Drift/pvv-nixos-config
17
4
Fork 1
Code Issues Pull Requests9 Actions Wiki Activity

Compare commits

..

1 Commits
init-bakke ... gitea-navb

Author SHA1 Message Date
h7x4
7f8c306d9a bekkalokk/gitea: add navbar item 'Howto' 2025-03-09 11:34:50 +01:00
44 changed files with 143 additions and 995 deletions

36
.sops.yaml

@@ -1,20 +1,18 @@
keys: keys:
# Users # Users
- &user_danio age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq - &user_danio age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
- &user_eirikwit age1ju7rd26llahz3g8tz7cy5ld52swj8gsmg0flrmrxngc0nj0avq3ssh0sn5
- &user_felixalb age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6 - &user_felixalb age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
- &user_oysteikt F7D37890228A907440E1FD4846B9228E814A2AAC - &user_oysteikt F7D37890228A907440E1FD4846B9228E814A2AAC
- &user_pederbs_bjarte age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5 - &user_eirikwit age1ju7rd26llahz3g8tz7cy5ld52swj8gsmg0flrmrxngc0nj0avq3ssh0sn5
- &user_pederbs_nord age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
- &user_pederbs_sopp age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn - &user_pederbs_sopp age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
- &user_pederbs_nord age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
- &user_pederbs_bjarte age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
# Hosts # Hosts
- &host_bakke age1syted6kt48sumjjucggh6r3uca4x2ppp4mfungf3lamkt2le05csc99633 - &host_jokum age1gp8ye4g2mmw3may5xg0zsy7mm04glfz3788mmdx9cvcsdxs9hg0s0cc9kt
- &host_ildkule age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0
- &host_bekkalokk age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd - &host_bekkalokk age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
- &host_bicep age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2 - &host_bicep age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2
- &host_ildkule age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0
- &host_jokum age1gp8ye4g2mmw3may5xg0zsy7mm04glfz3788mmdx9cvcsdxs9hg0s0cc9kt
- &host_kommode age1mt4d0hg5g76qp7j0884llemy0k2ymr5up8vfudz6vzvsflk5nptqqd32ly
- &host_ustetind age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8 - &host_ustetind age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8
creation_rules: creation_rules:
@@ -46,18 +44,6 @@ creation_rules:
pgp: pgp:
- *user_oysteikt - *user_oysteikt
- path_regex: secrets/kommode/[^/]+\.yaml$
key_groups:
- age:
- *host_kommode
- *user_danio
- *user_felixalb
- *user_pederbs_sopp
- *user_pederbs_nord
- *user_pederbs_bjarte
pgp:
- *user_oysteikt
- path_regex: secrets/jokum/[^/]+\.yaml$ - path_regex: secrets/jokum/[^/]+\.yaml$
key_groups: key_groups:
- age: - age:
@@ -105,15 +91,3 @@ creation_rules:
- *user_pederbs_bjarte - *user_pederbs_bjarte
pgp: pgp:
- *user_oysteikt - *user_oysteikt
- path_regex: secrets/bakke/[^/]+\.yaml$
key_groups:
- age:
- *host_bakke
- *user_danio
- *user_felixalb
- *user_pederbs_sopp
- *user_pederbs_nord
- *user_pederbs_bjarte
pgp:
- *user_oysteikt

19
base/default.nix

@@ -10,8 +10,6 @@
./services/acme.nix ./services/acme.nix
./services/auto-upgrade.nix ./services/auto-upgrade.nix
./services/dbus.nix
./services/fwupd.nix
./services/irqbalance.nix ./services/irqbalance.nix
./services/logrotate.nix ./services/logrotate.nix
./services/nginx.nix ./services/nginx.nix
@@ -19,12 +17,9 @@
./services/postfix.nix ./services/postfix.nix
./services/smartd.nix ./services/smartd.nix
./services/thermald.nix ./services/thermald.nix
./services/userborn.nix
./services/userdbd.nix
]; ];
boot.tmp.cleanOnBoot = lib.mkDefault true; boot.tmp.cleanOnBoot = lib.mkDefault true;
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
time.timeZone = "Europe/Oslo"; time.timeZone = "Europe/Oslo";
@@ -50,22 +45,8 @@
kitty.terminfo kitty.terminfo
]; ];
# .bash_profile already works, but lets also use .bashrc like literally every other distro
# https://man.archlinux.org/man/core/bash/bash.1.en#INVOCATION
# home-manager usually handles this for you: https://github.com/nix-community/home-manager/blob/22a36aa709de7dd42b562a433b9cefecf104a6ee/modules/programs/bash.nix#L203-L209
# btw, programs.bash.shellInit just goes into environment.shellInit which in turn goes into /etc/profile, spooky shit
programs.bash.shellInit = ''
if [ -n "''${BASH_VERSION:-}" ]; then
if [[ ! -f ~/.bash_profile && ! -f ~/.bash_login ]]; then
[[ -f ~/.bashrc ]] && . ~/.bashrc
fi
fi
'';
programs.zsh.enable = true; programs.zsh.enable = true;
security.lockKernelModules = true;
security.protectKernelImage = true;
security.sudo.execWheelOnly = true; security.sudo.execWheelOnly = true;
security.sudo.extraConfig = '' security.sudo.extraConfig = ''
Defaults lecture = never Defaults lecture = never

2
base/nix.nix

@@ -5,10 +5,10 @@
automatic = true; automatic = true;
options = "--delete-older-than 2d"; options = "--delete-older-than 2d";
}; };
optimise.automatic = true;
settings = { settings = {
allow-dirty = true; allow-dirty = true;
auto-optimise-store = true;
builders-use-substitutes = true; builders-use-substitutes = true;
experimental-features = [ "nix-command" "flakes" ]; experimental-features = [ "nix-command" "flakes" ];
log-lines = 50; log-lines = 50;

7
base/services/dbus.nix

@@ -1,7 +0,0 @@
{ ... }:
{
services.dbus = {
enable = true;
implementation = "broker";
};
}

4
base/services/fwupd.nix

@@ -1,4 +0,0 @@
{ ... }:
{
services.fwupd.enable = true;
}

4
base/services/userborn.nix

@@ -1,4 +0,0 @@
{ ... }:
{
services.userborn.enable = true;
}

4
base/services/userdbd.nix

@@ -1,4 +0,0 @@
{ ... }:
{
services.userdbd.enable = true;
}

46
flake.lock generated

@@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741786315, "lastModified": 1740485968,
"narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=", "narHash": "sha256-WK+PZHbfDjLyveXAxpnrfagiFgZWaTJglewBWniTn2Y=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de", "rev": "19c1140419c4f1cdf88ad4c1cfb6605597628940",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -88,16 +88,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1735857245, "lastModified": 1727410897,
"narHash": "sha256-AKLLPrgXTxgzll3DqVUMa4QlPlRN3QceutgFBmEf8Nk=", "narHash": "sha256-tWsyxvf421ieWUJYgjV7m1eTdr2ZkO3vId7vmtvfFpQ=",
"owner": "dali99", "owner": "dali99",
"repo": "nixos-matrix-modules", "repo": "nixos-matrix-modules",
"rev": "da9dc0479ffe22362793c87dc089035facf6ec4d", "rev": "ff787d410cba17882cd7b6e2e22cc88d4064193c",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "dali99", "owner": "dali99",
"ref": "0.7.0", "ref": "v0.6.1",
"repo": "nixos-matrix-modules", "repo": "nixos-matrix-modules",
"type": "github" "type": "github"
} }
@@ -110,11 +110,11 @@
"rev": "1b4087bd3322a2e2ba84271c8fcc013e6b641a58", "rev": "1b4087bd3322a2e2ba84271c8fcc013e6b641a58",
"revCount": 2, "revCount": 2,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git" "url": "https://git.pvv.ntnu.no/Drift/minecraft-data.git"
}, },
"original": { "original": {
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git" "url": "https://git.pvv.ntnu.no/Drift/minecraft-data.git"
} }
}, },
"nix-gitea-themes": { "nix-gitea-themes": {
@@ -139,11 +139,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1741969460, "lastModified": 1740782485,
"narHash": "sha256-SCNxTTBfMJV7XuTcLUfdAd6cgCGsazzi+DoPrceQrZ0=", "narHash": "sha256-GkDJDqHYlPKZFdyxzZHtljxNRsosKB1GCrblqlvLFgo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "68612419aa6c9fd5b178b81e6fabbdf46d300ea4", "rev": "dd5c2540983641bbaabdfc665931592d4c9989e8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -155,11 +155,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1741960758, "lastModified": 1740848276,
"narHash": "sha256-pSGMbfkxF7TSeco54W+B1q+g22YCVp1qXHgtrdgtyR4=", "narHash": "sha256-bYeI3FEs824X+MJYksKboNlmglehzplqzn+XvcojWMc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "845dc1e9cbc2e48640b8968af58b4a19db67aa8f", "rev": "e9b0ff70ddc61c42548501b0fafb86bb49cca858",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -196,11 +196,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741738148, "lastModified": 1737151758,
"narHash": "sha256-cJo6nbcJEOjkazkZ194NDnlsZe0W0wpxeUh2/886uC8=", "narHash": "sha256-yZBsefIarFUEhFRj+rCGMp9Zvag3MCafqV/JfGVRVwc=",
"ref": "refs/heads/main", "ref": "refs/heads/master",
"rev": "c1802e7cf27c7cf8b4890354c982a4eef5b11593", "rev": "a4ebe6ded0c8c124561a41cb329ff30891914b5e",
"revCount": 486, "revCount": 475,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git" "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
}, },
@@ -253,11 +253,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741861888, "lastModified": 1739262228,
"narHash": "sha256-ynOgXAyToeE1UdLNfrUn/hL7MN0OpIS2BtNdLjpjPf0=", "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "d016ce0365b87d848a57c12ffcfdc71da7a2b55f", "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975",
"type": "github" "type": "github"
}, },
"original": { "original": {

36
flake.nix

@@ -17,7 +17,7 @@
pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git"; pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git";
pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs"; pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
matrix-next.url = "github:dali99/nixos-matrix-modules/0.7.0"; matrix-next.url = "github:dali99/nixos-matrix-modules/v0.6.1";
matrix-next.inputs.nixpkgs.follows = "nixpkgs"; matrix-next.inputs.nixpkgs.follows = "nixpkgs";
nix-gitea-themes.url = "git+https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git"; nix-gitea-themes.url = "git+https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git";
@@ -30,7 +30,7 @@
grzegorz-clients.url = "git+https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git"; grzegorz-clients.url = "git+https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git";
grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs"; grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";
minecraft-data.url = "git+https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git"; minecraft-data.url = "git+https://git.pvv.ntnu.no/Drift/minecraft-data.git";
}; };
outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, disko, ... }@inputs: outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, disko, ... }@inputs:
@@ -71,11 +71,6 @@
pkgs = import nixpkgs { pkgs = import nixpkgs {
inherit system; inherit system;
config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg)
[
"nvidia-x11"
"nvidia-settings"
];
overlays = [ overlays = [
# Global overlays go here # Global overlays go here
] ++ config.overlays or [ ]; ] ++ config.overlays or [ ];
@@ -87,11 +82,6 @@
stableNixosConfig = nixosConfig nixpkgs; stableNixosConfig = nixosConfig nixpkgs;
unstableNixosConfig = nixosConfig nixpkgs-unstable; unstableNixosConfig = nixosConfig nixpkgs-unstable;
in { in {
bakke = stableNixosConfig "bakke" {
modules = [
disko.nixosModules.disko
];
};
bicep = stableNixosConfig "bicep" { bicep = stableNixosConfig "bicep" {
modules = [ modules = [
inputs.matrix-next.nixosModules.default inputs.matrix-next.nixosModules.default
@@ -109,9 +99,11 @@
simplesamlphp = final.callPackage ./packages/simplesamlphp { }; simplesamlphp = final.callPackage ./packages/simplesamlphp { };
bluemap = final.callPackage ./packages/bluemap.nix { }; bluemap = final.callPackage ./packages/bluemap.nix { };
}) })
inputs.nix-gitea-themes.overlays.default
inputs.pvv-nettsiden.overlays.default inputs.pvv-nettsiden.overlays.default
]; ];
modules = [ modules = [
inputs.nix-gitea-themes.nixosModules.default
inputs.pvv-nettsiden.nixosModules.default inputs.pvv-nettsiden.nixosModules.default
]; ];
}; };
@@ -124,16 +116,6 @@
ildkule = stableNixosConfig "ildkule" { }; ildkule = stableNixosConfig "ildkule" { };
#ildkule-unstable = unstableNixosConfig "ildkule" { }; #ildkule-unstable = unstableNixosConfig "ildkule" { };
shark = stableNixosConfig "shark" { }; shark = stableNixosConfig "shark" { };
wenche = stableNixosConfig "wenche" { };
kommode = stableNixosConfig "kommode" {
overlays = [
inputs.nix-gitea-themes.overlays.default
];
modules = [
inputs.nix-gitea-themes.nixosModules.default
];
};
ustetind = stableNixosConfig "ustetind" { ustetind = stableNixosConfig "ustetind" {
modules = [ modules = [
@@ -168,20 +150,10 @@
nixosModules = { nixosModules = {
snakeoil-certs = ./modules/snakeoil-certs.nix; snakeoil-certs = ./modules/snakeoil-certs.nix;
snappymail = ./modules/snappymail.nix; snappymail = ./modules/snappymail.nix;
robots-txt = ./modules/robots-txt.nix;
}; };
devShells = forAllSystems (system: { devShells = forAllSystems (system: {
default = nixpkgs.legacyPackages.${system}.callPackage ./shell.nix { }; default = nixpkgs.legacyPackages.${system}.callPackage ./shell.nix { };
cuda = let
cuda-pkgs = import nixpkgs {
inherit system;
config = {
allowUnfree = true;
cudaSupport = true;
};
};
in cuda-pkgs.callPackage ./shells/cuda.nix { };
}); });
packages = { packages = {

26
hosts/bakke/configuration.nix

@@ -1,26 +0,0 @@
{ config, pkgs, values, ... }:
{
imports = [
./hardware-configuration.nix
../../base
../../misc/metrics-exporters.nix
./filesystems.nix
];
sops.defaultSopsFile = ../../secrets/bakke/bakke.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
sops.age.generateKey = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "bakke";
networking.hostId = "99609ffc";
systemd.network.networks."30-enp2s0" = values.defaultNetworkConfig // {
matchConfig.Name = "enp2s0";
address = with values.hosts.bakke; [ (ipv4 + "/25") (ipv6 + "/64") ];
};
system.stateVersion = "24.05";
}

83
hosts/bakke/disks.nix

@@ -1,83 +0,0 @@
{
# https://github.com/nix-community/disko/blob/master/example/boot-raid1.nix
# Note: Disko was used to create the initial md raid, but is no longer in active use on this host.
disko.devices = {
disk = {
one = {
type = "disk";
device = "/dev/disk/by-id/ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E2EER6N6";
content = {
type = "gpt";
partitions = {
ESP = {
size = "500M";
type = "EF00";
content = {
type = "mdraid";
name = "boot";
};
};
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "raid1";
};
};
};
};
};
two = {
type = "disk";
device = "/dev/disk/by-id/ata-WDC_WD40EFRX-68WT0N0_WD-WCC4E7LPLU71";
content = {
type = "gpt";
partitions = {
ESP = {
size = "500M";
type = "EF00";
content = {
type = "mdraid";
name = "boot";
};
};
mdadm = {
size = "100%";
content = {
type = "mdraid";
name = "raid1";
};
};
};
};
};
};
mdadm = {
boot = {
type = "mdadm";
level = 1;
metadata = "1.0";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
raid1 = {
type = "mdadm";
level = 1;
content = {
type = "gpt";
partitions.primary = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
}

26
hosts/bakke/filesystems.nix

@@ -1,26 +0,0 @@
{ config, pkgs, lib, ... }:
{
# Boot drives:
boot.swraid.enable = true;
# ZFS Data pool:
environment.systemPackages = with pkgs; [ zfs ];
boot = {
zfs = {
extraPools = [ "tank" ];
requestEncryptionCredentials = false;
};
supportedFilesystems = [ "zfs" ];
kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
};
services.zfs.autoScrub = {
enable = true;
interval = "Wed *-*-8..14 00:00:00";
};
# NFS Exports:
#TODO
# NFS Import mounts:
#TODO
}

52
hosts/bakke/hardware-configuration.nix

@@ -1,52 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/0f63c3d2-fc12-4ed5-a5a5-141bfd67a571";
fsType = "btrfs";
options = [ "subvol=root" ];
};
fileSystems."/home" =
{ device = "/dev/disk/by-uuid/0f63c3d2-fc12-4ed5-a5a5-141bfd67a571";
fsType = "btrfs";
options = [ "subvol=home" ];
};
fileSystems."/nix" =
{ device = "/dev/disk/by-uuid/0f63c3d2-fc12-4ed5-a5a5-141bfd67a571";
fsType = "btrfs";
options = [ "subvol=nix" "noatime" ];
};
fileSystems."/boot" =
{ device = "/dev/sdc2";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault false;
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
# networking.interfaces.enp2s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

1
hosts/bekkalokk/configuration.nix

@@ -7,6 +7,7 @@
(fp /misc/metrics-exporters.nix) (fp /misc/metrics-exporters.nix)
./services/bluemap/default.nix ./services/bluemap/default.nix
./services/gitea/default.nix
./services/idp-simplesamlphp ./services/idp-simplesamlphp
./services/kerberos ./services/kerberos
./services/mediawiki ./services/mediawiki

55
hosts/kommode/services/gitea/default.nix → hosts/bekkalokk/services/gitea/default.nix

@@ -1,11 +1,10 @@
{ config, values, lib, unstablePkgs, ... }: { config, values, fp, pkgs, lib, ... }:
let let
cfg = config.services.gitea; cfg = config.services.gitea;
domain = "git.pvv.ntnu.no"; domain = "git.pvv.ntnu.no";
sshPort = 2222; sshPort = 2222;
in { in {
imports = [ imports = [
./customization
./gpg.nix ./gpg.nix
./import-users ./import-users
./web-secret-provider ./web-secret-provider
@@ -26,8 +25,6 @@ in {
enable = true; enable = true;
appName = "PVV Git"; appName = "PVV Git";
package = unstablePkgs.gitea;
database = { database = {
type = "postgres"; type = "postgres";
host = "postgres.pvv.ntnu.no"; host = "postgres.pvv.ntnu.no";
@@ -49,10 +46,6 @@ in {
START_LFS_SERVER = true; START_LFS_SERVER = true;
LANDING_PAGE = "explore"; LANDING_PAGE = "explore";
}; };
"git.timeout" = {
MIGRATE = 3600;
MIRROR = 1800;
};
mailer = { mailer = {
ENABLED = true; ENABLED = true;
FROM = "gitea@pvv.ntnu.no"; FROM = "gitea@pvv.ntnu.no";
@@ -137,18 +130,10 @@ in {
}; };
"ui.meta".DESCRIPTION = "Bokstavelig talt programvareverkstedet"; "ui.meta".DESCRIPTION = "Bokstavelig talt programvareverkstedet";
}; };
dump = {
enable = true;
interval = "weekly";
type = "tar.gz";
};
}; };
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ];
systemd.services.gitea.serviceConfig.CPUSchedulingPolicy = "batch";
services.nginx.virtualHosts."${domain}" = { services.nginx.virtualHosts."${domain}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@@ -164,7 +149,6 @@ in {
proxyPass = "http://unix:${cfg.settings.server.HTTP_ADDR}"; proxyPass = "http://unix:${cfg.settings.server.HTTP_ADDR}";
extraConfig = '' extraConfig = ''
allow ${values.hosts.ildkule.ipv4}/32; allow ${values.hosts.ildkule.ipv4}/32;
allow ${values.hosts.ildkule.ipv6}/128;
deny all; deny all;
''; '';
}; };
@@ -172,4 +156,41 @@ in {
}; };
networking.firewall.allowedTCPPorts = [ sshPort ]; networking.firewall.allowedTCPPorts = [ sshPort ];
# Extra customization
services.gitea-themes.monokai = pkgs.gitea-theme-monokai;
systemd.services.install-gitea-customization = {
description = "Install extra customization in gitea's CUSTOM_DIR";
wantedBy = [ "gitea.service" ];
requiredBy = [ "gitea.service" ];
serviceConfig = {
Type = "oneshot";
User = cfg.user;
Group = cfg.group;
};
script = let
logo-svg = fp /assets/logo_blue_regular.svg;
logo-png = fp /assets/logo_blue_regular.png;
extraLinks = pkgs.writeText "gitea-extra-links.tmpl" ''
<a class="item" href="https://www.pvv.ntnu.no/">PVV</a>
<a class="item" href="https://wiki.pvv.ntnu.no/">Wiki</a>
<a class="item" href="https://git.pvv.ntnu.no/Drift/-/projects/4">Tokyo Drift Issues</a>
<a class="item" href="https://wiki.pvv.ntnu.no/wiki/Tjenester/Kodelager">Howto</a>
'';
project-labels = (pkgs.formats.yaml { }).generate "gitea-project-labels.yaml" {
labels = lib.importJSON ./labels/projects.json;
};
in ''
install -Dm444 ${logo-svg} ${cfg.customDir}/public/assets/img/logo.svg
install -Dm444 ${logo-png} ${cfg.customDir}/public/assets/img/logo.png
install -Dm444 ${./loading.apng} ${cfg.customDir}/public/assets/img/loading.png
install -Dm444 ${extraLinks} ${cfg.customDir}/templates/custom/extra_links.tmpl
install -Dm444 ${project-labels} ${cfg.customDir}/options/label/project-labels.yaml
'';
};
} }

0
hosts/kommode/services/gitea/gpg.nix → hosts/bekkalokk/services/gitea/gpg.nix

0
hosts/kommode/services/gitea/import-users/default.nix → hosts/bekkalokk/services/gitea/import-users/default.nix

0
hosts/kommode/services/gitea/import-users/gitea-import-users.py → hosts/bekkalokk/services/gitea/import-users/gitea-import-users.py

0
hosts/kommode/services/gitea/customization/labels/projects.json → hosts/bekkalokk/services/gitea/labels/projects.json

0
hosts/kommode/services/gitea/customization/loading.apng → hosts/bekkalokk/services/gitea/loading.apng

Side by Side Swipe Overlay

Before

(image error) Size: 1.1 MiB

After

(image error) Size: 1.1 MiB

0
hosts/kommode/services/gitea/web-secret-provider/default.nix → hosts/bekkalokk/services/gitea/web-secret-provider/default.nix

0
hosts/kommode/services/gitea/web-secret-provider/gitea-web-secret-provider.py → hosts/bekkalokk/services/gitea/web-secret-provider/gitea-web-secret-provider.py

1
hosts/bekkalokk/services/mediawiki/default.nix

@@ -61,6 +61,7 @@ in {
user = "mediawiki"; user = "mediawiki";
passwordFile = config.sops.secrets."mediawiki/postgres_password".path; passwordFile = config.sops.secrets."mediawiki/postgres_password".path;
createLocally = false; createLocally = false;
# TODO: create a normal database and copy over old data when the service is production ready
name = "mediawiki"; name = "mediawiki";
}; };

7
hosts/bekkalokk/services/website/default.nix

@@ -67,12 +67,7 @@ in {
ADMIN_NAME = "PVV Drift"; ADMIN_NAME = "PVV Drift";
ADMIN_EMAIL = "drift@pvv.ntnu.no"; ADMIN_EMAIL = "drift@pvv.ntnu.no";
ADMIN_PASSWORD = includeFromSops "simplesamlphp/admin_password"; ADMIN_PASSWORD = includeFromSops "simplesamlphp/admin_password";
TRUSTED_DOMAINS = [ TRUSTED_DOMAINS = [ cfg.domainName ];
"www.pvv.ntnu.no"
"pvv.ntnu.no"
"www.pvv.org"
"pvv.org"
];
}; };
}; };
}; };

4
hosts/ildkule/services/monitoring/dashboards/gitea-dashboard.json → hosts/ildkule/services/monitoring/dashboards/gitea-dashbaord.json

@@ -1539,8 +1539,8 @@
] ]
}, },
"timezone": "browser", "timezone": "browser",
"title": "Gitea Dashboard", "title": "Gitea Dashbaord",
"uid": "nNq1Iw5Gz", "uid": "nNq1Iw5Gz",
"version": 29, "version": 29,
"weekStart": "" "weekStart": ""
} }

17
hosts/ildkule/services/monitoring/grafana.nix

@@ -56,12 +56,13 @@ in {
url = "https://raw.githubusercontent.com/matrix-org/synapse/develop/contrib/grafana/synapse.json"; url = "https://raw.githubusercontent.com/matrix-org/synapse/develop/contrib/grafana/synapse.json";
options.path = dashboards/synapse.json; options.path = dashboards/synapse.json;
} }
{ # TODO: enable once https://github.com/NixOS/nixpkgs/pull/242365 gets merged
name = "MySQL"; # {
type = "file"; # name = "MySQL";
url = "https://raw.githubusercontent.com/prometheus/mysqld_exporter/main/mysqld-mixin/dashboards/mysql-overview.json"; # type = "file";
options.path = dashboards/mysql.json; # url = "https://raw.githubusercontent.com/prometheus/mysqld_exporter/main/mysqld-mixin/dashboards/mysql-overview.json";
} # options.path = dashboards/mysql.json;
# }
{ {
name = "Postgresql"; name = "Postgresql";
type = "file"; type = "file";
@@ -75,10 +76,10 @@ in {
options.path = dashboards/go-processes.json; options.path = dashboards/go-processes.json;
} }
{ {
name = "Gitea Dashboard"; name = "Gitea Dashbaord";
type = "file"; type = "file";
url = "https://grafana.com/api/dashboards/17802/revisions/3/download"; url = "https://grafana.com/api/dashboards/17802/revisions/3/download";
options.path = dashboards/gitea-dashboard.json; options.path = dashboards/gitea-dashbaord.json;
} }
]; ];

3
hosts/ildkule/services/monitoring/prometheus/default.nix

@@ -4,7 +4,8 @@ in {
imports = [ imports = [
./gitea.nix ./gitea.nix
./matrix-synapse.nix ./matrix-synapse.nix
./mysqld.nix # TODO: enable once https://github.com/NixOS/nixpkgs/pull/242365 gets merged
# ./mysqld.nix
./postgres.nix ./postgres.nix
./machines.nix ./machines.nix
]; ];

12
hosts/ildkule/services/monitoring/prometheus/machines.nix

@@ -16,12 +16,6 @@ in {
"bekkalokk.pvv.ntnu.no:9101" "bekkalokk.pvv.ntnu.no:9101"
]; ];
} }
{ labels.hostname = "kommode";
targets = [
"kommode.pvv.ntnu.no:9100"
"kommode.pvv.ntnu.no:9101"
];
}
{ labels.hostname = "bicep"; { labels.hostname = "bicep";
targets = [ targets = [
"bicep.pvv.ntnu.no:9100" "bicep.pvv.ntnu.no:9100"
@@ -40,12 +34,6 @@ in {
"georg.pvv.ntnu.no:9101" "georg.pvv.ntnu.no:9101"
]; ];
} }
{ labels.hostname = "ustetind";
targets = [
"ustetind.pvv.ntnu.no:9100"
"ustetind.pvv.ntnu.no:9101"
];
}
{ labels.hostname = "hildring"; { labels.hostname = "hildring";
targets = [ targets = [
"hildring.pvv.ntnu.no:9100" "hildring.pvv.ntnu.no:9100"

19
hosts/ildkule/services/monitoring/prometheus/mysqld.nix

@@ -1,22 +1,7 @@
{ config, ... }: let { config, ... }: let
cfg = config.services.prometheus; cfg = config.services.prometheus;
in { in {
sops = { sops.secrets."config/mysqld_exporter" = { };
secrets."config/mysqld_exporter_password" = { };
templates."mysqld_exporter.conf" = {
restartUnits = [ "prometheus-mysqld-exporter.service" ];
content = let
inherit (config.sops) placeholder;
in ''
[client]
host = bicep.pvv.ntnu.no
port = 3306
user = prometheus_mysqld_exporter
password = ${placeholder."config/mysqld_exporter_password"}
'';
};
};
services.prometheus = { services.prometheus = {
scrapeConfigs = [{ scrapeConfigs = [{
@@ -34,7 +19,7 @@ in {
exporters.mysqld = { exporters.mysqld = {
enable = true; enable = true;
configFile = config.sops.templates."mysqld_exporter.conf".path; configFilePath = config.sops.secrets."config/mysqld_exporter".path;
}; };
}; };
} }

34
hosts/kommode/configuration.nix

@@ -1,34 +0,0 @@
{ pkgs, values, fp, ... }:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
(fp /base)
(fp /misc/metrics-exporters.nix)
./services/gitea
./services/nginx.nix
];
sops.defaultSopsFile = fp /secrets/kommode/kommode.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
sops.age.generateKey = true;
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "kommode"; # Define your hostname.
systemd.network.networks."30-ens18" = values.defaultNetworkConfig // {
matchConfig.Name = "ens18";
address = with values.hosts.kommode; [ (ipv4 + "/25") (ipv6 + "/64") ];
};
services.btrfs.autoScrub.enable = true;
environment.systemPackages = with pkgs; [];
system.stateVersion = "24.11";
}

39
hosts/kommode/hardware-configuration.nix

@@ -1,39 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/d421538f-a260-44ae-8e03-47cac369dcc1";
fsType = "btrfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/86CD-4C23";
fsType = "vfat";
options = [ "fmask=0077" "dmask=0077" ];
};
swapDevices =
[ { device = "/dev/disk/by-uuid/4cfbb41e-801f-40dd-8c58-0a0c1a6025f6"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

52
hosts/kommode/services/gitea/customization/default.nix

@@ -1,52 +0,0 @@
{ config, pkgs, lib, fp, ... }:
let
cfg = config.services.gitea;
in
{
services.gitea-themes.monokai = pkgs.gitea-theme-monokai;
systemd.services.gitea-customization = lib.mkIf cfg.enable {
description = "Install extra customization in gitea's CUSTOM_DIR";
wantedBy = [ "gitea.service" ];
requiredBy = [ "gitea.service" ];
serviceConfig = {
Type = "oneshot";
User = cfg.user;
Group = cfg.group;
};
script = let
logo-svg = fp /assets/logo_blue_regular.svg;
logo-png = fp /assets/logo_blue_regular.png;
extraLinks = pkgs.writeText "gitea-extra-links.tmpl" ''
<a class="item" href="https://www.pvv.ntnu.no/">PVV</a>
<a class="item" href="https://wiki.pvv.ntnu.no/">Wiki</a>
<a class="item" href="https://git.pvv.ntnu.no/Drift/-/projects/4">Tokyo Drift Issues</a>
'';
project-labels = (pkgs.formats.yaml { }).generate "gitea-project-labels.yaml" {
labels = lib.importJSON ./labels/projects.json;
};
customTemplates = pkgs.runCommandLocal "gitea-templates" {
nativeBuildInputs = with pkgs; [
coreutils
gnused
];
} ''
# Bigger icons
install -Dm444 "${cfg.package.src}/templates/repo/icon.tmpl" "$out/repo/icon.tmpl"
sed -i -e 's/24/48/g' "$out/repo/icon.tmpl"
'';
in ''
install -Dm444 ${logo-svg} ${cfg.customDir}/public/assets/img/logo.svg
install -Dm444 ${logo-png} ${cfg.customDir}/public/assets/img/logo.png
install -Dm444 ${./loading.apng} ${cfg.customDir}/public/assets/img/loading.png
install -Dm444 ${extraLinks} ${cfg.customDir}/templates/custom/extra_links.tmpl
install -Dm444 ${project-labels} ${cfg.customDir}/options/label/project-labels.yaml
"${lib.getExe pkgs.rsync}" -a "${customTemplates}/" ${cfg.customDir}/templates/
'';
};
}

4
hosts/kommode/services/nginx.nix

@@ -1,4 +0,0 @@
{ ... }:
{
services.nginx.enable = true;
}

39
hosts/wenche/configuration.nix

@@ -1,39 +0,0 @@
{ config, fp, pkgs, values, lib, ... }:
{
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
(fp /base)
(fp /misc/metrics-exporters.nix)
(fp /misc/builder.nix)
];
sops.defaultSopsFile = fp /secrets/wenche/wenche.yaml;
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
sops.age.generateKey = true;
boot.loader.grub.device = "/dev/sda";
networking.hostName = "wenche"; # Define your hostname.
systemd.network.networks."30-ens18" = values.defaultNetworkConfig // {
matchConfig.Name = "ens18";
address = with values.hosts.wenche; [ (ipv4 + "/25") (ipv6 + "/64") ];
};
hardware.graphics.enable = true;
services.xserver.videoDrivers = [ "nvidia" ];
hardware.nvidia = {
modesetting.enable = true;
open = false;
package = config.boot.kernelPackages.nvidiaPackages.production;
};
# List packages installed in system profile
environment.systemPackages = with pkgs; [
];
system.stateVersion = "24.11"; # Did you read the comment?
}

27
hosts/wenche/hardware-configuration.nix

@@ -1,27 +0,0 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "nvidia" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/4e8ecdd2-d453-4fff-b952-f06da00f3b85";
fsType = "ext4";
};
swapDevices = [ {
device = "/var/lib/swapfile";
size = 16*1024;
} ];
networking.useDHCP = lib.mkDefault false;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

73
keys/oysteikt.pub

@@ -8,47 +8,34 @@ FgIDAQACHgECF4AACgkQRrkijoFKKqxIlQD9F0EedrFpHAVuaVas9ZWRZb4xv3zM
N3g0IDxoN3g0QG5hbmkud3RmPoiTBBMWCgA7AhsBBQsJCAcDBRUKCQgLBRYCAwEA N3g0IDxoN3g0QG5hbmkud3RmPoiTBBMWCgA7AhsBBQsJCAcDBRUKCQgLBRYCAwEA
Ah4BAheAFiEE99N4kCKKkHRA4f1IRrkijoFKKqwFAmL7l8ACGQEACgkQRrkijoFK Ah4BAheAFiEE99N4kCKKkHRA4f1IRrkijoFKKqwFAmL7l8ACGQEACgkQRrkijoFK
KqxI4wD9EIGpb3Gt5s5e8waH7XaLSlquOrW1RID3sSuzWI4DvikBAMncfBbtkpzH KqxI4wD9EIGpb3Gt5s5e8waH7XaLSlquOrW1RID3sSuzWI4DvikBAMncfBbtkpzH
EYU2Ufm8VxzgJDnyeB+lcdeSJXWaIwYLiJAEExYKADgWIQT303iQIoqQdEDh/UhG EYU2Ufm8VxzgJDnyeB+lcdeSJXWaIwYLtCZoN3g0IChhbHRlcm5hdGl2ZSkgPGg3
uSKOgUoqrAUCYuaF5AIbAQULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBGuSKO eDQuYWx0QG5hbmkud3RmPoiQBBMWCgA4FiEE99N4kCKKkHRA4f1IRrkijoFKKqwF
gUoqrKWiAQC1yFpodz5PGsZbFgihEA0UQ5jcoXBojoAlVRgmkwm41gEA782rsvyl AmL7j0oCGwEFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AACgkQRrkijoFKKqytywD+
87ExoluDD3eV/Z5ILp7Ex6JeaE3JUix8Sgi0Jmg3eDQgKGFsdGVybmF0aXZlKSA8 IdHIxbjRcDEJYOqFX1r4wrymTvnjz/kp0zUSrymwMUoBAP8huPK/YpujNF6/cwwB
aDd4NC5hbHRAbmFuaS53dGY+iJAEExYKADgWIQT303iQIoqQdEDh/UhGuSKOgUoq 3A5WwpWjjV+F/uq2ejqFOocNuDMEYuaGRxYJKwYBBAHaRw8BAQdAsmc0GTQIszpk
rAUCYvuPSgIbAQULCQgHAwUVCgkICwUWAgMBAAIeAQIXgAAKCRBGuSKOgUoqrK3L jDYwgSt6zI81P2+k9WvBg6IEISnyuVWI9QQYFgoAJhYhBPfTeJAiipB0QOH9SEa5
AP4h0cjFuNFwMQlg6oVfWvjCvKZO+ePP+SnTNRKvKbAxSgEA/yG48r9im6M0Xr9z Io6BSiqsBQJi5oZHAhsCBQkDwmcAAIEJEEa5Io6BSiqsdiAEGRYKAB0WIQTzzahs
DAHcDlbClaONX4X+6rZ6OoU6hw24MwRi5oZHFgkrBgEEAdpHDwEBB0CyZzQZNAiz xVqfENegaYGfL32CUPNRRgUCYuaGRwAKCRCfL32CUPNRRhWYAQCzfkYeJt9t02jO
OmSMNjCBK3rMjzU/b6T1a8GDogQhKfK5VYj1BBgWCgAmFiEE99N4kCKKkHRA4f1I c3SXwk1e1dGj9ydEXSprSr8/2PWu7gD+KD/FJWzPbnMhtudoGfCIzNFaazcz/QqT
RrkijoFKKqwFAmLmhkcCGwIFCQPCZwAAgQkQRrkijoFKKqx2IAQZFgoAHRYhBPPN ZeBs6Q+AkQ7ueQD/ZqQMkaCrd8o2L02h89U6bFxy86nyTurGAUVx92F8jUwBAKa7
qGzFWp8Q16BpgZ8vfYJQ81FGBQJi5oZHAAoJEJ8vfYJQ81FGFZgBALN+Rh4m323T Zp/0vR5bR4o57C7NTxB5kbmteF0AXS9R7sxSA/AEuQINBGLmhnoBEADa1yBK0NKx
aM5zdJfCTV7V0aP3J0RdKmtKvz/Y9a7uAP4oP8UlbM9ucyG252gZ8IjM0VprNzP9 VIto3hSh21hooYpWcEXWqMPXHO34rcAhktVFOOHIl2bFGScQAZXtjAcqUmMyC+PM
CpNl4GzpD4CRDu55AP9mpAyRoKt3yjYvTaHz1TpsXHLzqfJO6sYBRXH3YXyNTAEA s1DZoocFk+9PJt17hAa/s6CRrw8vK+1fVqhj0XOLtevGV9iC6IRvhPxzTsOaeOss
prtmn/S9HltHijnsLs1PEHmRua14XQBdL1HuzFID8ASI9QQYFgoAJgIbAhYhBPfT gMGIU8xDmMKT2nGHGNUkqOXGld63E3NKsK3lnl+BCdpJ0f3GEB7aSQ+pk6k1uzOD
eJAiipB0QOH9SEa5Io6BSiqsBQJmqp4CBQkFpUs7AIF2IAQZFgoAHRYhBPPNqGzF XX/mhAUJmL1MkVZ6jJA3vhsre0Kfa9p+C5mP4hLJ6jF+oESvA4HC+LuCSGm66gID
Wp8Q16BpgZ8vfYJQ81FGBQJi5oZHAAoJEJ8vfYJQ81FGFZgBALN+Rh4m323TaM5z MC39jnLo6hwYEEjfPXD7CUAN4S2eISSFd+ZclN2vYcrKYgsCZS0hBFOgDhKKCHBu
dJfCTV7V0aP3J0RdKmtKvz/Y9a7uAP4oP8UlbM9ucyG252gZ8IjM0VprNzP9CpNl MwP12AIM8y8L64/eOWFpR7s2StAPjjYbZeZECHLWZt1zGVvkS7Xp6lsAg6/T8Eys
4GzpD4CRDgkQRrkijoFKKqwYoQEAz0D3G/dD6DBYBf7p6pGYqXd2X0Dv8nmnalol KG7vTl2Qq9W0BmzNgk2ODTZkhv0gqqXppdr8eRiq+h0qMfJptG0GycOvqb9PoEO2
Z6SxfUMA/jT/XjPh7c4Ui8nZO7XDzYWrbV/eZwGMd1zXq2mU42MLuQINBGLmhnoB dfNCjjII8VfaSGfSEYo8UwsqYTtfgdoNnFCXKd1r7QmvrdbNsFDRmkv+wWJoipwU
EADa1yBK0NKxVIto3hSh21hooYpWcEXWqMPXHO34rcAhktVFOOHIl2bFGScQAZXt aVquyb2KN652jSlpwMECW6fSEsT/5C3mJLgAmi6l6yosw6HdIY6jgpCGtxnHW2zR
jAcqUmMyC+PMs1DZoocFk+9PJt17hAa/s6CRrw8vK+1fVqhj0XOLtevGV9iC6IRv eIS6ezZdtxYBCkEHK70yASyaIHrLLDknw+DuKvXAWOAecob8GNBHOjXZe3LzBt2r
hPxzTsOaeOssgMGIU8xDmMKT2nGHGNUkqOXGld63E3NKsK3lnl+BCdpJ0f3GEB7a VgOCRa+W7milNgjUCsz+R3rM8XfR+wNEGwARAQABiH4EGBYKACYWIQT303iQIoqQ
SQ+pk6k1uzODXX/mhAUJmL1MkVZ6jJA3vhsre0Kfa9p+C5mP4hLJ6jF+oESvA4HC dEDh/UhGuSKOgUoqrAUCYuaGegIbDAUJA8JnAAAKCRBGuSKOgUoqrDE0AQDBxRsm
+LuCSGm66gIDMC39jnLo6hwYEEjfPXD7CUAN4S2eISSFd+ZclN2vYcrKYgsCZS0h W9L60mxGCp1CpNWBXD2T6D605PlNiNCcM+cOCgD/c2OitSSG50M0YRbyh1LPYL6Y
BFOgDhKKCHBuMwP12AIM8y8L64/eOWFpR7s2StAPjjYbZeZECHLWZt1zGVvkS7Xp QePL0dQkYsjm6XVmrAK4MwRi5obFFgkrBgEEAdpHDwEBB0BYP2r4I9LGW8ai+fLW
6lsAg6/T8EysKG7vTl2Qq9W0BmzNgk2ODTZkhv0gqqXppdr8eRiq+h0qMfJptG0G RKXGonni9TljqFVN5mV/yuxlPoh+BBgWCgAmFiEE99N4kCKKkHRA4f1IRrkijoFK
ycOvqb9PoEO2dfNCjjII8VfaSGfSEYo8UwsqYTtfgdoNnFCXKd1r7QmvrdbNsFDR KqwFAmLmhsUCGyAFCQPCZwAACgkQRrkijoFKKqzeYwD/emjtDBD0EiCnS2mvfopa
mkv+wWJoipwUaVquyb2KN652jSlpwMECW6fSEsT/5C3mJLgAmi6l6yosw6HdIY6j T6foJSfXbiCe83UdFNebTjQBANFqnkXPCYb9dFIyM/0N1JXH7yj81VuslSqPi4NR
gpCGtxnHW2zReIS6ezZdtxYBCkEHK70yASyaIHrLLDknw+DuKvXAWOAecob8GNBH SNkE
OjXZe3LzBt2rVgOCRa+W7milNgjUCsz+R3rM8XfR+wNEGwARAQABiH4EGBYKACYW =oTMO
IQT303iQIoqQdEDh/UhGuSKOgUoqrAUCYuaGegIbDAUJA8JnAAAKCRBGuSKOgUoq
rDE0AQDBxRsmW9L60mxGCp1CpNWBXD2T6D605PlNiNCcM+cOCgD/c2OitSSG50M0
YRbyh1LPYL6YQePL0dQkYsjm6XVmrAKIfgQYFgoAJgIbDBYhBPfTeJAiipB0QOH9
SEa5Io6BSiqsBQJmqp4FBQkFpUsIAAoJEEa5Io6BSiqsydsA/ihBulpSSLg4B9pJ
sffqphMht7yT3Dnz57iexUEgj3jBAQDedI+gwpZlMjV6IdH/Epz244j82Ta04cqk
SOz2Y63LBrgzBGLmhsUWCSsGAQQB2kcPAQEHQFg/avgj0sZbxqL58tZEpcaieeL1
OWOoVU3mZX/K7GU+iH4EGBYKACYWIQT303iQIoqQdEDh/UhGuSKOgUoqrAUCYuaG
xQIbIAUJA8JnAAAKCRBGuSKOgUoqrN5jAP96aO0MEPQSIKdLaa9+ilpPp+glJ9du
IJ7zdR0U15tONAEA0WqeRc8Jhv10UjIz/Q3UlcfvKPzVW6yVKo+Lg1FI2QSIfgQY
FgoAJgIbIBYhBPfTeJAiipB0QOH9SEa5Io6BSiqsBQJmqp4GBQkFpUq9AAoJEEa5
Io6BSiqsjF0BAJn0EBEJfszskYiZzMshFHW5k0QUF+Ak3JNh2UG+M6FJAQCQVY/l
DkrvOytuFnKbkDrCaTrtLh/JAmBXpSERIejmDw==
=7cFp
-----END PGP PUBLIC KEY BLOCK----- -----END PGP PUBLIC KEY BLOCK-----

6
misc/builder.nix

@@ -2,10 +2,4 @@
{ {
nix.settings.trusted-users = [ "@nix-builder-users" ]; nix.settings.trusted-users = [ "@nix-builder-users" ];
nix.daemonCPUSchedPolicy = "batch";
boot.binfmt.emulatedSystems = [
"aarch64-linux"
"armv7l-linux"
];
} }

116
modules/robots-txt.nix

@@ -1,116 +0,0 @@
{ config, pkgs, lib, ... }:
let
cfg = config.environment.robots-txt;
robots-txt-format = {
type = let
coercedStrToNonEmptyListOfStr = lib.types.coercedTo lib.types.str lib.singleton (lib.types.nonEmptyListOf lib.types.str);
in lib.types.listOf (lib.types.submodule {
freeformType = lib.types.attrsOf coercedStrToNonEmptyListOfStr;
options = {
pre_comment = lib.mkOption {
description = "Comment to add before the rule";
type = lib.types.lines;
default = "";
};
post_comment = lib.mkOption {
description = "Comment to add after the rule";
type = lib.types.lines;
default = "";
};
};
});
generate = name: value: let
makeComment = comment: lib.pipe comment [
(lib.splitString "\n")
(lib.map (line: if line == "" then "#" else "# ${line}"))
(lib.concatStringsSep "\n")
];
ruleToString = rule: let
user_agent = rule.User-agent or [];
pre_comment = rule.pre_comment;
post_comment = rule.post_comment;
rest = builtins.removeAttrs rule [ "User-agent" "pre_comment" "post_comment" ];
in lib.concatStringsSep "\n" (lib.filter (x: x != null) [
(if (pre_comment != "") then makeComment pre_comment else null)
(let
user-agents = lib.concatMapStringsSep "\n" (value: "User-agent: ${value}") user_agent;
in
if user_agent == [] then null else user-agents
)
(lib.pipe rest [
(lib.mapAttrsToList (ruleName: map (value: "${ruleName}: ${value}")))
lib.concatLists
(lib.concatStringsSep "\n")
])
(if (post_comment != "") then makeComment post_comment else null)
]);
content = lib.concatMapStringsSep "\n\n" ruleToString value;
in pkgs.writeText name content;
};
in
{
options.environment.robots-txt = lib.mkOption {
default = { };
description = ''
Different instances of robots.txt to use with web services.
'';
type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
options = {
enable = lib.mkEnableOption "this instance of robots.txt" // {
default = true;
};
path = lib.mkOption {
description = "The resulting path of the dir containing the robots.txt file";
type = lib.types.path;
readOnly = true;
default = "/etc/robots-txt/${name}";
};
rules = lib.mkOption {
description = "Rules to include in robots.txt";
default = [ ];
example = [
{ User-agent = "Googlebot"; Disallow = "/no-googlebot"; }
{ User-agent = "Bingbot"; Disallow = [ "/no-bingbot" "/no-bingbot2" ]; }
];
type = robots-txt-format.type;
};
virtualHost = lib.mkOption {
description = "An nginx virtual host to add the robots.txt to";
type = lib.types.nullOr lib.types.str;
default = null;
};
};
}));
};
config = {
environment.etc = lib.mapAttrs' (name: value: {
name = "robots-txt/${name}/robots.txt";
value.source = robots-txt-format.generate name value.rules;
}) cfg;
services.nginx.virtualHosts = lib.pipe cfg [
(lib.filterAttrs (_: value: value.virtualHost != null))
(lib.mapAttrs' (name: value: {
name = value.virtualHost;
value = {
locations = {
"= /robots.txt" = {
extraConfig = ''
add_header Content-Type text/plain;
'';
root = cfg.${name}.path;
};
};
};
}))
];
};
}

94
secrets/bakke/bakke.yaml

@@ -1,94 +0,0 @@
hello: ENC[AES256_GCM,data:+GWORSIf9TxmJLw1ytZwPbve2yz5H9ewVE5sOpQzkrRpct6Wes+vTE19Ij8W1g==,iv:C/WhXNBBM/bidC9xynZzk34nYXF3mUjAd4nPXpUlYHs=,tag:OJXSwuI8aNDnHFFTkwyGBQ==,type:str]
example_key: ENC[AES256_GCM,data:ojSsrFYo5YD0YtiqcA==,iv:nvNtG6c0OqnQovzWQLMjcn9vbQ4PPYSv2B43Y8z0h5s=,tag:+h7YUNRA2MTvwGJq1VZW8g==,type:str]
#ENC[AES256_GCM,data:6EvhlBtrl5wqyf6UAGwY8Q==,iv:fzLUjBzyuT17FcP8jlmLrsKW46pu6/lAvAVLHBxje6k=,tag:n+qR1NUqa91uFRIpALKlmw==,type:comment]
example_array:
- ENC[AES256_GCM,data:A38KXABxJzMoKitKpHo=,iv:OlRap3R//9tvKdPLz7uP+lvBa/fD0W8xFzdxIKKFi4E=,tag:QKizPN1fYOv5zZlMVgTIOQ==,type:str]
- ENC[AES256_GCM,data:8X2iVkHQtQMReopWdgM=,iv:2Wq3QOadwd3G3ROXNe7JQD4AL/5H/WV19TBEbxijG/8=,tag:tikKT9Wvzm4Vz5aoy6w9WQ==,type:str]
example_number: ENC[AES256_GCM,data:0K05hiSPh2Ok1A==,iv:IVRo61xkKugv4OiPm0vt9ODm5DC1DzJFdlgQJb1TfTg=,tag:o3xXygVEUD4jaGSJr0Nxtw==,type:float]
example_booleans:
- ENC[AES256_GCM,data:zoykmQ==,iv:1JGy1Cg5GdAiod9qPSzW+wsG6rUgUJyYMEE4k576Tlk=,tag:RUCbytPpo78bqlAVEUsbLg==,type:bool]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1syted6kt48sumjjucggh6r3uca4x2ppp4mfungf3lamkt2le05csc99633
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBlYmlqekUzY2NlQzAxQmZB
QllRaVVWSnpNNm4xWlpwNHdMOTJRS2hnS0FzClhkd1hHZk9NWWF3K25HWkxwbEUv
bXpmQjNTTERaRDlKODh2NEdIaytJYlUKLS0tIE5ZNGhrbUNONU1rY2dqR08rclRO
VHF2MXB2VGNhRzJ2czk5RGlLRm1QM0kKFQhRRrISgmU1neqwAewsS2AVog4Gg2QX
ukHvwzO8B6EHH83ppR9Z56aThSmyTSrU5TMwRiLRCWjKGpbL8Gap3Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSamUvT015TW9iQ3F5UHla
SWJ6cjQ0aEdmd0U0WUViL293MEtUazMrY1NVCmgvNXNhZzBSM1Y4b1JnbktQcm9Q
Rm9CaU9oZExyMFg5aVlQaHhZMkdhQUkKLS0tIDRiSHY2eFA5NmRtaTNYcnNiQ1Fx
RzhPY2l5UnREeFArWE5lS0p1TlBFdFkKoaV8MHuRCvPapWy/SDFjbtRSnzpU9qpL
uTfUHMYAkzTwftoQyKYRXY3Qizznn6O8e8SGgLUGPBk0HwrU9vq/8A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEaDVaaVAzSnMxSERHT1BM
TkthN0VQL3QzNGUranBxSE41ZW5ZeW5hL3cwCmR3SVk4bEtRdW53cURRbDh6SEZ3
OUx1ZDZtZmdSRjlKWWpSTi9ndnNsZTgKLS0tIDlja3h0N2dxUUZzMWVmZ1lTY0lO
VVBiSzAyamlTV3RXRTB4VDJubnRJbzAKZKALwMcN8rpCZdTPE17wNcqt81Lyh0lb
paU9GRRp5qBxMaNZaHGirhZWChf3ZjyA/assN4EWSNYe1yzNq9TCPg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCdW0vOHpiUnYwNkRaTzdH
NVlKazBUWHlzazRKZlZKZVpXZ1BNdjUreVV3CnlIRXpCTUdwSUNkSXRFdVdnM0E1
blZYdnpDK3orcTdQNVk5U3JiMEVEaTgKLS0tIGR1V1d0dW1TSDROQ1pVY0ZvellP
WnNxOFlNTWpxV0J2VWk1WDE4UjViUHcKZcGxaNaoalFmc1h2AOf5MKS9O7Kid+Xx
WatBjO9oU+lVcy2HGJhuDYoEg6cQ0ER+HTnfZwJRzDwBB6DCyeH8IQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLbm0wMW92U0tMaGR3bzdJ
c3QrODN3eXIvb1V2TVZldExpNzZoWEc5UkdjCmtETGxvK0ZHbWVvL1MrdVJOL2V1
R3Y4SjhlT3lObGdWRVZQSHh6MUJFd0kKLS0tIDhnOFQ3dEsrVnJWU1lUQlFzd3l1
Ny9NbUd1L201cTdkYWQvbHJIRjVWa1UKcHICycS4yPtk0lXrDJmFpS66C7c+GIdS
XzghorP2JQxpb3uUcy2XwOHJZMWy0KbFKYjLsIH48oJqqQ9j43WS8w==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0YmFheU4wSG9QZTNtRVRz
Z21zalZBcWNObEFabXgxOWdYY3F1MENlMlc4CmtWeFl0ZSt4bUo0R3dydEozK3V1
dnZlZmtjMk9rdFZlTzFqUXJUdFNZWVUKLS0tIGU2VTdNVCsvRitZMXVleUg0L3lC
dU5QblEyZzJBOWJOeGoxQ29OS29hczgKC03MEGwaYq7WKKhh7pq1QOQfjH+L5+8b
HXP90cOyvc+dnpV/D2lSns6iK92FYOYVQ+wMjCsoB7zMj24MjPc03w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-15T21:42:17Z"
mac: ENC[AES256_GCM,data:2gH/ZaxSA6ShRu53dxj7V3jk7FsVdYS+PSHQyFT8qMvKM1hsQ/nWrKt00PUl9I7Gb4uomP9Ga3SyphYOXRBzKoV+x52oEWOJE3Q4iPrwdCkyHlxEezhTd/ZRQVatG6dvHpLuDNS9Dyph4f7Mw5USI+m4WeVdgCvHTydw+4KIfP4=,iv:yimfq96WVsagvKr8HTg1RdZBSrVGcCWPvv8XOXkOfcg=,tag:zHzdrE0PX5+AeD2lpqeJVQ==,type:str]
pgp:
- created_at: "2025-03-15T21:46:06Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA0av/duuklWYAQ//QdHVK0PzPDj4BhvVm/FCiRMdKGw7BFDR/+qhxhEULMnu
6YSBtO5HMNhIkLlb+3gs/iIJ9+RxQjcxl00sUoEKpucE03QdmRD5EhGoNk3lNKc+
A2xelfPFOtbJpzjLub6JwsyfAQMO3c+Wj4f3SKCWK/ad8MVr2xHEhCUfoG9g5w4O
KprijBL98/nCXnhhseXFQLvlSIeAUcGMSj+nyvIpBVDIOsYPmgYxZDTOajRFQhcT
ZfAA36ViPwEz9LKSMvZe1KYHJVwrUsSrCdTZWZtRUb2udiVXCh6bFNd/eTqdMKiz
OBWtnYjD/JNpCtQmy+Y6xsy16udvuPZigY7Rb7CGKOoM4F32QUb22yY5DBLZDq+e
XCq1cQCZ+CCqHa3+7dqvZcnbTDa1plCdoinRaZNLuT9cKoclIZjFNW7bBbPTnFhx
0e8Zs85CJgarEE8K4b+6unBRN1C+awjCCeSXrPCcz59+qIyY/DC5EsjjV/11VTC3
WlHrafbOF1umDZ+Vp2ihylQO+gedVKvQ4qPLkweXn0u1UqokoxcCh+FsdUiGeeDp
PsRAQukmo60IPfnwVlZqpMVmJJ5gXIUOEZF7BmTvvcRzZIHTtJZFcNjYHyl5+/Un
r6CWiJbExYJm6cLVr8ZBA7gCg6XiVmdRQ/edkVfMHBharH0H8PNxd8WCgkelmsPS
XgFfQwymmSTaZHewifFWYe75rDJ8TPLmmmR1JCkIK8lJy6vygQ4k+JL6rKekVW/P
SYLrwup1QwcZR78gxjr7lzZNbAKij331EoSsO2+O+MQcfJIeUP51G6+UgJkxRfo=
=DyBj
-----END PGP MESSAGE-----
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
unencrypted_suffix: _unencrypted
version: 3.8.1

18
secrets/ildkule/ildkule.yaml

@@ -1,5 +1,15 @@
#ENC[AES256_GCM,data:oyFG9fCzJH8yLB0QY78CVOcYO6Ttp/ARqtIcXwWGYOvL6nW+yLcakrdmVA96sR5toywb32aW,iv:7o3FI0cI6GHCwmQfLYh2iAVr8sELOMoxGSzE5qvuAaI=,tag:z9F1c4dOIiy2FtKpBwm5wg==,type:comment]
#ENC[AES256_GCM,data:nhDznFCozGpXdYBfumLyhp7TnA7C/IqBCpHJ,iv:3AZN6iVBha8Qh5/X6Yn/5JWsGhDXlE/zdUh1CcO7fQc=,tag:59DaAyKTOmkKty4eyFWFqw==,type:comment]
#ENC[AES256_GCM,data:vQu+AG19Vy94xxwj196G2uk9,iv:YJGBvoMgOngjn/TeuXeoU82daRvJDxvCQMYb3XCPlw0=,tag:fU6ZhhmAh0yh3/QuXbCNkQ==,type:comment]
#ENC[AES256_GCM,data:S1UOENn/ewhw8Pb9CmKp,iv:jafOhkCoiTm5HXQ/S611L4VlQFa1Wqr5WIIRzLQm3i0=,tag:6CQ+Y9E/FxWN8K+D9J7+Fg==,type:comment]
#ENC[AES256_GCM,data:lHHmoCHyP2Tc3waRGeMPEasQiv5+,iv:W6SSFpeWBfTBOEDo4P9hox39eoAiO40Ay4T3QeiI9Tw=,tag:9bLbcEZ9/B1QolDettwcfg==,type:comment]
#ENC[AES256_GCM,data:DrF4XHSd8QAWn5h1xEGGpDKMQcLF,iv:nPCBbThQh/Aa+uccKJtmiCXSvoJKHxZMJ42yFkV+hi8=,tag:3l50mMn7cPoCnjPcHv1+Vg==,type:comment]
#ENC[AES256_GCM,data:ADUhFzufaR2xXNOLgiXKu5Cd8Zx3waYeZiLF,iv:WMK2gJwplf6r/EdijrvrOBHgPL57W+UMIQ8dBPp/DBA=,tag:E/q/ccAd7UH3BV7nut6Slg==,type:comment]
#ENC[AES256_GCM,data:IVFSM6VOWnR0YDRfecsDPlYr,iv:Jxe8pq3lxw5QUGKyspB8tWSquDSMo3mAJBAsQGKxSec=,tag:7bffwY98iTX4/De0coUIxA==,type:comment]
#ENC[AES256_GCM,data:pHSDnojWTLYXIKk=,iv:ph2xCpxbP3OiWm+B/MDboykPa2gtCWpP0b3j96YCDh4=,tag:u5hmvxHaa/m8GaSeYvONmg==,type:comment]
#ENC[AES256_GCM,data:Q0fCyyP0DJqUyJPo,iv:qwBE3c2VqF52Yq8POXhy2Qv2xJd82wL1aX4eVY6wL1w=,tag:IwmbD7XqIkemOTODBKpS0g==,type:comment]
config: config:
mysqld_exporter_password: ENC[AES256_GCM,data:I9K+QMqaN3FOOVKzeOR9Q6UERStXX0P8WEHyN1jzzbM=,iv:UxvIdlfAyJvNuxPkU4+guKPa0fiD0vVLzHOTYktcmso=,tag:ltnIqEwESYx9HBu8UN0ZLw==,type:str] mysqld_exporter: ENC[AES256_GCM,data:w4muNsWmsW1fPx9nqtDGPCZ9faO3W5Pagn/DfWrb5yf88GQOzOsN4z7TH3QeW0Xs6I5jDIktGmFml6RDxCjD8UX9eer1pvC7Kxyl2DQKLHwmsgx1DUFNTRUzE1Sgx8rZAJ8HM7DO7L/6aXS0ndY4J+huyhDDVd+cIetgiQ==,iv:Q4cZD9CKd/EDOm4bjAE2EOstwKpwexF2pxhMEF0/5/k=,tag:S0rOLJS+b9ualtxcHKdHlw==,type:str]
keys: keys:
grafana: grafana:
secret_key: ENC[AES256_GCM,data:+WoAJbDBEgKs0RoHT+7oEELAVQ+/2Xt+5RTMSXg23moCqVRx+Gzll9P5Drw=,iv:AkRn/Y20iEe5i1T+84wAgLCTFtAox2G3giyawAkltAw=,tag:BZbt5Wb5lYLIJBm/pfP4GQ==,type:str] secret_key: ENC[AES256_GCM,data:+WoAJbDBEgKs0RoHT+7oEELAVQ+/2Xt+5RTMSXg23moCqVRx+Gzll9P5Drw=,iv:AkRn/Y20iEe5i1T+84wAgLCTFtAox2G3giyawAkltAw=,tag:BZbt5Wb5lYLIJBm/pfP4GQ==,type:str]
@@ -67,8 +77,8 @@ sops:
WDRSdDZRa1lIbEVTdDlhU1dwUXUzQTgK5iE4Cf/zjsPYHKcqYA0rFqY0TNcCnzNU WDRSdDZRa1lIbEVTdDlhU1dwUXUzQTgK5iE4Cf/zjsPYHKcqYA0rFqY0TNcCnzNU
vTM+cEPaA+/FXTwLfPpaiSkg5Fq8k2XdeMQsjQnglTBSWCwAJin27g== vTM+cEPaA+/FXTwLfPpaiSkg5Fq8k2XdeMQsjQnglTBSWCwAJin27g==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-16T20:08:18Z" lastmodified: "2024-04-20T23:41:59Z"
mac: ENC[AES256_GCM,data:C2tpWppc13jKJq5d4nmAKQOaNWHm27TKwxAxm1fi2lejN1lqUaoz5bHfTBA7MfaWvuP5uZnfbtG32eeu48mnlWpo58XRUFFecAhb9JUpW9s5IR3/nbzLNkGU7H5C0oWPrxI4thd+bAVduIgBjjFyGj1pe6J9db3c0yUWRwNlwGU=,iv:YpoQ4psiFYOWLGipxv1QvRvr034XFsyn2Bhyy39HmOo=,tag:ByiCWygFC/VokVTbdLoLgg==,type:str] mac: ENC[AES256_GCM,data:38Ask+adT2FshF8DYEfCWeVWt4KiaJsTXhF7Ib3xxdfQ6vAixM2OXTaK/qqUvN6gQok9TFF+HMJBJ+jezV00nVcKUYn04FaU2/D2zdam44eEEYEEovmfAZ6vbC+CiDv4d/DCc3hnYtDZCEgUTfP4gsZ9rLZFAOwaOFWRJxcDi6Y=,iv:BzuWdTjn6LhscNeouHjM7IYKxTahA8PzzlHSCYZ618s=,tag:BWtPbNwzdOJb788eOO5ZNA==,type:str]
pgp: pgp:
- created_at: "2024-08-04T00:03:54Z" - created_at: "2024-08-04T00:03:54Z"
enc: |- enc: |-
@@ -91,4 +101,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: F7D37890228A907440E1FD4846B9228E814A2AAC fp: F7D37890228A907440E1FD4846B9228E814A2AAC
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.4 version: 3.8.1

95
secrets/kommode/kommode.yaml

@@ -1,95 +0,0 @@
gitea:
web-secret-provider:
token: ENC[AES256_GCM,data:7ljFuW0CApzvvGSpWa7fiITIXtejhZk5aed70NNup6AS2GpDOv1NMw==,iv:vi+0BM4QkpnMatlGU6rdEYnCgGUU3U8SuE3imbwKfdE=,tag:uTFaeS/56t/MfBwb1hpkvA==,type:str]
password: ENC[AES256_GCM,data:1Hr2M95xT6J4SxnQLWe9ZQ7q4BIAACnpQXEGyCEm2OgRb/kqyv2s+gJAsw==,iv:95CbOJzeGl+jT8OsSSSx+DH8KYD1HtbXOyZhR60QwnU=,tag:dheIVvgqpiFrKvLLpFlPBg==,type:str]
database: ENC[AES256_GCM,data:nDZqnSBKijyhslBjhSu9weqLVJzUiBD8Ltu/nmllicadraeISylyEk3pOA==,iv:XFzM1pGv98jehdgvlZN217LrsK8TcAMFK5eDrPi2bm0=,tag:+YpXqMmvMTrnt7cDK/Sa7A==,type:str]
email-password: ENC[AES256_GCM,data:tasMZ2Zu449o/mH6uSSPM7cFOlBg4vC+,iv:lDNMvXh5P3HNy9pW6nBsSLCyij/3HiSRunVuLeKAmbI=,tag:ApqGWYE9MSE8m6iYLK6Yww==,type:str]
passwd-ssh-key: ENC[AES256_GCM,data:VOp8vqVoX9IFJhzpKy0J+AzyX3TvxEIBvv3dXpD1f8szmUyPwd4gDOlaFpqTSDu8ebmK3m/D0FMTkfBkPVhUG6XTPo7YIV37gLhfsBF6CuwCMXxTQAd23nfpwJKcDIn3R5h8Mu4MMme2Ev/4PNDztktmIYv3KoEbPglzBMS4LrZqJsDilvIYKEIDUExhSAkESKQZiIzK1TdtWDQSUzvUZ3OsbxONZgaTw5e+xz3qk/q+IR5eRNp9fpeZQ8EkpC7aa/JDIwxzNIuMFi8W9PWh6ANmAOm6GK7JSKiHYQL8GofVifhUGUanAnjgDTYkIWpDiSsuHjfDPGupFCeONNd+Wd4NpJZsej3p9ldLOVxa01Le2tIVYY80jUWT0dpV9IJ5syp4gVaky5Vk6i2QhvjunDoEUnArSRGyMTxWfxAxZLvbLYMNAJDoWzy25vf3jteNB43lVHckEW1F8w/RtzoKzbjKYiANHg+eNLVq0HK67gX2twpblNN4OBt9d03ZbV2lZjTMXGzJXHGFT5ZPDwTkxcDooNvoRuCMe8t8dpuksHFaIp4=,iv:3sgiIgGD9pmCMLVRk0Q8+7GZajYIWsokDUx9JuNrO2c=,tag:WDXyNYtqjdAMePEsnA0hbw==,type:str]
gpg-signing-key: ENC[AES256_GCM,data:AyafTF3H8p1qDk9xsNvT68BksoKGLwE2uE3hjz0TrT2XPxCRDOIlfAVYEPSu2Ih6l5a2uruEJhHPtU2fPCB2hln3Bv3gZfFGLb3GFWkSvdePIYFxG56uqGK5dE1KaMccc2cTi+raDImKqSTbp7Qpdo/c6C0WYVglYrD+2l8Y4QOiFuazyLY9zwcX0qG7pIjJ+akCUjfE4rJDAW6H/v+OqvHpcED3q4iXOYuw9sj/UeIgZfJ5Xc/uVrRmPewP4yALnA8o9gsaaLdjWRFIILe7VRwPr0YqwQ6XGgc+pEartkV8AzxjCq6DOtifOOzmu8EI1U1yoaOViYCAMbSHfP6SIKr7pJbrdU+YDBq9mvRx8KPXWUU2uNGrMObATEzlqMYAYA/HJeOdV4w3Axvq8RG2FLkJxJJniwNP5VZRF3bbbI3w+hprRP2yAwgeQw19KBU8yF8upKga/GdMNScpKJvRyVLjZtI0rsfvSC81lHawouuje6aPXT3dH1S5ROJBHMTeV0sP0vK6liBevz9RZpvNs6JVyNCgiRRtRSSYqsgwPJonDKuPeI/Zpgih7HboA8HqhIibqpO96h5/4yO69oJAbLUYV3zlKQcMDTaqadL4Ox5Z+8ygSAL3l1ufZIFGSj73SNHGQqQlIS/a3dAccRi5fPqv0gOmGFAAUJPKfeauFn3TclwojKzu5vwmQxZ5g50txEpTSTaYOy++qq6UZa/dXEyDC7fle75dXhqXyqMCf9kDwZZl5E9eBsabNdTF+auQCp82iLQivdBy7uJX2hkJFSg84fF9MLgH4mOcMQc2E/z961uNzEgoyvVhbDY6+SIJ+6SGmnardbFW7mYrj/QqnSUiMc4tHukAB4NGQYHgjOYRZMpHfVO/6dLbjmTOljnPsnfQUCepvb9rGim8NazvnARaVzezx4t3tfbNR8uLQudSeLZzn/Fu1mKSQvpP+IjdglmyAgp6QhB4OCDPbiaMRDUtOQIzlVILdz1/geUVzhZkJ4xzkm5klGukhtv+3TqjiTcEnoVJC+A1jRvxBQUfEE92GFuupJUfrw8bIDqsWQLkHPCNUMgdoKa/q2OkrWeQz2zm2yUqMAJn1/puoLHdSH5aCELUggx1gQZoc480pSBUvSCML+Qc4B4Cd6hX2PPp+/KQeKtfqHIsKz2I+DMT6KDirReX6WHxqk+s2DtLw7Wx/j65PWCIWLCz,iv:c9BDRxQImWTmwq11+T2CW0S00Dixd8d0od5xn5zZmY8=,tag:brnMedsdTwlkbaHaLa2w2g==,type:str]
ssh-known-hosts: ENC[AES256_GCM,data:P6hKaCpcZdXIy4rE/1b1+66Md/3Kmviileb0OIT3Vz4IVsDLecBh3IiadHq66V4KocXC4LBUNFjcrxlVVGIonHJ3qd6VpQUwG0n83yhj6LD5hgxmZ5phAyR77Ri8BiH1lWUcg51L2k0U+WJFPP6JkumT9MEz1t1+JYr5Imij6GKRWRKFwTbU6QJwFH4tCA/iGw0ElrzIjSHiNiwIKfbm8yas9vlOhr4y7vCeV10hVyvV,iv:dZ8hQxhn7pokWbQG/8rQ2vFDpPYut7WCG3xy9g6kzNs=,tag:xMyPtJJoh8kjJcOT4t9aRA==,type:str]
import-user-env: ENC[AES256_GCM,data:9SE2k3/IJqbdexj0QFSQBQ1+u1AduWNjt+0XIHryJlxIEdvv9a+6hP4EXPo+31GnaE4=,iv:qZlWOBV5owr3ESTyFaV/R8VwlGl04kaui80I2zYk4zY=,tag:PhjRfEC1xoHaYyl648yCVw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1mt4d0hg5g76qp7j0884llemy0k2ymr5up8vfudz6vzvsflk5nptqqd32ly
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjWnlOa1NGME00dVhBQ3Z2
UE1HZlc0Nldrb1VwZTk0Z2I2Nm5ZazV6WndFCnNoM2JaWFJnazJaWlltVW9uNGhm
UmdPSWlsdllORFhyMzRhYXBKQjRqWmcKLS0tIC91RmRCNG91UW1xb1pETXczSDlM
aStmM20xL0hHT3VnMWpTSEltZEpqT1kKj7Io72QSR/dgggQRBZ0gjs0Q7Y3GIP9K
GPgvKGxEi8CcrUj5J9u7rDUed1/TowgWWs/ujt/8q2zfli7AjTpS1w==
-----END AGE ENCRYPTED FILE-----
- recipient: age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByclROelpuQUFPQlFpREJr
NjhlUDA0TGw4R2FKbmRwWEVCSldrem9neVI0CmU1Q29qUUNZbmZDSkx0UmZmNkVL
dmNQMEJjRjJtcWFYNE1SamV5SUozZVUKLS0tIFBMdFB5TTV4dGRoeVNnYWV5dERY
ejV3RTlSMjNlcGNreXM0YjhpUkVxUzQK2xB69WIRrMPNdZuJUzwuNM/a/Qzpyp7b
nInPmTCCOhqc3eNFSc+od6y5urMeW+r2i2iNV4B2rIdJTdLl1434eg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBuVFEyaWtlV0F1d0QvMGpU
KzUxdGpXRUMzOWhSODJNYU1Id1Evbm1QelVzCmNZS3NSNWZlZDhPYUVCS3ZIUXRM
aVdScUI5aFI0aXU1ZUx0VjBBQW1hRUUKLS0tIGtOcmFNTXIxdEV0RlI0akJpWEM0
bk9lWDZkS3BrM0t6V2xEbVdtZlQ1aTgKv7bIQpdGIoXMxPZDmLzqunIEaqQ5M63r
Qu1oFC+yZh2UlkjGxKE6HMlMGn0CnBcTa8XvBaEVMfchVR/2WVq8TQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGQWM5dlFCbTIrSXlZYnBw
VVQzK1ZiaXpQcTcwQzV5YVV3d1A2L012K1NBCmpXNnNnenNrNTZDUjdXdzNXd2R2
T3FSc3BLdUUxWEs2OXlRNEdieXU1bEkKLS0tIFJkU0ZGcjd4bEUyOWFZeHVUMHow
dVNTbk41S0VUNndQLzRoZ2ZpVTVqNU0Kp6okYalYtbI1CFuJq/881ZyOVpFoRq0j
DvG2E2U+go6XftSaJ59DIUC6rzVBg1JKpJX3TS6SJhe+T+1paoxG/A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArYVdXc2hrQ0JFQnF6NFpG
UWVMVTN5U0JuQkRxU1ExdUlpWkV4RHlvYUNZCmIzOFI5QnVrMU84VTV6WmcxdjdZ
aTZpOWZNdGNoSnJ2c0R2UzJ2cU1TRmMKLS0tIGFxTkxaYjUvaUxsRmhxRmpVeFFD
aWt5dnlUYWxoUUlHTjRnWEVBU0NzODQKQ2v9oCbXhUhRnURyHWbAIJHGjgb/eVp1
h9Tdld0TWTxxbyN8JkRa80B8JpUVwHgeqJmq2krnhDrYLN9zaugVMQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4bFd5OGpvY0YxczdkVnVY
ZXExNnY1UXBtb0d4MFNYR3JrMTN1SXhNOUhrCi9xVm1HZDhHZmpEdmdJNVBFcWhv
UjI3VDNycEpKdTNnbVU1eVFUeUZuZTAKLS0tIE5GdEJ3Nk1oam9KYUVCMk9CVmpL
OCtLcUZwL084TUp0QmpSQXNtSFhHYkUKwGvXXE9AWlrlDgRl2ECCmej7IMztO+fx
852Vu610cI9FLv5oghlKM769+/A2QP82KwdxZ4MaRSDvJwXKBi16aw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-16T13:03:12Z"
mac: ENC[AES256_GCM,data:cuMHvEjR3nA/LqGHwIGOD+rWwmvg0fPiFtVTDLATKuc0Ulf+0PKogv9cddmXlmqaBOLMkmZue44egEpiLoNm38kEr7gPfP7XKj3kkwL2U4BiS43JEokt5CEq44sSETKylEMEVajgOEwyWn1od4MLxa7xsuhbvGvDpsbvjyPvzh0=,iv:zWFNpOS9cgCs36rdW9FcJ+jG3HrjRmcw2Ogz7QZuyJQ=,tag:L3x6Bsu+7n5A0/Dx0HghkA==,type:str]
pgp:
- created_at: "2025-03-16T13:02:45Z"
enc: |-
-----BEGIN PGP MESSAGE-----
hQIMA0av/duuklWYAQ/9Ey8zpaRU7DuvVaKTaybgkLCPTKNyq6mKXAusKqC0adMu
9G4M8G18uEoo6/Oa1LpJsQneU05EFuStZPaCs9+zxe5ZU2YhcVcDGAHgCDFBbI27
7kzUVxA/n5cK61CfIslNYdJolceJeLyH9HSrS3k3eI3V6zEQL9Yz05dDz7Nlma4q
AKsnGtLY4og0j2k7HZcK39ikhJGkllZHhsM4RT8/UVeVZF9CxKzwQ2OKbHkhJZyn
LGEpioYAKuIIWm/20y/DQwIYpAilltWkg+RWQUnYeAINAZKSzFNi9vd3N4n6e41t
ikq8Ukpjbesy42w0ju9sbNWayga14OG5STg/qacrCDjp+wY55VJCcEEM/6kPj1rf
e2dBR+eN8VMgcPOlexOf1pkrVhNqz9eDfEfaEtDbFDIgznt0pmLeeYcL3NBa5+Xf
vpGXG3fmgoXvQYW05yY4efBRiex9f70lbhnnngeY9ZbmSpy3ZuzIKq8RgBxy1ve+
4B6RYC2Ag8Tndj1xYfHcrqSNfmxq+xNieFV49PMGDO1hjJF++VASqPuRtX9lz3tZ
Y7E7VPtTESaxEp9IuUgLYYnvSHh1SNIRl3OtcctL+bwbF2wNk5iBha+jC/aXNRU/
PoRv1y+G+0R6aV3hLJjoC+Hrm2JX3FIksk64LRDM9mSI7Yl7MfEFrIzcH4HEzlTS
XAHugaMjpRCntUxlaP2tq4jlrv+PQLh7+uBzzbhLBK6qSjybKiqHBKeluxfYVsDs
rJJicnclRfI1eJPfZDlCr2iggd+2ABYG7uINQVrZYuw2dfb4IvvrqCQz/fBy
=Qb5k
-----END PGP MESSAGE-----
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
unencrypted_suffix: _unencrypted
version: 3.9.4

20
shell.nix

@@ -11,14 +11,14 @@ pkgs.mkShellNoCC {
editorconfig-checker editorconfig-checker
]; ];
env = { shellHook = ''
OS_AUTH_URL = "https://api.stack.it.ntnu.no:5000"; export OS_AUTH_URL=https://api.stack.it.ntnu.no:5000
OS_PROJECT_ID = "b78432a088954cdc850976db13cfd61c"; export OS_PROJECT_ID=b78432a088954cdc850976db13cfd61c
OS_PROJECT_NAME = "STUDORG_Programvareverkstedet"; export OS_PROJECT_NAME="STUDORG_Programvareverkstedet"
OS_USER_DOMAIN_NAME = "NTNU"; export OS_USER_DOMAIN_NAME="NTNU"
OS_PROJECT_DOMAIN_ID = "d3f99bcdaf974685ad0c74c2e5d259db"; export OS_PROJECT_DOMAIN_ID="d3f99bcdaf974685ad0c74c2e5d259db"
OS_REGION_NAME = "NTNU-IT"; export OS_REGION_NAME="NTNU-IT"
OS_INTERFACE = "public"; export OS_INTERFACE=public
OS_IDENTITY_API_VERSION = "3"; export OS_IDENTITY_API_VERSION=3
}; '';
} }

45
shells/cuda.nix

@@ -1,45 +0,0 @@
# nix develop .#cuda
# Copied from https://nixos.wiki/wiki/CUDA
{ pkgs }:
pkgs.mkShell {
name = "cuda-env-shell";
buildInputs = with pkgs; [
autoconf
binutils
curl
freeglut
git
gitRepo
gnumake
gnupg
gperf
libGL
libGLU
m4
ncurses5
procps
stdenv.cc
unzip
util-linux
xorg.libX11
xorg.libXext
xorg.libXi
xorg.libXmu
xorg.libXrandr
xorg.libXv
zlib
cudatoolkit
linuxPackages.nvidia_x11
# Other applications, like
hashcat
];
env = {
CUDA_PATH = pkgs.cudatoolkit;
EXTRA_LDFLAGS = "-L/lib -L${pkgs.linuxPackages.nvidia_x11}/lib";
EXTRA_CCFLAGS = "-I/usr/include";
};
}

12
values.nix

@@ -27,10 +27,6 @@ in rec {
gateway = pvv-ipv4 129; gateway = pvv-ipv4 129;
gateway6 = pvv-ipv6 1; gateway6 = pvv-ipv6 1;
bakke = {
ipv4 = pvv-ipv4 173;
ipv6 = pvv-ipv6 173;
};
bekkalokk = { bekkalokk = {
ipv4 = pvv-ipv4 168; ipv4 = pvv-ipv4 168;
ipv6 = pvv-ipv6 168; ipv6 = pvv-ipv6 168;
@@ -64,18 +60,10 @@ in rec {
ipv4 = pvv-ipv4 204; ipv4 = pvv-ipv4 204;
ipv6 = pvv-ipv6 "1:4f"; # Wtf øystein og daniel why ipv6 = pvv-ipv6 "1:4f"; # Wtf øystein og daniel why
}; };
kommode = {
ipv4 = pvv-ipv4 223;
ipv6 = pvv-ipv6 223;
};
ustetind = { ustetind = {
ipv4 = pvv-ipv4 234; ipv4 = pvv-ipv4 234;
ipv6 = pvv-ipv6 234; ipv6 = pvv-ipv6 234;
}; };
wenche = {
ipv4 = pvv-ipv4 240;
ipv6 = pvv-ipv6 240;
};
}; };
defaultNetworkConfig = { defaultNetworkConfig = {