add jq

bump debian version
remove ldap plugin
2024-08-12 13:33:40 +00:00 · 2024-08-12 13:33:29 +00:00 · 2024-08-12 13:32:44 +00:00
4 changed files with 2 additions and 235 deletions
--- a/configuration.nix
+++ b/configuration.nix
@ -2,13 +2,7 @@
 let
  secrets = import ./secrets.nix;

-  ldap = pkgs.buildGoModule rec {
-    name = "ldap";
-    src = ./ldap;
-    vendorHash = "sha256-HlsVCWs7Q4kBAtRpt3U323tRmgWdQxZlpfMZ/cSlw4Q=";
-  };
-
-  image = "chocobozzz/peertube:production-bullseye";
+  image = "chocobozzz/peertube:production-bookworm";

  s3cmd = pkgs.writeShellScript "s3cmd" ''
    ${pkgs.s3cmd}/bin/s3cmd \
@ -62,24 +56,7 @@ in {

  services.openssh.enable = true;

-  environment.systemPackages = with pkgs; [ vim htop git tmux ];
-
-  systemd.services."peertube-ldap" = {
-    wantedBy = [ "multi-user.target" ];
-    after = [ "network.target" ];
-    environment = {
-      AUTH_URL = secrets.peertube.auth.url;
-      AUTH_SECRET = secrets.peertube.auth.secret;
-      LDAP_USER = secrets.peertube.ldap.user;
-      LDAP_PASS = secrets.peertube.ldap.password;
-    };
-    serviceConfig = {
-      Restart = "always";
-      RestartSec = 30;
-      ExecStart = "${ldap}/bin/ldap";
-      User = "peertube";
-    };
-  };
+  environment.systemPackages = with pkgs; [ vim htop git tmux jq ];

  services.caddy = {
    enable = true;
--- a/ldap/go.mod
+++ b/ldap/go.mod
@ -1,16 +0,0 @@
-module code.dumpstack.io/infra/v.lor.sh/ldap
-
-go 1.19
-
-require (
-	github.com/jackc/pgx/v5 v5.2.0
-	github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3
-	github.com/vjeantet/ldapserver v1.0.1
-)
-
-require (
-	github.com/jackc/pgpassfile v1.0.0 // indirect
-	github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b // indirect
-	golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 // indirect
-	golang.org/x/text v0.3.8 // indirect
-)
--- a/ldap/go.sum
+++ b/ldap/go.sum
@ -1,25 +0,0 @@
-github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
-github.com/jackc/pgpassfile v1.0.0 h1:/6Hmqy13Ss2zCq62VdNG8tM1wchn8zjSGOBJ6icpsIM=
-github.com/jackc/pgpassfile v1.0.0/go.mod h1:CEx0iS5ambNFdcRtxPj5JhEz+xB6uRky5eyVu/W2HEg=
-github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b h1:C8S2+VttkHFdOOCXJe+YGfa4vHYwlt4Zx+IVXQ97jYg=
-github.com/jackc/pgservicefile v0.0.0-20200714003250-2b9c44734f2b/go.mod h1:vsD4gTJCa9TptPL8sPkXrLZ+hDuNrZCnj29CQpr4X1E=
-github.com/jackc/pgx/v5 v5.2.0 h1:NdPpngX0Y6z6XDFKqmFQaE+bCtkqzvQIOt1wvBlAqs8=
-github.com/jackc/pgx/v5 v5.2.0/go.mod h1:Ptn7zmohNsWEsdxRawMzk3gaKma2obW+NWTnKa0S4nk=
-github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3 h1:wIONC+HMNRqmWBjuMxhatuSzHaljStc4gjDeKycxy0A=
-github.com/lor00x/goldap v0.0.0-20180618054307-a546dffdd1a3/go.mod h1:37YR9jabpiIxsb8X9VCIx8qFOjTDIIrIHHODa8C4gz0=
-github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
-github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
-github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
-github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
-github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
-github.com/vjeantet/ldapserver v1.0.1 h1:3z+TCXhwwDLJC3pZCNbuECPDqC2x1R7qQQbswB1Qwoc=
-github.com/vjeantet/ldapserver v1.0.1/go.mod h1:YvUqhu5vYhmbcLReMLrm/Tq3S7Yj43kSVFvvol6Lh6k=
-golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90 h1:Y/gsMcFOcR+6S6f3YeMKl5g+dZMEWqcz5Czj/GWYbkM=
-golang.org/x/crypto v0.0.0-20220829220503-c86fa9a7ed90/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/text v0.3.8 h1:nAL+RVCQ9uMn3vJZbV+MRnydTJFPf8qqY42YiA6MrqY=
-golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ=
-gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
-gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
-gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
--- a/ldap/ldap.go
+++ b/ldap/ldap.go
@ -1,169 +0,0 @@
-package main
-
-import (
-	"bytes"
-	"context"
-	"encoding/json"
-	"errors"
-	"fmt"
-	"net/http"
-	"os"
-	"os/signal"
-	"strings"
-	"syscall"
-
-	"github.com/jackc/pgx/v5"
-	"github.com/lor00x/goldap/message"
-	ldap "github.com/vjeantet/ldapserver"
-)
-
-func auth(username, email, password string) (ruser, remail string, err error) {
-	var payload struct {
-		Secret   string
-		Username string
-		Email    string
-		Password string
-	}
-
-	payload.Secret = os.Getenv("AUTH_SECRET")
-	payload.Username = username
-	payload.Email = email
-	payload.Password = password
-
-	raw, err := json.Marshal(payload)
-	if err != nil {
-		return
-	}
-	body := bytes.NewReader(raw)
-
-	req, err := http.NewRequest("POST", os.Getenv("AUTH_URL"), body)
-	if err != nil {
-		return
-	}
-	req.Header.Set("Content-Type", "application/json")
-
-	resp, err := http.DefaultClient.Do(req)
-	if err != nil {
-		return
-	}
-	defer resp.Body.Close()
-
-	var result struct {
-		Username string
-		Email    string
-		Error    string
-	}
-
-	err = json.NewDecoder(resp.Body).Decode(&result)
-	if err != nil {
-		return
-	}
-
-	if result.Error != "" {
-		err = errors.New(result.Error)
-	}
-
-	ruser = result.Username
-	remail = result.Email
-	return
-}
-
-func bind(w ldap.ResponseWriter, m *ldap.Message) {
-	r := m.GetBindRequest()
-	res := ldap.NewBindResponse(ldap.LDAPResultSuccess)
-
-	username := string(r.Name())
-	password := string(r.AuthenticationSimple())
-
-	if username == os.Getenv("LDAP_USER") {
-		if password == os.Getenv("LDAP_PASS") {
-			w.Write(res)
-			return
-		}
-	}
-
-	if username == "root" {
-		res.SetResultCode(ldap.LDAPResultInvalidCredentials)
-		res.SetDiagnosticMessage("root login is disabled")
-		w.Write(res)
-		return
-	}
-
-	_, _, err := auth(username, "", password)
-	if err == nil {
-		fmt.Println("bind:", username, "ok")
-		w.Write(res)
-		return
-	}
-
-	fmt.Println("bind:", username, "incorrect password")
-	res.SetResultCode(ldap.LDAPResultInvalidCredentials)
-	res.SetDiagnosticMessage("invalid credentials")
-	w.Write(res)
-}
-
-func updateEmail(username, email string) (err error) {
-	path := "dbname=" + os.Getenv("DATABASE")
-	conn, err := pgx.Connect(context.Background(), path)
-	if err != nil {
-		return
-	}
-	defer conn.Close(context.Background())
-
-	query := "update \"user\" set email=$1 where username=$2"
-	_, err = conn.Exec(context.Background(), query, email, username)
-	return
-}
-
-func search(w ldap.ResponseWriter, m *ldap.Message) {
-	r := m.GetSearchRequest()
-	res := ldap.NewSearchResultDoneResponse(ldap.LDAPResultSuccess)
-	defer w.Write(res)
-
-	var username, email string
-
-	s := r.FilterString()
-	s = s[6 : len(s)-1]
-
-	if strings.Contains(s, "@") {
-		username, email, _ = auth("", s, "")
-	} else {
-		username, email, _ = auth(s, "", "")
-	}
-
-	if username == "" || email == "" {
-		fmt.Println("search:", s, "not found")
-		return
-	}
-	fmt.Println("search:", s, "found", username, email)
-
-	err := updateEmail(username, email)
-	if err != nil {
-		fmt.Println(err)
-	}
-
-	e := ldap.NewSearchResultEntry(username)
-	e.AddAttribute("uid", message.AttributeValue(username))
-	e.AddAttribute("mail", message.AttributeValue(email))
-	w.Write(e)
-}
-
-func main() {
-	ldap.Logger = ldap.DiscardingLogger
-
-	server := ldap.NewServer()
-
-	routes := ldap.NewRouteMux()
-	routes.Bind(bind)
-	routes.Search(search)
-	server.Handle(routes)
-
-	go server.ListenAndServe(":10389")
-
-	ch := make(chan os.Signal)
-	signal.Notify(ch, syscall.SIGINT, syscall.SIGTERM)
-	<-ch
-	close(ch)
-
-	server.Stop()
-}
Author	SHA1	Message	Date
Mikhail Klementev	593f64d38c	add jq	2024-08-12 13:33:40 +00:00
Mikhail Klementev	ee5683334b	bump debian version	2024-08-12 13:33:29 +00:00
Mikhail Klementev	a7b30695da	remove ldap plugin	2024-08-12 13:32:44 +00:00