Add all terminfo files in environment

Get rid of all the spam accounts they are trying to register.

Reviewed-by: Aleix Boné <abonerib@bsc.es>
Reviewed-by: Aleix Roca Nonell <aleix.rocanonell@bsc.es>

m/common/base/env.nix

@@ -21,6 +21,8 @@
     }
   ];
 
+  environment.enableAllTerminfo = true;
+
   environment.variables = {
     EDITOR = "vim";
     VISUAL = "vim";

m/hut/monitoring.nix

@@ -6,7 +6,7 @@
     ../module/meteocat-exporter.nix
     ../module/upc-qaire-exporter.nix
     ./gpfs-probe.nix
-    ./nix-daemon-exporter.nix
+    ../module/nix-daemon-exporter.nix
   ];
 
   age.secrets.grafanaJungleRobotPassword = {

m/module/p.nix

@@ -0,0 +1,68 @@
+{ config, lib, pkgs, ... }:
+
+let
+  cfg = config.services.p;
+in
+{
+  options = {
+    services.p = {
+      enable = lib.mkOption {
+        type = lib.types.bool;
+        default = false;
+        description = "Whether to enable the p service.";
+      };
+      path = lib.mkOption {
+        type = lib.types.str;
+        default = "/var/lib/p";
+        description = "Where to save the pasted files on disk.";
+      };
+      url = lib.mkOption {
+        type = lib.types.str;
+        default = "https://jungle.bsc.es/p";
+        description = "URL prefix for the printed file.";
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    environment.systemPackages = let 
+      p = pkgs.writeShellScriptBin "p" ''
+        set -e
+        pastedir="${cfg.path}/$USER"
+        cd "$pastedir"
+
+        ext="txt"
+        if [ -n "$1" ]; then
+          ext="$1"
+        fi
+
+        out=$(mktemp "XXXXXXXX.$ext")
+        cat > "$out"
+        chmod go+r "$out"
+        echo "${cfg.url}/$USER/$out"
+      '';
+    in [ p ];
+
+    systemd.services.p = let
+      # Take only normal users
+      users = lib.filterAttrs (_: v: v.isNormalUser) config.users.users;
+      # Create a directory for each user
+      commands = lib.concatLists (lib.mapAttrsToList (_: user: [
+        "install -d -o ${user.name} -g ${user.group} -m 0755 ${cfg.path}/${user.name}"
+      ]) users);
+    in {
+      description = "P service setup";
+      requires = [ "network-online.target" ];
+      #wants = [ "remote-fs.target" ];
+      #after = [ "remote-fs.target" ];
+      wantedBy = [ "multi-user.target" ];
+      serviceConfig = {
+        ExecStart = pkgs.writeShellScript "p-init.sh" (''
+
+          install -d -o root -g root -m 0755 ${cfg.path}
+
+        '' + (lib.concatLines commands));
+      };
+    };
+  };
+}

m/tent/configuration.nix

@@ -10,6 +10,10 @@
     ./nginx.nix
     ./nix-serve.nix
     ./gitlab-runner.nix
+    ./gitea.nix
+    ../hut/public-inbox.nix
+    ../hut/msmtp.nix
+    ../module/p.nix
   ];
 
   # Select the this using the ID to avoid mismatches
@@ -26,9 +30,12 @@
 
     # Only BSC DNSs seem to be reachable from the office VLAN
     nameservers = [ "84.88.52.35" "84.88.52.36" ];
+    search = [ "bsc.es" ];
     defaultGateway = "10.0.44.1";
   };
 
+  services.p.enable = true;
+
   services.prometheus.exporters.node = {
     enable = true;
     enabledCollectors = [ "systemd" ];

m/tent/gitea.nix

@@ -0,0 +1,30 @@
+{ config, lib, ... }:
+{
+  services.gitea = {
+    enable = true;
+    appName = "Gitea in the jungle";
+
+    settings = {
+      server = {
+        ROOT_URL = "https://jungle.bsc.es/git/";
+        LOCAL_ROOT_URL = "https://jungle.bsc.es/git/";
+        LANDING_PAGE = "explore";
+      };
+      metrics.ENABLED = true;
+      service = {
+        DISABLE_REGISTRATION = true;
+        REGISTER_MANUAL_CONFIRM = true;
+        ENABLE_NOTIFY_MAIL = true;
+      };
+      log.LEVEL = "Warn";
+
+      mailer = {
+        ENABLED       = true;
+        FROM          = "jungle-robot@bsc.es";
+        PROTOCOL      = "sendmail";
+        SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
+        SENDMAIL_ARGS = "--";
+      };
+    };
+  };
+}

m/tent/gitlab-runner.nix

@@ -2,6 +2,7 @@
 
 {
   age.secrets.tent-gitlab-runner-pm-shell.file = ../../secrets/tent-gitlab-runner-pm-shell-token.age;
+  age.secrets.tent-gitlab-runner-pm-docker.file = ../../secrets/tent-gitlab-runner-pm-docker-token.age;
   age.secrets.tent-gitlab-runner-bsc-docker.file = ../../secrets/tent-gitlab-runner-bsc-docker-token.age;
 
   services.gitlab-runner = let sec = config.age.secrets; in {
@@ -20,6 +21,13 @@
           env
         '';
       };
+      gitlab-pm-docker = {
+        authenticationTokenConfigFile = sec.tent-gitlab-runner-pm-docker.path;
+        executor = "docker";
+        dockerImage = "debian:stable";
+      };
+
+      # For gitlab.bsc.es
       gitlab-bsc-docker = {
         # gitlab.bsc.es still uses the old token mechanism
         registrationConfigFile = sec.tent-gitlab-runner-bsc-docker.path;

m/tent/monitoring.nix

@@ -4,6 +4,7 @@
   imports = [
     ../module/meteocat-exporter.nix
     ../module/upc-qaire-exporter.nix
+    ../module/nix-daemon-exporter.nix
   ];
 
   age.secrets.grafanaJungleRobotPassword = {
@@ -116,6 +117,7 @@
             "127.0.0.1:9290" # IPMI exporter for local node
             "127.0.0.1:9928" # UPC Qaire custom exporter
             "127.0.0.1:9929" # Meteocat custom exporter
+            "127.0.0.1:9999" # Nix-daemon custom exporter
           ];
         }];
       }

m/tent/nginx.nix

@@ -34,11 +34,21 @@ in
         real_ip_recursive on;
         real_ip_header X-Forwarded-For;
 
+        location /git {
+          rewrite ^/git$ / break;
+          rewrite ^/git/(.*) /$1 break;
+          proxy_pass http://127.0.0.1:3000;
+          proxy_redirect http:// $scheme://;
+        }
         location /cache {
           rewrite ^/cache/(.*) /$1 break;
           proxy_pass http://127.0.0.1:5000;
           proxy_redirect http:// $scheme://;
         }
+        location /lists {
+          proxy_pass http://127.0.0.1:8081;
+          proxy_redirect http:// $scheme://;
+        }
         location /grafana {
           proxy_pass http://127.0.0.1:2342;
           proxy_redirect http:// $scheme://;
@@ -54,6 +64,9 @@ in
           autoindex on;
           absolute_redirect off;
         }
+        location /p/ {
+          alias /var/lib/p/;
+        }
       '';
     };
   };

web/content/paste/_index.md

@@ -5,13 +5,13 @@ author: "Rodrigo Arias Mallo"
 date: 2024-09-20
 ---
 
-The hut machine provides a paste service using the program `p` (as in paste).
+The tent machine provides a paste service using the program `p` (as in paste).
 
-You can use it directly from the hut machine or remotely if you have [SSH
+You can use it directly from the tent machine or remotely if you have [SSH
-access](/access) to hut using the following alias:
+access](/access) to tent using the following alias:
 
 ```
-alias p="ssh hut p"
+alias p="ssh tent p"
 ```
 
 You can add it to bashrc or zshrc for persistent installation.
@@ -19,7 +19,7 @@ You can add it to bashrc or zshrc for persistent installation.
 ## Usage
 
 The `p` command reads from the standard input, uploads the content to a file
-in the ceph filesystem and prints the URL to access it. It only accepts an
+in the local filesystem and prints the URL to access it. It only accepts an
 optional argument, which is the extension of the file that will be stored on
 disk (without the dot). By default it uses the `txt` extension, so plain text
 can be read in the browser directly.
@@ -28,21 +28,21 @@ can be read in the browser directly.
 p [extension]
 ```
 
-To remove files, go to `/ceph/p/$USER` and remove them manually.
+To remove files, go to `/var/lib/p/$USER` and remove them manually.
 
 ## Examples
 
 Share a text file, in this case the source of p itself:
 
 ```
-hut% p < m/hut/p.nix
+tent% p < m/tent/p.nix
 https://jungle.bsc.es/p/rarias/okbtG130.txt
 ```
 
 Paste the last dmesg lines directly from a pipe:
 
 ```
-hut% dmesg | tail -5 | p
+tent% dmesg | tail -5 | p
 https://jungle.bsc.es/p/rarias/luX4STm9.txt
 ```