Add reset page for live event

Author: Defelo

hosts/test/backend/challenges.nix

@@ -21,7 +21,7 @@
     ];
     settings = {
       internal_jwt_ttl = 10; # seconds
-      cache_ttl = 10; # seconds
+      cache_ttl = 300; # seconds
 
       database = {
         url = "postgres://academy-challenges@localhost/academy-challenges?host=/run/postgresql";

hosts/test/default.nix

@@ -3,6 +3,7 @@
     ./backend
     ./backup.nix
     ./firewall.nix
+    ./reset.nix
     ./ssh.nix
   ];
 }

hosts/test/reset.nix

@@ -0,0 +1,56 @@
+{
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
+  html = builtins.toFile "reset.html" ''
+    <form method=post>
+      <button name=user value=audi01>Reset audi01</button><br>
+      <button name=user value=audi02>Reset audi02</button><br>
+      <button name=user value=audi03>Reset audi03</button><br>
+      <button name=user value=audi04>Reset audi04</button><br>
+      <button name=user value=audi05>Reset audi05</button><br>
+      <button name=user value=audi06>Reset audi06</button><br>
+      <button name=user value=audi07>Reset audi07</button><br>
+      <button name=user value=audi08>Reset audi08</button><br>
+    </form>
+  '';
+  script = pkgs.writeShellScript "reset.sh" ''
+    export PATH=${lib.makeBinPath ((with pkgs; [coreutils sudo]) ++ [config.services.postgresql.package])}
+
+    sql() {
+      sudo -u postgres psql "academy-$1" -tA <<< "$2"
+    }
+
+    reset() {
+      if ! [[ "$1" =~ ^audi[0-9]+$ ]]; then return; fi
+      id=$(sql auth "select id from auth_user where name='$1'")
+      sql challenges "delete from challenges_coding_challenge_submissions where creator='$id';"
+      sql challenges "delete from challenges_user_subtasks where user_id='$id';"
+    EOF
+    }
+
+    echo Content-type: text/html
+    echo
+
+    user=$(cut -d= -f2-)
+    if [[ -n "$user" ]]; then
+      reset "$user" > /dev/null
+      echo '<html><head><meta http-equiv="refresh" content="1; url=/reset" /></head><body>Resetting '"$user"'</body></html>'
+    else
+      cat ${html}
+    fi
+  '';
+in {
+  services.fcgiwrap.enable = true;
+  services.nginx.virtualHosts."api.test.bootstrap.academy".locations."= /reset".extraConfig = ''
+    auth_basic "Access restricted";
+    auth_basic_user_file ${config.sops.secrets."reset/htpasswd".path};
+
+    fastcgi_pass unix:${config.services.fcgiwrap.socketAddress};
+    fastcgi_param SCRIPT_FILENAME ${script};
+  '';
+
+  sops.secrets."reset/htpasswd".owner = "nginx";
+}

hosts/test/secrets.yml

@@ -30,6 +30,9 @@ ssh:
     private-key: ENC[AES256_GCM,data:ljXYG7gTLgMX7gFe4okODTeojYHJQVpEaaBlsI8edlkjfkbbNUnLydcYJvIzWi99o17+qAuToEWLKQT/1tFNDG3uSvkXoe4fgUvxM+r1MtXYk/vi1WPCwSNCMLQLVlT5bZMm1lLjGNNcDYDD2B5xqDfF224L5ItKgnR4LVFxZuECEYzvWawvsPqiNUozKKmEaW28hrm50MGd1X9hPu1oOwSB0KaMa+DUXzIryjH6NOH7N61/QCg/tnP7iTHfvLw2jCVKOqofYANbJ/lznP211nzH8mq4Mp9KzD6MeeqBr1DY/e6SYH0cv+Ecwvdk2vYkHXNcCt5O4frg/Rj15aKhUKMnsAAGMaEtIulsYbPGAfXw2YqIYdtYfVy1TKNKWQdeDomwhh9PZMU3CNNYqXLXfjMW0GQtFxYjyElka1ZfMWsLZ3hl59LHoIbvy2QFW4YdSe1TuqTuOkUw2HZhwjGjIhZ3qZpYQiygkUG/p1klpX7La9lRL90S6CFLaSc8ThTyBiFG,iv:2owaBkw3yIpLw/L3n6qAS/sYEqj/fsxbyLYsmy5B3OM=,tag:kRVb1zfhd4D7S7hODUu4RA==,type:str]
 backup:
     password: ENC[AES256_GCM,data:LbNmmsKjrmxD7oF7Jpp3m4BsTO5Kezdh/IfmhAjlWdwWzQgoLk33KryBXmlEZS1XO/QAOnfywdz6mblbeo9o70tCBCqxFd4hxoueEp6VKBrl69e0OwwQZmaLWMrqeFUCiJzTuQhRlYe5pegarQ7s1kIDTcN5bvqqoDouRFjsz/I=,iv:8iKxyJCTrO+Z9MhllIb7S5pPR6M6hcHSWEVnxwYx508=,tag:UgOuqdoFjW0JjFNQI5bU2A==,type:str]
+reset:
+    #ENC[AES256_GCM,data:lcS6NV1HSnsy+vEuoD5WFKTufWRMDpsloK2R3rDO5QcbN0t/ItOPk+MxBzHj,iv:iGXCQMU7vGLztF4R6BO3c6xSx8/v4pc+8zRmLVEGMRM=,tag:ekrkLWqAHMHFaWBwOzNVrg==,type:comment]
+    htpasswd: ENC[AES256_GCM,data:jRkQye95VhVu/pGu4XfL/iYs2tRri/K7aZFWw4tzuLru5EGw6CViZAyrH2g3ybkqk9Dsp2+/ud9ud8G3Lm3FTW/3gA==,iv:2tYZOji66xp+1m3c3ffpPrSu1TGiR/1DxLYP4PRDoBA=,tag:+SRjRrljL1bnxdajxHDxMw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -45,8 +48,8 @@ sops:
             a3N3UTZSNnZCbDR4OEhwVVRZeU1WdlUK+0dSSWfR55ib4yqMbhK8tcLDgQrIcT3n
             m9g7aX/mj36AMQs4Vub7wnuqFHFC/cttsMsmdFUrEn9qimmoR/4CdQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-28T11:53:15Z"
-    mac: ENC[AES256_GCM,data:L5+/OBlGfI082dIGNy2o0+2QYfwk7t12niwZeLTnXtl8bQbsVc2wy7QWch1+l3B0jOj5NFSnfZteIkdbph9HabMGM0ICKXexet1/EVeDD1MYOYYg3GUc0PrLkp8MT7ZB5Kj4pwd9Nm81+l1gIAEy7rN0py2ZWJf7502onUS8J7Y=,iv:dgmWUKvuCIWeiA0jdgR9Nit/gDnvh6YB8ReU/idllpU=,tag:D+iZvgDSYQmDFLAzp03guA==,type:str]
+    lastmodified: "2024-07-18T18:58:04Z"
+    mac: ENC[AES256_GCM,data:SVErLvn9hIA8dkQc+IFXBAJecHv1s7HY6LTgkRh+ywllO5YuULX6fBihaEEd4we/DHSgBJfEYygMsRmlQ22F/awlmCtFkuojC0M/WDgBBMkcIgIq6LXA/2ekw38qN0HHx9jde7FdCzOAEetBsKS8juQsX7S82D5CrBxnNoBPrlA=,iv:bwGtnl8kh+eQ8L2ysQpDuJypLKYFGqDG098cbfLO9NQ=,tag:czXKNMTxTkifO4DKWbBXLQ==,type:str]
     pgp:
         - created_at: "2023-11-23T17:41:40Z"
           enc: |-