Compare commits

...

10 Commits

Author SHA1 Message Date
dbe9dbe6f4 flake.lock: bump 2025-09-20 18:59:35 +02:00
2e75f31d3e kommode/gitea: skip some parts in the dumps 2025-09-10 11:27:44 +02:00
1166161858 oppdatere nettsiden 2025-09-08 13:59:41 +02:00
a0164a4038 oppdatere nettsiden 2025-09-08 12:20:09 +02:00
470cc451e0 kommode/gitea: fix backup count
Some checks failed
Eval nix flake / evals (push) Failing after 1m30s
2025-09-04 00:02:58 +02:00
a803de2b23 kommode/gitea: enable sd_notify, enable hardware watchdog
Some checks failed
Eval nix flake / evals (push) Failing after 1m23s
2025-09-03 23:48:22 +02:00
1dc78b6101 kommode/gitea: bindmount repo-archives to /var/cache/gitea
Some checks failed
Eval nix flake / evals (push) Failing after 1m26s
2025-09-03 23:23:16 +02:00
54434b7f93 kommode/gitea: only keep 3 backups 2025-09-03 22:46:13 +02:00
736dc44008 flake: update input pvv-nettsiden (fadderuke -> normal events) 2025-09-01 20:16:50 +02:00
9e68287f1b bicep/minecraft-heatmap: change postgres password, add to sops
Some checks failed
Eval nix flake / evals (push) Failing after 26s
2025-08-25 14:38:25 +02:00
4 changed files with 74 additions and 33 deletions

58
flake.lock generated
View File

@@ -7,11 +7,11 @@
]
},
"locked": {
"lastModified": 1752113600,
"narHash": "sha256-7LYDxKxZgBQ8LZUuolAQ8UkIB+jb4A2UmiR+kzY9CLI=",
"lastModified": 1758287904,
"narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=",
"owner": "nix-community",
"repo": "disko",
"rev": "79264292b7e3482e5702932949de9cbb69fedf6d",
"rev": "67ff9807dd148e704baadbd4fd783b54282ca627",
"type": "github"
},
"original": {
@@ -27,11 +27,11 @@
]
},
"locked": {
"lastModified": 1736621371,
"narHash": "sha256-45UIQSQA7R5iU4YWvilo7mQbhY1Liql9bHBvYa3qRI0=",
"lastModified": 1758384693,
"narHash": "sha256-zakdGo9micgEXGiC5Uq0gE5GkHtX12qaRYLcstKPek4=",
"ref": "refs/heads/main",
"rev": "3729796c1213fe76e568ac28f1df8de4e596950b",
"revCount": 20,
"rev": "5f6a462d87cbe25834e8f31283f39fb46c9c3561",
"revCount": 21,
"type": "git",
"url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git"
},
@@ -48,11 +48,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1752258704,
"narHash": "sha256-pRK99+MCgkeVptbJxXhVMXIXl8uwSdkZDpQzFi3OgkA=",
"lastModified": 1758386174,
"narHash": "sha256-iNDxHSDdb/LlqDbqP9BcZd1QEmks4iYiyN34UhUizZ8=",
"ref": "refs/heads/main",
"rev": "9ff525339b62855d53a44b4dc0154a33ac19e44d",
"revCount": 48,
"rev": "a21fdfe56743afc7de1fb14597711fbd97ddef76",
"revCount": 50,
"type": "git",
"url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git"
},
@@ -159,11 +159,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1752439653,
"narHash": "sha256-mG27U2CFuggpAuozOu/4XAMKaOtJxzJVzdEemjQEBgg=",
"rev": "dfcd5b901dbab46c9c6e80b265648481aafb01f8",
"lastModified": 1758363343,
"narHash": "sha256-TWem5ajoX0vD7j1v/cg3XU7GHWW10HRUQbZL++QNXLk=",
"rev": "b2a3852bd078e68dd2b3dfa8c00c67af1f0a7d20",
"type": "tarball",
"url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.806304.dfcd5b901dba/nixexprs.tar.xz"
"url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.810175.b2a3852bd078/nixexprs.tar.xz"
},
"original": {
"type": "tarball",
@@ -172,11 +172,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1752439402,
"narHash": "sha256-xDfOnjnKStgsgcn9SFPgOV6qzwac4JvGKYyfR++49Pw=",
"rev": "b47d4f01d4213715a1f09b999bab96bb6a5b675e",
"lastModified": 1758361324,
"narHash": "sha256-uCqhgJlmxP3UmyCNZ21ucc5Ic0I2le3rA7+Q61UH1YA=",
"rev": "0f3383ef02bc092d2f82afa4e556743c6e6b74d6",
"type": "tarball",
"url": "https://releases.nixos.org/nixos/unstable-small/nixos-25.11pre829909.b47d4f01d421/nixexprs.tar.xz"
"url": "https://releases.nixos.org/nixos/unstable-small/nixos-25.11pre864278.0f3383ef02bc/nixexprs.tar.xz"
},
"original": {
"type": "tarball",
@@ -210,11 +210,11 @@
]
},
"locked": {
"lastModified": 1755475409,
"narHash": "sha256-9nzP3rpYNWNXtGQnGUS+WjeDkhFiTOBwxoJL9bMi1w0=",
"lastModified": 1757332682,
"narHash": "sha256-4p4aVQWs7jHu3xb6TJlGik20lqbUU/Fc0/EHpzoRlO0=",
"ref": "refs/heads/main",
"rev": "617a799ad8e365192084e51de25cb6f8260668ae",
"revCount": 511,
"rev": "da1113341ad9881d8d333d1e29790317bd7701e7",
"revCount": 518,
"type": "git",
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
},
@@ -248,11 +248,11 @@
]
},
"locked": {
"lastModified": 1752201818,
"narHash": "sha256-d8KczaVT8WFEZdWg//tMAbv8EDyn2YTWcJvSY8gqKBU=",
"lastModified": 1758335443,
"narHash": "sha256-2jaGMj32IckpZgBjn7kG4zyJl66T+2A1Fn2ppkHh91o=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "bd8f8329780b348fedcd37b53dbbee48c08c496d",
"rev": "f1ccb14649cf87e48051a6ac3a571b4a57d84ff3",
"type": "github"
},
"original": {
@@ -268,11 +268,11 @@
]
},
"locked": {
"lastModified": 1751606940,
"narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=",
"lastModified": 1758007585,
"narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d",
"rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139",
"type": "github"
},
"original": {

View File

@@ -7,6 +7,10 @@ in
mode = "600";
};
sops.secrets."minecraft-heatmap/postgres-passwd" = {
mode = "600";
};
services.minecraft-heatmap = {
enable = true;
database = {
@@ -14,7 +18,7 @@ in
port = 5432;
name = "minecraft_heatmap";
user = "minecraft_heatmap";
passwordFile = pkgs.writeText "minecraft-heatmap-password.txt" "1234";
passwordFile = config.sops.secrets."minecraft-heatmap/postgres-passwd".path;
};
};

View File

@@ -1,4 +1,4 @@
{ config, values, lib, unstablePkgs, ... }:
{ config, values, lib, pkgs, unstablePkgs, ... }:
let
cfg = config.services.gitea;
domain = "git.pvv.ntnu.no";
@@ -159,8 +159,17 @@ in {
environment.systemPackages = [ cfg.package ];
systemd.services.gitea.serviceConfig.Type = lib.mkForce "notify";
systemd.services.gitea.serviceConfig.WatchdogSec = "60";
systemd.services.gitea.serviceConfig.CPUSchedulingPolicy = "batch";
systemd.services.gitea.serviceConfig.CacheDirectory = "gitea/repo-archive";
systemd.services.gitea.serviceConfig.BindPaths = [
"%C/gitea/repo-archive:${cfg.stateDir}/data/repo-archive"
];
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
@@ -184,4 +193,31 @@ in {
};
networking.firewall.allowedTCPPorts = [ sshPort ];
systemd.services.gitea-dump = {
serviceConfig.ExecStart = let
args = lib.cli.toGNUCommandLineShell { } {
type = cfg.dump.type;
# This should be declarative on nixos, no need to backup.
skip-custom-dir = true;
# This can be regenerated, no need to backup
skip-index = true;
# Logs are stored in the systemd journal
skip-log = true;
};
in lib.mkForce "${lib.getExe cfg.package} ${args}";
# Only keep n backup files at a time
postStop = let
cu = prog: "'${lib.getExe' pkgs.coreutils prog}'";
backupCount = 3;
in ''
for file in $(${cu "ls"} -t1 '${cfg.dump.backupDir}' | ${cu "sort"} --reverse | ${cu "tail"} -n+${toString (backupCount + 1)}); do
${cu "rm"} "$file"
done
'';
};
}

View File

@@ -6,6 +6,7 @@ mysql:
gickup:
github-token: ENC[AES256_GCM,data:H/yBDLIvEXunmaUha3c2vUWKLRIbl9QrC0t13AQDRCTnrvhabeiUFLNxZ/F+4B6sZ2aPSgZoB69WwnHvh1wLdiFp1qLWKW/jQPvzZOxE4n+jXrnSOutUWktbPzVj,iv:KFW4jRru93JIl9doVFtcNkJDWp89NlzWjPDflHxcL/U=,tag:YtgyRxkoZO9MkuP3DJh7zA==,type:str]
minecraft-heatmap:
postgres-passwd: ENC[AES256_GCM,data:T8s9xct07AJ4/Z6MQjNrqZQq7FerHz8Op+ea8zO2MDLPWWgU7/hBfrr+T4sc1TgT3e5vtE0dVcqCSbZCZj+6zQ==,iv:prx6d8c92OvbL8IjBLAvi1Vqk69D6ZIkAp7E8CSljok=,tag:UA5YS4YwViYZJ2PWzIIM3g==,type:str]
ssh-key:
private: ENC[AES256_GCM,data:h9OtD6hxrxyokFDe9bveAkMICrs3YrsAEqg0RVHV+xCkgkNAdoh85wb1QI8FJ0tga4Bfq8ZxZTdMnexQvbYWL8m/N/P6gWoPPJd7dwGuxaUZu5lqngVuHIhH0yWFWtPXjQ0Zyl5Q1aBKyjzJMvJc/H2iprgVH4YFs/fWf/KDEp17Plvvz0AoPGPrOZErDmne4MtLbW3pUm1r5ACo/41OyXYwjHk1Ywgsoz1CMxe/DrmkADnf7jSDWL6Q0mz8hIIYi8GbToJS4BIJ2plttraxV9sqpIPzS/1jMERNchItlkCppSYIy/eohVmskP8dAySm5Z7HNGGtzWSSGLxq15xKc7OVFYPMI+B35nPnp1LVOUWqBHAqVo7dwxc3VXOlVat7AMknUZnr67d4TIIl5BOdy/rvAxzXS/fDV0zntIs5o3phKStVvq07eZFaOVva45B7Pyyn0PdBhHBt2JcBtm+Xtg9i3xvZdwQgbeeJRhnYgDqK6BVhmtTuirwp1GOyslqaFCjg0MJj+W+d8R9gbbfyFR6YrZQAkcd/o/yZGg86z7Phe18=,iv:nt/+qPBwPZKQt43VJ9FbKjLYioFwCxD7VK9WNCJCmpQ=,tag:MuDfnTiro3VVJq9x5rkEQg==,type:str]
public: ENC[AES256_GCM,data:+fiCO8VRSmV7tmyweYSpZJMOuMORLHkWetYbr20aTQ1vRYr927nYGes4E464t+Dv9OyJPCLmHBdgt7UvxJWuC3pZE8iStnBYnej3D4ebMzi2SMfOkJjGuQSplXtl8QeAYe1YvROmtQ==,iv:thgGQUyWdXfwUt1E/vudoNjl8JjnksFd1rb/asTry+g=,tag:t1iQPocvfI+JafuJycaLuw==,type:str]
@@ -65,8 +66,8 @@ sops:
cTh5bnJ3WW90aXRCSUp6NHFYeU1tZ0kK4afdtJwGNu6wLRI0fuu+mBVeqVeB0rgX
0q5hwyzjiRnHnyjF38CmcGgydSfDRmF6P+WIMbCwXC6LwfRhAmBGPg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-08-22T17:54:32Z"
mac: ENC[AES256_GCM,data:lUcE2bwdgDAAEZWSe9At8Rx5ieixboxJNw7xkXfBRo4OgnU/zp6660lwc7Q9uVQBKZxmdx9BJsGeoWh6eehbTxfJYNhUbAJB/7hnkD2HTiBR/0nJAL9iixlXxehn85QhWZ3KXWQDU9l26X4saYIF3rWvGXlM8oSkoPsPluxGfG4=,iv:0m7LpwOort5mKB0jzd4qnwOACuj/aE+8AoXSuv6Nx/s=,tag:LqxCKFYq+flQ/b361ZZSqw==,type:str]
lastmodified: "2025-08-25T12:27:53Z"
mac: ENC[AES256_GCM,data:GoJ2en7e+D4wjyPJqq7i1s8JPdgFO3wcxrtXOgSKTxi6HTibuIcP4KQcKrCMRAZmXOEL1vpnWFA2uk7S00Av7/QOnzP0Zrk3aPBM6lbB+p9XSabN0sOe1UpZDtAM3bzvS9JZzyztT5nHKvO/eV2rP71y/tYbsT6yvj7Y9zxpvKg=,iv:tQiCr7zpo7g5jZpt2VD9jtFKo32XUWs94Jay+T4XWys=,tag:npBqmlbUUfN+ztttajva3w==,type:str]
pgp:
- created_at: "2024-08-04T00:03:40Z"
enc: |-