
|
||||||
service.DISABLE_REGISTRATION = true;
|
|
||||||
session.COOKIE_SECURE = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,42 +0,0 @@
|
||||||
{ pkgs, config, ... }:
|
|
||||||
{
|
|
||||||
security.acme = {
|
|
||||||
acceptTerms = true;
|
|
||||||
defaults.email = "drift@pvv.ntnu.no";
|
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx = {
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
recommendedTlsSettings = true;
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
recommendedOptimisation = true;
|
|
||||||
recommendedGzipSettings = true;
|
|
||||||
|
|
||||||
virtualHosts = {
|
|
||||||
"bekkalokk.pvv.ntnu.no" = {
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
root = "${config.services.mediawiki.finalPackage}/share/mediawiki";
|
|
||||||
locations = {
|
|
||||||
"/" = {
|
|
||||||
extraConfig = ''
|
|
||||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
||||||
fastcgi_index index.php;
|
|
||||||
fastcgi_pass unix:${config.services.phpfpm.pools.mediawiki.socket};
|
|
||||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
|
||||||
include ${pkgs.nginx}/conf/fastcgi.conf;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
"/images".root = config.services.mediawiki.uploadsDir;
|
|
||||||
|
|
||||||
# "/git" = {
|
|
||||||
# proxyPass = "http://unix:${config.services.gitea.settings.server.HTTP_ADDR}";
|
|
||||||
# proxyWebsockets = true;
|
|
||||||
# };
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,12 +1,14 @@
|
||||||
gitea:
|
gitea:
|
||||||
password: ENC[AES256_GCM,data:hlNzdU1ope0t50/3aztyLeXjMHd2vFPpwURX+Iu8f49DOqgSnEMtV+KtLA==,iv:qljRnSnchL5cFmaUAfCH9GQYQxcy5cyWejgk1x6bFgI=,tag:tIhboFU5kZsj5oAQR3hLbw==,type:str]
|
password: ENC[AES256_GCM,data:hlNzdU1ope0t50/3aztyLeXjMHd2vFPpwURX+Iu8f49DOqgSnEMtV+KtLA==,iv:qljRnSnchL5cFmaUAfCH9GQYQxcy5cyWejgk1x6bFgI=,tag:tIhboFU5kZsj5oAQR3hLbw==,type:str]
|
||||||
|
database: ENC[AES256_GCM,data:UlS33IdCEyeSvT6ngpmnkBWHuSEqsB//DT+3b7C+UwbD8UXWJlsLf1X8/w==,iv:mPRW5ldyZaHP+y/0vC2JGSLZmlkhgmkvXPk4LazkSDs=,tag:gGk6Z/nbPvzE1zG+tJC8Sw==,type:str]
|
||||||
|
passwd-ssh-key: ENC[AES256_GCM,data:L0lF0wvpayss1NU9m3A45cH0bCMQzODTFVrq6EPd1JHx54wIcoaRBYLmxXKXASzBlCg9zlwXMUIk3OQcS3kdzMKL0iqcSL2iicAcKjFIHyrWLqXgwV5pRSP/tRPcVw8KW8gz0bh33EgESs5ReddZ3VZ0Cy1s2YupMRQvBXr89k1+Hv70OWB6P06hvxhv/zKcMGI1N/dWLroMgrQuT9imw4+/Q1RqwzTYeEU+eUn24AM9GjcBg4qf3OI+6g0nXUat/upIYE28iF5J3lbUSmDSmirBLc8xgHLdOyyJPTObWYWYxlSL78T7IqiMm9lI3rtBlpJDDcn/YxZpVqN5bg2154GISNK+uR0TVSLdJ+drdGHIfIX3G78XSxf2L9rbJyRn8MQlgStfdBIQicLavQKVMrmj+XQfvEMez23WbPLjH4oViBQFI+GrOHOGy/f16cz8Sn4n+69OcsOeTxs3tKYdfq6r1XLYSJ/fe/zvxBpaZiyGXljsuyEdIyBL2A8D6uSXe3Nd3/DAdBtceFfIdN1olCdutixzVWgxaJnrel161z5A/4w=,iv:Uy46yY3jFYSvpxrgCHxRMUksnWfhf5DViLMvCXVMMl4=,tag:wFEJ5+icFrOKkc56gY0A5g==,type:str]
|
||||||
|
ssh-known-hosts: ENC[AES256_GCM,data:zlRLoelQeumMxGqPmgMTB69X1RVWXIs2jWwc67lk0wrdNOHUs5UzV5TUA1JnQ43RslBU92+js7DkyvE5enGzw7zZE5F1ZYdGv/eCgvkTMC9BoLfzHzP6OzayPLYEt3xJ5PRocN8JUAD55cuu4LgsuebuydHPi2oWOfpbSUBKSeCh6dvk5Pp1XRDprPS5SzGLW8Xjq98QlzmfGv50meI9CDJZVF9Wq/72gkyfgtb3YVdr,iv:AF06TBitHegfWk6w07CdkHklh4ripQCmA45vswDQgss=,tag:zKh7WVXMJN2o9ZIwIkby3Q==,type:str]
|
||||||
|
import-user-env: ENC[AES256_GCM,data:vfaqjGEnUM9VtOPvBurz7nFwzGZt3L2EqijrQej4wiOcGCrRA4tN6kBV6NmhHqlFPsw=,iv:viPGkyOOacCWcgTu25da4qH7DC4wz2qdeC1W2WcMUdI=,tag:BllNqGQoaxqUo3lTz9LGnw==,type:str]
|
||||||
mediawiki:
|
mediawiki:
|
||||||
password: ENC[AES256_GCM,data:HsBuA1E7187roGnKuFPfPDYxA16GFjAUucgUtrdUFmcOzmTNiFH+NWY2ZQ==,iv:vDYUmmZftcrkDtJxNYKAJSx9j+AQcmQarC62QRHR4IM=,tag:3TKjNrGRivFWoK3djC748g==,type:str]
|
password: ENC[AES256_GCM,data:HsBuA1E7187roGnKuFPfPDYxA16GFjAUucgUtrdUFmcOzmTNiFH+NWY2ZQ==,iv:vDYUmmZftcrkDtJxNYKAJSx9j+AQcmQarC62QRHR4IM=,tag:3TKjNrGRivFWoK3djC748g==,type:str]
|
||||||
keys:
|
database: ENC[AES256_GCM,data:EvVK3Mo6cZiIZS+gTxixU4r9SXN41VqwaWOtortZRNH+WPJ4xcYvzYMJNg==,iv:JtFTRLn3fzKIfgAPRqRgQjct7EdkEHtiyQKPy8/sZ2Q=,tag:nqzseG6BC0X5UNI/3kZZ3A==,type:str]
|
||||||
postgres:
|
keycloak:
|
||||||
gitea: ENC[AES256_GCM,data:lG4P8kzp7Zq94WftN7p1RJqM65esPuTFZ2JJWkFFXTzlid2DRZPsG2FGIA==,iv:JvHQUgwwb7wJTNMxjLjOUw5sKKWlyMJafVaUOLUu9Sk=,tag:qE0+gDFU/YtghqCv/d2Qgw==,type:str]
|
database: ENC[AES256_GCM,data:76+AZnNR5EiturTP7BdOCKE90bFFkfGlRtviSP5NHxPbb3RfFPJEMlwtzA==,iv:nS7VTossHdlrHjPeethhX+Ysp9ukrb5JD7kjG28OFpY=,tag:OMpiEv9nQA7v6lWJfNxEEw==,type:str]
|
||||||
mediawiki: ENC[AES256_GCM,data:p+s/uQ3ywQY9RpImFWTxjt1orzl905i9kTQPzsAIs6hAK5t3B00XVzKZgQ==,iv:xp3PRrjCGFxCsRZOlJGIonBOKWJ+3/1CByc4q7O3vDw=,tag:bfKlU2Pcoq0cQjbhp+UXag==,type:str]
|
|
||||||
keycloak: ENC[AES256_GCM,data:A3cbJTfP97yT35ov/yuWaD+b3wD2I8H+2GkW1ONp3YiNEsmKFjROx2rpwA==,iv:kMbuPtvy/49soEH9jxdY/X0BFDoiK7EyZ56xMkwjMUg=,tag:Ttp8BbJqfPWaeH5iaOwcQQ==,type:str]
|
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -40,8 +42,8 @@ sops:
|
||||||
akVjeTNTeGorZjJQOVlMeCtPRUVYL3MK+VMvGxrbzGz4Q3sdaDDWjal+OiK+JYKX
|
akVjeTNTeGorZjJQOVlMeCtPRUVYL3MK+VMvGxrbzGz4Q3sdaDDWjal+OiK+JYKX
|
||||||
GHiMXVHQJZu/RrlxMjHKN6V3iaqxZpuvLAEJ2Lzy5EOHPtuiiRyeHQ==
|
GHiMXVHQJZu/RrlxMjHKN6V3iaqxZpuvLAEJ2Lzy5EOHPtuiiRyeHQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2023-05-06T21:36:22Z"
|
lastmodified: "2023-09-03T19:12:38Z"
|
||||||
mac: ENC[AES256_GCM,data:F9XujlDa5o0N07UfA4QTjApiJQyaT/l6jVSmekwx8exLWGKfMIVs3KKt8ZIT8MmmCg1+GPYHV1MzC+OCImj1q0uYDkqG/Of5KAKYrizz2GwmVa8pSyV/b+tFdBNKxlVjH+YWwxkMltCoZNzaYJDALAfUv07Xp8mnKaXdkS7SQBQ=,iv:LAmhmXDui8gkYKjL8gk9HPRFlcKAviQ9g9prp7yDptQ=,tag:GNffyDqt+mm3umUtnTU9hw==,type:str]
|
mac: ENC[AES256_GCM,data:Zo6WD3n33nX7bUun9YqaidvqZjFmbIx7QTzOTGOanSbeDmrejRRdBgGMohWG07byxrdlYO6mQwBkz2xic7+Rh3k1UJ65FDNyM7EOrwuc/X7HJy2Tk9WQO0DDbwDh+OfCeLOhrpBWTlsVt9HpN6xU8xBDABVxBQzd47pm1GRs3Ig=,iv:ECl4h15AnDJPcR3eXZ/wXSTUP8QnAuYiWRWx+Ouazd4=,tag:ZkZ/kSrx/5HCDPQhCGuxLw==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2023-05-21T00:28:40Z"
|
- created_at: "2023-05-21T00:28:40Z"
|
||||||
enc: |
|
enc: |
|
||||||
|
|
Loading…
Reference in New Issue