Compare commits
5 Commits
d88dd0a45c
...
f4778c08b9
Author | SHA1 | Date | |
---|---|---|---|
f4778c08b9 | |||
761385fe8b | |||
aa165f8348 | |||
8aed47aea9 | |||
3bdfb4c297 |
@ -13,6 +13,7 @@ keys:
|
|||||||
- &host_ildkule age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0
|
- &host_ildkule age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0
|
||||||
- &host_bekkalokk age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
|
- &host_bekkalokk age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
|
||||||
- &host_bicep age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2
|
- &host_bicep age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2
|
||||||
|
- &host_kvernberg age19rlntxt0m27waa0n288g9wgpksa6ndlzz8eneeqya7w3zd7may0sqzhcvz
|
||||||
|
|
||||||
creation_rules:
|
creation_rules:
|
||||||
# Global secrets
|
# Global secrets
|
||||||
@ -78,3 +79,9 @@ creation_rules:
|
|||||||
- *user_pederbs_bjarte
|
- *user_pederbs_bjarte
|
||||||
pgp:
|
pgp:
|
||||||
- *user_oysteikt
|
- *user_oysteikt
|
||||||
|
|
||||||
|
- path_regex: secrets/kvernberg/[^/]+$
|
||||||
|
key_groups:
|
||||||
|
- age:
|
||||||
|
- *host_kvernberg
|
||||||
|
- *user_danio
|
||||||
|
@ -1,9 +1,9 @@
|
|||||||
{ pkgs, lib, ... }:
|
{ pkgs, lib, fp, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
../users
|
(fp /users)
|
||||||
../modules/snakeoil-certs.nix
|
(fp /modules/snakeoil-certs.nix)
|
||||||
|
|
||||||
./networking.nix
|
./networking.nix
|
||||||
./nix.nix
|
./nix.nix
|
||||||
|
@ -2,12 +2,12 @@
|
|||||||
{
|
{
|
||||||
system.autoUpgrade = {
|
system.autoUpgrade = {
|
||||||
enable = true;
|
enable = true;
|
||||||
flake = "git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git";
|
flake = "git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git?ref=pvvvvv";
|
||||||
flags = [
|
flags = [
|
||||||
# --update-input is deprecated since nix 2.22, and removed in lix 2.90
|
# --update-input is deprecated since nix 2.22, and removed in lix 2.90
|
||||||
# https://git.lix.systems/lix-project/lix/issues/400
|
# https://git.lix.systems/lix-project/lix/issues/400
|
||||||
"--refresh"
|
"--refresh"
|
||||||
"--override-input" "nixpkgs" "github:nixos/nixpkgs/nixos-24.05-small"
|
"--override-input" "nixpkgs" "github:NixOS/nixpkgs/refs/pull/332699/merge"
|
||||||
"--override-input" "nixpkgs-unstable" "github:nixos/nixpkgs/nixos-unstable-small"
|
"--override-input" "nixpkgs-unstable" "github:nixos/nixpkgs/nixos-unstable-small"
|
||||||
"--no-write-lock-file"
|
"--no-write-lock-file"
|
||||||
];
|
];
|
||||||
|
@ -31,7 +31,6 @@
|
|||||||
ProtectSystem = "full";
|
ProtectSystem = "full";
|
||||||
RestrictNamespaces = true;
|
RestrictNamespaces = true;
|
||||||
RestrictRealtime = true;
|
RestrictRealtime = true;
|
||||||
RestrictSUIDSGID = true; # disable for creating setgid directories
|
|
||||||
SocketBindDeny = [ "any" ];
|
SocketBindDeny = [ "any" ];
|
||||||
SystemCallArchitectures = "native";
|
SystemCallArchitectures = "native";
|
||||||
SystemCallFilter = [
|
SystemCallFilter = [
|
||||||
|
32
flake.lock
generated
32
flake.lock
generated
@ -7,11 +7,11 @@
|
|||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1729281548,
|
"lastModified": 1731746438,
|
||||||
"narHash": "sha256-MuojlSnwAJAwfhgmW8ZtZrwm2Sko4fqubCvReqbUzYw=",
|
"narHash": "sha256-f3SSp1axoOk0NAI7oFdRzbxG2XPBSIXC+/DaAXnvS1A=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "a6a3179ddf396dfc28a078e2f169354d0c137125",
|
"rev": "cb64993826fa7a477490be6ccb38ba1fa1e18fa8",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -119,27 +119,27 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1729307008,
|
"lastModified": 1731779898,
|
||||||
"narHash": "sha256-QUvb6epgKi9pCu9CttRQW4y5NqJ+snKr1FZpG/x3Wtc=",
|
"narHash": "sha256-oxxCrYZM0WNRoaokDyVXcPIlTc8Z2yX4QjKbgXGI3IM=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "a9b86fc2290b69375c5542b622088eb6eca2a7c3",
|
"rev": "9972661139e27eed0237df4dde34839e09028cd5",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"ref": "nixos-24.05-small",
|
"ref": "refs/pull/332699/merge",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1728156290,
|
"lastModified": 1730602179,
|
||||||
"narHash": "sha256-uogSvuAp+1BYtdu6UWuObjHqSbBohpyARXDWqgI12Ss=",
|
"narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "17ae88b569bb15590549ff478bab6494dde4a907",
|
"rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -151,11 +151,11 @@
|
|||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1729308112,
|
"lastModified": 1731745710,
|
||||||
"narHash": "sha256-Ap+cPeiluam2KFZO+OWuFTl/IkIJfyGYGMgkT2pVCRY=",
|
"narHash": "sha256-SVeiClbgqL071JpAspOu0gCkPSAL51kSIRwo4C/pghA=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "61253596816c4cd65e2a0f474cbc0ac0c6e0f7cf",
|
"rev": "dfaa4cb76c2d450d8f396bb6b9f43cede3ade129",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
@ -249,11 +249,11 @@
|
|||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1728345710,
|
"lastModified": 1731748189,
|
||||||
"narHash": "sha256-lpunY1+bf90ts+sA2/FgxVNIegPDKCpEoWwOPu4ITTQ=",
|
"narHash": "sha256-Zd/Uukvpcu26M6YGhpbsgqm6LUSLz+Q8mDZ5LOEGdiE=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "06535d0e3d0201e6a8080dd32dbfde339b94f01b",
|
"rev": "d2bd7f433b28db6bc7ae03d5eca43564da0af054",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
description = "PVV System flake";
|
description = "PVV System flake";
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small"; # remember to also update the url in base/services/auto-upgrade.nix
|
nixpkgs.url = "github:NixOS/nixpkgs/refs/pull/332699/merge"; # remember to also update the url in base/services/auto-upgrade.nix
|
||||||
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
|
nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
|
||||||
|
|
||||||
sops-nix.url = "github:Mic92/sops-nix";
|
sops-nix.url = "github:Mic92/sops-nix";
|
||||||
@ -59,6 +59,7 @@
|
|||||||
specialArgs = {
|
specialArgs = {
|
||||||
inherit unstablePkgs inputs;
|
inherit unstablePkgs inputs;
|
||||||
values = import ./values.nix;
|
values = import ./values.nix;
|
||||||
|
fp = path: ./${path};
|
||||||
};
|
};
|
||||||
|
|
||||||
modules = [
|
modules = [
|
||||||
@ -132,6 +133,12 @@
|
|||||||
inputs.greg-ng.overlays.default
|
inputs.greg-ng.overlays.default
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
kvernberg = stableNixosConfig "kvernberg" {
|
||||||
|
modules = [
|
||||||
|
disko.nixosModules.disko
|
||||||
|
{ disko.devices.disk.disk1.device = "/dev/sda"; }
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
nixosModules = {
|
nixosModules = {
|
||||||
|
@ -1,10 +1,10 @@
|
|||||||
{ pkgs, values, ... }:
|
{ fp, pkgs, values, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
|
||||||
../../base
|
(fp /base)
|
||||||
../../misc/metrics-exporters.nix
|
(fp /misc/metrics-exporters.nix)
|
||||||
|
|
||||||
./services/bluemap/default.nix
|
./services/bluemap/default.nix
|
||||||
./services/gitea/default.nix
|
./services/gitea/default.nix
|
||||||
@ -19,7 +19,7 @@
|
|||||||
./services/well-known
|
./services/well-known
|
||||||
];
|
];
|
||||||
|
|
||||||
sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml;
|
sops.defaultSopsFile = fp /secrets/bekkalokk/bekkalokk.yaml;
|
||||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
||||||
sops.age.generateKey = true;
|
sops.age.generateKey = true;
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{ config, values, pkgs, lib, ... }:
|
{ config, values, fp, pkgs, lib, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.services.gitea;
|
cfg = config.services.gitea;
|
||||||
domain = "git.pvv.ntnu.no";
|
domain = "git.pvv.ntnu.no";
|
||||||
@ -173,8 +173,8 @@ in {
|
|||||||
};
|
};
|
||||||
|
|
||||||
script = let
|
script = let
|
||||||
logo-svg = ../../../../assets/logo_blue_regular.svg;
|
logo-svg = fp /assets/logo_blue_regular.svg;
|
||||||
logo-png = ../../../../assets/logo_blue_regular.png;
|
logo-png = fp /assets/logo_blue_regular.png;
|
||||||
extraLinks = pkgs.writeText "gitea-extra-links.tmpl" ''
|
extraLinks = pkgs.writeText "gitea-extra-links.tmpl" ''
|
||||||
<a class="item" href="https://www.pvv.ntnu.no/">PVV</a>
|
<a class="item" href="https://www.pvv.ntnu.no/">PVV</a>
|
||||||
<a class="item" href="https://wiki.pvv.ntnu.no/">Wiki</a>
|
<a class="item" href="https://wiki.pvv.ntnu.no/">Wiki</a>
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{ pkgs, lib, config, values, pkgs-unstable, ... }: let
|
{ pkgs, lib, fp, config, values, pkgs-unstable, ... }: let
|
||||||
cfg = config.services.mediawiki;
|
cfg = config.services.mediawiki;
|
||||||
|
|
||||||
# "mediawiki"
|
# "mediawiki"
|
||||||
@ -210,8 +210,8 @@ in {
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
"= /PNG/PVV-logo.svg".alias = ../../../../assets/logo_blue_regular.svg;
|
"= /PNG/PVV-logo.svg".alias = fp /assets/logo_blue_regular.svg;
|
||||||
"= /PNG/PVV-logo.png".alias = ../../../../assets/logo_blue_regular.png;
|
"= /PNG/PVV-logo.png".alias = fp /assets/logo_blue_regular.png;
|
||||||
"= /favicon.ico".alias = pkgs.runCommandLocal "mediawiki-favicon.ico" {
|
"= /favicon.ico".alias = pkgs.runCommandLocal "mediawiki-favicon.ico" {
|
||||||
buildInputs = with pkgs; [ imagemagick ];
|
buildInputs = with pkgs; [ imagemagick ];
|
||||||
} ''
|
} ''
|
||||||
@ -219,7 +219,7 @@ in {
|
|||||||
-resize x64 \
|
-resize x64 \
|
||||||
-gravity center \
|
-gravity center \
|
||||||
-crop 64x64+0+0 \
|
-crop 64x64+0+0 \
|
||||||
${../../../../assets/logo_blue_regular.png} \
|
${fp /assets/logo_blue_regular.png} \
|
||||||
-flatten \
|
-flatten \
|
||||||
-colors 256 \
|
-colors 256 \
|
||||||
-background transparent \
|
-background transparent \
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, lib, fp, pkgs, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.services.snappymail;
|
cfg = config.services.snappymail;
|
||||||
in {
|
in {
|
||||||
imports = [ ../../../../modules/snappymail.nix ];
|
imports = [ (fp /modules/snappymail.nix) ];
|
||||||
|
|
||||||
services.snappymail = {
|
services.snappymail = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -1,10 +1,10 @@
|
|||||||
{ pkgs, values, ... }:
|
{ fp, pkgs, values, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
|
|
||||||
../../base
|
(fp /base)
|
||||||
../../misc/metrics-exporters.nix
|
(fp /misc/metrics-exporters.nix)
|
||||||
./services/nginx
|
./services/nginx
|
||||||
|
|
||||||
./services/mysql.nix
|
./services/mysql.nix
|
||||||
@ -15,7 +15,7 @@
|
|||||||
./services/matrix
|
./services/matrix
|
||||||
];
|
];
|
||||||
|
|
||||||
sops.defaultSopsFile = ../../secrets/bicep/bicep.yaml;
|
sops.defaultSopsFile = fp /secrets/bicep/bicep.yaml;
|
||||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
||||||
sops.age.generateKey = true;
|
sops.age.generateKey = true;
|
||||||
|
@ -1,16 +1,16 @@
|
|||||||
{ config, lib, pkgs, ... }:
|
{ config, fp, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
cfg = config.services.pvv-calendar-bot;
|
cfg = config.services.pvv-calendar-bot;
|
||||||
in {
|
in {
|
||||||
sops.secrets = {
|
sops.secrets = {
|
||||||
"calendar-bot/matrix_token" = {
|
"calendar-bot/matrix_token" = {
|
||||||
sopsFile = ../../../secrets/bicep/bicep.yaml;
|
sopsFile = fp /secrets/bicep/bicep.yaml;
|
||||||
key = "calendar-bot/matrix_token";
|
key = "calendar-bot/matrix_token";
|
||||||
owner = cfg.user;
|
owner = cfg.user;
|
||||||
group = cfg.group;
|
group = cfg.group;
|
||||||
};
|
};
|
||||||
"calendar-bot/mysql_password" = {
|
"calendar-bot/mysql_password" = {
|
||||||
sopsFile = ../../../secrets/bicep/bicep.yaml;
|
sopsFile = fp /secrets/bicep/bicep.yaml;
|
||||||
key = "calendar-bot/mysql_password";
|
key = "calendar-bot/mysql_password";
|
||||||
owner = cfg.user;
|
owner = cfg.user;
|
||||||
group = cfg.group;
|
group = cfg.group;
|
||||||
|
@ -1,14 +1,14 @@
|
|||||||
{ config, lib, pkgs, secrets, values, ... }:
|
{ config, lib, fp, pkgs, secrets, values, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
sops.secrets."matrix/synapse/turnconfig" = {
|
sops.secrets."matrix/synapse/turnconfig" = {
|
||||||
sopsFile = ../../../../secrets/bicep/matrix.yaml;
|
sopsFile = fp /secrets/bicep/matrix.yaml;
|
||||||
key = "synapse/turnconfig";
|
key = "synapse/turnconfig";
|
||||||
owner = config.users.users.matrix-synapse.name;
|
owner = config.users.users.matrix-synapse.name;
|
||||||
group = config.users.users.matrix-synapse.group;
|
group = config.users.users.matrix-synapse.group;
|
||||||
};
|
};
|
||||||
sops.secrets."matrix/coturn/static-auth-secret" = {
|
sops.secrets."matrix/coturn/static-auth-secret" = {
|
||||||
sopsFile = ../../../../secrets/bicep/matrix.yaml;
|
sopsFile = fp /secrets/bicep/matrix.yaml;
|
||||||
key = "coturn/static-auth-secret";
|
key = "coturn/static-auth-secret";
|
||||||
owner = config.users.users.turnserver.name;
|
owner = config.users.users.turnserver.name;
|
||||||
group = config.users.users.turnserver.group;
|
group = config.users.users.turnserver.group;
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{ config, lib, ... }:
|
{ config, lib, fp, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.mx-puppet-discord;
|
cfg = config.services.mx-puppet-discord;
|
||||||
@ -7,11 +7,11 @@ in
|
|||||||
users.groups.keys-matrix-registrations = { };
|
users.groups.keys-matrix-registrations = { };
|
||||||
|
|
||||||
sops.secrets."matrix/discord/as_token" = {
|
sops.secrets."matrix/discord/as_token" = {
|
||||||
sopsFile = ../../../../secrets/bicep/matrix.yaml;
|
sopsFile = fp /secrets/bicep/matrix.yaml;
|
||||||
key = "discord/as_token";
|
key = "discord/as_token";
|
||||||
};
|
};
|
||||||
sops.secrets."matrix/discord/hs_token" = {
|
sops.secrets."matrix/discord/hs_token" = {
|
||||||
sopsFile = ../../../../secrets/bicep/matrix.yaml;
|
sopsFile = fp /secrets/bicep/matrix.yaml;
|
||||||
key = "discord/hs_token";
|
key = "discord/hs_token";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{ config, lib, unstablePkgs, inputs, ... }:
|
{ config, lib, fp, unstablePkgs, inputs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.matrix-hookshot;
|
cfg = config.services.matrix-hookshot;
|
||||||
@ -11,11 +11,11 @@ in
|
|||||||
];
|
];
|
||||||
|
|
||||||
sops.secrets."matrix/hookshot/as_token" = {
|
sops.secrets."matrix/hookshot/as_token" = {
|
||||||
sopsFile = ../../../../../secrets/bicep/matrix.yaml;
|
sopsFile = fp /secrets/bicep/matrix.yaml;
|
||||||
key = "hookshot/as_token";
|
key = "hookshot/as_token";
|
||||||
};
|
};
|
||||||
sops.secrets."matrix/hookshot/hs_token" = {
|
sops.secrets."matrix/hookshot/hs_token" = {
|
||||||
sopsFile = ../../../../../secrets/bicep/matrix.yaml;
|
sopsFile = fp /secrets/bicep/matrix.yaml;
|
||||||
key = "hookshot/hs_token";
|
key = "hookshot/hs_token";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -1,8 +1,8 @@
|
|||||||
{ config, lib, ... }:
|
{ config, lib, fp, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
sops.secrets."matrix/mjolnir/access_token" = {
|
sops.secrets."matrix/mjolnir/access_token" = {
|
||||||
sopsFile = ../../../../secrets/bicep/matrix.yaml;
|
sopsFile = fp /secrets/bicep/matrix.yaml;
|
||||||
key = "mjolnir/access_token";
|
key = "mjolnir/access_token";
|
||||||
owner = config.users.users.mjolnir.name;
|
owner = config.users.users.mjolnir.name;
|
||||||
group = config.users.users.mjolnir.group;
|
group = config.users.users.mjolnir.group;
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
{ config, lib, pkgs, values, inputs, ... }:
|
{ config, lib, fp, pkgs, values, inputs, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.services.matrix-synapse-next;
|
cfg = config.services.matrix-synapse-next;
|
||||||
@ -10,13 +10,13 @@ let
|
|||||||
in {
|
in {
|
||||||
sops.secrets."matrix/synapse/signing_key" = {
|
sops.secrets."matrix/synapse/signing_key" = {
|
||||||
key = "synapse/signing_key";
|
key = "synapse/signing_key";
|
||||||
sopsFile = ../../../../secrets/bicep/matrix.yaml;
|
sopsFile = fp /secrets/bicep/matrix.yaml;
|
||||||
owner = config.users.users.matrix-synapse.name;
|
owner = config.users.users.matrix-synapse.name;
|
||||||
group = config.users.users.matrix-synapse.group;
|
group = config.users.users.matrix-synapse.group;
|
||||||
};
|
};
|
||||||
|
|
||||||
sops.secrets."matrix/synapse/user_registration" = {
|
sops.secrets."matrix/synapse/user_registration" = {
|
||||||
sopsFile = ../../../../secrets/bicep/matrix.yaml;
|
sopsFile = fp /secrets/bicep/matrix.yaml;
|
||||||
key = "synapse/signing_key";
|
key = "synapse/signing_key";
|
||||||
owner = config.users.users.matrix-synapse.name;
|
owner = config.users.users.matrix-synapse.name;
|
||||||
group = config.users.users.matrix-synapse.group;
|
group = config.users.users.matrix-synapse.group;
|
||||||
|
@ -1,16 +1,16 @@
|
|||||||
{ config, pkgs, values, ... }:
|
{ config, fp, pkgs, values, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
# Include the results of the hardware scan.
|
# Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../base
|
(fp /base)
|
||||||
../../misc/metrics-exporters.nix
|
(fp /misc/metrics-exporters.nix)
|
||||||
./disks.nix
|
./disks.nix
|
||||||
|
|
||||||
../../misc/builder.nix
|
(fp /misc/builder.nix)
|
||||||
];
|
];
|
||||||
|
|
||||||
sops.defaultSopsFile = ../../secrets/bob/bob.yaml;
|
sops.defaultSopsFile = fp /secrets/bob/bob.yaml;
|
||||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
||||||
sops.age.generateKey = true;
|
sops.age.generateKey = true;
|
||||||
|
@ -1,10 +1,10 @@
|
|||||||
{ config, pkgs, values, ... }:
|
{ config, fp, pkgs, values, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
# Include the results of the hardware scan.
|
# Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../base
|
(fp /base)
|
||||||
../../misc/metrics-exporters.nix
|
(fp /misc/metrics-exporters.nix)
|
||||||
|
|
||||||
./services/grzegorz.nix
|
./services/grzegorz.nix
|
||||||
];
|
];
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
{ config, ... }:
|
{ config, fp, ... }:
|
||||||
{
|
{
|
||||||
imports = [ ../../../modules/grzegorz.nix ];
|
imports = [ (fp /modules/grzegorz.nix) ];
|
||||||
|
|
||||||
services.nginx.virtualHosts."${config.networking.fqdn}" = {
|
services.nginx.virtualHosts."${config.networking.fqdn}" = {
|
||||||
serverAliases = [
|
serverAliases = [
|
||||||
|
@ -1,12 +1,12 @@
|
|||||||
{ config, pkgs, values, ... }:
|
{ config, fp, pkgs, values, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
# Include the results of the hardware scan.
|
# Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../base
|
(fp /base)
|
||||||
../../misc/metrics-exporters.nix
|
(fp /misc/metrics-exporters.nix)
|
||||||
|
|
||||||
../../modules/grzegorz.nix
|
(fp /modules/grzegorz.nix)
|
||||||
];
|
];
|
||||||
|
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
@ -1,16 +1,16 @@
|
|||||||
{ config, pkgs, lib, values, ... }:
|
{ config, fp, pkgs, lib, values, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
# Include the results of the hardware scan.
|
# Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../base
|
(fp /base)
|
||||||
../../misc/metrics-exporters.nix
|
(fp /misc/metrics-exporters.nix)
|
||||||
|
|
||||||
./services/monitoring
|
./services/monitoring
|
||||||
./services/nginx
|
./services/nginx
|
||||||
];
|
];
|
||||||
|
|
||||||
sops.defaultSopsFile = ../../secrets/ildkule/ildkule.yaml;
|
sops.defaultSopsFile = fp /secrets/ildkule/ildkule.yaml;
|
||||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
||||||
sops.age.generateKey = true;
|
sops.age.generateKey = true;
|
||||||
|
43
hosts/kvernberg/configuration.nix
Normal file
43
hosts/kvernberg/configuration.nix
Normal file
@ -0,0 +1,43 @@
|
|||||||
|
{ config, fp, pkgs, values, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
# Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
(fp /base)
|
||||||
|
(fp /misc/metrics-exporters.nix)
|
||||||
|
|
||||||
|
./disks.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
sops.defaultSopsFile = fp /secrets/kvernberg/kvernberg.yaml;
|
||||||
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
|
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
||||||
|
sops.age.generateKey = true;
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
networking.hostName = "kvernberg"; # Define your hostname.
|
||||||
|
|
||||||
|
systemd.network.networks."30-all" = values.defaultNetworkConfig // {
|
||||||
|
matchConfig.Name = "en*";
|
||||||
|
address = with values.hosts.kvernberg; [ (ipv4 + "/25") (ipv6 + "/64") ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# List packages installed in system profile
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
|
||||||
|
];
|
||||||
|
|
||||||
|
# No devices with SMART
|
||||||
|
services.smartd.enable = false;
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "24.05"; # Did you read the comment?
|
||||||
|
|
||||||
|
}
|
39
hosts/kvernberg/disks.nix
Normal file
39
hosts/kvernberg/disks.nix
Normal file
@ -0,0 +1,39 @@
|
|||||||
|
# Example to create a bios compatible gpt partition
|
||||||
|
{ lib, ... }:
|
||||||
|
{
|
||||||
|
disko.devices = {
|
||||||
|
disk.disk1 = {
|
||||||
|
device = lib.mkDefault "/dev/sda";
|
||||||
|
type = "disk";
|
||||||
|
content = {
|
||||||
|
type = "gpt";
|
||||||
|
partitions = {
|
||||||
|
boot = {
|
||||||
|
name = "boot";
|
||||||
|
size = "1M";
|
||||||
|
type = "EF02";
|
||||||
|
};
|
||||||
|
esp = {
|
||||||
|
name = "ESP";
|
||||||
|
size = "500M";
|
||||||
|
type = "EF00";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "vfat";
|
||||||
|
mountpoint = "/boot";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
root = {
|
||||||
|
name = "root";
|
||||||
|
size = "100%";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "ext4";
|
||||||
|
mountpoint = "/";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
26
hosts/kvernberg/hardware-configuration.nix
Normal file
26
hosts/kvernberg/hardware-configuration.nix
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
swapDevices = [ ];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
}
|
11
hosts/kvernberg/services/pvvvvvv/default.nix
Normal file
11
hosts/kvernberg/services/pvvvvvv/default.nix
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
{
|
||||||
|
imports = [
|
||||||
|
./exchange.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
services.taler = {
|
||||||
|
settings = {
|
||||||
|
taler.CURRENCY = "SCHPENN";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
40
hosts/kvernberg/services/pvvvvvv/exchange.nix
Normal file
40
hosts/kvernberg/services/pvvvvvv/exchange.nix
Normal file
@ -0,0 +1,40 @@
|
|||||||
|
{ config, lib, fp, pkgs, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.services.taler;
|
||||||
|
inherit (cfg.settings) CURRENCY;
|
||||||
|
|
||||||
|
sops.secrets.exchange-offline-master = {
|
||||||
|
format = "binary";
|
||||||
|
sopsFile = fp /secrets/kvernberg/exhange-offline-master.priv;
|
||||||
|
};
|
||||||
|
|
||||||
|
{
|
||||||
|
|
||||||
|
services.taler.exchange = {
|
||||||
|
enable = true;
|
||||||
|
debug = true;
|
||||||
|
openFirwall = true;
|
||||||
|
denominationConfig = ''
|
||||||
|
[COIN-${CURRENCY}-k1-1-0]
|
||||||
|
VALUE = ${CURRENCY}:1
|
||||||
|
DURATION_WITHDRAW = 7 days
|
||||||
|
DURATION_SPEND = 1 years
|
||||||
|
DURATION_LEGAL = 3 years
|
||||||
|
FEE_WITHDRAW = ${CURRENCY}:0
|
||||||
|
FEE_DEPOSIT = ${CURRENCY}:0
|
||||||
|
FEE_REFRESH = ${CURRENCY}:0
|
||||||
|
FEE_REFUND = ${CURRENCY}:0
|
||||||
|
RSA_KEYSIZE = 2048
|
||||||
|
CIPHER = RSA
|
||||||
|
'';
|
||||||
|
settings = {
|
||||||
|
exchange = {
|
||||||
|
MASTER_PUBLIC_KEY = "J331T37C8E58P9CVE686P1JFH11DWSRJ3RE4GVDTXKES9M24ERZG";
|
||||||
|
BASE_URL = "http://kvernberg.pvv.ntnu.no:8081/";
|
||||||
|
};
|
||||||
|
exchange-offline = {
|
||||||
|
MASTER_PRIV_FILE = config.sops.secrets.exchange-offline-master.path;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
@ -1,13 +1,13 @@
|
|||||||
{ config, pkgs, values, ... }:
|
{ config, fp, pkgs, values, ... }:
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
# Include the results of the hardware scan.
|
# Include the results of the hardware scan.
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
../../base
|
(fp /base)
|
||||||
../../misc/metrics-exporters.nix
|
(fp /misc/metrics-exporters.nix)
|
||||||
];
|
];
|
||||||
|
|
||||||
sops.defaultSopsFile = ../../secrets/shark/shark.yaml;
|
sops.defaultSopsFile = fp /secrets/shark/shark.yaml;
|
||||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||||
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
||||||
sops.age.generateKey = true;
|
sops.age.generateKey = true;
|
||||||
|
24
secrets/kvernberg/exhange-offline-master.priv
Normal file
24
secrets/kvernberg/exhange-offline-master.priv
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
{
|
||||||
|
"data": "ENC[AES256_GCM,data:dhVo1B+ZG1B6s0bTLgph4ipPmi0mveaObbJAffDQbpY=,iv:P5plvu4DQYa99cQZQ6B/gEFcSffu3lTY3+Z80Cfoj94=,tag:4xcqCbn6fFSmCbYmmEgQEg==,type:str]",
|
||||||
|
"sops": {
|
||||||
|
"kms": null,
|
||||||
|
"gcp_kms": null,
|
||||||
|
"azure_kv": null,
|
||||||
|
"hc_vault": null,
|
||||||
|
"age": [
|
||||||
|
{
|
||||||
|
"recipient": "age19rlntxt0m27waa0n288g9wgpksa6ndlzz8eneeqya7w3zd7may0sqzhcvz",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5MzVHSE15Nk9MODQxc2g0\nbHlqNmFKclBYbUNKQTNUOGo0VThiaEZTVzJFCmU2YkYwMXlyeHM3ZzAxOWZpa3k4\nUUJLanVFbkNMa25RcGZmOTBsVmtzazQKLS0tIE1sTTBqT3VJMDFOYXl0T1JvcDRV\nRFpsZGNOZzFzMFc3YzcxeXdIK1d6QUUKzy0n7DJsOmrNvU03Tn6Zcj/l/kAylzzP\nhNnFLXfStdKl3A/qrzBPhTVbYD73yFkZuQ+bDr7/IMsHAmDsztuA9g==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"recipient": "age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq",
|
||||||
|
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnbEdBWjdEbmtNYWJHQnFj\nSU1yb0NYVG4xVlZkYTdUWUpDcGdmbFF6U1NrCjBlWFZkcC9FMVJLYUtDNlBTUWcw\nNHBwWFNESDBQQmJNb3NDN2tDekM4eUUKLS0tICtMVGc1L2JFQ1BqKzM3eWFPRmRQ\nWXlQUWpvdUdOUlZ1OFhtS0ErL0JKSlUKzxLKbsnXvEqnR2HVsTxNqmM7YPjWfCjG\nZ4Bf046NdseomkNuTvWuPzjzPTe4GvjudMYc4ODchkIMOo6hXyf5kw==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||||
|
}
|
||||||
|
],
|
||||||
|
"lastmodified": "2024-11-17T01:12:23Z",
|
||||||
|
"mac": "ENC[AES256_GCM,data:aXIM/pmgVmfNSa+PwpfK6Efh/kCWXUqZNcKLkyhRwl++vaIBQUIQgQjv09hWHOF77V3ZjRQjh2E1uNe2baBLEmrDT5Au+7VABW+j49KX/vKMd+1l4w47l3DukOVnoo50bsOQFtH+amSl2P2imxpO15sjVDu9/nUeu2qXrtbIUh8=,iv:BQVs3P9p86uzTH2BfuSOxycpE6di4ZIwSz7OTZdcQPg=,tag:mT4Ek8dDbVINGp4Odt62zw==,type:str]",
|
||||||
|
"pgp": null,
|
||||||
|
"unencrypted_suffix": "_unencrypted",
|
||||||
|
"version": "3.9.1"
|
||||||
|
}
|
||||||
|
}
|
@ -60,6 +60,10 @@ in rec {
|
|||||||
ipv4 = pvv-ipv4 204;
|
ipv4 = pvv-ipv4 204;
|
||||||
ipv6 = pvv-ipv6 "1:4f"; # Wtf øystein og daniel why
|
ipv6 = pvv-ipv6 "1:4f"; # Wtf øystein og daniel why
|
||||||
};
|
};
|
||||||
|
kvernberg = {
|
||||||
|
ipv4 = pvv-ipv4 206;
|
||||||
|
ipv6 = pvv-ipv6 "1:206";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
defaultNetworkConfig = {
|
defaultNetworkConfig = {
|
||||||
|
Loading…
Reference in New Issue
Block a user