wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

Merge branch 'main' into vaultwarden

Browse source
This commit is contained in:
Rouven Seifert 2023-07-12 15:54:36 +02:00
parent c0266785cd 8d84f387f5
commit d7e85c3d43
Signed by: rouven.seifert
GPG key ID: B95E8FE6B11C4D09
5 changed files with 180 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

111
flake.lock
View file

@ -1,5 +1,63 @@
{
"nodes": {
"course-management": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"poetry2nix": "poetry2nix"
},
"locked": {
"lastModified": 1689111665,
"narHash": "sha256-JJgel8I08Py6zbmAviM4nEDcyJjcO+8TfbAXWp41IHA=",
"owner": "fsr",
"repo": "course-management",
"rev": "437205045f3836282ab948c6ab93d720fb3ce4d9",
"type": "github"
},
"original": {
"owner": "fsr",
"repo": "course-management",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1687709756,
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1687709756,
"narHash": "sha256-Y5wKlQSkgEK2weWdOu4J3riRd+kV/VCgHsqLNTTWQ/0=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "dbabf0ca0c0c4bce6ea5eaf65af5cb694d2082c7",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"kpp": {
"inputs": {
"nixpkgs": [
@ -52,8 +110,31 @@
"type": "github"
}
},
"poetry2nix": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": [
"course-management",
"nixpkgs"
]
},
"locked": {
"lastModified": 1688440303,
"narHash": "sha256-hFfOyityHdVFI0HNM+sqZfpi9Fbvjvy0N9O7FjuqPWY=",
"owner": "nix-community",
"repo": "poetry2nix",
"rev": "04714155bae013fb9b207e54d1faf9f0c3d08706",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "poetry2nix",
"type": "github"
}
},
"root": {
"inputs": {
"course-management": "course-management",
"kpp": "kpp",
"nixpkgs": "nixpkgs",
"sops-nix": "sops-nix"
@ -79,6 +160,36 @@
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",

8
flake.nix
View file

@ -6,8 +6,12 @@
kpp.url = "github:fsr/kpp";
kpp.inputs.nixpkgs.follows = "nixpkgs";
# fsr-infoscreen.url = github:fsr/infoscreen; # some anonymous strukturer accidentally removed the flake.nix
course-management = {
url = "github:fsr/course-management";
inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, sops-nix, kpp, ... }@inputs:
};
outputs = { self, nixpkgs, sops-nix, kpp, course-management, ... }@inputs:
{
packages."x86_64-linux".quitte = self.nixosConfigurations.quitte-vm.config.system.build.vm;
packages."x86_64-linux".default = self.packages."x86_64-linux".quitte;
@ -19,6 +23,7 @@
modules = [
inputs.sops-nix.nixosModules.sops
inputs.kpp.nixosModules.default
course-management.nixosModules.default
./hosts/quitte/configuration.nix
./modules/options.nix
./modules/base.nix
@ -39,6 +44,7 @@
./modules/mautrix-telegram.nix
./modules/sogo.nix
./modules/vaultwarden.nix
./modules/course-management.nix
{
fsr.enable_office_bloat = false;
fsr.domain = "staging.ifsr.de";

50
modules/course-management.nix Normal file
View file

@ -0,0 +1,50 @@
{ config, lib, pkgs, ... }:
let
hostName = "kurse.${config.fsr.domain}";
in
{
sops.secrets =
let inherit (config.services.course-management) user;
in {
"course-management/secret-key".owner = user;
"course-management/adminpass".owner = user;
};
services.course-management = {
inherit hostName;
enable = true;
settings = {
secretKeyFile = config.sops.secrets."course-management/secret-key".path;
adminPassFile = config.sops.secrets."course-management/adminpass".path;
admins = [{
name = "Root iFSR";
email = "root@${config.fsr.domain}";
}];
database = {
ENGINE = "django.db.backends.postgresql";
NAME = "course-management";
};
email = lib.mkDefault {
fromEmail = "noreply@${config.fsr.domain}";
serverEmail = "root@${config.fsr.domain}";
};
};
};
services.postgresql = {
enable = true;
ensureUsers = [{
name = "course-management";
ensurePermissions = {
"DATABASE \"course-management\"" = "ALL PRIVILEGES";
};
}];
ensureDatabases = [ "course-management" ];
};
services.nginx.virtualHosts.${hostName} = {
enableACME = true;
forceSSL = true;
};
}

9
secrets/quitte.yaml
View file

@ -14,10 +14,13 @@ rspamd-password: ENC[AES256_GCM,data:bOW6eAwr18Guq+BQt68It6O6i3aAthDv1ANZ02Q8zAZ
mediawiki:
postgres: ENC[AES256_GCM,data:XRfUc2PRMJcoILAnm5MWr2Cg5u4e/IhGMUnz/oIQSzY=,iv:8U+qlD1SQzxUyD/6QK4SdwRCDyMODK/lP0IDrLlcQ4U=,tag:2spNMj9dY2wWilOusq24yQ==,type:str]
initial_admin: ENC[AES256_GCM,data:iET5rz9rygx49NDBjKwqAlRgpeS+jq5iM5zmjnoKcyk=,iv:11iDbCrpzjCdyAB22R8NknJ6vzcpVZXCXB3iWsGWXw0=,tag:1RCyg1ysOWaXKdqqdHqRrw==,type:str]
ldapprovider: ENC[AES256_GCM,data:XQwNas9UF+rtbtBVCXGiouRO+fATgU51558ttWPTthOeAiCbpdxQvrAosLsXg7b304S9s+Bp2pY1jHuDSbZVmqa4NIgzAeEcmJfrwtCbP2++vZmkPwQOSv7F18eRE+l154GMZyOcEpwXtrFb+zL4R65Op+38f0vQRCWNBKVrjBPxdYt0etFP1TjwWleiZ3ywLNNcsHqg1FqSoPyNxigXT4ZUVSC9pk/Z/FHnTcCydaXI9M3ab4pHZVsiyfELlp7fXoG/pq3bTgTPtLLUavYrL9vLK6bxE+JkCiDq8+y5qAkIexXiMC0LKKGm0yQKHPW3gAp5W7YRrim0Ke4SZmp5F+Ktsu4MRsq2ffbv+H0sOPno4OmCI6C8Zmuf6PUF25AgmjIkg/tFElWMfbEGmIKIAputiNnZbgO5f0uvGMXK7CsrwkDi/Uo0ClGsCrw/TksHvjg2bv7wfGj9BAujURzixNWsd4R8X0LOCYRNRbYn078lAobCaxJgGYxVvn8q/+8hPWQGsQl3awmfTx0skt7dyA/E9ElU/mV/Q/HHCto9Zcl2NdVMi2/njPjaLhZ90YQybU0DhVnC8XTyRmNEK4wlbpANsM0cjf2QA3WGOvW/8Bujv1SwDFMJFeyREzOBF715PaxKVcjm5kU6H+gpoWU1E95iBWnuuy4acDi9Ei2tfKRrkC5LV16tUywwKuyJkKsm6mPunvvzVNVc+URFKbrcEDeHsZhq5hopWDRoUCuBT4TBqp+kzhlte2HVcIod+MB7aQOMddAjsPyqEwSsDD/pAX8=,iv:c50bBkXgl6zJPyAawGG4W37x8JSW8Hv0dcBCFhTL8e8=,tag:WAc55Icpinx/LPT3CoteXw==,type:str]
ldapprovider: ENC[AES256_GCM,data:ant/hUgh5hZLC/tNidAGfszlQz6CNlFwAG2JdsGG+2yW99MAd2vGiim4ApFZ0Ios42jXjzFYO1/xepCu67gFCIX7qvhRiBTFCPNe7j3SrnWa4x8KPLNBmz72A7Slk4pKBRSTyQJGm/8S6cLqlU3ieUB7gBUiDGFKpgLk+j0WV4PSie6TFy/9G1S6hs6PI5ZUnbogtj+9x03Anv/7Nc68EUtrAVAtZ4V9QYJjoNV88LRZhAe3Pe9pLEBKUsv6ve9CH1EtYBRY3e2ptWhBxaO7a/JN6WBlWTfRAe5xT7u+f8JHQz3Th7HSnOuTyJbGJmdVqRK6ajFsNl8NN26x5SfU33cS97FuAdpy6PXATC5z8w+sBIyF4qLeW+pJ/vG9RE5aRXmiy/iI5AYw2kA2o/fqq0cVT6LJR2Oa+yeLiXxA5S2LHVrA3F9UXXgI3udROGGyl/17FKJTuwlPc4Rw61ByUS1FBoP8pL0HuXN4se0bwK4Sj/LNHKVserwCE+dzv3Sir2zFzCoY0TmaVVu606BB5FVmvnpizzD87DRR8leEz/fl55IHfcAKQ9llnjbE+PDNCIlT2MSbQGhqUTtoylPZP5GchgaAsrimigNLPb5nHaLeKNuo9hcQGsMzNZSTzrS5R10Ra+xgef5SjY3xkHZiMO4meEuVytLiJAVxwSVvOxgR9HEkZpWvyI6tmObuQRIvEzM8hCTVlVC/C4x/q/k/I8Hx3SUI+M/O7kjrVJunuXsa5z4cdoshpHyEA1dJosjDvQh3i8rcXzn3fIWuxwM0Xx8=,iv:n2XOs6F7kuMmjPCc14s2MQl37vjVTtmAVkYQp7kqjgc=,tag:vBOfDoOjnoBzzSdwC7yDDA==,type:str]
postfix_ldap_aliases: ENC[AES256_GCM,data:kpffdciWI08Of2fm2B1lZ4rOYIhWtoBTnpU1N0iwiStA81Yl/NMDgHDCVv79XY6SuFTCBd6npKNz/0ibBy1WDSrDQymV5MIUmWVPwLcBSNMjD0d69PJYdUDVLmyhNkjB2hEL9JaH1PiO4iBM5y9yZx1LT+zlauAZEJPFgO/MvjkMknHZPKnRpBtT8wKTWTYUtBvzQtlACLKdIF0t37Q2DZAMtWrAgsrH811zUbsxJbYDInvNDPDHZHS+ZfF0Q1vXDLWUm+zZij6KRAJdOuEU9dyzhU/t93+LO9zKADwyF1Xk+2Uh,iv:cEui6fcDDINpUUcLZxGwPBMP1PjQVNMdScgaWdnIJ80=,tag:/7/mZckPJ7YLuJMp/BqbOQ==,type:str]
mautrix-telegram_env: ENC[AES256_GCM,data:2p5vYV+/vEDrrZItTcT1vxddv2tM7dLGBUmG+OXHccTzJ2UhyYpDGgUMr5KgObxvyssYBZTsvbV7QFN3sjcU/jVPx1qEUn6zyKO0HBQjrviVU3urx5zNOnCEHwDKyDrZ1Hu/CE6lpGNrtGlpewgOs/+84JZIZhC9qSuzDhN38sr4OGfMr29fMzafYC+TGHoZyA64GI9xz0KvXhwg6ci1hLtVWYEOFW2Nf8uLY8qkNLuDzA6bYx8rn3CEXoxiv0n4,iv:jmcWTyVkqu9nDc1ws2NxkMKrHPZ13i3jqDkk4Y0kejw=,tag:BjhmPc4lSbsZBmZ/q2CqGg==,type:str]
vaultwarden_env: ENC[AES256_GCM,data:X8wdQSieXfgNUqtoFRgz43jsWyrUQ1wxsM9L5iHoE8YFR5O6SzfAcjMsr4I0r2t5by/C4YorVsN5GQKyyVWS4SwelTT3UmFX89/pAUnAsUqeBZENOPEWiLNJnC3R3Xic6B1tu0OsX1X9RxR/X9EQJf/MIEdiNfhXKBxy7gZ0tDsDyze5/ZGVJX8=,iv:foByTYQw1KnB1MmwSQqmwza9PJJmdYdZbIHKrZ9vog4=,tag:8VTcOSefWmyd8ozGXHbklw==,type:str]
course-management:
secret-key: ENC[AES256_GCM,data:3WwhgZ+ElLOdEgdy/EoOL1vqkcXfnOnUZMKUsD9rd7I=,iv:eMo7HeOkSPGpCbLMi/6XoD4MXd27OageRsz70lyXNf0=,tag:u3H9BSv+7lasnBl29l8o3Q==,type:str]
adminpass: ENC[AES256_GCM,data:WUDsz3S88y590oStJinwukT8hJ+0dJ9/To1pDUWEN6o=,iv:5VSZohH2l/RNTNaWqMd9Y0JlSs7Cg1TRbeTR+OKhedA=,tag:LagNEUEKhNXIRKNwjmizbQ==,type:str]
sops:
kms: []
gcp_kms: []
@ -33,8 +36,8 @@ sops:
NEJBTHE2end1RDlHRTNFYlZjTjhib2cKmQRHpBKZ2DbQ5CfOwcSPfZAm9fnnpxUk
+LcR8haK//O3N2uNf9etDW3VsT5ipPucCdFU1m/v9L5tcN6ZP8WP+w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-12T13:51:19Z"
mac: ENC[AES256_GCM,data:4x8MICw4ruTQEtYNupP+TwA6hFa3s8w4YXwcTl7tE+G0N15omTADr4cUQ4K9wbi2btY+ITMmWX9Pj9viwyeLupozylUgYyK39EuKBYRyPIMLMqVloJ0hjpHUpL9BVIgyl7COZQ6oKe6sp+bPCRKnuXmmYzYc5sqG6C1BKnU6pdU=,iv:iItvAED0wnbCBa9CzLq3TFC0cDyWX9WK1rIm92XZknI=,tag:MV6eZ21WZz98nxxSTBHNrQ==,type:str]
lastmodified: "2023-07-12T13:54:25Z"
mac: ENC[AES256_GCM,data:RM7WaIdA96ou62K5/oCqa74+F6PmYqRfOgNwdH5oDULwCj8ZLkn9VUVKuLWLbxbg5BqDJLDqquzelHJfftekSfwIqbpKSFrXpUKmic108OxE311t52Wu4wE4ieFii5c32A+E5Iu8/EbW95xQBZwKG24aZEJz9GvIdRShzF478h0=,iv:zHx2CL5Malq5cWPEqy2PZA9pkOWPBpRPAVnldlAzN60=,tag:RQo0BD/0vHnS2tH+ODIUZw==,type:str]
pgp:
- created_at: "2023-04-23T17:48:54Z"
enc: |

9
secrets/test.yaml
View file

@ -16,7 +16,10 @@ mediawiki:
initial_admin: ENC[AES256_GCM,data:YRd3O5774NTmshxbQPbFjg==,iv:/Ra3WbZKcnUMf99ujN9qd/+DkOkFKv4cIEfUdmxpqMw=,tag:gj7ZbwIB1HLuPpGTgiz7Vg==,type:str]
ldapprovider: ENC[AES256_GCM,data:dVrCFVgm4BDtUhcj9rSKXwnaIKsC5GGsDUoPJH1q5F4inskuSbFigcLM/UJFNOcr5R1dL+mYUOvnmIcoWA5AsuFKs3NzSYJVtVAm0x7vYSkHnfXu93V2F8Lc1xX/kZrFfnmNUXwhv2I+hknPUApY7wpmZOdk9NLKv4tbsgVTbfmR/WM6soOurh3b6b4cknfxqSeLZLeOIKL5WL8842t5SethyCfPsCm74JCpwHmflkCyT/lzIP1Kghab+xGWWyN9OAENlDZrJE6VAdctR+MKYZnhA7dXKeQPjKii9MZsDYFYTL5YDRysam4r7Jog/fozgWkXNrCUan29efnnBwpLz5hgV1MguIpvU8ccDQLNvgJCOdp6FgH45ZRlCxx29EWzh9iTDGPqmNsctUknFdfUVfIg9ziz/97i/kGcwy5N1oOsoUf7iRj5zLyLP6OlXGNThowF4jlNdI2b+caQGz7H6ZkJfUPWULotBUrjxrZo3pSYRkpJ77xbGUZf35ysxTHpfsmhyyO9HRhhgNkilEHlcsi8u+AC0su+Htg/Io332tSX+W6Gj6R6Q23hQ0gf8on5Y2xx34ysobEh8cMS4+Kj0nwasMHjW70g3qWpKkG1LSOIgXiA7hcusGCo8xPZ1y3gIyRiTxVTPJHh63Ecd0O37P4NWVSKEpsIM5pkngMN5L5K/ymtZ0kjREX2q4qpXf2xJiTTdAkeTMcmDs9HHjOzIIynYouY7P6qdXUpXjyGwqfovmnIv5icQ6sqFA==,iv:sPRnnIEif6W1SPy5SKiUuY681HeLPcR19U4p1mdUGdc=,tag:zeMdtTRk8ULP4GYDQLIU7A==,type:str]
mautrix-telegram_env: ENC[AES256_GCM,data:vqHmM3mRrIYMT4760sglAlBZoOb7siqx3alvQE5rpq8z6FgOqJxHqGaN1quhpAVVe9ugtlvezVh8eSFX+45Y5rtqJ7iylxmC+y8JGsyLIflf674Si7h07bedCcT0wBg1ioI/JILDwICiAf0=,iv:BAPKiVt2l3E7z1Wk9ky6WFYr6hn62d+X5r0NMdUYwJQ=,tag:CRddpVMHQLwhwUF1hn0JKA==,type:str]
postfix_ldap_aliases: ENC[AES256_GCM,data:cpMrQE7cQafsB+cBJWhj+XrMKntZvYle19d4JojAoLKXT/D7XauR6IPYhiT+X3g6iQI1HZ6BGbEp9CnhK3KvPdx5R7S6vs0wZYdcRHh0HImI1P/j6ffALlYTVojJ7AazDM/DEf53+qndbU1sqykjAOhXRkBfZnlDLooETuPsRpLL/4ZE1NuntVyKLlG/u10/moUgS/Gsrkk0K7ns5WFJjUcQq8P9gakc9mcJw32DHTiVV0UbZoFqkMI3LD7zFr17klXtKYYWcOcH5ZGmJax1X+PaAzogOf2/JFVNSae2Uvk=,iv:eSE+ADQI9QeN083ECwcekPJIKGEImoJrP7b/JSemDkY=,tag:g9V3ZDXi1x0wNVvGyA/wnQ==,type:str]
postfix_ldap_aliases: ENC[AES256_GCM,data:L77Si6Try9Jf+Bk6cg3kAafk1PcFN2WmfMaXFZ9fOgXVMjHDfRhFcFvOnrutY6K1vg1cChwIT7qW7FAxvfxL+0wkWRi8uZbHkaHpa4OXXWCiLch1aZFDArLm08NZgj6Wxtl3J7bF8KCy4ZP3fKCxWYL+uzBWCJiIgJP4AK+7cg11CqwJrooPDV11ESIdFX5jxpC1YB1k9gu7t1WB1mdbtypPWX1PRB+Y1k+E7YeNA4x6CFNhAlsy7C8eoX7PVYGy8yFmY86E4smo7qk+KEZj/JBL4o96MhwIIgEnpQE0NPtX1/lHCRo/jn4=,iv:l74DznC3qOINA9/qVKpU+67XYVFNBhtLnPfp4YeeDLM=,tag:0j0Xj5lmKKCt2s+3Uj+Y2g==,type:str]
course-management:
secret-key: ENC[AES256_GCM,data:L0VppGYIv39coA==,iv:sR/bQ/z7idP0co1JmGs2S8MJZJaVUvfAYWE0yFuowKM=,tag:7ilRRmnD2gfsv6bYGiw2zA==,type:str]
adminpass: ENC[AES256_GCM,data:uFphxfMJvxo0,iv:6k/XroVJ8v04gJM+Lo5mY/mV41Cf4vjBFVmXCbfzqQ8=,tag:x0MWUb3RWZt5nh717trwkw==,type:str]
sops:
kms: []
gcp_kms: []
@ -32,8 +35,8 @@ sops:
MERVUkh2ck9YWnJ5TXJDVmxpem1kTXMKCeOyjV/se1nRXsi15m/3i48hP7As6SEk
ygtLt+UueHStX/b/OzrXk8IC5dj/mARGIJI5S61IKln6SZFbJGT6cQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-07-04T07:48:57Z"
mac: ENC[AES256_GCM,data:eJH7Ng7qBO8XtKjAn2grHYlgOhivsD20QqFrUXncte8REpcUac7Td3OSogjXdky7DLhk9Pw0HML/fUu3DmtSFpdPkfg+kpprRXIK8QjYCB3OlDVqsnZiDkUitELtonNLddUKPOJW8B6EOiLPFyESJzBKGA0NqY7GVVFe7JSI1P4=,iv:G0ug1InP53pWOcVFTkhEa1l3HLS3w8RDZi3HXSBK9/8=,tag:cDwqTw4z0ideXewB/M0hHg==,type:str]
lastmodified: "2023-07-11T22:22:26Z"
mac: ENC[AES256_GCM,data:IeaIejtLIrrvlOTKJhRs59WCcRfgd+GNATToi9EdzZLz+Fde1sWwOFHCJiq1/telws38bGjN9LmaSy/JucQS8tGMe4Hh5baz/bW0gGP4s1Q96wytwou4fWBHc7mtlDko+F2lygHJ/JAy4ZA8Cev/d7KhPo1EV48x/WI1Mg5rDeI=,iv:GXXcZT0m2qo3tBUknBbJKDLuu+qdllNG8mFfyVX/wmY=,tag:z3Z40dfFI4TfdMQIM78p1g==,type:str]
pgp:
- created_at: "2022-11-18T16:37:58Z"
enc: |