Compare commits
1 commit
main
...
purgetunus
| Author | SHA1 | Date | |
|---|---|---|---|
|
0e89677675
|
49 changed files with 660 additions and 1559 deletions
|
|
@ -8,8 +8,8 @@ keys:
|
|||
- &fugi BF37903AE6FD294C4C674EE24472A20091BFA792
|
||||
- &emmanuel E83F398E6423179FE4F63D4FF085CAD394DE329D
|
||||
- &joachim B1A16011B86BACB56ADB713DB712039D23133661
|
||||
- &jonasga FB44F0746DF25F0B24A2EAE586C8A257C3EC82AB
|
||||
- &hendrik FBBFAC260D9283D1EF2397DD3CA65E9DD6EB319D
|
||||
- &frieder age1x76ajqw8w4l5vlkwt5s3flz5a5jq5qlxv7uppmnf8ckj9egh9ekqjclzt6
|
||||
- &quitte age1wvdnprpnq2rcc4se3zpx2p267n0apxg2jucvlm93e3pfj439ephqh2506t
|
||||
- &tomate age18lwgjazaxujqgcc5j0gjllnykhtjn6p0q44jzrsk4au2a5k6nd9s77kd6d
|
||||
|
||||
|
|
@ -23,9 +23,9 @@ creation_rules:
|
|||
- *rouven
|
||||
- *fugi
|
||||
- *joachim
|
||||
- *jonasga
|
||||
- *hendrik
|
||||
age:
|
||||
- *frieder
|
||||
- *quitte
|
||||
- path_regex: secrets/tomate\.yaml$
|
||||
key_groups:
|
||||
|
|
@ -36,9 +36,9 @@ creation_rules:
|
|||
- *rouven
|
||||
- *fugi
|
||||
- *joachim
|
||||
- *jonasga
|
||||
- *hendrik
|
||||
age:
|
||||
- *frieder
|
||||
- *tomate
|
||||
- path_regex: secrets/admin\.yaml$
|
||||
key_groups:
|
||||
|
|
@ -49,5 +49,5 @@ creation_rules:
|
|||
- *rouven
|
||||
- *fugi
|
||||
- *joachim
|
||||
- *jonasga
|
||||
- *hendrik
|
||||
- *frieder
|
||||
|
|
|
|||
158
flake.lock
generated
158
flake.lock
generated
|
|
@ -7,11 +7,11 @@
|
|||
"poetry2nix": "poetry2nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1730751072,
|
||||
"narHash": "sha256-+FQjzCNV3k8U4BfNcFmoZTRf8aO9ufn3s7kkzHj/b7s=",
|
||||
"lastModified": 1714117615,
|
||||
"narHash": "sha256-Ilu7j7tihFI0jtnsQS+7H0SZX4C61NZHaV/7fJ39t/E=",
|
||||
"owner": "fsr",
|
||||
"repo": "course-management",
|
||||
"rev": "60b7062ce47ee9f0609e701ad5eb5e3e0a857ff2",
|
||||
"rev": "9e5ab11788b926a9a26d2aaa0e0958c3c5865cc9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -27,11 +27,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1730889586,
|
||||
"narHash": "sha256-SLgo7UjWLaFaaUPFqzKbr9DLAGzm5kparfxuJHEpK3w=",
|
||||
"lastModified": 1698049587,
|
||||
"narHash": "sha256-gNxpJdxSrpWMTBSGFO4HfXgr+FiAGtwEXCvxd6W8IUQ=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "a111147ce5eaea4f1d691afe1203e7529d68522d",
|
||||
"revCount": 9,
|
||||
"rev": "2d05abcd2b4e59db421c86fa9adaffa3dccb1086",
|
||||
"revCount": 7,
|
||||
"type": "git",
|
||||
"url": "https://git.ifsr.de/ese/manual-website"
|
||||
},
|
||||
|
|
@ -45,11 +45,11 @@
|
|||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1726560853,
|
||||
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
|
||||
"lastModified": 1694529238,
|
||||
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
|
||||
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -63,11 +63,11 @@
|
|||
"systems": "systems_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1726560853,
|
||||
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
|
||||
"lastModified": 1694529238,
|
||||
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
|
||||
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -78,7 +78,7 @@
|
|||
},
|
||||
"flake-utils_3": {
|
||||
"inputs": {
|
||||
"systems": "systems_5"
|
||||
"systems": "systems_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1681202837,
|
||||
|
|
@ -101,11 +101,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1741421991,
|
||||
"narHash": "sha256-3zjj1ahW+MTXYyonO2xcYeg2p21+KcEHtzCI/Bvj9do=",
|
||||
"lastModified": 1708628927,
|
||||
"narHash": "sha256-1ObvmmEzbW2YjY/jJyfOoxhxIe54zcsOBMzgehnclRg=",
|
||||
"owner": "fsr",
|
||||
"repo": "kpp",
|
||||
"rev": "0bd5b34145b398a597b17764d18360e4db8033f1",
|
||||
"rev": "05e370097af21ddb776bec907942c60e6aebc394",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -123,11 +123,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1729742964,
|
||||
"narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
|
||||
"lastModified": 1698974481,
|
||||
"narHash": "sha256-yPncV9Ohdz1zPZxYHQf47S8S0VrnhV7nNhCawY46hDA=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-github-actions",
|
||||
"rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
|
||||
"rev": "4bb5e752616262457bc7ca5882192a564c0472d2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -143,11 +143,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1742174123,
|
||||
"narHash": "sha256-pDNzMoR6m1ZSJToZQ6XDTLVSdzIzmFl1b8Pc3f7iV6Y=",
|
||||
"lastModified": 1720334033,
|
||||
"narHash": "sha256-X9pEvvHTVWJphhbUYqXvlLedOndNqGB7rvhSvL2CIgU=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-index-database",
|
||||
"rev": "2cfb4e1ca32f59dd2811d7a6dd5d4d1225f0955c",
|
||||
"rev": "685e40e1348007d2cf76747a201bab43d86b38cb",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -158,11 +158,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1730531603,
|
||||
"narHash": "sha256-Dqg6si5CqIzm87sp57j5nTaeBbWhHFaVyG7V6L8k3lY=",
|
||||
"lastModified": 1701253981,
|
||||
"narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "7ffd9ae656aec493492b44d0ddfb28e79a1ea25d",
|
||||
"rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -172,18 +172,34 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1720282526,
|
||||
"narHash": "sha256-dudRkHPRivMNOhd04YI+v4sWvn2SnN5ODSPIu5IVbco=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "550ac3e955c30fe96dd8b2223e37e0f5d225c927",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "release-24.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1742512142,
|
||||
"narHash": "sha256-8XfURTDxOm6+33swQJu/hx6xw1Tznl8vJJN5HwVqckg=",
|
||||
"lastModified": 1720244366,
|
||||
"narHash": "sha256-WrDV0FPMVd2Sq9hkR5LNHudS3OSMmUrs90JUTN+MXpA=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "7105ae3957700a9646cc4b766f5815b23ed0c682",
|
||||
"rev": "49ee0e94463abada1de470c9c07bfc12b36dcf40",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-24.11",
|
||||
"ref": "nixos-24.05",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
|
|
@ -202,27 +218,6 @@
|
|||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"notenrechner": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1742228793,
|
||||
"narHash": "sha256-USud87Uu/ZI6R+4vM0hxLdkOUr6nsJCnAEeIrtSRkCU=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "c100e3dba23a089fbdf403d2ba31cf87614ee035",
|
||||
"revCount": 10,
|
||||
"type": "git",
|
||||
"url": "https://git.ifsr.de/frieder.hannenheim/notenrechner.git"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://git.ifsr.de/frieder.hannenheim/notenrechner.git"
|
||||
}
|
||||
},
|
||||
"poetry2nix": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_2",
|
||||
|
|
@ -235,11 +230,11 @@
|
|||
"treefmt-nix": "treefmt-nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1730284601,
|
||||
"narHash": "sha256-eHYcKVLIRRv3J1vjmxurS6HVdGphB53qxUeAkylYrZY=",
|
||||
"lastModified": 1701399357,
|
||||
"narHash": "sha256-QSGP2J73HQ4gF5yh+MnClv2KUKzcpTmikdmV8ULfq2E=",
|
||||
"owner": "nix-community",
|
||||
"repo": "poetry2nix",
|
||||
"rev": "43a898b4d76f7f3f70df77a2cc2d40096bc9d75e",
|
||||
"rev": "7acb78166a659d6afe9b043bb6fe5cb5e86bb75e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -275,7 +270,6 @@
|
|||
"kpp": "kpp",
|
||||
"nix-index-database": "nix-index-database",
|
||||
"nixpkgs": "nixpkgs_2",
|
||||
"notenrechner": "notenrechner",
|
||||
"print-interface": "print-interface",
|
||||
"sops-nix": "sops-nix",
|
||||
"vscode-server": "vscode-server"
|
||||
|
|
@ -285,14 +279,15 @@
|
|||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
],
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1742406979,
|
||||
"narHash": "sha256-r0aq70/3bmfjTP+JZs4+XV5SgmCtk1BLU4CQPWGtA7o=",
|
||||
"lastModified": 1720321395,
|
||||
"narHash": "sha256-kcI8q9Nh8/CSj0ygfWq1DLckHl8IHhFarL8ie6g7OEk=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "1770be8ad89e41f1ed5a60ce628dd10877cb3609",
|
||||
"rev": "c184aca4db5d71c3db0c8cbfcaaec337a5d065ea",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -360,21 +355,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_5": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"treefmt-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
|
@ -384,11 +364,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1730120726,
|
||||
"narHash": "sha256-LqHYIxMrl/1p3/kvm2ir925tZ8DkI0KA10djk8wecSk=",
|
||||
"lastModified": 1699786194,
|
||||
"narHash": "sha256-3h3EH1FXQkIeAuzaWB+nK0XK54uSD46pp+dMD3gAcB4=",
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"rev": "9ef337e492a5555d8e17a51c911ff1f02635be15",
|
||||
"rev": "e82f32aa7f06bbbd56d7b12186d555223dc399d1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -397,35 +377,17 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"utils": {
|
||||
"inputs": {
|
||||
"systems": "systems_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1731533236,
|
||||
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"vscode-server": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_3",
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1729422940,
|
||||
"narHash": "sha256-DlvJv33ml5UTKgu4b0HauOfFIoDx6QXtbqUF3vWeRCY=",
|
||||
"lastModified": 1713958148,
|
||||
"narHash": "sha256-8PDNi/dgoI2kyM7uSiU4eoLBqUKoA+3TXuz+VWmuCOc=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-vscode-server",
|
||||
"rev": "8b6db451de46ecf9b4ab3d01ef76e59957ff549f",
|
||||
"rev": "fc900c16efc6a5ed972fb6be87df018bcf3035bc",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
|||
17
flake.nix
17
flake.nix
|
|
@ -1,6 +1,6 @@
|
|||
{
|
||||
inputs = {
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";
|
||||
sops-nix.url = "github:Mic92/sops-nix";
|
||||
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
nix-index-database.url = "github:nix-community/nix-index-database";
|
||||
|
|
@ -14,9 +14,6 @@
|
|||
ese-manual.url = "git+https://git.ifsr.de/ese/manual-website";
|
||||
ese-manual.inputs.nixpkgs.follows = "nixpkgs";
|
||||
vscode-server.url = "github:nix-community/nixos-vscode-server";
|
||||
notenrechner.url = "git+https://git.ifsr.de/frieder.hannenheim/notenrechner.git";
|
||||
notenrechner.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
|
||||
course-management = {
|
||||
url = "github:fsr/course-management";
|
||||
|
|
@ -39,7 +36,6 @@
|
|||
supportedSystems = [ "x86_64-linux" ];
|
||||
forAllSystems = nixpkgs.lib.genAttrs supportedSystems;
|
||||
pkgs = forAllSystems (system: nixpkgs.legacyPackages.${system});
|
||||
|
||||
in
|
||||
{
|
||||
packages = forAllSystems (system: rec {
|
||||
|
|
@ -81,24 +77,21 @@
|
|||
./modules/courses
|
||||
./modules/wiki
|
||||
./modules/matrix
|
||||
./modules/keycloak
|
||||
./modules/monitoring
|
||||
|
||||
./modules/nix-serve.nix
|
||||
./modules/hedgedoc.nix
|
||||
./modules/padlist.nix
|
||||
./modules/nextcloud.nix
|
||||
./modules/keycloak.nix
|
||||
./modules/monitoring.nix
|
||||
./modules/vaultwarden.nix
|
||||
./modules/forgejo
|
||||
./modules/kanboard.nix
|
||||
./modules/zammad.nix
|
||||
# ./modules/decisions.nix
|
||||
./modules/stream.nix
|
||||
./modules/decisions.nix
|
||||
# ./modules/struktur-bot.nix
|
||||
{
|
||||
nixpkgs.overlays = [
|
||||
self.overlays.default
|
||||
];
|
||||
nixpkgs.overlays = [ self.overlays.default ];
|
||||
sops.defaultSopsFile = ./secrets/quitte.yaml;
|
||||
}
|
||||
];
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{ pkgs, ... }:
|
||||
{ pkgs, config, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
|
|
@ -16,6 +16,7 @@
|
|||
# boot.kernelParams = [ "video=VGA-1:1024x768@30" ];
|
||||
boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.supportedFilesystems = [ "zfs" ];
|
||||
boot.kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
|
||||
|
||||
services.zfs = {
|
||||
trim.enable = true;
|
||||
|
|
@ -26,17 +27,6 @@
|
|||
time.timeZone = "Europe/Berlin";
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
|
||||
security.sudo.extraRules = [
|
||||
{
|
||||
commands = [
|
||||
{
|
||||
command = "ALL";
|
||||
options = [ "NOPASSWD" ];
|
||||
}
|
||||
];
|
||||
groups = [ "admins" ];
|
||||
}
|
||||
];
|
||||
# prevent fork bombs
|
||||
security.pam.loginLimits = [
|
||||
{
|
||||
|
|
|
|||
|
|
@ -2,10 +2,10 @@
|
|||
{
|
||||
networking = {
|
||||
# portunus module does weird things to this, so we force it to some sane values
|
||||
hosts = {
|
||||
"127.0.0.1" = lib.mkForce [ "quitte.ifsr.de" "quitte" ];
|
||||
"::1" = lib.mkForce [ "quitte.ifsr.de" "quitte" ];
|
||||
};
|
||||
# hosts = {
|
||||
# "127.0.0.1" = lib.mkForce [ "quitte.ifsr.de" "quitte" ];
|
||||
# "::1" = lib.mkForce [ "quitte.ifsr.de" "quitte" ];
|
||||
# };
|
||||
hostId = "a71c81fc";
|
||||
domain = "ifsr.de";
|
||||
hostName = "quitte";
|
||||
|
|
@ -31,26 +31,14 @@
|
|||
networks."10-wired-default" = {
|
||||
matchConfig.Name = "enp65s0f0np0";
|
||||
|
||||
address = [
|
||||
|
||||
"141.30.30.194/26"
|
||||
"2a13:dd85:b23:1::1337/64"
|
||||
];
|
||||
address = [ "141.30.30.169/25" ];
|
||||
routes = [
|
||||
{
|
||||
Gateway = "141.30.30.193";
|
||||
}
|
||||
{
|
||||
Gateway = "fe80::7a24:59ff:fe5e:6e2f";
|
||||
routeConfig.Gateway = "141.30.30.129";
|
||||
}
|
||||
];
|
||||
networkConfig = {
|
||||
DNS = [
|
||||
"9.9.9.9"
|
||||
"149.112.112.112"
|
||||
"2620:fe::fe"
|
||||
"2620:fe::9"
|
||||
];
|
||||
DNS = "141.30.1.1";
|
||||
LLDP = true;
|
||||
EmitLLDP = "nearest-bridge";
|
||||
};
|
||||
|
|
|
|||
|
|
@ -106,6 +106,7 @@
|
|||
};
|
||||
|
||||
# Enable sound with pipewire.
|
||||
sound.enable = true;
|
||||
hardware.pulseaudio.enable = false;
|
||||
security.rtkit.enable = true;
|
||||
services.pipewire = {
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@
|
|||
address = [ "141.30.86.196/26" ];
|
||||
routes = [
|
||||
{
|
||||
Gateway = "141.30.86.193";
|
||||
routeConfig.Gateway = "141.30.86.193";
|
||||
}
|
||||
];
|
||||
networkConfig = {
|
||||
|
|
|
|||
92
keys/pgp/jonasga.asc
Normal file
92
keys/pgp/jonasga.asc
Normal file
|
|
@ -0,0 +1,92 @@
|
|||
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
||||
|
||||
mQINBGNNDUkBEADJu4HorNwlrimCfAmf1Sb2iHMoS4xwYn7AaU+U3RVivIfB/qNi
|
||||
+ggKF6osggihttIPEQqXqS591jutnIKP+KKvD9n8/jfCsDi5m6Ddwz61rL2NvEad
|
||||
bMJSViUzIEIDgQTJT8CByWJpPPND3MoKOuEK/XUQpKmhACT8l+xWSz9UpxPchAUa
|
||||
1vI7Q+jt/ik0EI7sH5WFaBzFj4xAwXXyWYuw6G5nP2oW237NLQnMwMFywLOyI7Qm
|
||||
+PfY/l4HKrNFYBiuv4ToGU5tAb1a23Rp+IV9faPZsT0IFYdxdkQUuu9s2JZ2UnvV
|
||||
VfJ0NWheToCY/R4TZkMDGhNSpotsRLhgdsVJsoBws61ndV/IgrIQbVnMNZrXvn+z
|
||||
tOtdlECVflGIICJkbXtBiGtgMRdJMNHnt4a3/2yPtCTG03Kt+38COh0ox5j3+HIg
|
||||
87Xxxln7z8zolalRkKi6NbOY7qoITcnbZIF972/8SI3UjYERJ4/ay9ucKIU1WLGv
|
||||
Ei97s+IDHt8KXJizc4Z7XfssZ9BcIZ/ekfOopN2Av0U33LCcTKHw9ZVmuoZCfL+u
|
||||
L8TDQLHJT75n+4yOTKXu00pYxWqT5FOFS0RMYb98QLDmcIDQ+B7pw82UGF3/3Fx6
|
||||
YBNY4IjFqIovVmU1UKt4KdLrdOSN8cQtcCxORqT+89bjIG68DbIzO7iCpQARAQAB
|
||||
tDFKb25hcyBHYWZma2UgPGpvbmFzLmdhZmZrZUBtYWlsYm94LnR1LWRyZXNkZW4u
|
||||
ZGU+iQJUBBMBCgA+AhsDBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE+0TwdG3y
|
||||
XwskourlhsiiV8PsgqsFAmS3zscFCQcOW/4ACgkQhsiiV8Psgqvirg/9H+XHvntb
|
||||
shbst+vM9x8IKwhaOrH6IwZa/b9v8y8MRmbXoculQUuDyoeN0+RZkdeYZ25cjbnj
|
||||
qGzFS2gspWgNcpQ6yH3lOiwFMWG18M8RrXnpe0lOuo1JrqN10xgnbE/XahAdzshq
|
||||
riTMd8c2u8xaTQpLajdzPjgn13eDsqq1GfdTUi+p6olIwEhVH+PBxNQsav5EaU/0
|
||||
BzVnIC0U/TDeNmZk6NNvxJItDwdGbDW9fIlWSoz112WlnBTaP0cwg9lKVGSXfECc
|
||||
HSh+FKhJoaCxXxy2lsSJTz0yvjZp/lKCQ1aOd546CMChoncaN7G+rQZjk2reCoE2
|
||||
zMey8zm0o3ik4aVEHLRbPhM7en0wywp1H4NmEq94cvQ2epYS58YB8owrZk/cSlqc
|
||||
NH3Jw9wqQx3Wd+WLCYVn/Hoyj1QxeQJ1xvLau4KDE7dTVBXfWX9pv+zUi54R1bxB
|
||||
82907uId83VrtC0hGtwNz68wIfFduZJapZ50nIe+aXM3h4/BBqA7R2H/MKBy3VoA
|
||||
+pVVcIXk1HHEoZCt141ikHLOYAeUo8A98Dh6BESCuh0tCNa7Xh/3EZnvPIAVmiP4
|
||||
twrHYz2ARG6NgIVJCwnmSHyV76gPwT98fuX5KRkGh9Ev19DBL75tvLiwLiqSiR4Y
|
||||
liwM4YMa71wqet+CsQ7CAdI7LaGOB1wo7Xe0H0pvbmFzIEdhZmZrZSA8am9uYXNA
|
||||
am9uYXNnYS5pbz6JAlQEEwEKAD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AW
|
||||
IQT7RPB0bfJfCySi6uWGyKJXw+yCqwUCZLfOxwUJBw5b/gAKCRCGyKJXw+yCq0tN
|
||||
D/4/sle7D5dGsl12/2hq09rKOYeN2IedzTYtY6EYaMVMGgh35YVUXYRsj0JmIt3c
|
||||
m/L68d3rhxkiIxSdaXxZDvVvoOATgAnn4wXuz2LrtxoPpwVb8yREBIDSTymAHKgT
|
||||
5IXWl/x2CB6rQ9rlyg00m4sEOJ3newytVK24QtEiSseuDrR+5RGyP85UFjVSKWtE
|
||||
kYuIk1Rst+T0XJUJlIMjpMLtTF9Z15FwTRvPUhHfO8wmdp/xfHWdyB0qZI0QdnlA
|
||||
4uGP1TaXw7fm1o1frlla6LxIRCIe/Bk4pIPVg70BjO8HDPr8AQhTLqa2+1rI+AXD
|
||||
Wp3ROOe5X0fXV3liT/J/lXLBerWbYibVcHZluvEru7cgS3xBrbKP4OCF0i3xvueU
|
||||
dZnat1bfNPua6VXxACfoIGP7XYoRH+mx1Pv0tCiGv++5Lr9QGmDRwFEC1IgMnPu3
|
||||
YVu3wrTVZhyhyPKlp1golx9ZCemgyimqNNdfDEea0I75UTkoOfLpjwFGHuB2KiOX
|
||||
xyfaIxgOLN3/eefT6GYGmI9/it7E2cZhjEMCRRHsqFEa3MSZABIs/VGFctsJVVQy
|
||||
ke5hZavElLUGbDeP3GCdAnYb+DG3lP1KuzCqaGwpfZOh9WqlmxhGHnr+SkPDcAwO
|
||||
E6FZ63E6da1BW7aqQK9IQIlz1wT2fwLfyyiNTuH0GksA67QkSm9uYXMgR2FmZmtl
|
||||
IDxqb25hcy5nYWZma2VAYWdkc24uZGU+iQJUBBMBCgA+AhsDBQsJCAcCBhUKCQgL
|
||||
AgQWAgMBAh4BAheAFiEE+0TwdG3yXwskourlhsiiV8PsgqsFAmS3zscFCQcOW/4A
|
||||
CgkQhsiiV8PsgqvrihAAryY5C9niS6gXqKVnXWNlf/cesDCRNEs1akOLmwF4S541
|
||||
dsbKt9Ox4EWjaGkVC3ucKa7ejRqkOSoVnj+8iEDFaLJbhd2btYjKqWRXm8leuiHq
|
||||
SJ8tdsBDXXYodp8riTaPw8q+BV/OIjalTRq06dCon7kJtQiPolSvUr+pz9BIcWCV
|
||||
DxVlx/tI5SUuLEfa0cxFjkxVX/PyjijF3NXelMxDGDv4VjXZcZ8/gbHZUQeba4ku
|
||||
utfyeUpz8Jk2QcCROtO9XQNvPw8ae9KC+zSmiWOmK8CEMM9UAnHHV3M4nPi8Toef
|
||||
Na/W+48uWX7MNsD2DvQPft8Rv71bPnJpdU2sPfND4I8TsV0cjKRapfuhDkBA7QF7
|
||||
RxQtDS2QE1pMI2MbLoAJi2vItnXx1GV61ZL40pNbofVylJLfddjSJ2Mt2Vr9CxOJ
|
||||
yNk+lq36DzWELcWTbW8wlinEmzg3EPFMQKfPtMGAqQ/c+5e4WCxGPdwYZMpX5CRc
|
||||
SevoIWIS7D0lSzxMFnEmSEbV8UTCiQTqOYKvwXpD8APJ0BlJzxSxh6nWOvW63O4q
|
||||
hZWU+iNjifongAZ5bHdj9LTnLcMZtNZCUaGOT3JQOfXo9CFCa9CQY45RNHFCyWpj
|
||||
jMONEUxh/kSBiNmCQ7hReiMOo0v0DPziZGlU6xOgbO7FY65w/aBG4KzyO54ObtG0
|
||||
I0pvbmFzIEdhZmZrZSA8am9uYXMuZ2FmZmtlQGlmc3IuZGU+iQJUBBMBCgA+AhsD
|
||||
BQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEE+0TwdG3yXwskourlhsiiV8PsgqsF
|
||||
AmS3zscFCQcOW/4ACgkQhsiiV8Psgqu1uRAAxd4g81gphfrBqh7dQdJxYoj6CWqZ
|
||||
+yrqkoFLrHtT2nEc2o/gzJ3NRtUOVVkbZavWm3+U0/kYn0l/2pC/rRh7EzMmqVqV
|
||||
tib+F56dWTSiJ/4jwkUIxKiQdUYP9M1HHyYUY+aNU+ob3S19IMy4hvE/jSk7o8y6
|
||||
vYx4LsOkxr2/VclsUE+1F9rPUUymbwPzcLCuStP2dHrIvyVTyKFEE2SYv8Vt53sb
|
||||
6IFfo1Fef3gVzlfPgYVpprnumF1SDufSIT4xy5NIbKngeUxlLzsXFpgjoAEqGJQM
|
||||
XdlAc1JwOL0vB5F8fYVXvCn/xqGdm5XByAQZhZsod0yPvfLr56T57wRQl2KZLDFk
|
||||
90FSVgn9Z+mfimixgo5sQ6PJaLmBZl4ZLdnX1RGT8sjXyhX8QRdB8VRk1NEoxBWv
|
||||
W7ZvuLZXJ5HuVj8zsrS56PFBwcIure4K9OZyYdWIDLLGDyMWBcXhmbrcHxTsBoCH
|
||||
vWIY6xQdpKBwnK/eDeMTcvyxnfbRbg1InvPp9WwUHixiJpFfJg/D3ljKp9DfhG1I
|
||||
KZs6kc7rxiUdrxsAul2thrd9OdVWHWc8KZgHH3Lu/+0Ff4BqgTCHOtAQF1WRLGMq
|
||||
Bz/ZmkaPpF+bCFL8DIWKpZ0RIroGzRrJ/+HpPrNifgTLppXFeORaERmBKjsvGxk9
|
||||
kxs4/YrT7NRJFci5Ag0EY00NSQEQAL2QNEcd2EB7Pxgfywr8FKH5j7pa5LcLPAIQ
|
||||
zSQYIcjkNJ2RwCFJ2NRmnlHi1K/Ig2rU/CyHn2AQ5xJirMn08Zfe40L8fLjR8nx8
|
||||
8123BxURzC9jOy9/P4XQnVsyA82nyjm1b7ZdYxBKtfuw1p3N5ZBn0VIQ8tcdIkVw
|
||||
WB1WWK5kvkhHzjrtJBTKsgFXGreKdy7eSXdJ+GnXRAcGMtvDdLI3FuuqFhSiQk5Z
|
||||
8iuG8vbIefC/FvK74qADST3rFi+hKDVx+nMrGMtaNs41ogrgcsOL5kg62MLH562x
|
||||
g3/a4xk75374t9j1SuJOz74PuSdpyNuj1Np9nrA7qjCpiXgoD2RKv6nUVdtg2ONT
|
||||
2D4HU65gq4/EJhgLm0pybImBmaNV0yQ7c1jvTl5UvDe6eo+PiKSheDJUKt1Yf+qM
|
||||
8RGquQ08kYvYSIqGEPmZGWTLfKUrmGdRPP8M1GiavOph5zagRRUvx8fMAZ24YmBD
|
||||
NdkrFs4TykfwWpKXxxgnAFfpe/U8qh0Nn3EpMbFVddykGgbu/lp0hlD9sBwMRKSN
|
||||
WrjP6EcQxU+2F+iXA7ycnqc0gm2NFbF7hxfq01aeHsAEDYjJ7P3MqhS77eizubnF
|
||||
uMmFBN7bX8nSzgBW3EPf/U6MXWgVmBu6AoTlLryDN7FVM/lQROyysAzXAZTpVfdj
|
||||
JYvK6Ek7ABEBAAGJAjYEGAEKACAWIQT7RPB0bfJfCySi6uWGyKJXw+yCqwUCY00N
|
||||
SQIbDAAKCRCGyKJXw+yCq894EADEaqstXPduTKMdKoI3nA4IzODp89HXEyxZ5w7I
|
||||
WBX9QVu6bsI6uIXCb6YTNaleLUoz6XKHKctzCexyNOSChbKeFC5pnCejqjTHZfip
|
||||
6bUcuaFYGsbzWUEasIlMxISLs3yHSf5sN7FNU2Oms/3EE5nY/pFZKR4V/bvk7FdG
|
||||
UIE6/Pv9Z7Xw/y83CH+W72y83Ugk3iqFjcNcFRQ1JIHASqka5T2k6FTSfTvHlrRG
|
||||
yTSsGe9r2Gkh8GkGmaMboIW/drd71w81Wn5wUWDZBWqEP0UMQ5mld/sGCnmiM2u7
|
||||
yWbYXSTUvluutHsXZuhlAv8TGp6VkpCtmUquoM1UpmEGRb223YDPtBZdyOl+UnQE
|
||||
b8pN0pt+yDlYXX7kMi/i9WgR/vKm6YlAKziJwOdnKG4bP/urZDz602BXJWH8TWim
|
||||
/1CT5uMEdSEN5xBjyUt0q6Q1eGtB4Rub9J492yGJmp3IhvzeYoOmKjtmyPKFdDki
|
||||
21eBTU/TSPHToYtVW3Xm5afdM9313Y+hB3gyC9cQWWJdDi/rUtVi//j8lQErKxoM
|
||||
h97b5VOeFMO21EFXGiTLlPaP+qs7Ngqc4/Y7rGAbr50CVVDJUxawMO0+r32j+M2o
|
||||
rBWzVWTKM0uFGTRdVzwWSnYTltU1JoZ0xmV9HGJhLuQHRJ+F+8n7YxIke9wVU1yR
|
||||
q0Mleg==
|
||||
=M2wX
|
||||
-----END PGP PUBLIC KEY BLOCK-----
|
||||
|
|
@ -1 +0,0 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH70IC7DaiGBYdftUhuOE9CatcdYj2L50eZfztQA+pVs fried@Frieders-Void-Laptop
|
||||
1
keys/ssh/jonasga
Normal file
1
keys/ssh/jonasga
Normal file
|
|
@ -0,0 +1 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpOQuIl31BL16yXdLlbzSDCle6bjE3WNVXzOV9ibdzEC3PpUufJDTU7FMW3WCO9fnYJ5osPKbV9nou5/10mPuN0g+k1e0NWUZNHbG+5zRqS7QYGFmtDC8EUTx1xnri5zMBMn9jzjNE8BkqvsjGrHcVCtI2T51slwFjE60GFkloQ7izRDrNkge1iM57KhoXz5MeYJtolDqeOh5P7nfAUR4bGT/gGtYVd85oCvbsHcjF9vgDovAfNP+zQhUn51ZOXvGp8+1/MAJVtxLfjC9Ma3LRiiliD6w5zcsksG5cUGcj2Sk9i/7nTm7g5MGo4EKwgPMw/MRzSRzvlZ76oPSPSLKn jonas@T14s
|
||||
|
|
@ -14,9 +14,8 @@
|
|||
enable = true;
|
||||
name = "ifsr-quitte";
|
||||
extraClientConfig = ''
|
||||
Comm Compression = no
|
||||
Maximum Concurrent Jobs = 20
|
||||
FDAddress = 141.30.30.194
|
||||
FDAddress = 141.30.30.169
|
||||
PKI Signatures = Yes
|
||||
PKI Encryption = Yes
|
||||
PKI Keypair = ${config.sops.secrets."bacula/keypair".path}
|
||||
|
|
|
|||
|
|
@ -64,6 +64,7 @@
|
|||
../../keys/ssh/jannusch
|
||||
../../keys/ssh/jannusch-arch
|
||||
../../keys/ssh/tassilo
|
||||
../../keys/ssh/jonasga
|
||||
../../keys/ssh/rouven
|
||||
../../keys/ssh/joachim
|
||||
];
|
||||
|
|
@ -72,7 +73,6 @@
|
|||
time.timeZone = "Europe/Berlin";
|
||||
|
||||
# basic shell & editor
|
||||
programs.vim.enable = true;
|
||||
programs.vim.defaultEditor = true;
|
||||
|
||||
# List packages installed in system profile. To search, run:
|
||||
|
|
@ -104,7 +104,6 @@
|
|||
ltrace
|
||||
strace
|
||||
mtr
|
||||
nix-output-monitor
|
||||
traceroute
|
||||
smartmontools
|
||||
sysstat
|
||||
|
|
@ -113,8 +112,6 @@
|
|||
eza
|
||||
zsh
|
||||
unzip
|
||||
yazi
|
||||
imagemagick
|
||||
];
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -15,14 +15,13 @@
|
|||
enabled = true
|
||||
# aggressive mode to add blocking for aborted connections
|
||||
filter = dovecot[mode=aggressive]
|
||||
maxretry = 15
|
||||
maxretry = 3
|
||||
'';
|
||||
postfix = ''
|
||||
enabled = true
|
||||
filter = postfix[mode=aggressive]
|
||||
maxretry = 15
|
||||
maxretry = 3
|
||||
'';
|
||||
sshd.settings.maxretry = 15;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,9 +3,7 @@
|
|||
services.rsyslogd = {
|
||||
enable = true;
|
||||
defaultConfig = ''
|
||||
$FileCreateMode 0640
|
||||
:programname, isequal, "postfix" /var/log/postfix.log
|
||||
:programname, isequal, "portunus" /var/log/portunus.log
|
||||
|
||||
auth.* -/var/log/auth.log
|
||||
'';
|
||||
|
|
|
|||
|
|
@ -10,6 +10,7 @@
|
|||
user = "mysql";
|
||||
location = "/var/lib/backup/mysql";
|
||||
databases = [
|
||||
"decisions"
|
||||
"fsrewsp"
|
||||
"nightline"
|
||||
"wiki_ese"
|
||||
|
|
|
|||
|
|
@ -7,14 +7,10 @@
|
|||
({ name, ... }: {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
# enable http3 for all hosts
|
||||
quic = true;
|
||||
http3 = true;
|
||||
# split up nginx access logs per vhost
|
||||
extraConfig = ''
|
||||
access_log /var/log/nginx/${name}_access.log;
|
||||
error_log /var/log/nginx/${name}_error.log;
|
||||
add_header Alt-Svc 'h3=":443"; ma=86400';
|
||||
'';
|
||||
})
|
||||
);
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{ pkgs, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
# From: https://nixos.wiki/wiki/Podman
|
||||
virtualisation.containers.enable = true;
|
||||
|
|
|
|||
|
|
@ -5,6 +5,7 @@
|
|||
enable = true;
|
||||
location = "/var/lib/backup/postgresql";
|
||||
databases = [
|
||||
"directus_ese"
|
||||
"course-management"
|
||||
"git"
|
||||
"grafana"
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@ let
|
|||
hostName = "kurse.${config.networking.domain}";
|
||||
in
|
||||
{
|
||||
imports = [ ./phil.nix ];
|
||||
sops.secrets =
|
||||
let inherit (config.services.course-management) user;
|
||||
in
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{ config, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
domain = "decisions.${config.networking.domain}";
|
||||
in
|
||||
|
|
|
|||
|
|
@ -1,30 +0,0 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
sops.secrets."forgejo/runner-token" = { };
|
||||
services.gitea-actions-runner = {
|
||||
package = pkgs.forgejo-actions-runner;
|
||||
instances."quitte" = {
|
||||
enable = true;
|
||||
labels = [
|
||||
# provide a debian base with nodejs for actions
|
||||
"debian-latest:docker://node:18-bullseye"
|
||||
# fake the ubuntu name, because node provides no ubuntu builds
|
||||
"ubuntu-latest:docker://node:18-bullseye"
|
||||
# provide native execution on the host
|
||||
# "native:host"
|
||||
];
|
||||
tokenFile = config.sops.secrets."forgejo/runner-token".path;
|
||||
url = "https://git.ifsr.de";
|
||||
name = "quitte";
|
||||
settings = {
|
||||
container = {
|
||||
# use podman's default network, otherwise dns was not working for some reason
|
||||
network = "podman";
|
||||
# don't mount the docker socket into the build containers,
|
||||
# this would basically mean root on the host...
|
||||
docker_host = "-";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
@ -4,9 +4,9 @@ let
|
|||
gitUser = "git";
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
./actions.nix
|
||||
];
|
||||
# imports = [
|
||||
# ./actions.nix
|
||||
# ];
|
||||
sops.secrets.gitea_ldap_search = {
|
||||
key = "portunus/search-password";
|
||||
owner = config.services.forgejo.user;
|
||||
|
|
@ -22,9 +22,17 @@ in
|
|||
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
# package = pkgs.forgejo.overrideAttrs (_old: {
|
||||
# # patches = [
|
||||
# # # migration fix
|
||||
# # (pkgs.fetchpatch {
|
||||
# # url = "https://codeberg.org/forgejo/forgejo/commit/ae463c7c559e02975ce5e758d8780def978eebee.patch";
|
||||
# # hash = "sha256-cOXPvkLS0n+ynSBTrmEtumZ2PYBeCZmxPpFktqkw6Fo=";
|
||||
# # })
|
||||
# # ];
|
||||
# });
|
||||
user = gitUser;
|
||||
group = gitUser;
|
||||
package = pkgs.forgejo;
|
||||
lfs.enable = true;
|
||||
|
||||
database = {
|
||||
|
|
@ -71,25 +79,22 @@ in
|
|||
PROVIDER = "db";
|
||||
};
|
||||
actions.ENABLED = true;
|
||||
# federation.ENABLED = true;
|
||||
webhook.ALLOWED_HOST_LIST = "*.ifsr.de";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.forgejo.preStart =
|
||||
let
|
||||
exe = lib.getExe config.services.forgejo.package;
|
||||
portunus = config.services.portunus;
|
||||
basedn = "ou=users,${portunus.ldap.suffix}";
|
||||
basedn = "ou=users,dc=ifsr,dc=de";
|
||||
ldapConfigArgs = ''
|
||||
--name LDAP \
|
||||
--active \
|
||||
--security-protocol unencrypted \
|
||||
--host '${portunus.domain}' \
|
||||
--host 'auth.ifsr.de' \
|
||||
--port 389 \
|
||||
--user-search-base '${basedn}' \
|
||||
--user-filter '(&(objectClass=posixAccount)(uid=%s))' \
|
||||
--admin-filter '(isMemberOf=cn=admins,ou=groups,${portunus.ldap.suffix})' \
|
||||
--admin-filter '(isMemberOf=cn=admins,ou=groups,dc=ifsr,dc=de)' \
|
||||
--username-attribute uid \
|
||||
--firstname-attribute givenName \
|
||||
--surname-attribute sn \
|
||||
|
|
|
|||
|
|
@ -49,15 +49,14 @@ in
|
|||
# allow anonymous editing, but not creation of pads
|
||||
allowAnonymous = false;
|
||||
allowAnonymousEdits = true;
|
||||
allowAnonymousUploads = false;
|
||||
defaultPermission = "limited";
|
||||
defaultNotePath = builtins.toString template;
|
||||
# ldap auth
|
||||
ldap = rec {
|
||||
url = "ldap://localhost";
|
||||
searchBase = "ou=users,${config.services.portunus.ldap.suffix}";
|
||||
searchBase = "ou=users,dc=ifsr,dc=de";
|
||||
searchFilter = "(uid={{username}})";
|
||||
bindDn = "uid=${config.services.portunus.ldap.searchUserName},${searchBase}";
|
||||
bindDn = "uid=search,${searchBase}";
|
||||
bindCredentials = "\${LDAP_CREDENTIALS}";
|
||||
useridField = "uid";
|
||||
providerName = "iFSR";
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{ config, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
domain = "kanboard.${config.networking.domain}";
|
||||
domain_short = "kb.${config.networking.domain}";
|
||||
|
|
@ -8,7 +8,7 @@ in
|
|||
|
||||
virtualisation.oci-containers = {
|
||||
containers.kanboard = {
|
||||
image = "ghcr.io/kanboard/kanboard:v1.2.43";
|
||||
image = "ghcr.io/kanboard/kanboard:v1.2.36";
|
||||
volumes = [
|
||||
"kanboard_data:/var/www/app/data"
|
||||
"kanboard_plugins:/var/www/app/plugins"
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ config, ... }:
|
||||
let
|
||||
domain = "sso.${config.networking.domain}";
|
||||
in
|
||||
|
|
@ -12,9 +12,7 @@ in
|
|||
http-port = 8086;
|
||||
https-port = 19000;
|
||||
hostname = domain;
|
||||
proxy-headers = "xforwarded";
|
||||
http-enabled = true;
|
||||
hostname-strict-https = false;
|
||||
proxy = "edge";
|
||||
};
|
||||
# The module requires a password for the DB and works best with its own DB config
|
||||
# Does an automatic Postgresql configuration
|
||||
|
|
@ -22,9 +20,6 @@ in
|
|||
passwordFile = config.sops.secrets."keycloak/db".path;
|
||||
};
|
||||
initialAdminPassword = "plschangeme";
|
||||
themes = with pkgs ; {
|
||||
ifsr = keycloak_ifsr_theme;
|
||||
};
|
||||
};
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
locations."/" = {
|
||||
|
|
@ -1,15 +0,0 @@
|
|||
{ stdenv }:
|
||||
stdenv.mkDerivation rec {
|
||||
name = "keycloak_ifsr_theme";
|
||||
version = "1.1";
|
||||
|
||||
src = ./theme;
|
||||
|
||||
nativeBuildInputs = [ ];
|
||||
buildInputs = [ ];
|
||||
|
||||
installPhase = ''
|
||||
mkdir -p $out
|
||||
cp -a login $out
|
||||
'';
|
||||
}
|
||||
|
|
@ -1,772 +0,0 @@
|
|||
.login-pf {
|
||||
background: none;
|
||||
}
|
||||
|
||||
.login-pf body {
|
||||
background: url(../img/background.jpg) no-repeat center center fixed;
|
||||
background-size: cover;
|
||||
height: 100%;
|
||||
}
|
||||
|
||||
/*IE compatibility*/
|
||||
.pf-c-form-control {
|
||||
font-size: 14px;
|
||||
font-size: var(--pf-global--FontSize--sm);
|
||||
border-width: 1px;
|
||||
border-width: var(--pf-global--BorderWidth--sm);;
|
||||
border-color: #EDEDED #EDEDED #8A8D90 #EDEDED;
|
||||
border-color: var(--pf-global--BorderColor--300) var(--pf-global--BorderColor--300) var(--pf-global--BorderColor--200) var(--pf-global--BorderColor--300);
|
||||
background-color: #FFFFFF;
|
||||
background-color: var(--pf-global--BackgroundColor--100);
|
||||
height: 36px;
|
||||
height: calc(var(--pf-c-form-control--FontSize) * var(--pf-c-form-control--LineHeight) + var(--pf-c-form-control--BorderWidth) * 2 + var(--pf-c-form-control--PaddingTop) + var(--pf-c-form-control--PaddingBottom));
|
||||
padding: 5px 0.5rem;
|
||||
padding: var(--pf-c-form-control--PaddingTop) var(--pf-c-form-control--PaddingRight) var(--pf-c-form-control--PaddingBottom) var(--pf-c-form-control--PaddingLeft);
|
||||
}
|
||||
|
||||
textarea.pf-c-form-control {
|
||||
height: auto;
|
||||
}
|
||||
|
||||
.pf-c-form-control:hover, .pf-c-form-control:focus {
|
||||
border-bottom-color: #0066CC;
|
||||
border-bottom-color: var(--pf-global--primary-color--100);
|
||||
border-bottom-width: 2px;
|
||||
border-bottom-width: var(--pf-global--BorderWidth--md);
|
||||
}
|
||||
|
||||
.pf-c-form-control[aria-invalid=true] {
|
||||
border-bottom-color: #C9190B;
|
||||
border-bottom-color: var(--pf-global--danger-color--100);
|
||||
border-bottom-width: 2px;
|
||||
border-bottom-width: var(--pf-global--BorderWidth--md);
|
||||
}
|
||||
|
||||
.pf-c-check__label, .pf-c-radio__label {
|
||||
font-size: 14px;
|
||||
font-size: var(--pf-global--FontSize--sm);
|
||||
}
|
||||
|
||||
.pf-c-alert.pf-m-inline {
|
||||
margin-bottom: 0.5rem; /* default - IE compatibility */
|
||||
margin-bottom: var(--pf-global--spacer--sm);
|
||||
padding: 0.25rem;
|
||||
padding: var(--pf-global--spacer--xs);
|
||||
border: solid #ededed;
|
||||
border: solid var(--pf-global--BorderColor--300);
|
||||
border-width: 1px;
|
||||
border-width: var(--pf-c-alert--m-inline--BorderTopWidth) var(--pf-c-alert--m-inline--BorderRightWidth) var(--pf-c-alert--m-inline--BorderBottomWidth) var(--pf-c-alert--m-inline--BorderLeftWidth);
|
||||
display: -ms-flexbox;
|
||||
display: grid;
|
||||
-ms-grid-columns: max-content 1fr max-content;
|
||||
grid-template-columns:max-content 1fr max-content;
|
||||
grid-template-columns: var(--pf-c-alert--grid-template-columns);
|
||||
grid-template-rows: 1fr auto;
|
||||
grid-template-rows: var(--pf-c-alert--grid-template-rows);
|
||||
}
|
||||
|
||||
.pf-c-alert.pf-m-inline::before {
|
||||
position: absolute;
|
||||
top: -1px;
|
||||
top: var(--pf-c-alert--m-inline--before--Top);
|
||||
bottom: -1px;
|
||||
bottom: var(--pf-c-alert--m-inline--before--Bottom);
|
||||
left: 0;
|
||||
width: 3px;
|
||||
width: var(--pf-c-alert--m-inline--before--Width);
|
||||
content: ;
|
||||
background-color: #FFFFFF;
|
||||
background-color: var(--pf-global--BackgroundColor--100);
|
||||
}
|
||||
|
||||
.pf-c-alert.pf-m-inline.pf-m-success::before {
|
||||
background-color: #92D400;
|
||||
background-color: var(--pf-global--success-color--100);
|
||||
}
|
||||
|
||||
.pf-c-alert.pf-m-inline.pf-m-danger::before {
|
||||
background-color: #C9190B;
|
||||
background-color: var(--pf-global--danger-color--100);
|
||||
}
|
||||
|
||||
.pf-c-alert.pf-m-inline.pf-m-warning::before {
|
||||
background-color: #F0AB00;
|
||||
background-color: var(--pf-global--warning-color--100);
|
||||
}
|
||||
|
||||
.pf-c-alert.pf-m-inline .pf-c-alert__icon {
|
||||
padding: 1rem 0.5rem 1rem 1rem;
|
||||
padding: var(--pf-c-alert--m-inline__icon--PaddingTop) var(--pf-c-alert--m-inline__icon--PaddingRight) var(--pf-c-alert--m-inline__icon--PaddingBottom) var(--pf-c-alert--m-inline__icon--PaddingLeft);
|
||||
font-size: 16px;
|
||||
font-size: var(--pf-c-alert--m-inline__icon--FontSize);
|
||||
}
|
||||
|
||||
.pf-c-alert.pf-m-success .pf-c-alert__icon {
|
||||
color: #92D400;
|
||||
color: var(--pf-global--success-color--100);
|
||||
}
|
||||
|
||||
.pf-c-alert.pf-m-success .pf-c-alert__title {
|
||||
color: #486B00;
|
||||
color: var(--pf-global--success-color--200);
|
||||
}
|
||||
|
||||
.pf-c-alert.pf-m-danger .pf-c-alert__icon {
|
||||
color: #C9190B;
|
||||
color: var(--pf-global--danger-color--100);
|
||||
}
|
||||
|
||||
.pf-c-alert.pf-m-danger .pf-c-alert__title {
|
||||
color: #A30000;
|
||||
color: var(--pf-global--danger-color--200);
|
||||
}
|
||||
|
||||
.pf-c-alert.pf-m-warning .pf-c-alert__icon {
|
||||
color: #F0AB00;
|
||||
color: var(--pf-global--warning-color--100);
|
||||
}
|
||||
|
||||
.pf-c-alert.pf-m-warning .pf-c-alert__title {
|
||||
color: #795600;
|
||||
color: var(--pf-global--warning-color--200);
|
||||
}
|
||||
|
||||
.pf-c-alert__title {
|
||||
font-size: 14px; /* default - IE compatibility */
|
||||
font-size: var(--pf-global--FontSize--sm);
|
||||
padding: 5px 8px;
|
||||
padding: var(--pf-c-alert__title--PaddingTop) var(--pf-c-alert__title--PaddingRight) var(--pf-c-alert__title--PaddingBottom) var(--pf-c-alert__title--PaddingLeft);
|
||||
}
|
||||
|
||||
.pf-c-button{
|
||||
padding:0.375rem 1rem;
|
||||
padding: var(--pf-global--spacer--form-element) var(--pf-global--spacer--md);
|
||||
}
|
||||
|
||||
/* default - IE compatibility */
|
||||
.pf-m-primary {
|
||||
color: #FFFFFF;
|
||||
background-color: #0066CC;
|
||||
background-color: var(--pf-global--primary-color--100);
|
||||
}
|
||||
|
||||
/* default - IE compatibility */
|
||||
.pf-m-primary:hover {
|
||||
background-color: #004080;
|
||||
background-color: var(--pf-global--primary-color--200);
|
||||
}
|
||||
|
||||
/* default - IE compatibility */
|
||||
.pf-c-button.pf-m-control {
|
||||
border: solid 1px;
|
||||
border: solid var(--pf-global--BorderWidth--sm);
|
||||
border-color: rgba(230, 230, 230, 0.5);
|
||||
}
|
||||
/*End of IE compatibility*/
|
||||
h1#kc-page-title {
|
||||
margin-top: 10px;
|
||||
}
|
||||
|
||||
#kc-locale ul {
|
||||
background-color: #FFF;
|
||||
background-color: var(--pf-global--BackgroundColor--100);
|
||||
display: none;
|
||||
top: 20px;
|
||||
min-width: 100px;
|
||||
padding: 0;
|
||||
}
|
||||
|
||||
#kc-locale-dropdown{
|
||||
display: inline-block;
|
||||
}
|
||||
|
||||
#kc-locale-dropdown:hover ul {
|
||||
display:block;
|
||||
}
|
||||
|
||||
/* IE compatibility */
|
||||
#kc-locale-dropdown a {
|
||||
color: #6A6E73;
|
||||
color: var(--pf-global--Color--200);
|
||||
text-align: right;
|
||||
font-size: 14px;
|
||||
font-size: var(--pf-global--FontSize--sm);
|
||||
}
|
||||
|
||||
/* IE compatibility */
|
||||
a#kc-current-locale-link::after {
|
||||
content: 2c5;
|
||||
margin-left: 4px;
|
||||
margin-left: var(--pf-global--spacer--xs)
|
||||
}
|
||||
|
||||
.login-pf .container {
|
||||
padding-top: 40px;
|
||||
}
|
||||
|
||||
.login-pf a:hover {
|
||||
color: #0099d3;
|
||||
}
|
||||
|
||||
#kc-logo {
|
||||
width: 100%;
|
||||
}
|
||||
|
||||
div.kc-logo-text {
|
||||
background-image: url(../img/agdsn_logo.png);
|
||||
background-repeat: no-repeat;
|
||||
background-size: auto;
|
||||
position: relative;
|
||||
top: 0%;
|
||||
left: 25%;
|
||||
width: 950px;
|
||||
height: 250px;
|
||||
|
||||
|
||||
}
|
||||
|
||||
div.kc-logo-text span {
|
||||
display: none;
|
||||
}
|
||||
|
||||
#kc-header {
|
||||
color: #ededed;
|
||||
overflow: visible;
|
||||
white-space: nowrap;
|
||||
}
|
||||
|
||||
#kc-header-wrapper {
|
||||
font-size: 29px;
|
||||
text-transform: uppercase;
|
||||
letter-spacing: 3px;
|
||||
line-height: 1.2em;
|
||||
padding: 62px 10px 20px;
|
||||
white-space: normal;
|
||||
}
|
||||
|
||||
#kc-content {
|
||||
width: 100%;
|
||||
}
|
||||
|
||||
#kc-attempted-username {
|
||||
font-size: 20px;
|
||||
font-family: inherit;
|
||||
font-weight: normal;
|
||||
padding-right: 10px;
|
||||
}
|
||||
|
||||
#kc-username {
|
||||
text-align: center;
|
||||
margin-bottom:-10px;
|
||||
}
|
||||
|
||||
#kc-webauthn-settings-form {
|
||||
padding-top: 8px;
|
||||
}
|
||||
|
||||
#kc-form-webauthn .select-auth-box-parent {
|
||||
pointer-events: none;
|
||||
}
|
||||
|
||||
#kc-form-webauthn .select-auth-box-desc {
|
||||
color: var(--pf-global--palette--black-600);
|
||||
}
|
||||
|
||||
#kc-form-webauthn .select-auth-box-headline {
|
||||
color: var(--pf-global--Color--300);
|
||||
}
|
||||
|
||||
#kc-form-webauthn .select-auth-box-icon {
|
||||
flex: 0 0 3em;
|
||||
}
|
||||
|
||||
#kc-form-webauthn .select-auth-box-icon-properties {
|
||||
margin-top: 10px;
|
||||
font-size: 1.8em;
|
||||
}
|
||||
|
||||
#kc-form-webauthn .select-auth-box-icon-properties.unknown-transport-class {
|
||||
margin-top: 3px;
|
||||
}
|
||||
|
||||
#kc-form-webauthn .pf-l-stack__item {
|
||||
margin: -1px 0;
|
||||
}
|
||||
|
||||
#kc-content-wrapper {
|
||||
margin-top: 20px;
|
||||
}
|
||||
|
||||
#kc-form-wrapper {
|
||||
margin-top: 10px;
|
||||
}
|
||||
|
||||
#kc-info {
|
||||
margin: 20px -40px -30px;
|
||||
}
|
||||
|
||||
#kc-info-wrapper {
|
||||
font-size: 13px;
|
||||
padding: 15px 35px;
|
||||
background-color: #F0F0F0;
|
||||
}
|
||||
|
||||
#kc-form-options span {
|
||||
display: block;
|
||||
}
|
||||
|
||||
#kc-form-options .checkbox {
|
||||
margin-top: 0;
|
||||
color: #72767b;
|
||||
}
|
||||
|
||||
#kc-terms-text {
|
||||
margin-bottom: 20px;
|
||||
}
|
||||
|
||||
#kc-registration {
|
||||
margin-bottom: 0;
|
||||
}
|
||||
|
||||
/* TOTP */
|
||||
|
||||
.subtitle {
|
||||
text-align: right;
|
||||
margin-top: 30px;
|
||||
color: #909090;
|
||||
}
|
||||
|
||||
.required {
|
||||
color: #A30000; /* default - IE compatibility */
|
||||
color: var(--pf-global--danger-color--200);
|
||||
}
|
||||
|
||||
ol#kc-totp-settings {
|
||||
margin: 0;
|
||||
padding-left: 20px;
|
||||
}
|
||||
|
||||
ul#kc-totp-supported-apps {
|
||||
margin-bottom: 10px;
|
||||
}
|
||||
|
||||
#kc-totp-secret-qr-code {
|
||||
max-width:150px;
|
||||
max-height:150px;
|
||||
}
|
||||
|
||||
#kc-totp-secret-key {
|
||||
background-color: #fff;
|
||||
color: #333333;
|
||||
font-size: 16px;
|
||||
padding: 10px 0;
|
||||
}
|
||||
|
||||
/* OAuth */
|
||||
|
||||
#kc-oauth h3 {
|
||||
margin-top: 0;
|
||||
}
|
||||
|
||||
#kc-oauth ul {
|
||||
list-style: none;
|
||||
padding: 0;
|
||||
margin: 0;
|
||||
}
|
||||
|
||||
#kc-oauth ul li {
|
||||
border-top: 1px solid rgba(255, 255, 255, 0.1);
|
||||
font-size: 12px;
|
||||
padding: 10px 0;
|
||||
}
|
||||
|
||||
#kc-oauth ul li:first-of-type {
|
||||
border-top: 0;
|
||||
}
|
||||
|
||||
#kc-oauth .kc-role {
|
||||
display: inline-block;
|
||||
width: 50%;
|
||||
}
|
||||
|
||||
/* Code */
|
||||
#kc-code textarea {
|
||||
width: 100%;
|
||||
height: 8em;
|
||||
}
|
||||
|
||||
/* Social */
|
||||
.kc-social-links {
|
||||
margin-top: 20px;
|
||||
}
|
||||
|
||||
.kc-social-provider-logo {
|
||||
font-size: 23px;
|
||||
width: 30px;
|
||||
height: 25px;
|
||||
float: left;
|
||||
}
|
||||
|
||||
.kc-social-gray {
|
||||
color: #737679; /* default - IE compatibility */
|
||||
color: var(--pf-global--Color--200);
|
||||
}
|
||||
|
||||
.kc-social-item {
|
||||
margin-bottom: 0.5rem; /* default - IE compatibility */
|
||||
margin-bottom: var(--pf-global--spacer--sm);
|
||||
font-size: 15px;
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
.kc-social-provider-name {
|
||||
position: relative;
|
||||
top: 3px;
|
||||
}
|
||||
|
||||
.kc-social-icon-text {
|
||||
left: -15px;
|
||||
}
|
||||
|
||||
.kc-social-grid {
|
||||
display:grid;
|
||||
grid-column-gap: 10px;
|
||||
grid-row-gap: 5px;
|
||||
grid-column-end: span 6;
|
||||
--pf-l-grid__item--GridColumnEnd: span 6;
|
||||
}
|
||||
|
||||
.kc-social-grid .kc-social-icon-text {
|
||||
left: -10px;
|
||||
}
|
||||
|
||||
.kc-login-tooltip {
|
||||
position: relative;
|
||||
display: inline-block;
|
||||
}
|
||||
|
||||
.kc-social-section {
|
||||
text-align: center;
|
||||
}
|
||||
|
||||
.kc-social-section hr{
|
||||
margin-bottom: 10px
|
||||
}
|
||||
|
||||
.kc-login-tooltip .kc-tooltip-text{
|
||||
top:-3px;
|
||||
left:160%;
|
||||
background-color: black;
|
||||
visibility: hidden;
|
||||
color: #fff;
|
||||
|
||||
min-width:130px;
|
||||
text-align: center;
|
||||
border-radius: 2px;
|
||||
box-shadow:0 1px 8px rgba(0,0,0,0.6);
|
||||
padding: 5px;
|
||||
|
||||
position: absolute;
|
||||
opacity:0;
|
||||
transition:opacity 0.5s;
|
||||
}
|
||||
|
||||
/* Show tooltip */
|
||||
.kc-login-tooltip:hover .kc-tooltip-text {
|
||||
visibility: visible;
|
||||
opacity:0.7;
|
||||
}
|
||||
|
||||
/* Arrow for tooltip */
|
||||
.kc-login-tooltip .kc-tooltip-text::after {
|
||||
content: ;
|
||||
position: absolute;
|
||||
top: 15px;
|
||||
right: 100%;
|
||||
margin-top: -5px;
|
||||
border-width: 5px;
|
||||
border-style: solid;
|
||||
border-color: transparent black transparent transparent;
|
||||
}
|
||||
|
||||
@media (min-width: 768px) {
|
||||
#kc-container-wrapper {
|
||||
position: absolute;
|
||||
width: 100%;
|
||||
}
|
||||
|
||||
.login-pf .container {
|
||||
padding-right: 80px;
|
||||
}
|
||||
|
||||
#kc-locale {
|
||||
position: relative;
|
||||
text-align: right;
|
||||
z-index: 9999;
|
||||
}
|
||||
}
|
||||
|
||||
@media (max-width: 767px) {
|
||||
|
||||
.login-pf body {
|
||||
background: white;
|
||||
}
|
||||
|
||||
#kc-header {
|
||||
padding-left: 15px;
|
||||
padding-right: 15px;
|
||||
float: none;
|
||||
text-align: left;
|
||||
}
|
||||
|
||||
#kc-header-wrapper {
|
||||
font-size: 16px;
|
||||
font-weight: bold;
|
||||
padding: 20px 60px 0 0;
|
||||
color: #72767b;
|
||||
letter-spacing: 0;
|
||||
}
|
||||
|
||||
div.kc-logo-text {
|
||||
margin: 0;
|
||||
width: 150px;
|
||||
height: 32px;
|
||||
background-size: 100%;
|
||||
}
|
||||
|
||||
#kc-form {
|
||||
float: none;
|
||||
}
|
||||
|
||||
#kc-info-wrapper {
|
||||
border-top: 1px solid rgba(255, 255, 255, 0.1);
|
||||
background-color: transparent;
|
||||
}
|
||||
|
||||
.login-pf .container {
|
||||
padding-top: 15px;
|
||||
padding-bottom: 15px;
|
||||
}
|
||||
|
||||
#kc-locale {
|
||||
position: absolute;
|
||||
width: 200px;
|
||||
top: 20px;
|
||||
right: 20px;
|
||||
text-align: right;
|
||||
z-index: 9999;
|
||||
}
|
||||
}
|
||||
|
||||
@media (min-height: 646px) {
|
||||
#kc-container-wrapper {
|
||||
bottom: 12%;
|
||||
}
|
||||
}
|
||||
|
||||
@media (max-height: 645px) {
|
||||
#kc-container-wrapper {
|
||||
padding-top: 50px;
|
||||
top: 20%;
|
||||
}
|
||||
}
|
||||
|
||||
.card-pf form.form-actions .btn {
|
||||
float: right;
|
||||
margin-left: 10px;
|
||||
}
|
||||
|
||||
#kc-form-buttons {
|
||||
margin-top: 20px;
|
||||
}
|
||||
|
||||
.login-pf-page .login-pf-brand {
|
||||
margin-top: 20px;
|
||||
max-width: 360px;
|
||||
width: 40%;
|
||||
}
|
||||
|
||||
/* Internet Explorer 11 compatibility workaround for select-authenticator screen */
|
||||
@media all and (-ms-high-contrast: none),
|
||||
(-ms-high-contrast: active) {
|
||||
.select-auth-box-parent {
|
||||
border-top: 1px solid #f0f0f0;
|
||||
padding-top: 1rem;
|
||||
padding-bottom: 1rem;
|
||||
cursor: pointer;
|
||||
}
|
||||
|
||||
.select-auth-box-headline {
|
||||
font-size: 16px;
|
||||
color: #06c;
|
||||
font-weight: bold;
|
||||
}
|
||||
|
||||
.select-auth-box-desc {
|
||||
font-size: 14px;
|
||||
}
|
||||
|
||||
.pf-l-stack {
|
||||
flex-basis: 100%;
|
||||
}
|
||||
}
|
||||
/* End of IE11 workaround for select-authenticator screen */
|
||||
|
||||
.select-auth-box-arrow{
|
||||
display: flex;
|
||||
align-items: center;
|
||||
margin-right: 2rem;
|
||||
}
|
||||
|
||||
.select-auth-box-icon{
|
||||
display: flex;
|
||||
flex: 0 0 2em;
|
||||
justify-content: center;
|
||||
margin-right: 1rem;
|
||||
margin-left: 3rem;
|
||||
}
|
||||
|
||||
.select-auth-box-parent{
|
||||
border-top: 1px solid var(--pf-global--palette--black-200);
|
||||
padding-top: 1rem;
|
||||
padding-bottom: 1rem;
|
||||
cursor: pointer;
|
||||
}
|
||||
|
||||
.select-auth-box-parent:hover{
|
||||
background-color: #f7f8f8;
|
||||
}
|
||||
|
||||
.select-auth-container {
|
||||
}
|
||||
|
||||
.select-auth-box-headline {
|
||||
font-size: var(--pf-global--FontSize--md);
|
||||
color: var(--pf-global--primary-color--100);
|
||||
font-weight: bold;
|
||||
}
|
||||
|
||||
.select-auth-box-desc {
|
||||
font-size: var(--pf-global--FontSize--sm);
|
||||
}
|
||||
|
||||
.select-auth-box-paragraph {
|
||||
text-align: center;
|
||||
font-size: var(--pf-global--FontSize--md);
|
||||
margin-bottom: 5px;
|
||||
}
|
||||
|
||||
.card-pf {
|
||||
margin: 0 auto;
|
||||
box-shadow: var(--pf-global--BoxShadow--lg);
|
||||
padding: 0 20px;
|
||||
max-width: 500px;
|
||||
border-top: 4px solid;
|
||||
border-color: #0066CC; /* default - IE compatibility */
|
||||
border-color: var(--pf-global--primary-color--100);
|
||||
}
|
||||
|
||||
/*phone*/
|
||||
@media (max-width: 767px) {
|
||||
.login-pf-page .card-pf {
|
||||
max-width: none;
|
||||
margin-left: 0;
|
||||
margin-right: 0;
|
||||
padding-top: 0;
|
||||
border-top: 0;
|
||||
box-shadow: 0 0;
|
||||
}
|
||||
|
||||
.kc-social-grid {
|
||||
grid-column-end: 12;
|
||||
--pf-l-grid__item--GridColumnEnd: span 12;
|
||||
}
|
||||
|
||||
.kc-social-grid .kc-social-icon-text {
|
||||
left: -15px;
|
||||
}
|
||||
}
|
||||
|
||||
.login-pf-page .login-pf-signup {
|
||||
font-size: 15px;
|
||||
color: #72767b;
|
||||
}
|
||||
#kc-content-wrapper .row {
|
||||
margin-left: 0;
|
||||
margin-right: 0;
|
||||
}
|
||||
|
||||
.login-pf-page.login-pf-page-accounts {
|
||||
margin-left: auto;
|
||||
margin-right: auto;
|
||||
}
|
||||
|
||||
.login-pf-page .btn-primary {
|
||||
margin-top: 0;
|
||||
}
|
||||
|
||||
.login-pf-page .list-view-pf .list-group-item {
|
||||
border-bottom: 1px solid #ededed;
|
||||
}
|
||||
|
||||
.login-pf-page .list-view-pf-description {
|
||||
width: 100%;
|
||||
}
|
||||
|
||||
#kc-form-login div.form-group:last-of-type,
|
||||
#kc-register-form div.form-group:last-of-type,
|
||||
#kc-update-profile-form div.form-group:last-of-type {
|
||||
margin-bottom: 0px;
|
||||
}
|
||||
|
||||
.no-bottom-margin {
|
||||
margin-bottom: 0;
|
||||
}
|
||||
|
||||
#kc-back {
|
||||
margin-top: 5px;
|
||||
}
|
||||
|
||||
/* Recovery codes */
|
||||
.kc-recovery-codes-warning {
|
||||
margin-bottom: 32px;
|
||||
}
|
||||
.kc-recovery-codes-warning .pf-c-alert__description p {
|
||||
font-size: 0.875rem;
|
||||
}
|
||||
.kc-recovery-codes-list {
|
||||
list-style: none;
|
||||
columns: 2;
|
||||
margin: 16px 0;
|
||||
padding: 16px 16px 8px 16px;
|
||||
border: 1px solid #D2D2D2;
|
||||
}
|
||||
.kc-recovery-codes-list li {
|
||||
margin-bottom: 8px;
|
||||
font-size: 11px;
|
||||
}
|
||||
.kc-recovery-codes-list li span {
|
||||
color: #6A6E73;
|
||||
width: 16px;
|
||||
text-align: right;
|
||||
display: inline-block;
|
||||
margin-right: 1px;
|
||||
}
|
||||
|
||||
.kc-recovery-codes-actions {
|
||||
margin-bottom: 24px;
|
||||
}
|
||||
.kc-recovery-codes-actions button {
|
||||
padding-left: 0;
|
||||
}
|
||||
.kc-recovery-codes-actions button i {
|
||||
margin-right: 8px;
|
||||
}
|
||||
|
||||
.kc-recovery-codes-confirmation {
|
||||
align-items: baseline;
|
||||
margin-bottom: 16px;
|
||||
}
|
||||
/* End Recovery codes */
|
||||
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 1.1 MiB |
|
|
@ -1,4 +0,0 @@
|
|||
parent=keycloak
|
||||
import=common/keycloak
|
||||
|
||||
styles=css/login.css
|
||||
|
|
@ -1,90 +1,175 @@
|
|||
{ config, pkgs, ... }:
|
||||
{ config, pkgs, system, ... }:
|
||||
let
|
||||
domain = "auth.${config.networking.domain}";
|
||||
seedSettings = {
|
||||
groups = [
|
||||
{
|
||||
name = "admins";
|
||||
long_name = "Portunus Admin";
|
||||
members = [ "admin" ];
|
||||
permissions.portunus.is_admin = true;
|
||||
}
|
||||
{
|
||||
name = "search";
|
||||
long_name = "LDAP search group";
|
||||
members = [ "search" ];
|
||||
permissions.ldap.can_read = true;
|
||||
}
|
||||
{
|
||||
name = "fsr";
|
||||
long_name = "Mitglieder des iFSR";
|
||||
}
|
||||
];
|
||||
users = [
|
||||
{
|
||||
login_name = "admin";
|
||||
given_name = "admin";
|
||||
family_name = "admin";
|
||||
password.from_command = [
|
||||
"${pkgs.coreutils}/bin/cat"
|
||||
config.sops.secrets."portunus/admin-password".path
|
||||
];
|
||||
}
|
||||
{
|
||||
login_name = "search";
|
||||
given_name = "search";
|
||||
family_name = "search";
|
||||
password.from_command = [
|
||||
"${pkgs.coreutils}/bin/cat"
|
||||
config.sops.secrets."portunus/search-password".path
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
# seedSettings = {
|
||||
# groups = [
|
||||
# {
|
||||
# name = "admins";
|
||||
# long_name = "Portunus Admin";
|
||||
# members = [ "admin" ];
|
||||
# permissions.portunus.is_admin = true;
|
||||
# }
|
||||
# {
|
||||
# name = "search";
|
||||
# long_name = "LDAP search group";
|
||||
# members = [ "search" ];
|
||||
# permissions.ldap.can_read = true;
|
||||
# }
|
||||
# {
|
||||
# name = "fsr";
|
||||
# long_name = "Mitglieder des iFSR";
|
||||
# }
|
||||
# ];
|
||||
# users = [
|
||||
# {
|
||||
# login_name = "admin";
|
||||
# given_name = "admin";
|
||||
# family_name = "admin";
|
||||
# password.from_command = [
|
||||
# "${pkgs.coreutils}/bin/cat"
|
||||
# config.sops.secrets."portunus/admin-password".path
|
||||
# ];
|
||||
# }
|
||||
# {
|
||||
# login_name = "search";
|
||||
# given_name = "search";
|
||||
# family_name = "search";
|
||||
# password.from_command = [
|
||||
# "${pkgs.coreutils}/bin/cat"
|
||||
# config.sops.secrets."portunus/search-password".path
|
||||
# ];
|
||||
# }
|
||||
# ];
|
||||
# };
|
||||
in
|
||||
{
|
||||
sops.secrets = {
|
||||
"portunus/admin-password".owner = config.services.portunus.user;
|
||||
"portunus/search-password".owner = config.services.portunus.user;
|
||||
};
|
||||
# sops.secrets = {
|
||||
# "portunus/admin-password".owner = config.services.portunus.user;
|
||||
# "portunus/search-password".owner = config.services.portunus.user;
|
||||
# };
|
||||
|
||||
services.portunus = {
|
||||
# services.portunus = {
|
||||
# enable = true;
|
||||
# package = pkgs.portunus.overrideAttrs (_old: {
|
||||
# patches = [
|
||||
# ./0001-update-user-validation-regex.patch
|
||||
# ./0002-both-ldap-and-ldaps.patch
|
||||
# ./0003-gecos-ascii-escape.patch
|
||||
# ./0004-make-givenName-optional.patch
|
||||
# ];
|
||||
# doCheck = false; # posix regex related tests break
|
||||
# });
|
||||
|
||||
# inherit domain seedSettings;
|
||||
# port = 8681;
|
||||
# ldap = {
|
||||
# suffix = "dc=ifsr,dc=de";
|
||||
# searchUserName = "search";
|
||||
|
||||
# # normally disables port 389 (but not with our patch), use 636 with tls
|
||||
# # `portunus.domain` resolves to localhost
|
||||
# tls = true;
|
||||
# };
|
||||
# };
|
||||
services.openldap = {
|
||||
enable = true;
|
||||
package = pkgs.portunus.overrideAttrs (_old: {
|
||||
patches = [
|
||||
./0001-update-user-validation-regex.patch
|
||||
./0002-both-ldap-and-ldaps.patch
|
||||
./0003-gecos-ascii-escape.patch
|
||||
./0004-make-givenName-optional.patch
|
||||
];
|
||||
doCheck = false; # posix regex related tests break
|
||||
});
|
||||
urlList = [ "ldap:///" "ldaps:///" ];
|
||||
settings = {
|
||||
attrs = {
|
||||
olcLogLevel = "conns";
|
||||
|
||||
inherit domain seedSettings;
|
||||
port = 8681;
|
||||
ldap = {
|
||||
suffix = "dc=ifsr,dc=de";
|
||||
searchUserName = "search";
|
||||
olcTLSCACertificateFile = "/var/lib/acme/${domain}/full.pem";
|
||||
olcTLSCertificateFile = "/var/lib/acme/${domain}/cert.pem";
|
||||
olcTLSCertificateKeyFile = "/var/lib/acme/${domain}/key.pem";
|
||||
# olcTLSCipherSuite = "HIGH:MEDIUM:+3DES:+RC4:+aNULL";
|
||||
olcTLSCRLCheck = "none";
|
||||
olcTLSVerifyClient = "never";
|
||||
olcTLSProtocolMin = "3.1";
|
||||
|
||||
# normally disables port 389 (but not with our patch), use 636 with tls
|
||||
# `portunus.domain` resolves to localhost
|
||||
tls = true;
|
||||
};
|
||||
children = {
|
||||
"cn=schema".includes = [
|
||||
"${pkgs.openldap}/etc/schema/core.ldif"
|
||||
# attributetype ( 9999.1.1 NAME 'isMemberOf'
|
||||
# DESC 'back-reference to groups this user is a member of'
|
||||
# SUP distinguishedName )
|
||||
"${pkgs.openldap}/etc/schema/cosine.ldif"
|
||||
"${pkgs.openldap}/etc/schema/inetorgperson.ldif"
|
||||
"${pkgs.openldap}/etc/schema/nis.ldif"
|
||||
# "${pkgs.writeText "openssh.schema" ''
|
||||
# attributetype ( 9999.1.2 NAME 'sshPublicKey'
|
||||
# DESC 'SSH public key used by this user'
|
||||
# SUP name )
|
||||
# ''}"
|
||||
];
|
||||
|
||||
"olcDatabase={1}mdb" = {
|
||||
attrs = {
|
||||
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
|
||||
|
||||
olcDatabase = "{1}mdb";
|
||||
olcDbDirectory = "/var/lib/openldap/data";
|
||||
|
||||
olcSuffix = "dc=ifsr,dc=de";
|
||||
|
||||
/* your admin account, do not use writeText on a production system */
|
||||
olcRootDN = "cn=portunus,dc=ifsr,dc=de";
|
||||
olcRootPW = "{CRYPT}$y$j9T$xdf4HigfhmQWXn.bw9MgH/$91evhYAV1GP7olNCkQoCpUZrghh5P8dDXcZdAtpiD32";
|
||||
|
||||
olcAccess = [
|
||||
/* custom access rules for userPassword attributes */
|
||||
''{0}to attrs=userPassword
|
||||
by self write
|
||||
by anonymous auth
|
||||
by * none''
|
||||
|
||||
/* allow read on anything else */
|
||||
''{1}to *
|
||||
by dn.base="cn=portunus,dc=ifsr,dc=de" write
|
||||
by group.exact="cn=portunus-viewers,dc=ifsr,dc=de" read
|
||||
by self read
|
||||
by anonymous auth
|
||||
''
|
||||
];
|
||||
};
|
||||
children = {
|
||||
"olcOverlay={2}memberof".attrs = {
|
||||
objectClass = [ "olcOverlayConfig" "olcMemberOf" "top" ];
|
||||
olcOverlay = "{2}memberof";
|
||||
olcMemberOfRefInt = "TRUE";
|
||||
olcMemberOfDangling = "ignore";
|
||||
olcMemberOfGroupOC = "groupOfNames";
|
||||
olcMemberOfMemberAD = "member";
|
||||
olcMemberOfMemberOfAD = "memberOf";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.openldap = {
|
||||
wants = [ "acme-${domain}.service" ];
|
||||
after = [ "acme-${domain}.service" ];
|
||||
};
|
||||
# security.acme.defaults.group = "certs";
|
||||
# users.groups.certs.members = [ "openldap" ];
|
||||
# certificate permissions
|
||||
users.users.openldap.extraGroups = [ "nginx" ];
|
||||
|
||||
security.pam.services.sshd.makeHomeDir = true;
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts."${config.services.portunus.domain}" = {
|
||||
locations = {
|
||||
"/".proxyPass = "http://localhost:${toString config.services.portunus.port}";
|
||||
};
|
||||
virtualHosts."${domain}" = {
|
||||
# locations = {
|
||||
# "/".proxyPass = "http://localhost:${toString config.services.portunus.port}";
|
||||
# };
|
||||
};
|
||||
};
|
||||
networking.firewall = {
|
||||
extraInputRules = ''
|
||||
ip saddr { 141.30.86.192/26, 141.76.100.128/25, 10.88.0.1/16 } tcp dport 636 accept comment "Allow ldaps access from office nets and podman"
|
||||
ip saddr { 141.30.86.192/26, 141.30.30.169, 10.88.0.1/16 } tcp dport 636 accept comment "Allow ldaps access from office nets and podman"
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -44,9 +44,11 @@ in
|
|||
# hostname used in helo command. It is recommended to have this match the reverse dns entry
|
||||
smtp_helo_name = config.networking.rDNS;
|
||||
smtpd_banner = "${config.networking.rDNS} ESMTP $mail_name";
|
||||
smtp_tls_security_level = "may";
|
||||
smtpd_tls_security_level = "may";
|
||||
smtpd_tls_auth_only = true;
|
||||
smtp_use_tls = true;
|
||||
# smtp_tls_security_level = "encrypt";
|
||||
smtpd_use_tls = true;
|
||||
# smtpd_tls_security_level = lib.mkForce "encrypt";
|
||||
# smtpd_tls_auth_only = true;
|
||||
smtpd_tls_protocols = [
|
||||
"!SSLv2"
|
||||
"!SSLv3"
|
||||
|
|
|
|||
|
|
@ -141,26 +141,22 @@ in
|
|||
filter = "email:domain";
|
||||
map = "/var/lib/rspamd/whitelist.sender.domain.map";
|
||||
action = "accept";
|
||||
regexp = true;
|
||||
}
|
||||
WHITELIST_SENDER_EMAIL {
|
||||
type = "from";
|
||||
map = "/var/lib/rspamd/whitelist.sender.email.map";
|
||||
action = "accept";
|
||||
regexp = true;
|
||||
}
|
||||
BLACKLIST_SENDER_DOMAIN {
|
||||
type = "from";
|
||||
filter = "email:domain";
|
||||
map = "/var/lib/rspamd/blacklist.sender.domain.map";
|
||||
action = "reject";
|
||||
regexp = true;
|
||||
}
|
||||
BLACKLIST_SENDER_EMAIL {
|
||||
type = "from";
|
||||
map = "/var/lib/rspamd/blacklist.sender.email.map";
|
||||
action = "reject";
|
||||
regexp = true;
|
||||
}
|
||||
BLACKLIST_SUBJECT_KEYWORDS {
|
||||
type = "header";
|
||||
|
|
@ -193,11 +189,6 @@ in
|
|||
"/" = {
|
||||
proxyPass = "http://127.0.0.1:11334";
|
||||
proxyWebsockets = true;
|
||||
extraConfig = ''
|
||||
allow 141.30.0.0/16;
|
||||
allow 141.76.0.0/16;
|
||||
deny all;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -27,9 +27,6 @@ in
|
|||
key = "portunus/search-password";
|
||||
owner = config.systemd.services.matrix-synapse.serviceConfig.User;
|
||||
};
|
||||
nixpkgs.config.permittedInsecurePackages = [
|
||||
"olm-3.2.16"
|
||||
];
|
||||
|
||||
services = {
|
||||
postgresql = {
|
||||
|
|
@ -99,22 +96,21 @@ in
|
|||
extraConfigFiles = [
|
||||
(pkgs.writeTextFile {
|
||||
name = "matrix-synapse-extra-config.yml";
|
||||
text = let portunus = config.services.portunus; in
|
||||
''
|
||||
modules:
|
||||
- module: ldap_auth_provider.LdapAuthProviderModule
|
||||
config:
|
||||
enabled: true
|
||||
uri: ldap://localhost
|
||||
base: ou=users,${portunus.ldap.suffix}
|
||||
# taken from kaki config
|
||||
attributes:
|
||||
uid: uid
|
||||
mail: uid
|
||||
name: cn
|
||||
bind_dn: uid=search,ou=users,${portunus.ldap.suffix}
|
||||
bind_password_file: ${config.sops.secrets.matrix_ldap_search.path}
|
||||
'';
|
||||
text = ''
|
||||
modules:
|
||||
- module: ldap_auth_provider.LdapAuthProviderModule
|
||||
config:
|
||||
enabled: true
|
||||
uri: ldap://localhost
|
||||
base: ou=users,dc=ifsr,dc=de
|
||||
# taken from kaki config
|
||||
attributes:
|
||||
uid: uid
|
||||
mail: uid
|
||||
name: cn
|
||||
bind_dn: uid=search,ou=users,dc=ifsr,dc=de
|
||||
bind_password_file: ${config.sops.secrets.matrix_ldap_search.path}
|
||||
'';
|
||||
})
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -37,8 +37,12 @@ in
|
|||
token_url = "https://sso.ifsr.de/realms/internal/protocol/openid-connect/token";
|
||||
api_url = "https://sso.ifsr.de/realms/internal/protocol/openid-connect/userinfo";
|
||||
role_attribute_path = "contains(roles[*], 'admin') && 'Admin' || contains(roles[*], 'editor') && 'Editor' || 'Viewer'";
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
|
||||
};
|
||||
|
||||
services.postgresql = {
|
||||
|
|
@ -61,6 +65,10 @@ in
|
|||
enabledCollectors = [ "systemd" ];
|
||||
port = 9002;
|
||||
};
|
||||
postfix = {
|
||||
enable = true;
|
||||
port = 9003;
|
||||
};
|
||||
};
|
||||
scrapeConfigs = [
|
||||
{
|
||||
|
|
@ -70,6 +78,13 @@ in
|
|||
}];
|
||||
scrape_interval = "15s";
|
||||
}
|
||||
{
|
||||
job_name = "postfix";
|
||||
static_configs = [{
|
||||
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.postfix.port}" ];
|
||||
}];
|
||||
# scrape_interval = "60s";
|
||||
}
|
||||
{
|
||||
job_name = "rspamd";
|
||||
static_configs = [{
|
||||
|
|
@ -77,13 +92,6 @@ in
|
|||
}];
|
||||
scrape_interval = "15s";
|
||||
}
|
||||
{
|
||||
job_name = "fabric";
|
||||
static_configs = [{
|
||||
targets = [ "127.0.0.1:25585" ];
|
||||
}];
|
||||
scrape_interval = "60s";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
|
|
@ -15,7 +15,7 @@ in
|
|||
nextcloud = {
|
||||
enable = true;
|
||||
configureRedis = true;
|
||||
package = pkgs.nextcloud30;
|
||||
package = pkgs.nextcloud29;
|
||||
hostName = domain;
|
||||
https = true; # Use https for all urls
|
||||
phpExtraExtensions = all: [
|
||||
|
|
@ -59,7 +59,7 @@ in
|
|||
occ = lib.getExe config.services.nextcloud.occ;
|
||||
ldapConfig = rec {
|
||||
ldapAgentName = "uid=search,ou=users,${ldapBase}";
|
||||
ldapBase = config.services.portunus.ldap.suffix;
|
||||
ldapBase = "dc=ifsr,dc=de";
|
||||
ldapBaseGroups = "ou=groups,${ldapBase}";
|
||||
ldapBaseUsers = "ou=users,${ldapBase}";
|
||||
ldapConfigurationActive = "1";
|
||||
|
|
|
|||
|
|
@ -43,7 +43,6 @@ in
|
|||
'';
|
||||
};
|
||||
"/vendor".return = "403";
|
||||
"/.git".return = "403";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -11,7 +11,5 @@
|
|||
./sharepic.nix
|
||||
./userdir.nix
|
||||
./ftp.nix
|
||||
./hyperilo.nix
|
||||
./notenrechner.nix
|
||||
];
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,33 +1,80 @@
|
|||
{ config, pkgs, ... }:
|
||||
let
|
||||
domain = "ese.${config.networking.domain}";
|
||||
webRoot = "/srv/web/ese";
|
||||
cms-domain = "directus-ese.${config.networking.domain}";
|
||||
in
|
||||
{
|
||||
sops.secrets."directus_env" = { };
|
||||
environment.systemPackages = [ pkgs.nodejs_22 ];
|
||||
virtualisation.oci-containers = {
|
||||
containers.directus-ese = {
|
||||
image = "directus/directus:latest";
|
||||
volumes = [
|
||||
"/srv/web/directus-ese/uploads:/directus/uploads"
|
||||
"/srv/web/directus-ese/database:/directus/database"
|
||||
];
|
||||
extraOptions = [ "--network=host" ];
|
||||
environment = {
|
||||
"DB_CLIENT" = "pg";
|
||||
"DB_HOST" = "localhost";
|
||||
"DB_PORT" = "5432";
|
||||
"DB_DATABASE" = "directus_ese";
|
||||
"DB_USER" = "directus_ese";
|
||||
"PUBLIC_URL" = "https://directus-ese.ifsr.de";
|
||||
"AUTH_PROVIDERS" = "keycloak";
|
||||
"AUTH_KEYCLOAK_DRIVER" = "openid";
|
||||
"AUTH_KEYCLOAK_CLIENT_ID" = "directus-ese";
|
||||
"AUTH_KEYCLOAK_ISSUER_URL" = "https://sso.ifsr.de/realms/internal/.well-known/openid-configuration";
|
||||
"AUTH_KEYCLOAK_IDENTIFIER_KEY" = "email";
|
||||
"AUTH_KEYCLOAK_ALLOW_PUBLIC_REGISTRATION" = "true";
|
||||
"AUTH_KEYCLOAK_DEFAULT_ROLE_ID" = "a6b7a1b6-a6fa-442c-87fd-e37c2a16424b";
|
||||
};
|
||||
environmentFiles = [
|
||||
config.sops.secrets."directus_env".path
|
||||
];
|
||||
|
||||
};
|
||||
};
|
||||
services.postgresql = {
|
||||
enable = true;
|
||||
ensureUsers = [
|
||||
{
|
||||
name = "directus_ese";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
ensureDatabases = [ "directus_ese" ];
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts."${cms-domain}" = {
|
||||
locations."/" = {
|
||||
extraConfig = ''
|
||||
if ($request_method = 'OPTIONS') {
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
|
||||
add_header 'Access-Control-Max-Age' 1728000;
|
||||
add_header 'Content-Type' 'text/plain; charset=utf-8';
|
||||
add_header 'Content-Length' 0;
|
||||
return 204;
|
||||
}
|
||||
|
||||
add_header 'Access-Control-Allow-Origin' '*';
|
||||
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
|
||||
add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization';
|
||||
'';
|
||||
proxyPass = "http://127.0.0.1:8055";
|
||||
};
|
||||
};
|
||||
virtualHosts."${domain}" = {
|
||||
locations."= /" = {
|
||||
return = "302 /2025/";
|
||||
return = "301 /2024/";
|
||||
};
|
||||
locations."/" = {
|
||||
root = webRoot;
|
||||
root = "/srv/web/ese/served";
|
||||
tryFiles = "$uri $uri/ =404";
|
||||
};
|
||||
# cache static assets
|
||||
locations."~* \.(?:css|svg|webp|jpg|jpeg|gif|png|ico|mp4|mp3|ogg|ogv|webm|ttf|woff2|woff)$" = {
|
||||
root = webRoot;
|
||||
extraConfig = ''
|
||||
expires 1y;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
users.users."ese-deploy" = {
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
''command="${pkgs.rrsync}/bin/rrsync ${webRoot}",restrict ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEWGdTdobZN2oSLsTQmHOahdc9vqyuwUBS0PSk5IQhGV''
|
||||
];
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,7 +11,6 @@ in
|
|||
fancyindex_exact_size off;
|
||||
error_page 403 /403.html;
|
||||
fancyindex_localtime on;
|
||||
charset utf-8;
|
||||
'';
|
||||
locations."~/(klausuren|uebungen|skripte|abschlussarbeiten)".extraConfig = ''
|
||||
allow 141.30.0.0/16;
|
||||
|
|
@ -23,137 +22,15 @@ in
|
|||
'';
|
||||
locations."=/403.html" = {
|
||||
root = pkgs.writeTextDir "403.html" ''
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>403 Forbidden - iFSR</title>
|
||||
<style>
|
||||
body {
|
||||
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "Helvetica Neue", Arial, sans-serif;
|
||||
background-color: #f8f9fa;
|
||||
margin: 0;
|
||||
padding: 1rem;
|
||||
min-height: 100vh;
|
||||
display: flex;
|
||||
align-items: center;
|
||||
justify-content: center;
|
||||
}
|
||||
.container {
|
||||
background: white;
|
||||
padding: 2rem;
|
||||
border-radius: 12px;
|
||||
box-shadow: 0 2px 15px rgba(0, 0, 0, 0.1);
|
||||
text-align: center;
|
||||
max-width: 600px;
|
||||
width: 100%;
|
||||
}
|
||||
.error-code {
|
||||
font-size: 3.5rem;
|
||||
font-weight: bold;
|
||||
color: #dc3545;
|
||||
margin: 0;
|
||||
line-height: 1;
|
||||
}
|
||||
.error-title {
|
||||
font-size: 1.5rem;
|
||||
color: #343a40;
|
||||
margin: 1rem 0;
|
||||
}
|
||||
.error-message {
|
||||
color: #495057;
|
||||
margin: 1rem 0;
|
||||
line-height: 1.6;
|
||||
}
|
||||
.language-section {
|
||||
padding: 1.5rem;
|
||||
margin: 1rem 0;
|
||||
background: #f8f9fa;
|
||||
border-radius: 8px;
|
||||
text-align: left;
|
||||
}
|
||||
.language-header {
|
||||
display: flex;
|
||||
align-items: center;
|
||||
gap: 0.5rem;
|
||||
font-weight: bold;
|
||||
margin-bottom: 1rem;
|
||||
color: #343a40;
|
||||
}
|
||||
.help-list {
|
||||
margin: 0;
|
||||
padding-left: 1.2rem;
|
||||
list-style-type: none;
|
||||
}
|
||||
.help-list li {
|
||||
margin: 0.5rem 0;
|
||||
position: relative;
|
||||
}
|
||||
.help-list li:before {
|
||||
content: "•";
|
||||
position: absolute;
|
||||
left: -1.2rem;
|
||||
color: #6c757d;
|
||||
}
|
||||
.logo {
|
||||
width: 180px;
|
||||
height: auto;
|
||||
margin-bottom: 1.5rem;
|
||||
}
|
||||
@media (max-width: 480px) {
|
||||
.container {
|
||||
padding: 1.5rem;
|
||||
}
|
||||
.language-section {
|
||||
padding: 1rem;
|
||||
margin: 0.5rem 0;
|
||||
}
|
||||
.error-code {
|
||||
font-size: 3rem;
|
||||
}
|
||||
.error-title {
|
||||
font-size: 1.25rem;
|
||||
}
|
||||
.logo {
|
||||
width: 150px;
|
||||
}
|
||||
}
|
||||
</style>
|
||||
</head>
|
||||
<body>
|
||||
<div class="container">
|
||||
<img src="https://ifsr.de/user/themes/ifsr/images/logo.svg" alt="iFSR Logo" class="logo">
|
||||
<h1 class="error-code">403</h1>
|
||||
<h2 class="error-title">Zugriff verweigert / Access Forbidden</h2>
|
||||
|
||||
<div class="language-section">
|
||||
<div class="language-header">
|
||||
🇩🇪 Deutsch
|
||||
</div>
|
||||
<p class="error-message">
|
||||
Dieser Ordner ist nur aus dem Uni-Netz zugänglich.
|
||||
</p>
|
||||
<ul class="help-list">
|
||||
<li>Stellen Sie sicher, dass Sie mit dem TUD-Netzwerk verbunden sind</li>
|
||||
<li>Oder wählen Sie sich über VPN ein</li>
|
||||
</ul>
|
||||
</div>
|
||||
|
||||
<div class="language-section">
|
||||
<div class="language-header">
|
||||
🇬🇧 English
|
||||
</div>
|
||||
<p class="error-message">
|
||||
This directory is only accessible from the TUD network.
|
||||
</p>
|
||||
<ul class="help-list">
|
||||
<li>Make sure you are connected to the TUD network</li>
|
||||
<li>Or connect via VPN</li>
|
||||
</ul>
|
||||
</div>
|
||||
</div>
|
||||
</body>
|
||||
<head>
|
||||
<title>403 Forbidden</title>
|
||||
</head>
|
||||
<body>
|
||||
<center><h1>403 Forbidden</h1></center>
|
||||
<center>Dieser Ordner ist nur aus dem Uni-Netz zugänglich.</center>
|
||||
<center>This directory is only accessible from the TUD network.</center>
|
||||
</body>
|
||||
</html>
|
||||
'';
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,35 +0,0 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
# provide access to iLO of colocated server
|
||||
# in case of questions, contact @bennofs
|
||||
services.nginx.virtualHosts."hyperilo.deutschland.gmbh" = {
|
||||
forceSSL = true;
|
||||
locations."/".proxyPass = "https://192.168.0.120:443";
|
||||
locations."/".basicAuthFile = "/run/secrets/hyperilo_htaccess";
|
||||
locations."/".extraConfig = ''
|
||||
proxy_ssl_verify off;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection $connection_upgrade_capitalized;
|
||||
proxy_set_header Authorization ""; # drop the basic auth headers, otherwise remote console doesn't work
|
||||
'';
|
||||
};
|
||||
|
||||
# HP iLO requires uppercase Upgrade, not lowercase "upgrade"
|
||||
services.nginx.commonHttpConfig = ''
|
||||
map $http_upgrade $connection_upgrade_capitalized {
|
||||
default Upgrade;
|
||||
''' close;
|
||||
}
|
||||
'';
|
||||
|
||||
systemd.network.networks."20-hyperilo" = {
|
||||
matchConfig.Name = "eno8303";
|
||||
address = [ "192.168.0.1/24" ];
|
||||
networkConfig.LLDP = true;
|
||||
networkConfig.EmitLLDP = "nearest-bridge";
|
||||
};
|
||||
|
||||
sops.secrets."hyperilo_htaccess".owner = "nginx";
|
||||
}
|
||||
|
|
@ -60,7 +60,6 @@ in
|
|||
"~ ^/cmd(/?[^\\n|\\r]*)$".return = "301 https://pad.ifsr.de$1";
|
||||
"/bbb".return = "301 https://bbb.tu-dresden.de/b/fsr-58o-tmf-yy6";
|
||||
"/kpp".return = "301 https://kpp.ifsr.de";
|
||||
"/mese".return = "301 https://ifsr.de/news/mese-and-welcome-back";
|
||||
"/sso".return = "301 https://sso.ifsr.de/realms/internal/account";
|
||||
# security
|
||||
"~* /(\.git|cache|bin|logs|backup|tests)/.*$".return = "403";
|
||||
|
|
|
|||
|
|
@ -1,9 +0,0 @@
|
|||
{ config, specialArgs, ... }:
|
||||
let
|
||||
domain = "notenrechner.${config.networking.domain}";
|
||||
in
|
||||
{
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
root = specialArgs.notenrechner.packages."x86_64-linux".default;
|
||||
};
|
||||
}
|
||||
|
|
@ -1,14 +1,60 @@
|
|||
{ pkgs, config, ... }:
|
||||
{ pkgs, config, lib, ... }:
|
||||
let
|
||||
domain = "sharepic.${config.networking.domain}";
|
||||
user = "sharepic";
|
||||
group = "sharepic";
|
||||
in
|
||||
{
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
root = pkgs.fetchFromGitHub {
|
||||
owner = "jannikmenzel";
|
||||
repo = "iFSR-Sharepicgenerator";
|
||||
rev = "ac721d5fff2dba1f046939a6d6532b1a8cfceba8";
|
||||
hash = "sha256-of+N58TDt2BcbDVEriKn6rjQVl0GdV4ZMEblrdUutZk=";
|
||||
users.users.${user} = {
|
||||
group = group;
|
||||
isSystemUser = true;
|
||||
};
|
||||
users.groups.${group} = { };
|
||||
|
||||
services.phpfpm.pools.sharepic = {
|
||||
user = "sharepic";
|
||||
group = "sharepic";
|
||||
settings = {
|
||||
"listen.owner" = config.services.nginx.user;
|
||||
"pm" = "dynamic";
|
||||
"pm.max_children" = 32;
|
||||
"pm.max_requests" = 500;
|
||||
"pm.start_servers" = 2;
|
||||
"pm.min_spare_servers" = 2;
|
||||
"pm.max_spare_servers" = 5;
|
||||
"php_admin_value[error_log]" = "stderr";
|
||||
"php_admin_flag[log_errors]" = true;
|
||||
"catch_workers_output" = true;
|
||||
};
|
||||
phpEnv."PATH" = lib.makeBinPath [ pkgs.php ];
|
||||
};
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
|
||||
virtualHosts."${domain}" = {
|
||||
root = "/srv/web/sharepic";
|
||||
extraConfig = ''
|
||||
index index.php index.html;
|
||||
'';
|
||||
|
||||
locations = {
|
||||
"/" = {
|
||||
tryFiles = "$uri $uri/ =404";
|
||||
};
|
||||
"~ \.php$" = {
|
||||
extraConfig = ''
|
||||
try_files $uri =404;
|
||||
fastcgi_pass unix:${config.services.phpfpm.pools.sharepic.socket};
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_index index.php;
|
||||
include ${pkgs.nginx}/conf/fastcgi_params;
|
||||
include ${pkgs.nginx}/conf/fastcgi.conf;
|
||||
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
|
||||
'';
|
||||
};
|
||||
"/data".return = "403";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,9 +6,6 @@ let
|
|||
in
|
||||
{
|
||||
|
||||
system.activationScripts.hacky-mediawiki-convert = ''
|
||||
cp ${pkgs.imagemagick}/bin/convert /srv/web/wiki.ese/convert
|
||||
'';
|
||||
users.users.${user} = {
|
||||
group = group;
|
||||
isSystemUser = true;
|
||||
|
|
|
|||
|
|
@ -38,7 +38,6 @@ in
|
|||
};
|
||||
|
||||
extraConfig = ''
|
||||
wfLoadSkin( 'MinervaNeue' );
|
||||
$wgSitename = "FSR Wiki";
|
||||
$wgArticlePath = '/$1';
|
||||
|
||||
|
|
@ -58,7 +57,6 @@ in
|
|||
$wgUseAjax = true;
|
||||
$wgEnableMWSuggest = true;
|
||||
$wgDefaultSkin = 'timeless';
|
||||
$wgDefaultMobileSkin = 'minerva';
|
||||
|
||||
//TODO what about $wgUpgradeKey ?
|
||||
|
||||
|
|
@ -66,8 +64,7 @@ in
|
|||
# https://www.mediawiki.org/wiki/Extension:PluggableAuth
|
||||
# https://www.mediawiki.org/wiki/Extension:OpenID_Connect
|
||||
$wgOpenIDConnect_MigrateUsersByEmail = true;
|
||||
//$wgOpenIDConnect_MigrateUsersByUserName = true;
|
||||
$wgPluggableAuth_EnableLocalLogin = false;
|
||||
$wgPluggableAuth_EnableLocalLogin = true;
|
||||
$wgPluggableAuth_Config["iFSR Login"] = [
|
||||
"plugin" => "OpenIDConnect",
|
||||
"data" => [
|
||||
|
|
@ -77,22 +74,23 @@ in
|
|||
],
|
||||
];
|
||||
'';
|
||||
|
||||
extensions = {
|
||||
# some extensions are included and can enabled by passing null
|
||||
VisualEditor = null;
|
||||
# the dir in the mediawiki-1.42.3.tar.gz inside of the extension folder is called "SyntaxHighlight_GeSHi" not "SyntaxHighlight"
|
||||
SyntaxHighlight_GeSHi = null;
|
||||
MobileFrontend = pkgs.fetchzip {
|
||||
url = "https://extdist.wmflabs.org/dist/extensions/MobileFrontend-REL1_43-3b4cac8.tar.gz";
|
||||
hash = "sha256-aJOArZl+oO/ADjxIhlFVGS8hGmpSp6nsgC7XkKEk1Ks=";
|
||||
};
|
||||
PluggableAuth = pkgs.fetchzip {
|
||||
url = "https://extdist.wmflabs.org/dist/extensions/PluggableAuth-REL1_42-1da98f4.tar.gz";
|
||||
hash = "sha256-5uBUy7lrr86ApASYPWgF6Wa09mxxP0o+lXLt1gVswlA=";
|
||||
url = "https://extdist.wmflabs.org/dist/extensions/PluggableAuth-REL1_40-3689731.tar.gz";
|
||||
hash = "sha256-BMA0qV+x+iQt/P9tbl9csEUni9jiQcBtZeuwdjx2QPk=";
|
||||
};
|
||||
OpenIDConnect = pkgs.fetchzip {
|
||||
url = "https://extdist.wmflabs.org/dist/extensions/OpenIDConnect-REL1_42-6c28c16.tar.gz";
|
||||
hash = "sha256-X5kUuvxINbuXaLMKRcLOl2L3qbnMT72lg2NA3A9Daj8=";
|
||||
url = "https://extdist.wmflabs.org/dist/extensions/OpenIDConnect-REL1_40-b354cdb.tar.gz";
|
||||
hash = "sha256-gLHaveEzfmpqU9fWATZsUU377FJj2yq//raHZUR/VWk=";
|
||||
};
|
||||
VisualEditor = pkgs.fetchzip {
|
||||
url = "https://extdist.wmflabs.org/dist/extensions/VisualEditor-REL1_40-8970b62.tar.gz";
|
||||
hash = "sha256-G+qvKVuF6OCnwS5q2cKfij1/aH1I6lOw84K6fED980s=";
|
||||
};
|
||||
SyntaxHighlight = pkgs.fetchzip {
|
||||
url = "https://extdist.wmflabs.org/dist/extensions/SyntaxHighlight_GeSHi-REL1_40-1170e8f.tar.gz";
|
||||
hash = "sha256-75+wwTvHhwPBP1jVLK2fQWBi7vznOvPVgNpY3kzWJtg=";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,8 +1,7 @@
|
|||
_final: prev:
|
||||
let
|
||||
inherit (prev) fetchurl;
|
||||
inherit (prev) fetchpatch;
|
||||
inherit (prev) callPackage;
|
||||
inherit (prev) fetchFromGitHub;
|
||||
in
|
||||
{
|
||||
# AGDSN is running an outdated version that we have to comply to
|
||||
|
|
@ -13,32 +12,17 @@ in
|
|||
sha256 = "sha256-3w+FJezbo4DnS1N8pxrfO3WWWT8CGJtZqw6//IXMyN4=";
|
||||
};
|
||||
}));
|
||||
# Mailman internal server error fix
|
||||
# https://gitlab.com/mailman/mailman/-/issues/1137
|
||||
# https://github.com/NixOS/nixpkgs/pull/321136
|
||||
pythonPackagesExtensions = prev.pythonPackagesExtensions ++ [
|
||||
(_python-final: python-prev: {
|
||||
readme-renderer = python-prev.readme-renderer.overridePythonAttrs (_oldAttrs: {
|
||||
propagatedBuildInputs = [ python-prev.cmarkgfm ];
|
||||
});
|
||||
})
|
||||
];
|
||||
|
||||
keycloak_ifsr_theme = callPackage ../modules/keycloak/theme.nix { };
|
||||
portunus = callPackage ./portunus.nix { };
|
||||
mediawiki = (prev.mediawiki.overrideAttrs (_old: rec {
|
||||
version = "1.43.0";
|
||||
|
||||
src = fetchurl {
|
||||
url = "https://releases.wikimedia.org/mediawiki/${prev.lib.versions.majorMinor version}/mediawiki-${version}.tar.gz";
|
||||
hash = "sha256-VuCn/i/3jlC5yHs9WJ8tjfW8qwAY5FSypKI5yFhr2O4=";
|
||||
};
|
||||
|
||||
}));
|
||||
|
||||
hedgedoc = prev.hedgedoc.overrideAttrs ({ patches ? [ ], ... }: {
|
||||
patches = patches ++ [
|
||||
./hedgedoc/0001-anonymous-uploads.patch
|
||||
# (hopefully) fix systemd journal reading
|
||||
prometheus-postfix-exporter = prev.prometheus-postfix-exporter.overrideAttrs (_old: {
|
||||
patches = [
|
||||
./prometheus-postfix-exporter/0001-cleanup-also-catch-milter-reject.patch
|
||||
];
|
||||
src = fetchFromGitHub {
|
||||
owner = "adangel";
|
||||
repo = "postfix_exporter";
|
||||
rev = "414ac12ee63415eede46cb3084d755a6da6fba23";
|
||||
hash = "sha256-m1kVaO3N7XC1vtnxXX9kMiEFPmZuoopRUYgA7gQzP8w=";
|
||||
};
|
||||
});
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,62 +0,0 @@
|
|||
diff --git a/app.js b/app.js
|
||||
index d41dbfbd7..faf686cfa 100644
|
||||
--- a/app.js
|
||||
+++ b/app.js
|
||||
@@ -203,6 +203,7 @@ app.locals.serverURL = config.serverURL
|
||||
app.locals.sourceURL = config.sourceURL
|
||||
app.locals.allowAnonymous = config.allowAnonymous
|
||||
app.locals.allowAnonymousEdits = config.allowAnonymousEdits
|
||||
+app.locals.allowAnonymousUploads = config.allowAnonymousUploads
|
||||
app.locals.disableNoteCreation = config.disableNoteCreation
|
||||
app.locals.authProviders = {
|
||||
facebook: config.isFacebookEnable,
|
||||
diff --git a/lib/config/default.js b/lib/config/default.js
|
||||
index d038e5311..9ab9a6bb1 100644
|
||||
--- a/lib/config/default.js
|
||||
+++ b/lib/config/default.js
|
||||
@@ -33,6 +33,7 @@ module.exports = {
|
||||
protocolUseSSL: false,
|
||||
allowAnonymous: true,
|
||||
allowAnonymousEdits: false,
|
||||
+ allowAnonymousUploads: false,
|
||||
allowFreeURL: false,
|
||||
requireFreeURLAuthentication: false,
|
||||
disableNoteCreation: false,
|
||||
diff --git a/lib/config/environment.js b/lib/config/environment.js
|
||||
index da50a660d..b74d122f4 100644
|
||||
--- a/lib/config/environment.js
|
||||
+++ b/lib/config/environment.js
|
||||
@@ -31,6 +31,7 @@ module.exports = {
|
||||
allowOrigin: toArrayConfig(process.env.CMD_ALLOW_ORIGIN),
|
||||
allowAnonymous: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS),
|
||||
allowAnonymousEdits: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_EDITS),
|
||||
+ allowAnonymousUploads: toBooleanConfig(process.env.CMD_ALLOW_ANONYMOUS_UPLOADS),
|
||||
allowFreeURL: toBooleanConfig(process.env.CMD_ALLOW_FREEURL),
|
||||
requireFreeURLAuthentication: toBooleanConfig(process.env.CMD_REQUIRE_FREEURL_AUTHENTICATION),
|
||||
disableNoteCreation: toBooleanConfig(process.env.CMD_DISABLE_NOTE_CREATION),
|
||||
diff --git a/lib/config/hackmdEnvironment.js b/lib/config/hackmdEnvironment.js
|
||||
index c40ffc961..20c2da83b 100644
|
||||
--- a/lib/config/hackmdEnvironment.js
|
||||
+++ b/lib/config/hackmdEnvironment.js
|
||||
@@ -22,6 +22,7 @@ module.exports = {
|
||||
allowOrigin: toArrayConfig(process.env.HMD_ALLOW_ORIGIN),
|
||||
allowAnonymous: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS),
|
||||
allowAnonymousEdits: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS_EDITS),
|
||||
+ allowAnonymousUploads: toBooleanConfig(process.env.HMD_ALLOW_ANONYMOUS_UPLOADS),
|
||||
allowFreeURL: toBooleanConfig(process.env.HMD_ALLOW_FREEURL),
|
||||
defaultPermission: process.env.HMD_DEFAULT_PERMISSION,
|
||||
dbURL: process.env.HMD_DB_URL,
|
||||
diff --git a/lib/web/imageRouter/index.js b/lib/web/imageRouter/index.js
|
||||
index d9964827b..7321bc805 100644
|
||||
--- a/lib/web/imageRouter/index.js
|
||||
+++ b/lib/web/imageRouter/index.js
|
||||
@@ -59,8 +59,7 @@ async function checkUploadType (filePath) {
|
||||
imageRouter.post('/uploadimage', function (req, res) {
|
||||
if (
|
||||
!req.isAuthenticated() &&
|
||||
- !config.allowAnonymous &&
|
||||
- !config.allowAnonymousEdits
|
||||
+ !config.allowAnonymousUploads
|
||||
) {
|
||||
logger.error(
|
||||
'Image upload error: Anonymous edits and therefore uploads are not allowed'
|
||||
|
|
@ -1,32 +0,0 @@
|
|||
{ lib
|
||||
, buildGoModule
|
||||
, fetchFromGitHub
|
||||
, libxcrypt-legacy
|
||||
, nixosTests
|
||||
}:
|
||||
|
||||
buildGoModule rec {
|
||||
pname = "portunus";
|
||||
version = "2.1.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "majewsky";
|
||||
repo = "portunus";
|
||||
rev = "v${version}";
|
||||
sha256 = "sha256-+pMMIutj+OWKZmOYH5NuA4a7aS5CD+33vAEC9bJmyfM=";
|
||||
};
|
||||
|
||||
buildInputs = [ libxcrypt-legacy ];
|
||||
|
||||
vendorHash = null;
|
||||
|
||||
passthru.tests = { inherit (nixosTests) portunus; };
|
||||
|
||||
meta = with lib; {
|
||||
description = "Self-contained user/group management and authentication service";
|
||||
homepage = "https://github.com/majewsky/portunus";
|
||||
license = licenses.gpl3Plus;
|
||||
platforms = platforms.linux;
|
||||
maintainers = with maintainers; [ majewsky ] ++ teams.c3d2.members;
|
||||
};
|
||||
}
|
||||
File diff suppressed because one or more lines are too long
Loading…
Add table
Reference in a new issue