From 2d136e03279e481021a23948fdf5556f25394cd3 Mon Sep 17 00:00:00 2001
From: sterni <sternenseemann@systemli.org>
Date: Mon, 18 Jan 2021 12:10:33 +0100
Subject: feat(todolist): use static slapd user data for knownUsers

Since the slapd data is static and generated using nix, we can simply
move the user list into ops/users, so it's recognized by readTree and we
can use it as ops.users both in ops/nixos/tvl-slapd and web/todolist as
a general purpose user registry for depot.

Update docs/REVIEWS.md as well.

Change-Id: I35caaaab70a5578c47cedc7f33077dd513766290
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2419
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
---
 docs/REVIEWS.md                 |   4 +-
 ops/nixos/tvl-slapd/default.nix | 132 +---------------------------------------
 ops/users/default.nix           | 132 ++++++++++++++++++++++++++++++++++++++++
 web/todolist/default.nix        |  11 +---
 4 files changed, 138 insertions(+), 141 deletions(-)
 create mode 100644 ops/users/default.nix

diff --git a/docs/REVIEWS.md b/docs/REVIEWS.md
index fd7f088d40..f89ca5e118 100644
--- a/docs/REVIEWS.md
+++ b/docs/REVIEWS.md
@@ -113,7 +113,7 @@ instructions:
 
 1. Be a member of `##tvl-dev` or `##tvl`.
 2. Clone the depot locally (via `git clone "https://cl.tvl.fyi/depot"`).
-3. Create a user entry in our LDAP server in [tvl-slapd/default.nix][tvl-slapd].
+3. Create a user entry in our LDAP server in [ops/users][ops-users].
 
    We recommend using ARGON2 password hashes, which can be created
    with the `slappasswd` tool if OpenLDAP was compiled with ARGON2
@@ -149,5 +149,5 @@ The email address is a [public group][].
 [Gerrit walkthrough]: https://gerrit-review.googlesource.com/Documentation/intro-gerrit-walkthrough.html
 [OWNERS]: https://cl.tvl.fyi/plugins/owners/Documentation/config.md
 [guidelines]: ./CONTRIBUTING.md#commit-messages
-[tvl-slapd]: ../ops/nixos/tvl-slapd/default.nix
+[ops-users]: ../ops/users/default.nix
 [public group]: https://groups.google.com/a/tazj.in/forum/?hl=en#!forum/depot
diff --git a/ops/nixos/tvl-slapd/default.nix b/ops/nixos/tvl-slapd/default.nix
index b0234f30b2..d32bc96b83 100644
--- a/ops/nixos/tvl-slapd/default.nix
+++ b/ops/nixos/tvl-slapd/default.nix
@@ -24,136 +24,8 @@ let
     userPassword: ${u.password}
   '');
 
-  users = [
-    {
-      username = "andi";
-      email = "andi@notmuch.email";
-      password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$8lefg7+8UPAEh9Ott8zH0A$7YuLRraTC1IgxTNTxFJF03AWmqBS3GX2+vfD4XVTrb0";
-    }
-    {
-      username = "artemist";
-      email = "me@artem.ist";
-      password = "{SSHA}N6Tl/txGQwlmVa7xVJCXpGcD1U4bJaI+";
-    }
-    {
-      username = "camsbury";
-      email = "camsbury7@gmail.com";
-      password = "{SSHA}r6/I/zefrAb1jWTdhuqWik0CXT8E+/E5";
-    }
-    {
-      username = "cynthia";
-      email = "cynthia@tvl.fyi";
-      password = "{ARGON2}$argon2id$v=19$m=65536,t=4,p=1$TxjbMGenhEmkyYLrg5uGhbr60THB86YeRZg5bPdiTJo$k9gbRlAPjmxwdUwzbavvsAVkckgQZ0jS2oTtvZBPysk";
-    }
-    {
-      username = "edef";
-      email = "edef@edef.eu";
-      password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OORx4ERbkgvTmuYCJA8cIw$i5qaBzHkRVw7Tl+wZsTFTDqJwF0vuZqhW3VpknMYMc0";
-    }
-    {
-      username = "ericvolp12";
-      email = "ericvolp12@gmail.com";
-      password = "{SSHA}pSepaQ+/5KBLfJtRR5rfxGU8goAsXgvk";
-    }
-    {
-      username = "eta";
-      email = "eta@theta.eu.org";
-      password = "{SSHA}sOR5xzi7Lfv376XGQA8Hf6jyhTvo0XYc";
-    }
-    {
-      username = "etu";
-      email = "etu@failar.nu";
-      password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$RUrW8C9mWAkBSlkwSTH5dw$n3FXTeu41nDQfvJPI7TT3tcgwPmPJl8hPtaZ58qLq9A";
-    }
-    {
-      username = "firefly";
-      email = "firefly@firefly.nu";
-      password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$RYVVkFoi3A1yYkI8J2zUwg$GUERvgHvU8SGjQmilDJGZu50hYRAHw+ejtuL+Skygs8";
-    }
-    {
-      username = "glittershark";
-      email = "grfn@gws.fyi";
-      password = "{SSHA}i7PSAsXwJT3jjmmvU77aar/tU/YPDCEO";
-    }
-    {
-      username = "htbf";
-      email = "h-tvl@htbf.dev";
-      password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$2iVXQQfd26icaIguHJg/CQ$hA9ziqn7kQ06AV6uQxJCGXoG8f+LWmH+nVlk00a1n/c";
-    }
-    {
-      username = "isomer";
-      email = "isomer@tvl.fyi";
-      password = "{SSHA}OhWQkPJgH1rRJqYIaMUbbKC4iLEzvCev";
-    }
-    {
-      username = "lukegb";
-      email = "lukegb@tvl.fyi";
-      password = "{SSHA}7a85VNhpFElFw+N5xcjgGmt4HnBsaGp4";
-    }
-    {
-      username = "multi";
-      email = "depot@in-addr.xyz";
-      password = "{ARGON2}$argon2i$v=19$m=4096,t=3,p=1$qCfXhZUVft1YVPx7H4x7rw$dhtwtCrEMSpZfWQJbw2wpo5XHqiJqoZkiKeEbE6AdX0";
-    }
-    {
-      username = "nyanotech";
-      email = "nyanotechnology@gmail.com";
-      password = "{SSHA}NIJ2RCRb1+Q4Bs63cyE91VZyiN47DG6y";
-    }
-    {
-      username = "Profpatsch";
-      email = "mail@profpatsch.de";
-      password = "{SSHA}jcFXxRplMFxH4gpa0X5VdUzW64T95TwQ";
-    }
-    {
-      username = "sterni";
-      email = "sternenseemann@systemli.org";
-      password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$+NbF1izPMGqN5bASCBDV9g$aqBVplHwiyDpflZUmLtjkLWzKhxi7hwjm5fOwfbKohU";
-    }
-    {
-      username = "q3k";
-      email = "q3k@q3k.org";
-      password = "{SSHA}BEccJdtnhVLDzOn+pxNfayNi3QFcEABE";
-    }
-    {
-      username = "qyliss";
-      displayName = "Alyssa Ross";
-      email = "hi@alyssa.is";
-      password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$+uTpAKrN452D8wa7OFqPnw$GYi9/zns5iJCXDp1VuTPPsa35M5vkD6+rC8riT8cEHI";
-    }
-    {
-      username = "riking";
-      displayName = "kanepyork";
-      email = "rikingcoding@gmail.com";
-      password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$o2OcfhfKOry+UrcmODyQCw$qloaQgoIRDESwaA3yqPxxy8sgLk3mrjYFBbF41elVrM";
-    }
-    {
-      username = "tazjin";
-      email = "mail@tazj.in";
-      password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$wOPEl9D3kSke//oLtbvqrg$j0npwwXgaXQ/emefKUwL59tH8hdmtzbgH2rQzWSmE2Y";
-    }
-    {
-      username = "implr";
-      email = "implr@hackerspace.pl";
-      password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$SHRFps5sVgyUXYdmqGPw9g$tEx9DwKK1RjWlw52GLwOZ/iHep+QJboaZE83f1pXSwQ";
-    }
-    {
-      username = "v";
-      displayName = "V";
-      email = "v@anomalous.eu";
-      password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$Wa11vk3gQKhJr1uzvtRTRQ$RHfvcC2j6rDUgWfezm05N03LeGIEezeKtmFmt+rfvM4";
-    }
-    {
-      username = "ben";
-      email = "tvl@benjojo.co.uk";
-      password = "{SSHA}Zi48mSPsRMEPhff44w4RHi0SjjyhjWk1";
-    }
-    {
-      username = "jamie";
-      email = "jamie@kwiius.com";
-      password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OkAMHVAfQ3nJhBffYJwk7Q$JV3DrF9eOU+4VL6I+nkaMUUOMqWuNzdp7N7U5Xwa3fg";
-    }
-  ];
+  inherit (config.depot.ops) users;
+
 in {
   # Use our patched OpenLDAP derivation which enables stronger password hashing.
   #
diff --git a/ops/users/default.nix b/ops/users/default.nix
new file mode 100644
index 0000000000..87ce7e2e80
--- /dev/null
+++ b/ops/users/default.nix
@@ -0,0 +1,132 @@
+{ ... }:
+
+[
+  {
+    username = "andi";
+    email = "andi@notmuch.email";
+    password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$8lefg7+8UPAEh9Ott8zH0A$7YuLRraTC1IgxTNTxFJF03AWmqBS3GX2+vfD4XVTrb0";
+  }
+  {
+    username = "artemist";
+    email = "me@artem.ist";
+    password = "{SSHA}N6Tl/txGQwlmVa7xVJCXpGcD1U4bJaI+";
+  }
+  {
+    username = "camsbury";
+    email = "camsbury7@gmail.com";
+    password = "{SSHA}r6/I/zefrAb1jWTdhuqWik0CXT8E+/E5";
+  }
+  {
+    username = "cynthia";
+    email = "cynthia@tvl.fyi";
+    password = "{ARGON2}$argon2id$v=19$m=65536,t=4,p=1$TxjbMGenhEmkyYLrg5uGhbr60THB86YeRZg5bPdiTJo$k9gbRlAPjmxwdUwzbavvsAVkckgQZ0jS2oTtvZBPysk";
+  }
+  {
+    username = "edef";
+    email = "edef@edef.eu";
+    password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OORx4ERbkgvTmuYCJA8cIw$i5qaBzHkRVw7Tl+wZsTFTDqJwF0vuZqhW3VpknMYMc0";
+  }
+  {
+    username = "ericvolp12";
+    email = "ericvolp12@gmail.com";
+    password = "{SSHA}pSepaQ+/5KBLfJtRR5rfxGU8goAsXgvk";
+  }
+  {
+    username = "eta";
+    email = "eta@theta.eu.org";
+    password = "{SSHA}sOR5xzi7Lfv376XGQA8Hf6jyhTvo0XYc";
+  }
+  {
+    username = "etu";
+    email = "etu@failar.nu";
+    password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$RUrW8C9mWAkBSlkwSTH5dw$n3FXTeu41nDQfvJPI7TT3tcgwPmPJl8hPtaZ58qLq9A";
+  }
+  {
+    username = "firefly";
+    email = "firefly@firefly.nu";
+    password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$RYVVkFoi3A1yYkI8J2zUwg$GUERvgHvU8SGjQmilDJGZu50hYRAHw+ejtuL+Skygs8";
+  }
+  {
+    username = "glittershark";
+    email = "grfn@gws.fyi";
+    password = "{SSHA}i7PSAsXwJT3jjmmvU77aar/tU/YPDCEO";
+  }
+  {
+    username = "htbf";
+    email = "h-tvl@htbf.dev";
+    password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$2iVXQQfd26icaIguHJg/CQ$hA9ziqn7kQ06AV6uQxJCGXoG8f+LWmH+nVlk00a1n/c";
+  }
+  {
+    username = "isomer";
+    email = "isomer@tvl.fyi";
+    password = "{SSHA}OhWQkPJgH1rRJqYIaMUbbKC4iLEzvCev";
+  }
+  {
+    username = "lukegb";
+    email = "lukegb@tvl.fyi";
+    password = "{SSHA}7a85VNhpFElFw+N5xcjgGmt4HnBsaGp4";
+  }
+  {
+    username = "multi";
+    email = "depot@in-addr.xyz";
+    password = "{ARGON2}$argon2i$v=19$m=4096,t=3,p=1$qCfXhZUVft1YVPx7H4x7rw$dhtwtCrEMSpZfWQJbw2wpo5XHqiJqoZkiKeEbE6AdX0";
+  }
+  {
+    username = "nyanotech";
+    email = "nyanotechnology@gmail.com";
+    password = "{SSHA}NIJ2RCRb1+Q4Bs63cyE91VZyiN47DG6y";
+  }
+  {
+    username = "Profpatsch";
+    email = "mail@profpatsch.de";
+    password = "{SSHA}jcFXxRplMFxH4gpa0X5VdUzW64T95TwQ";
+  }
+  {
+    username = "sterni";
+    email = "sternenseemann@systemli.org";
+    password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$+NbF1izPMGqN5bASCBDV9g$aqBVplHwiyDpflZUmLtjkLWzKhxi7hwjm5fOwfbKohU";
+  }
+  {
+    username = "q3k";
+    email = "q3k@q3k.org";
+    password = "{SSHA}BEccJdtnhVLDzOn+pxNfayNi3QFcEABE";
+  }
+  {
+    username = "qyliss";
+    displayName = "Alyssa Ross";
+    email = "hi@alyssa.is";
+    password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$+uTpAKrN452D8wa7OFqPnw$GYi9/zns5iJCXDp1VuTPPsa35M5vkD6+rC8riT8cEHI";
+  }
+  {
+    username = "riking";
+    displayName = "kanepyork";
+    email = "rikingcoding@gmail.com";
+    password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$o2OcfhfKOry+UrcmODyQCw$qloaQgoIRDESwaA3yqPxxy8sgLk3mrjYFBbF41elVrM";
+  }
+  {
+    username = "tazjin";
+    email = "mail@tazj.in";
+    password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$wOPEl9D3kSke//oLtbvqrg$j0npwwXgaXQ/emefKUwL59tH8hdmtzbgH2rQzWSmE2Y";
+  }
+  {
+    username = "implr";
+    email = "implr@hackerspace.pl";
+    password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$SHRFps5sVgyUXYdmqGPw9g$tEx9DwKK1RjWlw52GLwOZ/iHep+QJboaZE83f1pXSwQ";
+  }
+  {
+    username = "v";
+    displayName = "V";
+    email = "v@anomalous.eu";
+    password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$Wa11vk3gQKhJr1uzvtRTRQ$RHfvcC2j6rDUgWfezm05N03LeGIEezeKtmFmt+rfvM4";
+  }
+  {
+    username = "ben";
+    email = "tvl@benjojo.co.uk";
+    password = "{SSHA}Zi48mSPsRMEPhff44w4RHi0SjjyhjWk1";
+  }
+  {
+    username = "jamie";
+    email = "jamie@kwiius.com";
+    password = "{ARGON2}$argon2id$v=19$m=65536,t=2,p=1$OkAMHVAfQ3nJhBffYJwk7Q$JV3DrF9eOU+4VL6I+nkaMUUOMqWuNzdp7N7U5Xwa3fg";
+  }
+]
diff --git a/web/todolist/default.nix b/web/todolist/default.nix
index 8a12d01212..d66a05baf8 100644
--- a/web/todolist/default.nix
+++ b/web/todolist/default.nix
@@ -20,19 +20,12 @@ let
     fromJSON
     head
     readFile
+    map
     ;
 
   inherit (lib) concatStringsSep;
 
-  # We should extract this from TVL slapd, but that data is not easily
-  # accessible right now.
-  knownUsers = [
-    "tazjin"
-    "riking"
-    "Profpatsch"
-    "grfn"
-    "lukegb"
-  ];
+  knownUsers = map (u: u.username) depot.ops.users;
 
   todo = struct {
     file = string;
-- 
cgit 1.4.1