diff options
| -rw-r--r-- | docs/REVIEWS.md | 4 | ||||
| -rw-r--r-- | ops/nixos/tvl-slapd/default.nix | 132 | ||||
| -rw-r--r-- | ops/users/default.nix | 132 | ||||
| -rw-r--r-- | web/todolist/default.nix | 11 |
4 files changed, 138 insertions, 141 deletions
diff --git a/docs/REVIEWS.md b/docs/REVIEWS.md index fd7f088d40..f89ca5e118 100644 --- a/docs/REVIEWS.md +++ b/docs/REVIEWS.md @@ -113,7 +113,7 @@ instructions: 1. Be a member of `##tvl-dev` or `##tvl`. 2. Clone the depot locally (via `git clone "https://cl.tvl.fyi/depot"`). -3. Create a user entry in our LDAP server in [tvl-slapd/default.nix][tvl-slapd]. +3. Create a user entry in our LDAP server in [ops/users][ops-users]. We recommend using ARGON2 password hashes, which can be created with the `slappasswd` tool if OpenLDAP was compiled with ARGON2 @@ -149,5 +149,5 @@ The email address is a [public group][]. [Gerrit walkthrough]: https://gerrit-review.googlesource.com/Documentation/intro-gerrit-walkthrough.html [OWNERS]: https://cl.tvl.fyi/plugins/owners/Documentation/config.md [guidelines]: ./CONTRIBUTING.md#commit-messages -[tvl-slapd]: ../ops/nixos/tvl-slapd/default.nix +[ops-users]: ../ops/users/default.nix [public group]: https://groups.google.com/a/tazj.in/forum/?hl=en#!forum/depot diff --git a/ops/nixos/tvl-slapd/default.nix b/ops/nixos/tvl-slapd/default.nix index b0234f30b2..d32bc96b83 100644 --- a/ops/nixos/tvl-slapd/default.nix +++ b/ops/nixos/tvl-slapd/default.nix @@ -24,136 +24,8 @@ let userPassword: ${u.password} ''); - users = [ - { - username = "andi"; - email = "andi@notmuch.email"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$8lefg7+8UPAEh9Ott8zH0A$7YuLRraTC1IgxTNTxFJF03AWmqBS3GX2+vfD4XVTrb0"; - } - { - username = "artemist"; - email = "me@artem.ist"; - password = "{SSHA}N6Tl/txGQwlmVa7xVJCXpGcD1U4bJaI+"; - } - { - username = "camsbury"; - email = "camsbury7@gmail.com"; - password = "{SSHA}r6/I/zefrAb1jWTdhuqWik0CXT8E+/E5"; - } - { - username = "cynthia"; - email = "cynthia@tvl.fyi"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=4,p=1$TxjbMGenhEmkyYLrg5uGhbr60THB86YeRZg5bPdiTJo$k9gbRlAPjmxwdUwzbavvsAVkckgQZ0jS2oTtvZBPysk"; - } - { - username = "edef"; - email = "edef@edef.eu"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OORx4ERbkgvTmuYCJA8cIw$i5qaBzHkRVw7Tl+wZsTFTDqJwF0vuZqhW3VpknMYMc0"; - } - { - username = "ericvolp12"; - email = "ericvolp12@gmail.com"; - password = "{SSHA}pSepaQ+/5KBLfJtRR5rfxGU8goAsXgvk"; - } - { - username = "eta"; - email = "eta@theta.eu.org"; - password = "{SSHA}sOR5xzi7Lfv376XGQA8Hf6jyhTvo0XYc"; - } - { - username = "etu"; - email = "etu@failar.nu"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$RUrW8C9mWAkBSlkwSTH5dw$n3FXTeu41nDQfvJPI7TT3tcgwPmPJl8hPtaZ58qLq9A"; - } - { - username = "firefly"; - email = "firefly@firefly.nu"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$RYVVkFoi3A1yYkI8J2zUwg$GUERvgHvU8SGjQmilDJGZu50hYRAHw+ejtuL+Skygs8"; - } - { - username = "glittershark"; - email = "grfn@gws.fyi"; - password = "{SSHA}i7PSAsXwJT3jjmmvU77aar/tU/YPDCEO"; - } - { - username = "htbf"; - email = "h-tvl@htbf.dev"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$2iVXQQfd26icaIguHJg/CQ$hA9ziqn7kQ06AV6uQxJCGXoG8f+LWmH+nVlk00a1n/c"; - } - { - username = "isomer"; - email = "isomer@tvl.fyi"; - password = "{SSHA}OhWQkPJgH1rRJqYIaMUbbKC4iLEzvCev"; - } - { - username = "lukegb"; - email = "lukegb@tvl.fyi"; - password = "{SSHA}7a85VNhpFElFw+N5xcjgGmt4HnBsaGp4"; - } - { - username = "multi"; - email = "depot@in-addr.xyz"; - password = "{ARGON2}$argon2i$v=19$m=4096,t=3,p=1$qCfXhZUVft1YVPx7H4x7rw$dhtwtCrEMSpZfWQJbw2wpo5XHqiJqoZkiKeEbE6AdX0"; - } - { - username = "nyanotech"; - email = "nyanotechnology@gmail.com"; - password = "{SSHA}NIJ2RCRb1+Q4Bs63cyE91VZyiN47DG6y"; - } - { - username = "Profpatsch"; - email = "mail@profpatsch.de"; - password = "{SSHA}jcFXxRplMFxH4gpa0X5VdUzW64T95TwQ"; - } - { - username = "sterni"; - email = "sternenseemann@systemli.org"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$+NbF1izPMGqN5bASCBDV9g$aqBVplHwiyDpflZUmLtjkLWzKhxi7hwjm5fOwfbKohU"; - } - { - username = "q3k"; - email = "q3k@q3k.org"; - password = "{SSHA}BEccJdtnhVLDzOn+pxNfayNi3QFcEABE"; - } - { - username = "qyliss"; - displayName = "Alyssa Ross"; - email = "hi@alyssa.is"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$+uTpAKrN452D8wa7OFqPnw$GYi9/zns5iJCXDp1VuTPPsa35M5vkD6+rC8riT8cEHI"; - } - { - username = "riking"; - displayName = "kanepyork"; - email = "rikingcoding@gmail.com"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$o2OcfhfKOry+UrcmODyQCw$qloaQgoIRDESwaA3yqPxxy8sgLk3mrjYFBbF41elVrM"; - } - { - username = "tazjin"; - email = "mail@tazj.in"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$wOPEl9D3kSke//oLtbvqrg$j0npwwXgaXQ/emefKUwL59tH8hdmtzbgH2rQzWSmE2Y"; - } - { - username = "implr"; - email = "implr@hackerspace.pl"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$SHRFps5sVgyUXYdmqGPw9g$tEx9DwKK1RjWlw52GLwOZ/iHep+QJboaZE83f1pXSwQ"; - } - { - username = "v"; - displayName = "V"; - email = "v@anomalous.eu"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$Wa11vk3gQKhJr1uzvtRTRQ$RHfvcC2j6rDUgWfezm05N03LeGIEezeKtmFmt+rfvM4"; - } - { - username = "ben"; - email = "tvl@benjojo.co.uk"; - password = "{SSHA}Zi48mSPsRMEPhff44w4RHi0SjjyhjWk1"; - } - { - username = "jamie"; - email = "jamie@kwiius.com"; - password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OkAMHVAfQ3nJhBffYJwk7Q$JV3DrF9eOU+4VL6I+nkaMUUOMqWuNzdp7N7U5Xwa3fg"; - } - ]; + inherit (config.depot.ops) users; + in { # Use our patched OpenLDAP derivation which enables stronger password hashing. # diff --git a/ops/users/default.nix b/ops/users/default.nix new file mode 100644 index 0000000000..87ce7e2e80 --- /dev/null +++ b/ops/users/default.nix @@ -0,0 +1,132 @@ +{ ... }: + +[ + { + username = "andi"; + email = "andi@notmuch.email"; + password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$8lefg7+8UPAEh9Ott8zH0A$7YuLRraTC1IgxTNTxFJF03AWmqBS3GX2+vfD4XVTrb0"; + } + { + username = "artemist"; + email = "me@artem.ist"; + password = "{SSHA}N6Tl/txGQwlmVa7xVJCXpGcD1U4bJaI+"; + } + { + username = "camsbury"; + email = "camsbury7@gmail.com"; + password = "{SSHA}r6/I/zefrAb1jWTdhuqWik0CXT8E+/E5"; + } + { + username = "cynthia"; + email = "cynthia@tvl.fyi"; + password = "{ARGON2}$argon2id$v=19$m=65536,t=4,p=1$TxjbMGenhEmkyYLrg5uGhbr60THB86YeRZg5bPdiTJo$k9gbRlAPjmxwdUwzbavvsAVkckgQZ0jS2oTtvZBPysk"; + } + { + username = "edef"; + email = "edef@edef.eu"; + password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OORx4ERbkgvTmuYCJA8cIw$i5qaBzHkRVw7Tl+wZsTFTDqJwF0vuZqhW3VpknMYMc0"; + } + { + username = "ericvolp12"; + email = "ericvolp12@gmail.com"; + password = "{SSHA}pSepaQ+/5KBLfJtRR5rfxGU8goAsXgvk"; + } + { + username = "eta"; + email = "eta@theta.eu.org"; + password = "{SSHA}sOR5xzi7Lfv376XGQA8Hf6jyhTvo0XYc"; + } + { + username = "etu"; + email = "etu@failar.nu"; + password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$RUrW8C9mWAkBSlkwSTH5dw$n3FXTeu41nDQfvJPI7TT3tcgwPmPJl8hPtaZ58qLq9A"; + } + { + username = "firefly"; + email = "firefly@firefly.nu"; + password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$RYVVkFoi3A1yYkI8J2zUwg$GUERvgHvU8SGjQmilDJGZu50hYRAHw+ejtuL+Skygs8"; + } + { + username = "glittershark"; + email = "grfn@gws.fyi"; + password = "{SSHA}i7PSAsXwJT3jjmmvU77aar/tU/YPDCEO"; + } + { + username = "htbf"; + email = "h-tvl@htbf.dev"; + password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$2iVXQQfd26icaIguHJg/CQ$hA9ziqn7kQ06AV6uQxJCGXoG8f+LWmH+nVlk00a1n/c"; + } + { + username = "isomer"; + email = "isomer@tvl.fyi"; + password = "{SSHA}OhWQkPJgH1rRJqYIaMUbbKC4iLEzvCev"; + } + { + username = "lukegb"; + email = "lukegb@tvl.fyi"; + password = "{SSHA}7a85VNhpFElFw+N5xcjgGmt4HnBsaGp4"; + } + { + username = "multi"; + email = "depot@in-addr.xyz"; + password = "{ARGON2}$argon2i$v=19$m=4096,t=3,p=1$qCfXhZUVft1YVPx7H4x7rw$dhtwtCrEMSpZfWQJbw2wpo5XHqiJqoZkiKeEbE6AdX0"; + } + { + username = "nyanotech"; + email = "nyanotechnology@gmail.com"; + password = "{SSHA}NIJ2RCRb1+Q4Bs63cyE91VZyiN47DG6y"; + } + { + username = "Profpatsch"; + email = "mail@profpatsch.de"; + password = "{SSHA}jcFXxRplMFxH4gpa0X5VdUzW64T95TwQ"; + } + { + username = "sterni"; + email = "sternenseemann@systemli.org"; + password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$+NbF1izPMGqN5bASCBDV9g$aqBVplHwiyDpflZUmLtjkLWzKhxi7hwjm5fOwfbKohU"; + } + { + username = "q3k"; + email = "q3k@q3k.org"; + password = "{SSHA}BEccJdtnhVLDzOn+pxNfayNi3QFcEABE"; + } + { + username = "qyliss"; + displayName = "Alyssa Ross"; + email = "hi@alyssa.is"; + password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$+uTpAKrN452D8wa7OFqPnw$GYi9/zns5iJCXDp1VuTPPsa35M5vkD6+rC8riT8cEHI"; + } + { + username = "riking"; + displayName = "kanepyork"; + email = "rikingcoding@gmail.com"; + password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$o2OcfhfKOry+UrcmODyQCw$qloaQgoIRDESwaA3yqPxxy8sgLk3mrjYFBbF41elVrM"; + } + { + username = "tazjin"; + email = "mail@tazj.in"; + password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$wOPEl9D3kSke//oLtbvqrg$j0npwwXgaXQ/emefKUwL59tH8hdmtzbgH2rQzWSmE2Y"; + } + { + username = "implr"; + email = "implr@hackerspace.pl"; + password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$SHRFps5sVgyUXYdmqGPw9g$tEx9DwKK1RjWlw52GLwOZ/iHep+QJboaZE83f1pXSwQ"; + } + { + username = "v"; + displayName = "V"; + email = "v@anomalous.eu"; + password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$Wa11vk3gQKhJr1uzvtRTRQ$RHfvcC2j6rDUgWfezm05N03LeGIEezeKtmFmt+rfvM4"; + } + { + username = "ben"; + email = "tvl@benjojo.co.uk"; + password = "{SSHA}Zi48mSPsRMEPhff44w4RHi0SjjyhjWk1"; + } + { + username = "jamie"; + email = "jamie@kwiius.com"; + password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OkAMHVAfQ3nJhBffYJwk7Q$JV3DrF9eOU+4VL6I+nkaMUUOMqWuNzdp7N7U5Xwa3fg"; + } +] diff --git a/web/todolist/default.nix b/web/todolist/default.nix index 8a12d01212..d66a05baf8 100644 --- a/web/todolist/default.nix +++ b/web/todolist/default.nix @@ -20,19 +20,12 @@ let fromJSON head readFile + map ; inherit (lib) concatStringsSep; - # We should extract this from TVL slapd, but that data is not easily - # accessible right now. - knownUsers = [ - "tazjin" - "riking" - "Profpatsch" - "grfn" - "lukegb" - ]; + knownUsers = map (u: u.username) depot.ops.users; todo = struct { file = string; |