aboutsummaryrefslogtreecommitdiff
path: root/systems/eldiron
diff options
context:
space:
mode:
Diffstat (limited to 'systems/eldiron')
-rw-r--r--systems/eldiron/base.nix2
-rw-r--r--systems/eldiron/borg_backup.nix3
-rw-r--r--systems/eldiron/flake.lock42
-rw-r--r--systems/eldiron/websites/cloud/default.nix2
-rw-r--r--systems/eldiron/websites/git/mantisbt.nix53
-rw-r--r--systems/eldiron/websites/tools/landing/ldap_password.php2
6 files changed, 71 insertions, 33 deletions
diff --git a/systems/eldiron/base.nix b/systems/eldiron/base.nix
index fa5e504..4535dcf 100644
--- a/systems/eldiron/base.nix
+++ b/systems/eldiron/base.nix
@@ -189,7 +189,7 @@
189 table = ldap_users 189 table = ldap_users
190 user_column = login 190 user_column = login
191 pw_type = function 191 pw_type = function
192 auth_query = SELECT ((mechanism = 'SSHA' AND password = encode(digest( %p || salt, 'sha1'), 'hex')) OR (mechanism = 'PLAIN' AND password = %p)) FROM ldap_users WHERE login = %u OR login || '@' || realm = %u 192 auth_query = SELECT ((mechanism = 'SSHA' AND password = encode(digest( convert_to(%p, 'UTF8') || salt, 'sha1'), 'hex')) OR (mechanism = 'PLAIN' AND password = %p)) FROM ldap_users WHERE login = %u OR login || '@' || realm = %u
193 #pwd_query = WITH newsalt as (select gen_random_bytes(4)) UPDATE ldap_users SET password = encode(digest( %p || (SELECT * FROM newsalt), 'sha1'), 'hex'), salt = (SELECT * FROM newsalt), mechanism = 'SSHA' WHERE login = %u OR login || '@' || realm = %u 193 #pwd_query = WITH newsalt as (select gen_random_bytes(4)) UPDATE ldap_users SET password = encode(digest( %p || (SELECT * FROM newsalt), 'sha1'), 'hex'), salt = (SELECT * FROM newsalt), mechanism = 'SSHA' WHERE login = %u OR login || '@' || realm = %u
194 ''; 194 '';
195 }; 195 };
diff --git a/systems/eldiron/borg_backup.nix b/systems/eldiron/borg_backup.nix
index 9956a46..f83594a 100644
--- a/systems/eldiron/borg_backup.nix
+++ b/systems/eldiron/borg_backup.nix
@@ -76,7 +76,7 @@ let
76 location = { 76 location = {
77 source_directories = map (p: "${profile.rootDir}/${p}") profile.includedPaths; 77 source_directories = map (p: "${profile.rootDir}/${p}") profile.includedPaths;
78 repositories = [ 78 repositories = [
79 { path = cfg.remotes.${remote}.remote bucket; label = "backupserver"; } 79 { path = cfg.remotes.${remote}.remote name bucket; label = "backupserver"; }
80 ]; 80 ];
81 one_file_system = false; 81 one_file_system = false;
82 exclude_if_present = [".duplicity-ignore"]; 82 exclude_if_present = [".duplicity-ignore"];
@@ -88,6 +88,7 @@ let
88 ssh_command = "ssh -i ${config.secrets.fullPaths."borg_backup/identity"}"; 88 ssh_command = "ssh -i ${config.secrets.fullPaths."borg_backup/identity"}";
89 compression = "zlib"; 89 compression = "zlib";
90 borg_base_directory = "${varDir}/${profile.bucket}"; 90 borg_base_directory = "${varDir}/${profile.bucket}";
91 relocated_repo_access_is_ok = true;
91 }; 92 };
92 retention = { 93 retention = {
93 keep_within = "10d"; 94 keep_within = "10d";
diff --git a/systems/eldiron/flake.lock b/systems/eldiron/flake.lock
index 0f97917..9d6c296 100644
--- a/systems/eldiron/flake.lock
+++ b/systems/eldiron/flake.lock
@@ -129,7 +129,7 @@
129 "environment": { 129 "environment": {
130 "locked": { 130 "locked": {
131 "lastModified": 1, 131 "lastModified": 1,
132 "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", 132 "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=",
133 "path": "../environment", 133 "path": "../environment",
134 "type": "path" 134 "type": "path"
135 }, 135 },
@@ -141,7 +141,7 @@
141 "environment_2": { 141 "environment_2": {
142 "locked": { 142 "locked": {
143 "lastModified": 1, 143 "lastModified": 1,
144 "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", 144 "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=",
145 "path": "../environment", 145 "path": "../environment",
146 "type": "path" 146 "type": "path"
147 }, 147 },
@@ -153,7 +153,7 @@
153 "environment_3": { 153 "environment_3": {
154 "locked": { 154 "locked": {
155 "lastModified": 1, 155 "lastModified": 1,
156 "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", 156 "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=",
157 "path": "../environment", 157 "path": "../environment",
158 "type": "path" 158 "type": "path"
159 }, 159 },
@@ -165,7 +165,7 @@
165 "environment_4": { 165 "environment_4": {
166 "locked": { 166 "locked": {
167 "lastModified": 1, 167 "lastModified": 1,
168 "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", 168 "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=",
169 "path": "../environment", 169 "path": "../environment",
170 "type": "path" 170 "type": "path"
171 }, 171 },
@@ -177,7 +177,7 @@
177 "environment_5": { 177 "environment_5": {
178 "locked": { 178 "locked": {
179 "lastModified": 1, 179 "lastModified": 1,
180 "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", 180 "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=",
181 "path": "../environment", 181 "path": "../environment",
182 "type": "path" 182 "type": "path"
183 }, 183 },
@@ -189,7 +189,7 @@
189 "environment_6": { 189 "environment_6": {
190 "locked": { 190 "locked": {
191 "lastModified": 1, 191 "lastModified": 1,
192 "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", 192 "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=",
193 "path": "../environment", 193 "path": "../environment",
194 "type": "path" 194 "type": "path"
195 }, 195 },
@@ -813,7 +813,7 @@
813 }, 813 },
814 "locked": { 814 "locked": {
815 "lastModified": 1, 815 "lastModified": 1,
816 "narHash": "sha256-PPOh6hf0hakuHCBOgJok208Qc3xKpuwwxhHV2QQRbmA=", 816 "narHash": "sha256-yHJid6Rpxa5pfKI81FfI0VZir9seZMHtLzjdvmt0FVw=",
817 "path": "../../mypackages", 817 "path": "../../mypackages",
818 "type": "path" 818 "type": "path"
819 }, 819 },
@@ -830,7 +830,7 @@
830 }, 830 },
831 "locked": { 831 "locked": {
832 "lastModified": 1, 832 "lastModified": 1,
833 "narHash": "sha256-PPOh6hf0hakuHCBOgJok208Qc3xKpuwwxhHV2QQRbmA=", 833 "narHash": "sha256-yHJid6Rpxa5pfKI81FfI0VZir9seZMHtLzjdvmt0FVw=",
834 "path": "../mypackages", 834 "path": "../mypackages",
835 "type": "path" 835 "type": "path"
836 }, 836 },
@@ -847,7 +847,7 @@
847 }, 847 },
848 "locked": { 848 "locked": {
849 "lastModified": 1, 849 "lastModified": 1,
850 "narHash": "sha256-PPOh6hf0hakuHCBOgJok208Qc3xKpuwwxhHV2QQRbmA=", 850 "narHash": "sha256-yHJid6Rpxa5pfKI81FfI0VZir9seZMHtLzjdvmt0FVw=",
851 "path": "../mypackages", 851 "path": "../mypackages",
852 "type": "path" 852 "type": "path"
853 }, 853 },
@@ -864,7 +864,7 @@
864 }, 864 },
865 "locked": { 865 "locked": {
866 "lastModified": 1, 866 "lastModified": 1,
867 "narHash": "sha256-PPOh6hf0hakuHCBOgJok208Qc3xKpuwwxhHV2QQRbmA=", 867 "narHash": "sha256-yHJid6Rpxa5pfKI81FfI0VZir9seZMHtLzjdvmt0FVw=",
868 "path": "../mypackages", 868 "path": "../mypackages",
869 "type": "path" 869 "type": "path"
870 }, 870 },
@@ -1989,7 +1989,7 @@
1989 }, 1989 },
1990 "locked": { 1990 "locked": {
1991 "lastModified": 1, 1991 "lastModified": 1,
1992 "narHash": "sha256-Deh1qsi1UFskPSAwq2sUGyPeh7hVVHct8hhy4o6fEzE=", 1992 "narHash": "sha256-S6sETV9+RccMB5LcH4vOZJiTdhLS3SRIjFRvEfjd9Ag=",
1993 "path": "../../flakes/private/chatons", 1993 "path": "../../flakes/private/chatons",
1994 "type": "path" 1994 "type": "path"
1995 }, 1995 },
@@ -2001,7 +2001,7 @@
2001 "private-environment": { 2001 "private-environment": {
2002 "locked": { 2002 "locked": {
2003 "lastModified": 1, 2003 "lastModified": 1,
2004 "narHash": "sha256-Kj3j/3B8V8IHbeSZ3ho33C7ktOcTle2h6dKEWWfVuvU=", 2004 "narHash": "sha256-xrpwkilnPpT6TklQVoLrID8tWUZAH4PJ5XqhRHXGbvo=",
2005 "path": "../../flakes/private/environment", 2005 "path": "../../flakes/private/environment",
2006 "type": "path" 2006 "type": "path"
2007 }, 2007 },
@@ -2020,7 +2020,7 @@
2020 }, 2020 },
2021 "locked": { 2021 "locked": {
2022 "lastModified": 1, 2022 "lastModified": 1,
2023 "narHash": "sha256-bWNhkERypwoog3lphO0xURJ4xt58CZEWKn7So7A5mtM=", 2023 "narHash": "sha256-Aqubcd5AOuP6XUdvjeCXIP6Yksn8uBXbS62kWXBop1w=",
2024 "path": "../../flakes/private/milters", 2024 "path": "../../flakes/private/milters",
2025 "type": "path" 2025 "type": "path"
2026 }, 2026 },
@@ -2038,7 +2038,7 @@
2038 }, 2038 },
2039 "locked": { 2039 "locked": {
2040 "lastModified": 1, 2040 "lastModified": 1,
2041 "narHash": "sha256-VZjf9fXcyeS3LpVW6NvzJpiJuEtJsGlOOfH8XwL8CdI=", 2041 "narHash": "sha256-F7GennKqLc6Cx3DuU6qSPUHmjvpfrrfOshor41vaCz4=",
2042 "path": "../../flakes/private/monitoring", 2042 "path": "../../flakes/private/monitoring",
2043 "type": "path" 2043 "type": "path"
2044 }, 2044 },
@@ -2073,7 +2073,7 @@
2073 }, 2073 },
2074 "locked": { 2074 "locked": {
2075 "lastModified": 1, 2075 "lastModified": 1,
2076 "narHash": "sha256-fntajNe0urhuR0NbTOQZLTMhtHnd7p6PVuuEf0oAoFg=", 2076 "narHash": "sha256-LDicilQIpNXKg/UD6uyf66h/iL/rhDOkkVjTMdKRzX4=",
2077 "path": "../../flakes/private/opendmarc", 2077 "path": "../../flakes/private/opendmarc",
2078 "type": "path" 2078 "type": "path"
2079 }, 2079 },
@@ -2134,7 +2134,7 @@
2134 }, 2134 },
2135 "locked": { 2135 "locked": {
2136 "lastModified": 1, 2136 "lastModified": 1,
2137 "narHash": "sha256-uqftr7R3cVYwWuu8Xl6VbPVL2pqapv1bfmMJpq3LnZ4=", 2137 "narHash": "sha256-mhoBv1NxQoAMlfFGkgGC28cjMTgUxgb2oqNS+k6kWH4=",
2138 "path": "../../flakes/private/ssh", 2138 "path": "../../flakes/private/ssh",
2139 "type": "path" 2139 "type": "path"
2140 }, 2140 },
@@ -2153,7 +2153,7 @@
2153 }, 2153 },
2154 "locked": { 2154 "locked": {
2155 "lastModified": 1, 2155 "lastModified": 1,
2156 "narHash": "sha256-xH6yyfvDLevdZrnKsGXhkZmNMZkOPJOqXnpubkfnoOE=", 2156 "narHash": "sha256-5cM87LAHjrWoZRc2QbM6Xu9klzMNBpREjz6sWqp+hFA=",
2157 "path": "../../flakes/private/system", 2157 "path": "../../flakes/private/system",
2158 "type": "path" 2158 "type": "path"
2159 }, 2159 },
@@ -2206,7 +2206,7 @@
2206 }, 2206 },
2207 "locked": { 2207 "locked": {
2208 "lastModified": 1, 2208 "lastModified": 1,
2209 "narHash": "sha256-TeZKpuqFi0PEnhays+oL+hrNlO/O+IV/4B+Vtim4DKY=", 2209 "narHash": "sha256-2fWHwmMMILe0enrbMMgFoVH+3PysvSx1Oair4W2hgIw=",
2210 "path": "../../flakes/etherpad-lite", 2210 "path": "../../flakes/etherpad-lite",
2211 "type": "path" 2211 "type": "path"
2212 }, 2212 },
@@ -2248,7 +2248,7 @@
2248 }, 2248 },
2249 "locked": { 2249 "locked": {
2250 "lastModified": 1, 2250 "lastModified": 1,
2251 "narHash": "sha256-kbhkTVO086HibTB2ke3Qc458FwLUp2CqU8XUjuaAIug=", 2251 "narHash": "sha256-emS5jDCcLaK3/Hqk/2p6jQDxZfO1hPicMTblyVBD7EI=",
2252 "path": "../../flakes/grocy", 2252 "path": "../../flakes/grocy",
2253 "type": "path" 2253 "type": "path"
2254 }, 2254 },
@@ -2329,7 +2329,7 @@
2329 }, 2329 },
2330 "locked": { 2330 "locked": {
2331 "lastModified": 1, 2331 "lastModified": 1,
2332 "narHash": "sha256-PPOh6hf0hakuHCBOgJok208Qc3xKpuwwxhHV2QQRbmA=", 2332 "narHash": "sha256-yHJid6Rpxa5pfKI81FfI0VZir9seZMHtLzjdvmt0FVw=",
2333 "path": "../../flakes/mypackages", 2333 "path": "../../flakes/mypackages",
2334 "type": "path" 2334 "type": "path"
2335 }, 2335 },
@@ -2440,7 +2440,7 @@
2440 }, 2440 },
2441 "locked": { 2441 "locked": {
2442 "lastModified": 1, 2442 "lastModified": 1,
2443 "narHash": "sha256-+z5CIx4Gin8Ygu3qQbd5QMPuChzPkhtSv+kUm6dUW/s=", 2443 "narHash": "sha256-cR14yn0IbWNe98PAlV+MHO6ClQqeT5HztMeLawldtWs=",
2444 "path": "../../flakes/surfer", 2444 "path": "../../flakes/surfer",
2445 "type": "path" 2445 "type": "path"
2446 }, 2446 },
diff --git a/systems/eldiron/websites/cloud/default.nix b/systems/eldiron/websites/cloud/default.nix
index c859f32..3f41efe 100644
--- a/systems/eldiron/websites/cloud/default.nix
+++ b/systems/eldiron/websites/cloud/default.nix
@@ -61,7 +61,7 @@ in {
61 }; 61 };
62 62
63 myServices.tools.cloud.farm.instances.immae = { 63 myServices.tools.cloud.farm.instances.immae = {
64 nextcloud = pkgs.webapps-nextcloud_27.override ({ 64 nextcloud = pkgs.webapps-nextcloud_27_2.override ({
65 # Allow /index.php redirects 65 # Allow /index.php redirects
66 postInstall = '' 66 postInstall = ''
67 cd $out 67 cd $out
diff --git a/systems/eldiron/websites/git/mantisbt.nix b/systems/eldiron/websites/git/mantisbt.nix
index b0ee553..824e2e1 100644
--- a/systems/eldiron/websites/git/mantisbt.nix
+++ b/systems/eldiron/websites/git/mantisbt.nix
@@ -1,4 +1,38 @@
1{ env, mantisbt_2, mantisbt_2-plugins, config }: 1{ env, mantisbt_2, mantisbt_2-plugins, config, writeText }:
2let
3 mantis_config = {
4 config_inc = config.secrets.fullPaths."webapps/tools-mantisbt";
5 custom_constants_inc = writeText "custom_constants_inc.php" ''
6 <?php
7 define('TESTING', 60);
8 ?>
9 '';
10 custom_strings_inc = writeText "custom_strings_inc.php" ''
11 <?php
12 switch( $g_active_language ) {
13 case 'french':
14 $s_status_enum_string = '10:nouveau,20:retour d’informations,30:reçu,40:confirmé,50:affecté,60:à tester,80:traité,90:fermé';
15 $s_acknowledged_bug_title = 'Recevoir l’anomalie';
16 $s_acknowledged_bug_button = 'Recevoir l’anomalie';
17 $s_email_notification_title_for_status_bug_acknowledged = 'L’anomalie suivante a été REÇUE.';
18
19 $s_testing_bug_title = "Mettre l’anomalie en test";
20 $s_testing_bug_button = 'À tester';
21 $s_email_notification_title_for_status_bug_testing = "L’anomalie suivante est prête à être TESTÉE.";
22 break;
23 default: # english
24 $s_status_enum_string = '10:new,20:feedback,30:acknowledged,40:confirmed,50:assigned,60:testing,80:resolved,90:closed';
25
26 $s_testing_bug_title = 'Mark issue Ready for Testing';
27 $s_testing_bug_button = 'Ready for Testing';
28
29 $s_email_notification_title_for_status_bug_testing = 'The following issue is ready for TESTING.';
30 break;
31 }
32 ?>
33 '';
34 };
35in
2rec { 36rec {
3 keys."webapps/tools-mantisbt" = { 37 keys."webapps/tools-mantisbt" = {
4 user = apache.user; 38 user = apache.user;
@@ -20,7 +54,8 @@ rec {
20 $g_allow_anonymous_login = ON; 54 $g_allow_anonymous_login = ON;
21 $g_anonymous_account = 'anonymous'; 55 $g_anonymous_account = 'anonymous';
22 56
23 $g_phpMailer_method = PHPMAILER_METHOD_SENDMAIL; 57 $g_log_level = LOG_EMAIL_VERBOSE;
58 $g_phpMailer_method = PHPMAILER_METHOD_MAIL;
24 $g_smtp_host = 'localhost'; 59 $g_smtp_host = 'localhost';
25 $g_smtp_username = '''; 60 $g_smtp_username = ''';
26 $g_smtp_password = '''; 61 $g_smtp_password = ''';
@@ -42,10 +77,12 @@ rec {
42 $g_ldap_uid_field = 'uid'; 77 $g_ldap_uid_field = 'uid';
43 $g_ldap_realname_field = 'cn'; 78 $g_ldap_realname_field = 'cn';
44 $g_ldap_organization = '${env.ldap.filter}'; 79 $g_ldap_organization = '${env.ldap.filter}';
80
81 $g_status_enum_string = '10:new,20:feedback,30:acknowledged,40:confirmed,50:assigned,60:testing,80:resolved,90:closed';
82 $g_status_colors['testing'] = '#ace7ae';
45 ''; 83 '';
46 }; 84 };
47 webRoot = (mantisbt_2.override { mantis_config = 85 webRoot = (mantisbt_2.override { inherit mantis_config; }).withPlugins (p: [p.slack p.source-integration ]);
48 config.secrets.fullPaths."webapps/tools-mantisbt"; }).withPlugins (p: [p.slack p.source-integration ]);
49 apache = rec { 86 apache = rec {
50 user = "wwwrun"; 87 user = "wwwrun";
51 group = "wwwrun"; 88 group = "wwwrun";
@@ -72,9 +109,8 @@ rec {
72 }; 109 };
73 phpFpm = rec { 110 phpFpm = rec {
74 serviceDeps = [ "postgresql.service" "openldap.service" ]; 111 serviceDeps = [ "postgresql.service" "openldap.service" ];
75 basedir = builtins.concatStringsSep ":" ( 112 basedir = builtins.concatStringsSep ":" ([ webRoot ] ++
76 [ webRoot config.secrets.fullPaths."webapps/tools-mantisbt" ] 113 webRoot.plugins ++ builtins.attrValues mantis_config);
77 ++ webRoot.plugins);
78 pool = { 114 pool = {
79 "listen.owner" = apache.user; 115 "listen.owner" = apache.user;
80 "listen.group" = apache.group; 116 "listen.group" = apache.group;
@@ -84,7 +120,8 @@ rec {
84 120
85 "php_admin_value[upload_max_filesize]" = "5000000"; 121 "php_admin_value[upload_max_filesize]" = "5000000";
86 122
87 "php_admin_value[open_basedir]" = "${basedir}:/tmp"; 123 "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
124 "php_admin_value[open_basedir]" = "${basedir}:/tmp:/run/wrappers/bin/sendmail";
88 "php_admin_value[session.save_handler]" = "redis"; 125 "php_admin_value[session.save_handler]" = "redis";
89 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:MantisBT:'"; 126 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:MantisBT:'";
90 }; 127 };
diff --git a/systems/eldiron/websites/tools/landing/ldap_password.php b/systems/eldiron/websites/tools/landing/ldap_password.php
index efb4f57..b3b2f15 100644
--- a/systems/eldiron/websites/tools/landing/ldap_password.php
+++ b/systems/eldiron/websites/tools/landing/ldap_password.php
@@ -45,7 +45,7 @@ function changePasswordSQL($user_realm, $newPassword) {
45 } 45 }
46 } 46 }
47 $con = pg_connect(""); 47 $con = pg_connect("");
48 $result = pg_query_params($con, "WITH newsalt as (SELECT gen_random_bytes(4)) UPDATE ldap_users SET password = encode(digest( $1 || (SELECT * FROM newsalt), 'sha1'), 'hex'), mechanism = 'SSHA', salt = (SELECT * FROM newsalt) where login || '@' || realm = $2", array($newPassword, $user_realm)); 48 $result = pg_query_params($con, "WITH newsalt as (SELECT gen_random_bytes(4)) UPDATE ldap_users SET password = encode(digest( convert_to($1, 'UTF8') || (SELECT * FROM newsalt), 'sha1'), 'hex'), mechanism = 'SSHA', salt = (SELECT * FROM newsalt) where login || '@' || realm = $2", array($newPassword, $user_realm));
49 if (!$result) { 49 if (!$result) {
50 $message[] = "Error when accessing database"; 50 $message[] = "Error when accessing database";
51 return false; 51 return false;