Compare commits

...

245 Commits

Author SHA1 Message Date
13c921c47b bekkalokk: Update nettsiden (re-enable events)
All checks were successful
Eval nix flake / evals (push) Successful in 6m42s
2025-01-17 23:11:19 +01:00
819fcef4c2
flake.lock: bump greg-ng
All checks were successful
Eval nix flake / evals (push) Successful in 3m48s
2025-01-11 15:02:00 +01:00
102a6f9011
flake.lock: bump nix-gitea-themes
All checks were successful
Eval nix flake / evals (push) Successful in 29m22s
2025-01-10 18:51:41 +01:00
86e68f496e
bekkalokk/gitea: add declarative label set 'projects' 2025-01-10 18:51:40 +01:00
394ff94033
flake.nix: move grz projects from Projects to Grzegorz
All checks were successful
Eval nix flake / evals (push) Successful in 5m41s
2025-01-06 16:34:22 +01:00
6cb7f576a5
bekkalokk/gitea-scripts: add Grzegorz organization 2025-01-06 16:34:22 +01:00
edb448f7a0
ustetind/gitea-runners: update docker image, update registration keys
All checks were successful
Eval nix flake / evals (push) Successful in 4m22s
2024-12-22 23:17:41 +01:00
4507ffe2ab
base/auto-upgrade: switch ref back to main
All checks were successful
Eval nix flake / evals (push) Successful in 4m34s
2024-12-22 23:04:08 +01:00
882a8f2e88 bekkalokk: Update nettsiden
Some checks are pending
Eval nix flake / evals (push) Waiting to run
2024-12-21 23:50:53 +01:00
65da25da7e
packages/mediawiki-extensions: update all
Some checks are pending
Eval nix flake / evals (push) Waiting to run
2024-12-10 21:05:21 +01:00
fd81d61a56
common/logrotate: remove custom hardening now that nixpkgs provides it 2024-12-10 21:05:21 +01:00
2776273a27
flake update 2024-12-10 21:05:20 +01:00
ebc5b269ef
24.11 2024-12-10 21:05:20 +01:00
850d0b0ec5
bekkalokk/gitea-web: fix SSH access
All checks were successful
Eval nix flake / evals (push) Successful in 13m28s
2024-12-10 21:05:06 +01:00
02792fc20e
bekkalokk/gitea: fix api pagination for web secret provider
All checks were successful
Eval nix flake / evals (push) Successful in 4m14s
2024-12-10 19:35:10 +01:00
40dd069a52 ustetind/gitea-runners: fix podman dns
All checks were successful
Eval nix flake / evals (push) Successful in 4m25s
2024-12-09 23:25:54 +01:00
04a838fc62
flake.nix: nixlib -> lib
Some checks failed
Eval nix flake / evals (push) Has been cancelled
2024-12-09 22:33:39 +01:00
1f85208587
hosts/ustetind: set up gitea-runners 2024-12-09 22:24:54 +01:00
c10c6d5a09 hosts/ustetind: init 2024-12-09 21:31:30 +01:00
6301688c95
common/smartd: only run on non-virtualized hardware
It's still part of the simulation tho
2024-12-09 21:03:50 +01:00
0ed0a3a504
flake.nix: make outputs.inputs buildable 2024-12-08 00:29:59 +01:00
5242d99260
bekkalokk/gitea: add gpg signing key 2024-11-24 03:23:54 +01:00
c60597dc5a Merge pull request 'Let smartd send mail notification' (!92) from add-mail-to-smartd into main
Reviewed-on: #92
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>

Closes #92
2024-11-24 01:09:58 +01:00
69462bf486 let smartd send mail notification 2024-11-24 01:01:55 +01:00
7d4ccf1972 Merge pull request 'Add user frero' (!91) from add-user-frero into main
Reviewed-on: #91
2024-11-23 22:40:43 +01:00
c87a81eeee users: add frero 2024-11-23 22:39:53 +01:00
3bdfb4c297 Add function to make paths from flake root
No more ../../../../../../
2024-11-17 00:08:02 +01:00
8285d91401 Merge pull request 'Ildkule: Move monitoring state directories to data volume' (!88) from ildkule-data-volume into main
Reviewed-on: #88
Reviewed-by: Daniel Lovbrotte Olsen <danio@pvv.ntnu.no>
2024-11-10 02:30:11 +01:00
b07cd5fbf6 systemd hardening for pvv-nettsiden-gallery-update.service (!90)
#133

Reviewed-on: #90
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
Co-authored-by: Alf Helge Jakobsen <alfhj@stud.ntnu.no>
Co-committed-by: Alf Helge Jakobsen <alfhj@stud.ntnu.no>
2024-11-09 22:22:09 +01:00
2d52ebce52 Ildkule: hardware-config: use UUIDs 2024-11-09 21:42:44 +01:00
464576e856
flake.lock: bump greg-ng 2024-11-09 19:43:07 +01:00
df35715978 Merge pull request 'Add alfhj.nix' (!89) from newusersconfig into main
Reviewed-on: #89
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
2024-11-09 19:40:03 +01:00
165ff56948 Add alfhj.nix 2024-11-09 19:35:19 +01:00
11f6ef0572 Ildkule: Move monitoring state directories to data volume 2024-11-09 15:21:12 +01:00
815f48c30d
flake.lock: bump greg-ng 2024-10-22 19:50:29 +02:00
4985bac3ba
flake.lock: bump greg-ng 2024-10-20 23:18:35 +02:00
9e41c3374d Merge pull request 'bekkalokk/nginx: host .well-known' (!79) from move-well-known-to-bekkalokk into main
Reviewed-on: #79
Reviewed-by: Daniel Lovbrotte Olsen <danio@pvv.ntnu.no>
2024-10-20 01:35:22 +02:00
f39fee4213
bekkalokk/nginx: host .well-known 2024-10-20 01:34:41 +02:00
4c77c9fc67 Merge pull request 'greg-ng 🎉' (!86) from greg-ng-working-branch into main
Reviewed-on: #86
Reviewed-by: Felix Albrigtsen <felixalb@pvv.ntnu.no>
2024-10-20 01:30:26 +02:00
7938e8135f
flake.lock: bump 2024-10-19 23:31:29 +02:00
cbc3490882
modules/grzegorz: use greg-ng 2024-10-19 23:31:28 +02:00
47ed79986c bicep/matrix: use sops templates for appservice registrations 2024-10-14 15:46:58 +02:00
5aed665cc8 flake update 2024-10-14 00:24:29 +02:00
2c86a2d812 bicep/matrix/hookshot: More configuration 2024-10-14 00:13:15 +02:00
d4fd3f8332 bicep/matrix/hookshot: add nginx 2024-10-13 06:03:26 +02:00
Joakim Pettersvold
c1833eb07c bicep/matrix/hookshot: Configure matrix-hookshot
Co-authored-by: Daniel Olsen <daniel.olsen99@gmail.com>
2024-10-13 05:50:22 +02:00
Finn Landweber
5ee23ef2e2 bicep/matrix/hookshot: Backported from nixpkgs
Co-authored-by: Joakim Pettersvold <joakimpokemeg@hotmail.no>
2024-10-13 05:50:22 +02:00
f5c16f46f1 Merge pull request 'disable-postgres-on-bekkalokk' (!85) from disable-postgres-on-bekkalokk into main
Reviewed-on: #85
Reviewed-by: Daniel Lovbrotte Olsen <danio@pvv.ntnu.no>
2024-10-13 02:34:45 +02:00
aa71d497f1
bekkalokk/roundcube: add postgres password 2024-10-12 23:57:27 +02:00
c56d157c3f add registration secret 2024-10-12 23:49:10 +02:00
4fbd823be6 bekkalokk/roundcube: add database.host 2024-10-12 22:53:42 +02:00
6c9e651e59 bekkalokk/gitea: Add important emoji reactions 2024-10-12 22:42:59 +02:00
f56e73548c base: openssh fix 2024-10-12 22:32:18 +02:00
c62ea129ed Merge pull request 'base openssh added sleipner ssh keys' (!83) from sleipner-authorised-keys into main
Reviewed-on: #83
2024-10-12 21:48:08 +02:00
4b41ddcf5d base: openssh added sleipner ssh keys 2024-10-12 21:47:31 +02:00
abec66b287 users/danio: add to wheel 2024-10-08 14:08:17 +02:00
aa884353c7 Merge pull request 'Add ipv6 gateway' (!82) from ipv6-fix into main
Reviewed-on: #82
Reviewed-by: Daniel Lovbrotte Olsen <danio@pvv.ntnu.no>
2024-09-28 21:44:55 +02:00
2147b56864 Add ipv6 gateway 2024-09-28 21:35:57 +02:00
a7fe2aabc5 bicep/matrix/coturn: disable ipv6 to fix the service running at all
coturn is just fundamentally broken, look at trying eturnal instead
2024-09-27 07:30:48 +02:00
cd23e35aac bicep/matrix: update module and remove deprecated options 2024-09-27 06:38:12 +02:00
06668cda79 Merge pull request 'flake.lock: Update' (!81) from sounding into main
Reviewed-on: #81
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
2024-09-21 22:19:36 +02:00
2861f939b7 Merge pull request 'auto-upgrade: store flake input refs' (!80) from retain-flake-inputs into main
Reviewed-on: #80
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
2024-09-21 22:19:18 +02:00
166b80988a flake.lock: Update
Flake lock file updates:

• Updated input 'grzegorz':
    'github:Programvareverkstedet/grzegorz/0481aef6553ae9aee86e4edb4ca0ed4f2eba2058' (2024-05-18)
  → 'git+https://git.pvv.ntnu.no/Projects/grzegorz.git?ref=refs/heads/master&rev=d10db19d7df5c5c2cd2dcb878376d5d681f6c2f2' (2024-09-20)
• Updated input 'grzegorz/fix-python':
    'github:GuillaumeDesforges/fix-python/f7f4b33e22414071fc1f9cbf68072c413c3a7fdf' (2024-04-23)
  → 'github:GuillaumeDesforges/fix-python/2926402234c3f99aa8e4608c51d9ffa73ea403c0' (2024-09-04)
• Updated input 'grzegorz-clients':
    'github:Programvareverkstedet/grzegorz-clients/b9444658fbb39cd1bf1c61ee5a1d5f0641c49abe' (2024-05-19)
  → 'git+https://git.pvv.ntnu.no/Projects/grzegorz-clients.git?ref=refs/heads/master&rev=546d921ec46735dbf876e36f4af8df1064d09432' (2024-09-20)
2024-09-20 22:49:19 +02:00
4913b22ab9 auto-upgrade: store flake input refs 2024-09-16 02:51:20 +02:00
4e81647fb6 auto-upgrade: --update-input -> --override-input 2024-09-15 19:14:03 +02:00
5a76b62700 Merge pull request 'add gitea metrics' (!78) from gitea-metric into main
Reviewed-on: #78
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
2024-09-14 20:33:28 +02:00
0f77a42e34 Grafana: Add Gitea Dashbaord [sic] 2024-09-14 20:28:35 +02:00
c64d28fc26 Prometheus: Monitor gitea metrics 2024-09-14 20:21:12 +02:00
179d0743ce gitea: export metric issue #101 2024-09-14 19:26:25 +02:00
47fa3759c3 buskerud: remove
This is now a proxmox machine :grr:
2024-09-05 18:00:42 +02:00
3a37fefd4d fixup! Merge pull request 'Fix Ildkule/Openstack networking' (!75) from fix-openstack-networking into main 2024-09-05 14:24:40 +02:00
47d7b88a05 ildkule/prometheus: consolidate scrape jobs and label with hostname for base info 2024-09-05 14:14:28 +02:00
78456063ba Merge pull request 'Fix Ildkule/Openstack networking' (!75) from fix-openstack-networking into main
Reviewed-on: #75
2024-09-05 01:58:50 +02:00
ca287b95c9 Ildkule/openstack: fix networking
Removes systemd-networkd, and configures proper ipv4 and ipv6 in
openstack.
2024-09-05 00:24:22 +02:00
7e95b77e15 grzegorz: follow stable nix channel
It broke because sanic
2024-09-03 13:28:13 +02:00
669733309b ildkule: get systemd stats from more machines 2024-09-03 13:10:36 +02:00
4ed12573ff ildkule: fix system activation by disabling smartd 2024-09-03 13:07:58 +02:00
8418cc016c fix biceps systemd units failing on activation 2024-09-03 13:00:12 +02:00
b4c602e31c metrics: install systemd exporter 2024-09-02 23:12:24 +02:00
3a0b8e270d bekkalokk/idp: Disallow bots 2024-09-02 23:11:44 +02:00
9505223dc9 justfile: fix flake input updating 2024-09-02 19:33:15 +02:00
201784fa21 bluemap on bekkalokk 💀 2024-09-02 15:11:32 +02:00
ccefcb01fa flake.lock update 2024-09-02 14:12:39 +02:00
f7e2c74f89 base: enable rebuilding nixos-config without updating the channels used 2024-09-01 22:10:58 +02:00
161265d346 Bekkalokk/Nettsiden: deploy #78 2024-09-01 20:13:56 +02:00
f85d18769f
common: clean /tmp on boot by default 2024-09-01 03:29:46 +02:00
b47a626427
common/openssh: socket activate 2024-09-01 03:21:13 +02:00
4d65b9fd1d
common/sudo: misc config 2024-09-01 03:17:15 +02:00
f3e094520e
common/postfix: init 2024-09-01 03:13:18 +02:00
69f98933a4
common/smartd: add smartctl to environment packages 2024-09-01 01:55:38 +02:00
bf2959c68d
common/nix: flesh out 2024-09-01 01:44:59 +02:00
17f0268d12
common/irqbalance: init 2024-09-01 01:39:35 +02:00
ebce0eb67a
common/smartd: init 2024-09-01 01:23:15 +02:00
b48230e811
bekkalokk/btrfs: scrubbalubba dubdub 2024-09-01 01:04:28 +02:00
914eb35c5a add a route for /_synapse/admin, point mjolnir at it
This is whitelisted to just bicep

As a side-effect it's also much easier to use synapse-admin now
2024-09-01 00:34:42 +02:00
8610a59f35
base.nix: split into multiple files 2024-08-31 22:28:17 +02:00
bd42412b94 bekkalokk/gitea/import-users: refactor + add members to groups 2024-08-27 22:07:29 +02:00
ef3b146b58 bekkalokk/gitea: don't autowatch all members to all projects 2024-08-27 09:26:00 +02:00
bb4662b345 modules/snakeoil-certs: fix lmao 2024-08-26 20:43:34 +02:00
5b1c04e4b8 bicep/postgres: use snakeoil certs 2024-08-26 20:43:34 +02:00
3fa7f67027 bekkalokk/gitea-web: host pages 2024-08-26 20:36:03 +02:00
b0f555667c bekkalokk/gitea: set up gitea-web sync units 2024-08-26 20:36:03 +02:00
ef418bf125
base/logrotate: systemd hardening + more 2024-08-22 23:00:45 +02:00
945d53cdb4
bekkalokk/vaultwarden: systemd hardening 2024-08-22 22:59:32 +02:00
cf3b62e01e
bekkalokk/phpfpm-*: systemd hardening 2024-08-22 22:58:48 +02:00
c12a47cee0
flake.nix: bump calendar bot 2024-08-17 01:19:46 +02:00
b9ef27565f
Bump calendar-bot 2024-08-16 09:16:26 +02:00
f5c99b58c8
bicep/calendar-bot: reactivate 2024-08-15 23:22:50 +02:00
c780f7954c Merge pull request 'justfile: add recipe run-vm' (!64) from run-vm into main
Reviewed-on: #64
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
2024-08-15 21:14:29 +02:00
d64d8edd68 bekkalokk/gitea: add some extra tabs 2024-08-14 17:36:19 +02:00
4de7bd09bd Merge pull request 'enable thermald on physical machines' (!61) from thermald into main
Reviewed-on: #61
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
2024-08-14 17:31:44 +02:00
0f5c48902b Merge pull request 'users: disable password login for users in @wheel' (!62) from fix-deploy into main
Reviewed-on: #62
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
2024-08-14 17:31:08 +02:00
2ff69dfec6 justfile: add recipe run-vm 2024-08-14 17:25:55 +02:00
36a8868f94 users: disable password login for users in @wheel 2024-08-11 03:42:26 +02:00
fe3e5d6a3d enable thermald on physical machines 2024-08-10 23:55:29 +02:00
2f3bcaf124 shell.nix: fix typo 2024-08-10 18:15:31 +02:00
c6684d5146 Merge pull request 'justfile: init' (!56) from justfile into main
Reviewed-on: #56
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
2024-08-07 12:22:04 +02:00
f6cb934ffb Merge pull request 'flake.nix: simplify allMachines' (!59) from attrnames into main
Reviewed-on: #59
Reviewed-by: Daniel Lovbrotte Olsen <danio@pvv.ntnu.no>
2024-08-04 23:44:54 +02:00
9625258942 Merge pull request 'flake.nix: export snakeoil-certs and snappymail nixos modules' (!58) from export-modules into main
Reviewed-on: #58
Reviewed-by: Daniel Lovbrotte Olsen <danio@pvv.ntnu.no>
2024-08-04 23:44:19 +02:00
34637e383a justfile: add update-inputs recipe 2024-08-04 17:19:40 +02:00
0bfa6ac329 flake.nix: export inputs 2024-08-04 17:19:33 +02:00
2c3261de74 flake.nix: simplify allMachines 2024-08-04 17:11:21 +02:00
c2e6f294ea flake.nix: export snakeoil-certs and snappymail nixos modules 2024-08-04 16:48:21 +02:00
41e94695f0 Merge pull request 'editorconfig' (!55) from editorconfig into main
Reviewed-on: #55
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
2024-08-04 16:20:23 +02:00
c6b4ea9929 add .git-blame-ignore-revs 2024-08-04 04:39:17 +02:00
9dbf5d56f5 fix whitespacing issues 2024-08-04 04:37:23 +02:00
64b5bb548b editorconfig: init 2024-08-04 04:35:25 +02:00
261c8e0811 Merge pull request 'Run statix' (!54) from statix into main
Reviewed-on: #54
Reviewed-by: Daniel Lovbrotte Olsen <danio@pvv.ntnu.no>
2024-08-04 04:26:23 +02:00
4476cdcbbc justfile: init 2024-08-04 03:28:17 +02:00
f475243b94 Merge pull request 'sops: add pederbs' (!51) from pederbs-sops into main
Reviewed-on: #51
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
2024-08-04 02:56:31 +02:00
f382109b4a Merge pull request 'users: add pederbs' (!49) from user-pederbs into main
Reviewed-on: #49
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
2024-08-04 02:46:59 +02:00
e5e3100639 Merge pull request 'direnv: yes' (!50) from direnv into main
Reviewed-on: #50
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
2024-08-04 02:46:18 +02:00
5853e42c1b Merge pull request 'SimpleSamlPHP: use concatLines' (!53) from concatlines into main
Reviewed-on: #53
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
2024-08-04 02:46:01 +02:00
d59aa08986 Merge pull request 'shell.nix: remove cc' (!52) from shell-cc into main
Reviewed-on: #52
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
2024-08-04 02:44:52 +02:00
95a5603f27
secrets: run sops updatekeys on everything 2024-08-04 02:04:29 +02:00
1714681532 statix fix 2024-08-04 01:46:00 +02:00
314c7960d1 statix: init 2024-08-04 01:45:20 +02:00
43d353190c SimpleSamlPHP: use concatLines 2024-08-04 01:42:32 +02:00
eb74d011db shell.nix: remove cc 2024-08-04 01:30:02 +02:00
b52de48455 sops: add pederbs 2024-08-04 01:24:54 +02:00
510f385f4a direnv: yes 2024-08-04 01:19:22 +02:00
e25ba96096 users: add pederbs 2024-08-04 00:58:11 +02:00
53040bada1
flake.lock: update pvv-nettsiden 2024-08-04 00:09:32 +02:00
2030d4de39 fix-openstack-networking (!47)
Fix networking in Openstack.

This rewrites the systemd-networkd config, fixing both dhcp and manual address/route configurations.
Now, everything should behave predictably, routing NTNU-internal and NTNU-global addresses separately and properly across both ipv4 and ipv6.

Reviewed-on: #47
2024-07-31 11:23:00 +02:00
c7797bdd04 Merge pull request 'SimpleSAMLPHP/MediaWiki: Update deprecated --replace' (!48) from fix-replace-warn into main
Reviewed-on: #48
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
2024-07-28 23:30:44 +02:00
615b5fc1f1 SimpleSAMLPHP/MediaWiki: Update deprecated --replace 2024-07-28 23:28:33 +02:00
a0a837e26d Merge pull request 'bekkalokk/gitea: direct non-logged-in users to the explore tab' (!46) from gitea-explore into main
Reviewed-on: #46
Reviewed-by: Felix Albrigtsen <felixalb@pvv.ntnu.no>
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
2024-07-28 23:10:38 +02:00
8f3013dc00 bekkalokk/gitea: direct non-logged-in users to the explore tab
This is a much more interesting page rather than trying to sell gitea
2024-07-19 21:19:06 +02:00
78caceddce flake: remove nettsiden from output function scope
This is referred to by inputs anyways
2024-07-18 16:24:42 +02:00
868764e0cd bekkalokk/mediawiki: misc configuration 2024-07-10 19:04:55 +02:00
7c3ff2068d bekkalokk/mediawiki: add some more extensions 2024-07-10 19:04:36 +02:00
9d3f1381bf packages/mediawiki-extensions: refactor 2024-07-10 18:59:16 +02:00
f3a29429aa bekkalokk/gitea: set default email notification preference to 'onmention' 2024-07-10 00:18:01 +02:00
1591fdb7cc bekkalokk/mediawiki: re-enable DeleteBatch extension 2024-07-08 19:56:43 +02:00
ed28ba28f3 bekkalokk/mediawiki: leave togglable debug flags for future use 2024-07-08 19:55:52 +02:00
52b46667b1 packages/mediawiki-extensions: use fetchgit 2024-07-08 19:54:42 +02:00
d0f63b2fc8 packages/mediawiki-extensions: bump all 2024-07-08 16:55:01 +02:00
0301691b1c
gitea: enable notification mails 2024-07-04 20:41:46 +02:00
946555e408
gitea: add subject prefix to mail 2024-07-04 20:36:44 +02:00
e02062417a
gitea: move state back to /var/lib 2024-07-04 20:31:51 +02:00
b2806d78af
gitea: enable lfs 2024-07-04 20:30:55 +02:00
de2c7ea6f1
gitea: install custom images to correct dir 2024-07-04 20:29:50 +02:00
106081c967 Merge pull request 'all: Update to nixos-24.05' (!43) from 24.05-for-real into main
Reviewed-on: #43
2024-06-30 01:55:41 +02:00
ca2deed668 WIP: all: Update to nixos-24.05 2024-06-30 01:55:25 +02:00
bb2f7899db Merge pull request 'bekkalokk/gitea: set default licenses and repo units' (!44) from gitea-set-misc-repo-settings into main
Reviewed-on: #44
2024-06-29 23:16:17 +02:00
c2b35a7ae4
bekkalokk/gitea: set default licenses and repo units 2024-06-29 23:14:41 +02:00
c88c3f87e0 buskerud: add libvirtd 2024-06-22 17:36:30 +02:00
c5bad75edc bekkalokk/nettsiden: Update nettsiden to disable recurring events 2024-06-19 22:15:36 +02:00
71479d5ca0 quickfix: bekkalokk/mediawiki: remove DeleteBatch 2024-05-27 11:02:35 +02:00
cf01792269 bekkalokk/vaultarden: Add kTLS 2024-05-26 10:50:29 +02:00
afae0da0b6 Merge pull request 'bekkalokk: add vaultwarden' (!40) from bekkalokk-vaultwarden into main
Reviewed-on: #40
2024-05-26 04:21:28 +02:00
35d745b156 bekkalokk: add vaultwarden 2024-05-26 04:19:17 +02:00
218ee776c7 Merge pull request 'packages/mediawiki-extensions: use stable url' (!35) from fix-mediawiki-extensions-url into main
Reviewed-on: #35
2024-05-26 02:45:04 +02:00
3a972f03f7
flake: move mediawiki-extensions back to packages 2024-05-26 02:42:31 +02:00
96024efa28
flake: move mediawiki-extensions to legacyPackages 2024-05-26 02:42:31 +02:00
af54cc2df4
packages/mediawiki/pluggable-auth: fix typo 2024-05-26 02:42:31 +02:00
6f6721ce07
packages/mediawiki-extensions: use stable url 2024-05-26 02:42:28 +02:00
1c35da0295 Merge pull request 'bekkalokk: add snappymail' (!39) from bekkalokk-snappymail into main
Reviewed-on: #39
2024-05-26 01:52:17 +02:00
5fb1b805a8 bekkalokk: add snappymail 2024-05-26 01:07:27 +02:00
a38a12c429
flake.lock: update pvv-nettsiden 2024-05-19 22:27:59 +02:00
898e362a9f Merge pull request 'bekkalokk/website: add sp metadata for all domains' (!34) from add-sp-metadata-for-all-website-domains into main
Reviewed-on: #34
2024-05-14 05:27:44 +02:00
c267820426 overlays/nginx-test: drop 2024-05-13 07:04:00 +02:00
a57b5f07f9 Merge pull request 'gitea: setup mail' (!38) from gitea-setup-mail into main
Reviewed-on: #38
2024-05-12 02:27:37 +02:00
bcf2ceed32
gitea: setup mail 2024-05-12 02:26:13 +02:00
0a3d1e3696 overlays/nginx-test
just start replacing shit, we're not even testing the actual config now
This sucks
nginx should make a proper validation tool that doesnt do DNS request on every hostname mentioned in the config file.
Not to mention trying to actually listen on the ip-address and port
Why?? Why is TEST failing because it can't bind to the SAME address nginx is probably in production listening on already??
2024-05-12 02:22:12 +02:00
45eea1a791 update flake.lock 2024-05-12 02:22:12 +02:00
200224d2c1 Merge pull request 'bekkalokk: misc gitea cleanup' (!33) from misc-gitea-cleanup into main
Reviewed-on: #33
2024-05-12 02:12:55 +02:00
dcf29b76b8 bicep/matrix: allow global address of new ildkule to access metrics
All checks were successful
Eval nix flake / evals (push) Successful in 1h30m46s
2024-04-24 03:03:53 +02:00
55e8f01d1d Upgrade ildkule (!36)
Some checks failed
Eval nix flake / evals (push) Failing after 3h12m29s
This PR is made while moving Ildkule from PVE on joshua, to Openstack on stack.it.ntnu.no.

- The main monitoring dashboard is moved from https://ildkule.pvv.ntnu.no to https://grafana.pvv.ntnu.no.
- A new service is added: uptime-kuma on https://uptime.pvv.ntnu.no.
- The (hardware) configuration for ildkule is updated to fit the new virtualization environment, boot loader, network interfaces, etc.
- Metrics exporters on other hosts should be updated to allow connections from the new host

As this is the first proper server running on openstack, and therefore outside our main IP range, we might discover challenges in our network structure. For example, the database servers usually only allow connections from this range, so Ildkule can no longer access it. This should be explored, documented and/or fixed as we move more services.

Reviewed-on: #36
Co-authored-by: Felix Albrigtsen <felix@albrigtsen.it>
Co-committed-by: Felix Albrigtsen <felix@albrigtsen.it>
2024-04-21 23:36:25 +02:00
b7b1c73bfa
bekkalokk/gitea: use systemd unit for gitea customization
Some checks failed
Eval nix flake / evals (pull_request) Failing after 47s
Eval nix flake / evals (push) Failing after 14m41s
2024-04-16 01:02:21 +02:00
19d5ddc688 Merge pull request 'bekkalokk: remove keycloak' (!30) from bekkalokk-remove-keycloak into main
Some checks failed
Eval nix flake / evals (push) Failing after 1m49s
Reviewed-on: #30
2024-04-15 00:00:17 +02:00
6851879a03
bekkalokk: remove keycloak
Some checks failed
Eval nix flake / evals (pull_request) Failing after 1m39s
Eval nix flake / evals (push) Failing after 1m41s
2024-04-14 23:59:46 +02:00
70603145cf
bekkalokk/website: add sp metadata for all domains
Some checks failed
Eval nix flake / evals (pull_request) Failing after 1m49s
Eval nix flake / evals (push) Failing after 41s
2024-04-14 17:06:01 +02:00
1e4195ea9d bekkalokk: pvv-nettsiden-gallery: Improve thumbnail generation
Some checks failed
Eval nix flake / evals (push) Failing after 1m46s
2024-04-14 02:04:45 +02:00
ee335e3712 bicep/synapse: fix registering users via smtp
Some checks failed
Eval nix flake / evals (push) Failing after 2m0s
2024-04-14 01:52:17 +02:00
ffbf855f24 update flake for grzegorz
Some checks failed
Eval nix flake / evals (push) Failing after 1m52s
2024-04-12 02:35:49 +02:00
28e7a63d33 update flake lock and remove non-derivations from flake ouput
Some checks failed
Eval nix flake / evals (push) Failing after 1m47s
2024-04-12 00:42:29 +02:00
01f0e63a49 use getExe' to silence errors 2024-04-12 00:41:57 +02:00
ae4ace9fa2 Merge pull request 'treewide: run nginx -t on all nginx config files' (!32) from test-nginx-overlay into main
Some checks failed
Eval nix flake / evals (push) Failing after 1m46s
Reviewed-on: #32
2024-04-11 23:39:42 +02:00
8c72088d9c dynamically get configured acme certs for nginx test
Some checks failed
Eval nix flake / evals (push) Failing after 1m44s
Eval nix flake / evals (pull_request) Failing after 1m51s
2024-04-11 23:29:05 +02:00
0056029da7 treewide: bubblewrap nginx test 2024-04-11 23:28:54 +02:00
9b4fbd847f treewide: run nginx -t on all nginx config files 2024-04-11 23:28:54 +02:00
5bed292a01
bekkalokk/gitea: move user import stuff to separate nix file 2024-04-11 21:47:44 +02:00
36b7087a3f
base.nix: hotfix for hotfix for nginx on bicep (3352e48f)
Some checks failed
Eval nix flake / evals (push) Failing after 1m49s
Turns out the settings were in biceps local nginx config
2024-04-11 20:41:02 +02:00
1919da7a1c bicep/matrix: remove SAML authentication
Some checks failed
Eval nix flake / evals (push) Failing after 1m50s
2024-04-11 19:55:10 +02:00
0950fedf98 bekkalokk/website: fix some nginx location directives
Some checks failed
Eval nix flake / evals (push) Failing after 1m50s
2024-04-11 13:21:11 +02:00
614c2d624c
bekkalokk/webmail: add redirects for old webmail locations
Some checks failed
Eval nix flake / evals (push) Failing after 1m45s
2024-04-11 10:47:13 +02:00
3352e48f47
base.nix: hotfix for nginx on bicep
Some checks failed
Eval nix flake / evals (push) Failing after 1m51s
the matrix-synapse-next module seems to already add some of the nginx
options we set in base.nix, making it fail. These should only be set if
they're not already set by this module
2024-04-11 10:30:14 +02:00
db211c2304 bekkalokk/website: don't try to listen for ntnu.org
Some checks failed
Eval nix flake / evals (push) Failing after 1m48s
2024-04-11 05:31:33 +02:00
4f322ec0b1 Merge pull request 'finalize-www-migration' (!31) from finalize-www-migration into main
Some checks failed
Eval nix flake / evals (push) Failing after 1m40s
Reviewed-on: #31
2024-04-11 00:57:20 +02:00
79bf307ef2 bekkalokk: Reconfigure www ingress
Some checks failed
Eval nix flake / evals (push) Failing after 1m46s
Eval nix flake / evals (pull_request) Failing after 1m52s
2024-04-11 00:48:07 +02:00
4d50efc6db Finalize www/idp/webmail migration from spikkjeposche to bekkalokk
Some checks failed
Eval nix flake / evals (push) Failing after 1m48s
2024-04-10 23:31:04 +02:00
145a840a2c Merge pull request 'Setup pvv-nettsiden on www2.pvv.ntnu.no' (!27) from www2 into main
Some checks failed
Eval nix flake / evals (push) Failing after 1m47s
Reviewed-on: #27
2024-04-10 23:05:37 +02:00
2bbc851e0e Point inputs/nettsiden to master after Projects/nettsiden#53
Some checks failed
Eval nix flake / evals (push) Failing after 1m48s
Eval nix flake / evals (pull_request) Failing after 1m48s
2024-04-10 23:04:20 +02:00
9577477460 bekkalokk/nettsiden: add secrets 2024-04-10 23:04:20 +02:00
fc19a8f1e1 bekkalokk: Automatically unpack pvv-nettsiden/gallery and generate thumbnails 2024-04-10 23:04:20 +02:00
8657e77514 bekkalokk: set up pvv-nettsiden 2024-04-10 23:04:18 +02:00
03c9638098 Merge pull request 'treewide: nginx optimizations' (!29) from treewide-nginx-optimizations into main
Some checks failed
Eval nix flake / evals (push) Failing after 1m47s
Reviewed-on: #29
2024-04-10 22:54:39 +02:00
065992620e treewide: nginx optimizations
Some checks failed
Eval nix flake / evals (push) Failing after 1m47s
Eval nix flake / evals (pull_request) Failing after 1m54s
2024-04-10 22:06:44 +02:00
e22c7d5b4d added terminfo for foot to adriangl
Some checks failed
Eval nix flake / evals (push) Failing after 1m46s
2024-04-09 20:46:14 +02:00
4fcc1fd5e9 flake.lock: update nix-gitea-themes
Some checks failed
Eval nix flake / evals (push) Failing after 1m47s
2024-04-09 20:33:38 +02:00
05a1f049dc Merge pull request 'gitea: add theming module' (!28) from init-gitea-themes into main
Some checks failed
Eval nix flake / evals (push) Failing after 2m13s
Reviewed-on: #28
2024-04-09 20:32:29 +02:00
fbbc54328b gitea: add theming module
Some checks failed
Eval nix flake / evals (push) Failing after 1m51s
Eval nix flake / evals (pull_request) Failing after 1m54s
2024-04-09 01:52:57 +02:00
d8e13ff67c Update users/adriangl.nix
Some checks failed
Eval nix flake / evals (push) Failing after 1m50s
2024-04-08 21:21:24 +02:00
42fd371c3b
mediawiki: restart phpfpm on updated secrets
Some checks failed
Eval nix flake / evals (push) Failing after 2m11s
2024-04-06 23:57:37 +02:00
f25a4e5c02 Merge pull request 'mediawiki: add VisualEditor' (#26) from mediawiki-add-visual-editor into main
Some checks failed
Eval nix flake / evals (push) Failing after 1m47s
Reviewed-on: #26
2024-04-06 21:19:41 +02:00
6e1b06731f bekkalokk: add VisualEditor to mediawiki extensions
Some checks failed
Eval nix flake / evals (push) Failing after 1m53s
Eval nix flake / evals (pull_request) Failing after 1m42s
2024-04-06 21:09:01 +02:00
161ef284be packages: add mediawiki-extensions.VisualEditor 2024-04-06 21:08:32 +02:00
2cb7e06369
bekkalokk/mediawiki: fix path, upgrade security
Some checks failed
Eval nix flake / evals (push) Failing after 1m54s
2024-04-03 08:29:19 +02:00
a55c908fe7
bekkalokk/mediawiki: change domain from wiki2 to wiki
Some checks failed
Eval nix flake / evals (push) Failing after 1m48s
2024-04-02 19:54:28 +02:00
06bd93e5d1 Merge pull request 'bekkalokk: set up idp + mediawiki' (#25) from mediawiki-on-bekkalokk into main
Some checks failed
Eval nix flake / evals (push) Failing after 1m56s
Reviewed-on: #25
2024-04-02 00:00:24 +02:00
d531419f35 bekkalokk: init mediawiki
Some checks failed
Eval nix flake / evals (pull_request) Failing after 1m46s
Eval nix flake / evals (push) Failing after 1m53s
Co-authored-by: Jørn Åne <yorinad@pvv.ntnu.no>
2024-04-01 23:57:39 +02:00
806b18ede8 bekkalokk: init idp-simplesamlphp 2024-04-01 23:57:39 +02:00
c612975b60 base/nginx: 444 requests to nonexistent virtualhosts 2024-04-01 23:57:39 +02:00
9495682f57 bekkalokk: package mediawiki extensions outside of module 2024-04-01 00:39:12 +02:00
d39047b8cb packages: init simplesamlphp 2024-04-01 00:38:51 +02:00
266ce9ed08 bekkalokk: set up kerberos client 2024-04-01 00:38:49 +02:00
07c480d004 base: add ripgrep
Some checks failed
Eval nix flake / evals (push) Failing after 1m53s
2024-03-30 21:07:00 +01:00
64c7e3e365 flake.nix: fix usage of common nixos module/overlay list 2024-03-29 01:51:37 +01:00
fe4dd21acb add eirikwit to sops
Some checks failed
Eval nix flake / evals (push) Failing after 1m44s
2024-03-16 22:38:16 +01:00
0336744124 flake update: matrix module bug fix
Some checks failed
Eval nix flake / evals (push) Failing after 1m55s
2024-03-13 07:41:12 +01:00
b4d6e00622 Update flake.lock to get new matrix module
Some checks failed
Eval nix flake / evals (push) Failing after 1m51s
2024-03-13 06:33:43 +01:00
7c6d4d31c7 bicep/matrix/element: update room directories
Some checks failed
Eval nix flake / evals (push) Failing after 1m44s
2024-03-05 05:52:31 +01:00
9f46be1ca1 bicep/matrix: update element lab flags and room directoriy listings
Some checks failed
Eval nix flake / evals (push) Failing after 1m44s
2024-03-05 05:28:23 +01:00
545583cf04 bekkalokk/gitea: Do not change the user visibility
Some checks failed
Eval nix flake / evals (push) Failing after 1m55s
2024-03-03 00:29:24 +01:00
134 changed files with 10419 additions and 1332 deletions

10
.editorconfig Normal file
View File

@ -0,0 +1,10 @@
root = true
[*]
end_of_line = lf
insert_final_newline = true
trim_trailing_whitespace = true
[*.nix]
indent_style = space
indent_size = 2

1
.envrc Normal file
View File

@ -0,0 +1 @@
use flake

1
.git-blame-ignore-revs Normal file
View File

@ -0,0 +1 @@
e00008da1afe0d760badd34bbeddff36bb08c475

2
.gitignore vendored
View File

@ -1,2 +1,4 @@
result*
/configuration.nix
/.direnv/
*.qcow2

View File

@ -3,12 +3,17 @@ keys:
- &user_danio age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq
- &user_felixalb age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6
- &user_oysteikt F7D37890228A907440E1FD4846B9228E814A2AAC
- &user_eirikwit age1ju7rd26llahz3g8tz7cy5ld52swj8gsmg0flrmrxngc0nj0avq3ssh0sn5
- &user_pederbs_sopp age1hmpdk4h69wxpwqk9tkud39f66hprhehxtzhgw97r6dvr7v0mx5jscsuhkn
- &user_pederbs_nord age1wrssr4z4g6vl3fd3qme5cewchmmhm0j2xe6wf2meu4r6ycn37anse98mfs
- &user_pederbs_bjarte age1zhxul786an743u0fascv4wtc5xduu7qfy803lfs539yzhgmlq5ds2lznt5
# Hosts
- &host_jokum age1gp8ye4g2mmw3may5xg0zsy7mm04glfz3788mmdx9cvcsdxs9hg0s0cc9kt
- &host_ildkule age1hn45n46ypyrvypv0mwfnpt9ddrlmw34dwlpf33n8v67jexr3lucq6ahc9x
- &host_ildkule age1x28hmzvuv6f2n66c0jtqcca3h9rput8d7j5uek6jcpx8n9egd52sqpejq0
- &host_bekkalokk age12nj59tguy9wg882updc2vjdusx5srnxmjyfaqve4zx6jnnsaw3qsyjq6zd
- &host_bicep age1sl43gc9cw939z5tgha2lpwf0xxxgcnlw7w4xem4sqgmt2pt264vq0dmwx2
- &host_ustetind age1hffjafs4slznksefmtqrlj7rdaqgzqncn4un938rhr053237ry8s3rs0v8
creation_rules:
# Global secrets
@ -18,17 +23,24 @@ creation_rules:
- *host_jokum
- *user_danio
- *user_felixalb
- *user_eirikwit
- *user_pederbs_sopp
- *user_pederbs_nord
- *user_pederbs_bjarte
pgp:
- *user_oysteikt
# Host specific secrets
- path_regex: secrets/bekkalokk/[^/]+\.yaml$
key_groups:
- age:
- *host_bekkalokk
- *user_danio
- *user_felixalb
- *user_pederbs_sopp
- *user_pederbs_nord
- *user_pederbs_bjarte
pgp:
- *user_oysteikt
@ -38,6 +50,9 @@ creation_rules:
- *host_jokum
- *user_danio
- *user_felixalb
- *user_pederbs_sopp
- *user_pederbs_nord
- *user_pederbs_bjarte
pgp:
- *user_oysteikt
@ -47,14 +62,32 @@ creation_rules:
- *host_ildkule
- *user_danio
- *user_felixalb
- *user_pederbs_sopp
- *user_pederbs_nord
- *user_pederbs_bjarte
pgp:
- *user_oysteikt
- path_regex: secrets/bicep/[^/]+\.yaml$
key_groups:
- age:
- *host_bicep
- *user_danio
- *user_felixalb
- *user_pederbs_sopp
- *user_pederbs_nord
- *user_pederbs_bjarte
pgp:
- *user_oysteikt
- path_regex: secrets/ustetind/[^/]+\.yaml$
key_groups:
- age:
- *host_ustetind
- *user_danio
- *user_felixalb
- *user_pederbs_sopp
- *user_pederbs_nord
- *user_pederbs_bjarte
pgp:
- *user_oysteikt

View File