From 87bd442eed1faed44b140c0fc54f14dcc7c60ef9 Mon Sep 17 00:00:00 2001 From: revol-xut Date: Tue, 6 Sep 2022 17:16:31 +0200 Subject: [PATCH] secrets for mediawiki and formatting --- flake.nix | 117 +++++++++++----------- hosts/birne/configuration.nix | 13 +-- hosts/birne/hardware-configuration.nix | 12 ++- hosts/quitte/configuration.nix | 21 ++-- hosts/quitte/hardware-configuration.nix | 21 ++-- hosts/sanddorn/configuration.nix | 4 +- hosts/sanddorn/hardware-configuration.nix | 12 +-- modules/base.nix | 2 +- modules/desktop.nix | 33 +++--- modules/hedgedoc.nix | 5 +- modules/infoscreen.nix | 21 ++-- modules/keycloak.nix | 45 +++++---- modules/options.nix | 2 +- modules/printing.nix | 30 +++--- modules/wifi.nix | 7 +- modules/wiki.nix | 74 +++++++------- pkgs/server.nix | 65 ++++++------ secrets/durian.yaml | 5 +- 18 files changed, 255 insertions(+), 234 deletions(-) diff --git a/flake.nix b/flake.nix index 808648d..198fa04 100755 --- a/flake.nix +++ b/flake.nix @@ -1,70 +1,71 @@ { - inputs = { + inputs = { nixpkgs.url = github:NixOS/nixpkgs/nixos-22.05; sops-nix.url = github:Mic92/sops-nix; sops-nix.inputs.nixpkgs.follows = "nixpkgs"; fsr-infoscreen.url = github:fsr/infoscreen; }; - outputs = { self, nixpkgs, sops-nix, fsr-infoscreen, ... }@inputs: - let - in { - #packages."aarch64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage; - #packages."x86_64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage; + outputs = { self, nixpkgs, sops-nix, fsr-infoscreen, ... }@inputs: + let + in { + #packages."aarch64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage; + #packages."x86_64-linux".sanddorn = self.nixosConfigurations.sanddorn.config.system.build.sdImage; - nixosConfigurations = { - birne = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - ./hosts/birne/configuration.nix + nixosConfigurations = { + birne = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + ./hosts/birne/configuration.nix - ./modules/base.nix - ./modules/autoupdate.nix - ./modules/desktop.nix - ./modules/printing.nix - ./modules/wifi.nix - ./modules/options.nix - { - fsr.enable_office_bloat = true; - } + ./modules/base.nix + ./modules/autoupdate.nix + ./modules/desktop.nix + ./modules/printing.nix + ./modules/wifi.nix + ./modules/options.nix + { + fsr.enable_office_bloat = true; + } - ]; - }; - sanddorn = nixpkgs.lib.nixosSystem { - system = "aarch64-linux"; - modules = [ - { - nixpkgs.overlays = [ fsr-infoscreen.overlay."aarch64-linux"]; - nixpkgs.config.allowBroken = true; - sdImage.compressImage = false; - } - ./hosts/sanddorn/configuration.nix - ./modules/infoscreen.nix - ./modules/base.nix - ./modules/autoupdate.nix - ./modules/wifi.nix - ./modules/desktop.nix - ./modules/options.nix - "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" - { - fsr.enable_office_bloat = false; - } - ]; - }; - quitte = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - modules = [ - inputs.sops-nix.nixosModules.sops - ./hosts/quitte/configuration.nix - ./modules/base.nix - ./modules/sops.nix - ./modules/keycloak.nix - ./modules/nginx.nix - ./modules/hedgedoc.nix - { - sops.defaultSopsFile = ./secrets/durian.yaml; - } - ]; + ]; + }; + sanddorn = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = [ + { + nixpkgs.overlays = [ fsr-infoscreen.overlay."aarch64-linux" ]; + nixpkgs.config.allowBroken = true; + sdImage.compressImage = false; + } + ./hosts/sanddorn/configuration.nix + ./modules/infoscreen.nix + ./modules/base.nix + ./modules/autoupdate.nix + ./modules/wifi.nix + ./modules/desktop.nix + ./modules/options.nix + "${nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" + { + fsr.enable_office_bloat = false; + } + ]; + }; + quitte = nixpkgs.lib.nixosSystem { + system = "x86_64-linux"; + modules = [ + inputs.sops-nix.nixosModules.sops + ./hosts/quitte/configuration.nix + ./modules/base.nix + ./modules/sops.nix + ./modules/keycloak.nix + ./modules/nginx.nix + ./modules/hedgedoc.nix + ./modules/wiki.nix + { + sops.defaultSopsFile = ./secrets/durian.yaml; + } + ]; + }; }; }; - }; } diff --git a/hosts/birne/configuration.nix b/hosts/birne/configuration.nix index 2c0b96e..5ab2329 100755 --- a/hosts/birne/configuration.nix +++ b/hosts/birne/configuration.nix @@ -5,7 +5,8 @@ { config, pkgs, ... }: { - imports =[ # Include the results of the hardware scan. + imports = [ + # Include the results of the hardware scan. ./hardware-configuration.nix ]; @@ -24,11 +25,11 @@ }; nixpkgs.config.allowUnfree = true; - users.users.printer = { - isNormalUser = true; - password = "printer"; - extraGroups = []; - }; + users.users.printer = { + isNormalUser = true; + password = "printer"; + extraGroups = [ ]; + }; environment.systemPackages = with pkgs; [ firefox diff --git a/hosts/birne/hardware-configuration.nix b/hosts/birne/hardware-configuration.nix index 58a77b5..5ad5d2a 100755 --- a/hosts/birne/hardware-configuration.nix +++ b/hosts/birne/hardware-configuration.nix @@ -5,7 +5,8 @@ { imports = - [ (modulesPath + "/installer/scan/not-detected.nix") + [ + (modulesPath + "/installer/scan/not-detected.nix") ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; @@ -14,18 +15,19 @@ boot.extraModulePackages = [ config.boot.kernelPackages.broadcom_sta ]; fileSystems."/" = - { device = "/dev/disk/by-uuid/9799b183-a191-484e-b9a4-05e29412af25"; + { + device = "/dev/disk/by-uuid/9799b183-a191-484e-b9a4-05e29412af25"; fsType = "ext4"; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/CF58-EB12"; + { + device = "/dev/disk/by-uuid/CF58-EB12"; fsType = "vfat"; }; swapDevices = - [ { device = "/dev/disk/by-uuid/94622e8e-8b58-4b3b-9494-d144ccaeb486"; } - ]; + [{ device = "/dev/disk/by-uuid/94622e8e-8b58-4b3b-9494-d144ccaeb486"; }]; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; } diff --git a/hosts/quitte/configuration.nix b/hosts/quitte/configuration.nix index af7db7f..34416b0 100644 --- a/hosts/quitte/configuration.nix +++ b/hosts/quitte/configuration.nix @@ -6,7 +6,8 @@ { imports = - [ # Include the results of the hardware scan. + [ + # Include the results of the hardware scan. ./hardware-configuration.nix ]; @@ -17,19 +18,19 @@ boot.supportedFilesystems = [ "zfs" ]; boot.zfs.devNodes = "/dev/"; networking.hostId = "a41d87fc"; - + networking.interfaces.enp65s0f0np0 = { - useDHCP = false; - ipv4.addresses = [ - { - address = "141.30.30.169"; + useDHCP = false; + ipv4.addresses = [ + { + address = "141.30.30.169"; prefixLength = 25; - } + } ]; }; networking.defaultGateway = "141.30.30.129"; networking.nameservers = [ "141.30.1.1" ]; - + networking.hostName = "quitte"; # Define your hostname. # Pick only one of the below networking options. # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. @@ -54,7 +55,7 @@ # services.xserver.enable = true; - + # Configure keymap in X11 # services.xserver.layout = "us"; @@ -104,7 +105,7 @@ # Enable the OpenSSH daemon. services.openssh.enable = true; services.openssh.permitRootLogin = "yes"; - + # Open ports in the firewall. networking.firewall.allowedTCPPorts = [ 443 80 ]; # networking.firewall.allowedUDPPorts = [ ... ]; diff --git a/hosts/quitte/hardware-configuration.nix b/hosts/quitte/hardware-configuration.nix index 3ab4310..0a2357a 100644 --- a/hosts/quitte/hardware-configuration.nix +++ b/hosts/quitte/hardware-configuration.nix @@ -5,7 +5,8 @@ { imports = - [ (modulesPath + "/installer/scan/not-detected.nix") + [ + (modulesPath + "/installer/scan/not-detected.nix") ]; boot.initrd.availableKernelModules = [ "megaraid_sas" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; @@ -14,36 +15,42 @@ boot.extraModulePackages = [ ]; fileSystems."/" = - { device = "rpool/nixos/root"; + { + device = "rpool/nixos/root"; fsType = "zfs"; options = [ "zfsutil" ]; }; fileSystems."/home" = - { device = "rpool/nixos/home"; + { + device = "rpool/nixos/home"; fsType = "zfs"; options = [ "zfsutil" ]; }; fileSystems."/var/lib" = - { device = "rpool/nixos/var/lib"; + { + device = "rpool/nixos/var/lib"; fsType = "zfs"; options = [ "zfsutil" ]; }; fileSystems."/var/log" = - { device = "rpool/nixos/var/log"; + { + device = "rpool/nixos/var/log"; fsType = "zfs"; options = [ "zfsutil" ]; }; fileSystems."/boot" = - { device = "/dev/disk/by-uuid/7FE6-F583"; + { + device = "/dev/disk/by-uuid/7FE6-F583"; fsType = "vfat"; }; fileSystems."/nix" = - { device = "rpool/nixos/nix"; + { + device = "rpool/nixos/nix"; fsType = "zfs"; options = [ "zfsutil" ]; }; diff --git a/hosts/sanddorn/configuration.nix b/hosts/sanddorn/configuration.nix index b1a43e3..8b0685c 100644 --- a/hosts/sanddorn/configuration.nix +++ b/hosts/sanddorn/configuration.nix @@ -41,6 +41,6 @@ }; documentation.enable = false; - - system.stateVersion = "21.05"; + + system.stateVersion = "21.05"; } diff --git a/hosts/sanddorn/hardware-configuration.nix b/hosts/sanddorn/hardware-configuration.nix index acb17c7..b88abb6 100644 --- a/hosts/sanddorn/hardware-configuration.nix +++ b/hosts/sanddorn/hardware-configuration.nix @@ -21,19 +21,19 @@ fsType = "vfat"; }; "/swap" = { - device = "/dev/disk/by-uuid/SWAP"; - fsType = "btrfs"; - options = [ "subvol=swap" "compress=lzo" "noatime" ]; # Note these options effect the entire BTRFS filesystem and not just this volume, with the exception of `"subvol=swap"`, the other options are repeated in my other `fileSystem` mounts + device = "/dev/disk/by-uuid/SWAP"; + fsType = "btrfs"; + options = [ "subvol=swap" "compress=lzo" "noatime" ]; # Note these options effect the entire BTRFS filesystem and not just this volume, with the exception of `"subvol=swap"`, the other options are repeated in my other `fileSystem` mounts }; "/" = { device = "/dev/disk/by-label/NIXOS_SD"; fsType = "ext4"; }; }; - + swapDevices = [{ - device = "/swap/swapfile"; - size = (1024 * 2); + device = "/swap/swapfile"; + size = (1024 * 2); }]; hardware.enableRedistributableFirmware = true; diff --git a/modules/base.nix b/modules/base.nix index 2dae16d..8bd2fdd 100755 --- a/modules/base.nix +++ b/modules/base.nix @@ -4,7 +4,7 @@ extraOptions = '' experimental-features = nix-command flakes ''; - }; + }; # Select internationalisation properties. i18n.defaultLocale = "en_US.UTF-8"; diff --git a/modules/desktop.nix b/modules/desktop.nix index fb1cf70..4ebc1b1 100755 --- a/modules/desktop.nix +++ b/modules/desktop.nix @@ -1,28 +1,29 @@ { pkgs, lib, config, office_stuff, ... }: -let +let -extra_office_packages = (lib.ifEnable config.fsr.enable_office_bloat (with pkgs; [ - vlc - libreoffice-fresh - okular - texlive.combined.scheme-full -])); + extra_office_packages = (lib.ifEnable config.fsr.enable_office_bloat (with pkgs; [ + vlc + libreoffice-fresh + okular + texlive.combined.scheme-full + ])); -in { +in +{ # enable XFCE as lightweight desktop environment services = { - xserver.enable = true; - xserver.desktopManager.xfce.enable = true; - xserver.displayManager.defaultSession = "xfce"; + xserver.enable = true; + xserver.desktopManager.xfce.enable = true; + xserver.displayManager.defaultSession = "xfce"; - # Configure keymap in X11 - xserver.layout = "de"; - xserver.xkbOptions = "eurosign:e,ctrl:nocaps,compose:prsc"; + # Configure keymap in X11 + xserver.layout = "de"; + xserver.xkbOptions = "eurosign:e,ctrl:nocaps,compose:prsc"; - # enable touchpad support - xserver.libinput.enable = true; + # enable touchpad support + xserver.libinput.enable = true; }; # enable sound sound.enable = true; diff --git a/modules/hedgedoc.nix b/modules/hedgedoc.nix index f83bf80..a5db8e0 100644 --- a/modules/hedgedoc.nix +++ b/modules/hedgedoc.nix @@ -1,7 +1,8 @@ { config, pkgs, lib, ... }: -let +let domain = "pad.quitte.tassilo-tanneberger.de"; -in { +in +{ services = { postgresql = { enable = true; diff --git a/modules/infoscreen.nix b/modules/infoscreen.nix index 6082211..21c3a0e 100644 --- a/modules/infoscreen.nix +++ b/modules/infoscreen.nix @@ -1,8 +1,9 @@ -{ pkgs, lib, config, ...}: +{ pkgs, lib, config, ... }: let fsr-infoscreen = pkgs.fsr-infoscreen; -in { +in +{ systemd = { services."fsr-infoscreen" = { @@ -13,16 +14,16 @@ in { ''; serviceConfig = { - User = "infoscreen"; - Restart = "on-failure"; - }; + User = "infoscreen"; + Restart = "on-failure"; }; }; + }; - users.users.infoscreen = { - name = "infoscreen"; - description = "custom user for service infoscreen service"; - isNormalUser = true; - }; + users.users.infoscreen = { + name = "infoscreen"; + description = "custom user for service infoscreen service"; + isNormalUser = true; + }; } diff --git a/modules/keycloak.nix b/modules/keycloak.nix index 617ce2d..881980b 100644 --- a/modules/keycloak.nix +++ b/modules/keycloak.nix @@ -1,5 +1,5 @@ -{pkgs, config, lib, ...}: { - +{ pkgs, config, lib, ... }: { + sops.secrets.postgres_keycloak = { owner = config.systemd.services.keycloak.serviceConfig.User; group = "keycloak"; @@ -24,8 +24,8 @@ hostname = "keycloak.quitte.tassilo-tanneberger.de"; http-host = "127.0.0.1"; http-port = 8000; - https-port = 8001; - proxy = "edge"; + https-port = 8001; + proxy = "edge"; }; database = { @@ -34,30 +34,31 @@ passwordFile = config.sops.secrets.postgres_keycloak.path; name = "keycloak"; host = "localhost"; - createLocally = true; + createLocally = true; }; }; postgresql = { enable = true; }; nginx = { - enable = true; - recommendedProxySettings = true; - virtualHosts = { - "${config.services.keycloak.settings.hostname}" = { - enableACME = true; - forceSSL = true; - http2 = true; - locations = { - "/" = - let - cfg = config.services.keycloak.settings; - in { - proxyPass = "http://${cfg.http-host}:${toString cfg.http-port}"; - }; - }; - }; - }; + enable = true; + recommendedProxySettings = true; + virtualHosts = { + "${config.services.keycloak.settings.hostname}" = { + enableACME = true; + forceSSL = true; + http2 = true; + locations = { + "/" = + let + cfg = config.services.keycloak.settings; + in + { + proxyPass = "http://${cfg.http-host}:${toString cfg.http-port}"; + }; + }; + }; + }; }; }; } diff --git a/modules/options.nix b/modules/options.nix index 28acb30..26868ae 100644 --- a/modules/options.nix +++ b/modules/options.nix @@ -1,4 +1,4 @@ -{config, lib, ...}: with lib; { +{ config, lib, ... }: with lib; { options.fsr.enable_office_bloat = mkOption { type = types.bool; default = false; diff --git a/modules/printing.nix b/modules/printing.nix index 71549fe..c99e4ae 100755 --- a/modules/printing.nix +++ b/modules/printing.nix @@ -2,7 +2,7 @@ { # Enable CUPS to print documents. - services= { + services = { printing.enable = true; printing.drivers = with pkgs; [ gutenprint @@ -18,19 +18,19 @@ ]; # set up Heiko hardware.printers.ensurePrinters = [ - { - description = "Drucker im FSR Buero"; - deviceUri = "dnssd://Kyocera%20ECOSYS%20M6630cidn._ipp._tcp.local/?uuid=4509a320-007e-002c-00dd-002507504ad0"; - location = "FSR Buero"; - model = "Kyocera ECOSYS M6630cidn KPDL"; - name = "Heiko"; - } - { - description = "Drucker im FSR Buero"; - deviceUri = "dnssd://Kyocera%20ECOSYS%20M6630cidn._pdl-datastream._tcp.local/?uuid=4509a320-007e-002c-00dd-002507504ad0"; - location = "FSR Buero"; - model = "Kyocera ECOSYS M6630cidn KPDL"; - name = "Heiko"; - } + { + description = "Drucker im FSR Buero"; + deviceUri = "dnssd://Kyocera%20ECOSYS%20M6630cidn._ipp._tcp.local/?uuid=4509a320-007e-002c-00dd-002507504ad0"; + location = "FSR Buero"; + model = "Kyocera ECOSYS M6630cidn KPDL"; + name = "Heiko"; + } + { + description = "Drucker im FSR Buero"; + deviceUri = "dnssd://Kyocera%20ECOSYS%20M6630cidn._pdl-datastream._tcp.local/?uuid=4509a320-007e-002c-00dd-002507504ad0"; + location = "FSR Buero"; + model = "Kyocera ECOSYS M6630cidn KPDL"; + name = "Heiko"; + } ]; } diff --git a/modules/wifi.nix b/modules/wifi.nix index 73ef969..561186e 100755 --- a/modules/wifi.nix +++ b/modules/wifi.nix @@ -3,10 +3,11 @@ # https://tu-dresden.de/zih/dienste/service-katalog/arbeitsumgebung/zugang_datennetz/wlan-eduroam # https://www.stura.htw-dresden.de/stura/ref/hopo/dk/nachrichten/eduroam-meets-nixos # -{ pkgs, config, ... }: -let +{ pkgs, config, ... }: +let password = "$(${pkgs.coreutils}/bin/cat /run/secrets/fsr_wifi_psk)"; -in { +in +{ networking = { wireless = { enable = true; diff --git a/modules/wiki.nix b/modules/wiki.nix index 2cdfa71..dee18f4 100644 --- a/modules/wiki.nix +++ b/modules/wiki.nix @@ -1,40 +1,42 @@ { config, pkgs, lib, ... }: { - sops.secrets.postgres_mediawiki.owner = config.systemd.services.mediawiki.serviceConfig.User; - services = { - mediawiki = { - enable = true; - name = "FSR Wiki"; - database = { - user = "mediawiki"; - type = "postgres"; - socket = "/var/run/postgresql"; - port = 5432; - name = "mediawiki"; - host = "localhost"; - passwordFile = config.sops.secrets.postgres_mediawiki.path; - createLocally = true; - }; - virtualHost = { - hostName = "wiki.quitte.tassilo-tanneberger.de"; - adminAddr = "root@ifsr.de"; - forceSSL = true; - enableACME = true; - }; - }; - postgres = { - enable = true; - }; + sops.secrets.postgres_mediawiki.owner = config.systemd.services.mediawiki.serviceConfig.User; + sops.secrets.mediawiki_initial_admin.owner = config.systemd.services.mediawiki.serviceConfig.User; + services = { + mediawiki = { + enable = true; + name = "FSR Wiki"; + passwordFile = config.sops.secrets.mediawiki_initial_admin.path; + database = { + user = "mediawiki"; + type = "postgres"; + socket = "/var/run/postgresql"; + port = 5432; + name = "mediawiki"; + host = "localhost"; + passwordFile = config.sops.secrets.postgres_mediawiki.path; + createLocally = false; + }; + virtualHost = { + hostName = "wiki.quitte.tassilo-tanneberger.de"; + adminAddr = "root@ifsr.de"; + forceSSL = true; + enableACME = true; + }; }; - systemd.services.mediawiki-pgsetup = { - description = "Prepare Mediawiki postgres database"; - wantedBy = [ "multi-user.target" ]; - after = [ "networking.target" "postgresql.service" ]; - serviceConfig.Type = "oneshot"; + postgresql = { + enable = true; + }; + }; + systemd.services.mediawiki-pgsetup = { + description = "Prepare Mediawiki postgres database"; + wantedBy = [ "multi-user.target" ]; + after = [ "networking.target" "postgresql.service" ]; + serviceConfig.Type = "oneshot"; - path = [ pkgs.sudo config.services.postgresql.package ]; - script = '' - sudo -u ${config.services.postgresql.superUser} psql -c "ALTER ROLE mediawiki WITH PASSWORD '$(cat ${config.sops.secrets.postgres_mediawiki.path})'" - ''; - }; -} \ No newline at end of file + path = [ pkgs.sudo config.services.postgresql.package ]; + script = '' + sudo -u ${config.services.postgresql.superUser} psql -c "ALTER ROLE mediawiki WITH PASSWORD '$(cat ${config.sops.secrets.postgres_mediawiki.path})'" + ''; + }; +} diff --git a/pkgs/server.nix b/pkgs/server.nix index 5c53811..8e80004 100755 --- a/pkgs/server.nix +++ b/pkgs/server.nix @@ -1,49 +1,50 @@ { lib -,pkgs -#, buildpythonApplication -#, buildPythonPackage -, fetchFromGitHub -#, fetchPypi +, pkgs + #, buildpythonApplication + #, buildPythonPackage +, fetchFromGitHub + #, fetchPypi }: let -dvb = pkgs.python39Packages.buildPythonPackage rec { - pname = "dvb"; - version = "1.2.0"; + dvb = pkgs.python39Packages.buildPythonPackage rec { + pname = "dvb"; + version = "1.2.0"; - src = fetchFromGitHub { - owner = "revol-xut"; - repo = "dvbpy"; - rev = "66c975f58b9f831ff6044aa65da58c3246938e5e"; - sha256 = "sha256-OzK9r6tyyjawdDzqrDw9CFh0lf8Bn11rJpQl60YCoT8="; + src = fetchFromGitHub { + owner = "revol-xut"; + repo = "dvbpy"; + rev = "66c975f58b9f831ff6044aa65da58c3246938e5e"; + sha256 = "sha256-OzK9r6tyyjawdDzqrDw9CFh0lf8Bn11rJpQl60YCoT8="; + }; + + doCheck = false; + propagatedBuildInputs = with pkgs.python39Packages; [ pyproj numpy requests ]; }; - doCheck = false; - propagatedBuildInputs = with pkgs.python39Packages; [ pyproj numpy requests ]; -}; + flask-misaka = pkgs.python39Packages.buildPythonPackage rec { + pname = "flask-misaka"; + version = "1.0.0"; -flask-misaka = pkgs.python39Packages.buildPythonPackage rec { - pname = "flask-misaka"; - version = "1.0.0"; + src = fetchFromGitHub { + owner = "singingwolfboy"; + repo = "flask-misaka"; + rev = "d960e512ac1ea16225d236984fcf130a46bb7b83"; + sha256 = "sha256-RYDD+Bj3+S2isTdccl04zvLjpbalQ5sqb3sYnUy1+bU="; + }; - src = fetchFromGitHub { - owner = "singingwolfboy"; - repo = "flask-misaka"; - rev = "d960e512ac1ea16225d236984fcf130a46bb7b83"; - sha256 = "sha256-RYDD+Bj3+S2isTdccl04zvLjpbalQ5sqb3sYnUy1+bU="; + doCheck = false; + propagatedBuildInputs = with pkgs.python39Packages; [ flask misaka ]; }; - doCheck = false; - propagatedBuildInputs = with pkgs.python39Packages; [ flask misaka ]; -}; - -in pkgs.python39Packages.buildPythonApplication rec { +in +pkgs.python39Packages.buildPythonApplication rec { pname = "fsr-infoscreen"; version = "2.1.0"; - src = fetchFromGitHub{ + src = fetchFromGitHub { owner = "fsr"; repo = "infoscreen"; rev = "43fb1fdc9dd15ccf40ef28b448ac6cfd51f32bc4"; @@ -52,8 +53,8 @@ in pkgs.python39Packages.buildPythonApplication rec { nativeBuildInputs = with pkgs; [ pkg-config python3Packages.wrapPython ]; propagatedBuildInputs = with pkgs.python39Packages; [ flask python-forecastio flask-misaka dvb ]; buildInputs = with pkgs.python39Packages; [ flask python-forecastio flask-misaka dvb ]; - pythonPath = with pkgs.python39Packages; [ flask python-forecastio flask-misaka dvb]; - + pythonPath = with pkgs.python39Packages; [ flask python-forecastio flask-misaka dvb ]; + installPhase = '' mkdir -p $out/build/middleware install -Dm755 middleware/infoscreen.py $out/build/middleware diff --git a/secrets/durian.yaml b/secrets/durian.yaml index 29dc4f5..72000bd 100644 --- a/secrets/durian.yaml +++ b/secrets/durian.yaml @@ -2,6 +2,7 @@ postgres_keycloak: ENC[AES256_GCM,data:Vi0NLjpYDvFGIYYL/VPdgOqAS51KXQynBFlBjK64e postgres_hedgedoc: ENC[AES256_GCM,data:VCoWXZbNGWfmorTNZRFWkDUp0B5JMmsA+bJFVrUREj0=,iv:fnSs3FOgmFn5/BqKTODpwIq023ZRMF8s/JiDyf2ZqkE=,tag:oit5sHf6QffhYYi/WJk5SQ==,type:str] hedgedoc_session_secret: ENC[AES256_GCM,data:uz7KggZqeZ2eqiCnOcnYh2I1p5BBXTQbC8PUhB2kM2U=,iv:aJDHKCPkccCT/OF6AGZMfRESNmoV9muGHbuCUfLQhH8=,tag:uEVXylpE8MSebqRr+4mQOw==,type:str] postgres_mediawiki: ENC[AES256_GCM,data:abxT4VB9c0YwqHI8OLvfLFjpJoLAoDNNE9ml58BpD2A=,iv:jn7e3oDWtADuK3o8x26uRbwruQ07zglMyXpThBV6uG0=,tag:9NF49KqdXoAgz8U/VWIKsg==,type:str] +mediawiki_initial_admin: ENC[AES256_GCM,data:V62NRMkQaXqHl4Jj69BNsprafEqszeoHiLWurexLuvs=,iv:aSZJLviR0Tt2RCeb22pPP4i/B4APNFvU1l8ipeNvER8=,tag:mWv8fN1RZwJHUqIxQonO8Q==,type:str] sops: kms: [] gcp_kms: [] @@ -17,8 +18,8 @@ sops: bzNnbFZnZnZiY0xsbVlvUStBblBMWGcK7HSz9iFQiH0BJ3etF09opJreBoBtiBZ0 L74EBGuEV4+dNWqY3QwAASmDYJJ8ocQMuAgctjsgstKBKUeOrkhDRg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2022-09-06T15:00:39Z" - mac: ENC[AES256_GCM,data:Arjto/Cl6wcF99jUOWGZB28NME4t68oYL0yGdjUMTUCU+CKz2Y2sX82ncb6JpRPrSEzzhFAiEqK0QuXvxrgPnBp7MH0+fS8rNa87LEVOoesDnv0pcCZQXxDsJypNMkzEz1aZVEr9U212vulbShyz8HKcGioy5fLSx98fTCpaK/c=,iv:Bng+AlN0rnkXwMNiOKR8dIa3cf1sT8xpC8CFV0/xods=,tag:cKfI0BVDCKtV1W8j9riP/w==,type:str] + lastmodified: "2022-09-06T15:14:55Z" + mac: ENC[AES256_GCM,data:jd8op8K6jIyzUwiCX/6I716EI903rVZIMIRvxM/8w+oxqNVwaKGgY8IwQ3psg9SsGg+Sq+CNrm0Rf58Urz9hUywk2z70k/u/+5qWO7qUUuHNpYDLCLsOQ/BjYN+ZDATVFaD2hC+xYfwNKQXPPRTnnZ8oQ4AgybkSmrnjC13GCyM=,iv:VWKZITb/6wZe5lkru93AL27Pf/o1OCOPC0neNRRY79U=,tag:W3SBWD4ypcJx3mgRdWSNug==,type:str] pgp: - created_at: "2022-08-16T13:01:34Z" enc: |