WIP: bekkalokk: set up pvv-nettsiden
Some checks failed
Eval nix flake / evals (push) Failing after 1m57s
Some checks failed
Eval nix flake / evals (push) Failing after 1m57s
This commit is contained in:
parent
c240dafcfe
commit
9768db0eb8
52
flake.lock
generated
52
flake.lock
generated
@ -7,11 +7,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1710169806,
|
||||
"narHash": "sha256-HeWFrRuHpnAiPmIr26OKl2g142HuGerwoO/XtW53pcI=",
|
||||
"lastModified": 1711588700,
|
||||
"narHash": "sha256-vBB5HoQVnA6c/UrDOhLXKAahEwSRccw2YXYHxD7qoi4=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "fe064a639319ed61cdf12b8f6eded9523abcc498",
|
||||
"rev": "502241afa3de2a24865ddcbe4c122f4546e32092",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -82,11 +82,11 @@
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1710248792,
|
||||
"narHash": "sha256-yFyWw4na+nJgtXwhHs2SJSy5Lcw94/FcMbBOorlGdfI=",
|
||||
"lastModified": 1711569752,
|
||||
"narHash": "sha256-Fo+4/dRnDqdn4d2AKTZlHSa24Kj+qQLjT5WXOziu5UA=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "efbb274f364c918b9937574de879b5874b5833cc",
|
||||
"rev": "fd9c477aaa7a4e033f3d966f658ddfb7d15e040c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -97,11 +97,11 @@
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1710033658,
|
||||
"narHash": "sha256-yiZiVKP5Ya813iYLho2+CcFuuHpaqKc/CoxOlANKcqM=",
|
||||
"lastModified": 1711233294,
|
||||
"narHash": "sha256-eEu5y4J145BYDw9o/YEmeJyqh8blgnZwuz9k234zuWc=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "b17375d3bb7c79ffc52f3538028b2ec06eb79ef8",
|
||||
"rev": "ac6bdf6181666ebb4f90dd20f31e2fa66ede6b68",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -113,11 +113,11 @@
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1710247538,
|
||||
"narHash": "sha256-Mm3aCwfAdYgG2zKf5SLRBktPH0swXN1yEetAMn05KAA=",
|
||||
"lastModified": 1711572435,
|
||||
"narHash": "sha256-O90CV8yeChD44TenDStUhOqcWAJ862ghfA7/l5jUTfk=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "21adc4f16a8ab151fec83b9d9368cd62d9de86bc",
|
||||
"rev": "38760f86d61431987e82108a6afb672e8a236bd8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -146,6 +146,27 @@
|
||||
"url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git"
|
||||
}
|
||||
},
|
||||
"pvv-nettsiden": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1711619095,
|
||||
"narHash": "sha256-tgCBZe0+PBh8GQEnEX9EKNTESLx6eo6ToB+OMLrJEpM=",
|
||||
"ref": "nixify-ng",
|
||||
"rev": "321846d2dac2d56999ebd3833ca51b19c1e7d83d",
|
||||
"revCount": 442,
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
|
||||
},
|
||||
"original": {
|
||||
"ref": "nixify-ng",
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"disko": "disko",
|
||||
@ -155,6 +176,7 @@
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"pvv-calendar-bot": "pvv-calendar-bot",
|
||||
"pvv-nettsiden": "pvv-nettsiden",
|
||||
"sops-nix": "sops-nix"
|
||||
}
|
||||
},
|
||||
@ -166,11 +188,11 @@
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1710195194,
|
||||
"narHash": "sha256-KFxCJp0T6TJOz1IOKlpRdpsCr9xsvlVuWY/VCiAFnTE=",
|
||||
"lastModified": 1711249319,
|
||||
"narHash": "sha256-N+Pp3/8H+rd7cO71VNV/ovV/Kwt+XNeUHNhsmyTabdM=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "e52d8117b330f690382f1d16d81ae43daeb4b880",
|
||||
"rev": "405987a66cce9a4a82f321f11b205982a7127c88",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
12
flake.nix
12
flake.nix
@ -11,6 +11,9 @@
|
||||
disko.url = "github:nix-community/disko";
|
||||
disko.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
pvv-nettsiden.url = "git+https://git.pvv.ntnu.no/Projects/nettsiden.git?ref=nixify-ng";
|
||||
pvv-nettsiden.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git";
|
||||
pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
@ -23,7 +26,7 @@
|
||||
grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, disko, ... }@inputs:
|
||||
outputs = { self, nixpkgs, nixpkgs-unstable, pvv-nettsiden, sops-nix, disko, ... }@inputs:
|
||||
let
|
||||
nixlib = nixpkgs.lib;
|
||||
systems = [
|
||||
@ -59,6 +62,7 @@
|
||||
inherit system;
|
||||
overlays = [
|
||||
inputs.pvv-calendar-bot.overlays.${system}.default
|
||||
inputs.pvv-nettsiden.overlays.${system}.default
|
||||
];
|
||||
};
|
||||
}
|
||||
@ -74,7 +78,11 @@
|
||||
inputs.pvv-calendar-bot.nixosModules.default
|
||||
];
|
||||
};
|
||||
bekkalokk = stableNixosConfig "bekkalokk" { };
|
||||
bekkalokk = stableNixosConfig "bekkalokk" {
|
||||
modules = [
|
||||
inputs.pvv-nettsiden.nixosModules.default
|
||||
];
|
||||
};
|
||||
bob = stableNixosConfig "bob" {
|
||||
modules = [
|
||||
disko.nixosModules.disko
|
||||
|
@ -9,7 +9,7 @@
|
||||
#./services/keycloak.nix
|
||||
|
||||
# TODO: set up authentication for the following:
|
||||
# ./services/website.nix
|
||||
./services/website.nix
|
||||
./services/nginx
|
||||
./services/gitea/default.nix
|
||||
./services/webmail
|
||||
|
@ -1,8 +1,8 @@
|
||||
{ config, lib, ... }:
|
||||
{
|
||||
services.nginx.virtualHosts = {
|
||||
"www2.pvv.ntnu.no" = {
|
||||
serverAliases = [ "www2.pvv.org" "pvv.ntnu.no" "pvv.org" ];
|
||||
"pvv.ntnu.no" = {
|
||||
serverAliases = [ "pvv.org" ];
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
|
@ -1,4 +1,39 @@
|
||||
{ ... }:
|
||||
{
|
||||
{ pkgs, lib, config, ... }:
|
||||
let
|
||||
format = pkgs.formats.php { };
|
||||
cfg = config.services.pvv-nettsiden;
|
||||
in {
|
||||
services.pvv-nettsiden = {
|
||||
enable = true;
|
||||
|
||||
domainName = "www2.pvv.ntnu.no";
|
||||
|
||||
settings = {
|
||||
DOOR_SECRET = "verysecret";
|
||||
|
||||
DB = {
|
||||
DSN = "mysql:dbname=www_data_www2;host=mysql.pvv.ntnu.no";
|
||||
USER = "www-data_www2";
|
||||
PASS = format.lib.mkRaw "file_get_contents('${config.sops.secrets."nettsiden/database/password".path}')";
|
||||
};
|
||||
|
||||
SAML = {
|
||||
COOKIE_SALT = "changeme";
|
||||
COOKIE_SECURE = true;
|
||||
ADMIN_PASSWORD = "torskefjes";
|
||||
TRUSTED_DOMAINS = [ cfg.domainName ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.phpfpm.pools."pvv-nettsiden".settings = {
|
||||
# "php_admin_value[error_log]" = "stderr";
|
||||
"php_admin_flag[log_errors]" = true;
|
||||
"catch_workers_output" = true;
|
||||
};
|
||||
|
||||
sops.secrets."nettsiden/database/password" = {
|
||||
owner = config.services.phpfpm.pools.pvv-nettsiden.user;
|
||||
group = config.services.phpfpm.pools.pvv-nettsiden.group;
|
||||
};
|
||||
}
|
||||
|
@ -13,6 +13,9 @@ mediawiki:
|
||||
database: ENC[AES256_GCM,data:EvVK3Mo6cZiIZS+gTxixU4r9SXN41VqwaWOtortZRNH+WPJ4xcYvzYMJNg==,iv:JtFTRLn3fzKIfgAPRqRgQjct7EdkEHtiyQKPy8/sZ2Q=,tag:nqzseG6BC0X5UNI/3kZZ3A==,type:str]
|
||||
keycloak:
|
||||
database: ENC[AES256_GCM,data:76+AZnNR5EiturTP7BdOCKE90bFFkfGlRtviSP5NHxPbb3RfFPJEMlwtzA==,iv:nS7VTossHdlrHjPeethhX+Ysp9ukrb5JD7kjG28OFpY=,tag:OMpiEv9nQA7v6lWJfNxEEw==,type:str]
|
||||
nettsiden:
|
||||
database:
|
||||
password: ENC[AES256_GCM,data:6jYD6RM+bkWyMxQKaDXhTX/S,iv:3RILCebHs7E7LUX4B5DIM/E6qRWBh8a1Z94YcDZNQdc=,tag:FLW4dQ9DbVeOkjax4aiv3w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@ -46,8 +49,8 @@ sops:
|
||||
akVjeTNTeGorZjJQOVlMeCtPRUVYL3MK+VMvGxrbzGz4Q3sdaDDWjal+OiK+JYKX
|
||||
GHiMXVHQJZu/RrlxMjHKN6V3iaqxZpuvLAEJ2Lzy5EOHPtuiiRyeHQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-09-17T02:02:24Z"
|
||||
mac: ENC[AES256_GCM,data:Lkvj9UOdE/WZtFReMs6n8ucFuJNPb76ZhPHFpYAEqYEe8d9FdMPMzq05DBAJe9IqpFS0jc9SWxJUPHfGgoMR8nPciZuR/mpJ+4s/cRkPbApwBPcLlvatE/qkbcxzoLlb1vN0gth5G/U7UEfk5Pp9gIz6Yo4sEIS3Za42tId1MpI=,iv:s3VELgU/RJ98/lbQV3vPtOLXtwFzB3KlY7bMKbAzp/g=,tag:D8s0XyGnd8UhbCseB/TyFg==,type:str]
|
||||
lastmodified: "2024-03-23T20:46:37Z"
|
||||
mac: ENC[AES256_GCM,data:Du1usETRD5lzf4QS3jCQZ8UZRNxdydZID8AI8Y1+YtmX66pszzLTNdzlzvid5fVRi1LFS7gSJfcIcfSPKTv20zeo/qzM5qhUoM9X8JOr+m0+FmjrmBJKnEqBvP7qOysBLZinR+pfr6RiR0tJMTWcmQp9k4q/wTeCU9Aaoz3OXr8=,iv:dCvzA1MOiid8WiIijznf0vvF6i9V9ZDSzvwfRONMN/M=,tag:qCN6RxvQ8wZIcUqwI0jU6g==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-05-21T00:28:40Z"
|
||||
enc: |
|
||||
@ -70,4 +73,5 @@ sops:
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
version: 3.8.1
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user