Compare commits

...

1 Commits

Author SHA1 Message Date
Felix Albrigtsen ddbabc935b bekkalokk: WIP add www2
Eval nix flake / evals (push) Failing after 1m49s Details
2024-03-24 02:02:35 +01:00
6 changed files with 82 additions and 30 deletions

View File

@ -146,6 +146,27 @@
"url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git"
}
},
"pvv-nettsiden": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1711230408,
"narHash": "sha256-KqYkuRTipcLqBYF8l9xwiJOpxMtEoyfpRbC6Yqggqqk=",
"ref": "nixify-ng",
"rev": "96e5e4b8577a356921259c82e54eea020855bbf7",
"revCount": 440,
"type": "git",
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
},
"original": {
"ref": "nixify-ng",
"type": "git",
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
}
},
"root": {
"inputs": {
"disko": "disko",
@ -155,6 +176,7 @@
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable",
"pvv-calendar-bot": "pvv-calendar-bot",
"pvv-nettsiden": "pvv-nettsiden",
"sops-nix": "sops-nix"
}
},

View File

@ -11,6 +11,9 @@
disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs";
pvv-nettsiden.url = "git+https://git.pvv.ntnu.no/Projects/nettsiden.git?ref=nixify-ng";
pvv-nettsiden.inputs.nixpkgs.follows = "nixpkgs";
pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git";
pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
@ -23,7 +26,7 @@
grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";
};
outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, disko, ... }@inputs:
outputs = { self, nixpkgs, nixpkgs-unstable, pvv-nettsiden, sops-nix, disko, ... }@inputs:
let
nixlib = nixpkgs.lib;
systems = [
@ -53,16 +56,17 @@
modules = [
./hosts/${name}/configuration.nix
sops-nix.nixosModules.sops
];
] ++ config.modules or [];
pkgs = import nixpkgs {
inherit system;
overlays = [
inputs.pvv-calendar-bot.overlays.${system}.default
inputs.pvv-nettsiden.overlays.${system}.default
];
};
}
config
(removeAttrs config [ "modules" ])
);
stableNixosConfig = nixosConfig nixpkgs;
@ -70,19 +74,17 @@
in {
bicep = stableNixosConfig "bicep" {
modules = [
./hosts/bicep/configuration.nix
sops-nix.nixosModules.sops
inputs.matrix-next.nixosModules.default
inputs.pvv-calendar-bot.nixosModules.default
];
};
bekkalokk = stableNixosConfig "bekkalokk" { };
bekkalokk = stableNixosConfig "bekkalokk" {
modules = [
inputs.pvv-nettsiden.nixosModules.default
];
};
bob = stableNixosConfig "bob" {
modules = [
./hosts/bob/configuration.nix
sops-nix.nixosModules.sops
disko.nixosModules.disko
{ disko.devices.disk.disk1.device = "/dev/vda"; }
];
@ -93,28 +95,17 @@
brzeczyszczykiewicz = stableNixosConfig "brzeczyszczykiewicz" {
modules = [
./hosts/brzeczyszczykiewicz/configuration.nix
sops-nix.nixosModules.sops
inputs.grzegorz.nixosModules.grzegorz-kiosk
inputs.grzegorz-clients.nixosModules.grzegorz-webui
];
};
georg = stableNixosConfig "georg" {
modules = [
./hosts/georg/configuration.nix
sops-nix.nixosModules.sops
inputs.grzegorz.nixosModules.grzegorz-kiosk
inputs.grzegorz-clients.nixosModules.grzegorz-webui
];
};
buskerud = stableNixosConfig "buskerud" {
modules = [
./hosts/buskerud/configuration.nix
sops-nix.nixosModules.sops
];
};
buskerud = stableNixosConfig "buskerud" { };
};
devShells = forAllSystems (system: {

View File

@ -9,7 +9,7 @@
#./services/keycloak.nix
# TODO: set up authentication for the following:
# ./services/website.nix
#./services/website.nix
./services/nginx
./services/gitea/default.nix
./services/webmail

View File

@ -1,8 +1,8 @@
{ config, lib, ... }:
{
services.nginx.virtualHosts = {
"www2.pvv.ntnu.no" = {
serverAliases = [ "www2.pvv.org" "pvv.ntnu.no" "pvv.org" ];
"pvv.ntnu.no" = {
serverAliases = [ "pvv.org" ];
addSSL = true;
enableACME = true;

View File

@ -1,4 +1,39 @@
{ ... }:
{
{ pkgs, lib, config, ... }:
let
format = pkgs.formats.php { };
cfg = config.services.pvv-nettsiden;
in {
services.pvv-nettsiden = {
enable = true;
domainName = "www2.pvv.ntnu.no";
settings = {
DOOR_SECRET = "verysecret";
DB = {
DSN = "mysql:dbname=www_data_www2;host=mysql.pvv.ntnu.no";
USER = "www-data_www2";
PASS = format.lib.mkRaw "file_get_contents('${config.sops.secrets."nettsiden/database/password".path}')";
};
SAML = {
COOKIE_SALT = "changeme";
COOKIE_SECURE = true;
ADMIN_PASSWORD = "torskefjes";
TRUSTED_DOMAINS = [ cfg.domainName ];
};
};
};
services.phpfpm.pools."pvv-nettsiden".settings = {
"php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"catch_workers_output" = true;
};
sops.secrets."nettsiden/database/password" = {
owner = config.services.phpfpm.pools.pvv-nettsiden.user;
group = config.services.phpfpm.pools.pvv-nettsiden.group;
};
}

View File

@ -13,6 +13,9 @@ mediawiki:
database: ENC[AES256_GCM,data:EvVK3Mo6cZiIZS+gTxixU4r9SXN41VqwaWOtortZRNH+WPJ4xcYvzYMJNg==,iv:JtFTRLn3fzKIfgAPRqRgQjct7EdkEHtiyQKPy8/sZ2Q=,tag:nqzseG6BC0X5UNI/3kZZ3A==,type:str]
keycloak:
database: ENC[AES256_GCM,data:76+AZnNR5EiturTP7BdOCKE90bFFkfGlRtviSP5NHxPbb3RfFPJEMlwtzA==,iv:nS7VTossHdlrHjPeethhX+Ysp9ukrb5JD7kjG28OFpY=,tag:OMpiEv9nQA7v6lWJfNxEEw==,type:str]
nettsiden:
database:
password: ENC[AES256_GCM,data:6jYD6RM+bkWyMxQKaDXhTX/S,iv:3RILCebHs7E7LUX4B5DIM/E6qRWBh8a1Z94YcDZNQdc=,tag:FLW4dQ9DbVeOkjax4aiv3w==,type:str]
sops:
kms: []
gcp_kms: []
@ -46,8 +49,8 @@ sops:
akVjeTNTeGorZjJQOVlMeCtPRUVYL3MK+VMvGxrbzGz4Q3sdaDDWjal+OiK+JYKX
GHiMXVHQJZu/RrlxMjHKN6V3iaqxZpuvLAEJ2Lzy5EOHPtuiiRyeHQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-17T02:02:24Z"
mac: ENC[AES256_GCM,data:Lkvj9UOdE/WZtFReMs6n8ucFuJNPb76ZhPHFpYAEqYEe8d9FdMPMzq05DBAJe9IqpFS0jc9SWxJUPHfGgoMR8nPciZuR/mpJ+4s/cRkPbApwBPcLlvatE/qkbcxzoLlb1vN0gth5G/U7UEfk5Pp9gIz6Yo4sEIS3Za42tId1MpI=,iv:s3VELgU/RJ98/lbQV3vPtOLXtwFzB3KlY7bMKbAzp/g=,tag:D8s0XyGnd8UhbCseB/TyFg==,type:str]
lastmodified: "2024-03-23T20:46:37Z"
mac: ENC[AES256_GCM,data:Du1usETRD5lzf4QS3jCQZ8UZRNxdydZID8AI8Y1+YtmX66pszzLTNdzlzvid5fVRi1LFS7gSJfcIcfSPKTv20zeo/qzM5qhUoM9X8JOr+m0+FmjrmBJKnEqBvP7qOysBLZinR+pfr6RiR0tJMTWcmQp9k4q/wTeCU9Aaoz3OXr8=,iv:dCvzA1MOiid8WiIijznf0vvF6i9V9ZDSzvwfRONMN/M=,tag:qCN6RxvQ8wZIcUqwI0jU6g==,type:str]
pgp:
- created_at: "2023-05-21T00:28:40Z"
enc: |
@ -70,4 +73,5 @@ sops:
-----END PGP MESSAGE-----
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
unencrypted_suffix: _unencrypted
version: 3.7.3
version: 3.8.1