wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

[Draft] Basic LDAP/Portunus config #12

Merged
hxlcyxn merged 16 commits from ldap into main 2022-12-17 20:54:56 +01:00
Conversation 0 Commits 16 Files changed 5 +48 -18
7 changed files with 48 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 3d8b8089d6 - Show all commits

27
.github/workflows/fmt.yaml vendored Normal file
View file

@ -0,0 +1,27 @@
name: main
on:
push:
branches:
- main
pull_request:
branches:
- main
jobs:
check-flake:
name: Nixpkgs Formatting
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Nix
uses: cachix/install-nix-action@v18
with:
extra_nix_config: |
experimental-features = nix-command flakes
- run: nix-channel --add https://nixos.org/channels/nixos-22.11 nixos
- run: nix-channel --update
- run: nix shell nixpkgs#nixpkgs-fmt -c nixpkgs-fmt . --check

8
flake.nix
View file

@ -56,16 +56,19 @@
modules = [ modules = [
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
./hosts/quitte/configuration.nix ./hosts/quitte/configuration.nix
./modules/options.nix
./modules/base.nix ./modules/base.nix
./modules/sops.nix ./modules/sops.nix
./modules/keycloak.nix
./modules/ldap.nix ./modules/ldap.nix
# ./modules/keycloak.nix replaced by portunus
./modules/nginx.nix ./modules/nginx.nix
./modules/hedgedoc.nix ./modules/hedgedoc.nix
./modules/wiki.nix ./modules/wiki.nix
./modules/stream.nix ./modules/stream.nix
./modules/nextcloud.nix ./modules/nextcloud.nix
{ {
fsr.enable_office_bloat = false;
fsr.domain = "staging.ifsr.de";
sops.defaultSopsFile = ./secrets/quitte.yaml; sops.defaultSopsFile = ./secrets/quitte.yaml;
} }
]; ];
@ -75,8 +78,9 @@
modules = [ modules = [
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
./hosts/quitte/configuration.nix ./hosts/quitte/configuration.nix
./modules/options.nix
./modules/base.nix ./modules/base.nix
./modules/keycloak.nix # ./modules/keycloak.nix replaced by portunus
./modules/nginx.nix ./modules/nginx.nix
./modules/hedgedoc.nix ./modules/hedgedoc.nix
./modules/wiki.nix ./modules/wiki.nix

2
modules/hedgedoc.nix
View file

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
domain = "pad.quitte.tassilo-tanneberger.de"; domain = "pad.${config.fsr.domain}";
in in
{ {
services = { services = {

2
modules/nextcloud.nix
View file

@ -1,6 +1,6 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
domain = "nc.quitte.fugi.dev"; domain = "nc.${config.fsr.domain}";
in in
{ {
sops.secrets = { sops.secrets = {

9
modules/options.nix
View file

@ -1,7 +1,14 @@
{ config, lib, ... }: with lib; { { config, lib, ... }: with lib; {
options.fsr.enable_office_bloat = mkOption { options.fsr = {
enable_office_bloat = mkOption {
type = types.bool; type = types.bool;
default = false; default = false;
description = "install heavy office bloat like texlive, okular, ..."; description = "install heavy office bloat like texlive, okular, ...";
}; };
domain = mkOption {
type = types.str;
default = "ifsr.de";
description = "under which top level domain the services should run";
};
};
} }

2
modules/stream.nix
View file

@ -10,7 +10,7 @@ in
services = { services = {
nginx = { nginx = {
virtualHosts = { virtualHosts = {
"stream.ifsr.de" = { "stream.${config.fsr.domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = locations."/" =

10
modules/wiki.nix
View file

@ -116,10 +116,6 @@
$wgPluggableAuth_EnableLocalLogin = true; $wgPluggableAuth_EnableLocalLogin = true;
''; '';
extensions = { extensions = {
#Cite = pkgs.fetchzip {
# url = "https://web.archive.org/web/20220627203658/https://extdist.wmflabs.org/dist/extensions/Cite-REL1_38-d40993e.tar.gz";
# sha256 = "sha256-dziMo6sH4yMPjnDtt0TXiGBxE5uGRJM+scwdeuer5sM=";
#};
CiteThisPage = pkgs.fetchzip { CiteThisPage = pkgs.fetchzip {
url = "https://web.archive.org/web/20220627203556/https://extdist.wmflabs.org/dist/extensions/CiteThisPage-REL1_38-bb4881c.tar.gz"; url = "https://web.archive.org/web/20220627203556/https://extdist.wmflabs.org/dist/extensions/CiteThisPage-REL1_38-bb4881c.tar.gz";
sha256 = "sha256-sTZMCLlOkQBEmLiFz2BQJpWRxSDbpS40EZQ+f/jFjxI="; sha256 = "sha256-sTZMCLlOkQBEmLiFz2BQJpWRxSDbpS40EZQ+f/jFjxI=";
@ -128,10 +124,6 @@
url = "https://web.archive.org/web/20220627203619/https://extdist.wmflabs.org/dist/extensions/ConfirmEdit-REL1_38-50f4dfd.tar.gz"; url = "https://web.archive.org/web/20220627203619/https://extdist.wmflabs.org/dist/extensions/ConfirmEdit-REL1_38-50f4dfd.tar.gz";
sha256 = "sha256-babZDzcQDE446TBuGW/olbt2xRbPjk+5o3o9DUFlCxk="; sha256 = "sha256-babZDzcQDE446TBuGW/olbt2xRbPjk+5o3o9DUFlCxk=";
}; };
#DynamicPageList = pkgs.fetchzip {
# url = "https://web.archive.org/web/20220627203129/https://extdist.wmflabs.org/dist/extensions/DynamicPageList-REL1_38-3b7a26d.tar.gz";
# sha256 = "sha256-WjVLks0Q9hSN2poqbKzTJhvOXog7UHJqjY2WJ4Uc64o=";
#};
Lockdown = pkgs.fetchzip { Lockdown = pkgs.fetchzip {
url = "https://web.archive.org/web/20220627203048/https://extdist.wmflabs.org/dist/extensions/Lockdown-REL1_38-1915db4.tar.gz"; url = "https://web.archive.org/web/20220627203048/https://extdist.wmflabs.org/dist/extensions/Lockdown-REL1_38-1915db4.tar.gz";
sha256 = "sha256-YCYsjh/3g2P8oT6IomP3UWjOoggH7jYjiiix7poOYnA="; sha256 = "sha256-YCYsjh/3g2P8oT6IomP3UWjOoggH7jYjiiix7poOYnA=";
@ -188,7 +180,7 @@
nginx = { nginx = {
recommendedProxySettings = true; recommendedProxySettings = true;
virtualHosts = { virtualHosts = {
"wiki.quitte.tassilo-tanneberger.de" = { "wiki.${config.fsr.domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { locations."/" = {