Drift/pvv-nixos-config
17
5
Fork 1
Code Issues Pull Requests 11 Actions Wiki Activity

Compare commits

base: Drift:gitea-navbar-get-started
Branches Tags
Drift:main Drift:gitea-vaskepersonalet Drift:errorpages Drift:create-flake-input-exporter Drift:minecraft-heatmap Drift:fix-import-gitea-users-script Drift:gitea-runners-secrets Drift:gitea-runners-cluster Drift:25.05 Drift:new_nodes Drift:ooye Drift:grg-ip Drift:nom Drift:add-skrott Drift:pvvvvv Drift:setup-git-mirroring-on-bicep Drift:init-bakke Drift:gitea-show-license-in-list-view Drift:nix-topology Drift:gitea-robots-txt Drift:dagali-heimdal-openldap-sasl-stack Drift:gitea-navbar-get-started Drift:backup-databases Drift:openwebui Drift:setup-openvpn-tunnel Drift:gitea-gpg-signing Drift:sleipner-authorised-keys Drift:openstack-image-builder Drift:elysium Drift:smartd-notifs Drift:systemd-journald-remote Drift:skrot Drift:deploy-doorbell Drift:misc-gitea-fixes Drift:spotifyd Drift:remote Drift:setup-bikkje-login Drift:ozai-prod Drift:add-bluemap Drift:ozai Drift:setup-postfix-for-service-machines Drift:fix-gitea-ci-runner-network-issues Drift:heimdal-openldap-sasl-testing-on-salsa-on-buskerud Drift:gitea-metrics Drift:misc1 Drift:add-simple-saml-theme Drift:misc-extra-gitea-setup Drift:setup-kerberos Drift:setup-home-areas Drift:shark-kanidm Drift:prometheusexim
..
compare: Drift:nix-topology
Branches Tags
Drift:gitea-vaskepersonalet Drift:errorpages Drift:main Drift:create-flake-input-exporter Drift:minecraft-heatmap Drift:fix-import-gitea-users-script Drift:gitea-runners-secrets Drift:gitea-runners-cluster Drift:25.05 Drift:new_nodes Drift:ooye Drift:grg-ip Drift:nom Drift:add-skrott Drift:pvvvvv Drift:setup-git-mirroring-on-bicep Drift:init-bakke Drift:gitea-show-license-in-list-view Drift:nix-topology Drift:gitea-robots-txt Drift:dagali-heimdal-openldap-sasl-stack Drift:gitea-navbar-get-started Drift:backup-databases Drift:openwebui Drift:setup-openvpn-tunnel Drift:gitea-gpg-signing Drift:sleipner-authorised-keys Drift:openstack-image-builder Drift:elysium Drift:smartd-notifs Drift:systemd-journald-remote Drift:skrot Drift:deploy-doorbell Drift:misc-gitea-fixes Drift:spotifyd Drift:remote Drift:setup-bikkje-login Drift:ozai-prod Drift:add-bluemap Drift:ozai Drift:setup-postfix-for-service-machines Drift:fix-gitea-ci-runner-network-issues Drift:heimdal-openldap-sasl-testing-on-salsa-on-buskerud Drift:gitea-metrics Drift:misc1 Drift:add-simple-saml-theme Drift:misc-extra-gitea-setup Drift:setup-kerberos Drift:setup-home-areas Drift:shark-kanidm Drift:prometheusexim

21 Commits
gitea-navb ... nix-topolo

Author SHA1 Message Date
Daniel Olsen
b20119ff8d buskerud no longer nix rip
Some checks failed
Eval nix flake / evals (pull_request) Has been cancelled
Details
Eval nix flake / evals (push) Has been cancelled
Details
2025-03-15 23:16:10 +01:00
Daniel Olsen
9ad30e9921 fix branches somehow wtf 2025-03-15 22:41:09 +01:00
Daniel Olsen
9a81d570bb topology: init with placeholder values 2025-03-15 22:33:25 +01:00
h7x4
c8bf3b7c01 modules/robots-txt: init 2025-03-15 14:58:30 +01:00
h7x4
069da36895 shell.nix: replace shellHook with env 2025-03-15 03:09:26 +01:00
h7x4
83f83a91b7 flake.{nix,lock}: bump inputs 2025-03-15 02:23:16 +01:00
h7x4
6372a4111e common/userdbd: init 2025-03-15 01:47:10 +01:00
h7x4
bdfb7384c2 common/userborn: init 2025-03-15 01:46:52 +01:00
h7x4
ace351c0a7 misc/builder: add binfmt systems 2025-03-15 01:23:15 +01:00
h7x4
cd5c2c0e01 misc/builder: set cpu sched policy batch 2025-03-15 01:21:57 +01:00
h7x4
2be9eb16fe base/nix: defer store optimization 2025-03-15 01:20:34 +01:00
h7x4
64bd33a213 base: enable fwupd 2025-03-15 01:19:59 +01:00
h7x4
7b5e114944 base: use dbus-broker as dbus implementation 2025-03-15 01:19:33 +01:00
h7x4
ee8965e18c base: use latest kernel by default 2025-03-15 01:18:28 +01:00
h7x4
7125fd2478 flake.lock: bump pvv-nettsiden
Some checks failed
Eval nix flake / evals (push) Has been cancelled
Details
2025-03-12 02:39:46 +01:00
h7x4
0c1762619a bekkalokk/gitea: use unstable package (1.23)
Some checks failed
Eval nix flake / evals (push) Has been cancelled
Details
2025-03-12 02:13:13 +01:00
Øystein Tveit
84d1ae13c0 flake.lock: bump pvv-nettsiden
Some checks are pending
Eval nix flake / evals (push) Waiting to run
Details
2025-03-12 00:51:10 +01:00
h7x4
a3c88b7869 bekkalokk/gitea: take a dump
Some checks failed
Eval nix flake / evals (push) Has been cancelled
Details
2025-03-10 20:06:29 +01:00
h7x4
4aa994e7a3 bekkalokk/gitea: rename gitea customization service to have gitea prefix
Some checks failed
Eval nix flake / evals (push) Has been cancelled
Details
2025-03-10 19:59:16 +01:00
h7x4
fc64139739 bekkalokk/gitea: bigger icons 2025-03-10 19:58:53 +01:00
h7x4
75b0c00212 bekkalokk/gitea: move customization to different file 2025-03-10 18:01:31 +01:00
14 changed files with 542 additions and 85 deletions
Expand all files Collapse all files

7
base/default.nix
View File

@@ -10,6 +10,8 @@
./services/acme.nix
./services/auto-upgrade.nix
./services/dbus.nix
./services/fwupd.nix
./services/irqbalance.nix
./services/logrotate.nix
./services/nginx.nix
@@ -17,9 +19,12 @@
./services/postfix.nix
./services/smartd.nix
./services/thermald.nix
./services/userborn.nix
./services/userdbd.nix
];
boot.tmp.cleanOnBoot = lib.mkDefault true;
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
time.timeZone = "Europe/Oslo";
@@ -47,6 +52,8 @@
programs.zsh.enable = true;
security.lockKernelModules = true;
security.protectKernelImage = true;
security.sudo.execWheelOnly = true;
security.sudo.extraConfig = ''
Defaults lecture = never

2
base/nix.nix
View File

@@ -5,10 +5,10 @@
automatic = true;
options = "--delete-older-than 2d";
};
optimise.automatic = true;
settings = {
allow-dirty = true;
auto-optimise-store = true;
builders-use-substitutes = true;
experimental-features = [ "nix-command" "flakes" ];
log-lines = 50;

7
base/services/dbus.nix Normal file
View File

@@ -0,0 +1,7 @@
{ ... }:
{
services.dbus = {
enable = true;
implementation = "broker";
};
}

4
base/services/fwupd.nix Normal file
View File

@@ -0,0 +1,4 @@
{ ... }:
{
services.fwupd.enable = true;
}

4
base/services/userborn.nix Normal file
View File

@@ -0,0 +1,4 @@
{ ... }:
{
services.userborn.enable = true;
}

4
base/services/userdbd.nix Normal file
View File

@@ -0,0 +1,4 @@
{ ... }:
{
services.userdbd.enable = true;
}

206
flake.lock generated
View File

@@ -1,5 +1,26 @@
{
"nodes": {
"devshell": {
"inputs": {
"nixpkgs": [
"nix-topology",
"nixpkgs"
]
},
"locked": {
"lastModified": 1728330715,
"narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
"owner": "numtide",
"repo": "devshell",
"rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"disko": {
"inputs": {
"nixpkgs": [
@@ -7,11 +28,11 @@
]
},
"locked": {
"lastModified": 1740485968,
"narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=",
"lastModified": 1741786315,
"narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=",
"owner": "nix-community",
"repo": "disko",
"rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940",
"rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de",
"type": "github"
},
"original": {
@@ -20,6 +41,40 @@
"type": "github"
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gergle": {
"inputs": {
"nixpkgs": [
@@ -29,17 +84,40 @@
"locked": {
"lastModified": 1736621371,
"narHash": "sha256-45UIQSQA7R5iU4YWvilo7mQbhY1Liql9bHBvYa3qRI0=",
"ref": "refs/heads/main",
"ref": "main",
"rev": "3729796c1213fe76e568ac28f1df8de4e596950b",
"revCount": 20,
"type": "git",
"url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"nix-topology",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"greg-ng": {
"inputs": {
"nixpkgs": [
@@ -50,13 +128,14 @@
"locked": {
"lastModified": 1736545379,
"narHash": "sha256-PeTTmGumdOX3rd6OKI7QMCrZovCDkrckZbcHr+znxWA=",
"ref": "refs/heads/main",
"ref": "main",
"rev": "74f5316121776db2769385927ec0d0c2cc2b23e4",
"revCount": 42,
"type": "git",
"url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git"
}
@@ -70,7 +149,7 @@
"locked": {
"lastModified": 1736178795,
"narHash": "sha256-mPdi8cgvIDYcgG3FRG7A4BOIMu2Jef96TPMnV00uXlM=",
"ref": "refs/heads/master",
"ref": "master",
"rev": "fde738910de1fd8293535a6382c2f0c2749dd7c1",
"revCount": 79,
"type": "git",
@@ -88,16 +167,16 @@
]
},
"locked": {
"lastModified": 1727410897,
"narHash": "sha256-tWsyxvf421ieWUJYgjV7m1eTdr2ZkO3vId7vmtvfFpQ=",
"lastModified": 1735857245,
"narHash": "sha256-AKLLPrgXTxgzll3DqVUMa4QlPlRN3QceutgFBmEf8Nk=",
"owner": "dali99",
"repo": "nixos-matrix-modules",
"rev": "ff787d410cba17882cd7b6e2e22cc88d4064193c",
"rev": "da9dc0479ffe22362793c87dc089035facf6ec4d",
"type": "github"
},
"original": {
"owner": "dali99",
"ref": "v0.6.1",
"ref": "0.7.0",
"repo": "nixos-matrix-modules",
"type": "github"
}
@@ -106,15 +185,15 @@
"locked": {
"lastModified": 1725277886,
"narHash": "sha256-Fw4VbbE3EfypQWSgPDFfvVH47BHeg3ptsO715NlUM8Q=",
"ref": "refs/heads/master",
"ref": "master",
"rev": "1b4087bd3322a2e2ba84271c8fcc013e6b641a58",
"revCount": 2,
"type": "git",
"url": "https://git.pvv.ntnu.no/Drift/minecraft-data.git"
"url": "https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git"
},
"original": {
"type": "git",
"url": "https://git.pvv.ntnu.no/Drift/minecraft-data.git"
"url": "https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git"
}
},
"nix-gitea-themes": {
@@ -126,24 +205,48 @@
"locked": {
"lastModified": 1736531400,
"narHash": "sha256-+X/HVI1AwoPcud28wI35XRrc1kDgkYdDUGABJBAkxDI=",
"ref": "refs/heads/main",
"ref": "main",
"rev": "e4dafd06b3d7e9e6e07617766e9c3743134571b7",
"revCount": 7,
"type": "git",
"url": "https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git"
}
},
"nix-topology": {
"inputs": {
"devshell": "devshell",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1738246091,
"narHash": "sha256-2+KkZsRO+XlOFbXbRgMZbRtlqn5MBNYj4HNmZ/2Tojg=",
"owner": "oddlama",
"repo": "nix-topology",
"rev": "5526269fa3eedf4f4bc00c0bf7a03db31d24b029",
"type": "github"
},
"original": {
"owner": "oddlama",
"repo": "nix-topology",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1740782485,
"narHash": "sha256-GkDJDqHYlPKZFdyxzZHtljxNRsosKB1GCrblqlvLFgo=",
"lastModified": 1741969460,
"narHash": "sha256-SCNxTTBfMJV7XuTcLUfdAd6cgCGsazzi+DoPrceQrZ0=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dd5c2540983641bbaabdfc665931592d4c9989e8",
"rev": "68612419aa6c9fd5b178b81e6fabbdf46d300ea4",
"type": "github"
},
"original": {
@@ -155,11 +258,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1740848276,
"narHash": "sha256-bYeI3FEs824X+MJYksKboNlmglehzplqzn+XvcojWMc=",
"lastModified": 1742051767,
"narHash": "sha256-JpyjnalnIqJ7cvP8HzaoJN9/i2bDx83dToodHHjGuNg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e9b0ff70ddc61c42548501b0fafb86bb49cca858",
"rev": "ec886d10b507760c90ed01e2eac7f0679d0a47ae",
"type": "github"
},
"original": {
@@ -169,6 +272,33 @@
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"nix-topology",
"nixpkgs"
],
"nixpkgs-stable": [
"nix-topology",
"nixpkgs"
]
},
"locked": {
"lastModified": 1730797577,
"narHash": "sha256-SrID5yVpyUfknUTGWgYkTyvdr9J1LxUym4om3SVGPkg=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "1864030ed24a2b8b4e4d386a5eeaf0c5369e50a9",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"pvv-calendar-bot": {
"inputs": {
"nixpkgs": [
@@ -178,13 +308,14 @@
"locked": {
"lastModified": 1723850344,
"narHash": "sha256-aT37O9l9eclWEnqxASVNBL1dKwDHZUOqdbA4VO9DJvw=",
"ref": "refs/heads/main",
"ref": "main",
"rev": "38b66677ab8c01aee10cd59e745af9ce3ea88092",
"revCount": 19,
"type": "git",
"url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git"
}
@@ -196,15 +327,16 @@
]
},
"locked": {
"lastModified": 1737151758,
"narHash": "sha256-yZBsefIarFUEhFRj+rCGMp9Zvag3MCafqV/JfGVRVwc=",
"ref": "refs/heads/master",
"rev": "a4ebe6ded0c8c124561a41cb329ff30891914b5e",
"revCount": 475,
"lastModified": 1741738148,
"narHash": "sha256-cJo6nbcJEOjkazkZ194NDnlsZe0W0wpxeUh2/886uC8=",
"ref": "main",
"rev": "c1802e7cf27c7cf8b4890354c982a4eef5b11593",
"revCount": 486,
"type": "git",
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
}
@@ -218,6 +350,7 @@
"matrix-next": "matrix-next",
"minecraft-data": "minecraft-data",
"nix-gitea-themes": "nix-gitea-themes",
"nix-topology": "nix-topology",
"nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable",
"pvv-calendar-bot": "pvv-calendar-bot",
@@ -253,11 +386,11 @@
]
},
"locked": {
"lastModified": 1739262228,
"narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
"lastModified": 1741861888,
"narHash": "sha256-ynOgXAyToeE1UdLNfrUn/hL7MN0OpIS2BtNdLjpjPf0=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
"rev": "d016ce0365b87d848a57c12ffcfdc71da7a2b55f",
"type": "github"
},
"original": {
@@ -265,6 +398,21 @@
"repo": "sops-nix",
"type": "github"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
}
},
"root": "root",

32
flake.nix
View File

@@ -11,26 +11,29 @@
disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs";
pvv-nettsiden.url = "git+https://git.pvv.ntnu.no/Projects/nettsiden.git";
nix-topology.url = "github:oddlama/nix-topology";
nix-topology.inputs.nixpkgs.follows = "nixpkgs";
pvv-nettsiden.url = "git+https://git.pvv.ntnu.no/Projects/nettsiden.git?ref=main";
pvv-nettsiden.inputs.nixpkgs.follows = "nixpkgs";
pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git";
pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git?ref=main";
pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
matrix-next.url = "github:dali99/nixos-matrix-modules/v0.6.1";
matrix-next.url = "github:dali99/nixos-matrix-modules/0.7.0";
matrix-next.inputs.nixpkgs.follows = "nixpkgs";
nix-gitea-themes.url = "git+https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git";
nix-gitea-themes.url = "git+https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git?ref=main";
nix-gitea-themes.inputs.nixpkgs.follows = "nixpkgs";
greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git";
greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git?ref=main";
greg-ng.inputs.nixpkgs.follows = "nixpkgs";
gergle.url = "git+https://git.pvv.ntnu.no/Grzegorz/gergle.git";
gergle.url = "git+https://git.pvv.ntnu.no/Grzegorz/gergle.git?ref=main";
gergle.inputs.nixpkgs.follows = "nixpkgs";
grzegorz-clients.url = "git+https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git";
grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";
minecraft-data.url = "git+https://git.pvv.ntnu.no/Drift/minecraft-data.git";
minecraft-data.url = "git+https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git";
};
outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, disko, ... }@inputs:
@@ -67,6 +70,7 @@
modules = [
./hosts/${name}/configuration.nix
sops-nix.nixosModules.sops
inputs.nix-topology.nixosModules.default
] ++ config.modules or [];
pkgs = import nixpkgs {
@@ -150,6 +154,7 @@
nixosModules = {
snakeoil-certs = ./modules/snakeoil-certs.nix;
snappymail = ./modules/snappymail.nix;
robots-txt = ./modules/robots-txt.nix;
};
devShells = forAllSystems (system: {
@@ -177,5 +182,18 @@
// lib.genAttrs allMachines
(machine: self.nixosConfigurations.${machine}.config.system.build.toplevel);
};
topology.x86_64-linux = import inputs.nix-topology {
pkgs = import nixpkgs {
system = "x86_64-linux";
overlays = [inputs.nix-topology.overlays.default];
}; # Only this package set must include nix-topology.overlays.default
modules = [
# Your own file to define global topology. Works in principle like a nixos module but uses different options.
./topology.nix
# Inline module to inform topology of your existing NixOS hosts.
{ nixosConfigurations = self.nixosConfigurations; }
];
};
};
}

52
hosts/bekkalokk/services/gitea/customization.nix Normal file
View File

@@ -0,0 +1,52 @@
{ config, pkgs, lib, fp, ... }:
let
cfg = config.services.gitea;
in
{
services.gitea-themes.monokai = pkgs.gitea-theme-monokai;
systemd.services.gitea-customization = lib.mkIf cfg.enable {
description = "Install extra customization in gitea's CUSTOM_DIR";
wantedBy = [ "gitea.service" ];
requiredBy = [ "gitea.service" ];
serviceConfig = {
Type = "oneshot";
User = cfg.user;
Group = cfg.group;
};
script = let
logo-svg = fp /assets/logo_blue_regular.svg;
logo-png = fp /assets/logo_blue_regular.png;
extraLinks = pkgs.writeText "gitea-extra-links.tmpl" ''
<a class="item" href="https://www.pvv.ntnu.no/">PVV</a>
<a class="item" href="https://wiki.pvv.ntnu.no/">Wiki</a>
<a class="item" href="https://git.pvv.ntnu.no/Drift/-/projects/4">Tokyo Drift Issues</a>
'';
project-labels = (pkgs.formats.yaml { }).generate "gitea-project-labels.yaml" {
labels = lib.importJSON ./labels/projects.json;
};
customTemplates = pkgs.runCommandLocal "gitea-templates" {
nativeBuildInputs = with pkgs; [
coreutils
gnused
];
} ''
# Bigger icons
install -Dm444 "${cfg.package.src}/templates/repo/icon.tmpl" "$out/repo/icon.tmpl"
sed -i -e 's/24/48/g' "$out/repo/icon.tmpl"
'';
in ''
install -Dm444 ${logo-svg} ${cfg.customDir}/public/assets/img/logo.svg
install -Dm444 ${logo-png} ${cfg.customDir}/public/assets/img/logo.png
install -Dm444 ${./loading.apng} ${cfg.customDir}/public/assets/img/loading.png
install -Dm444 ${extraLinks} ${cfg.customDir}/templates/custom/extra_links.tmpl
install -Dm444 ${project-labels} ${cfg.customDir}/options/label/project-labels.yaml
"${lib.getExe pkgs.rsync}" -a "${customTemplates}/" ${cfg.customDir}/templates/
'';
};
}

47
hosts/bekkalokk/services/gitea/default.nix
View File

@@ -1,10 +1,11 @@
{ config, values, fp, pkgs, lib, ... }:
{ config, values, lib, unstablePkgs, ... }:
let
cfg = config.services.gitea;
domain = "git.pvv.ntnu.no";
sshPort = 2222;
in {
imports = [
./customization.nix
./gpg.nix
./import-users
./web-secret-provider
@@ -25,6 +26,8 @@ in {
enable = true;
appName = "PVV Git";
package = unstablePkgs.gitea;
database = {
type = "postgres";
host = "postgres.pvv.ntnu.no";
@@ -130,6 +133,11 @@ in {
};
"ui.meta".DESCRIPTION = "Bokstavelig talt programvareverkstedet";
};
dump = {
enable = true;
type = "tar.gz";
};
};
environment.systemPackages = [ cfg.package ];
@@ -156,41 +164,4 @@ in {
};
networking.firewall.allowedTCPPorts = [ sshPort ];
# Extra customization
services.gitea-themes.monokai = pkgs.gitea-theme-monokai;
systemd.services.install-gitea-customization = {
description = "Install extra customization in gitea's CUSTOM_DIR";
wantedBy = [ "gitea.service" ];
requiredBy = [ "gitea.service" ];
serviceConfig = {
Type = "oneshot";
User = cfg.user;
Group = cfg.group;
};
script = let
logo-svg = fp /assets/logo_blue_regular.svg;
logo-png = fp /assets/logo_blue_regular.png;
extraLinks = pkgs.writeText "gitea-extra-links.tmpl" ''
<a class="item" href="https://www.pvv.ntnu.no/">PVV</a>
<a class="item" href="https://wiki.pvv.ntnu.no/">Wiki</a>
<a class="item" href="https://git.pvv.ntnu.no/Drift/-/projects/4">Tokyo Drift Issues</a>
<a class="item" href="https://wiki.pvv.ntnu.no/wiki/Tjenester/Kodelager">Howto</a>
'';
project-labels = (pkgs.formats.yaml { }).generate "gitea-project-labels.yaml" {
labels = lib.importJSON ./labels/projects.json;
};
in ''
install -Dm444 ${logo-svg} ${cfg.customDir}/public/assets/img/logo.svg
install -Dm444 ${logo-png} ${cfg.customDir}/public/assets/img/logo.png
install -Dm444 ${./loading.apng} ${cfg.customDir}/public/assets/img/loading.png
install -Dm444 ${extraLinks} ${cfg.customDir}/templates/custom/extra_links.tmpl
install -Dm444 ${project-labels} ${cfg.customDir}/options/label/project-labels.yaml
'';
};
}

6
misc/builder.nix
View File

@@ -2,4 +2,10 @@
{
nix.settings.trusted-users = [ "@nix-builder-users" ];
nix.daemonCPUSchedPolicy = "batch";
boot.binfmt.emulatedSystems = [
"aarch64-linux"
"armv7l-linux"
];
}

116
modules/robots-txt.nix Normal file
View File

@@ -0,0 +1,116 @@
{ config, pkgs, lib, ... }:
let
cfg = config.environment.robots-txt;
robots-txt-format = {
type = let
coercedStrToNonEmptyListOfStr = lib.types.coercedTo lib.types.str lib.singleton (lib.types.nonEmptyListOf lib.types.str);
in lib.types.listOf (lib.types.submodule {
freeformType = lib.types.attrsOf coercedStrToNonEmptyListOfStr;
options = {
pre_comment = lib.mkOption {
description = "Comment to add before the rule";
type = lib.types.lines;
default = "";
};
post_comment = lib.mkOption {
description = "Comment to add after the rule";
type = lib.types.lines;
default = "";
};
};
});
generate = name: value: let
makeComment = comment: lib.pipe comment [
(lib.splitString "\n")
(lib.map (line: if line == "" then "#" else "# ${line}"))
(lib.concatStringsSep "\n")
];
ruleToString = rule: let
user_agent = rule.User-agent or [];
pre_comment = rule.pre_comment;
post_comment = rule.post_comment;
rest = builtins.removeAttrs rule [ "User-agent" "pre_comment" "post_comment" ];
in lib.concatStringsSep "\n" (lib.filter (x: x != null) [
(if (pre_comment != "") then makeComment pre_comment else null)
(let
user-agents = lib.concatMapStringsSep "\n" (value: "User-agent: ${value}") user_agent;
in
if user_agent == [] then null else user-agents
)
(lib.pipe rest [
(lib.mapAttrsToList (ruleName: map (value: "${ruleName}: ${value}")))
lib.concatLists
(lib.concatStringsSep "\n")
])
(if (post_comment != "") then makeComment post_comment else null)
]);
content = lib.concatMapStringsSep "\n\n" ruleToString value;
in pkgs.writeText name content;
};
in
{
options.environment.robots-txt = lib.mkOption {
default = { };
description = ''
Different instances of robots.txt to use with web services.
'';
type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
options = {
enable = lib.mkEnableOption "this instance of robots.txt" // {
default = true;
};
path = lib.mkOption {
description = "The resulting path of the dir containing the robots.txt file";
type = lib.types.path;
readOnly = true;
default = "/etc/robots-txt/${name}";
};
rules = lib.mkOption {
description = "Rules to include in robots.txt";
default = [ ];
example = [
{ User-agent = "Googlebot"; Disallow = "/no-googlebot"; }
{ User-agent = "Bingbot"; Disallow = [ "/no-bingbot" "/no-bingbot2" ]; }
];
type = robots-txt-format.type;
};
virtualHost = lib.mkOption {
description = "An nginx virtual host to add the robots.txt to";
type = lib.types.nullOr lib.types.str;
default = null;
};
};
}));
};
config = {
environment.etc = lib.mapAttrs' (name: value: {
name = "robots-txt/${name}/robots.txt";
value.source = robots-txt-format.generate name value.rules;
}) cfg;
services.nginx.virtualHosts = lib.pipe cfg [
(lib.filterAttrs (_: value: value.virtualHost != null))
(lib.mapAttrs' (name: value: {
name = value.virtualHost;
value = {
locations = {
"= /robots.txt" = {
extraConfig = ''
add_header Content-Type text/plain;
'';
root = cfg.${name}.path;
};
};
};
}))
];
};
}

20
shell.nix
View File

@@ -11,14 +11,14 @@ pkgs.mkShellNoCC {
editorconfig-checker
];
shellHook = ''
export OS_AUTH_URL=https://api.stack.it.ntnu.no:5000
export OS_PROJECT_ID=b78432a088954cdc850976db13cfd61c
export OS_PROJECT_NAME="STUDORG_Programvareverkstedet"
export OS_USER_DOMAIN_NAME="NTNU"
export OS_PROJECT_DOMAIN_ID="d3f99bcdaf974685ad0c74c2e5d259db"
export OS_REGION_NAME="NTNU-IT"
export OS_INTERFACE=public
export OS_IDENTITY_API_VERSION=3
'';
env = {
OS_AUTH_URL = "https://api.stack.it.ntnu.no:5000";
OS_PROJECT_ID = "b78432a088954cdc850976db13cfd61c";
OS_PROJECT_NAME = "STUDORG_Programvareverkstedet";
OS_USER_DOMAIN_NAME = "NTNU";
OS_PROJECT_DOMAIN_ID = "d3f99bcdaf974685ad0c74c2e5d259db";
OS_REGION_NAME = "NTNU-IT";
OS_INTERFACE = "public";
OS_IDENTITY_API_VERSION = "3";
};
}

120
topology.nix Normal file
View File

@@ -0,0 +1,120 @@
{ config, ... }:
let
inherit
(config.lib.topology)
mkInternet
mkRouter
mkSwitch
mkDevice
mkConnection
mkConnectionRev;
values = import ./values.nix;
in {
### Networks
networks.pvv = {
name = "PVV Network";
cidrv4 = values.ipv4-space;
cidrv6 = values.ipv6-space;
};
networks.site-vpn = {
name = "OpenVPN Site to Site";
style = {
primaryColor = "#9dd68d";
secondaryColor = null;
pattern = "dashed";
};
};
networks.ntnu = {
name = "NTNU";
};
nodes.internet = mkInternet {
connections = mkConnection "ntnu" "wan1";
};
nodes.ntnu = mkRouter "NTNU" {
interfaceGroups = [ ["wan1"] ["eth1" "eth2" "eth3"] ];
connections.eth1 = mkConnection "ntnu-pvv-router" "wan1";
connections.eth2 = mkConnection "ntnu-veggen" "wan1";
connections.eth3 = mkConnection "stackit" "*";
interfaces.eth1.network = "ntnu";
};
### Brus
nodes.ntnu-pvv-router = mkRouter "NTNU PVV Gateway" {
interfaceGroups = [ ["wan1"] ["eth1"] ];
connections.eth1 = mkConnection "brus-switch" "eth1";
interfaces.eth1.network = "pvv";
};
nodes.brus-switch = mkSwitch "Brus Switch" {
interfaceGroups = [ ["eth1" "eth2" "eth3" "eth4" "eth5" "eth6" "eth7"] ];
connections.eth2 = mkConnection "bekkalokk" "enp2s0";
connections.eth3 = mkConnection "bicep" "enp6s0f0";
# connections.eth4 = mkConnection "buskerud" "enp3s0f0";
connections.eth5 = mkConnection "knutsen" "eth1";
connections.eth7 = mkConnection "joshua" "eth1";
};
nodes.knutsen = mkRouter "knutsen" {
interfaceGroups = [ ["eth1"] ["eth2"] ["vpn1"] ];
connections.eth2 = mkConnectionRev "brus-switch" "eth6";
# connections.vpn1 = mkConnection "ludvigsen" "vpn1";
interfaces.vpn1.network = "site-vpn";
interfaces.vpn1.virtual = true;
};
nodes.joshua = mkDevice "joshua" {
interfaceGroups = [ ["eth1"] ];
};
nodes.shark = {
guestType = "proxmox";
parent = config.nodes.joshua.id;
};
### PVV
nodes.ntnu-veggen = mkRouter "NTNU-Veggen" {
interfaceGroups = [ ["wan1"] ["eth1"] ];
connections.eth1 = mkConnection "ludvigsen" "eth1";
};
nodes.ludvigsen = mkRouter "ludvigsen" {
interfaceGroups = [ ["eth1"] ["eth2"] ["vpn1"] ];
connections.eth2 = mkConnection "pvv-switch" "eth1";
interfaces.vpn1.network = "site-vpn";
interfaces.vpn1.virtual = true;
interfaces.eth1.network = "ntnu";
interfaces.eth2.network = "pvv";
};
nodes.pvv-switch = mkSwitch "PVV Switch (Terminalrommet)" {
interfaceGroups = [ ["eth1" "eth2" "eth3"] ];
connections.eth2 = mkConnection "brzeczyszczykiewicz" "eno1";
connections.eth3 = mkConnection "georg" "eno1";
};
### Openstack
nodes.stackit = mkDevice "stackit" {
interfaceGroups = [ ["*"] ];
};
nodes.ildkule = {
guestType = "openstack";
parent = config.nodes.stackit.id;
};
nodes.bob = {
guestType = "openstack";
parent = config.nodes.stackit.id;
};
}