bicep: add git-mirroring service

.mailmap

@@ -1,25 +0,0 @@
-Daniel Løvbrøtte Olsen <danio@pvv.ntnu.no> <daniel.olsen99@gmail.com>
-Daniel Løvbrøtte Olsen <danio@pvv.ntnu.no> Daniel <danio@pvv.ntnu.no>
-Daniel Løvbrøtte Olsen <danio@pvv.ntnu.no> Daniel Lovbrotte Olsen <danio@pvv.ntnu.no>
-Daniel Løvbrøtte Olsen <danio@pvv.ntnu.no> Daniel Olsen <danio@pvv.ntnu.no>
-Daniel Løvbrøtte Olsen <danio@pvv.ntnu.no> danio <danio@pvv.ntnu.no>
-Daniel Løvbrøtte Olsen <danio@pvv.ntnu.no> Daniel Olsen <danio@bicep.pvv.ntnu.no>
-
-
-Øystein Kristoffer Tveit <oysteikt@pvv.ntnu.no> h7x4 <h7x4@nani.wtf>
-Øystein Kristoffer Tveit <oysteikt@pvv.ntnu.no> Øystein Tveit <oysteikt@pvv.ntnu.no>
-Øystein Kristoffer Tveit <oysteikt@pvv.ntnu.no> oysteikt <oysteikt@pvv.ntnu.no>
-Øystein Kristoffer Tveit <oysteikt@pvv.ntnu.no> Øystein <oysteikt@pvv.org>
-Øystein Kristoffer Tveit <oysteikt@pvv.ntnu.no> Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
-
-Felix Albrigtsen <felixalb@pvv.ntnu.no> <felix@albrigtsen.it>
-Felix Albrigtsen <felixalb@pvv.ntnu.no> <felixalbrigtsen@gmail.com>
-Felix Albrigtsen <felixalb@pvv.ntnu.no> felixalb <felixalb@pvv.ntnu.no>
-
-Peder Bergebakken Sundt <pederbs@pvv.ntnu.no> <pbsds@hotmail.com>
-
-Adrian Gunnar Lauterer <adriangl@pvv.ntnu.no> Adrian G L <adrian@lauterer.it>
-Adrian Gunnar Lauterer <adriangl@pvv.ntnu.no> Adrian Gunnar Lauterer <adrian@lauterer.it>
-
-Fredrik Robertsen <frero@pvv.ntnu.no> frero <frero@pvv.ntnu.no>
-Fredrik Robertsen <frero@pvv.ntnu.no> fredrikr79 <fredrikrobertsen7@gmail.com>

base/default.nix

@@ -7,10 +7,8 @@
 
     ./networking.nix
     ./nix.nix
-    ./vm.nix
 
     ./services/acme.nix
-    ./services/uptimed.nix
     ./services/auto-upgrade.nix
     ./services/dbus.nix
     ./services/fwupd.nix
@@ -78,3 +76,4 @@
   # Trusted users on the nix builder machines
   users.groups."nix-builder-users".name = "nix-builder-users";
 }
+

base/services/auto-upgrade.nix

@@ -1,27 +1,16 @@
 { inputs, pkgs, lib, ... }:
-
-let
-  inputUrls = lib.mapAttrs (input: value: value.url) (import "${inputs.self}/flake.nix").inputs;
-in
-
 {
   system.autoUpgrade = {
     enable = true;
     flake = "git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git";
     flags = [
-      "--refresh"
-      "--no-write-lock-file"
       # --update-input is deprecated since nix 2.22, and removed in lix 2.90
-      # as such we instead use --override-input combined with --refresh
       # https://git.lix.systems/lix-project/lix/issues/400
-    ] ++ (lib.pipe inputUrls [
+      "--refresh"
-      (lib.intersectAttrs {
+      "--override-input" "nixpkgs" "github:nixos/nixpkgs/nixos-24.11-small"
-        nixpkgs = { };
+      "--override-input" "nixpkgs-unstable" "github:nixos/nixpkgs/nixos-unstable-small"
-        nixpkgs-unstable = { };
+      "--no-write-lock-file"
-      })
+    ];
-      (lib.mapAttrsToList (input: url: ["--override-input" input url]))
-      lib.concatLists
-    ]);
   };
 
   # workaround for https://github.com/NixOS/nix/issues/6895

base/services/nginx.nix

@@ -20,14 +20,14 @@
     recommendedGzipSettings = true;
 
     appendConfig = ''
-      # pcre_jit on;
+      pcre_jit on;
       worker_processes auto;
       worker_rlimit_nofile 100000;
     '';
     eventsConfig = ''
       worker_connections 2048;
       use epoll;
-      # multi_accept on;
+      multi_accept on;
     '';
   };
 

base/services/uptimed.nix

@@ -1,59 +0,0 @@
-{ config, pkgs, lib, ... }:
-let
-  cfg = config.services.uptimed;
-in
-{
-  options.services.uptimed.settings = lib.mkOption {
-    description = "";
-    default = { };
-    type = lib.types.submodule {
-      freeformType = with lib.types; attrsOf (either str (listOf str));
-    };
-  };
-
-  config = {
-    services.uptimed = {
-      enable = true;
-
-      settings = let
-        stateDir = "/var/lib/uptimed";
-      in {
-        PIDFILE = "${stateDir}/pid";
-        SENDMAIL = lib.mkDefault "${pkgs.system-sendmail}/bin/sendmail -t";
-      };
-    };
-
-    systemd.services.uptimed = lib.mkIf (cfg.enable) {
-      serviceConfig = let
-        uptimed = pkgs.uptimed.overrideAttrs (prev: {
-          postPatch = ''
-             substituteInPlace Makefile.am \
-               --replace-fail '$(sysconfdir)/uptimed.conf' '/var/lib/uptimed/uptimed.conf'
-             substituteInPlace src/Makefile.am \
-               --replace-fail '$(sysconfdir)/uptimed.conf' '/var/lib/uptimed/uptimed.conf'
-          '';
-        });
-
-      in {
-        Type = "notify";
-
-        ExecStart = lib.mkForce "${uptimed}/sbin/uptimed -f";
-
-        BindReadOnlyPaths = let
-          configFile = lib.pipe cfg.settings [
-            (lib.mapAttrsToList
-              (k: v:
-                if builtins.isList v
-                  then lib.mapConcatStringsSep "\n" (v': "${k}=${v'}") v
-                  else "${k}=${v}")
-            )
-            (lib.concatStringsSep "\n")
-            (pkgs.writeText "uptimed.conf")
-          ];
-        in [
-          "${configFile}:/var/lib/uptimed/uptimed.conf"
-        ];
-      };
-    };
-  };
-}

base/vm.nix

@@ -1,15 +0,0 @@
-{ lib, ... }:
-
-# This enables
-#     lib.mkIf (!config.virtualisation.isVmVariant) { ... }
-
-{
-  options.virtualisation.isVmVariant = lib.mkOption {
-    description = "`true` if system is build with 'nixos-rebuild build-vm'";
-    type = lib.types.bool;
-    default = false;
-  };
-  config.virtualisation.vmVariant = {
-    virtualisation.isVmVariant = true;
-  };
-}

flake.lock

@@ -139,28 +139,34 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1748615477,
+        "lastModified": 1745526780,
-        "narHash": "sha256-8sjG4sNIonQPK2olCGvq3/j1qtjwPaTOFU5nkz1gj2Q=",
+        "narHash": "sha256-LXXYBmFPMQU2lTb6alKWfjgQs08BKn+txMNcgbu00hI=",
-        "rev": "97d3ce1ceb663a24184aac92b7e9e8f5452111c1",
+        "owner": "NixOS",
-        "type": "tarball",
+        "repo": "nixpkgs",
-        "url": "https://releases.nixos.org/nixos/24.11-small/nixos-24.11.718472.97d3ce1ceb66/nixexprs.tar.xz?rev=97d3ce1ceb663a24184aac92b7e9e8f5452111c1"
+        "rev": "9204750b34cae1a8347ab4b5588115edfeebc6d7",
+        "type": "github"
       },
       "original": {
-        "type": "tarball",
+        "owner": "NixOS",
-        "url": "https://nixos.org/channels/nixos-24.11-small/nixexprs.tar.xz"
+        "ref": "nixos-24.11-small",
+        "repo": "nixpkgs",
+        "type": "github"
       }
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1748588304,
+        "lastModified": 1745688173,
-        "narHash": "sha256-YCnUqO9k39p0oMIBndxYTbu8m0fOA/KVcq3IekXPy9c=",
+        "narHash": "sha256-fgvG1O5JvSSjeQx+ea0DJ3GfMbLPVhAQta/DqQ2y6jc=",
-        "rev": "b8af95f4cf511c5f056b463c3a45d2b63c7cfb03",
+        "owner": "NixOS",
-        "type": "tarball",
+        "repo": "nixpkgs",
-        "url": "https://releases.nixos.org/nixos/unstable-small/nixos-25.11pre807945.b8af95f4cf51/nixexprs.tar.xz?rev=b8af95f4cf511c5f056b463c3a45d2b63c7cfb03"
+        "rev": "6a2957c7978b189202e03721aab901c0a9dc1e1a",
+        "type": "github"
       },
       "original": {
-        "type": "tarball",
+        "owner": "NixOS",
-        "url": "https://nixos.org/channels/nixos-unstable-small/nixexprs.tar.xz"
+        "ref": "nixos-unstable-small",
+        "repo": "nixpkgs",
+        "type": "github"
       }
     },
     "pvv-calendar-bot": {

flake.nix

@@ -2,8 +2,8 @@
   description = "PVV System flake";
 
   inputs = {
-    nixpkgs.url = "https://nixos.org/channels/nixos-24.11-small/nixexprs.tar.xz";
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11-small"; # remember to also update the url in base/services/auto-upgrade.nix
-    nixpkgs-unstable.url = "https://nixos.org/channels/nixos-unstable-small/nixexprs.tar.xz";
+    nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
 
     sops-nix.url = "github:Mic92/sops-nix";
     sops-nix.inputs.nixpkgs.follows = "nixpkgs";

hosts/bekkalokk/services/mediawiki/default.nix

@@ -214,11 +214,11 @@ in {
       "= /favicon.ico".alias = pkgs.runCommandLocal "mediawiki-favicon.ico" {
         buildInputs = with pkgs; [ imagemagick ];
       } ''
-        magick \
+        convert \
-          ${fp /assets/logo_blue_regular.png} \
           -resize x64 \
           -gravity center \
           -crop 64x64+0+0 \
+          ${fp /assets/logo_blue_regular.png} \
           -flatten \
           -colors 256 \
           -background transparent \

hosts/bekkalokk/services/website/fetch-gallery.nix

@@ -53,7 +53,7 @@ in {
 
         echo "Creating thumbnail for $fname"
         mkdir -p $(dirname ".thumbnails/$fname")
-        magick -define jpeg:size=200x200 "$fname" -thumbnail 300 -auto-orient ".thumbnails/$fname.png" ||:
+        convert -define jpeg:size=200x200 "$fname" -thumbnail 300 -auto-orient ".thumbnails/$fname.png" ||:
         touch -m -d "$(date -R -r "$fname")" ".thumbnails/$fname.png"
       done <<< "$images"
     '';

hosts/bicep/services/git-mirrors/default.nix

@@ -17,7 +17,7 @@ in
       zip = false;
       keep = 10;
       bare = true;
-      lfs = false;
+      lfs = true;
     };
 
     instances = let
@@ -47,19 +47,11 @@ in
       "any:glibc" = {
         settings.url = "https://sourceware.org/git/glibc.git";
       };
-
-      "any:out-of-your-element" = {
-        settings.url = "https://gitdab.com/cadence/out-of-your-element.git";
-      };
-
-      "any:out-of-your-element-module" = {
-        settings.url = "https://cgit.rory.gay/nix/OOYE-module.git";
-      };
     };
   };
 
   services.cgit = let
-    domain = "mirrors.pvv.ntnu.no";
+    domain = "bicep.pvv.ntnu.no";
   in {
     ${domain} = {
       enable = true;
@@ -81,7 +73,7 @@ in
     };
   };
 
-  services.nginx.virtualHosts."mirrors.pvv.ntnu.no" = {
+  services.nginx.virtualHosts."bicep.pvv.ntnu.no" = {
     forceSSL = true;
     enableACME = true;
 
@@ -94,7 +86,7 @@ in
     in toString small-pvv-logo;
   };
 
-  systemd.services."fcgiwrap-cgit-mirrors.pvv.ntnu.no" = {
+  systemd.services."fcgiwrap-cgit-bicep.pvv.ntnu.no" = {
     serviceConfig.BindReadOnlyPaths = [ cfg.dataDir ];
   };
 }

hosts/georg/configuration.nix

@@ -8,7 +8,7 @@
 
       (fp /modules/grzegorz.nix)
     ];
-  services.spotifyd.enable = true;
+
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 

hosts/kommode/services/gitea/customization/default.nix

@@ -3,12 +3,7 @@ let
   cfg = config.services.gitea;
 in
 {
-  services.gitea-themes = {
+  services.gitea-themes.monokai = pkgs.gitea-theme-monokai;
-    monokai = pkgs.gitea-theme-monokai;
-    earl-grey = pkgs.gitea-theme-earl-grey;
-    pitch-black = pkgs.gitea-theme-pitch-black;
-    catppuccin = pkgs.gitea-theme-catppuccin;
-  };
 
   systemd.services.gitea-customization = lib.mkIf cfg.enable {
     description = "Install extra customization in gitea's CUSTOM_DIR";

justfile

@@ -1,56 +1,25 @@
-set positional-arguments # makes variables accesible as $1 $2 $@
 export GUM_FILTER_HEIGHT := "15"
-nom := `if [[ -t 2 ]] && command -v nom >/dev/null; then echo nom; else echo nix; fi`
+nom := `if command -v nom >/dev/null; then echo nom; else echo nix; fi`
-nix_eval_opts := "--log-format raw --option warn-dirty false"
 
 @_default:
   just "$(gum choose --ordered --header "Pick a recipie..." $(just --summary --unsorted))"
 
-check *_:
+check:
-  nix flake check --keep-going "$@"
+  nix flake check --keep-going
 
-build-machine machine=`just _a_machine` *_:
+build-machine machine=`just _a_machine`:
-  {{nom}} build .#nixosConfigurations.{{ machine }}.config.system.build.toplevel "${@:2}"
+  {{nom}} build .#nixosConfigurations.{{ machine }}.config.system.build.toplevel
 
-run-vm machine=`just _a_machine` *_:
+run-vm machine=`just _a_machine`:
-  nixos-rebuild build-vm --flake .#{{ machine }} "${@:2}"
+  nixos-rebuild build-vm --flake .#{{ machine }}
   QEMU_NET_OPTS="hostfwd=tcp::8080-:80,hostfwd=tcp::8081-:443,hostfwd=tcp::2222-:22" ./result/bin/run-*-vm
 
-@update-inputs *_:
+@update-inputs:
-  @git reset flake.lock
+  nix eval .#inputs --apply builtins.attrNames --json \
-  @git restore flake.lock
+    | jq '.[]' -r \
-  nix eval {{nix_eval_opts}} --file flake.nix --apply 'x: builtins.attrNames x.inputs' --json \
+    | gum choose --no-limit --height=15 \
-    | { printf "%s\n" --commit-lock-file; jq '.[]' -r | grep -vxF "self" ||:; } \
+    | xargs -L 1 nix flake lock --update-input
-    | gum choose --no-limit --header "Choose extra arguments:" \
-    | tee >(xargs -d'\n' echo + nix flake update "$@" >&2) \
-    | xargs -d'\n' nix flake update "$@"
-
-@repl $machine=`just _a_machine` *_:
-  set -v; NIX_NO_NOM=1 nixos-rebuild --flake .#"$machine" repl "${@:2}"
-
-@eval $machine=`just _a_machine` $attrpath="system.build.toplevel.outPath" *_:
-  set -v; nix eval {{nix_eval_opts}} ".#nixosConfigurations.\"$machine\".config.$attrpath" --show-trace "${@:3}"
-
-@eval-vm $machine=`just _a_machine` $attrpath="system.build.toplevel.outPath" *_:
-  just eval "$machine" "virtualisation.vmVariant.$attrpath" "${@:3}"
 
 
-# helpers
-
-[no-exit-message]
 _a_machine:
-  #!/usr/bin/env -S sh -euo pipefail
+  nix eval .#nixosConfigurations --apply builtins.attrNames --json | jq .[] -r | gum filter
-  machines="$(
-    nix eval {{nix_eval_opts}} .#nixosConfigurations --apply builtins.attrNames --json | jq .[] -r
-  )"
-  [ -n "$machines" ] || { echo >&2 "ERROR: no machines found"; false; }
-  if [ -s .direnv/vars/last-machine.txt ]; then
-    machines="$(
-      grep <<<"$machines" -xF  "$(cat .direnv/vars/last-machine.txt)" ||:
-      grep <<<"$machines" -xFv "$(cat .direnv/vars/last-machine.txt)" ||:
-    )"
-  fi
-  choice="$(gum filter <<<"$machines")"
-  mkdir -p .direnv/vars
-  cat <<<"$choice" >.direnv/vars/last-machine.txt
-  cat <<<"$choice"

modules/gickup/default.nix

@@ -57,6 +57,7 @@ in
                     (lib.removePrefix "${repoType}:")
                     (lib.splitString "/")
                     builtins.head
+                    lib.toLower
                   ];
 
           repo = if repoType == "any"
@@ -65,11 +66,12 @@ in
                     (lib.removePrefix "${repoType}:")
                     (lib.splitString "/")
                     lib.last
+                    lib.toLower
                   ];
 
           slug = if repoType == "any"
-                 then lib.toLower (builtins.replaceStrings [ ":" "/" ] [ "-" "-" ] submoduleName)
+                 then builtins.replaceStrings [ ":" "/" ] [ "-" "-" ] submoduleName
-                 else "${lib.toLower repoType}-${lib.toLower owner}-${lib.toLower repo}";
+                 else "${repoType}-${owner}-${repo}";
         };
       in {
         options = {

modules/gickup/update-linktree.nix

@@ -5,14 +5,6 @@ in
 {
   config = lib.mkIf cfg.enable {
     # TODO: run upon completion of cloning a repository
-    systemd.timers."gickup-linktree" = {
-      wantedBy = [ "timers.target" ];
-      timerConfig = {
-        OnCalendar = "daily";
-        Persistent = true;
-        Unit = "gickup-linktree.service";
-      };
-    };
 
     # TODO: update symlink for one repo at a time (e.g. gickup-linktree@<instance>.service)
     systemd.services."gickup-linktree" = {

modules/grzegorz.nix

@@ -13,11 +13,6 @@ in {
     enablePipewire = true;
   };
 
-  systemd.user.services.restart-greg-ng = {
-    script = "systemctl --user restart greg-ng.service";
-    startAt = "*-*-* 06:30:00";
-  };
-
   services.grzegorz-webui = {
     enable = true;
     listenAddr = "localhost";

shell.nix

@@ -1,18 +1,6 @@
 { pkgs ? import <nixpkgs> {} }:
-
-let
-  nixos-rebuild-nom = pkgs.writeScriptBin "nixos-rebuild" ''
-    if [[ -t 1 && -z "''${NIX_NO_NOM-}" ]]; then
-      exec ${pkgs.lib.getExe pkgs.nixos-rebuild} -L "$@" |& ${pkgs.lib.getExe pkgs.nix-output-monitor}
-    else
-      exec ${pkgs.lib.getExe pkgs.nixos-rebuild} -L "$@"
-    fi
-  '';
-in
-
 pkgs.mkShellNoCC {
   packages = with pkgs; [
-    nixos-rebuild-nom
     just
     jq
     gum

users/oysteikt.nix

@@ -13,6 +13,7 @@
       bottom
       eza
       neovim
+      diskonaut
       ripgrep
       tmux
     ];