Drift/pvv-nixos-config
17
5
Fork 1
Code Issues Pull Requests 11 Actions Wiki Activity

Compare commits

base: Drift:create-flake-input-exporter
Branches Tags
Drift:main Drift:year-of-the-lord-25-11 Drift:bluemap-use-kartverket-python Drift:gitea-vaskepersonalet Drift:errorpages Drift:create-flake-input-exporter Drift:fix-import-gitea-users-script Drift:gitea-runners-secrets Drift:25.05 Drift:new_nodes Drift:grg-ip Drift:nom Drift:add-skrott Drift:pvvvvv Drift:setup-git-mirroring-on-bicep Drift:init-bakke Drift:gitea-show-license-in-list-view Drift:nix-topology Drift:gitea-robots-txt Drift:dagali-heimdal-openldap-sasl-stack Drift:gitea-navbar-get-started Drift:backup-databases Drift:openwebui Drift:setup-openvpn-tunnel Drift:gitea-gpg-signing Drift:sleipner-authorised-keys Drift:openstack-image-builder Drift:elysium Drift:smartd-notifs Drift:systemd-journald-remote Drift:skrot Drift:deploy-doorbell Drift:misc-gitea-fixes Drift:spotifyd Drift:remote Drift:setup-bikkje-login Drift:ozai-prod Drift:add-bluemap Drift:ozai Drift:setup-postfix-for-service-machines Drift:fix-gitea-ci-runner-network-issues Drift:heimdal-openldap-sasl-testing-on-salsa-on-buskerud Drift:gitea-metrics Drift:misc1 Drift:add-simple-saml-theme Drift:misc-extra-gitea-setup Drift:setup-kerberos Drift:setup-home-areas Drift:shark-kanidm Drift:prometheusexim
..
compare: Drift:errorpages
Branches Tags
Drift:main Drift:year-of-the-lord-25-11 Drift:bluemap-use-kartverket-python Drift:gitea-vaskepersonalet Drift:errorpages Drift:create-flake-input-exporter Drift:fix-import-gitea-users-script Drift:gitea-runners-secrets Drift:25.05 Drift:new_nodes Drift:grg-ip Drift:nom Drift:add-skrott Drift:pvvvvv Drift:setup-git-mirroring-on-bicep Drift:init-bakke Drift:gitea-show-license-in-list-view Drift:nix-topology Drift:gitea-robots-txt Drift:dagali-heimdal-openldap-sasl-stack Drift:gitea-navbar-get-started Drift:backup-databases Drift:openwebui Drift:setup-openvpn-tunnel Drift:gitea-gpg-signing Drift:sleipner-authorised-keys Drift:openstack-image-builder Drift:elysium Drift:smartd-notifs Drift:systemd-journald-remote Drift:skrot Drift:deploy-doorbell Drift:misc-gitea-fixes Drift:spotifyd Drift:remote Drift:setup-bikkje-login Drift:ozai-prod Drift:add-bluemap Drift:ozai Drift:setup-postfix-for-service-machines Drift:fix-gitea-ci-runner-network-issues Drift:heimdal-openldap-sasl-testing-on-salsa-on-buskerud Drift:gitea-metrics Drift:misc1 Drift:add-simple-saml-theme Drift:misc-extra-gitea-setup Drift:setup-kerberos Drift:setup-home-areas Drift:shark-kanidm Drift:prometheusexim

7 Commits
create-fla ... errorpages

Author SHA1 Message Date
Adrian G L
914458d4b0 feat: add error pages to nginx on bekkalokk 2025-10-25 22:13:02 +02:00
Daniel Olsen
3faad36418 base/nixos-exporter: allow localhost to fetch 2025-10-13 06:41:28 +02:00
Daniel Olsen
0b74907f76 bicep/matrix/hookshot: enable widgets and js transformations 2025-10-13 06:02:33 +02:00
Daniel Olsen
bacfdeff23 bicep/matrix/hookshot: try fix up widgets and SSL 2025-10-13 05:42:06 +02:00
Daniel Olsen
9e51bdb373 base/nixos-exporter: listen on own server block 2025-10-12 16:42:42 +02:00
Daniel Olsen
df5557698f ildkule: scrape the nixos-flake exporters 2025-10-12 06:09:15 +02:00
fredrikr79
c7930b793a base: create flake input exporter 2025-10-12 05:23:54 +02:00
7 changed files with 175 additions and 36 deletions
Expand all files Collapse all files

27
base/flake-input-exporter.nix
View File

@@ -3,6 +3,7 @@
inputs, inputs,
lib, lib,
pkgs, pkgs,
values,
... ...
}: }:
let let
@@ -15,26 +16,40 @@ let
); );
folder = pkgs.writeTextDir "share/flake-inputs" ( folder = pkgs.writeTextDir "share/flake-inputs" (
lib.concatMapStringsSep "\n" ( lib.concatMapStringsSep "\n" (
{ name, value }: { name, value }: ''nixos_last_modified_input{flake="${name}"} ${toString value.lastModified}''
"nixos_last_modified_input{flake=${name},host=${config.networking.hostName}} ${toString value.lastModified}"
) (lib.attrsToList data) ) (lib.attrsToList data)
); );
port = 9102;
in in
{ {
services.nginx.virtualHosts."${config.networking.fqdn}" = { services.nginx.virtualHosts."${config.networking.fqdn}-nixos-metrics" = {
forceSSL = true; serverName = config.networking.fqdn;
enableACME = true;
kTLS = true;
serverAliases = [ serverAliases = [
"${config.networking.hostName}.pvv.org" "${config.networking.hostName}.pvv.org"
]; ];
locations."/metrics" = { locations."/metrics" = {
root = "${folder}/share"; root = "${folder}/share";
tryFiles = "/flake-inputs =404";
extraConfig = ''
default_type text/plain;
'';
}; };
listen = [
{
inherit port;
addr = "0.0.0.0";
}
];
extraConfig = '' extraConfig = ''
allow ${values.hosts.ildkule.ipv4}/32;
allow ${values.hosts.ildkule.ipv6}/128;
allow 127.0.0.1/32;
allow ::1/128;
allow 129.241.210.128/25; allow 129.241.210.128/25;
allow 2001:700:300:1900::/64; allow 2001:700:300:1900::/64;
deny all; deny all;
''; '';
}; };
networking.firewall.allowedTCPPorts = [ port ];
} }

30
flake.lock generated
View File

@@ -48,11 +48,11 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1758386174, "lastModified": 1758919016,
"narHash": "sha256-iNDxHSDdb/LlqDbqP9BcZd1QEmks4iYiyN34UhUizZ8=", "narHash": "sha256-TSJMOWq9dO7P1iQB4httzWwAtpM1veacLcaS7FAyTpo=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "a21fdfe56743afc7de1fb14597711fbd97ddef76", "rev": "c87263b784954d20485d108e70934c9316935d75",
"revCount": 50, "revCount": 51,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git" "url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git"
}, },
@@ -159,11 +159,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1758363343, "lastModified": 1760254360,
"narHash": "sha256-TWem5ajoX0vD7j1v/cg3XU7GHWW10HRUQbZL++QNXLk=", "narHash": "sha256-Npp92Joy2bRyickrrVP9+85z31aGS8kVNiLlKvd5pC4=",
"rev": "b2a3852bd078e68dd2b3dfa8c00c67af1f0a7d20", "rev": "bafe987a29b8bea2edbb3aba76b51464b3d222f0",
"type": "tarball", "type": "tarball",
"url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.810175.b2a3852bd078/nixexprs.tar.xz" "url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.811161.bafe987a29b8/nixexprs.tar.xz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
@@ -172,11 +172,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1758361324, "lastModified": 1760252326,
"narHash": "sha256-uCqhgJlmxP3UmyCNZ21ucc5Ic0I2le3rA7+Q61UH1YA=", "narHash": "sha256-5v32B25kSE++E+KtP4DO687r/AlWL9qOlOjtYyfcDSw=",
"rev": "0f3383ef02bc092d2f82afa4e556743c6e6b74d6", "rev": "66e5020bfe0af40ffa127426f8405edbdadbb40b",
"type": "tarball", "type": "tarball",
"url": "https://releases.nixos.org/nixos/unstable-small/nixos-25.11pre864278.0f3383ef02bc/nixexprs.tar.xz" "url": "https://releases.nixos.org/nixos/unstable-small/nixos-25.11pre876242.66e5020bfe0a/nixexprs.tar.xz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
@@ -268,11 +268,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1758007585, "lastModified": 1760240450,
"narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=", "narHash": "sha256-sa9bS9jSyc4vH0jSWrUsPGdqtMvDwmkLg971ntWOo2U=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139", "rev": "41fd1f7570c89f645ee0ada0be4e2d3c4b169549",
"type": "github" "type": "github"
}, },
"original": { "original": {

99
hosts/bekkalokk/services/500.html Normal file
View File

@@ -0,0 +1,99 @@
<!DOCTYPE html>
<html lang="no">
<head>
<meta charset="utf-8">
<title>500 Intern serverfeil | PVV</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<style>
body {
margin: 0;
padding: 0;
font-family: 'Open Sans', sans-serif;
background-color: #002244;
color: #f0f0f0;
display: flex;
align-items: center;
justify-content: center;
height: 100vh;
text-align: center;
}
.box {
max-width: 480px;
padding: 2rem;
}
.logo {
width: 30%;
height: auto;
margin: 0 auto 2rem;
}
h1 {
margin: 0 0 1rem;
font-size: 2.25rem;
font-weight: 700;
}
p {
margin: 0 0 1.25rem;
font-size: 1.05rem;
line-height: 1.4;
}
.error-code {
margin: 1.5rem 0;
opacity: 0.7;
}
.contact {
margin-top: 1.75rem;
font-size: 0.93rem;
line-height: 1.4;
}
.contact a {
color: #bcd025;
text-decoration: none;
}
ul {
padding: 0;
list-style: none;
margin: 0.5rem 0 0;
}
li {
margin: 0.35rem 0;
}
</style>
</head>
<body>
<div class="box">
<div class="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 200 200">
<path fill="#283681" d="M0 0h200v200H0z"/>
<g fill="none" fill-opacity="0" stroke="#fff" stroke-width="1.1">
<path d="M119.6 180H78.3"/>
<path d="M179.3 55.8v124.3h-55"/>
<path stroke-linecap="square" d="M124.6 180a2.5 2.5 0 0 0-2.5-2.5 2.5 2.5 0 0 0-2.6 2.6H78.6a2.5 2.5 0 0 0-2.5-2.6 2.5 2.5 0 0 0-2.6 2.6H19.2V19.9h160v30H175v6.2h4.3"/>
</g>
<circle cx="396.8" cy="400" r="320.3" fill="none" stroke="#fff" stroke-miterlimit="10" stroke-width="4.2" transform="scale(.25)"/>
<g fill="none" fill-opacity="0" stroke="#fff" stroke-width="1.1">
<path stroke-linejoin="bevel" d="M128.6 43.4h-86v113.3h113.2V53.8l-9.7-10.5h-6.8L137 45h-5.4"/>
<path d="M131.6 83c0 1.9-1.3 3.4-3 3.4H57c-1.6 0-3-1.6-3-3.5v-36c0-1.9 1.4-3.4 3-3.4h71.7c1.7 0 3 1.5 3 3.4z"/>
<path d="M131.7 83.4a3 3 0 0 1-3 3H74.2a3 3 0 0 1-3-3v-37a3 3 0 0 1 3-3h54.5a3 3 0 0 1 3 3zm12.8 70a3 3 0 0 1-3 3H56.9a3 3 0 0 1-3-3V95.3a3 3 0 0 1 3-3h84.6a3 3 0 0 1 3 3zM45 147.6h6.4v5.7H45zm101.9 0h6.4v5.7H147z"/>
<path d="M108.4 48.4h16.2v34.4h-16.2z"/>
</g>
<path fill="#fff" stroke="#fff" stroke-miterlimit="10" stroke-width="4.2" d="M275 541.6c0 3.5 2.7 6.4 6.2 6.4 3.6 0 6.5-2.9 6.5-6.4v-31h30.8c10.5 0 19.2-8.7 19.2-19.2v-22.7c0-10.3-8.7-19-19.2-19H275zm12.7-43.8v-35.4h30.8c3.3 0 6.5 3 6.5 6.3v22.7c0 3.6-3 6.5-6.5 6.5zm78.3-19 25.3 65.2a6.4 6.4 0 0 0 12 0l25.4-65.3V456c0-3.4-2.9-6.3-6.4-6.3a6.3 6.3 0 0 0-6.3 6.3v20.3l-18.6 47.6-18.7-47.6V456c0-3.4-2.9-6.3-6.4-6.3a6.3 6.3 0 0 0-6.3 6.3zm91 0 25.4 65.2a6.4 6.4 0 0 0 12 0l25.4-65.3V456c0-3.4-2.9-6.3-6.4-6.3a6.3 6.3 0 0 0-6.3 6.3v20.3l-18.7 47.6-18.6-47.6V456c0-3.4-3-6.3-6.5-6.3a6.3 6.3 0 0 0-6.3 6.3z" transform="scale(.25)"/>
</svg>
</div>
<h1>50X: Intern serverfeil</h1>
<p>Beklager, noe gikk galt.</p>
<p>Vennligst prøv igjen senere eller gå til forsiden.</p>
<div class="error-code">Feilkode: 50X</div>
<div class="contact">
<p>Kontakt drift hvis problemet vedvarer:</p>
<ul>
<li><strong>Discord:</strong> <a href="https://discord.gg/pyDDFpbG2x" target="_blank">discord.gg/pyDDFpbG2x</a></li>
<li><strong>Matrix:</strong> <a href="https://matrix.to/#/#pvv:pvv.ntnu.no" target="_blank">#pvv:pvv.ntnu.no</a></li>
<li><strong>Epost:</strong> <a href="mailto:drift@pvv.ntnu.no">drift@pvv.ntnu.no</a></li>
</ul>
</div>
</div>
</body>
</html>

8
hosts/bekkalokk/services/nginx.nix
View File

@@ -1,4 +1,10 @@
{ pkgs, config, ... }: { pkgs, config, ... }:
{ {
services.nginx.enable = true; services.nginx = {
enable = true;
appendHttpConfig = ''
error_page 500 502 503 504 /500.html;
'';
};
environment.etc."nginx/html/500.html".source = ./500.html;
} }

12
hosts/bekkalokk/services/website/default.nix
View File

@@ -122,5 +122,17 @@ in {
"/diverse/abuse.php".return = "301 https://wiki.pvv.ntnu.no/wiki/CERT/Abuse"; "/diverse/abuse.php".return = "301 https://wiki.pvv.ntnu.no/wiki/CERT/Abuse";
"/nerds/".return = "301 https://wiki.pvv.ntnu.no/wiki/Nerdepizza"; "/nerds/".return = "301 https://wiki.pvv.ntnu.no/wiki/Nerdepizza";
}; };
extraConfig = ''
error_page 500 502 503 504 /500.html;
'';
locations."/500.html" = {
root = "/etc/static/nginx/html";
extraConfig = ''
internal;
'';
};
}; };
} }

10
hosts/bicep/services/matrix/hookshot/default.nix
View File

@@ -77,14 +77,14 @@ in
outbound = true; outbound = true;
urlPrefix = "https://hookshot.pvv.ntnu.no/webhook/"; urlPrefix = "https://hookshot.pvv.ntnu.no/webhook/";
userIdPrefix = "_webhooks_"; userIdPrefix = "_webhooks_";
allowJsTransformationFunctions = false; allowJsTransformationFunctions = true;
waitForComplete = false; waitForComplete = false;
}; };
feeds = { feeds = {
enabled = true; enabled = true;
pollIntervalSeconds = 600; pollIntervalSeconds = 600;
}; };
serviceBots = [ serviceBots = [
{ localpart = "bot_feeds"; { localpart = "bot_feeds";
displayname = "Aya"; displayname = "Aya";
@@ -94,6 +94,11 @@ in
} }
]; ];
widgets = {
roomSetupWidget.addOnInvite = false;
publicUrl = "https://hookshot.pvv.ntnu.no/widgetapi/v1/static";
};
permissions = [ permissions = [
# Users of the PVV Server # Users of the PVV Server
{ actor = "pvv.ntnu.no"; { actor = "pvv.ntnu.no";
@@ -128,6 +133,7 @@ in
services.nginx.virtualHosts."hookshot.pvv.ntnu.no" = { services.nginx.virtualHosts."hookshot.pvv.ntnu.no" = {
enableACME = true; enableACME = true;
addSSL = true;
locations."/" = { locations."/" = {
proxyPass = "http://${webhookListenAddress}:${toString webhookListenPort}"; proxyPass = "http://${webhookListenAddress}:${toString webhookListenPort}";
}; };

25
hosts/ildkule/services/monitoring/prometheus/machines.nix
View File

@@ -8,25 +8,26 @@
defaultNodeExporterPort = 9100; defaultNodeExporterPort = 9100;
defaultSystemdExporterPort = 9101; defaultSystemdExporterPort = 9101;
defaultNixosExporterPort = 9102;
in { in {
services.prometheus.scrapeConfigs = [{ services.prometheus.scrapeConfigs = [{
job_name = "base_info"; job_name = "base_info";
static_configs = [ static_configs = [
(mkHostScrapeConfig "ildkule" [ cfg.exporters.node.port cfg.exporters.systemd.port ]) (mkHostScrapeConfig "ildkule" [ cfg.exporters.node.port cfg.exporters.systemd.port defaultNixosExporterPort ])
(mkHostScrapeConfig "bekkalokk" [ defaultNodeExporterPort defaultSystemdExporterPort ]) (mkHostScrapeConfig "bekkalokk" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
(mkHostScrapeConfig "bicep" [ defaultNodeExporterPort defaultSystemdExporterPort ]) (mkHostScrapeConfig "bicep" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
(mkHostScrapeConfig "brzeczyszczykiewicz" [ defaultNodeExporterPort defaultSystemdExporterPort ]) (mkHostScrapeConfig "brzeczyszczykiewicz" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
(mkHostScrapeConfig "georg" [ defaultNodeExporterPort defaultSystemdExporterPort ]) (mkHostScrapeConfig "georg" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
(mkHostScrapeConfig "kommode" [ defaultNodeExporterPort defaultSystemdExporterPort ]) (mkHostScrapeConfig "kommode" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
(mkHostScrapeConfig "ustetind" [ defaultNodeExporterPort defaultSystemdExporterPort ]) (mkHostScrapeConfig "ustetind" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
(mkHostScrapeConfig "wenche" [ defaultNodeExporterPort defaultSystemdExporterPort ]) (mkHostScrapeConfig "wenche" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
(mkHostScrapeConfig "lupine-1" [ defaultNodeExporterPort defaultSystemdExporterPort ]) (mkHostScrapeConfig "lupine-1" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
# (mkHostScrapeConfig "lupine-2" [ defaultNodeExporterPort defaultSystemdExporterPort ]) # (mkHostScrapeConfig "lupine-2" [ defaultNodeExporterPort defaultSystemdExporterPort ])
(mkHostScrapeConfig "lupine-3" [ defaultNodeExporterPort defaultSystemdExporterPort ]) (mkHostScrapeConfig "lupine-3" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
(mkHostScrapeConfig "lupine-4" [ defaultNodeExporterPort defaultSystemdExporterPort ]) (mkHostScrapeConfig "lupine-4" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
(mkHostScrapeConfig "lupine-5" [ defaultNodeExporterPort defaultSystemdExporterPort ]) (mkHostScrapeConfig "lupine-5" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
(mkHostScrapeConfig "hildring" [ defaultNodeExporterPort ]) (mkHostScrapeConfig "hildring" [ defaultNodeExporterPort ])
(mkHostScrapeConfig "isvegg" [ defaultNodeExporterPort ]) (mkHostScrapeConfig "isvegg" [ defaultNodeExporterPort ])