felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2026-01-11 18:08:25 +01:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: felixalb:f3a29429aac92deb7bf3faedeb9e1755ecba3015
Branches Tags
felixalb:main felixalb:syntax_error felixalb:alps felixalb:fix-bluemap-markers felixalb:nix-topology felixalb:gitea-robots-txt felixalb:bindmount-postgres-mysql-dirs felixalb:nettsiden-postgresql felixalb:gitea-vaskepersonalet felixalb:errorpages felixalb:create-flake-input-exporter felixalb:gitea-runners-secrets felixalb:nom felixalb:add-skrott felixalb:pvvvvv felixalb:gitea-show-license-in-list-view felixalb:dagali-heimdal-openldap-sasl-stack felixalb:gitea-navbar-get-started felixalb:backup-databases felixalb:openwebui felixalb:setup-openvpn-tunnel felixalb:gitea-gpg-signing felixalb:sleipner-authorised-keys felixalb:openstack-image-builder felixalb:elysium felixalb:smartd-notifs felixalb:systemd-journald-remote felixalb:skrot felixalb:deploy-doorbell felixalb:misc-gitea-fixes felixalb:spotifyd felixalb:remote felixalb:setup-bikkje-login felixalb:ozai-prod felixalb:add-bluemap felixalb:ozai felixalb:setup-postfix-for-service-machines felixalb:fix-gitea-ci-runner-network-issues felixalb:heimdal-openldap-sasl-testing-on-salsa-on-buskerud felixalb:gitea-metrics felixalb:misc1 felixalb:add-simple-saml-theme felixalb:misc-extra-gitea-setup felixalb:setup-kerberos felixalb:setup-home-areas felixalb:shark-kanidm felixalb:prometheusexim
..
compare: felixalb:ozai-prod
Branches Tags
felixalb:main felixalb:syntax_error felixalb:alps felixalb:fix-bluemap-markers felixalb:nix-topology felixalb:gitea-robots-txt felixalb:bindmount-postgres-mysql-dirs felixalb:nettsiden-postgresql felixalb:gitea-vaskepersonalet felixalb:errorpages felixalb:create-flake-input-exporter felixalb:gitea-runners-secrets felixalb:nom felixalb:add-skrott felixalb:pvvvvv felixalb:gitea-show-license-in-list-view felixalb:dagali-heimdal-openldap-sasl-stack felixalb:gitea-navbar-get-started felixalb:backup-databases felixalb:openwebui felixalb:setup-openvpn-tunnel felixalb:gitea-gpg-signing felixalb:sleipner-authorised-keys felixalb:openstack-image-builder felixalb:elysium felixalb:smartd-notifs felixalb:systemd-journald-remote felixalb:skrot felixalb:deploy-doorbell felixalb:misc-gitea-fixes felixalb:spotifyd felixalb:remote felixalb:setup-bikkje-login felixalb:ozai-prod felixalb:add-bluemap felixalb:ozai felixalb:setup-postfix-for-service-machines felixalb:fix-gitea-ci-runner-network-issues felixalb:heimdal-openldap-sasl-testing-on-salsa-on-buskerud felixalb:gitea-metrics felixalb:misc1 felixalb:add-simple-saml-theme felixalb:misc-extra-gitea-setup felixalb:setup-kerberos felixalb:setup-home-areas felixalb:shark-kanidm felixalb:prometheusexim

1 Commits
f3a29429aa ... ozai-prod

Author SHA1 Message Date
Adrian G L
46159eec9a buskerud: Temporarily added ozai and ozai-webui 2024-06-22 17:26:01 +02:00
16 changed files with 143 additions and 139 deletions
Expand all files Collapse all files

23
flake.lock generated
View File

@@ -107,16 +107,15 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1717234745, "lastModified": 1710311999,
"narHash": "sha256-MFyKRdw4WQD6V3vRGbP6MYbtJhZp712zwzjW6YiOBYM=", "narHash": "sha256-s0pT1NyrMgeolUojXXcnXQDymN7m80GTF7itCv0ZH20=",
"owner": "dali99", "owner": "dali99",
"repo": "nixos-matrix-modules", "repo": "nixos-matrix-modules",
"rev": "d7dc42c9bbb155c5e4aa2f0985d0df75ce978456", "rev": "6c9b67974b839740e2a738958512c7a704481157",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "dali99", "owner": "dali99",
"ref": "v0.6.0",
"repo": "nixos-matrix-modules", "repo": "nixos-matrix-modules",
"type": "github" "type": "github"
} }
@@ -143,16 +142,16 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1719520878, "lastModified": 1715410392,
"narHash": "sha256-5BXzNOl2RVHcfS/oxaZDKOi7gVuTyWPibQG0DHd5sSc=", "narHash": "sha256-ltp1jQps9tym0uWNl/lTniHSQngCtNIyzlymu+ZSyts=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a44bedbb48c367f0476e6a3a27bf28f6330faf23", "rev": "9f8bf7503bd85d5208575f4bd81c8b1fc999a468",
"type": "github" "type": "github"
}, },
"original": { "original": {
"id": "nixpkgs", "id": "nixpkgs",
"ref": "nixos-24.05-small", "ref": "nixos-23.11-small",
"type": "indirect" "type": "indirect"
} }
}, },
@@ -214,11 +213,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1718404592, "lastModified": 1716150352,
"narHash": "sha256-Ud8pD0mxmbfvwBXKy2q3Yp8r1EofaTcodZtI3fbnfDY=", "narHash": "sha256-c13lzYbLmbrcbEdPTYZYtlX2Qsz1W+2sLsIMGShPgwo=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "6e4a79ed3ddae8dfc80eb8af1789985d07bcf297", "rev": "2cab4df4b119e08a1f90ea1c944652cd78b4d478",
"revCount": 463, "revCount": 459,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git" "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
}, },

19
flake.nix
View File

@@ -2,7 +2,7 @@
description = "PVV System flake"; description = "PVV System flake";
inputs = { inputs = {
nixpkgs.url = "nixpkgs/nixos-24.05-small"; nixpkgs.url = "nixpkgs/nixos-23.11-small";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable-small"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable-small";
sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
@@ -17,7 +17,7 @@
pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git"; pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git";
pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs"; pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
matrix-next.url = "github:dali99/nixos-matrix-modules/v0.6.0"; matrix-next.url = "github:dali99/nixos-matrix-modules";
matrix-next.inputs.nixpkgs.follows = "nixpkgs"; matrix-next.inputs.nixpkgs.follows = "nixpkgs";
nix-gitea-themes.url = "git+https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git"; nix-gitea-themes.url = "git+https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git";
@@ -27,9 +27,15 @@
grzegorz.inputs.nixpkgs.follows = "nixpkgs-unstable"; grzegorz.inputs.nixpkgs.follows = "nixpkgs-unstable";
grzegorz-clients.url = "github:Programvareverkstedet/grzegorz-clients"; grzegorz-clients.url = "github:Programvareverkstedet/grzegorz-clients";
grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs"; grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";
ozai.url = "git+https://git.pvv.ntnu.no/Projects/ozai.git";
ozai.inputs.nixpkgs.follows = "nixpkgs";
ozai-webui.url = "git+https://git.pvv.ntnu.no/adriangl/ozai-webui.git";
ozai-webui.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { self, nixpkgs, nixpkgs-unstable, pvv-nettsiden, sops-nix, disko, ... }@inputs: outputs = { self, nixpkgs, nixpkgs-unstable, pvv-nettsiden, sops-nix, disko, ozai, ozai-webui, ... }@inputs:
let let
nixlib = nixpkgs.lib; nixlib = nixpkgs.lib;
systems = [ systems = [
@@ -121,7 +127,12 @@
inputs.grzegorz-clients.nixosModules.grzegorz-webui inputs.grzegorz-clients.nixosModules.grzegorz-webui
]; ];
}; };
buskerud = stableNixosConfig "buskerud" { }; buskerud = stableNixosConfig "buskerud" {
modules = [
ozai.nixosModules.ozai
ozai-webui.nixosModules.ozai-webui
];
};
}; };
devShells = forAllSystems (system: { devShells = forAllSystems (system: {

50
hosts/bekkalokk/services/gitea/default.nix
View File

@@ -1,4 +1,4 @@
{ config, values, pkgs, lib, ... }: { config, values, pkgs, ... }:
let let
cfg = config.services.gitea; cfg = config.services.gitea;
domain = "git.pvv.ntnu.no"; domain = "git.pvv.ntnu.no";
@@ -22,19 +22,19 @@ in {
services.gitea = { services.gitea = {
enable = true; enable = true;
stateDir = "/data/gitea";
appName = "PVV Git"; appName = "PVV Git";
database = { database = {
type = "postgres"; type = "postgres";
host = "postgres.pvv.ntnu.no"; host = "postgres.pvv.ntnu.no";
port = config.services.postgresql.settings.port; port = config.services.postgresql.port;
passwordFile = config.sops.secrets."gitea/database".path; passwordFile = config.sops.secrets."gitea/database".path;
createDatabase = false; createDatabase = false;
}; };
mailerPasswordFile = config.sops.secrets."gitea/email-password".path; mailerPasswordFile = config.sops.secrets."gitea/email-password".path;
# https://docs.gitea.com/administration/config-cheat-sheet
settings = { settings = {
server = { server = {
DOMAIN = domain; DOMAIN = domain;
@@ -42,7 +42,6 @@ in {
PROTOCOL = "http+unix"; PROTOCOL = "http+unix";
SSH_PORT = sshPort; SSH_PORT = sshPort;
START_SSH_SERVER = true; START_SSH_SERVER = true;
START_LFS_SERVER = true;
}; };
mailer = { mailer = {
ENABLED = true; ENABLED = true;
@@ -51,46 +50,11 @@ in {
SMTP_ADDR = "smtp.pvv.ntnu.no"; SMTP_ADDR = "smtp.pvv.ntnu.no";
SMTP_PORT = 587; SMTP_PORT = 587;
USER = "gitea@pvv.ntnu.no"; USER = "gitea@pvv.ntnu.no";
SUBJECT_PREFIX = "[pvv-git]";
}; };
indexer.REPO_INDEXER_ENABLED = true; indexer.REPO_INDEXER_ENABLED = true;
service = { service.DISABLE_REGISTRATION = true;
DISABLE_REGISTRATION = true;
ENABLE_NOTIFY_MAIL = true;
};
admin.DEFAULT_EMAIL_NOTIFICATIONS = "onmention";
session.COOKIE_SECURE = true; session.COOKIE_SECURE = true;
database.LOG_SQL = false; database.LOG_SQL = false;
repository = {
PREFERRED_LICENSES = lib.concatStringsSep "," [
"AGPL-3.0-only"
"AGPL-3.0-or-later"
"Apache-2.0"
"BSD-3-Clause"
"CC-BY-4.0"
"CC-BY-NC-4.0"
"CC-BY-NC-ND-4.0"
"CC-BY-NC-SA-4.0"
"CC-BY-ND-4.0"
"CC-BY-SA-4.0"
"CC0-1.0"
"GPL-2.0-only"
"GPL-3.0-only"
"GPL-3.0-or-later"
"LGPL-3.0-linking-exception"
"LGPL-3.0-only"
"LGPL-3.0-or-later"
"MIT"
"MPL-2.0"
"Unlicense"
];
DEFAULT_REPO_UNITS = lib.concatStringsSep "," [
"repo.code"
"repo.issues"
"repo.pulls"
"repo.releases"
];
};
picture = { picture = {
DISABLE_GRAVATAR = true; DISABLE_GRAVATAR = true;
ENABLE_FEDERATED_AVATAR = false; ENABLE_FEDERATED_AVATAR = false;
@@ -135,9 +99,9 @@ in {
logo-svg = ../../../../assets/logo_blue_regular.svg; logo-svg = ../../../../assets/logo_blue_regular.svg;
logo-png = ../../../../assets/logo_blue_regular.png; logo-png = ../../../../assets/logo_blue_regular.png;
in '' in ''
install -Dm444 ${logo-svg} ${cfg.customDir}/public/assets/img/logo.svg install -Dm444 ${logo-svg} ${cfg.customDir}/public/img/logo.svg
install -Dm444 ${logo-png} ${cfg.customDir}/public/assets/img/logo.png install -Dm444 ${logo-png} ${cfg.customDir}/public/img/logo.png
install -Dm444 ${./loading.apng} ${cfg.customDir}/public/assets/img/loading.png install -Dm444 ${./loading.apng} ${cfg.customDir}/public/img/loading.png
''; '';
}; };
} }

13
hosts/bekkalokk/services/kerberos/default.nix
View File

@@ -1,5 +1,18 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
#######################
# TODO: remove these once nixos 24.05 gets released
#######################
imports = [
./krb5.nix
./pam.nix
];
disabledModules = [
"config/krb5/default.nix"
"security/pam.nix"
];
#######################
security.krb5 = { security.krb5 = {
enable = true; enable = true;
settings = { settings = {

8
hosts/bekkalokk/services/mediawiki/default.nix
View File

@@ -86,7 +86,8 @@ in {
}; };
extensions = { extensions = {
inherit (pkgs.mediawiki-extensions) DeleteBatch UserMerge PluggableAuth SimpleSAMLphp VisualEditor; #inherit (pkgs.mediawiki-extensions) DeleteBatch UserMerge PluggableAuth SimpleSAMLphp VisualEditor;
inherit (pkgs.mediawiki-extensions) UserMerge PluggableAuth SimpleSAMLphp VisualEditor;
}; };
extraConfig = '' extraConfig = ''
@@ -120,6 +121,7 @@ in {
# Misc # Misc
$wgEmergencyContact = "${cfg.passwordSender}"; $wgEmergencyContact = "${cfg.passwordSender}";
$wgShowIPinHeader = false;
$wgUseTeX = false; $wgUseTeX = false;
$wgLocalInterwiki = $wgSitename; $wgLocalInterwiki = $wgSitename;
@@ -135,10 +137,6 @@ in {
] ]
]; ];
# Debugging
$wgShowExceptionDetails = false;
$wgShowIPinHeader = false;
# Fix https://github.com/NixOS/nixpkgs/issues/183097 # Fix https://github.com/NixOS/nixpkgs/issues/183097
$wgDBserver = "${toString cfg.database.host}"; $wgDBserver = "${toString cfg.database.host}";
''; '';

4
hosts/buskerud/configuration.nix
View File

@@ -4,8 +4,8 @@
./hardware-configuration.nix ./hardware-configuration.nix
../../base.nix ../../base.nix
../../misc/metrics-exporters.nix ../../misc/metrics-exporters.nix
./services/libvirt.nix ./services/ozai.nix
]; ];
# buskerud does not support efi? # buskerud does not support efi?

10
hosts/buskerud/services/libvirt.nix
View File

@@ -1,10 +0,0 @@
{ config, pkgs, lib, ... }:
{
virtualisation.libvirtd.enable = true;
programs.dconf.enable = true;
boot.kernelModules = [ "kvm-intel" ];
# On a gui-enabled machine, connect with:
# $ virt-manager --connect "qemu+ssh://buskerud/system?socket=/var/run/libvirt/libvirt-sock"
}

33
hosts/buskerud/services/ozai.nix Normal file
View File

@@ -0,0 +1,33 @@
{ config, pkgs, lib, ... }:
let
domain = "buskerud.pvv.ntnu.no";
in
{
services.ozai = {
enable = true;
host = "0.0.0.0";
port = 8000;
};
services.ozai-webui = {
enable = true;
port = 8080;
host = "0.0.0.0";
};
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
locations."/azul/" = {
proxyWebsockets = true;
proxyPass = "http://${config.services.ozai-webui.host}:${config.services.ozai-webui.port}";
};
locations."/ozai/" = {
proxyWebsockets = true;
proxyPass = "http://${config.services.ozai.host}:${config.services.ozai.port}";
};
};
}

4
hosts/ildkule/services/monitoring/loki.nix
View File

@@ -50,6 +50,7 @@ in {
boltdb_shipper = { boltdb_shipper = {
active_index_directory = "/var/lib/loki/boltdb-shipper-index"; active_index_directory = "/var/lib/loki/boltdb-shipper-index";
cache_location = "/var/lib/loki/boltdb-shipper-cache"; cache_location = "/var/lib/loki/boltdb-shipper-cache";
shared_store = "filesystem";
cache_ttl = "24h"; cache_ttl = "24h";
}; };
filesystem = { filesystem = {
@@ -58,13 +59,14 @@ in {
}; };
limits_config = { limits_config = {
allow_structured_metadata = false; enforce_metric_name = false;
reject_old_samples = true; reject_old_samples = true;
reject_old_samples_max_age = "72h"; reject_old_samples_max_age = "72h";
}; };
compactor = { compactor = {
working_directory = "/var/lib/loki/compactor"; working_directory = "/var/lib/loki/compactor";
shared_store = "filesystem";
}; };
# ruler = { # ruler = {

19
packages/mediawiki-extensions/delete-batch/default.nix
View File

@@ -1,14 +1,13 @@
{ fetchgit }: { fetchzip }:
let let
commit = "cad869fbd95637902673f744581b29e0f3e3f61a"; commit = "a53af3b8269ed19ede3cf1fa811e7ec8cb00af92";
project-name = "DeleteBatch"; project-name = "UserMerge";
tracking-branch = "REL1_41"; tracking-branch = "REL1_41";
in in
(fetchgit { fetchzip {
name = "mediawiki-delete-batch-source"; name = "mediawiki-delete-batch";
url = "https://gerrit.wikimedia.org/r/mediawiki/extensions/${project-name}"; url = "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/${project-name}/+archive/${commit}.tar.gz";
rev = "refs/heads/${tracking-branch}"; hash = "sha256-0ofCZhhv4aVTGq469Fdu7k0oVQu3kG3HFa8zaBbUr/M=";
hash = "sha256-M1ek1WdO1/uTjeYlrk3Tz+nlb/fFZH+O0Ok7b10iKak="; stripRoot = false;
}).overrideAttrs (_: {
passthru = { inherit project-name tracking-branch; }; passthru = { inherit project-name tracking-branch; };
}) }

15
packages/mediawiki-extensions/pluggable-auth/default.nix
View File

@@ -1,14 +1,13 @@
{ fetchgit }: { fetchzip }:
let let
commit = "4111a57c34e25bde579cce5d14ea094021e450c8"; commit = "d5b3ad8f03b65d3746e025cdd7fe3254ad6e4026";
project-name = "PluggableAuth"; project-name = "PluggableAuth";
tracking-branch = "REL1_41"; tracking-branch = "REL1_41";
in in
(fetchgit { fetchzip {
name = "mediawiki-pluggable-auth-source"; name = "mediawiki-pluggable-auth-source";
url = "https://gerrit.wikimedia.org/r/mediawiki/extensions/${project-name}"; url = "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/${project-name}/+archive/${commit}.tar.gz";
rev = "refs/heads/${tracking-branch}"; hash = "sha256-mLepavgeaNUGYxrrCKVpybGO2ecjc3B5IU8q+gZTx2U=";
hash = "sha256-aPtN8A9gDxLlq2+EloRZBO0DfHtE0E5kbV/adk82jvM="; stripRoot = false;
}).overrideAttrs (_: {
passthru = { inherit project-name tracking-branch; }; passthru = { inherit project-name tracking-branch; };
}) }

15
packages/mediawiki-extensions/simple-saml-php/default.nix
View File

@@ -1,14 +1,13 @@
{ fetchgit }: { fetchzip }:
let let
commit = "ecb47191fecd1e0dc4c9d8b90a9118e393d82c23"; commit = "9ae0678d77a9175285a1cfadd5adf28379dbdb3d";
project-name = "SimpleSAMLphp"; project-name = "SimpleSAMLphp";
tracking-branch = "REL1_41"; tracking-branch = "REL1_41";
in in
(fetchgit { fetchzip {
name = "mediawiki-simple-saml-php-source"; name = "mediawiki-simple-saml-php-source";
url = "https://gerrit.wikimedia.org/r/mediawiki/extensions/${project-name}"; url = "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/${project-name}/+archive/${commit}.tar.gz";
rev = "refs/heads/${tracking-branch}"; hash = "sha256-s6Uw1fNzGBF0HEMl0LIRLhJkOHugrCE0aTnqawYi/pE=";
hash = "sha256-gKu+O49XrAVt6hXdt36Ru7snjsKX6g2CYJ0kk/d+CI8="; stripRoot = false;
}).overrideAttrs (_: {
passthru = { inherit project-name tracking-branch; }; passthru = { inherit project-name tracking-branch; };
}) }

29
packages/mediawiki-extensions/update-mediawiki-extensions.py
View File

@@ -1,5 +1,5 @@
#!/usr/bin/env nix-shell #!/usr/bin/env nix-shell
#!nix-shell -i python3 -p "python3.withPackages(ps: with ps; [ beautifulsoup4 requests ])" nix-prefetch-git #!nix-shell -i python3 -p "python3.withPackages(ps: with ps; [ beautifulsoup4 requests ])"
import os import os
from pathlib import Path from pathlib import Path
@@ -8,13 +8,11 @@ import subprocess
from collections import defaultdict from collections import defaultdict
from pprint import pprint from pprint import pprint
from dataclasses import dataclass from dataclasses import dataclass
import json
import bs4 import bs4
import requests import requests
BASE_WEB_URL = "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions" BASE_URL = "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions"
BASE_GIT_URL = "https://gerrit.wikimedia.org/r/mediawiki/extensions/"
@dataclass @dataclass
class PluginMetadata: class PluginMetadata:
@@ -47,21 +45,26 @@ def get_metadata(file_content: str) -> dict[str,str] | None:
def get_newest_commit(project_name: str, tracking_branch: str) -> str: def get_newest_commit(project_name: str, tracking_branch: str) -> str:
content = requests.get(f"{BASE_WEB_URL}/{project_name}/+log/refs/heads/{tracking_branch}/").text content = requests.get(f"{BASE_URL}/{project_name}/+log/refs/heads/{tracking_branch}/").text
soup = bs4.BeautifulSoup(content, features="html.parser") soup = bs4.BeautifulSoup(content, features="html.parser")
a = soup.find('li').findChild('a') a = soup.find('li').findChild('a')
commit_sha = a['href'].split('/')[-1] commit_sha = a['href'].split('/')[-1]
return commit_sha return commit_sha
def get_nix_hash(url: str, commit: str) -> str: def get_nix_hash(tar_gz_url: str) -> str:
out, err = subprocess.Popen( out, err = subprocess.Popen(
["nix-prefetch-git", "--url", url, "--rev", commit, "--fetch-submodules", "--quiet"], ["nix-prefetch-url", "--unpack", "--type", "sha256", tar_gz_url],
stdout=subprocess.PIPE,
stderr=subprocess.PIPE
).communicate()
out, err = subprocess.Popen(
["nix", "hash", "to-sri", "--type", "sha256", out.decode().strip()],
stdout=subprocess.PIPE, stdout=subprocess.PIPE,
stderr=subprocess.PIPE stderr=subprocess.PIPE
).communicate() ).communicate()
return json.loads(out.decode().strip())['hash'] return out.decode().strip()
def set_commit_and_hash(file_content: str, commit: str, sha256: str) -> str: def set_commit_and_hash(file_content: str, commit: str, sha256: str) -> str:
@@ -76,16 +79,16 @@ def update(package_file: Path) -> None:
metadata = get_metadata(file_content) metadata = get_metadata(file_content)
if metadata is None: if metadata is None:
print(f"ERROR: could not find metadata for {package_file}")
return return
if metadata.commit == "": if metadata.commit == "":
metadata.commit = "<none>" metadata.commit = "<none>"
new_commit = get_newest_commit(metadata.project_name, metadata.tracking_branch) new_commit = get_newest_commit(metadata.project_name, metadata.tracking_branch)
new_hash = get_nix_hash(f"{BASE_GIT_URL}/{metadata.project_name}", new_commit) if new_commit == metadata.commit:
if new_hash is None or new_hash == "": return
print(f"ERROR: could not fetch hash for {metadata.project_name}")
exit(1) new_url = f"{BASE_URL}/{metadata.project_name}/+archive/{new_commit}.tar.gz"
new_hash = get_nix_hash(new_url)
print(f"Updating {metadata.project_name}: {metadata.commit} -> {new_commit}") print(f"Updating {metadata.project_name}: {metadata.commit} -> {new_commit}")

15
packages/mediawiki-extensions/user-merge/default.nix
View File

@@ -1,14 +1,13 @@
{ fetchgit }: { fetchzip }:
let let
commit = "c17c919bdb9b67bb69f80df43e9ee9d33b1ecf1b"; commit = "a53af3b8269ed19ede3cf1fa811e7ec8cb00af92";
project-name = "UserMerge"; project-name = "UserMerge";
tracking-branch = "REL1_41"; tracking-branch = "REL1_41";
in in
(fetchgit { fetchzip {
name = "mediawiki-user-merge-source"; name = "mediawiki-user-merge-source";
url = "https://gerrit.wikimedia.org/r/mediawiki/extensions/${project-name}"; url = "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/${project-name}/+archive/${commit}.tar.gz";
rev = "refs/heads/${tracking-branch}"; hash = "sha256-0ofCZhhv4aVTGq469Fdu7k0oVQu3kG3HFa8zaBbUr/M=";
hash = "sha256-+mkzTCo8RVlGoFyfCrSb5YMh4J6Pbi1PZLFu5ps8bWY="; stripRoot = false;
}).overrideAttrs (_: {
passthru = { inherit project-name tracking-branch; }; passthru = { inherit project-name tracking-branch; };
}) }

17
packages/mediawiki-extensions/visual-editor/default.nix
View File

@@ -1,14 +1,13 @@
{ fetchgit }: { fetchzip }:
let let
commit = "170d19aad1f28dc6bd3f98ee277680cabba9db0c"; commit = "bb92d4b0bb81cebd73a3dbabfb497213dac349f2";
project-name = "VisualEditor"; project-name = "VisualEditor";
tracking-branch = "REL1_41"; tracking-branch = "REL1_40";
in in
(fetchgit { fetchzip {
name = "mediawiki-visual-editor-source"; name = "mediawiki-visual-editor-source";
url = "https://gerrit.wikimedia.org/r/mediawiki/extensions/${project-name}"; url = "https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/extensions/${project-name}/+archive/${commit}.tar.gz";
rev = "refs/heads/${tracking-branch}"; hash = "sha256-lShpSoR+NLfdd5i7soM6J40pq+MzCMG0M1tSYsS+jAg=";
hash = "sha256-5WVlO/OEk4eln5j/w4Tu/MXSmlvjIn7l6H+OTPaV+t4="; stripRoot = false;
}).overrideAttrs (_: {
passthru = { inherit project-name tracking-branch; }; passthru = { inherit project-name tracking-branch; };
}) }

8
users/felixalb.nix
View File

@@ -1,12 +1,8 @@
{ pkgs, lib, config, ... }: { pkgs, ... }:
{ {
users.users.felixalb = { users.users.felixalb = {
isNormalUser = true; isNormalUser = true;
extraGroups = [ extraGroups = [ "wheel" ]; # Enable sudo for the user.
"wheel"
] ++ lib.optionals ( config.users.groups ? "libvirtd" ) [
"libvirtd"
];
shell = pkgs.zsh; shell = pkgs.zsh;
openssh.authorizedKeys.keys = [ openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalbrigtsen@gmail.com" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalbrigtsen@gmail.com"