Drift/pvv-nixos-config
17
5
Fork 1
Code Issues Pull Requests 11 Actions Wiki Activity

Compare commits

base: Drift:nix-topology
Branches Tags
Drift:main Drift:gitea-vaskepersonalet Drift:errorpages Drift:create-flake-input-exporter Drift:minecraft-heatmap Drift:fix-import-gitea-users-script Drift:gitea-runners-secrets Drift:gitea-runners-cluster Drift:25.05 Drift:new_nodes Drift:ooye Drift:grg-ip Drift:nom Drift:add-skrott Drift:pvvvvv Drift:setup-git-mirroring-on-bicep Drift:init-bakke Drift:gitea-show-license-in-list-view Drift:nix-topology Drift:gitea-robots-txt Drift:dagali-heimdal-openldap-sasl-stack Drift:gitea-navbar-get-started Drift:backup-databases Drift:openwebui Drift:setup-openvpn-tunnel Drift:gitea-gpg-signing Drift:sleipner-authorised-keys Drift:openstack-image-builder Drift:elysium Drift:smartd-notifs Drift:systemd-journald-remote Drift:skrot Drift:deploy-doorbell Drift:misc-gitea-fixes Drift:spotifyd Drift:remote Drift:setup-bikkje-login Drift:ozai-prod Drift:add-bluemap Drift:ozai Drift:setup-postfix-for-service-machines Drift:fix-gitea-ci-runner-network-issues Drift:heimdal-openldap-sasl-testing-on-salsa-on-buskerud Drift:gitea-metrics Drift:misc1 Drift:add-simple-saml-theme Drift:misc-extra-gitea-setup Drift:setup-kerberos Drift:setup-home-areas Drift:shark-kanidm Drift:prometheusexim
..
compare: Drift:openwebui
Branches Tags
Drift:gitea-vaskepersonalet Drift:errorpages Drift:main Drift:create-flake-input-exporter Drift:minecraft-heatmap Drift:fix-import-gitea-users-script Drift:gitea-runners-secrets Drift:gitea-runners-cluster Drift:25.05 Drift:new_nodes Drift:ooye Drift:grg-ip Drift:nom Drift:add-skrott Drift:pvvvvv Drift:setup-git-mirroring-on-bicep Drift:init-bakke Drift:gitea-show-license-in-list-view Drift:nix-topology Drift:gitea-robots-txt Drift:dagali-heimdal-openldap-sasl-stack Drift:gitea-navbar-get-started Drift:backup-databases Drift:openwebui Drift:setup-openvpn-tunnel Drift:gitea-gpg-signing Drift:sleipner-authorised-keys Drift:openstack-image-builder Drift:elysium Drift:smartd-notifs Drift:systemd-journald-remote Drift:skrot Drift:deploy-doorbell Drift:misc-gitea-fixes Drift:spotifyd Drift:remote Drift:setup-bikkje-login Drift:ozai-prod Drift:add-bluemap Drift:ozai Drift:setup-postfix-for-service-machines Drift:fix-gitea-ci-runner-network-issues Drift:heimdal-openldap-sasl-testing-on-salsa-on-buskerud Drift:gitea-metrics Drift:misc1 Drift:add-simple-saml-theme Drift:misc-extra-gitea-setup Drift:setup-kerberos Drift:setup-home-areas Drift:shark-kanidm Drift:prometheusexim

1 Commits
nix-topolo ... openwebui

Author SHA1 Message Date
Adrian Gunnar Lauterer
95a87766eb add openwebui to bekkalokk services
All checks were successful
Eval nix flake / evals (push) Successful in 7m0s
Details 
This is not directly added to the configuration yet, just a start on the service config.
 2024-12-14 21:30:12 +01:00
26 changed files with 185 additions and 829 deletions
Expand all files Collapse all files

7
base/default.nix
View File

@@ -10,8 +10,6 @@
./services/acme.nix ./services/acme.nix
./services/auto-upgrade.nix ./services/auto-upgrade.nix
./services/dbus.nix
./services/fwupd.nix
./services/irqbalance.nix ./services/irqbalance.nix
./services/logrotate.nix ./services/logrotate.nix
./services/nginx.nix ./services/nginx.nix
@@ -19,12 +17,9 @@
./services/postfix.nix ./services/postfix.nix
./services/smartd.nix ./services/smartd.nix
./services/thermald.nix ./services/thermald.nix
./services/userborn.nix
./services/userdbd.nix
]; ];
boot.tmp.cleanOnBoot = lib.mkDefault true; boot.tmp.cleanOnBoot = lib.mkDefault true;
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
time.timeZone = "Europe/Oslo"; time.timeZone = "Europe/Oslo";
@@ -52,8 +47,6 @@
programs.zsh.enable = true; programs.zsh.enable = true;
security.lockKernelModules = true;
security.protectKernelImage = true;
security.sudo.execWheelOnly = true; security.sudo.execWheelOnly = true;
security.sudo.extraConfig = '' security.sudo.extraConfig = ''
Defaults lecture = never Defaults lecture = never

2
base/nix.nix
View File

@@ -5,10 +5,10 @@
automatic = true; automatic = true;
options = "--delete-older-than 2d"; options = "--delete-older-than 2d";
}; };
optimise.automatic = true;
settings = { settings = {
allow-dirty = true; allow-dirty = true;
auto-optimise-store = true;
builders-use-substitutes = true; builders-use-substitutes = true;
experimental-features = [ "nix-command" "flakes" ]; experimental-features = [ "nix-command" "flakes" ];
log-lines = 50; log-lines = 50;

2
base/services/auto-upgrade.nix
View File

@@ -2,7 +2,7 @@
{ {
system.autoUpgrade = { system.autoUpgrade = {
enable = true; enable = true;
flake = "git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git"; flake = "git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git?ref=24.11";
flags = [ flags = [
# --update-input is deprecated since nix 2.22, and removed in lix 2.90 # --update-input is deprecated since nix 2.22, and removed in lix 2.90
# https://git.lix.systems/lix-project/lix/issues/400 # https://git.lix.systems/lix-project/lix/issues/400

7
base/services/dbus.nix
View File

@@ -1,7 +0,0 @@
{ ... }:
{
services.dbus = {
enable = true;
implementation = "broker";
};
}

4
base/services/fwupd.nix
View File

@@ -1,4 +0,0 @@
{ ... }:
{
services.fwupd.enable = true;
}

4
base/services/userborn.nix
View File

@@ -1,4 +0,0 @@
{ ... }:
{
services.userborn.enable = true;
}

4
base/services/userdbd.nix
View File

@@ -1,4 +0,0 @@
{ ... }:
{
services.userdbd.enable = true;
}

257
flake.lock generated
View File

@@ -1,26 +1,5 @@
{ {
"nodes": { "nodes": {
"devshell": {
"inputs": {
"nixpkgs": [
"nix-topology",
"nixpkgs"
]
},
"locked": {
"lastModified": 1728330715,
"narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=",
"owner": "numtide",
"repo": "devshell",
"rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "devshell",
"type": "github"
}
},
"disko": { "disko": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -28,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741786315, "lastModified": 1733168902,
"narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=", "narHash": "sha256-8dupm9GfK+BowGdQd7EHK5V61nneLfr9xR6sc5vtDi0=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de", "rev": "785c1e02c7e465375df971949b8dcbde9ec362e5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -41,83 +20,6 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-utils": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1726560853,
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"gergle": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1736621371,
"narHash": "sha256-45UIQSQA7R5iU4YWvilo7mQbhY1Liql9bHBvYa3qRI0=",
"ref": "main",
"rev": "3729796c1213fe76e568ac28f1df8de4e596950b",
"revCount": 20,
"type": "git",
"url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git"
},
"original": {
"ref": "main",
"type": "git",
"url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"nix-topology",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1709087332,
"narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "637db329424fd7e46cf4185293b9cc8c88c95394",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"greg-ng": { "greg-ng": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -126,18 +28,17 @@
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1736545379, "lastModified": 1730249639,
"narHash": "sha256-PeTTmGumdOX3rd6OKI7QMCrZovCDkrckZbcHr+znxWA=", "narHash": "sha256-G3URSlqCcb+GIvGyki+HHrDM5ZanX/dP9BtppD/SdfI=",
"ref": "main", "ref": "refs/heads/main",
"rev": "74f5316121776db2769385927ec0d0c2cc2b23e4", "rev": "80e0447bcb79adad4f459ada5610f3eae987b4e3",
"revCount": 42, "revCount": 34,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git" "url": "https://git.pvv.ntnu.no/Projects/greg-ng.git"
}, },
"original": { "original": {
"ref": "main",
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git" "url": "https://git.pvv.ntnu.no/Projects/greg-ng.git"
} }
}, },
"grzegorz-clients": { "grzegorz-clients": {
@@ -147,17 +48,17 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1736178795, "lastModified": 1726861934,
"narHash": "sha256-mPdi8cgvIDYcgG3FRG7A4BOIMu2Jef96TPMnV00uXlM=", "narHash": "sha256-lOzPDwktd+pwszUTbpUdQg6iCzInS11fHLfkjmnvJrM=",
"ref": "master", "ref": "refs/heads/master",
"rev": "fde738910de1fd8293535a6382c2f0c2749dd7c1", "rev": "546d921ec46735dbf876e36f4af8df1064d09432",
"revCount": 79, "revCount": 78,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git" "url": "https://git.pvv.ntnu.no/Projects/grzegorz-clients.git"
}, },
"original": { "original": {
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git" "url": "https://git.pvv.ntnu.no/Projects/grzegorz-clients.git"
} }
}, },
"matrix-next": { "matrix-next": {
@@ -167,16 +68,16 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1735857245, "lastModified": 1727410897,
"narHash": "sha256-AKLLPrgXTxgzll3DqVUMa4QlPlRN3QceutgFBmEf8Nk=", "narHash": "sha256-tWsyxvf421ieWUJYgjV7m1eTdr2ZkO3vId7vmtvfFpQ=",
"owner": "dali99", "owner": "dali99",
"repo": "nixos-matrix-modules", "repo": "nixos-matrix-modules",
"rev": "da9dc0479ffe22362793c87dc089035facf6ec4d", "rev": "ff787d410cba17882cd7b6e2e22cc88d4064193c",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "dali99", "owner": "dali99",
"ref": "0.7.0", "ref": "v0.6.1",
"repo": "nixos-matrix-modules", "repo": "nixos-matrix-modules",
"type": "github" "type": "github"
} }
@@ -185,15 +86,15 @@
"locked": { "locked": {
"lastModified": 1725277886, "lastModified": 1725277886,
"narHash": "sha256-Fw4VbbE3EfypQWSgPDFfvVH47BHeg3ptsO715NlUM8Q=", "narHash": "sha256-Fw4VbbE3EfypQWSgPDFfvVH47BHeg3ptsO715NlUM8Q=",
"ref": "master", "ref": "refs/heads/master",
"rev": "1b4087bd3322a2e2ba84271c8fcc013e6b641a58", "rev": "1b4087bd3322a2e2ba84271c8fcc013e6b641a58",
"revCount": 2, "revCount": 2,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git" "url": "https://git.pvv.ntnu.no/Drift/minecraft-data.git"
}, },
"original": { "original": {
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git" "url": "https://git.pvv.ntnu.no/Drift/minecraft-data.git"
} }
}, },
"nix-gitea-themes": { "nix-gitea-themes": {
@@ -203,50 +104,26 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1736531400, "lastModified": 1714416973,
"narHash": "sha256-+X/HVI1AwoPcud28wI35XRrc1kDgkYdDUGABJBAkxDI=", "narHash": "sha256-aZUcvXjdETUC6wVQpWDVjLUzwpDAEca8yR0ITDeK39o=",
"ref": "main", "ref": "refs/heads/main",
"rev": "e4dafd06b3d7e9e6e07617766e9c3743134571b7", "rev": "2b23c0ba8aae68d3cb6789f0f6e4891cef26cc6d",
"revCount": 7, "revCount": 6,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git" "url": "https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git"
}, },
"original": { "original": {
"ref": "main",
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git" "url": "https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git"
} }
}, },
"nix-topology": {
"inputs": {
"devshell": "devshell",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1738246091,
"narHash": "sha256-2+KkZsRO+XlOFbXbRgMZbRtlqn5MBNYj4HNmZ/2Tojg=",
"owner": "oddlama",
"repo": "nix-topology",
"rev": "5526269fa3eedf4f4bc00c0bf7a03db31d24b029",
"type": "github"
},
"original": {
"owner": "oddlama",
"repo": "nix-topology",
"type": "github"
}
},
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1741969460, "lastModified": 1733466147,
"narHash": "sha256-SCNxTTBfMJV7XuTcLUfdAd6cgCGsazzi+DoPrceQrZ0=", "narHash": "sha256-1QAch5UZXGDc8Kh3PvdIKfVNeebjZFWiIKn8lAr1ZBM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "68612419aa6c9fd5b178b81e6fabbdf46d300ea4", "rev": "66dddf2c2aae34272f117ea95a06efe376edbe27",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -258,11 +135,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1742051767, "lastModified": 1733603762,
"narHash": "sha256-JpyjnalnIqJ7cvP8HzaoJN9/i2bDx83dToodHHjGuNg=", "narHash": "sha256-E+cuaL8s1oHCumWD/Zkw0gkLOOQcz848pVyLfvqWDVw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ec886d10b507760c90ed01e2eac7f0679d0a47ae", "rev": "b1dd465e8139748a8e26037fdd4c5ffe79457cbd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -272,33 +149,6 @@
"type": "github" "type": "github"
} }
}, },
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"gitignore": "gitignore",
"nixpkgs": [
"nix-topology",
"nixpkgs"
],
"nixpkgs-stable": [
"nix-topology",
"nixpkgs"
]
},
"locked": {
"lastModified": 1730797577,
"narHash": "sha256-SrID5yVpyUfknUTGWgYkTyvdr9J1LxUym4om3SVGPkg=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "1864030ed24a2b8b4e4d386a5eeaf0c5369e50a9",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"pvv-calendar-bot": { "pvv-calendar-bot": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -308,14 +158,13 @@
"locked": { "locked": {
"lastModified": 1723850344, "lastModified": 1723850344,
"narHash": "sha256-aT37O9l9eclWEnqxASVNBL1dKwDHZUOqdbA4VO9DJvw=", "narHash": "sha256-aT37O9l9eclWEnqxASVNBL1dKwDHZUOqdbA4VO9DJvw=",
"ref": "main", "ref": "refs/heads/main",
"rev": "38b66677ab8c01aee10cd59e745af9ce3ea88092", "rev": "38b66677ab8c01aee10cd59e745af9ce3ea88092",
"revCount": 19, "revCount": 19,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git" "url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git"
}, },
"original": { "original": {
"ref": "main",
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git" "url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git"
} }
@@ -327,16 +176,15 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741738148, "lastModified": 1725212759,
"narHash": "sha256-cJo6nbcJEOjkazkZ194NDnlsZe0W0wpxeUh2/886uC8=", "narHash": "sha256-yZBsefIarFUEhFRj+rCGMp9Zvag3MCafqV/JfGVRVwc=",
"ref": "main", "ref": "refs/heads/master",
"rev": "c1802e7cf27c7cf8b4890354c982a4eef5b11593", "rev": "e7b66b4bc6a89bab74bac45b87e9434f5165355f",
"revCount": 486, "revCount": 473,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git" "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
}, },
"original": { "original": {
"ref": "main",
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git" "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
} }
@@ -344,13 +192,11 @@
"root": { "root": {
"inputs": { "inputs": {
"disko": "disko", "disko": "disko",
"gergle": "gergle",
"greg-ng": "greg-ng", "greg-ng": "greg-ng",
"grzegorz-clients": "grzegorz-clients", "grzegorz-clients": "grzegorz-clients",
"matrix-next": "matrix-next", "matrix-next": "matrix-next",
"minecraft-data": "minecraft-data", "minecraft-data": "minecraft-data",
"nix-gitea-themes": "nix-gitea-themes", "nix-gitea-themes": "nix-gitea-themes",
"nix-topology": "nix-topology",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"pvv-calendar-bot": "pvv-calendar-bot", "pvv-calendar-bot": "pvv-calendar-bot",
@@ -386,11 +232,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1741861888, "lastModified": 1733128155,
"narHash": "sha256-ynOgXAyToeE1UdLNfrUn/hL7MN0OpIS2BtNdLjpjPf0=", "narHash": "sha256-m6/qwJAJYcidGMEdLqjKzRIjapK4nUfMq7rDCTmZajc=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "d016ce0365b87d848a57c12ffcfdc71da7a2b55f", "rev": "c6134b6fff6bda95a1ac872a2a9d5f32e3c37856",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -398,21 +244,6 @@
"repo": "sops-nix", "repo": "sops-nix",
"type": "github" "type": "github"
} }
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

38
flake.nix
View File

@@ -11,29 +11,24 @@
disko.url = "github:nix-community/disko"; disko.url = "github:nix-community/disko";
disko.inputs.nixpkgs.follows = "nixpkgs"; disko.inputs.nixpkgs.follows = "nixpkgs";
nix-topology.url = "github:oddlama/nix-topology"; pvv-nettsiden.url = "git+https://git.pvv.ntnu.no/Projects/nettsiden.git";
nix-topology.inputs.nixpkgs.follows = "nixpkgs";
pvv-nettsiden.url = "git+https://git.pvv.ntnu.no/Projects/nettsiden.git?ref=main";
pvv-nettsiden.inputs.nixpkgs.follows = "nixpkgs"; pvv-nettsiden.inputs.nixpkgs.follows = "nixpkgs";
pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git?ref=main"; pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git";
pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs"; pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
matrix-next.url = "github:dali99/nixos-matrix-modules/0.7.0"; matrix-next.url = "github:dali99/nixos-matrix-modules/v0.6.1";
matrix-next.inputs.nixpkgs.follows = "nixpkgs"; matrix-next.inputs.nixpkgs.follows = "nixpkgs";
nix-gitea-themes.url = "git+https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git?ref=main"; nix-gitea-themes.url = "git+https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git";
nix-gitea-themes.inputs.nixpkgs.follows = "nixpkgs"; nix-gitea-themes.inputs.nixpkgs.follows = "nixpkgs";
greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git?ref=main"; greg-ng.url = "git+https://git.pvv.ntnu.no/Projects/greg-ng.git";
greg-ng.inputs.nixpkgs.follows = "nixpkgs"; greg-ng.inputs.nixpkgs.follows = "nixpkgs";
gergle.url = "git+https://git.pvv.ntnu.no/Grzegorz/gergle.git?ref=main"; grzegorz-clients.url = "git+https://git.pvv.ntnu.no/Projects/grzegorz-clients.git";
gergle.inputs.nixpkgs.follows = "nixpkgs";
grzegorz-clients.url = "git+https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git";
grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs"; grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";
minecraft-data.url = "git+https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git"; minecraft-data.url = "git+https://git.pvv.ntnu.no/Drift/minecraft-data.git";
}; };
outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, disko, ... }@inputs: outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, disko, ... }@inputs:
@@ -70,7 +65,6 @@
modules = [ modules = [
./hosts/${name}/configuration.nix ./hosts/${name}/configuration.nix
sops-nix.nixosModules.sops sops-nix.nixosModules.sops
inputs.nix-topology.nixosModules.default
] ++ config.modules or []; ] ++ config.modules or [];
pkgs = import nixpkgs { pkgs = import nixpkgs {
@@ -130,23 +124,19 @@
brzeczyszczykiewicz = stableNixosConfig "brzeczyszczykiewicz" { brzeczyszczykiewicz = stableNixosConfig "brzeczyszczykiewicz" {
modules = [ modules = [
inputs.grzegorz-clients.nixosModules.grzegorz-webui inputs.grzegorz-clients.nixosModules.grzegorz-webui
inputs.gergle.nixosModules.default
inputs.greg-ng.nixosModules.default inputs.greg-ng.nixosModules.default
]; ];
overlays = [ overlays = [
inputs.greg-ng.overlays.default inputs.greg-ng.overlays.default
inputs.gergle.overlays.default
]; ];
}; };
georg = stableNixosConfig "georg" { georg = stableNixosConfig "georg" {
modules = [ modules = [
inputs.grzegorz-clients.nixosModules.grzegorz-webui inputs.grzegorz-clients.nixosModules.grzegorz-webui
inputs.gergle.nixosModules.default
inputs.greg-ng.nixosModules.default inputs.greg-ng.nixosModules.default
]; ];
overlays = [ overlays = [
inputs.greg-ng.overlays.default inputs.greg-ng.overlays.default
inputs.gergle.overlays.default
]; ];
}; };
}; };
@@ -154,7 +144,6 @@
nixosModules = { nixosModules = {
snakeoil-certs = ./modules/snakeoil-certs.nix; snakeoil-certs = ./modules/snakeoil-certs.nix;
snappymail = ./modules/snappymail.nix; snappymail = ./modules/snappymail.nix;
robots-txt = ./modules/robots-txt.nix;
}; };
devShells = forAllSystems (system: { devShells = forAllSystems (system: {
@@ -182,18 +171,5 @@
// lib.genAttrs allMachines // lib.genAttrs allMachines
(machine: self.nixosConfigurations.${machine}.config.system.build.toplevel); (machine: self.nixosConfigurations.${machine}.config.system.build.toplevel);
}; };
topology.x86_64-linux = import inputs.nix-topology {
pkgs = import nixpkgs {
system = "x86_64-linux";
overlays = [inputs.nix-topology.overlays.default];
}; # Only this package set must include nix-topology.overlays.default
modules = [
# Your own file to define global topology. Works in principle like a nixos module but uses different options.
./topology.nix
# Inline module to inform topology of your existing NixOS hosts.
{ nixosConfigurations = self.nixosConfigurations; }
];
};
}; };
} }

2
hosts/bekkalokk/services/bluemap/default.nix
View File

@@ -13,8 +13,6 @@ in {
services.bluemap = { services.bluemap = {
enable = true; enable = true;
package = pkgs.callPackage ./package.nix { };
eula = true; eula = true;
onCalendar = "*-*-* 05:45:00"; # a little over an hour after auto-upgrade onCalendar = "*-*-* 05:45:00"; # a little over an hour after auto-upgrade

20
hosts/bekkalokk/services/bluemap/module.nix
View File

@@ -26,6 +26,7 @@ let
"webapp.conf" = webappConfig; "webapp.conf" = webappConfig;
"webserver.conf" = webserverConfig; "webserver.conf" = webserverConfig;
"packs" = cfg.resourcepacks; "packs" = cfg.resourcepacks;
"addons" = cfg.resourcepacks; # TODO
}; };
renderConfigFolder = name: value: pkgs.linkFarm "bluemap-${name}-config" { renderConfigFolder = name: value: pkgs.linkFarm "bluemap-${name}-config" {
@@ -37,13 +38,13 @@ let
"webapp.conf" = format.generate "webapp.conf" (cfg.webappSettings // { "update-settings-file" = false; }); "webapp.conf" = format.generate "webapp.conf" (cfg.webappSettings // { "update-settings-file" = false; });
"webserver.conf" = webserverConfig; "webserver.conf" = webserverConfig;
"packs" = value.resourcepacks; "packs" = value.resourcepacks;
"addons" = cfg.resourcepacks; # TODO
}; };
inherit (lib) mkOption; inherit (lib) mkOption;
in { in {
options.services.bluemap = { options.services.bluemap = {
enable = lib.mkEnableOption "bluemap"; enable = lib.mkEnableOption "bluemap";
package = lib.mkPackageOption pkgs "bluemap" { };
eula = mkOption { eula = mkOption {
type = lib.types.bool; type = lib.types.bool;
@@ -158,7 +159,7 @@ in {
type = lib.types.path; type = lib.types.path;
default = cfg.resourcepacks; default = cfg.resourcepacks;
defaultText = lib.literalExpression "config.services.bluemap.resourcepacks"; defaultText = lib.literalExpression "config.services.bluemap.resourcepacks";
description = "A set of resourcepacks/mods/bluemap-addons to extract models from loaded in alphabetical order"; description = "A set of resourcepacks/mods to extract models from loaded in alphabetical order";
}; };
settings = mkOption { settings = mkOption {
type = (lib.types.submodule { type = (lib.types.submodule {
@@ -309,18 +310,9 @@ in {
Group = "nginx"; Group = "nginx";
UMask = "026"; UMask = "026";
}; };
script = '' script = lib.strings.concatStringsSep "\n" ((lib.attrsets.mapAttrsToList
# If web folder doesnt exist generate it (name: value: "${lib.getExe pkgs.bluemap} -c ${renderConfigFolder name value} -r")
test -f "${cfg.webRoot}" || ${lib.getExe cfg.package} -c ${webappConfigFolder} -gs cfg.maps) ++ [ "${lib.getExe pkgs.bluemap} -c ${webappConfigFolder} -gs" ]);
# Render each minecraft map
${lib.strings.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
(name: value: "${lib.getExe cfg.package} -c ${renderConfigFolder name value} -r")
cfg.maps)}
# Generate updated webapp
${lib.getExe cfg.package} -c ${webappConfigFolder} -gs
'';
}; };
systemd.timers."render-bluemap-maps" = lib.mkIf cfg.enableRender { systemd.timers."render-bluemap-maps" = lib.mkIf cfg.enableRender {

30
hosts/bekkalokk/services/bluemap/package.nix
View File

@@ -1,30 +0,0 @@
{ lib, stdenvNoCC, fetchurl, makeWrapper, jre }:
stdenvNoCC.mkDerivation rec {
pname = "bluemap";
version = "5.7";
src = fetchurl {
url = "https://github.com/BlueMap-Minecraft/BlueMap/releases/download/v${version}/BlueMap-${version}-cli.jar";
hash = "sha256-8udZYJgrr4bi2mjRYrASd8JwUoUVZW1tZpOLRgafAIw=";
};
dontUnpack = true;
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
runHook preInstall
makeWrapper ${jre}/bin/java $out/bin/bluemap --add-flags "-jar $src"
runHook postInstall
'';
meta = {
description = "3D minecraft map renderer";
homepage = "https://bluemap.bluecolored.de/";
sourceProvenance = with lib.sourceTypes; [ binaryBytecode ];
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ dandellion h7x4 ];
mainProgram = "bluemap";
};
}

52
hosts/bekkalokk/services/gitea/customization.nix
View File

@@ -1,52 +0,0 @@
{ config, pkgs, lib, fp, ... }:
let
cfg = config.services.gitea;
in
{
services.gitea-themes.monokai = pkgs.gitea-theme-monokai;
systemd.services.gitea-customization = lib.mkIf cfg.enable {
description = "Install extra customization in gitea's CUSTOM_DIR";
wantedBy = [ "gitea.service" ];
requiredBy = [ "gitea.service" ];
serviceConfig = {
Type = "oneshot";
User = cfg.user;
Group = cfg.group;
};
script = let
logo-svg = fp /assets/logo_blue_regular.svg;
logo-png = fp /assets/logo_blue_regular.png;
extraLinks = pkgs.writeText "gitea-extra-links.tmpl" ''
<a class="item" href="https://www.pvv.ntnu.no/">PVV</a>
<a class="item" href="https://wiki.pvv.ntnu.no/">Wiki</a>
<a class="item" href="https://git.pvv.ntnu.no/Drift/-/projects/4">Tokyo Drift Issues</a>
'';
project-labels = (pkgs.formats.yaml { }).generate "gitea-project-labels.yaml" {
labels = lib.importJSON ./labels/projects.json;
};
customTemplates = pkgs.runCommandLocal "gitea-templates" {
nativeBuildInputs = with pkgs; [
coreutils
gnused
];
} ''
# Bigger icons
install -Dm444 "${cfg.package.src}/templates/repo/icon.tmpl" "$out/repo/icon.tmpl"
sed -i -e 's/24/48/g' "$out/repo/icon.tmpl"
'';
in ''
install -Dm444 ${logo-svg} ${cfg.customDir}/public/assets/img/logo.svg
install -Dm444 ${logo-png} ${cfg.customDir}/public/assets/img/logo.png
install -Dm444 ${./loading.apng} ${cfg.customDir}/public/assets/img/loading.png
install -Dm444 ${extraLinks} ${cfg.customDir}/templates/custom/extra_links.tmpl
install -Dm444 ${project-labels} ${cfg.customDir}/options/label/project-labels.yaml
"${lib.getExe pkgs.rsync}" -a "${customTemplates}/" ${cfg.customDir}/templates/
'';
};
}

41
hosts/bekkalokk/services/gitea/default.nix
View File

@@ -1,11 +1,10 @@
{ config, values, lib, unstablePkgs, ... }: { config, values, fp, pkgs, lib, ... }:
let let
cfg = config.services.gitea; cfg = config.services.gitea;
domain = "git.pvv.ntnu.no"; domain = "git.pvv.ntnu.no";
sshPort = 2222; sshPort = 2222;
in { in {
imports = [ imports = [
./customization.nix
./gpg.nix ./gpg.nix
./import-users ./import-users
./web-secret-provider ./web-secret-provider
@@ -26,8 +25,6 @@ in {
enable = true; enable = true;
appName = "PVV Git"; appName = "PVV Git";
package = unstablePkgs.gitea;
database = { database = {
type = "postgres"; type = "postgres";
host = "postgres.pvv.ntnu.no"; host = "postgres.pvv.ntnu.no";
@@ -133,11 +130,6 @@ in {
}; };
"ui.meta".DESCRIPTION = "Bokstavelig talt programvareverkstedet"; "ui.meta".DESCRIPTION = "Bokstavelig talt programvareverkstedet";
}; };
dump = {
enable = true;
type = "tar.gz";
};
}; };
environment.systemPackages = [ cfg.package ]; environment.systemPackages = [ cfg.package ];
@@ -164,4 +156,35 @@ in {
}; };
networking.firewall.allowedTCPPorts = [ sshPort ]; networking.firewall.allowedTCPPorts = [ sshPort ];
# Extra customization
services.gitea-themes.monokai = pkgs.gitea-theme-monokai;
systemd.services.install-gitea-customization = {
description = "Install extra customization in gitea's CUSTOM_DIR";
wantedBy = [ "gitea.service" ];
requiredBy = [ "gitea.service" ];
serviceConfig = {
Type = "oneshot";
User = cfg.user;
Group = cfg.group;
};
script = let
logo-svg = fp /assets/logo_blue_regular.svg;
logo-png = fp /assets/logo_blue_regular.png;
extraLinks = pkgs.writeText "gitea-extra-links.tmpl" ''
<a class="item" href="https://www.pvv.ntnu.no/">PVV</a>
<a class="item" href="https://wiki.pvv.ntnu.no/">Wiki</a>
<a class="item" href="https://git.pvv.ntnu.no/Drift/-/projects/4">Tokyo Drift Issues</a>
'';
in ''
install -Dm444 ${logo-svg} ${cfg.customDir}/public/assets/img/logo.svg
install -Dm444 ${logo-png} ${cfg.customDir}/public/assets/img/logo.png
install -Dm444 ${./loading.apng} ${cfg.customDir}/public/assets/img/loading.png
install -Dm444 ${extraLinks} ${cfg.customDir}/templates/custom/extra_links.tmpl
'';
};
} }

1
hosts/bekkalokk/services/gitea/import-users/gitea-import-users.py
View File

@@ -177,7 +177,6 @@ def ensure_gitea_user_is_part_of_team(
# List of teams that all users should be part of by default # List of teams that all users should be part of by default
COMMON_USER_TEAMS = [ COMMON_USER_TEAMS = [
("Projects", "Members"), ("Projects", "Members"),
("Grzegorz", "Members"),
("Kurs", "Members"), ("Kurs", "Members"),
] ]

116
hosts/bekkalokk/services/gitea/labels/projects.json
View File

@@ -1,116 +0,0 @@
[
{
"name": "art",
"exclusive": false,
"color": "#006b75",
"description": "Requires some creativity"
},
{
"name": "big",
"exclusive": false,
"color": "#754bc4",
"description": "This is gonna take a while"
},
{
"name": "blocked",
"exclusive": false,
"color": "#850021",
"description": "This issue/PR depends on one or more other issues/PRs"
},
{
"name": "bug",
"exclusive": false,
"color": "#f05048",
"description": "Something brokey"
},
{
"name": "ci-cd",
"exclusive": false,
"color": "#d1ff78",
"description": "Continuous integrals and continuous derivation"
},
{
"name": "crash report",
"exclusive": false,
"color": "#ed1111",
"description": "Report an oopsie"
},
{
"name": "disputed",
"exclusive": false,
"color": "#5319e7",
"description": "Kranglefanter"
},
{
"name": "documentation",
"exclusive": false,
"color": "#fbca04",
"description": "Documentation changes required"
},
{
"name": "duplicate",
"exclusive": false,
"color": "#cccccc",
"description": "This issue or pull request already exists"
},
{
"name": "feature request",
"exclusive": false,
"color": "#0052cc",
"description": ""
},
{
"name": "good first issue",
"exclusive": false,
"color": "#009800",
"description": "Get your hands dirty with a new project here"
},
{
"name": "me gusta",
"exclusive": false,
"color": "#30ff36",
"description": "( ͡° ͜ʖ ͡°)"
},
{
"name": "packaging",
"exclusive": false,
"color": "#bf642b",
"description": ""
},
{
"name": "question",
"exclusive": false,
"color": "#cc317c",
"description": ""
},
{
"name": "security",
"exclusive": false,
"color": "#ed1111",
"description": "Skommel"
},
{
"name": "techdebt spring cleaning",
"exclusive": false,
"color": "#8c6217",
"description": "The code is smelly 👃"
},
{
"name": "testing",
"exclusive": false,
"color": "#52b373",
"description": "Poke it and see if it explodes"
},
{
"name": "ui/ux",
"exclusive": false,
"color": "#f28852",
"description": "User complaints about ergonomics and economics and whatever"
},
{
"name": "wontfix",
"exclusive": false,
"color": "#ffffff",
"description": "Nei, vil ikke"
}
]

1
hosts/bekkalokk/services/gitea/web-secret-provider/default.nix
View File

@@ -3,7 +3,6 @@ let
organizations = [ organizations = [
"Drift" "Drift"
"Projects" "Projects"
"Grzegorz"
"Kurs" "Kurs"
]; ];

49
hosts/bekkalokk/services/open-webui.nix Normal file
View File

@@ -0,0 +1,49 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.open-webui;
domain = "gpt.pvv.ntnu.no";
address = "127.0.1.11";
port = 11111;
in
{
services.open-webui = {
enable = true;
package = pkgs.unstable.open-webui;
port = port;
host = "${address}";
openFirewall = true;
environment = {
ANONYMIZED_TELEMETRY = "False";
DO_NOT_TRACK = "True";
SCARF_NO_ANALYTICS = "True";
OLLAMA_API_BASE_URL = "http://127.0.0.1:11434";
ENABLE_SIGNUP = "False";
ENABLE_OAUTH_SIGNUP = "True";
#ENABLE_LOGIN_FORM = "False"; #for forcing oauth only - less confusion but needed for local admin account i think
DEFAULT_USER_ROLE = "user";
ENABLE_ADMIN_EXPORT = "False";
ENABLE_ADMIN_CHAT_ACCESS = "False";
ENABLE_COMMUNITY_SHARING = "False";
WEBUI_URL = "${domain}";
};
};
services.nginx.virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
kTLS = true;
locations."/" = {
proxyPass = "http://${address}:${toString port}";
proxyWebsockets = true;
};
};
}

5
hosts/bicep/services/matrix/coturn.nix
View File

@@ -48,9 +48,6 @@
users.users.turnserver.extraGroups = [ "acme" ]; users.users.turnserver.extraGroups = [ "acme" ];
# It needs this to be allowed to access the files with the acme group
systemd.services.coturn.serviceConfig.PrivateUsers = lib.mkForce false;
systemd.services."acme-${config.services.coturn.realm}".serviceConfig = { systemd.services."acme-${config.services.coturn.realm}".serviceConfig = {
AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
}; };
@@ -69,7 +66,7 @@
listening-ips = [ listening-ips = [
values.services.turn.ipv4 values.services.turn.ipv4
values.services.turn.ipv6 # values.services.turn.ipv6
]; ];
tls-listening-port = 443; tls-listening-port = 443;

4
hosts/ustetind/services/gitea-runners.nix
View File

@@ -15,8 +15,8 @@ let
enable = true; enable = true;
name = "git-runner-${name}"; url = "https://git.pvv.ntnu.no"; name = "git-runner-${name}"; url = "https://git.pvv.ntnu.no";
labels = [ labels = [
"debian-latest:docker://node:current-bookworm" "debian-latest:docker://node:18-bullseye"
"ubuntu-latest:docker://node:current-bookworm" "ubuntu-latest:docker://node:18-bullseye"
]; ];
tokenFile = config.sops.secrets."gitea/runners/${name}".path; tokenFile = config.sops.secrets."gitea/runners/${name}".path;
}; };

6
misc/builder.nix
View File

@@ -2,10 +2,4 @@
{ {
nix.settings.trusted-users = [ "@nix-builder-users" ]; nix.settings.trusted-users = [ "@nix-builder-users" ];
nix.daemonCPUSchedPolicy = "batch";
boot.binfmt.emulatedSystems = [
"aarch64-linux"
"armv7l-linux"
];
} }

94
modules/grzegorz.nix
View File

@@ -2,8 +2,6 @@
let let
grg = config.services.greg-ng; grg = config.services.greg-ng;
grgw = config.services.grzegorz-webui; grgw = config.services.grzegorz-webui;
machine = config.networking.hostName;
in { in {
services.greg-ng = { services.greg-ng = {
enable = true; enable = true;
@@ -18,77 +16,37 @@ in {
listenAddr = "localhost"; listenAddr = "localhost";
listenPort = 42069; listenPort = 42069;
listenWebsocketPort = 42042; listenWebsocketPort = 42042;
hostName = "${machine}-old.pvv.ntnu.no"; hostName = "${config.networking.fqdn}";
apiBase = "https://${machine}-backend.pvv.ntnu.no/api"; apiBase = "http://${grg.settings.host}:${toString grg.settings.port}/api";
};
services.gergle = {
enable = true;
virtualHost = config.networking.fqdn;
}; };
services.nginx.enable = true; services.nginx.enable = true;
services.nginx.virtualHosts = { services.nginx.virtualHosts."${config.networking.fqdn}" = {
${config.networking.fqdn} = { forceSSL = true;
forceSSL = true; enableACME = true;
enableACME = true; kTLS = true;
kTLS = true; serverAliases = [
serverAliases = [ "${config.networking.hostName}.pvv.org"
"${machine}.pvv.org" ];
]; extraConfig = ''
extraConfig = '' allow 129.241.210.128/25;
allow 129.241.210.128/25; allow 2001:700:300:1900::/64;
allow 2001:700:300:1900::/64; deny all;
deny all; '';
'';
locations."/" = {
proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenPort}";
}; };
# https://github.com/rawpython/remi/issues/216
"${machine}-backend.pvv.ntnu.no" = { locations."/websocket" = {
forceSSL = true; proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenWebsocketPort}";
enableACME = true; proxyWebsockets = true;
kTLS = true;
serverAliases = [
"${machine}-backend.pvv.org"
];
extraConfig = ''
allow 129.241.210.128/25;
allow 2001:700:300:1900::/64;
deny all;
'';
locations."/" = {
proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
proxyWebsockets = true;
};
}; };
locations."/api" = {
"${machine}-old.pvv.ntnu.no" = { proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
forceSSL = true; };
enableACME = true; locations."/docs" = {
kTLS = true; proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
serverAliases = [
"${machine}-old.pvv.org"
];
extraConfig = ''
allow 129.241.210.128/25;
allow 2001:700:300:1900::/64;
deny all;
'';
locations."/" = {
proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenPort}";
};
# https://github.com/rawpython/remi/issues/216
locations."/websocket" = {
proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenWebsocketPort}";
proxyWebsockets = true;
};
locations."/api" = {
proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
};
locations."/docs" = {
proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
};
}; };
}; };
} }

116
modules/robots-txt.nix
View File

@@ -1,116 +0,0 @@
{ config, pkgs, lib, ... }:
let
cfg = config.environment.robots-txt;
robots-txt-format = {
type = let
coercedStrToNonEmptyListOfStr = lib.types.coercedTo lib.types.str lib.singleton (lib.types.nonEmptyListOf lib.types.str);
in lib.types.listOf (lib.types.submodule {
freeformType = lib.types.attrsOf coercedStrToNonEmptyListOfStr;
options = {
pre_comment = lib.mkOption {
description = "Comment to add before the rule";
type = lib.types.lines;
default = "";
};
post_comment = lib.mkOption {
description = "Comment to add after the rule";
type = lib.types.lines;
default = "";
};
};
});
generate = name: value: let
makeComment = comment: lib.pipe comment [
(lib.splitString "\n")
(lib.map (line: if line == "" then "#" else "# ${line}"))
(lib.concatStringsSep "\n")
];
ruleToString = rule: let
user_agent = rule.User-agent or [];
pre_comment = rule.pre_comment;
post_comment = rule.post_comment;
rest = builtins.removeAttrs rule [ "User-agent" "pre_comment" "post_comment" ];
in lib.concatStringsSep "\n" (lib.filter (x: x != null) [
(if (pre_comment != "") then makeComment pre_comment else null)
(let
user-agents = lib.concatMapStringsSep "\n" (value: "User-agent: ${value}") user_agent;
in
if user_agent == [] then null else user-agents
)
(lib.pipe rest [
(lib.mapAttrsToList (ruleName: map (value: "${ruleName}: ${value}")))
lib.concatLists
(lib.concatStringsSep "\n")
])
(if (post_comment != "") then makeComment post_comment else null)
]);
content = lib.concatMapStringsSep "\n\n" ruleToString value;
in pkgs.writeText name content;
};
in
{
options.environment.robots-txt = lib.mkOption {
default = { };
description = ''
Different instances of robots.txt to use with web services.
'';
type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
options = {
enable = lib.mkEnableOption "this instance of robots.txt" // {
default = true;
};
path = lib.mkOption {
description = "The resulting path of the dir containing the robots.txt file";
type = lib.types.path;
readOnly = true;
default = "/etc/robots-txt/${name}";
};
rules = lib.mkOption {
description = "Rules to include in robots.txt";
default = [ ];
example = [
{ User-agent = "Googlebot"; Disallow = "/no-googlebot"; }
{ User-agent = "Bingbot"; Disallow = [ "/no-bingbot" "/no-bingbot2" ]; }
];
type = robots-txt-format.type;
};
virtualHost = lib.mkOption {
description = "An nginx virtual host to add the robots.txt to";
type = lib.types.nullOr lib.types.str;
default = null;
};
};
}));
};
config = {
environment.etc = lib.mapAttrs' (name: value: {
name = "robots-txt/${name}/robots.txt";
value.source = robots-txt-format.generate name value.rules;
}) cfg;
services.nginx.virtualHosts = lib.pipe cfg [
(lib.filterAttrs (_: value: value.virtualHost != null))
(lib.mapAttrs' (name: value: {
name = value.virtualHost;
value = {
locations = {
"= /robots.txt" = {
extraConfig = ''
add_header Content-Type text/plain;
'';
root = cfg.${name}.path;
};
};
};
}))
];
};
}

12
secrets/ustetind/ustetind.yaml
View File

@@ -1,8 +1,8 @@
gitea: gitea:
runners: runners:
alpha: ENC[AES256_GCM,data:Hnq2guka4oERPIFCv1/ggrLjaePA7907VHXMStDQ7ll3hntTioT76qGOUJgfIw==,iv:wDPYuuL6VAWJakrz6asVRrzwRxqw0JDRes13MgJIT6E=,tag:ogFUeUirHVkCLN63nctxOw==,type:str] alpha: ENC[AES256_GCM,data:aAFv+/ygC7oxGT3qnoEf+AZL3Nk1yOq3HupL9l0j8P913GefPKqlBt/mbuRVug==,iv:usXElENwbOHxUdoqHScK7PjeZavXUwoxpQWEMjxU2u4=,tag:E8OzZ9pmxIru7Glgh7v0lg==,type:str]
beta: ENC[AES256_GCM,data:HmdjBvW8eO5MkzXf7KEzSNQAptF/RKN8Bh03Ru7Ru/Ky+eJJtk91aqSSIjFa+Q==,iv:Hz9HE3U6CFfZFcPmYMd6wSzZkSvszt92L2gV+pUlMis=,tag:LG3NfsS7B1EdRFvnP3XESQ==,type:str] beta: ENC[AES256_GCM,data:riRSBDzX9DAxKl2UCds1ANddl3ij+byAgigOafJ5RjWl8cNVlowK21klBiKTxw==,iv:clijEUKX9o52p5A94eEW0f8qGGhFpy/LFe+uQG/iQLg=,tag:PchXbsZMnW//O7brEAEeWw==,type:str]
epsilon: ENC[AES256_GCM,data:wfGxwWwDzb6AJaFnxe/93WNZGtuTpCkLci/Cc5MTCTKJz6XlNuy3m/1Xsnw0hA==,iv:I6Zl+4BBAUTXym2qUlFfdnoLTHShu+VyxPMjRlFzMis=,tag:jjTyZs1Nzqlhjd8rAldxDw==,type:str] epsilon: ENC[AES256_GCM,data:lUt8uaqh9eC1IdIUfiw3dzxcDErSWaiT9lzg4ONf/QZeXj7Do7Es0GXBFd41Hw==,iv:hPm5Lez5ISHIlw1+i4z/oBsh4H5ZXPVYnXXSGq1eal0=,tag:/KcmPw30622tN9ruMUwfUw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@@ -63,8 +63,8 @@ sops:
aU4xWjVYYlNvSmYxajVGdzk5dTQ4WG8Klq12bSegsW29xp4qteuCB5Tzis6EhVCk aU4xWjVYYlNvSmYxajVGdzk5dTQ4WG8Klq12bSegsW29xp4qteuCB5Tzis6EhVCk
53jqtYe5UG9MjFVQYiSi2jJz5/dxfqSINMZ/Y/EB5LxbwgbFws8Yuw== 53jqtYe5UG9MjFVQYiSi2jJz5/dxfqSINMZ/Y/EB5LxbwgbFws8Yuw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-12-12T12:20:19Z" lastmodified: "2024-12-09T21:17:40Z"
mac: ENC[AES256_GCM,data:D9/NAd/zrF6pHFdZjTUqI+u4WiwJqt0w5Y+SYCS1o/dAXJE/ajHzse/vCSGXZIjP0yqe+S/NyTvhf+stw2B4dk6Njtabjd+PhG0hR4L0X07FtFqzB3u5pLHCb0bH9QLG5zWcyMkwNiNTCvhRUZzbcqLEGqqJ7ZjZAEUfYSR+Jls=,iv:5xPfODPxtQjgbl8delUHsmhD0TI2gHjrxpHV+qiFE00=,tag:HHLo5G8jhy/sKB3R+sKmwQ==,type:str] mac: ENC[AES256_GCM,data:HensJbPU1Kx9aQNUhdtFkX/6qdxj7yby6GeSruOT+HYEtoq0py/zvMtdCqmfjc4AOptYlXdgK7w30P976dG1esjlYwF07qtVvAbUqvExkksuV4zp81VKHMXUOAyiQK79kLe3rx6cvEdUDbOjZOsxN02eRrcanN+7rJS6f7vNN88=,iv:PlePCik6JcOtVBQhhOj9khhp2LwwfXBwAGpzu4ywhTA=,tag:Clz+xX1Cffs8Zpv2LdsGVA==,type:str]
pgp: pgp:
- created_at: "2024-12-09T21:17:27Z" - created_at: "2024-12-09T21:17:27Z"
enc: |- enc: |-
@@ -87,4 +87,4 @@ sops:
-----END PGP MESSAGE----- -----END PGP MESSAGE-----
fp: F7D37890228A907440E1FD4846B9228E814A2AAC fp: F7D37890228A907440E1FD4846B9228E814A2AAC
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.2 version: 3.8.1

20
shell.nix
View File

@@ -11,14 +11,14 @@ pkgs.mkShellNoCC {
editorconfig-checker editorconfig-checker
]; ];
env = { shellHook = ''
OS_AUTH_URL = "https://api.stack.it.ntnu.no:5000"; export OS_AUTH_URL=https://api.stack.it.ntnu.no:5000
OS_PROJECT_ID = "b78432a088954cdc850976db13cfd61c"; export OS_PROJECT_ID=b78432a088954cdc850976db13cfd61c
OS_PROJECT_NAME = "STUDORG_Programvareverkstedet"; export OS_PROJECT_NAME="STUDORG_Programvareverkstedet"
OS_USER_DOMAIN_NAME = "NTNU"; export OS_USER_DOMAIN_NAME="NTNU"
OS_PROJECT_DOMAIN_ID = "d3f99bcdaf974685ad0c74c2e5d259db"; export OS_PROJECT_DOMAIN_ID="d3f99bcdaf974685ad0c74c2e5d259db"
OS_REGION_NAME = "NTNU-IT"; export OS_REGION_NAME="NTNU-IT"
OS_INTERFACE = "public"; export OS_INTERFACE=public
OS_IDENTITY_API_VERSION = "3"; export OS_IDENTITY_API_VERSION=3
}; '';
} }

120
topology.nix
View File

@@ -1,120 +0,0 @@
{ config, ... }:
let
inherit
(config.lib.topology)
mkInternet
mkRouter
mkSwitch
mkDevice
mkConnection
mkConnectionRev;
values = import ./values.nix;
in {
### Networks
networks.pvv = {
name = "PVV Network";
cidrv4 = values.ipv4-space;
cidrv6 = values.ipv6-space;
};
networks.site-vpn = {
name = "OpenVPN Site to Site";
style = {
primaryColor = "#9dd68d";
secondaryColor = null;
pattern = "dashed";
};
};
networks.ntnu = {
name = "NTNU";
};
nodes.internet = mkInternet {
connections = mkConnection "ntnu" "wan1";
};
nodes.ntnu = mkRouter "NTNU" {
interfaceGroups = [ ["wan1"] ["eth1" "eth2" "eth3"] ];
connections.eth1 = mkConnection "ntnu-pvv-router" "wan1";
connections.eth2 = mkConnection "ntnu-veggen" "wan1";
connections.eth3 = mkConnection "stackit" "*";
interfaces.eth1.network = "ntnu";
};
### Brus
nodes.ntnu-pvv-router = mkRouter "NTNU PVV Gateway" {
interfaceGroups = [ ["wan1"] ["eth1"] ];
connections.eth1 = mkConnection "brus-switch" "eth1";
interfaces.eth1.network = "pvv";
};
nodes.brus-switch = mkSwitch "Brus Switch" {
interfaceGroups = [ ["eth1" "eth2" "eth3" "eth4" "eth5" "eth6" "eth7"] ];
connections.eth2 = mkConnection "bekkalokk" "enp2s0";
connections.eth3 = mkConnection "bicep" "enp6s0f0";
# connections.eth4 = mkConnection "buskerud" "enp3s0f0";
connections.eth5 = mkConnection "knutsen" "eth1";
connections.eth7 = mkConnection "joshua" "eth1";
};
nodes.knutsen = mkRouter "knutsen" {
interfaceGroups = [ ["eth1"] ["eth2"] ["vpn1"] ];
connections.eth2 = mkConnectionRev "brus-switch" "eth6";
# connections.vpn1 = mkConnection "ludvigsen" "vpn1";
interfaces.vpn1.network = "site-vpn";
interfaces.vpn1.virtual = true;
};
nodes.joshua = mkDevice "joshua" {
interfaceGroups = [ ["eth1"] ];
};
nodes.shark = {
guestType = "proxmox";
parent = config.nodes.joshua.id;
};
### PVV
nodes.ntnu-veggen = mkRouter "NTNU-Veggen" {
interfaceGroups = [ ["wan1"] ["eth1"] ];
connections.eth1 = mkConnection "ludvigsen" "eth1";
};
nodes.ludvigsen = mkRouter "ludvigsen" {
interfaceGroups = [ ["eth1"] ["eth2"] ["vpn1"] ];
connections.eth2 = mkConnection "pvv-switch" "eth1";
interfaces.vpn1.network = "site-vpn";
interfaces.vpn1.virtual = true;
interfaces.eth1.network = "ntnu";
interfaces.eth2.network = "pvv";
};
nodes.pvv-switch = mkSwitch "PVV Switch (Terminalrommet)" {
interfaceGroups = [ ["eth1" "eth2" "eth3"] ];
connections.eth2 = mkConnection "brzeczyszczykiewicz" "eno1";
connections.eth3 = mkConnection "georg" "eno1";
};
### Openstack
nodes.stackit = mkDevice "stackit" {
interfaceGroups = [ ["*"] ];
};
nodes.ildkule = {
guestType = "openstack";
parent = config.nodes.stackit.id;
};
nodes.bob = {
guestType = "openstack";
parent = config.nodes.stackit.id;
};
}