Drift/pvv-nixos-config
17
5
Fork 2
Code Issues Pull Requests 9 Actions Wiki Activity

Compare commits

base: Drift:deploy-doorbell
Branches Tags
Drift:main Drift:minecraft-heatmap Drift:fix-import-gitea-users-script Drift:gitea-runners-secrets Drift:gitea-runners-cluster Drift:25.05 Drift:new_nodes Drift:ooye Drift:grg-ip Drift:nom Drift:add-skrott Drift:pvvvvv Drift:setup-git-mirroring-on-bicep Drift:init-bakke Drift:gitea-show-license-in-list-view Drift:nix-topology Drift:gitea-robots-txt Drift:dagali-heimdal-openldap-sasl-stack Drift:gitea-navbar-get-started Drift:backup-databases Drift:openwebui Drift:setup-openvpn-tunnel Drift:gitea-gpg-signing Drift:sleipner-authorised-keys Drift:openstack-image-builder Drift:elysium Drift:smartd-notifs Drift:systemd-journald-remote Drift:skrot Drift:deploy-doorbell Drift:misc-gitea-fixes Drift:spotifyd Drift:remote Drift:setup-bikkje-login Drift:ozai-prod Drift:add-bluemap Drift:ozai Drift:setup-postfix-for-service-machines Drift:fix-gitea-ci-runner-network-issues Drift:heimdal-openldap-sasl-testing-on-salsa-on-buskerud Drift:gitea-metrics Drift:misc1 Drift:add-simple-saml-theme Drift:misc-extra-gitea-setup Drift:setup-kerberos Drift:setup-home-areas Drift:shark-kanidm Drift:prometheusexim
..
compare: Drift:skrot
Branches Tags
Drift:main Drift:minecraft-heatmap Drift:fix-import-gitea-users-script Drift:gitea-runners-secrets Drift:gitea-runners-cluster Drift:25.05 Drift:new_nodes Drift:ooye Drift:grg-ip Drift:nom Drift:add-skrott Drift:pvvvvv Drift:setup-git-mirroring-on-bicep Drift:init-bakke Drift:gitea-show-license-in-list-view Drift:nix-topology Drift:gitea-robots-txt Drift:dagali-heimdal-openldap-sasl-stack Drift:gitea-navbar-get-started Drift:backup-databases Drift:openwebui Drift:setup-openvpn-tunnel Drift:gitea-gpg-signing Drift:sleipner-authorised-keys Drift:openstack-image-builder Drift:elysium Drift:smartd-notifs Drift:systemd-journald-remote Drift:skrot Drift:deploy-doorbell Drift:misc-gitea-fixes Drift:spotifyd Drift:remote Drift:setup-bikkje-login Drift:ozai-prod Drift:add-bluemap Drift:ozai Drift:setup-postfix-for-service-machines Drift:fix-gitea-ci-runner-network-issues Drift:heimdal-openldap-sasl-testing-on-salsa-on-buskerud Drift:gitea-metrics Drift:misc1 Drift:add-simple-saml-theme Drift:misc-extra-gitea-setup Drift:setup-kerberos Drift:setup-home-areas Drift:shark-kanidm Drift:prometheusexim

1 Commits
deploy-doo ... skrot

Author SHA1 Message Date
h7x4
5093e85b0c WIP 2024-08-26 20:57:12 +02:00
7 changed files with 84 additions and 49 deletions
Expand all files Collapse all files

77
flake.lock generated
View File

@@ -1,5 +1,26 @@
{
"nodes": {
"dibbler": {
"inputs": {
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1693682284,
"narHash": "sha256-FvVCkHH80YyUiqQlnGNr49rZRBniihF6YRpytguEkFQ=",
"ref": "refs/heads/master",
"rev": "8a6a0c12ba37e239684d2de1be12fd73903cfb2c",
"revCount": 193,
"type": "git",
"url": "https://git.pvv.ntnu.no/Projects/dibbler.git"
},
"original": {
"type": "git",
"url": "https://git.pvv.ntnu.no/Projects/dibbler.git"
}
},
"disko": {
"inputs": {
"nixpkgs": [
@@ -22,7 +43,7 @@
},
"fix-python": {
"inputs": {
"flake-utils": "flake-utils",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"grzegorz",
"nixpkgs"
@@ -46,6 +67,24 @@
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1692799911,
"narHash": "sha256-3eihraek4qL744EvQXsK1Ha6C3CR7nnT8X2qWap4RNk=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "f9e7cf818399d17d347f847525c5a5a8032e4e44",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
"locked": {
"lastModified": 1689068808,
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
@@ -207,25 +246,6 @@
"url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git"
}
},
"pvv-doorbell-bot": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"dirtyRev": "cec320746bbf5b5bc6618a145c1a997ebd0b5196-dirty",
"dirtyShortRev": "cec3207-dirty",
"lastModified": 1724515328,
"narHash": "sha256-Vj3ZJkCaLq+6d1LJtl7Hg5f7XV4NDPeNC1xEyu9QkOI=",
"type": "git",
"url": "file:///home/felixalb/doorbell-matrix-bot"
},
"original": {
"type": "git",
"url": "file:///home/felixalb/doorbell-matrix-bot"
}
},
"pvv-nettsiden": {
"inputs": {
"nixpkgs": [
@@ -248,6 +268,7 @@
},
"root": {
"inputs": {
"dibbler": "dibbler",
"disko": "disko",
"grzegorz": "grzegorz",
"grzegorz-clients": "grzegorz-clients",
@@ -256,7 +277,6 @@
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable",
"pvv-calendar-bot": "pvv-calendar-bot",
"pvv-doorbell-bot": "pvv-doorbell-bot",
"pvv-nettsiden": "pvv-nettsiden",
"sops-nix": "sops-nix"
}
@@ -296,6 +316,21 @@
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",

15
flake.nix
View File

@@ -17,9 +17,8 @@
pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git";
pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
pvv-doorbell-bot.url = "git+https://git.pvv.ntnu.no/Projects/doorbell-matrix-bot.git";
#pvv-doorbell-bot.url = "git+file:///home/felixalb/doorbell-matrix-bot";
pvv-doorbell-bot.inputs.nixpkgs.follows = "nixpkgs";
dibbler.url = "git+https://git.pvv.ntnu.no/Projects/dibbler.git";
dibbler.inputs.nixpkgs.follows = "nixpkgs";
matrix-next.url = "github:dali99/nixos-matrix-modules/v0.6.0";
matrix-next.inputs.nixpkgs.follows = "nixpkgs";
@@ -85,11 +84,9 @@
modules = [
inputs.matrix-next.nixosModules.default
inputs.pvv-calendar-bot.nixosModules.default
inputs.pvv-doorbell-bot.nixosModules.default
];
overlays = [
inputs.pvv-calendar-bot.overlays.x86_64-linux.default
inputs.pvv-doorbell-bot.overlays.x86_64-linux.default
];
};
bekkalokk = stableNixosConfig "bekkalokk" {
@@ -130,6 +127,13 @@
];
};
buskerud = stableNixosConfig "buskerud" { };
skrott = stableNixosConfig "skrott" {
system = "aarch64-linux";
modules = [
(nixpkgs + "/nixos/modules/installer/sd-card/sd-image-aarch64.nix")
inputs.dibbler.nixosModules.default
];
};
};
nixosModules = {
@@ -153,6 +157,7 @@
simplesamlphp = pkgs.callPackage ./packages/simplesamlphp { };
skrot = self.nixosConfigurations.skrott.config.system.build.sdImage;
} //
(nixlib.pipe null [
(_: pkgs.callPackage ./packages/mediawiki-extensions { })

5
hosts/bicep/configuration.nix
View File

@@ -9,11 +9,10 @@
./acmeCert.nix
./services/calendar-bot.nix
./services/doorbell-bot.nix
./services/mysql.nix
./services/mysql.nix
./services/postgres.nix
./services/mysql.nix
./services/calendar-bot.nix
./services/matrix
];

16
hosts/bicep/services/doorbell-bot.nix
View File

@@ -1,16 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.services.pvv-doorbell-bot;
in {
sops.secrets."doorbell-bot/config-json" = {
owner = cfg.user;
group = cfg.group;
};
services.pvv-doorbell-bot = {
enable = true;
settings = {
configFile = config.sops.secrets."doorbell-bot/config-json".path;
};
};
}

10
hosts/skrott/configuration.nix Normal file
View File

@@ -0,0 +1,10 @@
{ lib, values, ... }: {
system.stateVersion = "22.05";
systemd.network.networks."30-all" = values.defaultNetworkConfig // {
matchConfig.Name = "eth0";
address = with values.hosts.skrott; [ (ipv4 + "/25") (ipv6 + "/64") ];
};
networking.hostName = lib.mkForce "skrot";
}

6
secrets/bicep/bicep.yaml
View File

@@ -1,8 +1,6 @@
calendar-bot:
matrix_token: ENC[AES256_GCM,data:zJv9sw6pEzb9hxKT682wsD87HC9iejbps2wl2Z5QW1XZUSBHdcqyg1pxd+jFKTeKGQ==,iv:zDbvF1H98NsECjCtGXS+Y9HIhXowzz9HF9mltqnArog=,tag:/ftcOSQ13ElkVJBxYIMUGQ==,type:str]
mysql_password: ENC[AES256_GCM,data:Gqag8yOgPH3ntoT5TmaqJWv1j+si2qIyz5Ryfw5E2A==,iv:kQDcxnPfwJQcFovI4f87UDt18F8ah3z5xeY86KmdCyY=,tag:A1sCSNXJziAmtUWohqwJgg==,type:str]
doorbell-bot:
config-json: ENC[AES256_GCM,data:QNFHiUqaBWfW9ZRAkZo9M18AMbn/oSxvEMq1N1NsDcBjxJMo/OE36fz1Uf4TagGccCDkWy56wSVSFZm8KZnXVaQ/X0EgJkUK1JZyR7i5yiEW8ByLaVzThMWBwxQoj2cz48z53krzfddyl250rLFQRa7Fco74yTFfBWruf/1clN5O/iHFspeW7uJtQh/oyFIVb87YisjKU2+jpU3IeDNsO6VFWOoOJd+ACmfwsAY0wOz5lzBEIrdU2k/PMgSVzECMV4S5ipwIUmVUpGzbvgAWZQGtsUeVevAbvZ1QgyH6bhDIUheeUrOKN0cbgEMc/xIi7yZ+VWHOMBqb8LkyBvunG2TjK31B1HAGL/krBS+gvvQnW0ZN,iv:K0djdxNOGaHBkE4vyh/22fruAHVsZYVT68cdVoMmogw=,tag:3fjjzD3bghvGy3aZ7/Ienw==,type:str]
mysql:
password: ENC[AES256_GCM,data:KqEe0TVdeMIzPKsmFg9x0X9xWijnOk306ycyXTm2Tpqo/O0F,iv:Y+hlQ8n1ZIP9ncXBzd2kCSs/DWVTWhiEluFVwZFKRCA=,tag:xlaUk0Wftk62LpYE5pKNQw==,type:str]
sops:
@@ -65,8 +63,8 @@ sops:
cTh5bnJ3WW90aXRCSUp6NHFYeU1tZ0kK4afdtJwGNu6wLRI0fuu+mBVeqVeB0rgX
0q5hwyzjiRnHnyjF38CmcGgydSfDRmF6P+WIMbCwXC6LwfRhAmBGPg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-24T16:49:06Z"
mac: ENC[AES256_GCM,data:A5pYM3yNt5GdlvpdDbRXxQwUccC/dr5JZwPBMjjx4ZRaJMbewpmGL/ySITnsCEuxOG1cagc1S28ti8k3z0bR4rfFlt/fZ93K8uwI9rT6KW5pSEAa1vPEz8Jq+7asfJIBMCpxFxN704JDSeOnBMaSHwQdICdmG4jfN/F+YbXTPIA=,iv:Y6gloFlYtnJZ3kzcUtZZZmJQ8KowQ29pwZaqo/ePrm8=,tag:r8XFLU5PGMr3U3K0N0cmlQ==,type:str]
lastmodified: "2024-08-15T21:18:33Z"
mac: ENC[AES256_GCM,data:uR5HgeDAYqoqB9kk1V6p0T30+v6WpQJi4+qIeCDRnoUPnQKUVR10hvBhICck+E+Uh8p+tGhM6Uf3YrAJAV0ZCUiNJjtwDJQQLUDT53vdOAXN4xADCQqNuhgVwVMaruoTheEiwOswRuhFeEwy0gBj3Ze2pu47lueHYclmEzumLeQ=,iv:t0UyXN2YaR2m7M/pV2wTLJG5wVfqTIUs7wSQMmyeTVw=,tag:O7dIffzrDAXz3kGx5uazhw==,type:str]
pgp:
- created_at: "2024-08-04T00:03:40Z"
enc: |-

4
values.nix
View File

@@ -63,6 +63,10 @@ in rec {
ipv4 = pvv-ipv4 231;
ipv6 = pvv-ipv6 231;
};
skrott = {
ipv4 = pvv-ipv4 235;
ipv6 = pvv-ipv6 235;
};
};
defaultNetworkConfig = {