maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore(3p/sources): Bump channels & overlays (OpenSSL edition)

Browse source 
* //ops/machines/whitby: Disable grafana, since the grafana module was
  changed upstream in a way that our configuration no longer works.
  Since the OpenSSL security update is relatively pressing, adapting the
  grafana configuration beforehand is not a hard requirement. See
  https://github.com/NixOS/nixpkgs/pull/191768.

* //tools/depotfmt: keep Go at version 1.18 to forgo a reformat of the
  tree.

* //nix/buildGo: keep Go at version 1.18, as 1.19 changed the CLI
  interface (?) in a way that breaks buildGo.

* //3p/overlays/tvl: drop upstreamed tdlib upgrade.

* //3p/overlays/tvl: patch buf to work around breakage due to git 2.38.1

TODO items for Go are tracked in b/215.

Change-Id: Ie08fef49cf3db12e6b5225a8b992a990ddc5b642
Reviewed-on: https://cl.tvl.fyi/c/depot/+/7141
Tested-by: BuildkiteCI
Autosubmit: sterni <sternenseemann@systemli.org>
Reviewed-by: grfn <grfn@gws.fyi>
Reviewed-by: tazjin <tazjin@tvl.su>
This commit is contained in:
sterni 2022-10-30 22:28:02 +01:00
parent 64afe59bbe
commit 57cf952ea9
6 changed files with 145 additions and 82 deletions
Download patch file Download diff file Expand all files Collapse all files

103
ops/machines/whitby/default.nix
View file

@ -41,7 +41,7 @@ in
(mod "www/nixery.dev.nix")
(mod "www/self-redirect.nix")
(mod "www/static.tvl.fyi.nix")
(mod "www/status.tvl.su.nix")
# (mod "www/status.tvl.su.nix")
(mod "www/tazj.in.nix")
(mod "www/todo.tvl.fyi.nix")
(mod "www/tvixbolt.tvl.su.nix")
@ -546,68 +546,69 @@ in
}];
};
# XXX: Adapt to https://github.com/NixOS/nixpkgs/pull/191768
services.grafana = {
enable = true;
enable = false;
port = 4723; # "graf" on phone keyboard
domain = "status.tvl.su";
rootUrl = "https://status.tvl.su";
analytics.reporting.enable = false;
extraOptions =
let
options = {
auth = {
generic_oauth = {
enabled = true;
client_id = "grafana";
scopes = "openid profile email";
name = "TVL";
email_attribute_path = "mail";
login_attribute_path = "sub";
name_attribute_path = "displayName";
auth_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/auth";
token_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/token";
api_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/userinfo";
# extraOptions =
# let
# options = {
# auth = {
# generic_oauth = {
# enabled = true;
# client_id = "grafana";
# scopes = "openid profile email";
# name = "TVL";
# email_attribute_path = "mail";
# login_attribute_path = "sub";
# name_attribute_path = "displayName";
# auth_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/auth";
# token_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/token";
# api_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/userinfo";
# Give lukegb, grfn, tazjin "Admin" rights.
role_attribute_path = "((sub == 'lukegb' || sub == 'grfn' || sub == 'tazjin') && 'Admin') || 'Editor'";
# # Give lukegb, grfn, tazjin "Admin" rights.
# role_attribute_path = "((sub == 'lukegb' || sub == 'grfn' || sub == 'tazjin') && 'Admin') || 'Editor'";
# Allow creating new Grafana accounts from OAuth accounts.
allow_sign_up = true;
};
# # Allow creating new Grafana accounts from OAuth accounts.
# allow_sign_up = true;
# };
anonymous = {
enabled = true;
org_name = "The Virus Lounge";
org_role = "Viewer";
};
# anonymous = {
# enabled = true;
# org_name = "The Virus Lounge";
# org_role = "Viewer";
# };
basic.enabled = false;
oauth_auto_login = true;
disable_login_form = true;
};
};
inherit (builtins) typeOf replaceStrings listToAttrs concatLists;
inherit (lib) toUpper mapAttrsToList nameValuePair concatStringsSep;
# basic.enabled = false;
# oauth_auto_login = true;
# disable_login_form = true;
# };
# };
# inherit (builtins) typeOf replaceStrings listToAttrs concatLists;
# inherit (lib) toUpper mapAttrsToList nameValuePair concatStringsSep;
# Take ["auth" "generic_oauth" "enabled"] and turn it into OPTIONS_GENERIC_OAUTH_ENABLED.
encodeName = raw: replaceStrings [ "." ] [ "_" ] (toUpper (concatStringsSep "_" raw));
# # Take ["auth" "generic_oauth" "enabled"] and turn it into OPTIONS_GENERIC_OAUTH_ENABLED.
# encodeName = raw: replaceStrings [ "." ] [ "_" ] (toUpper (concatStringsSep "_" raw));
# Turn an option value into a string, but we want bools to be sensible strings and not "1" or "".
optionToString = value:
if (typeOf value) == "bool" then
if value then "true" else "false"
else builtins.toString value;
# # Turn an option value into a string, but we want bools to be sensible strings and not "1" or "".
# optionToString = value:
# if (typeOf value) == "bool" then
# if value then "true" else "false"
# else builtins.toString value;
# Turn an nested options attrset into a flat listToAttrs-compatible list.
encodeOptions = prefix: inp: concatLists (mapAttrsToList
(name: value:
if (typeOf value) == "set"
then encodeOptions (prefix ++ [ name ]) value
else [ (nameValuePair (encodeName (prefix ++ [ name ])) (optionToString value)) ]
)
inp);
in
listToAttrs (encodeOptions [ ] options);
# # Turn an nested options attrset into a flat listToAttrs-compatible list.
# encodeOptions = prefix: inp: concatLists (mapAttrsToList
# (name: value:
# if (typeOf value) == "set"
# then encodeOptions (prefix ++ [ name ]) value
# else [ (nameValuePair (encodeName (prefix ++ [ name ])) (optionToString value)) ]
# )
# inp);
# in
# listToAttrs (encodeOptions [ ] options);
provision = {
enable = true;