Compare commits

...

2 Commits

Author SHA1 Message Date
Oystein Kristoffer Tveit 9768db0eb8 WIP: bekkalokk: set up pvv-nettsiden
Eval nix flake / evals (push) Failing after 1m57s Details
2024-03-28 10:52:59 +01:00
Oystein Kristoffer Tveit c240dafcfe flake.nix: fix usage of common nixos module list 2024-03-24 02:20:44 +01:00
6 changed files with 97 additions and 45 deletions

View File

@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1710169806, "lastModified": 1711588700,
"narHash": "sha256-HeWFrRuHpnAiPmIr26OKl2g142HuGerwoO/XtW53pcI=", "narHash": "sha256-vBB5HoQVnA6c/UrDOhLXKAahEwSRccw2YXYHxD7qoi4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "fe064a639319ed61cdf12b8f6eded9523abcc498", "rev": "502241afa3de2a24865ddcbe4c122f4546e32092",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -82,11 +82,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1710248792, "lastModified": 1711569752,
"narHash": "sha256-yFyWw4na+nJgtXwhHs2SJSy5Lcw94/FcMbBOorlGdfI=", "narHash": "sha256-Fo+4/dRnDqdn4d2AKTZlHSa24Kj+qQLjT5WXOziu5UA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "efbb274f364c918b9937574de879b5874b5833cc", "rev": "fd9c477aaa7a4e033f3d966f658ddfb7d15e040c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -97,11 +97,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1710033658, "lastModified": 1711233294,
"narHash": "sha256-yiZiVKP5Ya813iYLho2+CcFuuHpaqKc/CoxOlANKcqM=", "narHash": "sha256-eEu5y4J145BYDw9o/YEmeJyqh8blgnZwuz9k234zuWc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b17375d3bb7c79ffc52f3538028b2ec06eb79ef8", "rev": "ac6bdf6181666ebb4f90dd20f31e2fa66ede6b68",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -113,11 +113,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1710247538, "lastModified": 1711572435,
"narHash": "sha256-Mm3aCwfAdYgG2zKf5SLRBktPH0swXN1yEetAMn05KAA=", "narHash": "sha256-O90CV8yeChD44TenDStUhOqcWAJ862ghfA7/l5jUTfk=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "21adc4f16a8ab151fec83b9d9368cd62d9de86bc", "rev": "38760f86d61431987e82108a6afb672e8a236bd8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -146,6 +146,27 @@
"url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git" "url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git"
} }
}, },
"pvv-nettsiden": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1711619095,
"narHash": "sha256-tgCBZe0+PBh8GQEnEX9EKNTESLx6eo6ToB+OMLrJEpM=",
"ref": "nixify-ng",
"rev": "321846d2dac2d56999ebd3833ca51b19c1e7d83d",
"revCount": 442,
"type": "git",
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
},
"original": {
"ref": "nixify-ng",
"type": "git",
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
}
},
"root": { "root": {
"inputs": { "inputs": {
"disko": "disko", "disko": "disko",
@ -155,6 +176,7 @@
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"pvv-calendar-bot": "pvv-calendar-bot", "pvv-calendar-bot": "pvv-calendar-bot",
"pvv-nettsiden": "pvv-nettsiden",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
} }
}, },
@ -166,11 +188,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1710195194, "lastModified": 1711249319,
"narHash": "sha256-KFxCJp0T6TJOz1IOKlpRdpsCr9xsvlVuWY/VCiAFnTE=", "narHash": "sha256-N+Pp3/8H+rd7cO71VNV/ovV/Kwt+XNeUHNhsmyTabdM=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "e52d8117b330f690382f1d16d81ae43daeb4b880", "rev": "405987a66cce9a4a82f321f11b205982a7127c88",
"type": "github" "type": "github"
}, },
"original": { "original": {

View File

@ -11,6 +11,9 @@
disko.url = "github:nix-community/disko"; disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs"; disko.inputs.nixpkgs.follows = "nixpkgs";
pvv-nettsiden.url = "git+https://git.pvv.ntnu.no/Projects/nettsiden.git?ref=nixify-ng";
pvv-nettsiden.inputs.nixpkgs.follows = "nixpkgs";
pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git"; pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git";
pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs"; pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
@ -23,7 +26,7 @@
grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs"; grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";
}; };
outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, disko, ... }@inputs: outputs = { self, nixpkgs, nixpkgs-unstable, pvv-nettsiden, sops-nix, disko, ... }@inputs:
let let
nixlib = nixpkgs.lib; nixlib = nixpkgs.lib;
systems = [ systems = [
@ -53,16 +56,17 @@
modules = [ modules = [
./hosts/${name}/configuration.nix ./hosts/${name}/configuration.nix
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
]; ] ++ config.modules or [];
pkgs = import nixpkgs { pkgs = import nixpkgs {
inherit system; inherit system;
overlays = [ overlays = [
inputs.pvv-calendar-bot.overlays.${system}.default inputs.pvv-calendar-bot.overlays.${system}.default
inputs.pvv-nettsiden.overlays.${system}.default
]; ];
}; };
} }
config (removeAttrs config [ "modules" ])
); );
stableNixosConfig = nixosConfig nixpkgs; stableNixosConfig = nixosConfig nixpkgs;
@ -70,19 +74,17 @@
in { in {
bicep = stableNixosConfig "bicep" { bicep = stableNixosConfig "bicep" {
modules = [ modules = [
./hosts/bicep/configuration.nix
sops-nix.nixosModules.sops
inputs.matrix-next.nixosModules.default inputs.matrix-next.nixosModules.default
inputs.pvv-calendar-bot.nixosModules.default inputs.pvv-calendar-bot.nixosModules.default
]; ];
}; };
bekkalokk = stableNixosConfig "bekkalokk" { }; bekkalokk = stableNixosConfig "bekkalokk" {
modules = [
inputs.pvv-nettsiden.nixosModules.default
];
};
bob = stableNixosConfig "bob" { bob = stableNixosConfig "bob" {
modules = [ modules = [
./hosts/bob/configuration.nix
sops-nix.nixosModules.sops
disko.nixosModules.disko disko.nixosModules.disko
{ disko.devices.disk.disk1.device = "/dev/vda"; } { disko.devices.disk.disk1.device = "/dev/vda"; }
]; ];
@ -93,28 +95,17 @@
brzeczyszczykiewicz = stableNixosConfig "brzeczyszczykiewicz" { brzeczyszczykiewicz = stableNixosConfig "brzeczyszczykiewicz" {
modules = [ modules = [
./hosts/brzeczyszczykiewicz/configuration.nix
sops-nix.nixosModules.sops
inputs.grzegorz.nixosModules.grzegorz-kiosk inputs.grzegorz.nixosModules.grzegorz-kiosk
inputs.grzegorz-clients.nixosModules.grzegorz-webui inputs.grzegorz-clients.nixosModules.grzegorz-webui
]; ];
}; };
georg = stableNixosConfig "georg" { georg = stableNixosConfig "georg" {
modules = [ modules = [
./hosts/georg/configuration.nix
sops-nix.nixosModules.sops
inputs.grzegorz.nixosModules.grzegorz-kiosk inputs.grzegorz.nixosModules.grzegorz-kiosk
inputs.grzegorz-clients.nixosModules.grzegorz-webui inputs.grzegorz-clients.nixosModules.grzegorz-webui
]; ];
}; };
buskerud = stableNixosConfig "buskerud" { buskerud = stableNixosConfig "buskerud" { };
modules = [
./hosts/buskerud/configuration.nix
sops-nix.nixosModules.sops
];
};
}; };
devShells = forAllSystems (system: { devShells = forAllSystems (system: {

View File

@ -9,7 +9,7 @@
#./services/keycloak.nix #./services/keycloak.nix
# TODO: set up authentication for the following: # TODO: set up authentication for the following:
# ./services/website.nix ./services/website.nix
./services/nginx ./services/nginx
./services/gitea/default.nix ./services/gitea/default.nix
./services/webmail ./services/webmail

View File

@ -1,8 +1,8 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
services.nginx.virtualHosts = { services.nginx.virtualHosts = {
"www2.pvv.ntnu.no" = { "pvv.ntnu.no" = {
serverAliases = [ "www2.pvv.org" "pvv.ntnu.no" "pvv.org" ]; serverAliases = [ "pvv.org" ];
addSSL = true; addSSL = true;
enableACME = true; enableACME = true;

View File

@ -1,4 +1,39 @@
{ ... }: { pkgs, lib, config, ... }:
{ let
format = pkgs.formats.php { };
cfg = config.services.pvv-nettsiden;
in {
services.pvv-nettsiden = {
enable = true;
domainName = "www2.pvv.ntnu.no";
settings = {
DOOR_SECRET = "verysecret";
DB = {
DSN = "mysql:dbname=www_data_www2;host=mysql.pvv.ntnu.no";
USER = "www-data_www2";
PASS = format.lib.mkRaw "file_get_contents('${config.sops.secrets."nettsiden/database/password".path}')";
};
SAML = {
COOKIE_SALT = "changeme";
COOKIE_SECURE = true;
ADMIN_PASSWORD = "torskefjes";
TRUSTED_DOMAINS = [ cfg.domainName ];
};
};
};
services.phpfpm.pools."pvv-nettsiden".settings = {
# "php_admin_value[error_log]" = "stderr";
"php_admin_flag[log_errors]" = true;
"catch_workers_output" = true;
};
sops.secrets."nettsiden/database/password" = {
owner = config.services.phpfpm.pools.pvv-nettsiden.user;
group = config.services.phpfpm.pools.pvv-nettsiden.group;
};
} }

View File

@ -13,6 +13,9 @@ mediawiki:
database: ENC[AES256_GCM,data:EvVK3Mo6cZiIZS+gTxixU4r9SXN41VqwaWOtortZRNH+WPJ4xcYvzYMJNg==,iv:JtFTRLn3fzKIfgAPRqRgQjct7EdkEHtiyQKPy8/sZ2Q=,tag:nqzseG6BC0X5UNI/3kZZ3A==,type:str] database: ENC[AES256_GCM,data:EvVK3Mo6cZiIZS+gTxixU4r9SXN41VqwaWOtortZRNH+WPJ4xcYvzYMJNg==,iv:JtFTRLn3fzKIfgAPRqRgQjct7EdkEHtiyQKPy8/sZ2Q=,tag:nqzseG6BC0X5UNI/3kZZ3A==,type:str]
keycloak: keycloak:
database: ENC[AES256_GCM,data:76+AZnNR5EiturTP7BdOCKE90bFFkfGlRtviSP5NHxPbb3RfFPJEMlwtzA==,iv:nS7VTossHdlrHjPeethhX+Ysp9ukrb5JD7kjG28OFpY=,tag:OMpiEv9nQA7v6lWJfNxEEw==,type:str] database: ENC[AES256_GCM,data:76+AZnNR5EiturTP7BdOCKE90bFFkfGlRtviSP5NHxPbb3RfFPJEMlwtzA==,iv:nS7VTossHdlrHjPeethhX+Ysp9ukrb5JD7kjG28OFpY=,tag:OMpiEv9nQA7v6lWJfNxEEw==,type:str]
nettsiden:
database:
password: ENC[AES256_GCM,data:6jYD6RM+bkWyMxQKaDXhTX/S,iv:3RILCebHs7E7LUX4B5DIM/E6qRWBh8a1Z94YcDZNQdc=,tag:FLW4dQ9DbVeOkjax4aiv3w==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -46,8 +49,8 @@ sops:
akVjeTNTeGorZjJQOVlMeCtPRUVYL3MK+VMvGxrbzGz4Q3sdaDDWjal+OiK+JYKX akVjeTNTeGorZjJQOVlMeCtPRUVYL3MK+VMvGxrbzGz4Q3sdaDDWjal+OiK+JYKX
GHiMXVHQJZu/RrlxMjHKN6V3iaqxZpuvLAEJ2Lzy5EOHPtuiiRyeHQ== GHiMXVHQJZu/RrlxMjHKN6V3iaqxZpuvLAEJ2Lzy5EOHPtuiiRyeHQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-17T02:02:24Z" lastmodified: "2024-03-23T20:46:37Z"
mac: ENC[AES256_GCM,data:Lkvj9UOdE/WZtFReMs6n8ucFuJNPb76ZhPHFpYAEqYEe8d9FdMPMzq05DBAJe9IqpFS0jc9SWxJUPHfGgoMR8nPciZuR/mpJ+4s/cRkPbApwBPcLlvatE/qkbcxzoLlb1vN0gth5G/U7UEfk5Pp9gIz6Yo4sEIS3Za42tId1MpI=,iv:s3VELgU/RJ98/lbQV3vPtOLXtwFzB3KlY7bMKbAzp/g=,tag:D8s0XyGnd8UhbCseB/TyFg==,type:str] mac: ENC[AES256_GCM,data:Du1usETRD5lzf4QS3jCQZ8UZRNxdydZID8AI8Y1+YtmX66pszzLTNdzlzvid5fVRi1LFS7gSJfcIcfSPKTv20zeo/qzM5qhUoM9X8JOr+m0+FmjrmBJKnEqBvP7qOysBLZinR+pfr6RiR0tJMTWcmQp9k4q/wTeCU9Aaoz3OXr8=,iv:dCvzA1MOiid8WiIijznf0vvF6i9V9ZDSzvwfRONMN/M=,tag:qCN6RxvQ8wZIcUqwI0jU6g==,type:str]
pgp: pgp:
- created_at: "2023-05-21T00:28:40Z" - created_at: "2023-05-21T00:28:40Z"
enc: | enc: |
@ -70,4 +73,5 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: F7D37890228A907440E1FD4846B9228E814A2AAC fp: F7D37890228A907440E1FD4846B9228E814A2AAC
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.7.3 version: 3.8.1