bicep: add git-mirroring service

base/services/auto-upgrade.nix

@@ -7,7 +7,7 @@
       # --update-input is deprecated since nix 2.22, and removed in lix 2.90
       # https://git.lix.systems/lix-project/lix/issues/400
       "--refresh"
-      "--override-input" "nixpkgs" "github:nixos/nixpkgs/nixos-25.05-small"
+      "--override-input" "nixpkgs" "github:nixos/nixpkgs/nixos-24.11-small"
       "--override-input" "nixpkgs-unstable" "github:nixos/nixpkgs/nixos-unstable-small"
       "--no-write-lock-file"
     ];

base/services/nginx.nix

@@ -20,14 +20,14 @@
     recommendedGzipSettings = true;
 
     appendConfig = ''
-      # pcre_jit on;
+      pcre_jit on;
       worker_processes auto;
       worker_rlimit_nofile 100000;
     '';
     eventsConfig = ''
       worker_connections 2048;
       use epoll;
-      # multi_accept on;
+      multi_accept on;
     '';
   };
 

flake.lock

@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1747742835,
+        "lastModified": 1745502102,
-        "narHash": "sha256-kYL4GCwwznsypvsnA20oyvW8zB/Dvn6K5G/tgMjVMT4=",
+        "narHash": "sha256-LqhRwzvIVPEjH0TaPgwzqpyhW6DtCrvz7FnUJDoUZh8=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "df522e787fdffc4f32ed3e1fca9ed0968a384d62",
+        "rev": "ca27b88c88948d96feeee9ed814cbd34f53d0d70",
         "type": "github"
       },
       "original": {
@@ -139,27 +139,27 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1748085680,
+        "lastModified": 1745526780,
-        "narHash": "sha256-XG90Q/040NiV70gAVvoYbXg1lULbiwIzfkWmwSINyGQ=",
+        "narHash": "sha256-LXXYBmFPMQU2lTb6alKWfjgQs08BKn+txMNcgbu00hI=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "4e6eeca5ed45465087274fc9dc6bc2011254a0f3",
+        "rev": "9204750b34cae1a8347ab4b5588115edfeebc6d7",
         "type": "github"
       },
       "original": {
         "owner": "NixOS",
-        "ref": "nixos-25.05-small",
+        "ref": "nixos-24.11-small",
         "repo": "nixpkgs",
         "type": "github"
       }
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1748074755,
+        "lastModified": 1745688173,
-        "narHash": "sha256-b3SC3Q3cXr4tdCN3WVTFqMP8I9OwaXXcj1aVoSVaygw=",
+        "narHash": "sha256-fgvG1O5JvSSjeQx+ea0DJ3GfMbLPVhAQta/DqQ2y6jc=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "c3ee76c437067f1ae09d6e530df46a3f80977992",
+        "rev": "6a2957c7978b189202e03721aab901c0a9dc1e1a",
         "type": "github"
       },
       "original": {
@@ -176,11 +176,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742225512,
+        "lastModified": 1723850344,
-        "narHash": "sha256-OB0ndlrGLE5wMUeYP4lmxly9JUEpPCeZRQyMzITKCB0=",
+        "narHash": "sha256-aT37O9l9eclWEnqxASVNBL1dKwDHZUOqdbA4VO9DJvw=",
         "ref": "refs/heads/main",
-        "rev": "c4a6a02c84d8227abf00305dc995d7242176e6f6",
+        "rev": "38b66677ab8c01aee10cd59e745af9ce3ea88092",
-        "revCount": 21,
+        "revCount": 19,
         "type": "git",
         "url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git"
       },
@@ -196,11 +196,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1742344479,
+        "lastModified": 1741738148,
-        "narHash": "sha256-9vzkDdcJPkZIHJ+fQZjC6MepicBQiMzldNhjBR58qWY=",
+        "narHash": "sha256-cJo6nbcJEOjkazkZ194NDnlsZe0W0wpxeUh2/886uC8=",
         "ref": "refs/heads/main",
-        "rev": "20bab54235488b66f30acceece4f7721f280ef85",
+        "rev": "c1802e7cf27c7cf8b4890354c982a4eef5b11593",
-        "revCount": 493,
+        "revCount": 486,
         "type": "git",
         "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
       },
@@ -253,11 +253,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1747603214,
+        "lastModified": 1745310711,
-        "narHash": "sha256-lAblXm0VwifYCJ/ILPXJwlz0qNY07DDYdLD+9H+Wc8o=",
+        "narHash": "sha256-ePyTpKEJTgX0gvgNQWd7tQYQ3glIkbqcW778RpHlqgA=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "8d215e1c981be3aa37e47aeabd4e61bb069548fd",
+        "rev": "5e3e92b16d6fdf9923425a8d4df7496b2434f39c",
         "type": "github"
       },
       "original": {

flake.nix

@@ -2,7 +2,7 @@
   description = "PVV System flake";
 
   inputs = {
-    nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05-small"; # remember to also update the url in base/services/auto-upgrade.nix
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11-small"; # remember to also update the url in base/services/auto-upgrade.nix
     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
 
     sops-nix.url = "github:Mic92/sops-nix";
@@ -111,6 +111,12 @@
           inputs.pvv-nettsiden.nixosModules.default
         ];
       };
+      bob = stableNixosConfig "bob" {
+        modules = [
+          disko.nixosModules.disko
+          { disko.devices.disk.disk1.device = "/dev/vda"; }
+        ];
+      };
       ildkule = stableNixosConfig "ildkule" { };
       #ildkule-unstable = unstableNixosConfig "ildkule" { };
       shark = stableNixosConfig "shark" { };

hosts/bekkalokk/services/mediawiki/default.nix

@@ -214,11 +214,11 @@ in {
       "= /favicon.ico".alias = pkgs.runCommandLocal "mediawiki-favicon.ico" {
         buildInputs = with pkgs; [ imagemagick ];
       } ''
-        magick \
+        convert \
-          ${fp /assets/logo_blue_regular.png} \
           -resize x64 \
           -gravity center \
           -crop 64x64+0+0 \
+          ${fp /assets/logo_blue_regular.png} \
           -flatten \
           -colors 256 \
           -background transparent \

hosts/bekkalokk/services/website/fetch-gallery.nix

@@ -53,7 +53,7 @@ in {
 
         echo "Creating thumbnail for $fname"
         mkdir -p $(dirname ".thumbnails/$fname")
-        magick -define jpeg:size=200x200 "$fname" -thumbnail 300 -auto-orient ".thumbnails/$fname.png" ||:
+        convert -define jpeg:size=200x200 "$fname" -thumbnail 300 -auto-orient ".thumbnails/$fname.png" ||:
         touch -m -d "$(date -R -r "$fname")" ".thumbnails/$fname.png"
       done <<< "$images"
     '';

hosts/bicep/services/git-mirrors/default.nix

@@ -47,14 +47,6 @@ in
       "any:glibc" = {
         settings.url = "https://sourceware.org/git/glibc.git";
       };
-
-      "any:out-of-your-element" = {
-        settings.url = "https://gitdab.com/cadence/out-of-your-element.git";
-      };
-
-      "any:out-of-your-element-module" = {
-        settings.url = "https://cgit.rory.gay/nix/OOYE-module.git";
-      };
     };
   };
 

hosts/bob/configuration.nix

@@ -0,0 +1,46 @@
+{ config, fp, pkgs, values, ... }:
+{
+  imports = [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      (fp /base)
+      (fp /misc/metrics-exporters.nix)
+      ./disks.nix
+
+      (fp /misc/builder.nix)
+    ];
+
+  sops.defaultSopsFile = fp /secrets/bob/bob.yaml;
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+  sops.age.generateKey = true;
+
+  boot.loader.grub = {
+    enable = true;
+    efiSupport = true;
+    efiInstallAsRemovable = true;
+  };
+
+  networking.hostName = "bob"; # Define your hostname.
+
+  systemd.network.networks."30-all" = values.defaultNetworkConfig // {
+    matchConfig.Name = "en*";
+    DHCP = "yes";
+    gateway = [ ];
+  };
+
+  # List packages installed in system profile
+  environment.systemPackages = with pkgs; [
+  ];
+
+  # List services that you want to enable:
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+
+}

hosts/bob/disks.nix

@@ -0,0 +1,39 @@
+# Example to create a bios compatible gpt partition
+{ lib, ... }:
+{
+  disko.devices = {
+    disk.disk1 = {
+      device = lib.mkDefault "/dev/sda";
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "filesystem";
+              format = "ext4";
+              mountpoint = "/";
+            };
+          };
+        };
+      };
+    };
+  };
+}

hosts/bob/hardware-configuration.nix

@@ -0,0 +1,24 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/profiles/qemu-guest.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_blk" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ ];
+  boot.extraModulePackages = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.ens3.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+}

hosts/georg/configuration.nix

@@ -25,26 +25,6 @@
 
   # List services that you want to enable:
 
-
-
-  services.spotifyd = {
-    enable = true;
-    settings.global = {
-      device_name = "georg";
-      use_mpris = false;
-      #dbus_type = "system";
-      #zeroconf_port = 1234;
-    };
-  };
-
-  networking.firewall.allowedTCPPorts = [
-    # config.services.spotifyd.settings.zeroconf_port
-    5353 # spotifyd is its own mDNS service wtf
-  ];
-
-
-
-
   # This value determines the NixOS release from which the default
   # settings for stateful data, like file locations and database versions
   # on your system were taken. It‘s perfectly fine and recommended to leave

hosts/kommode/services/gitea/default.nix

@@ -1,4 +1,4 @@
-{ config, values, lib, pkgs, ... }:
+{ config, values, lib, unstablePkgs, ... }:
 let
   cfg = config.services.gitea;
   domain = "git.pvv.ntnu.no";
@@ -26,7 +26,7 @@ in {
     enable = true;
     appName = "PVV Git";
 
-    package = pkgs.gitea;
+    package = unstablePkgs.gitea;
 
     database = {
       type = "postgres";

modules/gickup/default.nix

@@ -57,6 +57,7 @@ in
                     (lib.removePrefix "${repoType}:")
                     (lib.splitString "/")
                     builtins.head
+                    lib.toLower
                   ];
 
           repo = if repoType == "any"
@@ -65,11 +66,12 @@ in
                     (lib.removePrefix "${repoType}:")
                     (lib.splitString "/")
                     lib.last
+                    lib.toLower
                   ];
 
           slug = if repoType == "any"
-                 then lib.toLower (builtins.replaceStrings [ ":" "/" ] [ "-" "-" ] submoduleName)
+                 then builtins.replaceStrings [ ":" "/" ] [ "-" "-" ] submoduleName
-                 else "${lib.toLower repoType}-${lib.toLower owner}-${lib.toLower repo}";
+                 else "${repoType}-${owner}-${repo}";
         };
       in {
         options = {

modules/gickup/update-linktree.nix

@@ -5,14 +5,6 @@ in
 {
   config = lib.mkIf cfg.enable {
     # TODO: run upon completion of cloning a repository
-    systemd.timers."gickup-linktree" = {
-      wantedBy = [ "timers.target" ];
-      timerConfig = {
-        OnCalendar = "daily";
-        Persistent = true;
-        Unit = "gickup-linktree.service";
-      };
-    };
 
     # TODO: update symlink for one repo at a time (e.g. gickup-linktree@<instance>.service)
     systemd.services."gickup-linktree" = {

modules/grzegorz.nix

@@ -13,11 +13,6 @@ in {
     enablePipewire = true;
   };
 
-  systemd.user.services.restart-greg-ng = {
-    script = "systemctl --user restart greg-ng.service";
-    startAt = "*-*-* 06:30:00";
-  };
-
   services.grzegorz-webui = {
     enable = true;
     listenAddr = "localhost";

users/oysteikt.nix

@@ -13,6 +13,7 @@
       bottom
       eza
       neovim
+      diskonaut
       ripgrep
       tmux
     ];

values.nix

@@ -41,6 +41,10 @@ in rec {
       ipv4 = pvv-ipv4 209;
       ipv6 = pvv-ipv6 209;
     };
+    bob = {
+      ipv4 = "129.241.152.254";
+      # ipv6 = ;
+    };
     knutsen = {
       ipv4 = pvv-ipv4 191;
     };