Drift/pvv-nixos-config
Drift/pvv-nixos-config
16
4
Fork 1
Code Issues Pull Requests 6 Actions 1 Wiki Activity

Compare commits

base: Drift:ed620d7c6beb6b9c5e8d11c6e37e9cc8b13cdda0
Branches Tags
Drift:main
Drift:24.11
Drift:openwebui
Drift:setup-openvpn-tunnel
Drift:ustetind-gitea-runners
Drift:gitea-gpg-signing
Drift:pvvvvv
Drift:init-bakke
Drift:hookshot
Drift:disable-postgres-on-bekkalokk
Drift:sleipner-authorised-keys
Drift:sounding
Drift:retain-flake-inputs
Drift:openstack-image-builder
Drift:elysium
Drift:cleanup
Drift:fix-openstack-networking
Drift:systemd_exporter
Drift:backup-databases
Drift:smartd-notifs
Drift:systemd-journald-remote
Drift:skrot
Drift:deploy-doorbell
Drift:misc-gitea-fixes
Drift:run-vm
Drift:spotifyd
Drift:remote
Drift:nix-topology
Drift:dagali-heimdal-openldap-sasl-stack
Drift:setup-bikkje-login
Drift:ozai-prod
Drift:add-bluemap
Drift:ozai
Drift:setup-postfix-for-service-machines
Drift:fix-gitea-ci-runner-network-issues
Drift:heimdal-openldap-sasl-testing-on-salsa-on-buskerud
Drift:gitea-metrics
Drift:misc1
Drift:add-simple-saml-theme
Drift:misc-extra-gitea-setup
Drift:add-skrott
Drift:setup-kerberos
Drift:setup-home-areas
Drift:shark-kanidm
Drift:prometheusexim
...
compare: Drift:174e7c7d5904388bce82d70f9144314d5fd39230
Branches Tags
Drift:24.11
Drift:openwebui
Drift:main
Drift:setup-openvpn-tunnel
Drift:ustetind-gitea-runners
Drift:gitea-gpg-signing
Drift:pvvvvv
Drift:init-bakke
Drift:hookshot
Drift:disable-postgres-on-bekkalokk
Drift:sleipner-authorised-keys
Drift:sounding
Drift:retain-flake-inputs
Drift:openstack-image-builder
Drift:elysium
Drift:cleanup
Drift:fix-openstack-networking
Drift:systemd_exporter
Drift:backup-databases
Drift:smartd-notifs
Drift:systemd-journald-remote
Drift:skrot
Drift:deploy-doorbell
Drift:misc-gitea-fixes
Drift:run-vm
Drift:spotifyd
Drift:remote
Drift:nix-topology
Drift:dagali-heimdal-openldap-sasl-stack
Drift:setup-bikkje-login
Drift:ozai-prod
Drift:add-bluemap
Drift:ozai
Drift:setup-postfix-for-service-machines
Drift:fix-gitea-ci-runner-network-issues
Drift:heimdal-openldap-sasl-testing-on-salsa-on-buskerud
Drift:gitea-metrics
Drift:misc1
Drift:add-simple-saml-theme
Drift:misc-extra-gitea-setup
Drift:add-skrott
Drift:setup-kerberos
Drift:setup-home-areas
Drift:shark-kanidm
Drift:prometheusexim

32 Commits
ed620d7c6b ... 174e7c7d59

Author SHA1 Message Date
Daniel Olsen
174e7c7d59 init grzegorzes 2023-09-16 23:36:09 +02:00
Oystein Kristoffer Tveit
bc678b5d51 Merge pull request 'Bekkalokk: Enable podman' (#11) from add-gitea-ci into main 
Reviewed-on: #11
 2023-09-16 22:38:23 +02:00
Amalie Mansåker
ade2f6f5c9 Bekkalokk: Enable podman 2023-09-16 22:38:15 +02:00
Oystein Kristoffer Tveit
5c37b71646 Merge pull request 'Setup gitea action runner' (#10) from add-gitea-ci into main 
Reviewed-on: #10
 2023-09-16 22:31:22 +02:00
Amalie Mansåker
76f18b459c Setup gitea action runner 2023-09-16 22:26:44 +02:00
Oystein Kristoffer Tveit
97cd5a235f Merge pull request 'Gitea enabled actions' (#9) from add-gitea-ci into main 
Reviewed-on: #9
 2023-09-16 21:51:43 +02:00
Amalie Mansåker
e5fac39ce8 Enabled actions 2023-09-16 21:51:13 +02:00
Daniel Olsen
f53c0c6eb5 bicep/synapse: Move database configuration out of secrets 2023-09-16 21:38:39 +02:00
Oystein Kristoffer Tveit
d4bcdeb3b3 Merge pull request 'Added user amalieem' (#8) from add-gitea-ci into main 
Reviewed-on: #8
 2023-09-16 20:31:21 +02:00
Amalie Mansåker
b080ade4be Added user amalieem 2023-09-16 20:19:15 +02:00
Daniel Olsen
7cd5b42f12 bicep/matrix/synapse: use fewer connections 2023-09-13 11:02:52 +02:00
Daniel Olsen
816997b74f bicep/nginx: increase workers and enable modern compression 
Should decrease latency
 2023-09-13 11:01:09 +02:00
Daniel Olsen
06322a26fc bicep/postgres: enable jit again, make more memory available 2023-09-13 05:22:23 +02:00
Daniel Olsen
a58101bfbc Remove deprecated hosts and clean up 2023-09-13 05:03:57 +02:00
Daniel Olsen
57d1dfd121 flake update 2023-09-13 05:01:18 +02:00
Daniel Olsen
d3b363b028 bicep: Remove deprecated grub version option 2023-09-13 04:54:46 +02:00
Daniel Olsen
4a6ea9be2d bicep/synapse: define registration secret properly 2023-09-13 04:53:56 +02:00
Daniel Olsen
f92ebbee16 bicep/synapse: use postgres unix socket 2023-09-13 04:16:22 +02:00
Daniel Olsen
201e3d306b bicep: Revert postgres socket stuff 2023-09-13 03:58:29 +02:00
Daniel Olsen
437219bb68 bicep/postgres: Enable unix socket auth 2023-09-13 00:52:27 +02:00
Daniel Olsen
b5075f48c6 bicep/matrix/synapse: switch database connection to socket 2023-09-13 00:17:10 +02:00
Felix Albrigtsen
d96c30bbd5 Fix calendar-bot timer 2023-09-12 18:23:20 +02:00
Felix Albrigtsen
36b768b3b2 ( ͡° ͜ʖ ͡°) 2023-09-08 02:33:22 +02:00
Felix Albrigtsen
9f36bd86a8 Update calendar bot details 2023-09-08 02:25:23 +02:00
Felix Albrigtsen
1370ccddf8 Initialize host: shark 2023-09-08 02:11:02 +02:00
Daniel Lovbrotte Olsen
cfcd230678 Merge pull request 'Fix gitea on bekkalokk' (#7) from configure-gitea into main 
Reviewed-on: #7
 2023-09-07 18:54:24 +02:00
h7x4
1afc8841a9
bekkalokk/nginx: remove commented virtualhost for mediawiki 2023-09-07 18:53:05 +02:00
h7x4
b4b6b4971a
bekkalokk/gitea: misc changes 
- change domain from git2 to git1
- enable internal SSH serer
- enable code search
- add custom logos
- update import-user-script to ignore GECOS fields
 2023-09-07 18:53:05 +02:00
h7x4
f567199604
bekkalokk/gitea: update API key for import-user-script 2023-09-07 18:41:41 +02:00
oysteikt
b52753987d
bicep: use mysql on bicep as production server 2023-09-07 18:40:13 +02:00
h7x4
6a75dbae47
Add PVV logo to repository 2023-09-07 18:39:21 +02:00
Felix Albrigtsen
8f55ef3193 Bekkalokk: Configure Gitea, clean web services 
Update bekkalokk secrets format

Update gitea keys and firewall rules

Create gitea-user-import script

Fix SSH host key verification

Gitea-import-users bug squashification

Fix Gitea-import SSH problems
 2023-06-05 19:41:25 +02:00
32 changed files with 718 additions and 541 deletions
Show Stats Expand all files Collapse all files

BIN
assets/logo_blue_regular.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 254 KiB

172
assets/logo_blue_regular.svg Normal file
View File

@ -0,0 +1,172 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
width="200mm"
height="200mm"
viewBox="0 0 200 200"
version="1.1"
id="svg5"
inkscape:version="1.1.2 (b8e25be833, 2022-02-05)"
sodipodi:docname="logo_blue_thicc.svg"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns="http://www.w3.org/2000/svg"
xmlns:svg="http://www.w3.org/2000/svg">
<sodipodi:namedview
id="namedview7"
pagecolor="#505050"
bordercolor="#ffffff"
borderopacity="1"
inkscape:pageshadow="0"
inkscape:pageopacity="0"
inkscape:pagecheckerboard="1"
inkscape:document-units="mm"
showgrid="false"
inkscape:zoom="3.9730533"
inkscape:cx="359.54715"
inkscape:cy="690.40101"
inkscape:window-width="1920"
inkscape:window-height="1057"
inkscape:window-x="-8"
inkscape:window-y="-8"
inkscape:window-maximized="1"
inkscape:current-layer="Layer_4"
width="200mm" />
<defs
id="defs2" />
<g
inkscape:label="Layer 1"
inkscape:groupmode="layer"
id="layer1">
<g
id="g98"
transform="scale(0.25)">
<g
id="Layer_2"
style="fill:#283681;fill-opacity:1">
<rect
y="0"
class="st0"
width="800"
height="800"
id="rect4"
x="0"
style="fill:#283681;fill-opacity:1"
inkscape:export-filename="C:\Users\al3xk\OneDrive - NTNU\PVV\Gogs\PR\logoer\logo_blue.png"
inkscape:export-xdpi="480"
inkscape:export-ydpi="480" />
</g>
<g
id="Layer_4"
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1">
<line
class="st1"
x1="478.39999"
y1="720.29999"
x2="313.20001"
y2="720.29999"
id="line9"
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
<path
class="st1"
d="M 478.4,720.3"
id="path11"
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
<polyline
class="st2"
points="717.1,223.3 717.1,720.3 497.3,720.3 "
id="polyline13"
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
<path
class="st2"
d="m 498.39888,720.3 c 0,-5.6 -4.5,-10.1 -10.1,-10.1 -5.6,0 -10.1,4.5 -10.1,10.1 h -163.8 c 0,-5.6 -4.5,-10.1 -10.1,-10.1 -5.6,0 -10.1,4.5 -10.1,10.1 -69.7592,0 -145.68417,0 -217.599996,0 V 79.7 H 717.09888 v 120 0 h -17.3 v 24.8 h 17.3"
id="path15"
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-linecap:square;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1"
sodipodi:nodetypes="csccsccccccccc" />
</g>
<g
id="Layer_3"
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1">
<circle
class="st2"
cx="396.79999"
cy="400"
id="circle18"
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
r="320.29999" />
</g>
<g
id="Layer_1"
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1">
<polyline
class="st2"
points="514.5,173.5 170.2,173.5 170.3,626.6 623.3,626.5 623.3,215.7 584.4,173.4 557,173.4 548,180.6 526.5,180.7 "
id="polyline21"
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-linejoin:bevel;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
<path
class="st2"
d="m 526.5,331.8 c 0,7.6 -5.4,13.7 -12,13.7 H 227.7 c -6.6,0 -12,-6.1 -12,-13.7 V 187.2 c 0,-7.6 5.4,-13.7 12,-13.7 h 286.8 c 6.6,0 12,6.1 12,13.7 z"
id="path27"
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
<path
class="st2"
d="m 526.7,333.6 c 0,6.6 -5.4,12 -12,12 H 296.8 c -6.6,0 -12,-5.4 -12,-12 V 185.5 c 0,-6.6 5.4,-12 12,-12 h 217.9 c 6.6,0 12,5.4 12,12 z"
id="path29"
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
<path
class="st2"
d="m 577.9,613.7 c 0,6.6 -5.4,12 -12,12 H 227.7 c -6.6,0 -12,-5.4 -12,-12 V 381.1 c 0,-6.6 5.4,-12 12,-12 h 338.2 c 6.6,0 12,5.4 12,12 z"
id="path31"
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
<rect
x="179.89999"
y="590.20001"
class="st2"
width="25.700001"
height="23"
id="rect33"
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
<rect
x="587.59998"
y="590.20001"
class="st2"
width="25.700001"
height="23"
id="rect35"
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
<rect
x="433.60001"
y="193.5"
class="st2"
width="64.900002"
height="137.8"
id="rect37"
style="fill:#283681;fill-opacity:0;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:4;stroke-dasharray:none;stroke-opacity:1" />
</g>
<path
d="m 274.9401,541.572 c 0,3.528 2.772,6.426 6.3,6.426 3.528,0 6.426,-2.898 6.426,-6.426 v -30.996 h 30.87 c 10.458,0 19.152,-8.694 19.152,-19.152 v -22.68 c 0,-10.332 -8.694,-19.026 -19.152,-19.026 h -43.596 z m 12.726,-43.722 v -35.406 h 30.87 c 3.276,0 6.426,2.898 6.426,6.3 v 22.68 c 0,3.528 -3.024,6.426 -6.426,6.426 z"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:126px;font-family:OCRA;-inkscape-font-specification:OCRA;fill:#ffffff;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
id="path55-2" />
<path
d="m 365.99479,478.824 25.326,65.142 c 1.008,2.394 3.276,4.032 6.048,4.032 2.646,0 4.914,-1.638 5.922,-4.032 l 25.452,-65.268 v -22.68 c 0,-3.402 -2.898,-6.3 -6.426,-6.3 -3.528,0 -6.3,2.898 -6.3,6.3 v 20.286 l -18.648,47.628 -18.648,-47.628 v -20.286 c 0,-3.402 -2.898,-6.3 -6.426,-6.3 -3.528,0 -6.3,2.898 -6.3,6.3 z"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:126px;font-family:OCRA;-inkscape-font-specification:OCRA;fill:#ffffff;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
id="path57-8" />
<path
d="m 457.04947,478.824 25.326,65.142 c 1.008,2.394 3.276,4.032 6.048,4.032 2.646,0 4.914,-1.638 5.922,-4.032 l 25.452,-65.268 v -22.68 c 0,-3.402 -2.898,-6.3 -6.426,-6.3 -3.528,0 -6.3,2.898 -6.3,6.3 v 20.286 l -18.648,47.628 -18.648,-47.628 v -20.286 c 0,-3.402 -2.898,-6.3 -6.426,-6.3 -3.528,0 -6.3,2.898 -6.3,6.3 z"
style="font-style:normal;font-variant:normal;font-weight:normal;font-stretch:normal;font-size:126px;font-family:OCRA;-inkscape-font-specification:OCRA;fill:#ffffff;stroke:#ffffff;stroke-width:4.2;stroke-miterlimit:10;stroke-dasharray:none;stroke-opacity:1"
id="path59-1" />
</g>
</g>
<style
type="text/css"
id="style2">
.st0{fill:#ffffff;}
.st1{fill:none;stroke:#ffffff;stroke-width:2;stroke-miterlimit:10;}
.st2{fill:none;stroke:#000000;stroke-width:2;stroke-miterlimit:10;}
.st3{fill:none;}
.st4{stroke:#000000;stroke-miterlimit:10;}
.st5{font-family:'OCRAStd';}
.st6{font-size:126px;}
</style>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 8.2 KiB

46
flake.lock generated
View File

@ -5,11 +5,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1689214560, "lastModified": 1694383459,
"narHash": "sha256-2vXE3S68YeWhxRm7SdUD9Ac0xwDl9MHEGaGP8MdZa9c=", "narHash": "sha256-Y7VuBz74Go1QlvSLGXsXzPgOeeV73bbsDou3uXX9oa8=",
"owner": "dali99", "owner": "dali99",
"repo": "nixos-matrix-modules", "repo": "nixos-matrix-modules",
"rev": "c158a35ea298ce3ea7cd446e9992154ea4bc6381", "rev": "66ff528912d95e6a2ee0aea6404a6b7e0d7fd83c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -20,11 +20,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1689160739, "lastModified": 1694526311,
"narHash": "sha256-16f4JmXP9kvlcLPmlfXCwON2wyxEbZ2GQP8MM9XAzjA=", "narHash": "sha256-Y9LCYQBNX7McW0o8x6wT9tx2qy9TVuF84fe62zrQzyA=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "cad52aa1825058284a9b33ff4e42ce8adff1ac8b", "rev": "36bee398beca22e2428074e0a2e068d87f801718",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -51,11 +51,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1688868408, "lastModified": 1693675694,
"narHash": "sha256-RR9N5XTAxSBhK8MCvLq9uxfdkd7etC//seVXldy0k48=", "narHash": "sha256-2pIOyQwGyy2FtFAUIb8YeKVmOCcPOTVphbAvmshudLE=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "510d721ce097150ae3b80f84b04b13b039186571", "rev": "5601118d39ca9105f8e7b39d4c221d3388c0419d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -72,19 +72,17 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1693093917, "lastModified": 1693136143,
"narHash": "sha256-Qz7bHN685zj5mcRnEfCwkCTUiLzy2EtXrREmlEKEf6w=", "narHash": "sha256-amHprjftc3y/bg8yf4hITCLa+ez5HIi0yGfR7TU6UIc=",
"ref": "main", "ref": "refs/heads/main",
"rev": "6f125fdb1fd23b5d634cf50235f16f8c5f03e5be", "rev": "a32894b305f042d561500f5799226afd1faf5abb",
"revCount": 8, "revCount": 9,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Drift/calendar-bot.git" "url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git"
}, },
"original": { "original": {
"ref": "main",
"rev": "6f125fdb1fd23b5d634cf50235f16f8c5f03e5be",
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Drift/calendar-bot.git" "url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git"
} }
}, },
"root": { "root": {
@ -104,11 +102,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1689149796, "lastModified": 1694495315,
"narHash": "sha256-3FCUdayBHcxk6BZOxEIfa5UxbXNQzTc/VlN7ociI2Dw=", "narHash": "sha256-sZEYXs9T1NVHZSSbMqBEtEm2PGa7dEDcx0ttQkArORc=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "88b964df6981e4844c07be8c192aa6bdca768a10", "rev": "ea208e55f8742fdcc0986b256bdfa8986f5e4415",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -119,11 +117,11 @@
}, },
"unstable": { "unstable": {
"locked": { "locked": {
"lastModified": 1689179735, "lastModified": 1694534540,
"narHash": "sha256-HYU8oAsfjV4xL9CmKDeKBlVfWrx+r4si/8gXuhs5XtM=", "narHash": "sha256-Cc0Ku0qJZDDx/0kII+0xD94L25EKw4EQzOLm0R9iZO4=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b14fb1c9c33241598f573638ce23e6e46415306b", "rev": "f22a472661d66c655eae5b0a01ada71e4e13e405",
"type": "github" "type": "github"
}, },
"original": { "original": {

11
flake.nix
View File

@ -8,7 +8,7 @@
sops-nix.url = "github:Mic92/sops-nix"; sops-nix.url = "github:Mic92/sops-nix";
sops-nix.inputs.nixpkgs.follows = "nixpkgs"; sops-nix.inputs.nixpkgs.follows = "nixpkgs";
pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Drift/calendar-bot.git?ref=main&rev=6f125fdb1fd23b5d634cf50235f16f8c5f03e5be"; pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git";
pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs"; pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
matrix-next.url = "github:dali99/nixos-matrix-modules"; matrix-next.url = "github:dali99/nixos-matrix-modules";
@ -63,12 +63,11 @@
]; ];
}; };
bekkalokk = stableNixosConfig "bekkalokk" { }; bekkalokk = stableNixosConfig "bekkalokk" { };
greddost = stableNixosConfig "greddost" { };
ildkule = stableNixosConfig "ildkule" { }; ildkule = stableNixosConfig "ildkule" { };
ildkule-unstable = unstableNixosConfig "ildkule" { }; #ildkule-unstable = unstableNixosConfig "ildkule" { };
jokum = stableNixosConfig "jokum" { shark = stableNixosConfig "shark" { };
modules = [ matrix-next.nixosModules.synapse ];
}; brzeczyszczykiewicz = stableNixosConfig "brzeczyszczykiewicz" { };
}; };
devShells = forAllSystems (system: { devShells = forAllSystems (system: {

10
hosts/bekkalokk/configuration.nix
View File

@ -9,10 +9,10 @@
#./services/keycloak.nix #./services/keycloak.nix
# TODO: set up authentication for the following: # TODO: set up authentication for the following:
# ./services/website/website.nix # ./services/website.nix
./services/website/nginx.nix ./services/nginx.nix
# ./services/website/gitea.nix ./services/gitea/default.nix
./services/website/mediawiki.nix # ./services/mediawiki.nix
]; ];
sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml; sops.defaultSopsFile = ../../secrets/bekkalokk/bekkalokk.yaml;
@ -23,6 +23,8 @@
boot.loader.systemd-boot.enable = true; boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true; boot.loader.efi.canTouchEfiVariables = true;
virtualisation.podman.enable = true;
networking.hostName = "bekkalokk"; networking.hostName = "bekkalokk";
systemd.network.networks."30-enp2s0" = values.defaultNetworkConfig // { systemd.network.networks."30-enp2s0" = values.defaultNetworkConfig // {

16
hosts/bekkalokk/services/gitea/ci.nix Normal file
View File

@ -0,0 +1,16 @@
{ config, ... }:
{
sops.secrets."gitea/runner-token" = { };
services.gitea-actions-runner.instances = {
runner1 = {
url = "https://git-runner1.pvv.ntnu.no";
name = "git-runner1";
labels = [
"debian-latest:docker://node:18-bullseye"
];
enable = true;
tokenFile = config.sops.secrets."gitea/runner-token".path;
};
};
}

105
hosts/bekkalokk/services/gitea/default.nix Normal file
View File

@ -0,0 +1,105 @@
{ config, values, pkgs, ... }:
let
cfg = config.services.gitea;
domain = "git.pvv.ntnu.no";
sshPort = 2222;
in {
imports = [
./ci.nix
];
sops.secrets = {
"gitea/database" = {
owner = "gitea";
group = "gitea";
};
"gitea/passwd-ssh-key" = { };
"gitea/ssh-known-hosts" = { };
"gitea/import-user-env" = { };
};
services.gitea = {
enable = true;
stateDir = "/data/gitea";
appName = "PVV Git";
database = {
type = "postgres";
host = "postgres.pvv.ntnu.no";
port = config.services.postgresql.port;
passwordFile = config.sops.secrets."gitea/database".path;
createDatabase = false;
};
settings = {
server = {
DOMAIN = domain;
ROOT_URL = "https://${domain}/";
PROTOCOL = "http+unix";
SSH_PORT = sshPort;
START_SSH_SERVER = true;
};
indexer.REPO_INDEXER_ENABLED = true;
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;
database.LOG_SQL = false;
picture = {
DISABLE_GRAVATAR = true;
ENABLE_FEDERATED_AVATAR = false;
};
actions.ENABLED = true;
"ui.meta".DESCRIPTION = "Bokstavelig talt programvareverkstedet";
};
};
environment.systemPackages = [ cfg.package ];
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://unix:${cfg.settings.server.HTTP_ADDR}";
recommendedProxySettings = true;
extraConfig = ''
client_max_body_size 512M;
'';
};
};
networking.firewall.allowedTCPPorts = [ sshPort ];
# Automatically import users
systemd.services.gitea-import-users = {
enable = true;
preStart=''${pkgs.rsync}/bin/rsync -e "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=$CREDENTIALS_DIRECTORY/ssh-known-hosts -i $CREDENTIALS_DIRECTORY/sshkey" -a pvv@smtp.pvv.ntnu.no:/etc/passwd /tmp/passwd-import'';
serviceConfig = {
ExecStart = pkgs.writers.writePython3 "gitea-import-users" { libraries = [ pkgs.python3Packages.requests ]; } (builtins.readFile ./gitea-import-users.py);
LoadCredential=[
"sshkey:${config.sops.secrets."gitea/passwd-ssh-key".path}"
"ssh-known-hosts:${config.sops.secrets."gitea/ssh-known-hosts".path}"
];
DynamicUser="yes";
EnvironmentFile=config.sops.secrets."gitea/import-user-env".path;
};
};
systemd.timers.gitea-import-users = {
enable = true;
requires = [ "gitea.service" ];
after = [ "gitea.service" ];
timerConfig = {
OnCalendar = "*-*-* 02:00:00";
Persistent = true;
Unit = "gitea-import-users.service";
};
};
system.activationScripts.linkGiteaLogo.text = let
logo-svg = ../../../../assets/logo_blue_regular.svg;
logo-png = ../../../../assets/logo_blue_regular.png;
in ''
install -Dm444 ${logo-svg} ${cfg.stateDir}/custom/public/img/logo.svg
install -Dm444 ${logo-png} ${cfg.stateDir}/custom/public/img/logo.png
install -Dm444 ${./loading.apng} ${cfg.stateDir}/custom/public/img/loading.png
'';
}

94
hosts/bekkalokk/services/gitea/gitea-import-users.py Normal file
View File

@ -0,0 +1,94 @@
import requests
import secrets
import os
EMAIL_DOMAIN = os.getenv('EMAIL_DOMAIN')
if EMAIL_DOMAIN is None:
EMAIL_DOMAIN = 'pvv.ntnu.no'
API_TOKEN = os.getenv('API_TOKEN')
if API_TOKEN is None:
raise Exception('API_TOKEN not set')
GITEA_API_URL = os.getenv('GITEA_API_URL')
if GITEA_API_URL is None:
GITEA_API_URL = 'https://git.pvv.ntnu.no/api/v1'
BANNED_SHELLS = [
"/usr/bin/nologin",
"/usr/sbin/nologin",
"/sbin/nologin",
"/bin/false",
"/bin/msgsh",
]
existing_users = {}
# This function should only ever be called when adding users
# from the passwd file
def add_user(username, name):
user = {
"full_name": name,
"username": username,
"login_name": username,
"visibility": "public",
"source_id": 1, # 1 = SMTP
}
if username not in existing_users:
user["password"] = secrets.token_urlsafe(32)
user["must_change_password"] = False
user["visibility"] = "private"
user["email"] = username + '@' + EMAIL_DOMAIN
r = requests.post(GITEA_API_URL + '/admin/users', json=user,
headers={'Authorization': 'token ' + API_TOKEN})
if r.status_code != 201:
print('ERR: Failed to create user ' + username + ': ' + r.text)
return
print('Created user ' + username)
existing_users[username] = user
else:
r = requests.patch(GITEA_API_URL + f'/admin/users/{username}',
json=user,
headers={'Authorization': 'token ' + API_TOKEN})
if r.status_code != 200:
print('ERR: Failed to update user ' + username + ': ' + r.text)
return
print('Updated user ' + username)
def main():
# Fetch existing users
r = requests.get(GITEA_API_URL + '/admin/users',
headers={'Authorization': 'token ' + API_TOKEN})
if r.status_code != 200:
raise Exception('Failed to get users: ' + r.text)
for user in r.json():
existing_users[user['login']] = user
# Read the file, add each user
with open("/tmp/passwd-import", 'r') as f:
for line in f.readlines():
uid = int(line.split(':')[2])
if uid < 1000:
continue
shell = line.split(':')[-1]
if shell in BANNED_SHELLS:
continue
username = line.split(':')[0]
name = line.split(':')[4].split(',')[0]
add_user(username, name)
if __name__ == '__main__':
main()

BIN
hosts/bekkalokk/services/gitea/loading.apng Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.1 MiB

2
hosts/bekkalokk/services/website/mediawiki.nix → hosts/bekkalokk/services/mediawiki.nix
View File

@ -28,7 +28,7 @@ in {
database = { database = {
type = "postgres"; type = "postgres";
host = values.hosts.postgres.ipv4; host = "postgres.pvv.ntnu.no";
port = config.services.postgresql.port; port = config.services.postgresql.port;
passwordFile = config.sops.secrets."keys/postgres/mediawiki".path; passwordFile = config.sops.secrets."keys/postgres/mediawiki".path;
createLocally = false; createLocally = false;

18
hosts/bekkalokk/services/nginx.nix Normal file
View File

@ -0,0 +1,18 @@
{ pkgs, config, ... }:
{
security.acme = {
acceptTerms = true;
defaults.email = "drift@pvv.ntnu.no";
};
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
};
networking.firewall.allowedTCPPorts = [ 80 443 ];
}

0
hosts/bekkalokk/services/website/website.nix → hosts/bekkalokk/services/website.nix
View File

26
hosts/bekkalokk/services/website/gitea.nix
View File

@ -1,26 +0,0 @@
{ config, values, ... }:
{
sops.secrets."postgres/gitea/password" = { };
services.gitea = {
enable = true;
rootUrl = "https://git2.pvv.ntnu.no/";
stateDir = "/data/gitea";
appName = "PVV Git";
enableUnixSocket = true;
database = {
type = "postgres";
host = values.bicep.ipv4;
port = config.services.postgresql.port;
passwordFile = config.sops.secrets."postgres/gitea/password".path;
createDatabase = false;
};
settings = {
service.DISABLE_REGISTRATION = true;
session.COOKIE_SECURE = true;
};
};
}

42
hosts/bekkalokk/services/website/nginx.nix
View File

@ -1,42 +0,0 @@
{ pkgs, config, ... }:
{
security.acme = {
acceptTerms = true;
defaults.email = "drift@pvv.ntnu.no";
};
services.nginx = {
enable = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts = {
"bekkalokk.pvv.ntnu.no" = {
forceSSL = true;
enableACME = true;
root = "${config.services.mediawiki.finalPackage}/share/mediawiki";
locations = {
"/" = {
extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass unix:${config.services.phpfpm.pools.mediawiki.socket};
include ${pkgs.nginx}/conf/fastcgi_params;
include ${pkgs.nginx}/conf/fastcgi.conf;
'';
};
"/images".root = config.services.mediawiki.uploadsDir;
# "/git" = {
# proxyPass = "http://unix:${config.services.gitea.settings.server.HTTP_ADDR}";
# proxyWebsockets = true;
# };
};
};
};
};
}

1
hosts/bicep/configuration.nix
View File

@ -23,7 +23,6 @@
sops.age.generateKey = true; sops.age.generateKey = true;
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.loader.grub.device = "/dev/disk/by-id/scsi-3600508b1001cb1a8751c137b30610682"; boot.loader.grub.device = "/dev/disk/by-id/scsi-3600508b1001cb1a8751c137b30610682";
networking.hostName = "bicep"; networking.hostName = "bicep";

13
hosts/bicep/services/calendar-bot.nix
View File

@ -1,20 +1,25 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let
{ cfg = config.services.pvv-calendar-bot;
in {
sops.secrets."calendar-bot/matrix_token" = { sops.secrets."calendar-bot/matrix_token" = {
sopsFile = ../../../secrets/bicep/bicep.yaml; sopsFile = ../../../secrets/bicep/bicep.yaml;
key = "calendar-bot/matrix_token";
owner = cfg.user;
group = cfg.group;
}; };
services.pvv-calendar-bot = { services.pvv-calendar-bot = {
enable = true; enable = true;
settings = { settings = {
matrix = { matrix = {
homeserver = "https://matrix.pvv.ntnu.no"; homeserver = "https://matrix.pvv.ntnu.no";
user = "@bot_calendar:pvv.ntnu.no"; user = "@bot_calendar:pvv.ntnu.no";
channel = "!MCYRZwhWAeNqUhwkUx:feal.no"; channel = "!gkNLUIhYVpEyLatcRz:pvv.ntnu.no";
}; };
secretsFile = config.sops.secrets."calendar-bot/matrix_token".path; secretsFile = config.sops.secrets."calendar-bot/matrix_token".path;
onCalendar = "0 9 * * *"; onCalendar = "*-*-* 09:00:00";
}; };
}; };
} }

24
hosts/bicep/services/matrix/synapse.nix
View File

@ -8,13 +8,6 @@ let
imap0Attrs = with lib; f: set: imap0Attrs = with lib; f: set:
listToAttrs (imap0 (i: attr: nameValuePair attr (f i attr set.${attr})) (attrNames set)); listToAttrs (imap0 (i: attr: nameValuePair attr (f i attr set.${attr})) (attrNames set));
in { in {
sops.secrets."matrix/synapse/dbconfig" = {
sopsFile = ../../../../secrets/bicep/matrix.yaml;
key = "synapse/dbconfig";
owner = config.users.users.matrix-synapse.name;
group = config.users.users.matrix-synapse.group;
};
sops.secrets."matrix/synapse/signing_key" = { sops.secrets."matrix/synapse/signing_key" = {
key = "synapse/signing_key"; key = "synapse/signing_key";
sopsFile = ../../../../secrets/bicep/matrix.yaml; sopsFile = ../../../../secrets/bicep/matrix.yaml;
@ -43,11 +36,6 @@ in {
enableNginx = true; enableNginx = true;
extraConfigFiles = [
config.sops.secrets."matrix/synapse/dbconfig".path
config.sops.secrets."matrix/synapse/user_registration".path
];
settings = { settings = {
server_name = "pvv.ntnu.no"; server_name = "pvv.ntnu.no";
public_baseurl = "https://matrix.pvv.ntnu.no"; public_baseurl = "https://matrix.pvv.ntnu.no";
@ -56,6 +44,17 @@ in {
media_store_path = "${cfg.dataDir}/media"; media_store_path = "${cfg.dataDir}/media";
database = {
name = "psycopg2";
args = {
host = "/var/run/postgresql";
dbname = "synapse";
user = "matrix-synapse";
cp_min = 1;
cp_max = 5;
};
};
presence.enabled = false; presence.enabled = false;
event_cache_size = "20K"; # Default is 10K but I can't find the factor for this cache event_cache_size = "20K"; # Default is 10K but I can't find the factor for this cache
@ -80,6 +79,7 @@ in {
mau_stats_only = true; mau_stats_only = true;
enable_registration = false; enable_registration = false;
registration_shared_secret_path = config.sops.secrets."matrix/synapse/user_registration".path;
password_config.enabled = lib.mkForce false; password_config.enabled = lib.mkForce false;

27
hosts/bicep/services/mysql.nix
View File

@ -1,5 +1,12 @@
{ pkgs, config, ... }: { pkgs, lib, config, values, ... }:
{ {
sops.secrets."mysql/password" = {
owner = "mysql";
group = "mysql";
};
users.mysql.passwordFile = config.sops.secrets."mysql/password".path;
services.mysql = { services.mysql = {
enable = true; enable = true;
dataDir = "/data/mysql"; dataDir = "/data/mysql";
@ -8,15 +15,23 @@
mysqld = { mysqld = {
# PVV allows a lot of connections at the same time # PVV allows a lot of connections at the same time
max_connect_errors = 10000; max_connect_errors = 10000;
bind-address = values.services.mysql.ipv4;
skip-networking = 0;
# This was needed in order to be able to use all of the old users
# during migration from knakelibrak to bicep in Sep. 2023
secure_auth = 0;
}; };
}; };
# Note: This user also has MAX_USER_CONNECTIONS set to 3, and # Note: This user also has MAX_USER_CONNECTIONS set to 3, and
# a password which can be found in /secrets/ildkule/ildkule.yaml # a password which can be found in /secrets/ildkule/ildkule.yaml
# We have also changed both the host and auth plugin of this user
# to be 'ildkule.pvv.ntnu.no' and 'mysql_native_password' respectively.
ensureUsers = [{ ensureUsers = [{
name = "prometheus_mysqld_exporter"; name = "prometheus_mysqld_exporter";
ensurePermissions = { ensurePermissions = {
"*.*" = "PROCESS, REPLICATION CLIENT, SELECT"; "*.*" = "PROCESS, REPLICATION CLIENT, SELECT, SLAVE MONITOR";
}; };
}]; }];
}; };
@ -27,4 +42,12 @@
}; };
networking.firewall.allowedTCPPorts = [ 3306 ]; networking.firewall.allowedTCPPorts = [ 3306 ];
systemd.services.mysql.serviceConfig = {
IPAddressDeny = "any";
IPAddressAllow = [
values.ipv4-space
values.ipv6-space
];
};
} }

16
hosts/bicep/services/nginx/default.nix
View File

@ -19,11 +19,27 @@
"[::1]" "[::1]"
]; ];
appendConfig = ''
pcre_jit on;
worker_processes 8;
worker_rlimit_nofile 8192;
'';
eventsConfig = ''
multi_accept on;
worker_connections 4096;
'';
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedBrotliSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
}; };
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
systemd.services.nginx.serviceConfig = {
LimitNOFILE = 65536;
};
} }

6
hosts/bicep/services/postgres.nix
View File

@ -22,10 +22,10 @@ in
superuser_reserved_connections = 3; superuser_reserved_connections = 3;
# Memory Settings # Memory Settings
shared_buffers = "2048 MB"; shared_buffers = "8192 MB";
work_mem = "32 MB"; work_mem = "32 MB";
maintenance_work_mem = "320 MB"; maintenance_work_mem = "420 MB";
effective_cache_size = "6 GB"; effective_cache_size = "22 GB";
effective_io_concurrency = 100; effective_io_concurrency = 100;
random_page_cost = 1.25; random_page_cost = 1.25;

36
hosts/brzeczyszczykiewicz/configuration.nix Normal file
View File

@ -0,0 +1,36 @@
{ config, pkgs, values, ... }:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../base.nix
../../misc/metrics-exporters.nix
../../modules/grzegorz.nix
];
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "brzeczyszczykiewicz";
systemd.network.networks."30-eno1" = values.defaultNetworkConfig // {
matchConfig.Name = "eno1";
address = with values.hosts.brzeczyszczykiewicz; [ (ipv4 + "/25") (ipv6 + "/64") ];
};
# List packages installed in system profile
environment.systemPackages = with pkgs; [
];
# List services that you want to enable:
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

66
hosts/greddost/configuration.nix
View File

@ -1,66 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
../../hardware-configuration.nix
../../base.nix
../../services/minecraft
];
nixpkgs.config.packageOverrides = pkgs: {
unstable = (import <nixos-unstable>) { };
};
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
networking.hostName = "greddost"; # Define your hostname.
networking.interfaces.ens18.useDHCP = false;
networking.defaultGateway = "129.241.210.129";
networking.interfaces.ens18.ipv4 = {
addresses = [
{
address = "129.241.210.174";
prefixLength = 25;
}
];
};
networking.interfaces.ens18.ipv6 = {
addresses = [
{
address = "2001:700:300:1900::174";
prefixLength = 64;
}
];
};
networking.nameservers = [ "129.241.0.200" "129.241.0.201" ];
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [ 25565 ];
networking.firewall.allowedUDPPorts = [ 25565 ];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment?
}

158
hosts/greddost/services/minecraft/default.nix
View File

@ -1,158 +0,0 @@
{config, lib, pkgs, ... }:
{
imports = [ ./minecraft-server-fabric.nix ];
environment.systemPackages = with pkgs; [
mcron
];
pvv.minecraft-server-fabric = {
enable = true;
eula = true;
package = pkgs.callPackage ../../pkgs/minecraft-server-fabric { minecraft-server = (pkgs.callPackage ../../pkgs/minecraft-server/1_18_1.nix { }); };
jvmOpts = "-Xms10G -Xmx10G -XX:+UnlockExperimentalVMOptions -XX:+UseZGC -XX:+DisableExplicitGC -XX:+AlwaysPreTouch -XX:+ParallelRefProcEnabled";
serverProperties = {
view-distance = 12;
simulation-distance = 12;
enable-command-block = true;
gamemode = "survival";
difficulty = "normal";
white-list = true;
enable-rcon = true;
"rcon.password" = "pvv";
};
dataDir = "/fast/minecraft-pvv";
mods = [
(pkgs.fetchurl { # Fabric API is a common dependency for fabric based mods
url = "https://cdn.modrinth.com/data/P7dR8mSH/versions/0.44.0+1.18/fabric-api-0.44.0+1.18.jar";
sha256 = "0mlmj7mj073a48s8zgc1km0jwkphz01c1fvivn4mw37lbm2p4834";
})
(pkgs.fetchurl { # Lithium is a 100% vanilla compatible optimization mod
url = "https://cdn.modrinth.com/data/gvQqBUqZ/versions/mc1.18.1-0.7.6/lithium-fabric-mc1.18.1-0.7.6.jar";
sha256 = "1fw1ikg578v4i6bmry7810a3q53h8yspxa3awdz7d746g91g8lf7";
})
(pkgs.fetchurl { # Starlight is the lighting engine of papermc
url = "https://cdn.modrinth.com/data/H8CaAYZC/versions/Starlight%201.0.0%201.18.x/starlight-1.0.0+fabric.d0a3220.jar";
sha256 = "0bv9im45hhc8n6x57lakh2rms0g5qb7qfx8qpx8n6mbrjjz6gla1";
})
(pkgs.fetchurl { # Krypton is a linux optimized optimizer for minecrafts networking system
url = "https://cdn.modrinth.com/data/fQEb0iXm/versions/0.1.6/krypton-0.1.6.jar";
sha256 = "1ribvbww4msrfdnzlxipk8kpzz7fnwnd4q6ln6mpjlhihcjb3hni";
})
(pkgs.fetchurl { # C2ME is a parallelizer for chunk loading and generation, experimental!!!
url = "https://cdn.modrinth.com/data/VSNURh3q/versions/0.2.0+alpha.5.104%201.18.1/c2me-fabric-mc1.18.1-0.2.0+alpha.5.104-all.jar";
sha256 = "13zrpsg61fynqnnlm7dvy3ihxk8khlcqsif68ak14z7kgm4py6nw";
})
(pkgs.fetchurl { # Spark is a profiler for minecraft
url = "https://ci.lucko.me/job/spark/251/artifact/spark-fabric/build/libs/spark-fabric.jar";
sha256 = "1clvi5v7a14ba23jbka9baz99h6wcfjbadc8kkj712fmy2h0sx07";
})
#(pkgs.fetchurl { # Carpetmod gives you tps views in the tab menu,
# # but also adds a lot of optional serverside vanilla+ features (which we arent using).
# # So probably want something else
# url = "https://github.com/gnembon/fabric-carpet/releases/download/1.4.56/fabric-carpet-1.18-1.4.56+v211130.jar";
# sha256 = "0rvl2yb8xymla8c052j07gqkqfkz4h5pxf6aip2v9v0h8r84p9hf";
#})
];
whitelist = {
gunalx = "913a21ae-3a11-4178-a192-401490ca0891";
eirikwitt = "1689e626-1cc8-4b91-81c4-0632fd34eb19";
Rockj = "202c0c91-a4e0-4b45-8c1b-fc51a8956c0a";
paddishar = "326845aa-4b45-4cd9-8108-7816e10a9828";
nordyorn = "f253cddf-a520-42ab-85d3-713992746e42";
hell04 = "c681df2a-6a30-4c66-b70d-742eb68bbc04";
steinarh = "bd8c419e-e6dc-4fc5-ac62-b92f98c1abc9";
EastTown2000 = "f273ed2e-d3ba-43fc-aff4-3e800cdf25e1";
DirDanner = "5b5476a2-1138-476b-9ff1-1f39f834a428";
asgeirbj = "dbd5d89f-3d8a-4662-ad15-6c4802d0098f";
Linke03 = "0dbc661d-898a-47ff-a371-32b7bd76b78b";
somaen = "cc0bdd13-4304-4160-80e7-8f043446fa83";
einaman = "39f45df3-423d-4274-9ef9-c9b7575e3804";
liseu = "c8f4d9d8-3140-4c35-9f66-22bc351bb7e6";
torsteno = "ae1e7b15-a0de-4244-9f73-25b68427e34a";
simtind = "39c03c95-d628-4ccc-843d-ce1332462d9e";
aellaie = "c585605d-24bb-4d75-ba9c-0064f6a39328";
PerKjelsvik = "5df69f17-27c9-4426-bcae-88b435dfae73";
CelestialCry = "9e34d192-364e-4566-883a-afc868c4224d";
terjesc = "993d70e8-6f9b-4094-813c-050d1a90be62";
maxelost = "bf465915-871a-4e3e-a80c-061117b86b23";
"4ce1" = "8a9b4926-0de8-43f0-bcde-df1442dee1d0";
exponential = "1ebcca9d-0964-48f3-9154-126a9a7e64f6";
Dodsorbot = "3baa9d58-32e4-465e-80bc-9dcb34e23e1d";
HFANTOM = "cd74d407-7fb0-4454-b3f4-c0b4341fde18";
Ghostmaker = "96465eee-e665-49ab-9346-f12d5a040624";
soonhalle = "61a8e674-7c7a-4120-80d1-4453a5993350";
MasterMocca = "481e6dac-9a17-4212-9664-645c3abe232f";
soulprayfree = "cfb1fb23-5115-4fe2-9af9-00a02aea9bf8";
calibwam = "0d5d5209-bb7c-4006-9451-fb85d7d52618";
Skuggen = "f0ccee0b-741a-413a-b8e6-d04552b9d78a";
Sivertsen3 = "cefac1a6-52a7-4781-be80-e7520f758554";
vafflonaut = "4d864d5c-74e2-4f29-b57d-50dea76aaabd";
Dhila = "c71d6c23-14d7-4daf-ae59-cbf0caf45681";
remorino = "2972ab22-96b3-462d-ab4d-9b6b1775b9bb";
SamuelxJackson = "f140e4aa-0a19-48ab-b892-79b24bd82c1e";
ToanBuiDuc = "a3c54742-4caf-4334-8bbb-6402a8eb4268";
Joces123 = "ecbcfbf9-9bcc-49f0-9435-f2ac2b3217c1";
brunsviken = "75ff5f0e-8adf-4807-a7f0-4cb66f81cb7f";
oscarsb1 = "9460015a-65cc-4a2f-9f91-b940b6ce7996";
CVi = "6f5691ce-9f9c-4310-84aa-759d2f9e138e";
Tawos = "0b98e55c-10cf-4b23-85d3-d15407431ace";
evenhunn = "8751581b-cc5f-4f8b-ae1e-34d90127e074";
q41 = "a080e5b4-10ee-4d6f-957e-aa5053bb1046";
jesper001 = "fbdf3ceb-eaa9-4aeb-94c2-a587cde41774";
finninde = "f58afd00-28cd-48dd-a74a-6c1d76b57f66";
GameGuru999 = "535f2188-a4a4-4e54-bec6-74977bee09ab";
MinusOneKelvin = "b6b973bf-1e35-4a58-803b-a555fd90a172";
SuperRagna = "e2c32136-e510-41b1-84c0-41baeccfb0b9";
Zamazaki = "d4411eca-401a-4565-9451-5ced6f48f23f";
supertheodor = "610c4e86-0ecc-4e7a-bffc-35a2e7d90aa6";
Minelost = "22ae2a1f-cfd9-4f10-9e41-e7becd34aba8";
Bjand = "aed136b6-17f7-4ce1-8a7b-a09eb1694ccf";
Dandellion = "f393413b-59fc-49d7-a5c4-83a5d177132c";
Shogori = "f9d571bd-5754-46e8-aef8-e89b38a6be9b";
Caragath = "f8d34f3a-55c3-4adc-b8d8-73a277f979e8";
Shmaapqueen = "425f2eef-1a9d-4626-9ba3-cd58156943dc";
Liquidlif3 = "420482b3-885f-4951-ba1e-30c22438a7e0";
newtonseple = "7d8bf9ca-0499-4cb7-9d6a-daabf80482b6";
nainis = "2eaf3736-decc-4e11-9a44-af2df0ee7c81";
Devolan = "87016228-76b2-434f-a963-33b005ae9e42";
zSkyler = "c92169e4-ca14-4bd5-9ea2-410fe956abe2";
Cryovat = "7127d743-873e-464b-927a-d23b9ad5b74a";
cybrhuman = "14a67926-cff0-4542-a111-7f557d10cc67";
stinl = "3a08be01-1e74-4d68-88d1-07d0eb23356f";
Mirithing = "7b327f51-4f1b-4606-88c7-378eff1b92b1";
"_dextra" = "4b7b4ee7-eb5b-48fd-88c3-1cc68f06acda";
Soraryuu = "0d5ffe48-e64f-4d6d-9432-f374ea8ec10c";
klarken1 = "d6967cb8-2bc6-4db7-a093-f0770cce47df";
};
};
networking.firewall.allowedTCPPorts = [ 25565 ];
networking.firewall.allowedUDPPorts = [ 25565 ];
systemd.services."minecraft-backup" = {
serviceConfig.Type = "oneshot";
script = ''
${pkgs.mcrcon}/bin/mcrcon -p pvv "say Starting Backup" "save-off" "save-all"
${pkgs.rsync}/bin/rsync -aiz --delete ${config.pvv.minecraft-server-fabric.dataDir}/world /fast/backup # Where to put backup
${pkgs.mcrcon}/bin/mcrcon -p pvv "save-all" "say Completed Backup" "save-on" "save-all"
'';
};
systemd.timers."minecraft-backup" = {
wantedBy = ["timers.target"];
timerConfig.OnCalendar = [ "hourly" ];
};
}

180
hosts/greddost/services/minecraft/minecraft-server-fabric.nix
View File

@ -1,180 +0,0 @@
{ lib, pkgs, config, ... }:
with lib;
let
cfg = config.pvv.minecraft-server-fabric;
# We don't allow eula=false anyways
eulaFile = builtins.toFile "eula.txt" ''
# eula.txt managed by NixOS Configuration
eula=true
'';
whitelistFile = pkgs.writeText "whitelist.json"
(builtins.toJSON
(mapAttrsToList (n: v: { name = n; uuid = v; }) cfg.whitelist));
cfgToString = v: if builtins.isBool v then boolToString v else toString v;
serverPropertiesFile = pkgs.writeText "server.properties" (''
# server.properties managed by NixOS configuration
'' + concatStringsSep "\n" (mapAttrsToList
(n: v: "${n}=${cfgToString v}") cfg.serverProperties));
defaultServerPort = 25565;
serverPort = cfg.serverProperties.server-port or defaultServerPort;
rconPort = if cfg.serverProperties.enable-rcon or false
then cfg.serverProperties."rcon.port" or 25575
else null;
queryPort = if cfg.serverProperties.enable-query or false
then cfg.serverProperties."query.port" or 25565
else null;
in
{
options.pvv.minecraft-server-fabric = {
enable = mkEnableOption "minecraft-server-fabric";
package = mkOption {
type = types.package;
};
eula = mkOption {
type = types.bool;
default = false;
description = ''
Whether you agree to
<link xlink:href="https://account.mojang.com/documents/minecraft_eula">
Mojangs EULA</link>. This option must be set to
<literal>true</literal> to run Minecraft server.
'';
};
dataDir = mkOption {
type = types.path;
default = "/var/lib/minecraft-fabric";
description = ''
Directory to store Minecraft database and other state/data files.
'';
};
whitelist = mkOption {
type = let
minecraftUUID = types.strMatching
"[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}" // {
description = "Minecraft UUID";
};
in types.attrsOf minecraftUUID;
default = {};
description = ''
Whitelisted players, only has an effect when
<option>services.minecraft-server.declarative</option> is
<literal>true</literal> and the whitelist is enabled
via <option>services.minecraft-server.serverProperties</option> by
setting <literal>white-list</literal> to <literal>true</literal>.
This is a mapping from Minecraft usernames to UUIDs.
You can use <link xlink:href="https://mcuuid.net/"/> to get a
Minecraft UUID for a username.
'';
example = literalExpression ''
{
username1 = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
username2 = "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy";
};
'';
};
serverProperties = mkOption {
type = with types; attrsOf (oneOf [ bool int str ]);
default = {};
example = literalExpression ''
{
server-port = 43000;
difficulty = 3;
gamemode = 1;
max-players = 5;
motd = "NixOS Minecraft server!";
white-list = true;
enable-rcon = true;
"rcon.password" = "hunter2";
}
'';
description = ''
Minecraft server properties for the server.properties file. Only has
an effect when <option>services.minecraft-server.declarative</option>
is set to <literal>true</literal>. See
<link xlink:href="https://minecraft.gamepedia.com/Server.properties#Java_Edition_3"/>
for documentation on these values.
'';
};
jvmOpts = mkOption {
type = types.separatedString " ";
default = "-Xmx2048M -Xms2048M";
# Example options from https://minecraft.gamepedia.com/Tutorials/Server_startup_script
example = "-Xmx2048M -Xms4092M -XX:+UseG1GC -XX:+CMSIncrementalPacing "
+ "-XX:+CMSClassUnloadingEnabled -XX:ParallelGCThreads=2 "
+ "-XX:MinHeapFreeRatio=5 -XX:MaxHeapFreeRatio=10";
description = "JVM options for the Minecraft server.";
};
mods = mkOption {
type = types.listOf types.package;
example = literalExpression ''
[
(pkgs.fetchurl {
url = "https://cdn.modrinth.com/data/P7dR8mSH/versions/0.44.0+1.18/fabric-api-0.44.0+1.18.jar";
sha256 = "0mlmj7mj073a48s8zgc1km0jwkphz01c1fvivn4mw37lbm2p4834";
})
];
'';
description = "List of mods to put in the mods folder";
};
};
config = mkIf cfg.enable {
users.users.minecraft = {
description = "Minecraft server service user";
home = cfg.dataDir;
createHome = true;
isSystemUser = true;
group = "minecraft";
};
users.groups.minecraft = {};
systemd.services.minecraft-server-fabric = {
description = "Minecraft Server Service";
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${cfg.package}/bin/minecraft-server ${cfg.jvmOpts}";
Restart = "always";
User = "minecraft";
WorkingDirectory = cfg.dataDir;
};
preStart = ''
ln -sf ${eulaFile} eula.txt
ln -sf ${whitelistFile} whitelist.json
cp -f ${serverPropertiesFile} server.properties
ln -sfn ${pkgs.linkFarmFromDrvs "fabric-mods" cfg.mods} mods
'';
};
assertions = [
{ assertion = cfg.eula;
message = "You must agree to Mojangs EULA to run minecraft-server."
+ " Read https://account.mojang.com/documents/minecraft_eula and"
+ " set `services.minecraft-server.eula` to `true` if you agree.";
}
];
};
}

39
hosts/shark/configuration.nix Normal file
View File

@ -0,0 +1,39 @@
{ config, pkgs, values, ... }:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
../../base.nix
../../misc/metrics-exporters.nix
];
sops.defaultSopsFile = ../../secrets/shark/shark.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
sops.age.generateKey = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "shark"; # Define your hostname.
systemd.network.networks."30-ens18" = values.defaultNetworkConfig // {
matchConfig.Name = "ens18";
address = with values.hosts.shark; [ (ipv4 + "/25") (ipv6 + "/64") ];
};
# List packages installed in system profile
environment.systemPackages = with pkgs; [
];
# List services that you want to enable:
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

38
hosts/shark/hardware-configuration.nix Normal file
View File

@ -0,0 +1,38 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/224c45db-9fdc-45d4-b3ad-aaf20b3efa8a";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/CC37-F5FE";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/a1ce3234-78b1-4565-9643-f4a05004424f"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

62
modules/grzegorz.nix Normal file
View File

@ -0,0 +1,62 @@
{config, lib, pkgs, ...}:
let
grg = config.services.grzegorz = true;
grgw = config.services.grzegorz-webui;
in {
services.pipewire.enable = true;
services.pipewire.alsa.enable = true;
services.pipewire.alsa.support32Bit = true;
services.pipewire.pulse.enable = true;
users.users.pvv = {
isNormalUser = true;
description = "pvv";
};
services.grzegorz.enable = true;
services.grzegorz.listenAddr = "localhost";
services.grzegorz.listenPort = 31337;
services.grzegorz-webui.enable = true;
services.grzegorz-webui.listenAddr = "localhost";
services.grzegorz-webui.listenPort = 42069;
services.grzegorz-webui.listenWebsocketPort = 42042;
services.grzegorz-webui.hostName = "${config.networking.fqdn}";
services.grzegorz-webui.apiBase = "http://${toString grg.listenAddr}:${toString grg.listenPort}/api";
security.acme.acceptTerms = true;
security.acme.defaults.email = "pederbs@pvv.ntnu.no";
services.nginx.enable = true;
networking.firewall.allowedTCPPorts = [ 80 443 ];
services.nginx.virtualHosts."${config.networking.fqdn}" = {
forceSSL = true;
enableACME = true;
serverAliases = [
"${config.networking.hostName}.pvv.org"
];
extraConfig = ''
allow 129.241.210.128/25;
allow 2001:700:300:1900::/64;
deny all;
'';
locations."/" = {
proxyPass = "http://localhost:${builtins.toString config.services.grzegorz-webui.listenPort}";
};
# https://github.com/rawpython/remi/issues/216
locations."/websocket" = {
proxyPass = "http://localhost:${builtins.toString config.services.grzegorz-webui.listenWebsocketPort}";
proxyWebsockets = true;
};
locations."/api" = {
proxyPass = "http://localhost:${builtins.toString config.services.grzegorz.listenPort}";
};
locations."/docs" = {
proxyPass = "http://localhost:${builtins.toString config.services.grzegorz.listenPort}";
};
};
}

17
secrets/bekkalokk/bekkalokk.yaml
View File

@ -1,12 +1,15 @@
gitea: gitea:
password: ENC[AES256_GCM,data:hlNzdU1ope0t50/3aztyLeXjMHd2vFPpwURX+Iu8f49DOqgSnEMtV+KtLA==,iv:qljRnSnchL5cFmaUAfCH9GQYQxcy5cyWejgk1x6bFgI=,tag:tIhboFU5kZsj5oAQR3hLbw==,type:str] password: ENC[AES256_GCM,data:hlNzdU1ope0t50/3aztyLeXjMHd2vFPpwURX+Iu8f49DOqgSnEMtV+KtLA==,iv:qljRnSnchL5cFmaUAfCH9GQYQxcy5cyWejgk1x6bFgI=,tag:tIhboFU5kZsj5oAQR3hLbw==,type:str]
database: ENC[AES256_GCM,data:UlS33IdCEyeSvT6ngpmnkBWHuSEqsB//DT+3b7C+UwbD8UXWJlsLf1X8/w==,iv:mPRW5ldyZaHP+y/0vC2JGSLZmlkhgmkvXPk4LazkSDs=,tag:gGk6Z/nbPvzE1zG+tJC8Sw==,type:str]
passwd-ssh-key: ENC[AES256_GCM,data:L0lF0wvpayss1NU9m3A45cH0bCMQzODTFVrq6EPd1JHx54wIcoaRBYLmxXKXASzBlCg9zlwXMUIk3OQcS3kdzMKL0iqcSL2iicAcKjFIHyrWLqXgwV5pRSP/tRPcVw8KW8gz0bh33EgESs5ReddZ3VZ0Cy1s2YupMRQvBXr89k1+Hv70OWB6P06hvxhv/zKcMGI1N/dWLroMgrQuT9imw4+/Q1RqwzTYeEU+eUn24AM9GjcBg4qf3OI+6g0nXUat/upIYE28iF5J3lbUSmDSmirBLc8xgHLdOyyJPTObWYWYxlSL78T7IqiMm9lI3rtBlpJDDcn/YxZpVqN5bg2154GISNK+uR0TVSLdJ+drdGHIfIX3G78XSxf2L9rbJyRn8MQlgStfdBIQicLavQKVMrmj+XQfvEMez23WbPLjH4oViBQFI+GrOHOGy/f16cz8Sn4n+69OcsOeTxs3tKYdfq6r1XLYSJ/fe/zvxBpaZiyGXljsuyEdIyBL2A8D6uSXe3Nd3/DAdBtceFfIdN1olCdutixzVWgxaJnrel161z5A/4w=,iv:Uy46yY3jFYSvpxrgCHxRMUksnWfhf5DViLMvCXVMMl4=,tag:wFEJ5+icFrOKkc56gY0A5g==,type:str]
ssh-known-hosts: ENC[AES256_GCM,data:zlRLoelQeumMxGqPmgMTB69X1RVWXIs2jWwc67lk0wrdNOHUs5UzV5TUA1JnQ43RslBU92+js7DkyvE5enGzw7zZE5F1ZYdGv/eCgvkTMC9BoLfzHzP6OzayPLYEt3xJ5PRocN8JUAD55cuu4LgsuebuydHPi2oWOfpbSUBKSeCh6dvk5Pp1XRDprPS5SzGLW8Xjq98QlzmfGv50meI9CDJZVF9Wq/72gkyfgtb3YVdr,iv:AF06TBitHegfWk6w07CdkHklh4ripQCmA45vswDQgss=,tag:zKh7WVXMJN2o9ZIwIkby3Q==,type:str]
import-user-env: ENC[AES256_GCM,data:vfaqjGEnUM9VtOPvBurz7nFwzGZt3L2EqijrQej4wiOcGCrRA4tN6kBV6NmhHqlFPsw=,iv:viPGkyOOacCWcgTu25da4qH7DC4wz2qdeC1W2WcMUdI=,tag:BllNqGQoaxqUo3lTz9LGnw==,type:str]
runner-token: ENC[AES256_GCM,data:jtKAyCjS4pNXHlg9Lzl69T/QaX+vEa8zwojAfXvG3FVgbOK42u2rfw==,iv:oszv09iNJArDgHN6rUfVQQRjOzxJmatXH4qD3IRObxo=,tag:rbJezwnYkQ4pG0QaT39WXA==,type:str]
mediawiki: mediawiki:
password: ENC[AES256_GCM,data:HsBuA1E7187roGnKuFPfPDYxA16GFjAUucgUtrdUFmcOzmTNiFH+NWY2ZQ==,iv:vDYUmmZftcrkDtJxNYKAJSx9j+AQcmQarC62QRHR4IM=,tag:3TKjNrGRivFWoK3djC748g==,type:str] password: ENC[AES256_GCM,data:HsBuA1E7187roGnKuFPfPDYxA16GFjAUucgUtrdUFmcOzmTNiFH+NWY2ZQ==,iv:vDYUmmZftcrkDtJxNYKAJSx9j+AQcmQarC62QRHR4IM=,tag:3TKjNrGRivFWoK3djC748g==,type:str]
keys: database: ENC[AES256_GCM,data:EvVK3Mo6cZiIZS+gTxixU4r9SXN41VqwaWOtortZRNH+WPJ4xcYvzYMJNg==,iv:JtFTRLn3fzKIfgAPRqRgQjct7EdkEHtiyQKPy8/sZ2Q=,tag:nqzseG6BC0X5UNI/3kZZ3A==,type:str]
postgres: keycloak:
gitea: ENC[AES256_GCM,data:lG4P8kzp7Zq94WftN7p1RJqM65esPuTFZ2JJWkFFXTzlid2DRZPsG2FGIA==,iv:JvHQUgwwb7wJTNMxjLjOUw5sKKWlyMJafVaUOLUu9Sk=,tag:qE0+gDFU/YtghqCv/d2Qgw==,type:str] database: ENC[AES256_GCM,data:76+AZnNR5EiturTP7BdOCKE90bFFkfGlRtviSP5NHxPbb3RfFPJEMlwtzA==,iv:nS7VTossHdlrHjPeethhX+Ysp9ukrb5JD7kjG28OFpY=,tag:OMpiEv9nQA7v6lWJfNxEEw==,type:str]
mediawiki: ENC[AES256_GCM,data:p+s/uQ3ywQY9RpImFWTxjt1orzl905i9kTQPzsAIs6hAK5t3B00XVzKZgQ==,iv:xp3PRrjCGFxCsRZOlJGIonBOKWJ+3/1CByc4q7O3vDw=,tag:bfKlU2Pcoq0cQjbhp+UXag==,type:str]
keycloak: ENC[AES256_GCM,data:A3cbJTfP97yT35ov/yuWaD+b3wD2I8H+2GkW1ONp3YiNEsmKFjROx2rpwA==,iv:kMbuPtvy/49soEH9jxdY/X0BFDoiK7EyZ56xMkwjMUg=,tag:Ttp8BbJqfPWaeH5iaOwcQQ==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -40,8 +43,8 @@ sops:
akVjeTNTeGorZjJQOVlMeCtPRUVYL3MK+VMvGxrbzGz4Q3sdaDDWjal+OiK+JYKX akVjeTNTeGorZjJQOVlMeCtPRUVYL3MK+VMvGxrbzGz4Q3sdaDDWjal+OiK+JYKX
GHiMXVHQJZu/RrlxMjHKN6V3iaqxZpuvLAEJ2Lzy5EOHPtuiiRyeHQ== GHiMXVHQJZu/RrlxMjHKN6V3iaqxZpuvLAEJ2Lzy5EOHPtuiiRyeHQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-05-06T21:36:22Z" lastmodified: "2023-09-16T20:11:37Z"
mac: ENC[AES256_GCM,data:F9XujlDa5o0N07UfA4QTjApiJQyaT/l6jVSmekwx8exLWGKfMIVs3KKt8ZIT8MmmCg1+GPYHV1MzC+OCImj1q0uYDkqG/Of5KAKYrizz2GwmVa8pSyV/b+tFdBNKxlVjH+YWwxkMltCoZNzaYJDALAfUv07Xp8mnKaXdkS7SQBQ=,iv:LAmhmXDui8gkYKjL8gk9HPRFlcKAviQ9g9prp7yDptQ=,tag:GNffyDqt+mm3umUtnTU9hw==,type:str] mac: ENC[AES256_GCM,data:jWEx88AqdNRikXYiLK6QV8QxVLMS83zN3zwxdSlVJpkGMwYF+AYI0GhKxcMUKgme4bWohFGnsrKCNTYsDphrSMtp7qDNsI+JoOkuoYZXWPkuAd06WDp0dkXcoBicyFZN1SyrboX0PisCR1aJtk6TriNRDb2bWpX6vHs4BH2NEi8=,iv:snHYIDvjb6dtzXrPz38OXvSOMl+cl/uPvYaaGxwHUOY=,tag:Nl296rph+3ij3QMkzzpYaw==,type:str]
pgp: pgp:
- created_at: "2023-05-21T00:28:40Z" - created_at: "2023-05-21T00:28:40Z"
enc: | enc: |

6
secrets/bicep/bicep.yaml
View File

@ -1,5 +1,7 @@
calendar-bot: calendar-bot:
matrix_token: ENC[AES256_GCM,data:zJv9sw6pEzb9hxKT682wsD87HC9iejbps2wl2Z5QW1XZUSBHdcqyg1pxd+jFKTeKGQ==,iv:zDbvF1H98NsECjCtGXS+Y9HIhXowzz9HF9mltqnArog=,tag:/ftcOSQ13ElkVJBxYIMUGQ==,type:str] matrix_token: ENC[AES256_GCM,data:zJv9sw6pEzb9hxKT682wsD87HC9iejbps2wl2Z5QW1XZUSBHdcqyg1pxd+jFKTeKGQ==,iv:zDbvF1H98NsECjCtGXS+Y9HIhXowzz9HF9mltqnArog=,tag:/ftcOSQ13ElkVJBxYIMUGQ==,type:str]
mysql:
password: ENC[AES256_GCM,data:KqEe0TVdeMIzPKsmFg9x0X9xWijnOk306ycyXTm2Tpqo/O0F,iv:Y+hlQ8n1ZIP9ncXBzd2kCSs/DWVTWhiEluFVwZFKRCA=,tag:xlaUk0Wftk62LpYE5pKNQw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -33,8 +35,8 @@ sops:
QmVlRnJhSk4xYWFVbGVxdlFxSDlXSGMKJvjMDaX4Aa98gT+GPjGaKKdnG67jNG3C QmVlRnJhSk4xYWFVbGVxdlFxSDlXSGMKJvjMDaX4Aa98gT+GPjGaKKdnG67jNG3C
nLsbxU4vNpFvjF4WI5vdvIQe5UGzoCYQZp3oHFnGq+Jp/hJ1HFF0GQ== nLsbxU4vNpFvjF4WI5vdvIQe5UGzoCYQZp3oHFnGq+Jp/hJ1HFF0GQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-08-27T00:13:50Z" lastmodified: "2023-09-05T23:28:56Z"
mac: ENC[AES256_GCM,data:u2TPEbDSlOR9SFVpGebiYMWKDtw3PYsljhMYB+No1YE4fXHWlGs4VjNfGZ43eiVmI9TM7f24flaAZ4tjFfjz14+kFg1kQ5VRkvanJP3h1TTAEPmZO3j28YlRiDOMZ387emDpyPox2jsIHBtQZnX+7DDw65KOWjG5uskOMHGRVEY=,iv:WpP9nYzCKzmynXvLCbbz5Aoy/cT/h8iklUZy6B00Tus=,tag:SnusNV0W6zfown4vWHIVhA==,type:str] mac: ENC[AES256_GCM,data:pCWTkmCQgBOqhejK2sCLQ3H8bRXmXlToQxYmOG0IWDo2eGiZOLuIkZ1/1grYgfxAGiD4ysJod0nJuvo+eAsMeYAy6QJVtrOqO2d9V2NEdzLckXyYvwyJyZoFbNC5EW9471V0m4jLRSh5821ckNo/wtWFR11wfO15tI3MqtD1rtA=,iv:QDnckPl0LegaH0b7V4WAtmVXaL4LN+k3uKHQI2dkW7E=,tag:mScUQBR0ZHl1pi/YztrvFg==,type:str]
pgp: pgp:
- created_at: "2023-08-27T00:12:42Z" - created_at: "2023-08-27T00:12:42Z"
enc: | enc: |

5
secrets/bicep/matrix.yaml
View File

@ -1,5 +1,4 @@
synapse: synapse:
dbconfig: ENC[AES256_GCM,data:QQefrFxpxTXlldA+a5xPm1Mx2E7oRzo4DAOGVYP8IR0zFCsqoAGqeXOPrdT9MczTn4Ur537e9RG2OQMRc8JQASRQLHG6RdNPyREiZmJDs24OyXEF+WerHJtRytF9wugt22AdZtGyk9S/RDqoXDe4CS93EtP7SqAcYWJoDE1Xic7G3g==,iv:q1Is8O5k8PZGmJC3EsftmJMNordGLxJiMg+GsnfzxTY=,tag:sbsj9T0jEr+kZJjej5S0jA==,type:str]
turnconfig: ENC[AES256_GCM,data:mASRjYa4C9WRow4x0XYRrlCE5LMJUYaId+o62r1qhsyJPa2LzrI=,iv:5vYdubvMDjLS6soiWx2DzkEAATb9NFbSS/Jhuuz1yI8=,tag:wOW07CQMDbOiZNervee/pg==,type:str] turnconfig: ENC[AES256_GCM,data:mASRjYa4C9WRow4x0XYRrlCE5LMJUYaId+o62r1qhsyJPa2LzrI=,iv:5vYdubvMDjLS6soiWx2DzkEAATb9NFbSS/Jhuuz1yI8=,tag:wOW07CQMDbOiZNervee/pg==,type:str]
user_registration: ENC[AES256_GCM,data:ZDZfEEvyw8pg0WzhrdC8747ed+ZR2ZA8/WypJd/iDkmIy2RmxOeI0sE=,iv:l61mOlvzpCql4fC/eubBSU6px21et2WcpxQ6rFl14iw=,tag:sVDEAa3xipKIi/6isCjWew==,type:str] user_registration: ENC[AES256_GCM,data:ZDZfEEvyw8pg0WzhrdC8747ed+ZR2ZA8/WypJd/iDkmIy2RmxOeI0sE=,iv:l61mOlvzpCql4fC/eubBSU6px21et2WcpxQ6rFl14iw=,tag:sVDEAa3xipKIi/6isCjWew==,type:str]
signing_key: ENC[AES256_GCM,data:6UpfiRlX9pRM7zhdm7Mc8y8EItLzugWkHSgE0tGpEmudCTa1wc60oNbYfhKDWU81DT/U148pZOoX1A==,iv:UlqCPicPm5eNBz1xBMI3A3Rn4t/GtldNIDdMH5MMnLw=,tag:HHaw6iMjEAv5b9mjHSVpwA==,type:str] signing_key: ENC[AES256_GCM,data:6UpfiRlX9pRM7zhdm7Mc8y8EItLzugWkHSgE0tGpEmudCTa1wc60oNbYfhKDWU81DT/U148pZOoX1A==,iv:UlqCPicPm5eNBz1xBMI3A3Rn4t/GtldNIDdMH5MMnLw=,tag:HHaw6iMjEAv5b9mjHSVpwA==,type:str]
@ -42,8 +41,8 @@ sops:
cGxZVnFhdXRka2drTGdkVk1iM0pFL1kK2ry7b2cLYPfntWi/BV3K2O+mHt3242Ef cGxZVnFhdXRka2drTGdkVk1iM0pFL1kK2ry7b2cLYPfntWi/BV3K2O+mHt3242Ef
sI2JLLQYHeAhxjFdCzP1RDR+Wu/pRxZje6xuTZ9I9TKNmm+LhAXHQw== sI2JLLQYHeAhxjFdCzP1RDR+Wu/pRxZje6xuTZ9I9TKNmm+LhAXHQw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2023-05-06T21:32:35Z" lastmodified: "2023-09-15T04:40:21Z"
mac: ENC[AES256_GCM,data:W0I9iLVAyWkqWw1m49cAO4eiv71hv0MMgqp/ZoPB/ImI/PijCJh3d3cSxM4HgDqhN7tPqwqegsR7pxbVNHch+VReLoOKOiXWCAmKNhZ2A5uO+RFnrmyCZ5HSbKmex4unzcX9hvkWl1X53dqiOUXu1tdbOt9M0tLxV2kfjPmqqs0=,iv:r9AHHkBZfk67w/MBpMDLjxrmo8JVpkm8Ko8MB/MHqW8=,tag:KuzAAHUbYGOtUu7sZqyXOw==,type:str] mac: ENC[AES256_GCM,data:ZJVHLbpSu/nIzl5FJfRdg2ymRN5M+zJXNUpi1hBt2MBmvK+1ed2ElhMe5x7pyasSDdaUtXDo7ghkUF7vE46Wo6Z9dvlAvhwWm7Y2AWfUe5SFVwzqlOCjSKRPFrQrL7PcDBtMj4twtwhc4XsfJoUSuigWW2m21BKtEZSuuxLRqLA=,iv:ufFbfMaNHydbkwq6lxN1dQJldkAbtqais/CZFkoDhb4=,tag:uMj0LaiU0obIlw/+HJJdKg==,type:str]
pgp: pgp:
- created_at: "2023-05-06T21:31:39Z" - created_at: "2023-05-06T21:31:39Z"
enc: | enc: |

12
users/amalieem.nix Normal file
View File

@ -0,0 +1,12 @@
{pkgs, ...}:
{
users.users.amalieem = {
isNormalUser = true;
extraGroups = [ "wheel" ];
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsMtFIj4Dem/onwMoWYbosOcU4y7A5nTjVwqWaU33E1 amalieem@matey-aug22"
];
};
}

11
values.nix
View File

@ -3,6 +3,9 @@ let
pvv-ipv4 = suffix: "129.241.210.${toString suffix}"; pvv-ipv4 = suffix: "129.241.210.${toString suffix}";
pvv-ipv6 = suffix: "2001:700:300:1900::${toString suffix}"; pvv-ipv6 = suffix: "2001:700:300:1900::${toString suffix}";
in rec { in rec {
ipv4-space = pvv-ipv4 "128/25";
ipv6-space = pvv-ipv4 "/64";
services = { services = {
matrix = { matrix = {
inherit (hosts.bicep) ipv4 ipv6; inherit (hosts.bicep) ipv4 ipv6;
@ -34,6 +37,14 @@ in rec {
ipv4 = pvv-ipv4 209; ipv4 = pvv-ipv4 209;
ipv6 = pvv-ipv6 209; ipv6 = pvv-ipv6 209;
}; };
shark = {
ipv4 = pvv-ipv4 196;
ipv6 = pvv-ipv6 196;
};
brzeczyszczykiewicz = {
ipv4 = pvv-ipv4 205;
ipv6 = pvv-ipv6 "1:50"; # Wtf peder why
};
}; };
defaultNetworkConfig = { defaultNetworkConfig = {