about summary refs log tree commit diff
path: root/nix/hosts
diff options
context:
space:
mode:
authorEmile <git@emile.space>2024-08-02 23:50:58 +0200
committerEmile <git@emile.space>2024-08-02 23:50:58 +0200
commitb146868f577161f80875ccc9cf5affe12230b9db (patch)
tree1f5605dc418102636cbcb333205c608a7600a073 /nix/hosts
parent84c5cbd22a2475ab21afb2e4a8b97a6645352ab9 (diff)
git
Diffstat (limited to 'nix/hosts')
-rw-r--r--nix/hosts/corrino/www/git/cgit.nix574
-rw-r--r--nix/hosts/corrino/www/git/default.nix7
-rw-r--r--nix/hosts/corrino/www/git/git.nix102
3 files changed, 683 insertions, 0 deletions
diff --git a/nix/hosts/corrino/www/git/cgit.nix b/nix/hosts/corrino/www/git/cgit.nix
new file mode 100644
index 0000000..e6983e5
--- /dev/null
+++ b/nix/hosts/corrino/www/git/cgit.nix
@@ -0,0 +1,574 @@
+{ config, lib, pkgs, ... }:
+
+{
+  environment.systemPackages = with pkgs; [
+	  md4c # used to get md2html for rendering the READMEs
+	];
+
+  services = {
+	  nginx.virtualHosts."git.emile.space" = {
+	    forceSSL = true;
+	    enableACME = true;
+	  };
+
+		cgit.main = {
+			enable = true;
+	 		package = pkgs.cgit-pink;
+			nginx.virtualHost = "git.emile.space";
+			nginx.location = "/";
+			repos = {
+
+        # ops
+				hefe = {
+					desc = "Yet another monorepo (the big nix config)";	
+					path = "/var/lib/git/repositories/hefe.git";
+					section = "Infra";
+					owner = "emile";
+				};
+				vokobe = {
+					desc = "A custom static site generator written in rust";	
+					path = "/var/lib/git/repositories/vokobe.git";
+					section = "Infra";
+					owner = "emile";
+				};
+				massscan-docker = {
+					desc = "A Dockerfile for massscan";	
+					path = "/var/lib/git/repositories/massscan-docker.git";
+					section = "Infra";
+					owner = "emile";
+				};
+				metrics-bundler = {
+					desc = "A super basic metrics bundler";	
+					path = "/var/lib/git/repositories/metrics-bundler.git";
+					section = "Infra";
+					owner = "emile";
+				};
+
+				# matrix
+				matrix-sdk = {
+					desc = "A simpler matrix sdk";	
+					path = "/var/lib/git/repositories/matrix-sdk.git";
+					section = "Matrix";
+					owner = "emile";
+				};
+				matrix-weather-bot = {
+					desc = "A basic weather bot using matrix-sdk";	
+					path = "/var/lib/git/repositories/matrix-weather-bot.git";
+					section = "Matrix";
+					owner = "emile";
+				};
+				
+
+        # radare2
+				radare2-GoReSym = {
+					desc = "A script to load goresym symbols into radare2";	
+					path = "/var/lib/git/repositories/radare2-GoReSym.git";
+					section = "Radare2";
+					owner = "emile";
+				};
+				r2wars = {
+					desc = "A golang implementation of radare2";	
+					path = "/var/lib/git/repositories/r2wars.git";
+					section = "Radare2";
+					owner = "emile";
+				};
+				r2wars-rs = {
+					desc = "A rust implementation of radare2";	
+					path = "/var/lib/git/repositories/r2wars-rs.git";
+					section = "Radare2";
+					owner = "emile";
+				};
+
+				# ctf
+				ctf_clusters = {
+					desc = "visualizing CTF clusters at DEFCON CTF Finals 2022";
+					path = "/var/lib/git/repositories/ctf_clusters.git";
+					section = "CTF";
+					owner = "emile";
+				};
+				lambda = {
+					desc = "hacktm ctf 2023 / misc / know your lambda calculus";
+					path = "/var/lib/git/repositories/lambda.git";
+					section = "CTF";
+					owner = "emile";
+				};
+				ctfdget = {
+					desc = "Simply fetch all challenges from a CTF from CTFd.";
+					path = "/var/lib/git/repositories/ctfdget.git";
+					section = "CTF";
+					owner = "emile";
+				};
+
+        # keyboard
+				zmk-config = {
+					desc = "ferris sweep zmk config";
+					path = "/var/lib/git/repositories/zmk-config.git";
+					section = "Keyboard";
+					owner = "emile";
+				};
+
+				# chaosdorf
+				map = {
+					desc = "A map of the chaosdorf hackspace";
+					path = "/var/lib/git/repositories/map.git";
+					section = "Chaosdorf";
+					owner = "emile";
+				};
+				freitagsfoo = {
+					desc = "A service to submit talks for freitagsfoo";
+					path = "/var/lib/git/repositories/freitagsfoo.git";
+					section = "Chaosdorf";
+					owner = "emile";
+				};
+				inventory = {
+					desc = "A common-lisp mapping and inventory system";
+					path = "/var/lib/git/repositories/inventory.git";
+					section = "Chaosdorf";
+					owner = "emile";
+				};
+
+				# jugend forscht
+				SatelliteComputation = {
+					desc = "Estimating possible Satellite collisions";
+					path = "/var/lib/git/repositories/SatelliteComputation.git";
+					section = "Jugend Forscht 2017";
+					owner = "emile";
+				};
+				GalaxyGeneration = {
+					desc = "Generating Galaxies";
+					path = "/var/lib/git/repositories/GalaxyGeneration.git";
+					section = "Jugend Forscht 2018";
+					owner = "emile";
+				};
+				
+				brute-force = {
+					desc = "A simple benchmark showing how slow this can be";
+					path = "/var/lib/git/repositories/galaxy-sim-brute-force.git";
+					section = "Jugend Forscht 2019";
+					owner = "emile";
+				};
+				generatePointcloud = {
+					desc = "Generate pointclouds using the NFW profile";
+					path = "/var/lib/git/repositories/generatePointcloud.git";
+					section = "Jugend Forscht 2019";
+					owner = "emile";
+				};
+				quadtree = {
+					desc = "Simple quadtree implementation";
+					path = "/var/lib/git/repositories/quadtree.git";
+					section = "Jugend Forscht 2019";
+					owner = "emile";
+				};
+				viewer = {
+					desc = "A viewer for galaxies stored in trees";
+					path = "/var/lib/git/repositories/viewer.git";
+					section = "Jugend Forscht 2019";
+					owner = "emile";
+				};
+				structs = {
+					desc = "All of the structures used in the GalaxySimulator";
+					path = "/var/lib/git/repositories/structs.git";
+					section = "Jugend Forscht 2019";
+					owner = "emile";
+				};
+				simulator-container-rewrite = {
+					desc = "Clean rewrite of the simulator-container";
+					path = "/var/lib/git/repositories/simulator-container-rewrite.git";
+					section = "Jugend Forscht 2019";
+					owner = "emile";
+				};
+				simulator-container = {
+					desc = "Simulating the new position of a galaxye";
+					path = "/var/lib/git/repositories/simulator-container.git";
+					section = "Jugend Forscht 2019";
+					owner = "emile";
+				};
+				pres = {
+					desc = "Presentation material";
+					path = "/var/lib/git/repositories/pres.git";
+					section = "Jugend Forscht 2019";
+					owner = "emile";
+				};
+				manager-container = {
+					desc = "The overall manager";
+					path = "/var/lib/git/repositories/manager-container.git";
+					section = "Jugend Forscht 2019";
+					owner = "emile";
+				};
+				generator-container = {
+					desc = "Generates point clouds using the NFW profile";					
+					path = "/var/lib/git/repositories/generator-container.git";
+					section = "Jugend Forscht 2019";
+					owner = "emile";
+				};
+				frontpage = {
+					desc = "Web page showing people what the project is about";					
+					path = "/var/lib/git/repositories/frontpage.git";
+					section = "Jugend Forscht 2019";
+					owner = "emile";
+				};
+				distributor = {
+					desc = "Distributing tasks";					
+					path = "/var/lib/git/repositories/distributor-container.git";
+					section = "Jugend Forscht 2019";
+					owner = "emile";
+				};
+				db-controller = {
+					desc = "Interaction with the Database";					
+					path = "/var/lib/git/repositories/db-controller.git";
+					section = "Jugend Forscht 2019";
+					owner = "emile";
+				};
+				db-container = {
+					desc = "The main database";					
+					path = "/var/lib/git/repositories/db-container.git";
+					section = "Jugend Forscht 2019";
+					owner = "emile";
+				};
+				db-actions = {
+					desc = "Actions to be performed on the batabase";					
+					path = "/var/lib/git/repositories/db-actions.git";
+					section = "Jugend Forscht 2019";
+					owner = "emile";
+				};
+				Writeup = {
+					desc = "Writeups using LaTeX";					
+					path = "/var/lib/git/repositories/Writeup.git";
+					section = "Jugend Forscht 2019";
+					owner = "emile";
+				};
+				Source = {
+					desc = "Code from the beginning";					
+					path = "/var/lib/git/repositories/Source.git";
+					section = "Jugend Forscht 2019";
+					owner = "emile";
+				};
+				NFW-container = {
+					desc = "A container purely for generating galaxies";					
+					path = "/var/lib/git/repositories/NFW-container.git";
+					section = "Jugend Forscht 2019";
+					owner = "emile";
+				};
+
+				# games
+				"0h-gamejam-game" = {
+					desc = "Created a game in 0 hours";
+					path = "/var/lib/git/repositories/0hour-gamejam-game.git";
+					section = "Games";
+					owner = "emile";
+				};
+
+				# 3D
+				"3D" = {
+					desc = "3D models";
+					path = "/var/lib/git/repositories/3D.git";
+					section = "3D";
+					owner = "emile";
+				};
+
+				# http
+				faila = {
+					desc = "The caddy fileserver look, but int pure golang";
+					path = "/var/lib/git/repositories/faila.git";
+					section = "HTTP";
+					owner = "emile";
+				};
+				faila2 = {
+					desc = "faila, but simpler";
+					path = "/var/lib/git/repositories/faila2.git";
+					section = "HTTP";
+					owner = "emile";
+				};
+				gofuzz = {
+					desc = "wfuzz, but in go. Didn't know ffuf at the time";
+					path = "/var/lib/git/repositories/gofuzz.git";
+					section = "HTTP";
+					owner = "emile";
+				};
+				graphClicker = {
+					desc = "A metrics bundler, but with a simple web interface";
+					path = "/var/lib/git/repositories/graphClicker.git";
+					section = "HTTP";
+					owner = "emile";
+				};
+				randomHttp = {
+					desc = "A simple HTTP server returning random HTTP codes";
+					path = "/var/lib/git/repositories/randomHTTP.git";
+					section = "HTTP";
+					owner = "emile";
+				};
+				redir = {
+					desc = "A webserver with the soul purpose of redirecting.";
+					path = "/var/lib/git/repositories/redir.git";
+					section = "HTTP";
+					owner = "emile";
+				};
+				reqlog = {
+					desc = "A simple request logger";
+					path = "/var/lib/git/repositories/reqlog.git";
+					section = "HTTP";
+					owner = "emile";
+				};
+
+				# honeypot
+				ssh-catch-test = {
+					desc = "A simple honeypot emulating an ssh server.";
+					path = "/var/lib/git/repositories/ssh-catch-test.git";
+					section = "Honeypot";
+					owner = "emile";
+				};
+				honeypot-monitoring = {
+					desc = "Grafana + Prometheus monitoring";	
+					path = "/var/lib/git/repositories/honeypot-monitoring.git";
+					section = "Honeypot";
+					owner = "emile";
+				};
+				ftp-grab-password = {
+					desc = "Grab ftp creds (made by twink0r)";	
+					path = "/var/lib/git/repositories/ftp-grab-password.git";
+					section = "Honeypot";
+					owner = "emile";
+				};
+				log-analyzer = {
+					desc = "Analyse the logs";	
+					path = "/var/lib/git/repositories/honeypot-log-analyzer.git";
+					section = "Honeypot";
+					owner = "emile";
+				};
+				http-grab-basicauth = {
+					desc = "Grab basicauth creds (made by maride)";	
+					path = "/var/lib/git/repositories/http-grab-basicauth.git";
+					section = "Honeypot";
+					owner = "emile";
+				};
+				http-grab-url = {
+					desc = "Grab urls (made by twink0r)";	
+					path = "/var/lib/git/repositories/http-grab-url.git";
+					section = "Honeypot";
+					owner = "emile";
+				};
+				ssh-grab-keypass = {
+					desc = "Grab keys from ssh logins (made by maride)";	
+					path = "/var/lib/git/repositories/ssh-grab-keypass.git";
+					section = "Honeypot";
+					owner = "emile";
+				};
+				ssh-grab-passwords = {
+					desc = "Grab passwords from ssh logins (made by maride)";	
+					path = "/var/lib/git/repositories/ssh-grab-passwords.git";
+					section = "Honeypot";
+					owner = "emile";
+				};
+				ssh-grab-passwords-map = {
+					desc = "A nice visual map of the login attempts";	
+					path = "/var/lib/git/repositories/ssh-grab-passwords-map.git";
+					section = "Honeypot";
+					owner = "emile";
+				};
+
+        # fuzzing
+				stdin-to-tcp = {
+					desc = "Bending stdin to tcp";
+					path = "/var/lib/git/repositories/stdin-to-tcp.git";
+					section = "Fuzzing";
+					owner = "emile";
+				};
+
+				# firmware
+				firmware = {
+					desc = "Gathering firmware via nix";
+					path = "/var/lib/git/repositories/firmware.git";
+					section = "Firmware";
+					owner = "emile";
+				};
+
+				# crypto
+				Substitution-Cracker = {
+					desc = "Some code for cracking substitution ciphers";
+					path = "/var/lib/git/repositories/Substitution-Cracker.git";
+					section = "Crypto";
+					owner = "emile";
+				};
+
+				# fun
+				giff = {
+					desc = "A party service: give it gifs and it'll play them";
+					path = "/var/lib/git/repositories/giff.git";
+					section = "Fun";
+					owner = "emile";
+				};
+				pixeltsunami = {
+					desc = "The obligatory pixelflut client";
+					path = "/var/lib/git/repositories/pixeltsunami.git";
+					section = "Fun";
+					owner = "emile";
+				};
+
+				# circus
+				companion = {
+					desc = "The companion spawned for one user.";
+					path = "/var/lib/git/repositories/companion.git";
+					section = "Circus";
+					owner = "emile";
+				};
+				compose = {
+					desc = "The docker-compose foo";
+					path = "/var/lib/git/repositories/compose.git";
+					section = "Circus";
+					owner = "emile";
+				};
+				container-manager = {
+					desc = "The meta container managemer";
+					path = "/var/lib/git/repositories/container-manager.git";
+					section = "Circus";
+					owner = "emile";
+				};
+				landingpage = {
+					desc = "The landing page";
+					path = "/var/lib/git/repositories/landingpage.git";
+					section = "Circus";
+					owner = "emile";
+				};
+				manager = {
+					desc = "The manager";
+					path = "/var/lib/git/repositories/manager.git";
+					section = "Circus";
+					owner = "emile";
+				};
+				register = {
+					desc = "The registration";
+					path = "/var/lib/git/repositories/register.git";
+					section = "Circus";
+					owner = "emile";
+				};
+				scoreboard = {
+					desc = "The scoreboard";
+					path = "/var/lib/git/repositories/scoreboard.git";
+					section = "Circus";
+					owner = "emile";
+				};
+				static = {
+					desc = "Some static files";
+					path = "/var/lib/git/repositories/static.git";
+					section = "Circus";
+					owner = "emile";
+				};
+				vpn = {
+					desc = "The VPN stuff";
+					path = "/var/lib/git/repositories/vpn.git";
+					section = "Circus";
+					owner = "emile";
+				};
+
+				# articles
+				barnes-hut = {
+					desc = "A one pager compressing the JuFo19 project";
+					path = "/var/lib/git/repositories/paged-out-barnes-hut.git";
+					section = "Articles";
+					owner = "emile";
+				};
+
+				# satellite
+				tle = {
+					desc = "golang tle lib";
+					path = "/var/lib/git/repositories/tle.git";
+					section = "Satellite";
+					owner = "emile";
+				};
+				tle2json = {
+					desc = "golang tle to json";
+					path = "/var/lib/git/repositories/tle2json.git";
+					section = "Satellite";
+					owner = "emile";
+				};
+			};
+			settings = {
+				css = "https://emile.space/cgit.css";
+				root-title = "git.emile.space";
+				root-desc = "";
+
+				enable-index-owner = 0; # why show this? I own 'em all!
+		    enable-commit-graph = 1;
+				max-repo-count = 5000; # like: why not?
+
+			  readme = ":README.md";
+				about-filter = "${pkgs.cgit-pink}/lib/cgit/filters/about-formatting.sh";
+				source-filter = "${pkgs.cgit-pink}/lib/cgit/filters/syntax-highlighting.py";
+
+				summary-log = 50;
+
+        # mobile friendly
+				head-include = builtins.toFile "cgit_head.html" ''
+				  <meta name="viewport" content="width=device-width initial-scale=1.0"/>
+				'';
+
+				footer = builtins.toFile "cgit_footer.html" ''
+				  <div class="footer">
+						<div class="float-left">
+							generated by <a href='https://git.causal.agency/cgit-pink/'>cgit-pink ${pkgs.cgit-pink.version}</a>
+						</div>
+						<div class="float-right">
+							<a href="https://social.emile.space/@hanemile/feed.rss" target="_blank" rel="noopener" class="icon"><img class="webring" src="https://emile.space/rss.svg" alt="rss feed of @hanemile@chaos.social mastodon" height="32px"></a>
+							<a href="https://lieu.cblgh.org/" target="_blank" rel="noopener" class="icon"><img class="webring" src="https://emile.space/lieu.svg" alt="lieu webring search engine" height="32px"></a>
+							<a href="https://webring.xxiivv.com/#emile" target="_blank" rel="noopener" class="icon"><img class="webring" src="https://emile.space/webring.svg" alt="XXIIVV webring" height="32px"></a>
+							<a rel="me" href="https://social.emile.space/@hanemile" target="_blank" class="icon"><img class="webring" src="https://emile.space/activitypub.svg" alt="activitypub" height="32px"/></a>
+					</div>
+				'';
+
+			};
+		};
+
+		# access control
+		gitolite = {
+		  enable = true;
+
+			dataDir = "/var/lib/git";
+
+			user = "git";
+			group = "git";
+
+			description = "emile";
+
+	    adminPubkey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPZi43zHEsoWaQomLGaftPE5k0RqVrZyiTtGqZlpWsew emile@caladan";
+	    extraGitoliteRc = ''
+		    $RC{UMASK} = 0027;
+		    $RC{GIT_CONFIG_KEYS} = '.*';
+		  '';
+		};
+
+		# exposing stuff
+		gitDaemon = {
+			enable = false;
+
+			user = "git";
+			group = "git";
+
+			repositories = []; # use all repos under basePath
+			exportAll = true;
+			basePath = "/var/lib/git/repositories";
+
+			listenAddress = "git.emile.space";
+			port = config.emile.ports.gitDaemon;
+
+			options = "--timeout=30"; # extra Config
+		};
+	};
+
+  users.extraUsers.nginx.extraGroups = [ "git" ];
+
+	# Have to use lib.mkForce below, as the gitolite and gitDaemon user both
+	# configure the git user and group (differently)
+
+  users.users.git = {
+    isSystemUser = true;
+    useDefaultShell = true;
+		description = lib.mkForce "cgit-pink, gitolite and gitDaemon";
+    group = "git";
+    extraGroups = [ "gitea" ];
+    home = "/var/lib/git";
+    uid = lib.mkForce 127;
+  };
+  users.groups.git = {
+		gid = lib.mkForce 127;
+	};
+}
diff --git a/nix/hosts/corrino/www/git/default.nix b/nix/hosts/corrino/www/git/default.nix
new file mode 100644
index 0000000..9c76441
--- /dev/null
+++ b/nix/hosts/corrino/www/git/default.nix
@@ -0,0 +1,7 @@
+{ ... }:
+
+{
+	imports = [
+		./cgit.nix
+	];
+}
diff --git a/nix/hosts/corrino/www/git/git.nix b/nix/hosts/corrino/www/git/git.nix
new file mode 100644
index 0000000..d815f9c
--- /dev/null
+++ b/nix/hosts/corrino/www/git/git.nix
@@ -0,0 +1,102 @@
+{ lib, pkgs, config, ... }:
+
+let
+  cfg = config.services.gitea;
+in {
+  services.nginx.virtualHosts."git.emile.space" = {
+    forceSSL = true;
+    enableACME = true;
+
+    # TODO(emile): figure out why this doesn't work when enabled, has to do with authelia
+    # extraConfig = authelia-location;
+
+    locations = {
+      "/" = {
+        # proxyPass = "http://127.0.0.1:3000";
+        proxyPass = "http://127.0.0.1:${toString config.services.gitea.settings.server.HTTP_PORT}";
+
+        # TODO(emile): figure out why this doesn't work when enabled, has to do with authelia
+        # extraConfig = authelia-authrequest;
+      };
+    };
+  };
+
+	# auth via authelia
+	services.authelia.instances.main.settings.identity_providers.oidc.clients = [
+  	{
+  		id = "git";
+
+  		# ; nix run nixpkgs#authelia -- crypto hash generate pbkdf2 --variant sha512 --random --random.length 72 --random.charset rfc3986
+  		secret = "$pbkdf2-sha512$310000$4bi9wRkfcqnjbdmgt7rU.g$pQ2mC6GW4.BQwanGKKFhFyIx6Y.WY80xd/YpmlYOPnlnGBWpp0dSOTv6a/2yqSA5D.EuRkGCyeexSE5FdCK2TA";
+  		public = false;
+  		authorization_policy = "two_factor";
+  		redirect_uris = [
+  			"https://git.emile.space/user/oauth2/authelia/callback"
+  		];
+  		scopes = [
+  			"openid"
+  			"email"
+  			"profile"
+  		];
+  	}
+  ];
+
+  services.gitea = rec {
+    enable = true;
+
+    appName = "git.emile.space";
+
+    # unstable in order to use the 1.20... version
+    #package = pkgs.forgejo;
+    package = pkgs.unstable.forgejo;
+
+    stateDir = "/var/lib/gitea";
+    repositoryRoot = "${stateDir}/repositories";
+
+    settings = {
+      service.DISABLE_REGISTRATION = true;
+
+      DEFAULT = {
+        WORK_PATH = "/var/lib/gitea";
+      };
+
+      server = {
+        DOMAIN = pkgs.lib.mkForce "git.emile.space";
+        ROOT_URL = pkgs.lib.mkForce "https://git.emile.space";
+        HTTP_PORT = config.emile.ports.git;
+
+        #START_SSH_SERVER = true;
+        BUILTIN_SSH_SERVER_USER = "git";
+        SSH_USER = "gitea";
+        SSH_DOMAIN = "git.emile.space";
+
+        REPO_INDEXER_ENABLED = true;
+      };
+
+      indexer = {
+        REPO_INDEXER_ENABLED = true;
+        ISSUE_INDEXER_PATH = "${stateDir}/indexers/issues.bleve";
+        REPO_INDEXER_PATH = "${stateDir}/indexers/repos.bleve";
+        MAX_FILE_SIZE = 1048576;
+        REPO_INDEXER_INCLUDE = "";
+        REPO_INDEXER_EXCLUDE = "resources/bin/**";
+      };
+
+      #federation = {
+      #  enable = true;
+      #  share_user_statistics = true;
+      #  max_size = 4;
+      #};
+    };
+  };
+
+  users.users.git = {
+    isSystemUser = true;
+    useDefaultShell = true;
+    group = "git";
+    extraGroups = [ "gitea" ];
+    home = cfg.stateDir;
+    uid = 127;
+  };
+  users.groups.git = { };
+}