base: create flake input exporter

base/flake-input-exporter.nix

@@ -3,7 +3,6 @@
   inputs,
   lib,
   pkgs,
-  values,
   ...
 }:
 let
@@ -16,40 +15,26 @@ let
   );
   folder = pkgs.writeTextDir "share/flake-inputs" (
     lib.concatMapStringsSep "\n" (
-      { name, value }: ''nixos_last_modified_input{flake="${name}"} ${toString value.lastModified}''
+      { name, value }:
+      "nixos_last_modified_input{flake=${name},host=${config.networking.hostName}} ${toString value.lastModified}"
     ) (lib.attrsToList data)
   );
-  port = 9102;
 in
 {
-  services.nginx.virtualHosts."${config.networking.fqdn}-nixos-metrics" = {
+  services.nginx.virtualHosts."${config.networking.fqdn}" = {
-    serverName = config.networking.fqdn;
+    forceSSL = true;
+    enableACME = true;
+    kTLS = true;
     serverAliases = [
       "${config.networking.hostName}.pvv.org"
     ];
     locations."/metrics" = {
       root = "${folder}/share";
-      tryFiles = "/flake-inputs =404";
-      extraConfig = ''
-        default_type text/plain;
-      '';
     };
-    listen = [
-      {
-        inherit port;
-        addr = "0.0.0.0";
-      }
-    ];
     extraConfig = ''
-      allow ${values.hosts.ildkule.ipv4}/32;
-      allow ${values.hosts.ildkule.ipv6}/128;
-      allow 127.0.0.1/32;
-      allow ::1/128;
       allow 129.241.210.128/25;
       allow 2001:700:300:1900::/64;
       deny all;
     '';
   };
-
-  networking.firewall.allowedTCPPorts = [ port ];
 }

flake.lock

@@ -48,11 +48,11 @@
         "rust-overlay": "rust-overlay"
       },
       "locked": {
-        "lastModified": 1758919016,
+        "lastModified": 1758386174,
-        "narHash": "sha256-TSJMOWq9dO7P1iQB4httzWwAtpM1veacLcaS7FAyTpo=",
+        "narHash": "sha256-iNDxHSDdb/LlqDbqP9BcZd1QEmks4iYiyN34UhUizZ8=",
         "ref": "refs/heads/main",
-        "rev": "c87263b784954d20485d108e70934c9316935d75",
+        "rev": "a21fdfe56743afc7de1fb14597711fbd97ddef76",
-        "revCount": 51,
+        "revCount": 50,
         "type": "git",
         "url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git"
       },
@@ -159,11 +159,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1760254360,
+        "lastModified": 1758363343,
-        "narHash": "sha256-Npp92Joy2bRyickrrVP9+85z31aGS8kVNiLlKvd5pC4=",
+        "narHash": "sha256-TWem5ajoX0vD7j1v/cg3XU7GHWW10HRUQbZL++QNXLk=",
-        "rev": "bafe987a29b8bea2edbb3aba76b51464b3d222f0",
+        "rev": "b2a3852bd078e68dd2b3dfa8c00c67af1f0a7d20",
         "type": "tarball",
-        "url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.811161.bafe987a29b8/nixexprs.tar.xz"
+        "url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.810175.b2a3852bd078/nixexprs.tar.xz"
       },
       "original": {
         "type": "tarball",
@@ -172,11 +172,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1760252326,
+        "lastModified": 1758361324,
-        "narHash": "sha256-5v32B25kSE++E+KtP4DO687r/AlWL9qOlOjtYyfcDSw=",
+        "narHash": "sha256-uCqhgJlmxP3UmyCNZ21ucc5Ic0I2le3rA7+Q61UH1YA=",
-        "rev": "66e5020bfe0af40ffa127426f8405edbdadbb40b",
+        "rev": "0f3383ef02bc092d2f82afa4e556743c6e6b74d6",
         "type": "tarball",
-        "url": "https://releases.nixos.org/nixos/unstable-small/nixos-25.11pre876242.66e5020bfe0a/nixexprs.tar.xz"
+        "url": "https://releases.nixos.org/nixos/unstable-small/nixos-25.11pre864278.0f3383ef02bc/nixexprs.tar.xz"
       },
       "original": {
         "type": "tarball",
@@ -268,11 +268,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1760240450,
+        "lastModified": 1758007585,
-        "narHash": "sha256-sa9bS9jSyc4vH0jSWrUsPGdqtMvDwmkLg971ntWOo2U=",
+        "narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "41fd1f7570c89f645ee0ada0be4e2d3c4b169549",
+        "rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139",
         "type": "github"
       },
       "original": {

hosts/bicep/services/matrix/hookshot/default.nix

@@ -77,14 +77,14 @@ in
         outbound = true;
         urlPrefix = "https://hookshot.pvv.ntnu.no/webhook/";
         userIdPrefix = "_webhooks_";
-        allowJsTransformationFunctions = true;
+        allowJsTransformationFunctions = false;
         waitForComplete = false;
       };
       feeds = {
         enabled = true;
         pollIntervalSeconds = 600;
       };
-
+      
       serviceBots = [
         { localpart = "bot_feeds";
           displayname = "Aya";
@@ -94,11 +94,6 @@ in
         }
       ];
 
-      widgets = {
-        roomSetupWidget.addOnInvite = false;
-        publicUrl = "https://hookshot.pvv.ntnu.no/widgetapi/v1/static";
-      };
-
       permissions = [
         # Users of the PVV Server
         { actor = "pvv.ntnu.no";
@@ -133,7 +128,6 @@ in
 
   services.nginx.virtualHosts."hookshot.pvv.ntnu.no" = {
     enableACME = true;
-    addSSL = true;
     locations."/" = {
       proxyPass = "http://${webhookListenAddress}:${toString webhookListenPort}";
     };

hosts/ildkule/services/monitoring/prometheus/machines.nix

@@ -8,26 +8,25 @@
 
   defaultNodeExporterPort = 9100;
   defaultSystemdExporterPort = 9101;
-  defaultNixosExporterPort = 9102;
 in {
   services.prometheus.scrapeConfigs = [{
     job_name = "base_info";
     static_configs = [
-      (mkHostScrapeConfig "ildkule" [ cfg.exporters.node.port cfg.exporters.systemd.port defaultNixosExporterPort ])
+      (mkHostScrapeConfig "ildkule" [ cfg.exporters.node.port cfg.exporters.systemd.port ])
 
-      (mkHostScrapeConfig "bekkalokk" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
+      (mkHostScrapeConfig "bekkalokk" [ defaultNodeExporterPort defaultSystemdExporterPort ])
-      (mkHostScrapeConfig "bicep" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
+      (mkHostScrapeConfig "bicep" [ defaultNodeExporterPort defaultSystemdExporterPort ])
-      (mkHostScrapeConfig "brzeczyszczykiewicz" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
+      (mkHostScrapeConfig "brzeczyszczykiewicz" [ defaultNodeExporterPort defaultSystemdExporterPort ])
-      (mkHostScrapeConfig "georg" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
+      (mkHostScrapeConfig "georg" [ defaultNodeExporterPort defaultSystemdExporterPort ])
-      (mkHostScrapeConfig "kommode" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
+      (mkHostScrapeConfig "kommode" [ defaultNodeExporterPort defaultSystemdExporterPort ])
-      (mkHostScrapeConfig "ustetind" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
+      (mkHostScrapeConfig "ustetind" [ defaultNodeExporterPort defaultSystemdExporterPort ])
-      (mkHostScrapeConfig "wenche" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
+      (mkHostScrapeConfig "wenche" [ defaultNodeExporterPort defaultSystemdExporterPort ])
 
-      (mkHostScrapeConfig "lupine-1" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
+      (mkHostScrapeConfig "lupine-1" [ defaultNodeExporterPort defaultSystemdExporterPort ])
       # (mkHostScrapeConfig "lupine-2" [ defaultNodeExporterPort defaultSystemdExporterPort ])
-      (mkHostScrapeConfig "lupine-3" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
+      (mkHostScrapeConfig "lupine-3" [ defaultNodeExporterPort defaultSystemdExporterPort ])
-      (mkHostScrapeConfig "lupine-4" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
+      (mkHostScrapeConfig "lupine-4" [ defaultNodeExporterPort defaultSystemdExporterPort ])
-      (mkHostScrapeConfig "lupine-5" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
+      (mkHostScrapeConfig "lupine-5" [ defaultNodeExporterPort defaultSystemdExporterPort ])
 
       (mkHostScrapeConfig "hildring" [ defaultNodeExporterPort ])
       (mkHostScrapeConfig "isvegg" [ defaultNodeExporterPort ])

hosts/kommode/services/gitea/default.nix

@@ -8,7 +8,6 @@ in {
     ./customization
     ./gpg.nix
     ./import-users
-    ./vaskepersonalet.nix
     ./web-secret-provider
   ];
 

hosts/kommode/services/gitea/vaskepersonalet.nix

@@ -1,59 +0,0 @@
-{ config, ... }:
-let
-  cfg = config.services.gitea;
-  cacheDir = "/var/cache/${config.systemd.services.gitea.serviceConfig.CacheDirectory}";
-in
-{
-  systemd.services."gitea-vaskepersonalet" = {
-    description = "yeeet";
-    startAt = "hourly";
-
-    serviceConfig = rec {
-      User = cfg.user;
-      Group = cfg.group;
-
-      RuntimeDirectory = "gitea-vaskepersonalet";
-      RootDirectory = "/run/${RuntimeDirectory}";
-
-      BindPaths = [
-        builtins.storeDir
-        cacheDir
-        cfg.dump.backupDir
-      ];
-    };
-
-    script = let
-      percentageLimit = 80;
-    in ''
-      USED=$(df --output=pcent '${cacheDir}' | grep '[0-9]' | tr -d '%')
-      if [[ $USED -lt ${toString percentageLimit} ]]; then exit 0; fi
-
-      echo "omg omg, we're running out of space, imma yeet the cache"
-
-      rm -rf '${cacheDir}'/*
-      echo "yeetus deletus"
-
-      USED=$(df --output=pcent '${cacheDir}' | grep '[0-9]' | tr -d '%')
-      if [[ $USED -lt ${toString percentageLimit} ]]; then exit 0; fi
-
-      echo ""
-      echo "bruh, still low on space, yeeting old backups"
-      echo ""
-
-      # tail -n+2 ensure we keep at least one backup.
-      for file in $(ls -t1 '${cfg.dump.backupDir}' | sort --reverse | tail -n+2); do
-        echo "> Chose $file"
-        echo "> Do you really want to release this pokemon? [Y/n] Y"
-        rm "$file"
-        echo "> ..."
-        echo "> The pokemon was released back into the wild"
-        echo ""
-
-        USED=$(df --output=pcent '${cacheDir}' | grep '[0-9]' | tr -d '%')
-        if [[ $USED -lt ${toString percentageLimit} ]]; then exit 0; fi
-      done
-
-      echo "No way, we're still out of space? Not my problem anymore"
-    '';
-  };
-}