kiara/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

Merge branch 'main' into rm-rsa-keys

Browse source
This commit is contained in:
kiara Grouwstra 2025-02-20 12:43:12 +01:00
commit e562817597
59 changed files with 2189 additions and 1566 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -94,11 +94,11 @@ Not everyone has the expertise and time to run their own server.
- Resource
A [resource for NixOps4](https://nixops.dev/manual/development/concept/resource.html) is any external entity that can be declared with NixOps4 expressions and manipulated with NixOps4, such as a virtual machine, an active NixOS configuration, a DNS entry, or customer database.
A [resource for NixOps4](https://nixops.dev/manual/development/concept/resource.html) is any external entity that can be declared with NixOps4 expressions and manipulated with NixOps4, such as a virtual machine, an active NixOS configuration, a DNS entry, or customer database.
- Resource provider
A resource provider for NixOps4 is an executable that communicates between a resource and NixOps4 using a standardised protocol, allowing [CRUD operations](https://en.wikipedia.org/wiki/Create,_read,_update_and_delete) on the resources to be performed by NixOps4.
A resource provider for NixOps4 is an executable that communicates between a resource and NixOps4 using a standardised protocol, allowing [CRUD operations](https://en.wikipedia.org/wiki/Create,_read,_update_and_delete) on the resources to be performed by NixOps4.
Refer to the [NixOps4 manual](https://nixops.dev/manual/development/resource-provider/index.html) for details.
> Example: We need a resource provider for obtaining deployment secrets from a database.

219
deployment/README.md Normal file
View file

@ -0,0 +1,219 @@
# Provisioning VMs via Proxmox
## Quick links
Proxmox API doc
: <https://pve.proxmox.com/pve-docs/api-viewer>
Fediversity Proxmox
: <http://192.168.51.81:8006/>
## Basic terminology
Node
: physical host
## Fediversity Proxmox
- It is only accessible via Procolix\'s VPN:
- Get credentials for the VPN portal and Proxmox from
[Kevin](https://git.fediversity.eu/kevin).
- Log in to the [VPN
portal](https://vpn.fediversity.eu/vpn-user-portal/home).
- Create a **New Configuration**:
- Select **WireGuard (UDP)**
- Enter some name, e.g. `fediversity`
- Click Download
- Write the WireGuard configuration to a file
`fediversity-vpn.config` next to your NixOS configuration
- Add that file's path to `.git/info/exclude` and make sure
it doesn't otherwise leak (for example, use
[Agenix](https://github.com/ryantm/agenix) to manage
secrets)
- To your NixOS configuration, add
``` nix
networking.wg-quick.interfaces.fediversity.configFile = toString ./fediversity-vpn.config;
```
- Select "Promox VE authentication server".
- Ignore the "You do not have a valid subscription" message.
## Automatically
This directory contains scripts that can automatically provision or
remove a Proxmox VM. For now, they are tied to one node in the
Fediversity Proxmox, but it would not be difficult to make them more
generic. Try:
```sh
bash proxmox/provision.sh --help
bash proxmox/remove.sh --help
```
## Preparing the machine configuration
- It is nicer if the machine is a QEMU guest. On NixOS:
``` nix
services.qemuGuest.enable = true
```
- Choose name for your machine.
- Choose static IPs for your machine. The IPv4 and IPv6 subnets
available for Fediversity testing are:
- `95.215.187.0/24`. Gateway is `95.215.187.1`.
- `2a00:51c0:13:1305::/64`. Gateway is `2a00:51c0:13:1305::1`.
- I have been using id `XXX` (starting from `001`), name `fediXXX`,
`95.215.187.XXX` and `2a00:51c0:13:1305::XXX`.
- Name servers should be `95.215.185.6` and `95.215.185.7`.
- Check [Netbox](https://netbox.protagio.org) to see which addresses
are free.
## Manually via the GUI
### Upload your ISO
- Go to Fediversity proxmox.
- In the left view, expand under the node that you want and click on
"local".
- Select "ISO Images", then click "Upload".
- Note: You can also download from URL.
- Note: You should click on "local" and not "local-zfs".
### Creating the VM
- Click "Create VM" at the top right corner.
#### General
Node
: which node will host the VM; has to be the same
VM ID
: Has to be unique, probably best to use the `xxxx` in `vm0xxxx`
(yet to be decided)
Name
: Usually `vm` + 5 digits, e.g. `vm02199`
Resource pool
: Fediversity
#### OS
Use CD/DVD disc image file (iso)
:
Storage
: local, means storage of the node.
ISO image
: select the image previously uploaded
No need to touch anything else
#### System
BIOS
: OVMF (UEFI)
EFI Storage
: `linstor_storage`; this is a storage shared by all of the Proxmox
machines.
Pre-Enroll keys
: MUST be unchecked
Qemu Agent
: check
#### Disks
- Tick "advanced" at the bottom.
- Disk size (GiB) :: 40 (depending on requirements)
- SSD emulation :: check (only visible if "Advanced" is checked)
- Discard :: check, so that blocks of removed data are cleared
#### CPU
Sockets
: 1 (depending on requirements)
Cores
: 2 (depending on requirements)
Enable NUMA
: check
#### Memory
Memory (MiB)
: choose what you want
Ballooning Device
: leave checked (only visible if "Advanced" is checked)
#### Network
Bridge
: `vnet1306`. This is the provisioning bridge;
we will change it later.
Firewall
: uncheck, we will handle the firewall on the VM itself
#### Confirm
### Install and start the VM
- Start the VM a first time.
- Select the VM in the left panel. You might have to expand the
node on which it is hosted.
- Select "Console" and start the VM.
- Install the VM as you would any other machine.
- [*Shutdown the VM*]{.spurious-link target="Shutdown the VM"}.
- After the VM has been installed:
- Select the VM again, then go to "Hardware".
- Double click on the CD/DVD Drive line. Select "Do not use any
media" and press OK.
- Double click on Network Device, and change the bridge to
`vnet1305`, the public bridge.
- Start the VM again.
### Remove the VM
- [*Shutdown the VM*]{.spurious-link target="Shutdown the VM"}.
- On the top right corner, click "More", then "Remove".
- Enter the ID of the machine.
- Check "Purge from job configurations"
- Check "Destroy unreferenced disks owned by guest"
- Click "Remove".
### Move the VM to another node
- Make sure there is no ISO plugged in.
- Click on the VM. Click migrate. Choose target node. Go.
- Since the storage is shared, it should go pretty fast (~1 minute).
### Shutdown the VM
- Find the VM in the left panel.
- At the top right corner appears a "Shutdown" button with a submenu.
- Clicking "Shutdown" sends a signal to shutdown the machine. This
might not work if the machine is not listening for that signal.
- Brutal solution: in the submenu, select "Stop".
- The checkbox "Overrule active shutdown tasks" means that the machine
should be stopped even if a shutdown is currently ongoing. This is
particularly important if you have tried to shut the machine down
normally just before.

113
deployment/README.org
View file

@ -1,113 +0,0 @@
#+title: Provisioning VMs via Proxmox
* Quick links
- Proxmox API doc :: https://pve.proxmox.com/pve-docs/api-viewer
- Fediversity Proxmox :: http://192.168.51.81:8006/
* Basic terminology
- Node :: physical host
* Fediversity Proxmox
- It is only accessible via Procolix's VPN:
- Get credentials for the VPN portal and Proxmox from [[https://git.fediversity.eu/kevin][Kevin]].
- Log in to the [[https://vpn.fediversity.eu/vpn-user-portal/home][VPN portal]].
- Create a *New Configuration*:
- Select *WireGuard (UDP)*
- Enter some name, e.g. ~fediversity~
- Click Download
- Write the WireGuard configuration to a file ~fediversity-vpn.config~ next to your NixOS configuration
- Add that file's path to ~.git/info/exclude~ and make sure it doesn't otherwise leak (for example, use [[https://github.com/ryantm/agenix][Agenix]] to manage secrets)
- To your NixOS configuration, add
#+begin_src nix
networking.wg-quick.interfaces.fediversity.configFile = toString ./fediversity-vpn.config;
#+end_src
- Select “Promox VE authentication server”.
- Ignore the “You do not have a valid subscription” message.
* Automatically
This directory contains scripts that can automatically provision or remove a
Proxmox VM. For now, they are tied to one node in the Fediversity Proxmox, but
it would not be difficult to make them more generic. Try:
#+begin_src sh
sh proxmox/provision.sh --help
sh proxmox/remove.sh --help
#+end_src
* Preparing the machine configuration
- It is nicer if the machine is a QEMU guest. On NixOS:
#+begin_src nix
services.qemuGuest.enable = true
#+end_src
- Choose name for your machine.
- Choose static IPs for your machine. The IPv4 and IPv6 subnets available for
Fediversity testing are:
- ~95.215.187.0/24~. Gateway is ~95.215.187.1~.
- ~2a00:51c0:13:1305::/64~. Gateway is ~2a00:51c0:13:1305::1~.
- I have been using id ~XXX~ (starting from ~001~), name ~fediXXX~, ~95.215.187.XXX~ and
~2a00:51c0:13:1305::XXX~.
- Name servers should be ~95.215.185.6~ and ~95.215.185.7~.
- Check [[https://netbox.protagio.org][Netbox]] to see which addresses are free.
* Manually via the GUI
** Upload your ISO
- Go to Fediversity proxmox.
- In the left view, expand under the node that you want and click on “local”.
- Select “ISO Images”, then click “Upload”.
- Note: You can also download from URL.
- Note: You should click on “local” and not “local-zfs”.
** Creating the VM
- Click “Create VM” at the top right corner.
*** General
- Node :: which node will host the VM; has to be the same
- VM ID :: Has to be unique, probably best to use the "xxxx" in "vm0xxxx" (yet to be decided)
- Name :: Usually "vm" + 5 digits, e.g. "vm02199"
- Resource pool :: Fediversity
*** OS
- Use CD/DVD disc image file (iso) ::
- Storage :: local, means storage of the node.
- ISO image :: select the image previously uploaded
No need to touch anything else
*** System
- BIOS :: OVMF (UEFI)
- EFI Storage :: ~linstor_storage~; this is a storage shared by all of the Proxmox machines.
- Pre-Enroll keys :: MUST be unchecked
- Qemu Agent :: check
*** Disks
- Tick “advanced” at the bottom.
- Disk size (GiB) :: 40 (depending on requirements)
- SSD emulation :: check (only visible if “Advanced” is checked)
- Discard :: check, so that blocks of removed data are cleared
*** CPU
- Sockets :: 1 (depending on requirements)
- Cores :: 2 (depending on requirements)
- Enable NUMA :: check
*** Memory
- Memory (MiB) :: choose what you want
- Ballooning Device :: leave checked (only visible if “Advanced” is checked)
*** Network
- Bridge :: ~vnet1306~. This is the provisioning bridge; we will change it later.
- Firewall :: uncheck, we will handle the firewall on the VM itself
*** Confirm
** Install and start the VM
- Start the VM a first time.
- Select the VM in the left panel. You might have to expand the node on which it is hosted.
- Select “Console” and start the VM.
- Install the VM as you would any other machine.
- [[Shutdown the VM]].
- After the VM has been installed:
- Select the VM again, then go to “Hardware”.
- Double click on the CD/DVD Drive line. Select “Do not use any media” and press OK.
- Double click on Network Device, and change the bridge to ~vnet1305~, the public bridge.
- Start the VM again.
** Remove the VM
- [[Shutdown the VM]].
- On the top right corner, click “More”, then “Remove”.
- Enter the ID of the machine.
- Check “Purge from job configurations”
- Check “Destroy unreferenced disks owned by guest”
- Click “Remove”.
** Move the VM to another node
- Make sure there is no ISO plugged in.
- Click on the VM. Click migrate. Choose target node. Go.
- Since the storage is shared, it should go pretty fast (~1 minute).
** Shutdown the VM
- Find the VM in the left panel.
- At the top right corner appears a “Shutdown” button with a submenu.
- Clicking “Shutdown” sends a signal to shutdown the machine. This might not work if the machine is not listening for that signal.
- Brutal solution: in the submenu, select “Stop”.
- The checkbox “Overrule active shutdown tasks” means that the machine should be stopped even if a shutdown is currently ongoing. This is particularly important if you have tried to shut the machine down normally just before.

21
flake.nix
View file

@ -41,32 +41,23 @@
formatter = pkgs.nixfmt-rfc-style;
pre-commit.settings.hooks =
## Not everybody might want pre-commit hooks, so we make them
## opt-in. Maybe one day we will decide to have them everywhere.
let
inherit (builtins) concatStringsSep;
optin = [
"deployment"
"infra"
"keys"
"secrets"
"services"
"panel"
];
files = "^((" + concatStringsSep "|" optin + ")/.*\\.nix|[^/]*\\.nix)$";
## Add a directory here if pre-commit hooks shouldn't apply to it.
optout = [ "npins" ];
excludes = map (dir: "^${dir}/") optout;
in
{
nixfmt-rfc-style = {
enable = true;
inherit files;
inherit excludes;
};
deadnix = {
enable = true;
inherit files;
inherit excludes;
};
trim-trailing-whitespace = {
enable = true;
inherit files;
inherit excludes;
};
};

65
infra/README.md Normal file
View file

@ -0,0 +1,65 @@
# Infra
This directory contains the definition of the VMs that host our infrastructure.
## NixOps4
Their configuration can be updated via NixOps4. Run
```sh
nixops4 deployments list
```
to see the available deployments.
This should be done from the root of the repository,
otherwise NixOps4 will fail with something like:
```
nixops4 error: evaluation: error:
… while calling the 'getFlake' builtin
error: path '/nix/store/05nn7krhvi8wkcyl6bsysznlv60g5rrf-source/flake.nix' does not exist, evaluation: error:
… while calling the 'getFlake' builtin
error: path '/nix/store/05nn7krhvi8wkcyl6bsysznlv60g5rrf-source/flake.nix' does not exist
```
Then, given a deployment (eg. `git`), run
```sh
nixops4 apply <deployment>
```
Alternatively, to run the `default` deployment, run
```sh
nixops4 apply
```
## Deployments
default
: Contains everything
`git`
: Machines hosting our Git infrastructure, eg. Forgejo and its actions runners
`web`
: Machines hosting our online content, eg. the website or the wiki
`other`
: Machines without a specific purpose
## Machines
These machines are hosted on the Procolix Proxmox instance,
to which non-Procolix members of the project do not have access.
They host our stable infrastructure.
Machine Proxmox Description Deployment
--------- ------------- ------------------------ ------------
vm02116 Procolix Forgejo `git`
vm02179 Procolix *unused* `other`
vm02186 Procolix *unused* `other`
vm02187 Procolix Wiki `web`
fedi300 Fediversity Forgejo actions runner `git`

58
infra/README.org
View file

@ -1,58 +0,0 @@
#+title: Infra
This directory contains the definition of the VMs that host our infrastructure.
* NixOps4
Their configuration can be updated via NixOps4. Run
#+begin_src sh
nixops4 deployments list
#+end_src
to see the available deployments. This should be done from the root of the
repository, otherwise NixOps4 will fail with something like:
#+begin_src
nixops4 error: evaluation: error:
… while calling the 'getFlake' builtin
error: path '/nix/store/05nn7krhvi8wkcyl6bsysznlv60g5rrf-source/flake.nix' does not exist, evaluation: error:
… while calling the 'getFlake' builtin
error: path '/nix/store/05nn7krhvi8wkcyl6bsysznlv60g5rrf-source/flake.nix' does not exist
#+end_src
Then, given a deployment (eg. ~git~), run
#+begin_src sh
nixops4 apply <deployment>
#+end_src
Alternatively, to run the ~default~ deployment, run
#+begin_src sh
nixops4 apply
#+end_src
* Deployments
- default :: Contains everything
- ~git~ :: Machines hosting our Git infrastructure, eg. Forgejo and its actions
runners
- ~web~ :: Machines hosting our online content, eg. the website or the wiki
- ~other~ :: Machines without a specific purpose
* Machines
These machines are hosted on the Procolix Proxmox instance, to which
non-Procolix members of the project do not have access. They host our stable
infrastructure.
| Machine | Proxmox | Description | Deployment |
|---------+-------------+------------------------+------------|
| vm02116 | Procolix | Forgejo | ~git~ |
| vm02179 | Procolix | /unused/ | ~other~ |
| vm02186 | Procolix | /unused/ | ~other~ |
| vm02187 | Procolix | Wiki | ~web~ |
| fedi300 | Fediversity | Forgejo actions runner | ~git~ |

2
matrix/README.md
View file

@ -46,7 +46,7 @@ These are the components we're going to use:
## Synapse
This is the core component: the Matrix server itself, you should probably
install this first.
install this first.
Because not every usecase is the same, we'll describe two different
architectures:

8
matrix/coturn/turnserver.conf
View file

@ -78,10 +78,10 @@ denied-peer-ip=203.0.113.0-203.0.113.255
# TURN server allocates address family according TURN client requested address family.
# If address family not requested explicitly by the client, then it falls back to this default.
# The standard RFC explicitly define that this default must be IPv4,
# so use other option values with care!
# Possible values: "ipv4" or "ipv6" or "keep"
# "keep" sets the allocation default address family according to
# The standard RFC explicitly define that this default must be IPv4,
# so use other option values with care!
# Possible values: "ipv4" or "ipv6" or "keep"
# "keep" sets the allocation default address family according to
# the TURN client allocation request connection address family.
allocation-default-address-family="ipv4"

4
matrix/draupnir/README.md
View file

@ -86,7 +86,7 @@ nginx to forward requests for reports to Draupnir:
location ~ ^/_matrix/client/(r0|v3)/rooms/([^/]*)/report/(.*)$ {
# The r0 endpoint is deprecated but still used by many clients.
# As of this writing, the v3 endpoint is the up-to-date version.
# Alias the regexps, to ensure that they're not rewritten.
set $room_id $2;
set $event_id $3;
@ -101,7 +101,7 @@ location /_synapse/admin/v1/event_reports {
proxy_set_header Host $host;
client_max_body_size 50M;
proxy_http_version 1.1;
location ~ ^/_synapse/admin/v1/rooms/([^/]*)/context/(.*)$ {
set $room_id $2;
set $event_id $3;

2
matrix/element-call/README.md
View file

@ -308,7 +308,7 @@ curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.0/install.sh | bash
Exit and login again to set some environment variables (yes, the installation
changes .bashrc). Then install and upgrade:
```
nvm install 23
sudo apt install yarnpkg

48
matrix/nginx/README.md
View file

@ -187,14 +187,14 @@ server {
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/element.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/element.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/ssl/dhparams.pem;
server_name element.example.com;
location / {
if ($scheme = http) {
return 301 https://$host$request_uri;
@ -204,10 +204,10 @@ server {
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors 'self'";
}
root /usr/share/element-web;
index index.html;
access_log /var/log/nginx/elementweb-access.log;
error_log /var/log/nginx/elementweb-error.log;
}
@ -225,16 +225,16 @@ another vhost, something like this:
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/admin.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/admin.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/ssl/dhparams.pem;
server_name admin.example.com;
root /var/www/synapse-admin;
access_log /var/log/nginx/admin-access.log;
error_log /var/log/nginx/admin-error.log;
}
@ -256,7 +256,7 @@ location ~ ^/_synapse/admin {
allow 111.222.111.222;
allow dead:beef::/64;
deny all;
proxy_pass http://localhost:8008;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
@ -281,14 +281,14 @@ Then create a virtual host much like this:
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/livekit.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/livekit.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/ssl/dhparams.pem;
server_name livekit.example.com;
# This is lk-jwt-service
location ~ ^(/sfu/get|/healthz) {
proxy_pass http://[::1]:8080;
@ -298,19 +298,19 @@ server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
proxy_pass http://[::1]:7880;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
access_log /var/log/nginx/livekit-access.log;
error_log /var/log/nginx/livekit-error.log;
}
@ -326,34 +326,34 @@ should be the configuration to publish that:
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/call.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/call.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/ssl/dhparams.pem;
server_name call.example.com;
root /var/www/element-call;
location /assets {
add_header Cache-Control "public, immutable, max-age=31536000";
}
location /apple-app-site-association {
default_type application/json;
}
location /^config.json$ {
alias public/config.json;
default_type application/json;
}
location / {
try_files $uri /$uri /index.html;
add_header Cache-Control "public, max-age=30, stale-while-revalidate=30";
}
access_log /var/log/nginx/call-access.log;
error_log /var/log/nginx/call-error.log;
}

16
matrix/nginx/conf/call.conf
View file

@ -1,34 +1,34 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/call.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/call.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/ssl/dhparams.pem;
server_name call.example.com;
root /var/www/element-call;
location /assets {
add_header Cache-Control "public, immutable, max-age=31536000";
}
location /apple-app-site-association {
default_type application/json;
}
location /^config.json$ {
alias public/config.json;
default_type application/json;
}
location / {
try_files $uri /$uri /index.html;
add_header Cache-Control "public, max-age=30, stale-while-revalidate=30";
}
access_log /var/log/nginx/call-access.log;
error_log /var/log/nginx/call-error.log;
}

14
matrix/nginx/conf/domain.conf
View file

@ -3,14 +3,14 @@ server {
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/ssl/dhparams.pem;
server_name example.com;
location /.well-known/matrix/client {
return 200 '{
"m.homeserver": {"base_url": "https://matrix.example.com"},
@ -23,7 +23,7 @@ server {
default_type application/json;
add_header 'Access-Control-Allow-Origin' '*';
}
location /.well-known/matrix/server {
return 200 '{"m.server": "matrix.example.com"}';
default_type application/json;
@ -44,18 +44,18 @@ server {
default_type application/json;
}
location /.well-known/element/element.json {
return 200 '{"call": {"widget_url": "https://call.example.com"}}';
default_type application/json;
}
location / {
if ($scheme = http) {
return 301 https://$host$request_uri;
}
}
access_log /var/log/nginx/example-access.log;
error_log /var/log/nginx/example-error.log;
}

12
matrix/nginx/conf/elementweb.conf
View file

@ -3,27 +3,27 @@ server {
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/element.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/element.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/ssl/dhparams.pem;
server_name element.example.com;
location / {
if ($scheme = http) {
return 301 https://$host$request_uri;
}
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Content-Security-Policy "frame-ancestors 'self'";
}
root /usr/share/element-web;
index index.html;
access_log /var/log/nginx/elementweb-access.log;
error_log /var/log/nginx/elementweb-error.log;
}

12
matrix/nginx/conf/livekit.conf
View file

@ -1,14 +1,14 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/livekit.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/livekit.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/ssl/dhparams.pem;
server_name livekit.example.com;
# This is lk-jwt-service
location ~ ^(/sfu/get|/healthz) {
proxy_pass http://[::1]:8080;
@ -18,20 +18,20 @@ server {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
proxy_pass http://[::1]:7880;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade;
#add_header Access-Control-Allow-Origin "*" always;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
access_log /var/log/nginx/livekit-access.log;
error_log /var/log/nginx/livekit-error.log;
}

4
matrix/nginx/conf/revproxy.conf
View file

@ -17,7 +17,7 @@ server {
location ~ ^/_matrix/client/(r0|v3)/rooms/([^/]*)/report/(.*)$ {
# The r0 endpoint is deprecated but still used by many clients.
# As of this writing, the v3 endpoint is the up-to-date version.
# Alias the regexps, to ensure that they're not rewritten.
set $room_id $2;
set $event_id $3;
@ -53,7 +53,7 @@ server {
client_max_body_size 50M;
proxy_http_version 1.1;
}
# The rest of the admin endpoint shouldn't be public
location ~ ^/_synapse/admin {
allow 127.0.0.1;

8
matrix/nginx/conf/synapse-admin.conf
View file

@ -1,16 +1,16 @@
server {
listen 443 ssl;
listen [::]:443 ssl;
ssl_certificate /etc/letsencrypt/live/admin.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/admin.example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/ssl/dhparams.pem;
server_name admin.example.com;
root /var/www/synapse-admin;
access_log /var/log/nginx/admin-access.log;
error_log /var/log/nginx/admin-error.log;
}

4
matrix/nginx/workers/README.md
View file

@ -282,7 +282,7 @@ Now that we have defined the workers and/or worker pools, we have to forward
the right traffic to the right workers. The Synapse documentation about
[available worker
types](https://element-hq.github.io/synapse/latest/workers.html#available-worker-applications)
lists which endpoints a specific worker type can handle.
lists which endpoints a specific worker type can handle.
## Login
@ -323,7 +323,7 @@ requests:
```
We forward those to our 2 worker pools making sure the heavy initial syncs go
to the `initial_sync` pool, and the normal ones to `normal_sync`. We use the
to the `initial_sync` pool, and the normal ones to `normal_sync`. We use the
variable `$sync`for that, which we defined in maps.conf.
```

2
matrix/nginx/workers/maps.conf
View file

@ -2,7 +2,7 @@
# should be stored under /etc/nginx/conf.d so that it is loaded whenever nginx starts.
# List of allowed origins, can only send one.
map $http_origin $allow_origin {
map $http_origin $allow_origin {
~^https?://element.example.com$ $http_origin;
~^https?://call.example.com$ $http_origin;
~^https?://someserver.example.com$ $http_origin;

4
matrix/synapse/README.md
View file

@ -192,7 +192,7 @@ See the included files for more elaborate examples, and check
Synapse should probably be able to send out e-mails; notifications for those
who want that, and password reset for those who need one.
You configure this under the section `email` (yes, really).
You configure this under the section `email` (yes, really).
First of all, you need an SMTP-server that is configured to send e-mail for
your domain. Configuring that is out of scope, we'll assume we can use the
@ -294,7 +294,7 @@ password_config:
With this bit, we configure Synapse to let users pick and change their own
passwords, as long as they meet the configured conditions. Mind you: `pepper` is
a secret random string that should *NEVER* be changed after initial setup.
a secret random string that should *NEVER* be changed after initial setup.
But in a bigger environment you'll probably want to use some authentication
backend, such as LDAP. LDAP is configured by means of a module (see

2
matrix/synapse/conf.d/authentication.yaml
View file

@ -4,7 +4,7 @@ password_config:
policy:
enabled: only_for_reauth
localdb_enabled: false
password_providers:
- module: "ldap_auth_provider.LdapAuthProvider"
config:

2
matrix/synapse/workers/README.md
View file

@ -153,7 +153,7 @@ listeners:
type: http
resources:
- names:
- replication
- replication
```
This means Synapse will create two sockets under `/run/matrix-synapse`: one

2
panel/nix/tests.nix
View file

@ -26,7 +26,7 @@ lib.mapAttrs (name: test: pkgs.testers.runNixOSTest (test // { inherit name; }))
# run all application-level tests managed by Django
# https://docs.djangoproject.com/en/5.0/topics/testing/overview/
testScript = ''
server.succeed("manage test")
server.succeed("manage test ${name}")
'';
};
admin = {

BIN
panel/src/panel/static/favicon.ico Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 22 KiB

2
panel/src/panel/templates/base.html
View file

@ -30,7 +30,7 @@
{% load custom_tags %}
<li>
{% if user.is_authenticated %}
Welcome, {{ user.username }}! <a id="logout" href="{% auth_url 'logout' %}">Logout</a>
Welcome, <a href="{% url 'account_detail' %}">{{ user.username }}</a>! <a id="logout" href="{% auth_url 'logout' %}">Logout</a>
{% else %}
<a id="login" href="{% auth_url 'login' %}">Login</a>
{% endif %}

0
panel/src/panel/tests/__init__.py Normal file
View file

104
panel/src/panel/tests/test_user_stories.py Normal file
View file

@ -0,0 +1,104 @@
from django.test import TestCase
from django.urls import reverse
from django.contrib.auth.models import User
from django.template import Template, Context
from urllib.parse import unquote
class Login(TestCase):
def setUp(self):
self.username = 'testuser'
self.password = 'securepassword123'
self.user = User.objects.create_user(
username=self.username,
email='test@example.com',
password=self.password
)
self.login = reverse('login')
self.logout = reverse('logout')
self.required_login = reverse('account_detail')
self.optional_login = reverse('service_list')
def test_optional_login_redirects_back_to_original_page(self):
# go to a view where authentication is optional
response = self.client.get(self.optional_login)
self.assertEqual(response.status_code, 200)
self.assertFalse(response.context['user'].is_authenticated)
# check that the expected login URL is in the response
context = response.context[0]
template = Template("{% load custom_tags %}{% auth_url 'login' %}")
login_url = template.render(context)
self.assertIn(login_url, response.content.decode('utf-8'))
# log in
response = self.client.get(login_url)
self.assertEqual(response.status_code, 200)
login_data = {
'username': self.username,
'password': self.password,
}
response = self.client.post(login_url, login_data, follow=True)
# check that we're back at the desired view and authenticated
self.assertEqual(response.status_code, 200)
self.assertTrue(response.context['user'].is_authenticated)
location, status = response.redirect_chain[-1]
self.assertEqual(location, self.optional_login)
# check that the expected logout URL is present
context = response.context[0]
template = Template("{% load custom_tags %}{% auth_url 'logout' %}")
logout_url = template.render(context)
self.assertIn(logout_url, response.content.decode('utf-8'))
# log out again
response = self.client.get(logout_url, follow=True)
# check that we're back at the view and logged out
self.assertEqual(response.status_code, 200)
location, status = response.redirect_chain[-1]
self.assertEqual(location, self.optional_login)
self.assertFalse(response.context['user'].is_authenticated)
def test_required_login_redirects_back_login(self):
# go to a view that requires authentication
response = self.client.get(self.required_login)
# check that we're redirected to the login view
self.assertEqual(response.status_code, 302)
redirect = response.url
self.assertTrue(redirect.startswith(self.login))
# log in
response = self.client.get(redirect)
self.assertEqual(response.status_code, 200)
login_data = {
'username': self.username,
'password': self.password,
}
response = self.client.post(redirect, login_data, follow=True)
# check that we reached the desired view, authenticated
self.assertEqual(response.status_code, 200)
location, status = response.redirect_chain[-1]
self.assertEqual(location, self.required_login)
self.assertTrue(response.context['user'].is_authenticated)
# check that the expected logout URL is present
context = response.context[0]
template = Template("{% load custom_tags %}{% auth_url 'logout' %}")
logout_url = template.render(context)
self.assertIn(logout_url, response.content.decode('utf-8'))
# log out
response = self.client.get(logout_url, follow=True)
# check that we're at the expected location, logged out
self.assertEqual(response.status_code, 200)
template = Template("{% load custom_tags %}{% auth_url 'login' %}")
login_url = template.render(context)
location, status = response.redirect_chain[-1]
self.assertEqual(location, unquote(login_url))
self.assertFalse(response.context['user'].is_authenticated)

30
website/assets/scss/custom.scss
View file

@ -3,54 +3,54 @@
display: flex;
justify-content: space-between;
}
.column {
flex-basis: calc(50% - 10px); /* Adjust width as necessary */
}
.list {
list-style-type: none;
padding: 0;
}
.list-item {
margin-bottom: 10px;
}
.link {
text-decoration: none;
color: inherit;
}
.title {
font-weight: bold;
}
.hr-list {
border: 0;
border-top: 1px solid #ccc;
margin-top: 5px;
margin-bottom: 5px;
}
.list-item {
display: flex;
justify-content: space-between;
align-items: center;
}
.content {
flex: 1;
}
.link {
text-align: left;
}
.time {
text-align: right;
}
.grid-container {
display: grid;
@ -78,12 +78,12 @@
.read-more-link {
color: #FF6E00; /* Use the variable defined in theme.json */
}
.center-wrapper {
display: flex;
justify-content: center;
align-items: center;
}
.grid-container-small {
@ -102,7 +102,7 @@
display: flex;
justify-content: center;
}
.hr-list2 {
@ -115,7 +115,7 @@
.header-with-image2 {
text-align: center;
}
.header-with-image2 img {
display: inline-block;

252
website/content/default.nix
View file

@ -9,124 +9,160 @@ in
collections.news.type = cfg.content-types.article;
collections.events.type = cfg.content-types.event;
pages.index = { config, link, ... }: {
title = "Welcome to the Fediversity project";
description = "Fediversity web site";
summary = ''
This web site hosts up-to-date information about the the NGI Zero Fediversity project.
'';
body = ''
${pages.fediversity.summary}
pages.index =
{ config, link, ... }:
{
title = "Welcome to the Fediversity project";
description = "Fediversity web site";
summary = ''
This web site hosts up-to-date information about the the NGI Zero Fediversity project.
'';
body = ''
${pages.fediversity.summary}
[Learn more about Fediversity](${link pages.fediversity})
'';
outputs.html = (cfg.templates.html.page config).override (final: prev: {
html = {
head.title.text = "Fediversity";
head.link.stylesheets = prev.html.head.link.stylesheets ++ [
{ href = "${link cfg.assets."index.css"}"; }
];
body.content =
let
to-section = { heading, body, attrs ? { } }: {
section = {
heading.content = heading;
inherit attrs;
content = [
(cfg.templates.html.markdown {
name = "${config.name}-${lib.slug heading}";
inherit body;
})
];
};
};
in
[
(lib.head prev.html.body.content)
{
section = {
attrs = { };
heading.content = config.title;
content = [
(cfg.templates.html.markdown { inherit (config) name body; })
]
++
(map to-section [
[Learn more about Fediversity](${link pages.fediversity})
'';
outputs.html = (cfg.templates.html.page config).override (
_final: prev: {
html = {
head.title.text = "Fediversity";
head.link.stylesheets = prev.html.head.link.stylesheets ++ [
{ href = "${link cfg.assets."index.css"}"; }
];
body.content =
let
to-section =
{
heading = "Fediversity grants";
body = ''
${pages.grants.summary}
[Learn more about Fediversity grants](${link pages.grants})
'';
}
heading,
body,
attrs ? { },
}:
{
heading = "Consortium";
body = ''
The Consortium behind the Fediversity project is a cooperation between NLnet, Open Internet Discourse Foundation, NORDUnet and Tweag.
section = {
heading.content = heading;
inherit attrs;
content = [
(cfg.templates.html.markdown {
name = "${config.name}-${lib.slug heading}";
inherit body;
})
];
};
};
in
[
(lib.head prev.html.body.content)
{
section = {
attrs = { };
heading.content = config.title;
content =
[
(cfg.templates.html.markdown { inherit (config) name body; })
]
++ (map to-section [
{
heading = "Fediversity grants";
body = ''
${pages.grants.summary}
${toString (map (partner: ''
### ${partner.title}
[Learn more about Fediversity grants](${link pages.grants})
'';
}
{
heading = "Consortium";
body = ''
The Consortium behind the Fediversity project is a cooperation between NLnet, Open Internet Discourse Foundation, NORDUnet and Tweag.
${partner.summary}
${toString (
map
(partner: ''
### ${partner.title}
[Read more about ${partner.title}](${link partner})
'') (with pages; [ nlnet oid tweag nordunet ]))}
'';
}
{
heading = "Fediverse explained";
body = ''
${toString (map (role: ''
### ${role.title}
${partner.summary}
${role.summary}
[Read more about ${partner.title}](${link partner})
'')
(
with pages;
[
nlnet
oid
tweag
nordunet
]
)
)}
'';
}
{
heading = "Fediverse explained";
body = ''
${toString (
map
(role: ''
### ${role.title}
[Read more about ${role.title}](${link role})
'') (with pages; [ individuals developers european-commission ]))}
'';
}
]);
};
}
]
++
(map to-section [
{
heading = "News";
attrs = { class = [ "collection" ]; };
body =
let
sorted = with lib; reverseList (sortOn (entry: entry.date) cfg.collections.news.entry);
in
lib.join "\n" (map
(article: ''
- ${article.date} [${article.title}](${link article})
'')
sorted);
}
{
heading = "Events";
attrs = { class = [ "collection" ]; };
body =
let
sorted = with lib; reverseList (sortOn (entry: entry.start-date) cfg.collections.events.entry);
in
lib.join "\n" (map
(article: ''
- ${article.start-date} [${article.title}](${link article})
'')
sorted);
}
]);
};
${role.summary}
});
};
[Read more about ${role.title}](${link role})
'')
(
with pages;
[
individuals
developers
european-commission
]
)
)}
'';
}
]);
};
}
]
++ (map to-section [
{
heading = "News";
attrs = {
class = [ "collection" ];
};
body =
let
sorted = with lib; reverseList (sortOn (entry: entry.date) cfg.collections.news.entry);
in
lib.join "\n" (
map (article: ''
- ${article.date} [${article.title}](${link article})
'') sorted
);
}
{
heading = "Events";
attrs = {
class = [ "collection" ];
};
body =
let
sorted = with lib; reverseList (sortOn (entry: entry.start-date) cfg.collections.events.entry);
in
lib.join "\n" (
map (article: ''
- ${article.start-date} [${article.title}](${link article})
'') sorted
);
}
]);
};
assets."index.css".path = with lib; builtins.toFile
"index.css"
''
}
);
};
assets."index.css".path =
with lib;
builtins.toFile "index.css" ''
section h1, section h2, section h3
{
text-align: center;

40
website/content/events.nix
View file

@ -1,22 +1,26 @@
{ config, lib, ... }:
{
pages.events = { link, ... }: rec {
title = "Events";
description = "Events related to the Fediverse and NixOS";
summary = description;
body =
with lib;
let
events = map
(event: with lib; ''
## [${event.title}](${link event})
pages.events =
{ link, ... }:
rec {
title = "Events";
description = "Events related to the Fediverse and NixOS";
summary = description;
body =
with lib;
let
events = map (
event: with lib; ''
## [${event.title}](${link event})
${event.start-date} ${optionalString (!isNull event.end-date && event.end-date != event.start-date) "to ${event.end-date}"} in ${event.location}
'')
config.collections.events.entry;
in
''
${join "\n" events}
'';
};
${event.start-date} ${
optionalString (!isNull event.end-date && event.end-date != event.start-date) "to ${event.end-date}"
} in ${event.location}
''
) config.collections.events.entry;
in
''
${join "\n" events}
'';
};
}

38
website/content/events/2024-11-zurich-zhf.nix
View file

@ -1,23 +1,25 @@
{ config, lib, ... }:
{ config, ... }:
{
collections.events.entry = { link, ... }: {
title = "NixOS 24.11 ZHF hackathon";
name = "zhf-24-11";
description = "NixOS 24.11 ZHF hackathon in Zürich";
start-date = "2024-11-23";
end-date = "2024-11-24";
start-time = "10:00";
end-time = "17:00";
location = "OST Campus Rapperswil";
body = ''
The biannual [Zürich NixOS ZHF hackathon](https://zurich.nix.ug/) has become somewhat of an institution for maintaining the tradition of preparing the upcoming NixOS release.
collections.events.entry =
{ link, ... }:
{
title = "NixOS 24.11 ZHF hackathon";
name = "zhf-24-11";
description = "NixOS 24.11 ZHF hackathon in Zürich";
start-date = "2024-11-23";
end-date = "2024-11-24";
start-time = "10:00";
end-time = "17:00";
location = "OST Campus Rapperswil";
body = ''
The biannual [Zürich NixOS ZHF hackathon](https://zurich.nix.ug/) has become somewhat of an institution for maintaining the tradition of preparing the upcoming NixOS release.
The main goal of the two-day gathering is to bring down the number of build failures on the [continuous integration system Hydra](https://status.nixos.org/) before the release: ZHF stands for *Zero Hydra Failures*.
It also presents a great opportunity to learn Nix, squash bugs together, get to know each other, discuss current events, and make plans for the future.
The main goal of the two-day gathering is to bring down the number of build failures on the [continuous integration system Hydra](https://status.nixos.org/) before the release: ZHF stands for *Zero Hydra Failures*.
It also presents a great opportunity to learn Nix, squash bugs together, get to know each other, discuss current events, and make plans for the future.
This is the greatest event in the series so far, with more than 40 participants from all over Europe, including many high-profile contributors and maintainers in the Nix ecosystem.
This is the greatest event in the series so far, with more than 40 participants from all over Europe, including many high-profile contributors and maintainers in the Nix ecosystem.
[Fediversity engineers attended](${link config.collections.news.by-name.zhf-24-11}) to present prototypes and exchange ideas with other developers.
'';
};
[Fediversity engineers attended](${link config.collections.news.by-name.zhf-24-11}) to present prototypes and exchange ideas with other developers.
'';
};
}

42
website/content/events/owc-annual-conference-2024.nix
View file

@ -1,24 +1,26 @@
{ ... }:
{
collections.events.entry = { ... }: {
title = "OW2con 2024";
description = "OW2con is the annual European open source conference in Paris";
start-date = "2024-06-11";
end-date = "2024-06-12";
start-time = "09:00";
end-time = "18:00";
location = "Paris-Chatillon";
body = ''
OW2con is the European open source conference organized by OW2.
An international meeting of developpers, IT companies, academics and non-profit organizations, OW2con brings together the entire open source community, during two days of presentations ranging from tech topics to business and ethical issues of open source.
It also offers a unique opportunity to establish contact with peers through friendly networking sessions.
OW2con is [open](https://www.ngi.eu/event/open-source-community-annual-conference-2024/) to all, the event is free and all sessions are held in English.
collections.events.entry =
{ ... }:
{
title = "OW2con 2024";
description = "OW2con is the annual European open source conference in Paris";
start-date = "2024-06-11";
end-date = "2024-06-12";
start-time = "09:00";
end-time = "18:00";
location = "Paris-Chatillon";
body = ''
OW2con is the European open source conference organized by OW2.
An international meeting of developpers, IT companies, academics and non-profit organizations, OW2con brings together the entire open source community, during two days of presentations ranging from tech topics to business and ethical issues of open source.
It also offers a unique opportunity to establish contact with peers through friendly networking sessions.
OW2con is [open](https://www.ngi.eu/event/open-source-community-annual-conference-2024/) to all, the event is free and all sessions are held in English.
The OW2con24 call for presentations is open.
This year we are giving the highlight on the theme of open source funding:
What are the current solutions for innovators, start-ups or ISVs to finance their development?
Private or public financing?
Are national and European public policies up to the challenges?
'';
};
The OW2con24 call for presentations is open.
This year we are giving the highlight on the theme of open source funding:
What are the current solutions for innovators, start-ups or ISVs to finance their development?
Private or public financing?
Are national and European public policies up to the challenges?
'';
};
}

32
website/content/events/publicspaces-conference-2024.nix
View file

@ -1,18 +1,20 @@
{ ... }:
{
collections.events.entry = { ... }: {
title = "PublicSpaces Conference 2024";
description = "A conference by PublicSpaces, Taking Back the Internet.";
start-date = "2024-06-06";
end-date = "2024-06-07";
start-time = "09:00";
end-time = "18:00";
location = "Pakhuis de Zwijger - Amsterdam";
body = ''
On June 6th and 7th, PublicSpaces and Waag Futurelab proudly present the fourth edition of the PublicSpaces conference under the theme 'Empowering the Internet'.
Held at Pakhuis de Zwijger, this two-day event will feature panels, keynotes, roundtable discussions, lectures, as well as art and cultural showcases, all aimed at collectively shaping the rules for a more inclusive internet.
Join us as we navigate towards a digital landscape where everyone has a voice.
For more information, check out the [website](https://publicspaces.net/2024/02/01/save-the-date-publicspaces-conferentie-2024/)
'';
};
collections.events.entry =
{ ... }:
{
title = "PublicSpaces Conference 2024";
description = "A conference by PublicSpaces, Taking Back the Internet.";
start-date = "2024-06-06";
end-date = "2024-06-07";
start-time = "09:00";
end-time = "18:00";
location = "Pakhuis de Zwijger - Amsterdam";
body = ''
On June 6th and 7th, PublicSpaces and Waag Futurelab proudly present the fourth edition of the PublicSpaces conference under the theme 'Empowering the Internet'.
Held at Pakhuis de Zwijger, this two-day event will feature panels, keynotes, roundtable discussions, lectures, as well as art and cultural showcases, all aimed at collectively shaping the rules for a more inclusive internet.
Join us as we navigate towards a digital landscape where everyone has a voice.
For more information, check out the [website](https://publicspaces.net/2024/02/01/save-the-date-publicspaces-conferentie-2024/)
'';
};
}

40
website/content/events/waag-state-internet-2024.nix
View file

@ -1,25 +1,27 @@
{ ... }:
{
collections.events.entry = { ... }: {
title = "State of the Internet 2024";
description = "The State of the Internet 2024 by Waag";
start-date = "2024-05-16";
end-date = "2024-05-16";
start-time = "18:00";
end-time = "20:00";
location = "OBA Oosterdok - Amsterdam";
body = ''
Join us at the State of the Internet 2024, where Waag Futurelab, alongside the Municipality of Amsterdam and the OBA, delves into the depths of the online realm.
Featuring Kim van Sparrentak, Member of the European Parliament, discussing Europe's efforts to regulate Big Tech and enhance digital rights.
Explore the impact of pivotal European laws like the GDPR and AI Act while celebrating 30 years of Waag Futurelab's dedication to democratizing technology access for all.
collections.events.entry =
{ ... }:
{
title = "State of the Internet 2024";
description = "The State of the Internet 2024 by Waag";
start-date = "2024-05-16";
end-date = "2024-05-16";
start-time = "18:00";
end-time = "20:00";
location = "OBA Oosterdok - Amsterdam";
body = ''
Join us at the State of the Internet 2024, where Waag Futurelab, alongside the Municipality of Amsterdam and the OBA, delves into the depths of the online realm.
Featuring Kim van Sparrentak, Member of the European Parliament, discussing Europe's efforts to regulate Big Tech and enhance digital rights.
Explore the impact of pivotal European laws like the GDPR and AI Act while celebrating 30 years of Waag Futurelab's dedication to democratizing technology access for all.
The event takes place at:
The event takes place at:
OBA Oosterdok <br>
Oosterdokskade 143 <br>
1011 DK Amsterdam
OBA Oosterdok <br>
Oosterdokskade 143 <br>
1011 DK Amsterdam
Registration available [here](https://waag.org/nl/event/de-staat-van-het-internet-2024-met-kim-van-sparrentak/).
'';
};
Registration available [here](https://waag.org/nl/event/de-staat-van-het-internet-2024-met-kim-van-sparrentak/).
'';
};
}

29
website/content/navigation.nix
View file

@ -1,4 +1,4 @@
{ config, lib, ... }:
{ config, ... }:
let
inherit (config) pages;
in
@ -6,16 +6,33 @@ in
menus.main = {
label = "Main";
items = [
{ page = pages.index // { title = "Start"; }; }
{
page = pages.index // {
title = "Start";
};
}
{
menu.label = "For you";
menu.items = map (page: { inherit page; })
(with pages; [ individuals developers european-commission ]);
menu.items = map (page: { inherit page; }) (
with pages;
[
individuals
developers
european-commission
]
);
}
{
menu.label = "Consortium";
menu.items = map (page: { inherit page; })
(with pages; [ nlnet oid tweag nordunet ]);
menu.items = map (page: { inherit page; }) (
with pages;
[
nlnet
oid
tweag
nordunet
]
);
}
{ page = pages.fediversity; }
{ page = pages.grants; }

32
website/content/news.nix
View file

@ -1,24 +1,24 @@
{ config, lib, ... }:
{
pages.news = { link, ... }: rec {
title = "News";
description = "News about Fediversity";
summary = description;
body =
with lib;
let
news = map
(article: ''
pages.news =
{ link, ... }:
rec {
title = "News";
description = "News about Fediversity";
summary = description;
body =
with lib;
let
news = map (article: ''
## [${article.title}](${link article})
${article.date} by ${article.author}
${article.summary}
'')
config.collections.news.entry;
in
''
${join "\n\n" news}
'';
};
'') config.collections.news.entry;
in
''
${join "\n\n" news}
'';
};
}

38
website/content/news/2024-11-zurich-zhf.nix
View file

@ -1,22 +1,24 @@
{ config, lib, ... }:
{ config, ... }:
{
collections.news.entry = { link, ... }: rec {
name = "zhf-24-11";
title = "NixOS 24.11 release hackathon and workshop";
description = "Fediversity engineers met in Zürich at a NixOS 24.11 ZHF hackathon";
date = "2024-11-28";
author = "Valentin Gagarin";
summary = ''
Fediversity engineers met in Zürich at a [NixOS 24.11 ZHF hackathon](${link config.collections.events.by-name.zhf-24-11}) to present prototypes and exchange ideas with the Nix community.
'';
body = ''
${summary}
collections.news.entry =
{ link, ... }:
rec {
name = "zhf-24-11";
title = "NixOS 24.11 release hackathon and workshop";
description = "Fediversity engineers met in Zürich at a NixOS 24.11 ZHF hackathon";
date = "2024-11-28";
author = "Valentin Gagarin";
summary = ''
Fediversity engineers met in Zürich at a [NixOS 24.11 ZHF hackathon](${link config.collections.events.by-name.zhf-24-11}) to present prototypes and exchange ideas with the Nix community.
'';
body = ''
${summary}
Robert held a lightning talk on the design of [NixOps4](https://github.com/nixops4/nixops4), which is currently in the prototype stage of development.
Before that, Nicolas had already shown an internal demonstration that NixOps4 is capable of deploying multiple NixOS services in the Fediversity test environment.
Robert held a lightning talk on the design of [NixOps4](https://github.com/nixops4/nixops4), which is currently in the prototype stage of development.
Before that, Nicolas had already shown an internal demonstration that NixOps4 is capable of deploying multiple NixOS services in the Fediversity test environment.
In the afternoon, Robert, Valentin, and Koen got together with Eli from [Thymis](https://thymis.io) and Johannes from [Clan](https://clan.lol/) to walk each other through the architecture of their respective systems.
This was an extraordinarily fruitful encounter that helped us to identify overlaps and potential for future collaboration!
'';
};
In the afternoon, Robert, Valentin, and Koen got together with Eli from [Thymis](https://thymis.io) and Johannes from [Clan](https://clan.lol/) to walk each other through the architecture of their respective systems.
This was an extraordinarily fruitful encounter that helped us to identify overlaps and potential for future collaboration!
'';
};
}

33
website/content/news/project-launch.nix
View file

@ -1,19 +1,22 @@
{ config, lib, ... }:
{ ... }:
{
collections.news.entry = { link, ... }: {
title = "Fediversity project publicly announced";
description = "The Fediversity project has officially been announced";
date = "2024-01-01";
author = "Laurens Hof";
summary = ''
We are pleased to introduce the launch of our new website dedicated to the Fediversity project.
'';
body = ''
The Consortium behind the Fediversity project announces that the project has officially been started. NLnet, Tweag, NorduNet and the Open Internet Discourse Foundation are working together to build a new service for cloud hosters.
collections.news.entry =
{ ... }:
{
title = "Fediversity project publicly announced";
description = "The Fediversity project has officially been announced";
date = "2024-01-01";
author = "Laurens Hof";
summary = ''
We are pleased to introduce the launch of our new website dedicated to the Fediversity project.
'';
body = ''
The Consortium behind the Fediversity project announces that the project has officially been started. NLnet, Tweag, NorduNet and the Open Internet Discourse Foundation are working together to build a new service for cloud hosters.
Fediversity is a comprehensive effort to bring easy-to-use, hosted cloud services with service portability and personal freedom at their core to everyone. It wants to provide everyone with high-quality, secure IT systems for everyday use. Without tracking, without exploitation, in a way that runs everywhere and scales effortlessly. Fediversity is based on NixOS, a disruptive Linux distribution with a unique approach to package and configuration management. Built on top of the Nix package manager, NixOS is completely declarative, makes upgrading systems reliable, and has many other advantages. Because it is reproducible, it is ideally suited for complex deployment scenario's where consistent behaviour, stability and configurability matter.
Fediversity is a comprehensive effort to bring easy-to-use, hosted cloud services with service portability and personal freedom at their core to everyone. It wants to provide everyone with high-quality, secure IT systems for everyday use. Without tracking, without exploitation, in a way that runs everywhere and scales effortlessly. Fediversity is based on NixOS, a disruptive Linux distribution with a unique approach to package and configuration management. Built on top of the Nix package manager, NixOS is completely declarative, makes upgrading systems reliable, and has many other advantages. Because it is reproducible, it is ideally suited for complex deployment scenario's where consistent behaviour, stability and configurability matter.
Fediversity has received funding from the European Unions Horizon Europe research and innovation programme under grant agreement No. 101136078.
'';
};
Fediversity has received funding from the European Unions Horizon Europe research and innovation programme under grant agreement No. 101136078.
'';
};
}

8
website/content_/_index.md
View file

@ -34,7 +34,7 @@ features3:
button:
enable: true
label: "Learn more"
link: "/oid"
link: "/oid"
- title: "Tweag"
image: "/images/users.svg"
@ -42,7 +42,7 @@ features3:
button:
enable: true
label: "Learn more"
link: "/tweag"
link: "/tweag"
- title: "NORDUnet"
image: "/images/users.svg"
@ -50,7 +50,7 @@ features3:
button:
enable: true
label: "Learn more"
link: "/nordunet"
link: "/nordunet"
features:
- title: "Fediversity Grants"
@ -59,7 +59,7 @@ features:
button:
enable: true
label: "Learn more"
link: "/grants"
link: "/grants"
features2:
- title: "Individuals"

36
website/default.nix
View file

@ -1,14 +1,16 @@
{ sources ? import ../npins
, system ? builtins.currentSystem
, pkgs ? import sources.nixpkgs {
{
sources ? import ../npins,
system ? builtins.currentSystem,
pkgs ? import sources.nixpkgs {
inherit system;
config = { };
overlays = [ ];
}
, lib ? import "${sources.nixpkgs}/lib"
},
lib ? import "${sources.nixpkgs}/lib",
}:
let
lib' = final: prev:
lib' =
final: prev:
let
new = import ./lib.nix { lib = final; };
in
@ -37,15 +39,21 @@ rec {
let
run-tests = pkgs.writeShellApplication {
name = "run-tests";
text = with pkgs; with lib; ''
${getExe nix-unit} ${toString ./tests.nix} "$@"
'';
text =
with pkgs;
with lib;
''
${getExe nix-unit} ${toString ./tests.nix} "$@"
'';
};
test-loop = pkgs.writeShellApplication {
name = "test-loop";
text = with pkgs; with lib; ''
${getExe watchexec} -w ${toString ./.} -- ${getExe nix-unit} ${toString ./tests.nix}
'';
text =
with pkgs;
with lib;
''
${getExe watchexec} -w ${toString ./.} -- ${getExe nix-unit} ${toString ./tests.nix}
'';
};
devmode = pkgs.devmode.override {
buildArgs = "${toString ./.} -A build --show-trace";
@ -62,7 +70,9 @@ rec {
};
inherit sources pkgs;
tests = with pkgs; with lib;
tests =
with pkgs;
with lib;
let
source = fileset.toSource {
root = ../.;

2
website/layouts/blog/list.html
View file

@ -18,5 +18,5 @@
</div>
</div>
</section>
</section>
{{ end }}

2
website/layouts/blog/single.html
View file

@ -58,7 +58,7 @@
</div>
</article>
</div>

2
website/layouts/contact/list.html
View file

@ -61,4 +61,4 @@
</div>
</section>
{{ end }}
{{ end }}

4
website/layouts/events/list.html
View file

@ -14,14 +14,14 @@
<a class="link" href="{{ .RelPermalink }}" style="color: #FF6E00">{{ .Title }}</a>
</div>
<hr class="hr-list">
<time class="g time" datetime="{{ dateFormat "2006-01-02" .Date }}">{{ dateFormat "02-01-2006" .Date }}</time>
<hr class="hr-list2">
</li>
<div class="line"></div>
{{ end }}
</ul>
</section>
{{ end }}
</ul>

2
website/layouts/events/single.html
View file

@ -63,7 +63,7 @@
</div>
</article>
</div>

10
website/layouts/index.html
View file

@ -45,7 +45,7 @@
<div class="container">
<div class="grid-container">
{{ range $i, $e := .Params.features3 }}
<div class="grid-item">
<div class="header-with-image2">
@ -89,7 +89,7 @@
>
<h2 class="mb-4">{{ .title | markdownify }}</h2>
<p class="mb-8 text-lg">{{ .content | markdownify }}</p>
<ul>
<ul>
{{ range .bulletpoints }}
<li class="relative mb-4 pl-6">
<i class="fa fa-check absolute left-0 top-1.5"></i>
@ -147,7 +147,7 @@
{{ if gt (len (where .Site.RegularPages "Section" "blog")) 0 }}
<section>
<div class="center-wrapper">
<div class="center-wrapper">
<div class="grid-container-small">
<div class="column">
<ul class="list">
@ -164,7 +164,7 @@
<a class="link" href="{{ .RelPermalink }}" style="color: #FF6E00">{{ .Title }}</a>
</div>
<hr class="hr-list">
<time class="g time" datetime="{{ dateFormat "2006-01-02" .Date }}">{{ dateFormat "02-01-2006" .Date }}</time>
<hr class="hr-list2">
</li>
@ -189,7 +189,7 @@
<a class="link" href="{{ .RelPermalink }}" style="color: #FF6E00">{{ .Title }}</a>
</div>
<hr class="hr-list">
<time class="g time" datetime="{{ dateFormat "2006-01-02" .Date }}">{{ dateFormat "02-01-2006" .Date }}</time>
<hr class="hr-list2">
</li>

173
website/lib.nix
View file

@ -1,22 +1,26 @@
{ lib }:
rec {
template = g: f: x:
template =
g: f: x:
let
base = f x;
result = g base;
in
result // {
override = new:
result
// {
override =
new:
let
base' =
if lib.isFunction new
then lib.recursiveUpdate base (new base' base)
if lib.isFunction new then
lib.recursiveUpdate base (new base' base)
else
lib.recursiveUpdate base new;
result' = g base';
in
result' // {
override = new: (template g (x': base') x).override new;
result'
// {
override = new: (template g (_: base') x).override new;
};
};
@ -28,7 +32,8 @@ rec {
replaceStringRec "--" "-" "hello-----world"
=> "hello-world"
*/
replaceStringsRec = from: to: string:
replaceStringsRec =
from: to: string:
let
replaced = lib.replaceStrings [ from ] [ to ] string;
in
@ -37,25 +42,24 @@ rec {
/**
Create a URL-safe slug from any string
*/
slug = str:
slug =
str:
let
# Replace non-alphanumeric characters with hyphens
replaced = join ""
(
builtins.map
(c:
if (c >= "a" && c <= "z") || (c >= "0" && c <= "9")
then c
else "-"
)
(with lib; stringToCharacters (toLower str)));
replaced = join "" (
builtins.map (c: if (c >= "a" && c <= "z") || (c >= "0" && c <= "9") then c else "-") (
with lib; stringToCharacters (toLower str)
)
);
# Remove leading and trailing hyphens
trimHyphens = s:
trimHyphens =
s:
let
matched = builtins.match "(-*)([^-].*[^-]|[^-])(-*)" s;
in
with lib; optionalString (!isNull matched) (builtins.elemAt matched 1);
with lib;
optionalString (!isNull matched) (builtins.elemAt matched 1);
in
trimHyphens (replaceStringsRec "--" "-" replaced);
@ -64,9 +68,11 @@ rec {
/**
Trim trailing spaces and squash non-leading spaces
*/
trim = string:
trim =
string:
let
trimLine = line:
trimLine =
line:
with lib;
let
# separate leading spaces from the rest
@ -76,8 +82,7 @@ rec {
# drop trailing spaces
body = head (split " *$" rest);
in
if body == "" then "" else
spaces + replaceStringsRec " " " " body;
if body == "" then "" else spaces + replaceStringsRec " " " " body;
in
join "\n" (map trimLine (splitLines string));
@ -85,84 +90,95 @@ rec {
splitLines = s: with builtins; filter (x: !isList x) (split "\n" s);
indent = prefix: s:
indent =
prefix: s:
with lib.lists;
let
lines = splitLines s;
in
join "\n" (
[ (head lines) ]
++
(map (x: if x == "" then x else "${prefix}${x}") (tail lines))
);
join "\n" ([ (head lines) ] ++ (map (x: if x == "" then x else "${prefix}${x}") (tail lines)));
relativePath = path1': path2':
relativePath =
path1': path2':
let
inherit (lib.path) subpath;
inherit (lib) lists length take drop min max;
inherit (lib)
lists
length
take
drop
min
max
;
path1 = subpath.components path1';
prefix1 = take (length path1 - 1) path1;
path2 = subpath.components path2';
prefix2 = take (length path2 - 1) path2;
commonPrefixLength = with lists;
findFirstIndex (i: i.fst != i.snd)
(min (length prefix1) (length prefix2))
(zipLists prefix1 prefix2);
commonPrefixLength =
with lists;
findFirstIndex (i: i.fst != i.snd) (min (length prefix1) (length prefix2)) (
zipLists prefix1 prefix2
);
depth = max 0 (length prefix1 - commonPrefixLength);
relativeComponents = with lists;
relativeComponents =
with lists;
[ "." ] ++ (replicate depth "..") ++ (drop commonPrefixLength path2);
in
join "/" relativeComponents;
/**
Recursively list all Nix files from a directory, except the top-level `default.nix`
Recursively list all Nix files from a directory, except the top-level `default.nix`
Useful for module system `imports` from a top-level module.
**/
nixFiles = dir: with lib.fileset;
toList (difference
(fileFilter ({ hasExt, ... }: hasExt "nix") dir)
(dir + "/default.nix")
);
Useful for module system `imports` from a top-level module.
*
*/
nixFiles =
dir:
with lib.fileset;
toList (difference (fileFilter ({ hasExt, ... }: hasExt "nix") dir) (dir + "/default.nix"));
types = rec {
# arbitrarily nested attribute set where the leaves are of type `type`
# NOTE: this works for anything but attribute sets!
recursiveAttrs = type: with lib.types;
recursiveAttrs =
type:
with lib.types;
# NOTE: due to how `either` works, the first match is significant,
# so if `type` happens to be an attrset, the typecheck will consider
# `type`, not `attrsOf`
attrsOf (either type (recursiveAttrs type));
# collection of unnamed items that can be added to item-wise, i.e. without wrapping the item in a list
collection = elemType:
collection =
elemType:
let
unparenthesize = class: class == "noun";
desc = type:
types.optionDescriptionPhrase unparenthesize type;
desc' = type:
desc = type: types.optionDescriptionPhrase unparenthesize type;
desc' =
type:
let
typeDesc = lib.types.optionDescriptionPhrase unparenthesize type;
in
if type.descriptionClass == "noun"
then
typeDesc + "s"
else
"many instances of ${typeDesc}";
if type.descriptionClass == "noun" then typeDesc + "s" else "many instances of ${typeDesc}";
in
lib.types.mkOptionType {
name = "collection";
description = "separately specified ${desc elemType} for a collection of ${desc' elemType}";
merge = loc: defs:
map
(def:
elemType.merge (loc ++ [ "[definition ${toString def.file}]" ]) [{ inherit (def) file; value = def.value; }]
)
defs;
merge =
loc: defs:
map (
def:
elemType.merge (loc ++ [ "[definition ${toString def.file}]" ]) [
{
inherit (def) file;
value = def.value;
}
]
) defs;
check = elemType.check;
getSubOptions = elemType.getSubOptions;
getSubModules = elemType.getSubModules;
@ -175,29 +191,34 @@ rec {
nestedTypes.elemType = elemType;
};
listOfUnique = elemType:
listOfUnique =
elemType:
let
baseType = lib.types.listOf elemType;
in
baseType // {
merge = loc: defs:
baseType
// {
merge =
loc: defs:
let
# Keep track of which definition each value came from
defsWithValues = map
(def:
map (v: { inherit (def) file; value = v; }) def.value
)
defs;
defsWithValues = map (
def:
map (v: {
inherit (def) file;
value = v;
}) def.value
) defs;
flatDefs = lib.flatten defsWithValues;
# Check for duplicates while preserving source info
seen = builtins.foldl'
(acc: def:
if lib.lists.any (v: v.value == def.value) acc
then throw "The option `${lib.options.showOption loc}` has duplicate values (${toString def.value}) defined in ${def.file}"
else acc ++ [ def ]
) [ ]
flatDefs;
seen = builtins.foldl' (
acc: def:
if lib.lists.any (v: v.value == def.value) acc then
throw "The option `${lib.options.showOption loc}` has duplicate values (${toString def.value}) defined in ${def.file}"
else
acc ++ [ def ]
) [ ] flatDefs;
in
map (def: def.value) seen;
};

101
website/presentation/default.nix
View file

@ -1,4 +1,10 @@
{ config, options, lib, pkgs, ... }:
{
config,
options,
lib,
pkgs,
...
}:
let
inherit (lib)
mkOption
@ -8,13 +14,12 @@ in
{
imports = lib.nixFiles ./.;
options.templates =
mkOption {
description = ''
Collection of named helper functions for conversion different structured representations which can be rendered to a string
'';
type = with types; recursiveAttrs (functionTo (either str attrs));
};
options.templates = mkOption {
description = ''
Collection of named helper functions for conversion different structured representations which can be rendered to a string
'';
type = with types; recursiveAttrs (functionTo (either str attrs));
};
options.files = mkOption {
description = ''
@ -32,58 +37,64 @@ in
type = types.package;
default =
let
script = ''
mkdir $out
'' + lib.join "\n" copy;
copy = lib.mapAttrsToList
(
path: file: ''
mkdir -p $out/$(dirname ${path})
cp -r ${file} $out/${path}
''
)
config.files;
script =
''
mkdir $out
''
+ lib.join "\n" copy;
copy = lib.mapAttrsToList (path: file: ''
mkdir -p $out/$(dirname ${path})
cp -r ${file} $out/${path}
'') config.files;
in
pkgs.runCommand "source" { } script;
};
# TODO: this is an artefact of exploration; needs to be adapted to actual use
config.templates.table-of-contents = { config, ... }:
config.templates.table-of-contents =
{ config, ... }:
let
outline = { ... }: {
options = {
value = mkOption {
# null denotes root
type = with types; nullOr (either str (listOf (attrTag categories.phrasing)));
subsections = mkOption {
type = with types; listOf (submodule outline);
default = with lib; map
# TODO: go into depth manually here,
# we don't want to pollute the DOM implementation
(c: (lib.head (attrValues c)).outline)
(filter (c: isAttrs c && (lib.head (attrValues c)) ? outline) config.content);
outline =
{ ... }:
{
options = {
value = mkOption {
# null denotes root
type = with types; nullOr (either str (listOf (attrTag categories.phrasing)));
subsections = mkOption {
type = with types; listOf (submodule outline);
default =
with lib;
map
# TODO: go into depth manually here,
# we don't want to pollute the DOM implementation
(c: (lib.head (attrValues c)).outline)
(filter (c: isAttrs c && (lib.head (attrValues c)) ? outline) config.content);
};
};
__toString = mkOption {
type = with types; functionTo str;
# TODO: convert to HTML
default =
self:
lib.squash ''
${if isNull self.value then "root" else self.value}
${if self.subsections != [ ] then " " + lib.indent " " (lib.join "\n" self.subsections) else ""}
'';
};
};
__toString = mkOption {
type = with types; functionTo str;
# TODO: convert to HTML
default = self: lib.squash ''
${if isNull self.value then "root" else self.value}
${if self.subsections != [] then
" " + lib.indent " " (lib.join "\n" self.subsections) else ""}
'';
};
};
};
in
{
options.outline = mkOption {
type = types.submodule outline;
default = {
value = null;
subsections = with lib;
map (c: (lib.head (attrValues c)).outline)
(filter (c: isAttrs c && (lib.head (attrValues c)) ? outline) config.content);
subsections =
with lib;
map (c: (lib.head (attrValues c)).outline) (
filter (c: isAttrs c && (lib.head (attrValues c)) ? outline) config.content
);
};
};
};

1187
website/presentation/dom.nix
View file

File diff suppressed because it is too large Load diff

64
website/presentation/style.nix
View file

@ -1,27 +1,53 @@
{ config, lib, pkgs, ... }: {
{
config,
lib,
pkgs,
...
}:
{
config.assets."style.css".path = ./style.css;
config.assets."ngi-fediversity.svg".path = ./ngi-fediversity.svg;
# TODO: auto-generate a bunch from SVG
config.assets."favicon.png".path = ./favicon.png;
config.assets."fonts.css".path = with lib; builtins.toFile "fonts.css" (join "\n" (map
(font: ''
@font-face {
font-family: '${font.name}';
font-style: normal;
font-weight: ${toString font.weight};
src: url(/${head config.assets.${font.file}.locations}) format('woff2');
}
'')
(
(crossLists (name: file: weight: { inherit name file weight; })
[ [ "Signika" ] [ "signika-extended.woff2" "signika.woff2" ] [ 500 700 ] ]
config.assets."fonts.css".path =
with lib;
builtins.toFile "fonts.css" (
join "\n" (
map
(font: ''
@font-face {
font-family: '${font.name}';
font-style: normal;
font-weight: ${toString font.weight};
src: url(/${head config.assets.${font.file}.locations}) format('woff2');
}
'')
(
(crossLists (name: file: weight: { inherit name file weight; }) [
[ "Signika" ]
[
"signika-extended.woff2"
"signika.woff2"
]
[
500
700
]
])
++ (crossLists (name: file: weight: { inherit name file weight; }) [
[ "Heebo" ]
[
"heebo-extended.woff2"
"heebo.woff2"
]
[
400
600
]
])
)
)
++
(crossLists (name: file: weight: { inherit name file weight; })
[ [ "Heebo" ] [ "heebo-extended.woff2" "heebo.woff2" ] [ 400 600 ] ]
)
)
));
);
# TODO: get directly from https://github.com/google/fonts
# and compress with https://github.com/fonttools/fonttools

91
website/presentation/templates.nix
View file

@ -1,17 +1,21 @@
{ config, options, lib, pkgs, ... }:
let
inherit (lib)
mkOption
types
;
in
{
config,
lib,
pkgs,
...
}:
{
config.templates.html = {
dom = document:
dom =
document:
let
eval = lib.evalModules {
class = "DOM";
modules = [ document (import ./dom.nix) ];
modules = [
document
(import ./dom.nix)
];
};
in
{
@ -19,27 +23,34 @@ in
value = eval.config;
};
markdown = { name, body }:
markdown =
{ name, body }:
let
commonmark = pkgs.runCommand "${name}.html"
{
buildInputs = [ pkgs.cmark ];
} ''
cmark ${builtins.toFile "${name}.md" body} > $out
'';
commonmark =
pkgs.runCommand "${name}.html"
{
buildInputs = [ pkgs.cmark ];
}
''
cmark ${builtins.toFile "${name}.md" body} > $out
'';
in
builtins.readFile commonmark;
nav = { menu, page }:
nav =
{ menu, page }:
let
render-item = item:
if item ? menu then ''
<li><details><summary>${item.menu.label}</summary>
${lib.indent " " (item.menu.outputs.html page)}
</li>
''
else if item ? page then ''<li><a href="${page.link item.page}">${item.page.title}</a></li>''
else ''<li><a href="${item.link.url}">${item.link.label}</a></li>''
;
render-item =
item:
if item ? menu then
''
<li><details><summary>${item.menu.label}</summary>
${lib.indent " " (item.menu.outputs.html page)}
</li>
''
else if item ? page then
''<li><a href="${page.link item.page}">${item.page.title}</a></li>''
else
''<li><a href="${item.link.url}">${item.link.label}</a></li>'';
in
''
<nav>
@ -50,17 +61,27 @@ in
'';
};
config.templates.files = fs: with lib;
config.templates.files =
fs:
with lib;
foldl'
# TODO: create static redirects from `tail <collection>.locations`
(acc: elem: acc // (mapAttrs' (type: value: {
name = head elem.locations + optionalString (type != "") ".${type}";
value = if isStorePath value then value else
builtins.toFile
(elem.name + optionalString (type != "") ".${type}")
(toString value);
}))
elem.outputs)
(
acc: elem:
acc
//
(mapAttrs' (
type: value: {
name = head elem.locations + optionalString (type != "") ".${type}";
value =
if isStorePath value then
value
else
builtins.toFile (elem.name + optionalString (type != "") ".${type}") (toString value);
}
))
elem.outputs
)
{ }
fs;
}

97
website/structure/article.nix
View file

@ -1,51 +1,62 @@
{ config, options, lib, ... }:
{
config,
options,
lib,
...
}:
let
inherit (lib) mkOption
inherit (lib)
mkOption
types
;
cfg = config;
in
{
content-types.article = { config, collection, ... }: {
imports = [ cfg.content-types.page ];
options = {
collection = mkOption {
description = "Collection this article belongs to";
type = options.collections.type.nestedTypes.elemType;
default = collection;
};
date = mkOption {
description = "Publication date";
type = with types; str;
default = null;
};
author = mkOption {
description = "Page author";
type = with types; either str (nonEmptyListOf str);
default = null;
};
};
config.name = with lib; mkDefault (slug config.title);
config.outputs.html = lib.mkForce
((cfg.templates.html.page config).override (final: prev: {
html = {
# TODO: make authors always a list
head.meta.authors = if lib.isList config.author then config.author else [ config.author ];
body.content = with lib; map
(e:
if isAttrs e && e ? section
then
recursiveUpdate e
{
section.heading = {
before = [{ p.content = "Published ${config.date}"; }];
after = [{ p.content = "Written by ${config.author}"; }];
};
}
else e
)
prev.html.body.content;
content-types.article =
{ config, collection, ... }:
{
imports = [ cfg.content-types.page ];
options = {
collection = mkOption {
description = "Collection this article belongs to";
type = options.collections.type.nestedTypes.elemType;
default = collection;
};
}));
};
date = mkOption {
description = "Publication date";
type = with types; str;
default = null;
};
author = mkOption {
description = "Page author";
type = with types; either str (nonEmptyListOf str);
default = null;
};
};
config.name = with lib; mkDefault (slug config.title);
config.outputs.html = lib.mkForce (
(cfg.templates.html.page config).override (
_final: prev: {
html = {
# TODO: make authors always a list
head.meta.authors = if lib.isList config.author then config.author else [ config.author ];
body.content =
with lib;
map (
e:
if isAttrs e && e ? section then
recursiveUpdate e {
section.heading = {
before = [ { p.content = "Published ${config.date}"; } ];
after = [ { p.content = "Written by ${config.author}"; } ];
};
}
else
e
) prev.html.body.content;
};
}
)
);
};
}

34
website/structure/assets.nix
View file

@ -11,24 +11,34 @@ in
description = ''
Collection of assets, i.e. static files that can be linked to from within documents
'';
type = with types; attrsOf (submodule ({ config, ... }: {
imports = [ cfg.content-types.document ];
options.path = mkOption {
type = types.path;
};
config.outputs."" = if lib.isStorePath config.path then config.path else "${config.path}";
}));
type =
with types;
attrsOf (
submodule (
{ config, ... }:
{
imports = [ cfg.content-types.document ];
options.path = mkOption {
type = types.path;
};
config.outputs."" = if lib.isStorePath config.path then config.path else "${config.path}";
}
)
);
default = { };
};
config.files = with lib;
config.files =
with lib;
let
flatten = attrs: mapAttrsToList
(name: value:
flatten =
attrs:
mapAttrsToList (
_name: value:
# HACK: we somehow have to distinguish a module value from regular attributes.
# arbitrary choice: the outputs attribute
if value ? outputs then value else mapAttrsToList value)
attrs;
if value ? outputs then value else mapAttrsToList value
) attrs;
in
cfg.templates.files (flatten cfg.assets);
}

101
website/structure/collections.nix
View file

@ -1,4 +1,10 @@
{ config, options, lib, pkgs, ... }:
{
config,
options,
lib,
...
}:
let
inherit (lib)
mkOption
@ -6,6 +12,7 @@ let
;
cfg = config;
in
{
options.collections = mkOption {
description = ''
@ -25,46 +32,62 @@ in
}
```
'';
type = with types; attrsOf (submodule ({ name, config, ... }: {
options = {
type = mkOption {
description = "Type of entries in the collection";
type = types.deferredModule;
};
name = mkOption {
description = "Symbolic name, used as a human-readable identifier";
type = types.str;
default = name;
};
prefixes = mkOption {
description = ''
List of historic output locations for files in the collection
type =
with types;
attrsOf (
submodule (
{ name, config, ... }:
{
options = {
type = mkOption {
description = "Type of entries in the collection";
type = types.deferredModule;
};
name = mkOption {
description = "Symbolic name, used as a human-readable identifier";
type = types.str;
default = name;
};
prefixes = mkOption {
description = ''
List of historic output locations for files in the collection
The first element is the canonical location.
All other elements are used to create redirects to the canonical location.
The first element is the canonical location.
All other elements are used to create redirects to the canonical location.
The default entry is the symbolic name of the collection.
When changing the symbolic name, append the old one to your custom list and use `lib.mkForce` to make sure the default element will be overridden.
'';
type = with types; nonEmptyListOf str;
example = [ "." ];
default = [ config.name ];
};
entry = mkOption {
description = "An entry in the collection";
type = with types; collection (submodule ({
imports = [ config.type ];
_module.args.collection = config;
process-locations = ls: with lib; concatMap (l: map (p: "${p}/${l}") config.prefixes) ls;
}));
};
by-name = mkOption {
description = "Entries accessible by symbolic name";
type = with types; attrsOf attrs;
default = with lib; listToAttrs (map (e: { name = e.name; value = e; }) config.entry);
};
};
}));
The default entry is the symbolic name of the collection.
When changing the symbolic name, append the old one to your custom list and use `lib.mkForce` to make sure the default element will be overridden.
'';
type = with types; nonEmptyListOf str;
example = [ "." ];
default = [ config.name ];
};
entry = mkOption {
description = "An entry in the collection";
type =
with types;
collection (submodule ({
imports = [ config.type ];
_module.args.collection = config;
process-locations = ls: with lib; concatMap (l: map (p: "${p}/${l}") config.prefixes) ls;
}));
};
by-name = mkOption {
description = "Entries accessible by symbolic name";
type = with types; attrsOf attrs;
default =
with lib;
listToAttrs (
map (e: {
name = e.name;
value = e;
}) config.entry
);
};
};
}
)
);
};
config.files =

135
website/structure/default.nix
View file

@ -1,10 +1,14 @@
{ config, options, lib, pkgs, ... }:
{
config,
options,
lib,
...
}:
let
inherit (lib)
mkOption
types
;
cfg = config;
in
{
imports = lib.nixFiles ./.;
@ -14,68 +18,81 @@ in
type = with types; attrsOf deferredModule;
};
config.content-types.document = { name, config, options, link, ... }: {
config._module.args.link = config.link;
options = {
name = mkOption {
description = "Symbolic name, used as a human-readable identifier";
type = types.str;
default = name;
};
locations = mkOption {
description = ''
List of historic output locations for the resulting file
config.content-types.document =
{
name,
config,
options,
link,
...
}:
{
config._module.args.link = config.link;
options = {
name = mkOption {
description = "Symbolic name, used as a human-readable identifier";
type = types.str;
default = name;
};
locations = mkOption {
description = ''
List of historic output locations for the resulting file
Elements are relative paths to output files, without suffix.
The suffix will be added depending on output file type.
Elements are relative paths to output files, without suffix.
The suffix will be added depending on output file type.
The first element is the canonical location.
All other elements are used to create redirects to the canonical location.
The first element is the canonical location.
All other elements are used to create redirects to the canonical location.
The default entry is the symbolic name of the document.
When changing the symbolic name, append the old one to your custom list and use `lib.mkForce` to make sure the default element will be overridden.
'';
type = with types; nonEmptyListOf str;
apply = config.process-locations;
example = [ "about/overview" "index" ];
default = [ config.name ];
};
process-locations = mkOption {
description = "Function to post-process the output locations of contained document";
type = types.functionTo options.locations.type;
default = lib.id;
};
link = mkOption {
description = "Helper function for transparent linking to other pages";
type = with types; functionTo attrs;
# TODO: we may want links to other representations,
# and currently the mapping of output types to output file
# names is soft.
default = with lib; target:
let
path = relativePath (head config.locations) (head target.locations);
links = mapAttrs
(type: output:
path + optionalString (type != "") ".${type}"
The default entry is the symbolic name of the document.
When changing the symbolic name, append the old one to your custom list and use `lib.mkForce` to make sure the default element will be overridden.
'';
type = with types; nonEmptyListOf str;
apply = config.process-locations;
example = [
"about/overview"
"index"
];
default = [ config.name ];
};
process-locations = mkOption {
description = "Function to post-process the output locations of contained document";
type = types.functionTo options.locations.type;
default = lib.id;
};
link = mkOption {
description = "Helper function for transparent linking to other pages";
type = with types; functionTo attrs;
# TODO: we may want links to other representations,
# and currently the mapping of output types to output file
# names is soft.
default =
with lib;
target:
let
path = relativePath (head config.locations) (head target.locations);
links = mapAttrs (
type: _output: path + optionalString (type != "") ".${type}"
# ^^^^^^^^^^^^
# convention for raw files
)
target.outputs;
in
if length (attrValues links) == 0
then throw "no output to link to for '${target.name}'"
else if length (attrValues links) == 1
then links // {
__toString = _: head (attrValues links);
}
else links;
};
outputs = mkOption {
description = ''
Representations of the document in different formats
'';
type = with types; attrsOf (either attrs pathInStore);
) target.outputs;
in
if length (attrValues links) == 0 then
throw "no output to link to for '${target.name}'"
else if length (attrValues links) == 1 then
links
// {
__toString = _: head (attrValues links);
}
else
links;
};
outputs = mkOption {
description = ''
Representations of the document in different formats
'';
type = with types; attrsOf (either attrs pathInStore);
};
};
};
};
}

155
website/structure/event.nix
View file

@ -1,4 +1,9 @@
{ config, options, lib, ... }:
{
config,
options,
lib,
...
}:
let
inherit (lib)
mkOption
@ -7,75 +12,85 @@ let
cfg = config;
in
{
content-types.event = { config, collection, ... }: {
imports = [ cfg.content-types.page ];
options = {
collection = mkOption {
description = "Collection this event belongs to";
type = options.collections.type.nestedTypes.elemType;
default = collection;
content-types.event =
{ config, collection, ... }:
{
imports = [ cfg.content-types.page ];
options = {
collection = mkOption {
description = "Collection this event belongs to";
type = options.collections.type.nestedTypes.elemType;
default = collection;
};
start-date = mkOption {
description = "Start date of the event";
type = with types; str;
};
start-time = mkOption {
description = "Start time of the event";
type = with types; str;
default = null;
};
end-date = mkOption {
description = "End date of the event";
type = with types; str;
default = null;
};
end-time = mkOption {
description = "End time of the event";
type = with types; str;
default = null;
};
location = mkOption {
description = "Location of the event";
type = with types; str;
};
};
start-date = mkOption {
description = "Start date of the event";
type = with types; str;
};
start-time = mkOption {
description = "Start time of the event";
type = with types; str;
default = null;
};
end-date = mkOption {
description = "End date of the event";
type = with types; str;
default = null;
};
end-time = mkOption {
description = "End time of the event";
type = with types; str;
default = null;
};
location = mkOption {
description = "Location of the event";
type = with types; str;
};
};
config.name = with lib; mkDefault (slug config.title);
config.summary = lib.mkDefault config.description;
config.outputs.html = lib.mkForce
((cfg.templates.html.page config).override (final: prev: {
html.body.content = with lib; map
(e:
if isAttrs e && e ? section
then
recursiveUpdate e
{
section.content = [
{
dl.content = [
{
terms = [{ dt = "Location"; }];
descriptions = [{ dd = config.location; }];
}
{
terms = [{ dt = "Start"; }];
descriptions = [{
dd = config.start-date + lib.optionalString (!isNull config.start-time) " ${config.start-time}";
}];
}
] ++ lib.optional (!isNull config.end-date) {
terms = [{ dt = "End"; }];
descriptions = [{
dd = config.end-date + lib.optionalString (!isNull config.end-time) " ${config.end-time}";
}];
};
}
]
++ e.section.content;
}
else e
)
prev.html.body.content;
config.name = with lib; mkDefault (slug config.title);
config.summary = lib.mkDefault config.description;
config.outputs.html = lib.mkForce (
(cfg.templates.html.page config).override (
_final: prev: {
html.body.content =
with lib;
map (
e:
if isAttrs e && e ? section then
recursiveUpdate e {
section.content = [
{
dl.content =
[
{
terms = [ { dt = "Location"; } ];
descriptions = [ { dd = config.location; } ];
}
{
terms = [ { dt = "Start"; } ];
descriptions = [
{
dd = config.start-date + lib.optionalString (!isNull config.start-time) " ${config.start-time}";
}
];
}
]
++ lib.optional (!isNull config.end-date) {
terms = [ { dt = "End"; } ];
descriptions = [
{
dd = config.end-date + lib.optionalString (!isNull config.end-time) " ${config.end-time}";
}
];
};
}
] ++ e.section.content;
}
else
e
) prev.html.body.content;
}));
};
}
)
);
};
}

122
website/structure/navigation.nix
View file

@ -1,19 +1,26 @@
{ config, options, lib, ... }:
{
config,
options,
lib,
...
}:
let
inherit (lib)
mkOption
types
;
cfg = config;
subtype = baseModule: types.submodule [
baseModule
{
_module.freeformType = types.attrs;
# XXX: this is supposed to be used with a finished value,
# and we don't want to process locations again.
process-locations = lib.mkForce lib.id;
}
];
subtype =
baseModule:
types.submodule [
baseModule
{
_module.freeformType = types.attrs;
# XXX: this is supposed to be used with a finished value,
# and we don't want to process locations again.
process-locations = lib.mkForce lib.id;
}
];
in
{
options.menus = mkOption {
@ -23,50 +30,59 @@ in
type = with types; attrsOf (submodule config.content-types.navigation);
};
config.content-types.named-link = { ... }: {
options = {
label = mkOption {
description = "Link label";
type = types.str;
};
url = mkOption {
description = "Link URL";
type = types.str;
};
};
};
config.content-types.navigation = { name, config, ... }: {
options = {
name = mkOption {
description = "Symbolic name, used as a human-readable identifier";
type = types.str;
default = name;
};
label = mkOption {
description = "Menu label";
type = types.str;
default = name;
};
items = mkOption {
description = "List of menu items";
type = with types; listOf (attrTag {
menu = mkOption { type = submodule cfg.content-types.navigation; };
page = mkOption { type = subtype cfg.content-types.page; };
link = mkOption { type = submodule cfg.content-types.named-link; };
});
};
outputs = mkOption {
description = ''
Representations of the navigation structure in different formats
It must be a function that takes the page on which the navigation is to be shown, such that relative links get computed correctly.
'';
type = with types; attrsOf (functionTo str);
default.html = page: cfg.templates.html.nav {
menu = config; inherit page;
config.content-types.named-link =
{ ... }:
{
options = {
label = mkOption {
description = "Link label";
type = types.str;
};
url = mkOption {
description = "Link URL";
type = types.str;
};
};
};
config.content-types.navigation =
{ name, config, ... }:
{
options = {
name = mkOption {
description = "Symbolic name, used as a human-readable identifier";
type = types.str;
default = name;
};
label = mkOption {
description = "Menu label";
type = types.str;
default = name;
};
items = mkOption {
description = "List of menu items";
type =
with types;
listOf (attrTag {
menu = mkOption { type = submodule cfg.content-types.navigation; };
page = mkOption { type = subtype cfg.content-types.page; };
link = mkOption { type = submodule cfg.content-types.named-link; };
});
};
outputs = mkOption {
description = ''
Representations of the navigation structure in different formats
It must be a function that takes the page on which the navigation is to be shown, such that relative links get computed correctly.
'';
type = with types; attrsOf (functionTo str);
default.html =
page:
cfg.templates.html.nav {
menu = config;
inherit page;
};
};
};
};
};
}

58
website/structure/page.nix
View file

@ -17,36 +17,38 @@ in
config.files = with lib; cfg.templates.files (attrValues config.pages);
config.content-types.page = { name, config, ... }: {
imports = [ cfg.content-types.document ];
options = {
title = mkOption {
description = "Page title";
type = types.str;
default = name;
config.content-types.page =
{ name, config, ... }:
{
imports = [ cfg.content-types.document ];
options = {
title = mkOption {
description = "Page title";
type = types.str;
default = name;
};
description = mkOption {
description = ''
One-sentence description of page contents
'';
type = types.str;
};
summary = mkOption {
description = ''
One-paragraph summary of page contents
'';
type = types.str;
};
body = mkOption {
description = ''
Page contents in CommonMark
'';
type = types.str;
};
};
description = mkOption {
description = ''
One-sentence description of page contents
'';
type = types.str;
};
summary = mkOption {
description = ''
One-paragraph summary of page contents
'';
type = types.str;
};
body = mkOption {
description = ''
Page contents in CommonMark
'';
type = types.str;
};
};
config.outputs.html = cfg.templates.html.page config;
};
config.outputs.html = cfg.templates.html.page config;
};
config.templates.html.page = lib.template cfg.templates.html.dom (page: {
html = {

33
website/tests.nix
View file

@ -4,14 +4,35 @@ let
inherit (import ./. { }) lib;
in
{
test-relativePath = with lib;
test-relativePath =
with lib;
let
testData = [
{ from = "bar"; to = "baz"; expected = "./baz"; }
{ from = "foo/bar"; to = "foo/baz"; expected = "./baz"; }
{ from = "foo"; to = "bar/baz"; expected = "./bar/baz"; }
{ from = "foo/bar"; to = "baz"; expected = "./../baz"; }
{ from = "foo/bar/baz"; to = "foo"; expected = "./../../foo"; }
{
from = "bar";
to = "baz";
expected = "./baz";
}
{
from = "foo/bar";
to = "foo/baz";
expected = "./baz";
}
{
from = "foo";
to = "bar/baz";
expected = "./bar/baz";
}
{
from = "foo/bar";
to = "baz";
expected = "./../baz";
}
{
from = "foo/bar/baz";
to = "foo";
expected = "./../../foo";
}
];
in
{