From 57cf952ea98db70fcf50ec31e1c1057562b0a1df Mon Sep 17 00:00:00 2001 From: sterni Date: Sun, 30 Oct 2022 22:28:02 +0100 Subject: chore(3p/sources): Bump channels & overlays (OpenSSL edition) * //ops/machines/whitby: Disable grafana, since the grafana module was changed upstream in a way that our configuration no longer works. Since the OpenSSL security update is relatively pressing, adapting the grafana configuration beforehand is not a hard requirement. See https://github.com/NixOS/nixpkgs/pull/191768. * //tools/depotfmt: keep Go at version 1.18 to forgo a reformat of the tree. * //nix/buildGo: keep Go at version 1.18, as 1.19 changed the CLI interface (?) in a way that breaks buildGo. * //3p/overlays/tvl: drop upstreamed tdlib upgrade. * //3p/overlays/tvl: patch buf to work around breakage due to git 2.38.1 TODO items for Go are tracked in b/215. Change-Id: Ie08fef49cf3db12e6b5225a8b992a990ddc5b642 Reviewed-on: https://cl.tvl.fyi/c/depot/+/7141 Tested-by: BuildkiteCI Autosubmit: sterni Reviewed-by: grfn Reviewed-by: tazjin --- ops/machines/whitby/default.nix | 117 ++++++++++++++++++++-------------------- 1 file changed, 59 insertions(+), 58 deletions(-) (limited to 'ops') diff --git a/ops/machines/whitby/default.nix b/ops/machines/whitby/default.nix index 9566181459..2a4e4053da 100644 --- a/ops/machines/whitby/default.nix +++ b/ops/machines/whitby/default.nix @@ -41,7 +41,7 @@ in (mod "www/nixery.dev.nix") (mod "www/self-redirect.nix") (mod "www/static.tvl.fyi.nix") - (mod "www/status.tvl.su.nix") + # (mod "www/status.tvl.su.nix") (mod "www/tazj.in.nix") (mod "www/todo.tvl.fyi.nix") (mod "www/tvixbolt.tvl.su.nix") @@ -546,68 +546,69 @@ in }]; }; + # XXX: Adapt to https://github.com/NixOS/nixpkgs/pull/191768 services.grafana = { - enable = true; + enable = false; port = 4723; # "graf" on phone keyboard domain = "status.tvl.su"; rootUrl = "https://status.tvl.su"; analytics.reporting.enable = false; - extraOptions = - let - options = { - auth = { - generic_oauth = { - enabled = true; - client_id = "grafana"; - scopes = "openid profile email"; - name = "TVL"; - email_attribute_path = "mail"; - login_attribute_path = "sub"; - name_attribute_path = "displayName"; - auth_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/auth"; - token_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/token"; - api_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/userinfo"; - - # Give lukegb, grfn, tazjin "Admin" rights. - role_attribute_path = "((sub == 'lukegb' || sub == 'grfn' || sub == 'tazjin') && 'Admin') || 'Editor'"; - - # Allow creating new Grafana accounts from OAuth accounts. - allow_sign_up = true; - }; - - anonymous = { - enabled = true; - org_name = "The Virus Lounge"; - org_role = "Viewer"; - }; - - basic.enabled = false; - oauth_auto_login = true; - disable_login_form = true; - }; - }; - inherit (builtins) typeOf replaceStrings listToAttrs concatLists; - inherit (lib) toUpper mapAttrsToList nameValuePair concatStringsSep; - - # Take ["auth" "generic_oauth" "enabled"] and turn it into OPTIONS_GENERIC_OAUTH_ENABLED. - encodeName = raw: replaceStrings [ "." ] [ "_" ] (toUpper (concatStringsSep "_" raw)); - - # Turn an option value into a string, but we want bools to be sensible strings and not "1" or "". - optionToString = value: - if (typeOf value) == "bool" then - if value then "true" else "false" - else builtins.toString value; - - # Turn an nested options attrset into a flat listToAttrs-compatible list. - encodeOptions = prefix: inp: concatLists (mapAttrsToList - (name: value: - if (typeOf value) == "set" - then encodeOptions (prefix ++ [ name ]) value - else [ (nameValuePair (encodeName (prefix ++ [ name ])) (optionToString value)) ] - ) - inp); - in - listToAttrs (encodeOptions [ ] options); + # extraOptions = + # let + # options = { + # auth = { + # generic_oauth = { + # enabled = true; + # client_id = "grafana"; + # scopes = "openid profile email"; + # name = "TVL"; + # email_attribute_path = "mail"; + # login_attribute_path = "sub"; + # name_attribute_path = "displayName"; + # auth_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/auth"; + # token_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/token"; + # api_url = "https://auth.tvl.fyi/auth/realms/TVL/protocol/openid-connect/userinfo"; + + # # Give lukegb, grfn, tazjin "Admin" rights. + # role_attribute_path = "((sub == 'lukegb' || sub == 'grfn' || sub == 'tazjin') && 'Admin') || 'Editor'"; + + # # Allow creating new Grafana accounts from OAuth accounts. + # allow_sign_up = true; + # }; + + # anonymous = { + # enabled = true; + # org_name = "The Virus Lounge"; + # org_role = "Viewer"; + # }; + + # basic.enabled = false; + # oauth_auto_login = true; + # disable_login_form = true; + # }; + # }; + # inherit (builtins) typeOf replaceStrings listToAttrs concatLists; + # inherit (lib) toUpper mapAttrsToList nameValuePair concatStringsSep; + + # # Take ["auth" "generic_oauth" "enabled"] and turn it into OPTIONS_GENERIC_OAUTH_ENABLED. + # encodeName = raw: replaceStrings [ "." ] [ "_" ] (toUpper (concatStringsSep "_" raw)); + + # # Turn an option value into a string, but we want bools to be sensible strings and not "1" or "". + # optionToString = value: + # if (typeOf value) == "bool" then + # if value then "true" else "false" + # else builtins.toString value; + + # # Turn an nested options attrset into a flat listToAttrs-compatible list. + # encodeOptions = prefix: inp: concatLists (mapAttrsToList + # (name: value: + # if (typeOf value) == "set" + # then encodeOptions (prefix ++ [ name ]) value + # else [ (nameValuePair (encodeName (prefix ++ [ name ])) (optionToString value)) ] + # ) + # inp); + # in + # listToAttrs (encodeOptions [ ] options); provision = { enable = true; -- cgit 1.4.1