kommode/gitea: hire cleaners

base/nixos-exporter: allow localhost to fetch
bicep/matrix/hookshot: enable widgets and js transformations
2025-10-30 17:11:43 +09:00 · 2025-10-13 06:41:28 +02:00 · 2025-10-13 06:02:33 +02:00 · 2025-10-13 05:42:06 +02:00 · 2025-10-12 16:42:42 +02:00 · 2025-10-12 06:09:15 +02:00
7 changed files with 163 additions and 35 deletions
--- a/base/default.nix
+++ b/base/default.nix
@@ -1,4 +1,9 @@
-{ pkgs, lib, fp, ... }:
+{
  pkgs,
  lib,
  fp,
  ...
 }:
 {
  imports = [
@@ -8,6 +13,7 @@
    ./networking.nix
    ./nix.nix
    ./vm.nix
    ./flake-input-exporter.nix
    ./services/acme.nix
    ./services/uptimed.nix
@@ -57,11 +63,11 @@
  # home-manager usually handles this for you: https://github.com/nix-community/home-manager/blob/22a36aa709de7dd42b562a433b9cefecf104a6ee/modules/programs/bash.nix#L203-L209
  # btw, programs.bash.shellInit just goes into environment.shellInit which in turn goes into /etc/profile, spooky shit
  programs.bash.shellInit = ''
-   if [ -n "''${BASH_VERSION:-}" ]; then
+    if [ -n "''${BASH_VERSION:-}" ]; then
-     if [[ ! -f ~/.bash_profile && ! -f ~/.bash_login ]]; then
+      if [[ ! -f ~/.bash_profile && ! -f ~/.bash_login ]]; then
-      [[ -f ~/.bashrc ]] && . ~/.bashrc
+       [[ -f ~/.bashrc ]] && . ~/.bashrc
-     fi
+      fi
-   fi
+    fi
  '';
  programs.zsh.enable = true;
--- a/base/flake-input-exporter.nix
+++ b/base/flake-input-exporter.nix
@@ -0,0 +1,55 @@
 {
  config,
  inputs,
  lib,
  pkgs,
  values,
  ...
 }:
 let
  data = lib.flip lib.mapAttrs inputs (
    name: input: {
      inherit (input)
        lastModified
        ;
    }
  );
  folder = pkgs.writeTextDir "share/flake-inputs" (
    lib.concatMapStringsSep "\n" (
      { name, value }: ''nixos_last_modified_input{flake="${name}"} ${toString value.lastModified}''
    ) (lib.attrsToList data)
  );
  port = 9102;
 in
 {
  services.nginx.virtualHosts."${config.networking.fqdn}-nixos-metrics" = {
    serverName = config.networking.fqdn;
    serverAliases = [
      "${config.networking.hostName}.pvv.org"
    ];
    locations."/metrics" = {
      root = "${folder}/share";
      tryFiles = "/flake-inputs =404";
      extraConfig = ''
        default_type text/plain;
      '';
    };
    listen = [
      {
        inherit port;
        addr = "0.0.0.0";
      }
    ];
    extraConfig = ''
      allow ${values.hosts.ildkule.ipv4}/32;
      allow ${values.hosts.ildkule.ipv6}/128;
      allow 127.0.0.1/32;
      allow ::1/128;
      allow 129.241.210.128/25;
      allow 2001:700:300:1900::/64;
      deny all;
    '';
  };
  networking.firewall.allowedTCPPorts = [ port ];
 }
--- a/flake.lock
+++ b/flake.lock
@@ -48,11 +48,11 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1758386174,
+        "lastModified": 1758919016,
-        "narHash": "sha256-iNDxHSDdb/LlqDbqP9BcZd1QEmks4iYiyN34UhUizZ8=",
+        "narHash": "sha256-TSJMOWq9dO7P1iQB4httzWwAtpM1veacLcaS7FAyTpo=",
        "ref": "refs/heads/main",
-        "rev": "a21fdfe56743afc7de1fb14597711fbd97ddef76",
+        "rev": "c87263b784954d20485d108e70934c9316935d75",
-        "revCount": 50,
+        "revCount": 51,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git"
      },
@@ -159,11 +159,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1758363343,
+        "lastModified": 1760254360,
-        "narHash": "sha256-TWem5ajoX0vD7j1v/cg3XU7GHWW10HRUQbZL++QNXLk=",
+        "narHash": "sha256-Npp92Joy2bRyickrrVP9+85z31aGS8kVNiLlKvd5pC4=",
-        "rev": "b2a3852bd078e68dd2b3dfa8c00c67af1f0a7d20",
+        "rev": "bafe987a29b8bea2edbb3aba76b51464b3d222f0",
        "type": "tarball",
-        "url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.810175.b2a3852bd078/nixexprs.tar.xz"
+        "url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.811161.bafe987a29b8/nixexprs.tar.xz"
      },
      "original": {
        "type": "tarball",
@@ -172,11 +172,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1758361324,
+        "lastModified": 1760252326,
-        "narHash": "sha256-uCqhgJlmxP3UmyCNZ21ucc5Ic0I2le3rA7+Q61UH1YA=",
+        "narHash": "sha256-5v32B25kSE++E+KtP4DO687r/AlWL9qOlOjtYyfcDSw=",
-        "rev": "0f3383ef02bc092d2f82afa4e556743c6e6b74d6",
+        "rev": "66e5020bfe0af40ffa127426f8405edbdadbb40b",
        "type": "tarball",
-        "url": "https://releases.nixos.org/nixos/unstable-small/nixos-25.11pre864278.0f3383ef02bc/nixexprs.tar.xz"
+        "url": "https://releases.nixos.org/nixos/unstable-small/nixos-25.11pre876242.66e5020bfe0a/nixexprs.tar.xz"
      },
      "original": {
        "type": "tarball",
@@ -268,11 +268,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1758007585,
+        "lastModified": 1760240450,
-        "narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=",
+        "narHash": "sha256-sa9bS9jSyc4vH0jSWrUsPGdqtMvDwmkLg971ntWOo2U=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139",
+        "rev": "41fd1f7570c89f645ee0ada0be4e2d3c4b169549",
        "type": "github"
      },
      "original": {
--- a/hosts/bicep/services/matrix/hookshot/default.nix
+++ b/hosts/bicep/services/matrix/hookshot/default.nix
@@ -77,14 +77,14 @@ in
        outbound = true;
        urlPrefix = "https://hookshot.pvv.ntnu.no/webhook/";
        userIdPrefix = "_webhooks_";
-        allowJsTransformationFunctions = false;
+        allowJsTransformationFunctions = true;
        waitForComplete = false;
      };
      feeds = {
        enabled = true;
        pollIntervalSeconds = 600;
      };
-      
+
      serviceBots = [
        { localpart = "bot_feeds";
          displayname = "Aya";
@@ -94,6 +94,11 @@ in
        }
      ];
      widgets = {
        roomSetupWidget.addOnInvite = false;
        publicUrl = "https://hookshot.pvv.ntnu.no/widgetapi/v1/static";
      };
      permissions = [
        # Users of the PVV Server
        { actor = "pvv.ntnu.no";
@@ -128,6 +133,7 @@ in
  services.nginx.virtualHosts."hookshot.pvv.ntnu.no" = {
    enableACME = true;
    addSSL = true;
    locations."/" = {
      proxyPass = "http://${webhookListenAddress}:${toString webhookListenPort}";
    };
--- a/hosts/ildkule/services/monitoring/prometheus/machines.nix
+++ b/hosts/ildkule/services/monitoring/prometheus/machines.nix
@@ -8,25 +8,26 @@
  defaultNodeExporterPort = 9100;
  defaultSystemdExporterPort = 9101;
  defaultNixosExporterPort = 9102;
 in {
  services.prometheus.scrapeConfigs = [{
    job_name = "base_info";
    static_configs = [
-      (mkHostScrapeConfig "ildkule" [ cfg.exporters.node.port cfg.exporters.systemd.port ])
+      (mkHostScrapeConfig "ildkule" [ cfg.exporters.node.port cfg.exporters.systemd.port defaultNixosExporterPort ])
-      (mkHostScrapeConfig "bekkalokk" [ defaultNodeExporterPort defaultSystemdExporterPort ])
+      (mkHostScrapeConfig "bekkalokk" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
-      (mkHostScrapeConfig "bicep" [ defaultNodeExporterPort defaultSystemdExporterPort ])
+      (mkHostScrapeConfig "bicep" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
-      (mkHostScrapeConfig "brzeczyszczykiewicz" [ defaultNodeExporterPort defaultSystemdExporterPort ])
+      (mkHostScrapeConfig "brzeczyszczykiewicz" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
-      (mkHostScrapeConfig "georg" [ defaultNodeExporterPort defaultSystemdExporterPort ])
+      (mkHostScrapeConfig "georg" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
-      (mkHostScrapeConfig "kommode" [ defaultNodeExporterPort defaultSystemdExporterPort ])
+      (mkHostScrapeConfig "kommode" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
-      (mkHostScrapeConfig "ustetind" [ defaultNodeExporterPort defaultSystemdExporterPort ])
+      (mkHostScrapeConfig "ustetind" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
-      (mkHostScrapeConfig "wenche" [ defaultNodeExporterPort defaultSystemdExporterPort ])
+      (mkHostScrapeConfig "wenche" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
-      (mkHostScrapeConfig "lupine-1" [ defaultNodeExporterPort defaultSystemdExporterPort ])
+      (mkHostScrapeConfig "lupine-1" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
      # (mkHostScrapeConfig "lupine-2" [ defaultNodeExporterPort defaultSystemdExporterPort ])
-      (mkHostScrapeConfig "lupine-3" [ defaultNodeExporterPort defaultSystemdExporterPort ])
+      (mkHostScrapeConfig "lupine-3" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
-      (mkHostScrapeConfig "lupine-4" [ defaultNodeExporterPort defaultSystemdExporterPort ])
+      (mkHostScrapeConfig "lupine-4" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
-      (mkHostScrapeConfig "lupine-5" [ defaultNodeExporterPort defaultSystemdExporterPort ])
+      (mkHostScrapeConfig "lupine-5" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
      (mkHostScrapeConfig "hildring" [ defaultNodeExporterPort ])
      (mkHostScrapeConfig "isvegg" [ defaultNodeExporterPort ])
--- a/hosts/kommode/services/gitea/default.nix
+++ b/hosts/kommode/services/gitea/default.nix
@@ -8,6 +8,7 @@ in {
    ./customization
    ./gpg.nix
    ./import-users
    ./vaskepersonalet.nix
    ./web-secret-provider
  ];
--- a/hosts/kommode/services/gitea/vaskepersonalet.nix
+++ b/hosts/kommode/services/gitea/vaskepersonalet.nix
@@ -0,0 +1,59 @@
 { config, ... }:
 let
  cfg = config.services.gitea;
  cacheDir = "/var/cache/${config.systemd.services.gitea.serviceConfig.CacheDirectory}";
 in
 {
  systemd.services."gitea-vaskepersonalet" = {
    description = "yeeet";
    startAt = "hourly";
    serviceConfig = rec {
      User = cfg.user;
      Group = cfg.group;
      RuntimeDirectory = "gitea-vaskepersonalet";
      RootDirectory = "/run/${RuntimeDirectory}";
      BindPaths = [
        builtins.storeDir
        cacheDir
        cfg.dump.backupDir
      ];
    };
    script = let
      percentageLimit = 80;
    in ''
      USED=$(df --output=pcent '${cacheDir}' | grep '[0-9]' | tr -d '%')
      if [[ $USED -lt ${toString percentageLimit} ]]; then exit 0; fi
      echo "omg omg, we're running out of space, imma yeet the cache"
      rm -rf '${cacheDir}'/*
      echo "yeetus deletus"
      USED=$(df --output=pcent '${cacheDir}' | grep '[0-9]' | tr -d '%')
      if [[ $USED -lt ${toString percentageLimit} ]]; then exit 0; fi
      echo ""
      echo "bruh, still low on space, yeeting old backups"
      echo ""
      # tail -n+2 ensure we keep at least one backup.
      for file in $(ls -t1 '${cfg.dump.backupDir}' | sort --reverse | tail -n+2); do
        echo "> Chose $file"
        echo "> Do you really want to release this pokemon? [Y/n] Y"
        rm "$file"
        echo "> ..."
        echo "> The pokemon was released back into the wild"
        echo ""
        USED=$(df --output=pcent '${cacheDir}' | grep '[0-9]' | tr -d '%')
        if [[ $USED -lt ${toString percentageLimit} ]]; then exit 0; fi
      done
      echo "No way, we're still out of space? Not my problem anymore"
    '';
  };
 }
Author	SHA1	Message	Date
h7x4	bd5cb05ecf	kommode/gitea: hire cleaners Some checks failed Eval nix flake / evals (pull_request) Failing after 34s Details	2025-10-30 17:11:43 +09:00
Daniel Olsen	3faad36418	base/nixos-exporter: allow localhost to fetch	2025-10-13 06:41:28 +02:00
Daniel Olsen	0b74907f76	bicep/matrix/hookshot: enable widgets and js transformations	2025-10-13 06:02:33 +02:00
Daniel Olsen	bacfdeff23	bicep/matrix/hookshot: try fix up widgets and SSL	2025-10-13 05:42:06 +02:00
Daniel Olsen	9e51bdb373	base/nixos-exporter: listen on own server block	2025-10-12 16:42:42 +02:00
Daniel Olsen	df5557698f	ildkule: scrape the nixos-flake exporters	2025-10-12 06:09:15 +02:00
fredrikr79	c7930b793a	base: create flake input exporter	2025-10-12 05:23:54 +02:00