Drift/pvv-nixos-config
17
5
Fork 1
Code Issues Pull Requests 9 Actions Wiki Activity

Compare commits

base: Drift:setup-bikkje-login
Branches Tags
Drift:main Drift:minecraft-heatmap Drift:fix-import-gitea-users-script Drift:gitea-runners-secrets Drift:gitea-runners-cluster Drift:25.05 Drift:new_nodes Drift:ooye Drift:grg-ip Drift:nom Drift:add-skrott Drift:pvvvvv Drift:setup-git-mirroring-on-bicep Drift:init-bakke Drift:gitea-show-license-in-list-view Drift:nix-topology Drift:gitea-robots-txt Drift:dagali-heimdal-openldap-sasl-stack Drift:gitea-navbar-get-started Drift:backup-databases Drift:openwebui Drift:setup-openvpn-tunnel Drift:gitea-gpg-signing Drift:sleipner-authorised-keys Drift:openstack-image-builder Drift:elysium Drift:smartd-notifs Drift:systemd-journald-remote Drift:skrot Drift:deploy-doorbell Drift:misc-gitea-fixes Drift:spotifyd Drift:remote Drift:setup-bikkje-login Drift:ozai-prod Drift:add-bluemap Drift:ozai Drift:setup-postfix-for-service-machines Drift:fix-gitea-ci-runner-network-issues Drift:heimdal-openldap-sasl-testing-on-salsa-on-buskerud Drift:gitea-metrics Drift:misc1 Drift:add-simple-saml-theme Drift:misc-extra-gitea-setup Drift:setup-kerberos Drift:setup-home-areas Drift:shark-kanidm Drift:prometheusexim
..
compare: Drift:setup-kerberos
Branches Tags
Drift:main Drift:minecraft-heatmap Drift:fix-import-gitea-users-script Drift:gitea-runners-secrets Drift:gitea-runners-cluster Drift:25.05 Drift:new_nodes Drift:ooye Drift:grg-ip Drift:nom Drift:add-skrott Drift:pvvvvv Drift:setup-git-mirroring-on-bicep Drift:init-bakke Drift:gitea-show-license-in-list-view Drift:nix-topology Drift:gitea-robots-txt Drift:dagali-heimdal-openldap-sasl-stack Drift:gitea-navbar-get-started Drift:backup-databases Drift:openwebui Drift:setup-openvpn-tunnel Drift:gitea-gpg-signing Drift:sleipner-authorised-keys Drift:openstack-image-builder Drift:elysium Drift:smartd-notifs Drift:systemd-journald-remote Drift:skrot Drift:deploy-doorbell Drift:misc-gitea-fixes Drift:spotifyd Drift:remote Drift:setup-bikkje-login Drift:ozai-prod Drift:add-bluemap Drift:ozai Drift:setup-postfix-for-service-machines Drift:fix-gitea-ci-runner-network-issues Drift:heimdal-openldap-sasl-testing-on-salsa-on-buskerud Drift:gitea-metrics Drift:misc1 Drift:add-simple-saml-theme Drift:misc-extra-gitea-setup Drift:setup-kerberos Drift:setup-home-areas Drift:shark-kanidm Drift:prometheusexim

1 Commits
setup-bikk ... setup-kerb

Author SHA1 Message Date
h7x4
fc1b7db291 WIP: kerberos
All checks were successful
Eval nix flake / evals (push) Successful in 3m43s
Details
2023-12-03 05:46:27 +01:00
23 changed files with 185 additions and 2024 deletions
Expand all files Collapse all files

1
base.nix
View File

@@ -73,7 +73,6 @@
# Trusted users on the nix builder machines
users.groups."nix-builder-users".name = "nix-builder-users";
users.motd = builtins.readFile ./misc/motd;
services.openssh = {
enable = true;

39
flake.lock generated
View File

@@ -7,11 +7,11 @@
]
},
"locked": {
"lastModified": 1702569759,
"narHash": "sha256-Ze3AdEEsVZBRJ4wn13EZpV1Uubkzi59TkC4j2G9xoFI=",
"lastModified": 1700927249,
"narHash": "sha256-iqmIWiEng890/ru7ZBf4nUezFPyRm2fjRTvuwwxqk2o=",
"owner": "nix-community",
"repo": "disko",
"rev": "98ab91109716871f50ea8cb0e0ac7cc1e1e14714",
"rev": "3cb78c93e6a02f494aaf6aeb37481c27a2e2ee22",
"type": "github"
},
"original": {
@@ -65,31 +65,32 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1701507532,
"narHash": "sha256-Zzv8OFB7iilzDGe6z2t/j8qRtR23TN3N8LssGsvRWEA=",
"lastModified": 1697936579,
"narHash": "sha256-nMyepKnwoHMzu2OpXvG2ZhU081TV9ENmWCo0vWxs6AI=",
"owner": "dali99",
"repo": "nixos-matrix-modules",
"rev": "046194cdadc50d81255a9c57789381ed1153e2b1",
"rev": "e09814657187c8ed1a5fe1646df6d8da1eb2dee9",
"type": "github"
},
"original": {
"owner": "dali99",
"repo": "nixos-matrix-modules",
"rev": "e09814657187c8ed1a5fe1646df6d8da1eb2dee9",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1702601832,
"narHash": "sha256-z+GyetKtwj7ZVZrRcI73N8Xy1B3JGAqDyPniBFRpIgo=",
"lastModified": 1701362232,
"narHash": "sha256-GVdzxL0lhEadqs3hfRLuj+L1OJFGiL/L7gCcelgBlsw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "dff64d4ba6e9dc3f0a4ef8737f372a528d5bc8d1",
"rev": "d2332963662edffacfddfad59ff4f709dde80ffe",
"type": "github"
},
"original": {
"id": "nixpkgs",
"ref": "nixos-23.11-small",
"ref": "nixos-23.05-small",
"type": "indirect"
}
},
@@ -110,11 +111,11 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1702148972,
"narHash": "sha256-h2jODFP6n+ABrUWcGRSVPRFfLOkM9TJ2pO+h+9JcaL0=",
"lastModified": 1700905716,
"narHash": "sha256-w1vHn2MbGfdC+CrP3xLZ3scsI06N0iQLU7eTHIVEFGw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b8f33c044e51de6dde3ad80a9676945e0e4e3227",
"rev": "dfb95385d21475da10b63da74ae96d89ab352431",
"type": "github"
},
"original": {
@@ -126,11 +127,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1702635820,
"narHash": "sha256-rClms9NTmSL/WIN5VmEccVhUExMkjCrRNswxU9QGNNo=",
"lastModified": 1701368325,
"narHash": "sha256-3OqZyi2EdopJxpxwrySPyCTuCvfBY4oXTLVgQ4B6qDg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "02357adddd0889782362d999628de9d309d202dc",
"rev": "3934dbde4f4a0e266825348bc4ad1bdd00a8d6a3",
"type": "github"
},
"original": {
@@ -179,11 +180,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1702177193,
"narHash": "sha256-J2409SyXROoUHYXVy9h4Pj0VU8ReLuy/mzBc9iK4DBg=",
"lastModified": 1701127353,
"narHash": "sha256-qVNX0wOl0b7+I35aRu78xUphOyELh+mtUp1KBx89K1Q=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "d806e546f96c88cd9f7d91c1c19ebc99ba6277d9",
"rev": "b1edbf5c0464b4cced90a3ba6f999e671f0af631",
"type": "github"
},
"original": {

8
flake.nix
View File

@@ -2,7 +2,7 @@
description = "PVV System flake";
inputs = {
nixpkgs.url = "nixpkgs/nixos-23.11-small";
nixpkgs.url = "nixpkgs/nixos-23.05-small";
nixpkgs-unstable.url = "nixpkgs/nixos-unstable-small";
sops-nix.url = "github:Mic92/sops-nix";
@@ -14,7 +14,8 @@
pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git";
pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
matrix-next.url = "github:dali99/nixos-matrix-modules";
# Last release compatible with 23.05
matrix-next.url = "github:dali99/nixos-matrix-modules/e09814657187c8ed1a5fe1646df6d8da1eb2dee9";
grzegorz.url = "github:Programvareverkstedet/grzegorz";
grzegorz.inputs.nixpkgs.follows = "nixpkgs-unstable";
@@ -57,6 +58,9 @@
pkgs = import nixpkgs {
inherit system;
overlays = [
(final: prev: {
mx-puppet-discord = prev.mx-puppet-discord.override { nodejs_14 = final.nodejs_18; };
})
inputs.pvv-calendar-bot.overlays.${system}.default
];
};

3
hosts/bekkalokk/configuration.nix
View File

@@ -5,12 +5,13 @@
../../base.nix
../../misc/metrics-exporters.nix
../../modules/kerberos_auth.nix
#./services/keycloak.nix
# TODO: set up authentication for the following:
# ./services/website.nix
./services/nginx
./services/nginx.nix
./services/gitea/default.nix
./services/webmail
# ./services/mediawiki.nix

1
hosts/bekkalokk/services/gitea/gitea-import-users.py
View File

@@ -32,6 +32,7 @@ def add_user(username, name):
"full_name": name,
"username": username,
"login_name": username,
"visibility": "public",
"source_id": 1, # 1 = SMTP
}

4
hosts/bekkalokk/services/nginx/default.nix → hosts/bekkalokk/services/nginx.nix
View File

@@ -1,9 +1,5 @@
{ pkgs, config, ... }:
{
imports = [
./ingress.nix
];
security.acme = {
acceptTerms = true;
defaults.email = "drift@pvv.ntnu.no";

55
hosts/bekkalokk/services/nginx/ingress.nix
View File

@@ -1,55 +0,0 @@
{ config, lib, ... }:
{
services.nginx.virtualHosts = {
"www2.pvv.ntnu.no" = {
serverAliases = [ "www2.pvv.org" "pvv.ntnu.no" "pvv.org" ];
addSSL = true;
enableACME = true;
locations = {
# Proxy home directories
"/~" = {
extraConfig = ''
proxy_redirect off;
proxy_pass https://tom.pvv.ntnu.no;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
# Redirect old wiki entries
"/disk".return = "301 https://www.pvv.ntnu.no/pvv/Diskkjøp";
"/dok/boker.php".return = "301 https://www.pvv.ntnu.no/pvv/Bokhyllen";
"/styret/lover/".return = "301 https://www.pvv.ntnu.no/pvv/Lover";
"/styret/".return = "301 https://www.pvv.ntnu.no/pvv/Styret";
"/info/".return = "301 https://www.pvv.ntnu.no/pvv/";
"/info/maskinpark/".return = "301 https://www.pvv.ntnu.no/pvv/Maskiner";
"/medlemssider/meldinn.php".return = "301 https://www.pvv.ntnu.no/pvv/Medlemskontingent";
"/diverse/medlems-sider.php".return = "301 https://www.pvv.ntnu.no/pvv/Medlemssider";
"/cert/".return = "301 https://www.pvv.ntnu.no/pvv/CERT";
"/drift".return = "301 https://www.pvv.ntnu.no/pvv/Drift";
"/diverse/abuse.php".return = "301 https://www.pvv.ntnu.no/pvv/CERT/Abuse";
"/nerds/".return = "301 https://www.pvv.ntnu.no/pvv/Nerdepizza";
# TODO: Redirect webmail
"/webmail".return = "301 https://webmail.pvv.ntnu.no/squirrelmail";
# Redirect everything else to the main website
"/".return = "301 https://www.pvv.ntnu.no$request_uri";
# Proxy the matrix well-known files
# Host has be set before proxy_pass
# The header must be set so nginx on the other side routes it to the right place
"/.well-known/matrix/" = {
extraConfig = ''
proxy_set_header Host matrix.pvv.ntnu.no;
proxy_pass https://matrix.pvv.ntnu.no/.well-known/matrix/;
'';
};
};
};
};
}

3
hosts/bicep/configuration.nix
View File

@@ -12,8 +12,7 @@
./services/mysql.nix
./services/postgres.nix
./services/mysql.nix
# TODO: fix the calendar bot
# ./services/calendar-bot.nix
./services/calendar-bot.nix
./services/matrix
];

125
hosts/buskerud/bikkje/default.nix
View File

@@ -1,125 +0,0 @@
{ config, pkgs, values, lib, ... }:
{
containers.bikkje = {
autoStart = true;
interfaces = [ "enp4s0f0" ];
config = { config, pkgs, ... }: {
imports = [
../../../modules/home-areas.nix
./services/kerberos
];
environment.systemPackages = with pkgs; [
zsh
bash
fish
tcsh
alpine
mutt
mutt-ics
mutt-wizard
notmuch
mailutils
procmail
irssi
weechat
weechatScripts.edit
coreutils-full
diffutils
findutils
ripgrep
cvs
gawk
git
gnupg
gnused
groff
less
p7zip
rcs
screen
tmux
tree
unzip
zip
emacs
helix
joe
micro
nano
neovim
autossh
inetutils
lynx
mosh
rsync
w3m
clang
gcc
guile
lua
perl
php
python3
(python3.withPackages (ps: with ps; [
numpy
sympy
scipy
requests
imageio
pillow
httpx
pycryptodome
pandas
matplotlib
]))
ruby
tcl
];
services.openssh = {
enable = true;
ports = [ 22 80 443 ];
openFirewall = true;
extraConfig = ''
PubkeyAcceptedAlgorithms=+ssh-rsa
'';
settings = {
GatewayPorts = "yes";
PermitRootLogin = "yes";
};
};
users.motd = builtins.readFile ../../../misc/motd;
networking = {
firewall.enable = true;
# Use systemd-resolved inside the container
# Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
useHostResolvConf = lib.mkForce false;
hostName = "bikkje";
};
systemd.network.enable = true;
systemd.network.networks."30-enp4s0f0" = values.defaultNetworkConfig // {
matchConfig.Name = "enp4s0f0";
address = with values.hosts.bikkje; [ (ipv4 + "/25") (ipv6 + "/64") ];
};
system.stateVersion = "23.11";
services.resolved.enable = true;
};
};
# TODO
# - Kerberos Authentication
# - Mail Transfer Agent
}

27
hosts/buskerud/bikkje/services/kerberos/default.nix
View File

@@ -1,27 +0,0 @@
{ config, pkgs, lib, ... }:
{
#######################
# TODO: remove these once nixos 24.05 gets released
#######################
imports = [
./krb5.nix
./pam.nix
];
disabledModules = [
"config/krb5/default.nix"
"security/pam.nix"
];
#######################
security.krb5 = {
enable = true;
settings = {
libdefaults = {
default_realm = "PVV.NTNU.NO";
dns_lookup_realm = "yes";
dns_lookup_kdc = "yes";
};
realms."PVV.NTNU.NO".admin_server = "kdc.pvv.ntnu.no";
};
};
}

88
hosts/buskerud/bikkje/services/kerberos/krb5-conf-format.nix
View File

@@ -1,88 +0,0 @@
{ pkgs, lib, ... }:
# Based on
# - https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html
# - https://manpages.debian.org/unstable/heimdal-docs/krb5.conf.5heimdal.en.html
let
inherit (lib) boolToString concatMapStringsSep concatStringsSep filter
isAttrs isBool isList mapAttrsToList mdDoc mkOption singleton splitString;
inherit (lib.types) attrsOf bool coercedTo either int listOf oneOf path
str submodule;
in
{ }: {
type = let
section = attrsOf relation;
relation = either (attrsOf value) value;
value = either (listOf atom) atom;
atom = oneOf [int str bool];
in submodule {
freeformType = attrsOf section;
options = {
include = mkOption {
default = [ ];
description = mdDoc ''
Files to include in the Kerberos configuration.
'';
type = coercedTo path singleton (listOf path);
};
includedir = mkOption {
default = [ ];
description = mdDoc ''
Directories containing files to include in the Kerberos configuration.
'';
type = coercedTo path singleton (listOf path);
};
module = mkOption {
default = [ ];
description = mdDoc ''
Modules to obtain Kerberos configuration from.
'';
type = coercedTo path singleton (listOf path);
};
};
};
generate = let
indent = str: concatMapStringsSep "\n" (line: " " + line) (splitString "\n" str);
formatToplevel = args @ {
include ? [ ],
includedir ? [ ],
module ? [ ],
...
}: let
sections = removeAttrs args [ "include" "includedir" "module" ];
in concatStringsSep "\n" (filter (x: x != "") [
(concatStringsSep "\n" (mapAttrsToList formatSection sections))
(concatMapStringsSep "\n" (m: "module ${m}") module)
(concatMapStringsSep "\n" (i: "include ${i}") include)
(concatMapStringsSep "\n" (i: "includedir ${i}") includedir)
]);
formatSection = name: section: ''
[${name}]
${indent (concatStringsSep "\n" (mapAttrsToList formatRelation section))}
'';
formatRelation = name: relation:
if isAttrs relation
then ''
${name} = {
${indent (concatStringsSep "\n" (mapAttrsToList formatValue relation))}
}''
else formatValue name relation;
formatValue = name: value:
if isList value
then concatMapStringsSep "\n" (formatAtom name) value
else formatAtom name value;
formatAtom = name: atom: let
v = if isBool atom then boolToString atom else toString atom;
in "${name} = ${v}";
in
name: value: pkgs.writeText name ''
${formatToplevel value}
'';
}

90
hosts/buskerud/bikkje/services/kerberos/krb5.nix
View File

@@ -1,90 +0,0 @@
{ config, lib, pkgs, ... }:
let
inherit (lib) mdDoc mkIf mkOption mkPackageOption mkRemovedOptionModule;
inherit (lib.types) bool;
mkRemovedOptionModule' = name: reason: mkRemovedOptionModule ["krb5" name] reason;
mkRemovedOptionModuleCfg = name: mkRemovedOptionModule' name ''
The option `krb5.${name}' has been removed. Use
`security.krb5.settings.${name}' for structured configuration.
'';
cfg = config.security.krb5;
format = import ./krb5-conf-format.nix { inherit pkgs lib; } { };
in {
imports = [
(mkRemovedOptionModuleCfg "libdefaults")
(mkRemovedOptionModuleCfg "realms")
(mkRemovedOptionModuleCfg "domain_realm")
(mkRemovedOptionModuleCfg "capaths")
(mkRemovedOptionModuleCfg "appdefaults")
(mkRemovedOptionModuleCfg "plugins")
(mkRemovedOptionModuleCfg "config")
(mkRemovedOptionModuleCfg "extraConfig")
(mkRemovedOptionModule' "kerberos" ''
The option `krb5.kerberos' has been moved to `security.krb5.package'.
'')
];
options = {
security.krb5 = {
enable = mkOption {
default = false;
description = mdDoc "Enable and configure Kerberos utilities";
type = bool;
};
package = mkPackageOption pkgs "krb5" {
example = "heimdal";
};
settings = mkOption {
default = { };
type = format.type;
description = mdDoc ''
Structured contents of the {file}`krb5.conf` file. See
{manpage}`krb5.conf(5)` for details about configuration.
'';
example = {
include = [ "/run/secrets/secret-krb5.conf" ];
includedir = [ "/run/secrets/secret-krb5.conf.d" ];
libdefaults = {
default_realm = "ATHENA.MIT.EDU";
};
realms = {
"ATHENA.MIT.EDU" = {
admin_server = "athena.mit.edu";
kdc = [
"athena01.mit.edu"
"athena02.mit.edu"
];
};
};
domain_realm = {
"mit.edu" = "ATHENA.MIT.EDU";
};
logging = {
kdc = "SYSLOG:NOTICE";
admin_server = "SYSLOG:NOTICE";
default = "SYSLOG:NOTICE";
};
};
};
};
};
config = mkIf cfg.enable {
environment = {
systemPackages = [ cfg.package ];
etc."krb5.conf".source = format.generate "krb5.conf" cfg.settings;
};
};
meta.maintainers = builtins.attrValues {
inherit (lib.maintainers) dblsaiko h7x4;
};
}

1543
hosts/buskerud/bikkje/services/kerberos/pam.nix
View File

File diff suppressed because it is too large Load Diff

24
hosts/buskerud/configuration.nix
View File

@@ -1,18 +1,19 @@
{ config, pkgs, values, ... }:
{
imports = [
./hardware-configuration.nix
../../base.nix
../../misc/metrics-exporters.nix
# Include the results of the hardware scan.
./hardware-configuration.nix
../../base.nix
../../misc/metrics-exporters.nix
./bikkje
];
./services/openvpn-client.nix
];
# buskerud does not support efi?
# boot.loader.systemd-boot.enable = true;
# boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sdb";
boot.loader.grub.device = "/dev/sda";
networking.hostName = "buskerud";
networking.search = [ "pvv.ntnu.no" "pvv.org" ];
@@ -24,10 +25,20 @@
address = with values.hosts.buskerud; [ (ipv4 + "/25") (ipv6 + "/64") ];
};
# Buskerud should use the default gateway received from DHCP
networking.interfaces.enp14s0f1.useDHCP = true;
# networking.interfaces.tun = {
# virtual = true;
# ipv4.adresses = [ {address="129.241.210.252"; prefixLength=25; } ];
# };
# List packages installed in system profile
environment.systemPackages = with pkgs; [
];
# List services that you want to enable:
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
@@ -35,4 +46,5 @@
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}

109
hosts/buskerud/services/openvpn-client.nix Normal file
View File

@@ -0,0 +1,109 @@
{ lib, values, ... }:
{
services.openvpn.servers."ov-tunnel" = {
config = let
conf = {
# TODO: use aliases
client = true;
dev = "tap";
proto = "udp";
#remote = "129.241.210.253 1194";
remote = "129.241.210.191 1194";
resolv-retry = "infinite";
nobind = true;
ca = "/etc/openvpn/ca.pem";
cert = "/etc/openvpn/crt.pem";
key = "/etc/openvpn/key.pem";
remote-cert-tls = "server";
cipher = "none";
user = "nobody";
group = "nobody";
status = "/var/log/openvpn-status.log";
persist-key = true;
persist-tun = true;
verb = 5;
# script-security = 2;
# up = "systemctl restart rwhod";
};
in lib.pipe conf [
(lib.filterAttrs (_: value: !(builtins.isNull value || value == false)))
(builtins.mapAttrs (_: value:
if builtins.isList value then builtins.concatStringsSep " " (map toString value)
else if value == true then value
else if builtins.any (f: f value) [
builtins.isString
builtins.isInt
builtins.isFloat
lib.isPath
lib.isDerivation
] then toString value
else throw "Unknown value in buskerud openvpn config, deading now\n${value}"
))
(lib.mapAttrsToList (name: value: if value == true then name else "${name} ${value}"))
(builtins.concatStringsSep "\n")
(x: x + "\n\n")
];
};
systemd.network.networks."enp14s0f1" = {
matchConfig.Name = "enp14s0f1";
networkConfig = {
DefaultRouteOnDevice = true;
};
routes = [
{ routeConfig = {
Type = "unicast";
Destination = values.hosts.knutsen.ipv4 + "/32";
Metric = 50;
};
}
];
};
systemd.network.netdevs."br0" = {
netdevConfig = {
Kind = "bridge";
Name = "br0";
};
};
systemd.network.networks."br0" = {
matchConfig.Name = "br0";
routes = [
{ routeConfig = {
Type = "unicast";
Destination = values.ipv4-space;
Metric = 100;
};
}
];
};
systemd.network.networks."enp3s0f0" = {
matchConfig.Name = "enp3s0f0";
networkConfig.DefaultRouteOnDevice = false;
};
systemd.network.networks."enp3s0f1" = {
matchConfig.Name = "enp3s0f1";
bridge = [ "br0" ];
};
systemd.network.networks."tap0" = {
matchConfig.Name = "tap0";
bridge = [ "br0" ];
};
#networking.nat = {
# enable = true;
# externalInterface = "enp14s0f1";
# internalInterfaces = [ "tun" ];
#};
}

16
misc/motd
View File

@@ -1,16 +0,0 @@
███████████ █████ █████ █████ █████
░░███░░░░░███░░███ ░░███ ░░███ ░░███
░███ ░███ ░███ ░███ ░███ ░███
░██████████ ░███ ░███ ░███ ░███
░███░░░░░░ ░░███ ███ ░░███ ███
░███ ░░░█████░ ░░░█████░
█████ ░░███ ░░███
░░░░░ ░░░ ░░░
================= EN ==================|================== NB =================
Welcome to a PVV machine, life is good.|Velkommen til en PVV-maskin,
|livet er deilig.
If you are confused, try pvv.ntnu.no or|Hvis du er forvirret prøv pvv.ntnu.no
our discord server. |eller vår discord-server.
More info at pvv.ntnu.no/kontakt/ |Mer info på pvv.ntnu.no/kontakt/
===============================================================================

20
modules/home-areas.nix
View File

@@ -1,20 +0,0 @@
{ pkgs, lib, ... }:
{
fileSystems = let
# See microbel:/etc/exports
homeMounts = (lib.listToAttrs (map
(l: lib.nameValuePair "/home/pvv/${l}" "homepvv${l}.pvv.ntnu.no:/export/home/pvv/${l}")
[ "a" "b" "c" "d" "h" "i" "j" "k" "l" "m" "z" ]));
in { }
//
(lib.mapAttrs (_: device: {
inherit device;
fsType = "nfs";
options = [
"nfsvers=3"
"proto=tcp"
"nofail"
"_netdev"
];
}) homeMounts);
}

25
modules/kerberos_auth.nix Normal file
View File

@@ -0,0 +1,25 @@
{ pkgs, lib, ... }:
{
environment.systemPackages = with pkgs; [
heimdal
];
security.pam.krb5.enable = true;
environment.etc."krb5.conf".text = ''
[libdefaults]
default_realm = PVV.NTNU.NO
dns_lookup_realm = yes
dns_lookup_kdc = yes
[appdefaults]
pam = {
ignore_k5login = yes
}
[realms]
PVV.NTNU.NO = {
admin_server = kdc.pvv.ntnu.no
}
'';
}

2
users/adriangl.nix
View File

@@ -9,7 +9,7 @@
];
packages = with pkgs; [
eza
exa
neovim
];

18
users/eirikwit.nix
View File

@@ -1,18 +0,0 @@
{ pkgs, ... }:
{
users.users.eirikwit = {
isNormalUser = true;
extraGroups = [
"wheel"
"drift"
];
packages = with pkgs; [
micro
];
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGZusOSiUVSMjrvNdUq4R91Gafq4XVs9C77Zt+LMPhCU eirikw@live.no"
];
};
}

2
users/jonmro.nix
View File

@@ -3,7 +3,7 @@
{
users.users.jonmro = {
isNormalUser = true;
extraGroups = [ "wheel" "drift" "nix-builder-users" ];
extraGroups = [ "wheel" ];
shell = pkgs.zsh;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEm5PfYmfl/0fnAP/3coVlvTw3/TYNLT6r/NwJHZbLAK jonrodtang@gmail.com"

2
users/oysteikt.nix
View File

@@ -11,7 +11,7 @@
packages = with pkgs; [
bottom
eza
exa
neovim
diskonaut
ripgrep

4
values.nix
View File

@@ -56,10 +56,6 @@ in rec {
ipv4 = pvv-ipv4 204;
ipv6 = pvv-ipv6 "1:4f"; # Wtf øystein og daniel why
};
bikkje = {
ipv4 = pvv-ipv4 216;
ipv6 = pvv-ipv6 216;
};
buskerud = {
ipv4 = pvv-ipv4 231;
ipv6 = pvv-ipv6 231;