Conversation
Proliecan
reviewed
Mar 30, 2025
Member
There was a problem hiding this comment.
I don't know too much about this, but reading it, no obvious alarm bells rang.
Only question I have: Why are the services in the goldberg configuration.nix being commented out? Does it mean these services will be unavailable due to the memory constraints described in the commit message?
f3c2dc8 to
55a1254
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
TODO:
Notes for migration:
Keycloak setup
This is some sort of quick-ish documentation since some required changes will need ot be done in the Web-UI.
To manage the realm, log in at https://sso.chaos.jetzt/auth/admin. Navigate to the
chaos-jetztrealm.Importing the old database & LDAP
sudo -u postgres pg_dump keycloak > keycloak.sqlsystemctl stop keycloakecho "DROP DATABASE keycloak;" | sudo -u postgres psqland thensystemctl start keycloakPostgreSQLInit.servicesudo -u postgres psql < keycloak.sqlslapcat -l backup.ldiffslapadd -v -c -l backup.ldiff -F /etc/openldap/slapd.dOther migration notes
Migrate away from the custom captcha plugin
With the new user profiles feature, we can replace the previously developed custom plugin. It probably is not a beautiful solution, but it's reasonably easy to implement, tho it's manual clicking arround.
Navigate to
Realm settings, select theUser profiletab. Click "Create attribute". Usecaptchaas the name, click on the small translation icon right next to the display name and set the description ("Private Daten ?, öffentliche Daten nützen"). EnsureEnable whenis at always, thatRequired fieldis on as well.Required forshould be atonly users.Required whenatalwys.For permissions, it should be view- and editable for both users and admins.
For the validation itself, click
Add validator. Select a pattern validator. Set(?i:sch(?:ü|(?:ue?))tzen)(Case insensitive version of the word, written both with ü or ue or u). Set the error message toprofile.attributes.captcha.incorrect(We'll add that string later on). Confirm.Add two annotations.
Input helper text (above)with a value ofWelches Wort kommt hier anstelle des ? hin?. FirstInput helper text (under)with a value ofDie Antwort findest du in der <a href="https://www.ccc.de/de/hackerethik">CCC Hacker*innenethik</a>. Save.Navigate to
Localization. Select theRealm overridessub-tab. SelectGermanas a locale. ClickAdd translation. Set the key toprofile.attributes.captcha.incorrectand a Value ofDas ist leider nicht korrekt. Schaue noch einmal in die Hacker*innenethik.Remove First and Last name fields
We don't want these attributes about our users. We finally can just not ask for them with the User profile feature.
Navigate to
User profileas described above. Click on the three dot's next tofirstnameand clickdelete. Repeat for thelastnameattribute.