diff --git a/flake.lock b/flake.lock index 0010fcb..373e79f 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,63 @@ { "nodes": { + "course-management": { + "inputs": { + "flake-utils": "flake-utils", + "nixpkgs": [ + "nixpkgs" + ], + "poetry2nix": "poetry2nix" + }, + "locked": { + "lastModified": 1689111665, + "narHash": "sha256-JJgel8I08Py6zbmAviM4nEDcyJjcO+8TfbAXWp41IHA=", + "owner": "fsr", + "repo": "course-management", + "rev": "437205045f3836282ab948c6ab93d720fb3ce4d9", + "type": "github" + }, + "original": { + "owner": "fsr", + "repo": "course-management", + "type": "github" + } + }, + "flake-utils": { + "inputs": { + "systems": "systems" + }, + "locked": { + "lastModified": 1687709756, + "narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, + "flake-utils_2": { + "inputs": { + "systems": "systems_2" + }, + "locked": { + "lastModified": 1687709756, + "narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "kpp": { "inputs": { "nixpkgs": [ @@ -52,8 +110,31 @@ "type": "github" } }, + "poetry2nix": { + "inputs": { + "flake-utils": "flake-utils_2", + "nixpkgs": [ + "course-management", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1688440303, + "narHash": "sha256-hFfOyityHdVFI0HNM+sqZfpi9Fbvjvy0N9O7FjuqPWY=", + "owner": "nix-community", + "repo": "poetry2nix", + "rev": "04714155bae013fb9b207e54d1faf9f0c3d08706", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "poetry2nix", + "type": "github" + } + }, "root": { "inputs": { + "course-management": "course-management", "kpp": "kpp", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix" @@ -79,6 +160,36 @@ "repo": "sops-nix", "type": "github" } + }, + "systems": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } + }, + "systems_2": { + "locked": { + "lastModified": 1681028828, + "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", + "owner": "nix-systems", + "repo": "default", + "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", + "type": "github" + }, + "original": { + "owner": "nix-systems", + "repo": "default", + "type": "github" + } } }, "root": "root", diff --git a/flake.nix b/flake.nix index a27db65..a740401 100755 --- a/flake.nix +++ b/flake.nix @@ -6,8 +6,12 @@ kpp.url = "github:fsr/kpp"; kpp.inputs.nixpkgs.follows = "nixpkgs"; # fsr-infoscreen.url = github:fsr/infoscreen; # some anonymous strukturer accidentally removed the flake.nix + course-management = { + url = "github:fsr/course-management"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; - outputs = { self, nixpkgs, sops-nix, kpp, ... }@inputs: + outputs = { self, nixpkgs, sops-nix, kpp, course-management, ... }@inputs: { packages."x86_64-linux".quitte = self.nixosConfigurations.quitte-vm.config.system.build.vm; packages."x86_64-linux".default = self.packages."x86_64-linux".quitte; @@ -19,6 +23,7 @@ modules = [ inputs.sops-nix.nixosModules.sops inputs.kpp.nixosModules.default + course-management.nixosModules.default ./hosts/quitte/configuration.nix ./modules/options.nix ./modules/base.nix @@ -38,6 +43,7 @@ ./modules/matrix.nix ./modules/mautrix-telegram.nix ./modules/sogo.nix + ./modules/course-management.nix { fsr.enable_office_bloat = false; fsr.domain = "staging.ifsr.de"; diff --git a/modules/course-management.nix b/modules/course-management.nix new file mode 100644 index 0000000..65940f2 --- /dev/null +++ b/modules/course-management.nix @@ -0,0 +1,50 @@ +{ config, lib, pkgs, ... }: +let + hostName = "kurse.${config.fsr.domain}"; +in +{ + sops.secrets = + let inherit (config.services.course-management) user; + in { + "course-management/secret-key".owner = user; + "course-management/adminpass".owner = user; + }; + + services.course-management = { + inherit hostName; + enable = true; + + settings = { + secretKeyFile = config.sops.secrets."course-management/secret-key".path; + adminPassFile = config.sops.secrets."course-management/adminpass".path; + admins = [{ + name = "Root iFSR"; + email = "root@${config.fsr.domain}"; + }]; + database = { + ENGINE = "django.db.backends.postgresql"; + NAME = "course-management"; + }; + email = lib.mkDefault { + fromEmail = "noreply@${config.fsr.domain}"; + serverEmail = "root@${config.fsr.domain}"; + }; + }; + }; + + services.postgresql = { + enable = true; + ensureUsers = [{ + name = "course-management"; + ensurePermissions = { + "DATABASE \"course-management\"" = "ALL PRIVILEGES"; + }; + }]; + ensureDatabases = [ "course-management" ]; + }; + + services.nginx.virtualHosts.${hostName} = { + enableACME = true; + forceSSL = true; + }; +} diff --git a/secrets/quitte.yaml b/secrets/quitte.yaml index 2c2add9..91111d1 100644 --- a/secrets/quitte.yaml +++ b/secrets/quitte.yaml @@ -17,6 +17,9 @@ mediawiki: ldapprovider: ENC[AES256_GCM,data:CPsrWmUviUpFIVVN/2a1lRjJCoZCWR9zrHm3T5Tv/YuXSYXStZGfBgXN96zhJUUpZcwiJq95o1sajyit+6itZCcGAPu0BTHSnNXRu1fgifonXE0ghw6rvzwkYpfBS+rfmBcG2wxX+7uZG3ulANYpvvGMxpKgM5IzQjE1sAytRDir6QeMGcFHP2gV4xQAdTNUZK2V+EKOlrcV5vTSzDSy3eXg18TVUgZqdxaQFfwnr2UN0eEEZ4Dn83G3QWsROZ0A7R3tuEmdAzmR8AdWBxfqCcOA8vZaOIOWb1AyobLCUaqQOj/SbGdgehMOQn1UcbRHpYQ2E9mvxD572uc/U5kzy/TbOLM34pkvckNrGfxwvqwbvXZrVP3gONY5CnJpk5XfVdT5Au/uwE5ZRs83ZEx31+85mpK3HecyBWRfWID0z2XS8PAU6G7ASQsXCh6sd5LFhL7zhxBQ4ENjT8pDi0OLYvw9VzPhPrdzooULeMytGitVWRtLsSzCn/D+U4x6EJLivLW6jv9SAIKg54fAjNEBYHh7GuHbr/VGtmiWKj6av2e3/BLgPOIyINzNv+X5QSsopZ2/yamPs+ARTOqAZvSyRgqereYoLZ5ZV15jIWiGc7HVfj/+Bk7cN4+VwFhzSuttp1DmvNNIWueeX69rdSqe41Y2lqKZ4ajOSIJ+YLP/dR0wvrVbd7QSP2OVRAnMugmeekbIuyIKPNsNJ183Z4y1m/ihIdRAzLnjSYuYCdWw3LXl5gM0ZTtGb7K+cIYcyJrS3fcaErDmqyI/LJoXNTo5CJI=,iv:ycKt8/awCo3HoO6Oa8H77GH9+m+xgR4kiXb7Cbf0wSY=,tag:b6pBoZs+E4CP+V9oZXrcoQ==,type:str] postfix_ldap_aliases: ENC[AES256_GCM,data:kpffdciWI08Of2fm2B1lZ4rOYIhWtoBTnpU1N0iwiStA81Yl/NMDgHDCVv79XY6SuFTCBd6npKNz/0ibBy1WDSrDQymV5MIUmWVPwLcBSNMjD0d69PJYdUDVLmyhNkjB2hEL9JaH1PiO4iBM5y9yZx1LT+zlauAZEJPFgO/MvjkMknHZPKnRpBtT8wKTWTYUtBvzQtlACLKdIF0t37Q2DZAMtWrAgsrH811zUbsxJbYDInvNDPDHZHS+ZfF0Q1vXDLWUm+zZij6KRAJdOuEU9dyzhU/t93+LO9zKADwyF1Xk+2Uh,iv:cEui6fcDDINpUUcLZxGwPBMP1PjQVNMdScgaWdnIJ80=,tag:/7/mZckPJ7YLuJMp/BqbOQ==,type:str] mautrix-telegram_env: ENC[AES256_GCM,data:2p5vYV+/vEDrrZItTcT1vxddv2tM7dLGBUmG+OXHccTzJ2UhyYpDGgUMr5KgObxvyssYBZTsvbV7QFN3sjcU/jVPx1qEUn6zyKO0HBQjrviVU3urx5zNOnCEHwDKyDrZ1Hu/CE6lpGNrtGlpewgOs/+84JZIZhC9qSuzDhN38sr4OGfMr29fMzafYC+TGHoZyA64GI9xz0KvXhwg6ci1hLtVWYEOFW2Nf8uLY8qkNLuDzA6bYx8rn3CEXoxiv0n4,iv:jmcWTyVkqu9nDc1ws2NxkMKrHPZ13i3jqDkk4Y0kejw=,tag:BjhmPc4lSbsZBmZ/q2CqGg==,type:str] +course-management: + secret-key: ENC[AES256_GCM,data:3WwhgZ+ElLOdEgdy/EoOL1vqkcXfnOnUZMKUsD9rd7I=,iv:eMo7HeOkSPGpCbLMi/6XoD4MXd27OageRsz70lyXNf0=,tag:u3H9BSv+7lasnBl29l8o3Q==,type:str] + adminpass: ENC[AES256_GCM,data:WUDsz3S88y590oStJinwukT8hJ+0dJ9/To1pDUWEN6o=,iv:5VSZohH2l/RNTNaWqMd9Y0JlSs7Cg1TRbeTR+OKhedA=,tag:LagNEUEKhNXIRKNwjmizbQ==,type:str] sops: kms: [] gcp_kms: [] @@ -32,8 +35,8 @@ sops: NEJBTHE2end1RDlHRTNFYlZjTjhib2cKmQRHpBKZ2DbQ5CfOwcSPfZAm9fnnpxUk +LcR8haK//O3N2uNf9etDW3VsT5ipPucCdFU1m/v9L5tcN6ZP8WP+w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-07T08:54:55Z" - mac: ENC[AES256_GCM,data:JlITbCiRVYkS9wWLxAOX3ZUtgtmBFiS4JeNt+3/prTScPVC3cqhZPx6UWfPh8hzS1NZGSJEy9J2roWm1DEZnj73cRmjwROAx/RiiGXJIkfxgUik4HFleIpKuOJ31Jkvl7m+YaEcgNail+KakKSy7H3Jf21Qu08fLGrN3kwt+JUA=,iv:GtuJrjnId9aU5f9o5hGYMNBN5FRB1OSLWCp9zFimhzA=,tag:RTL70JdR4C0UhXnMH01LPQ==,type:str] + lastmodified: "2023-07-11T22:22:39Z" + mac: ENC[AES256_GCM,data:5H6TIgrD0hTICCzo+nOlwbF1wjtFNiLYcW3QBkzQpFPgz3VwHV436kHnu6ns3IJIzpMdxEHDFxN6xKaYBtwiAdHwZLrP05H3443/jr6+z0EseQ0IG2Jq6bbhro1z1W+/165xKV6AYMxulQ1d4CyMD1/u1hqoVtd5KXUNJdJwSDw=,iv:OlFokFfHGMBy2aTB73kPf2TohuOkCT6mdBelvLaEOCQ=,tag:JUyj7wjBY3HUw9Nug/Iqgg==,type:str] pgp: - created_at: "2023-04-23T17:48:54Z" enc: | diff --git a/secrets/test.yaml b/secrets/test.yaml index 7696999..4da7f02 100644 --- a/secrets/test.yaml +++ b/secrets/test.yaml @@ -16,7 +16,10 @@ mediawiki: initial_admin: ENC[AES256_GCM,data:YRd3O5774NTmshxbQPbFjg==,iv:/Ra3WbZKcnUMf99ujN9qd/+DkOkFKv4cIEfUdmxpqMw=,tag:gj7ZbwIB1HLuPpGTgiz7Vg==,type:str] ldapprovider: ENC[AES256_GCM,data:dVrCFVgm4BDtUhcj9rSKXwnaIKsC5GGsDUoPJH1q5F4inskuSbFigcLM/UJFNOcr5R1dL+mYUOvnmIcoWA5AsuFKs3NzSYJVtVAm0x7vYSkHnfXu93V2F8Lc1xX/kZrFfnmNUXwhv2I+hknPUApY7wpmZOdk9NLKv4tbsgVTbfmR/WM6soOurh3b6b4cknfxqSeLZLeOIKL5WL8842t5SethyCfPsCm74JCpwHmflkCyT/lzIP1Kghab+xGWWyN9OAENlDZrJE6VAdctR+MKYZnhA7dXKeQPjKii9MZsDYFYTL5YDRysam4r7Jog/fozgWkXNrCUan29efnnBwpLz5hgV1MguIpvU8ccDQLNvgJCOdp6FgH45ZRlCxx29EWzh9iTDGPqmNsctUknFdfUVfIg9ziz/97i/kGcwy5N1oOsoUf7iRj5zLyLP6OlXGNThowF4jlNdI2b+caQGz7H6ZkJfUPWULotBUrjxrZo3pSYRkpJ77xbGUZf35ysxTHpfsmhyyO9HRhhgNkilEHlcsi8u+AC0su+Htg/Io332tSX+W6Gj6R6Q23hQ0gf8on5Y2xx34ysobEh8cMS4+Kj0nwasMHjW70g3qWpKkG1LSOIgXiA7hcusGCo8xPZ1y3gIyRiTxVTPJHh63Ecd0O37P4NWVSKEpsIM5pkngMN5L5K/ymtZ0kjREX2q4qpXf2xJiTTdAkeTMcmDs9HHjOzIIynYouY7P6qdXUpXjyGwqfovmnIv5icQ6sqFA==,iv:sPRnnIEif6W1SPy5SKiUuY681HeLPcR19U4p1mdUGdc=,tag:zeMdtTRk8ULP4GYDQLIU7A==,type:str] mautrix-telegram_env: ENC[AES256_GCM,data:vqHmM3mRrIYMT4760sglAlBZoOb7siqx3alvQE5rpq8z6FgOqJxHqGaN1quhpAVVe9ugtlvezVh8eSFX+45Y5rtqJ7iylxmC+y8JGsyLIflf674Si7h07bedCcT0wBg1ioI/JILDwICiAf0=,iv:BAPKiVt2l3E7z1Wk9ky6WFYr6hn62d+X5r0NMdUYwJQ=,tag:CRddpVMHQLwhwUF1hn0JKA==,type:str] -postfix_ldap_aliases: ENC[AES256_GCM,data:cpMrQE7cQafsB+cBJWhj+XrMKntZvYle19d4JojAoLKXT/D7XauR6IPYhiT+X3g6iQI1HZ6BGbEp9CnhK3KvPdx5R7S6vs0wZYdcRHh0HImI1P/j6ffALlYTVojJ7AazDM/DEf53+qndbU1sqykjAOhXRkBfZnlDLooETuPsRpLL/4ZE1NuntVyKLlG/u10/moUgS/Gsrkk0K7ns5WFJjUcQq8P9gakc9mcJw32DHTiVV0UbZoFqkMI3LD7zFr17klXtKYYWcOcH5ZGmJax1X+PaAzogOf2/JFVNSae2Uvk=,iv:eSE+ADQI9QeN083ECwcekPJIKGEImoJrP7b/JSemDkY=,tag:g9V3ZDXi1x0wNVvGyA/wnQ==,type:str] +postfix_ldap_aliases: ENC[AES256_GCM,data:L77Si6Try9Jf+Bk6cg3kAafk1PcFN2WmfMaXFZ9fOgXVMjHDfRhFcFvOnrutY6K1vg1cChwIT7qW7FAxvfxL+0wkWRi8uZbHkaHpa4OXXWCiLch1aZFDArLm08NZgj6Wxtl3J7bF8KCy4ZP3fKCxWYL+uzBWCJiIgJP4AK+7cg11CqwJrooPDV11ESIdFX5jxpC1YB1k9gu7t1WB1mdbtypPWX1PRB+Y1k+E7YeNA4x6CFNhAlsy7C8eoX7PVYGy8yFmY86E4smo7qk+KEZj/JBL4o96MhwIIgEnpQE0NPtX1/lHCRo/jn4=,iv:l74DznC3qOINA9/qVKpU+67XYVFNBhtLnPfp4YeeDLM=,tag:0j0Xj5lmKKCt2s+3Uj+Y2g==,type:str] +course-management: + secret-key: ENC[AES256_GCM,data:L0VppGYIv39coA==,iv:sR/bQ/z7idP0co1JmGs2S8MJZJaVUvfAYWE0yFuowKM=,tag:7ilRRmnD2gfsv6bYGiw2zA==,type:str] + adminpass: ENC[AES256_GCM,data:uFphxfMJvxo0,iv:6k/XroVJ8v04gJM+Lo5mY/mV41Cf4vjBFVmXCbfzqQ8=,tag:x0MWUb3RWZt5nh717trwkw==,type:str] sops: kms: [] gcp_kms: [] @@ -32,8 +35,8 @@ sops: MERVUkh2ck9YWnJ5TXJDVmxpem1kTXMKCeOyjV/se1nRXsi15m/3i48hP7As6SEk ygtLt+UueHStX/b/OzrXk8IC5dj/mARGIJI5S61IKln6SZFbJGT6cQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-07-04T07:48:57Z" - mac: ENC[AES256_GCM,data:eJH7Ng7qBO8XtKjAn2grHYlgOhivsD20QqFrUXncte8REpcUac7Td3OSogjXdky7DLhk9Pw0HML/fUu3DmtSFpdPkfg+kpprRXIK8QjYCB3OlDVqsnZiDkUitELtonNLddUKPOJW8B6EOiLPFyESJzBKGA0NqY7GVVFe7JSI1P4=,iv:G0ug1InP53pWOcVFTkhEa1l3HLS3w8RDZi3HXSBK9/8=,tag:cDwqTw4z0ideXewB/M0hHg==,type:str] + lastmodified: "2023-07-11T22:22:26Z" + mac: ENC[AES256_GCM,data:IeaIejtLIrrvlOTKJhRs59WCcRfgd+GNATToi9EdzZLz+Fde1sWwOFHCJiq1/telws38bGjN9LmaSy/JucQS8tGMe4Hh5baz/bW0gGP4s1Q96wytwou4fWBHc7mtlDko+F2lygHJ/JAy4ZA8Cev/d7KhPo1EV48x/WI1Mg5rDeI=,iv:GXXcZT0m2qo3tBUknBbJKDLuu+qdllNG8mFfyVX/wmY=,tag:z3Z40dfFI4TfdMQIM78p1g==,type:str] pgp: - created_at: "2022-11-18T16:37:58Z" enc: |