Compare commits
	
		
			26 Commits
		
	
	
		
			setup-kerb
			...
			misc-extra
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| 1fbee584a2 | |||
| fe4dd21acb | |||
| 0336744124 | |||
| b4d6e00622 | |||
| 7c6d4d31c7 | |||
| 9f46be1ca1 | |||
| 545583cf04 | |||
| 62b269637a | |||
| 7fd9a1e646 | |||
| 4ea90380ad | |||
| bcd5292f78 | |||
| 1ab1b3a84e | |||
| 80ef1ce4fa | |||
| 2b834eee14 | |||
| 9ed2ca8883 | |||
| fe12e5441a | |||
| 2b305678df | |||
| dd8b677a79 | |||
| eabd8df3d8 | |||
| 8a0ebe761e | |||
| 0c816068fe | |||
| 0b5e03471f | |||
| d8031ecca1 | |||
| 1ef033c754 | |||
| d900dc1b1b | |||
| d5985e02f3 | 
| @@ -3,6 +3,7 @@ keys: | ||||
|   - &user_danio age17tagmpwqjk3mdy45rfesrfey6h863x8wfq38wh33tkrlrywxducs0k6tpq | ||||
|   - &user_felixalb age1mrnldl334l2nszuta6ywvewng0fswv2dz9l5g4qcwe3nj4yxf92qjskdx6 | ||||
|   - &user_oysteikt F7D37890228A907440E1FD4846B9228E814A2AAC | ||||
|   - &user_eirikwit age1ju7rd26llahz3g8tz7cy5ld52swj8gsmg0flrmrxngc0nj0avq3ssh0sn5 | ||||
|  | ||||
|   # Hosts | ||||
|   - &host_jokum age1gp8ye4g2mmw3may5xg0zsy7mm04glfz3788mmdx9cvcsdxs9hg0s0cc9kt | ||||
| @@ -18,6 +19,7 @@ creation_rules: | ||||
|       - *host_jokum | ||||
|       - *user_danio | ||||
|       - *user_felixalb | ||||
|       - *user_eirikwit | ||||
|       pgp: | ||||
|       - *user_oysteikt | ||||
|  | ||||
|   | ||||
							
								
								
									
										60
									
								
								flake.lock
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										60
									
								
								flake.lock
									
									
									
										generated
									
									
									
								
							| @@ -7,11 +7,11 @@ | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1700927249, | ||||
|         "narHash": "sha256-iqmIWiEng890/ru7ZBf4nUezFPyRm2fjRTvuwwxqk2o=", | ||||
|         "lastModified": 1710169806, | ||||
|         "narHash": "sha256-HeWFrRuHpnAiPmIr26OKl2g142HuGerwoO/XtW53pcI=", | ||||
|         "owner": "nix-community", | ||||
|         "repo": "disko", | ||||
|         "rev": "3cb78c93e6a02f494aaf6aeb37481c27a2e2ee22", | ||||
|         "rev": "fe064a639319ed61cdf12b8f6eded9523abcc498", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
| @@ -62,76 +62,62 @@ | ||||
|     }, | ||||
|     "matrix-next": { | ||||
|       "inputs": { | ||||
|         "nixpkgs-lib": "nixpkgs-lib" | ||||
|         "nixpkgs": [ | ||||
|           "nixpkgs" | ||||
|         ] | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1697936579, | ||||
|         "narHash": "sha256-nMyepKnwoHMzu2OpXvG2ZhU081TV9ENmWCo0vWxs6AI=", | ||||
|         "lastModified": 1710311999, | ||||
|         "narHash": "sha256-s0pT1NyrMgeolUojXXcnXQDymN7m80GTF7itCv0ZH20=", | ||||
|         "owner": "dali99", | ||||
|         "repo": "nixos-matrix-modules", | ||||
|         "rev": "e09814657187c8ed1a5fe1646df6d8da1eb2dee9", | ||||
|         "rev": "6c9b67974b839740e2a738958512c7a704481157", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "dali99", | ||||
|         "repo": "nixos-matrix-modules", | ||||
|         "rev": "e09814657187c8ed1a5fe1646df6d8da1eb2dee9", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "nixpkgs": { | ||||
|       "locked": { | ||||
|         "lastModified": 1701362232, | ||||
|         "narHash": "sha256-GVdzxL0lhEadqs3hfRLuj+L1OJFGiL/L7gCcelgBlsw=", | ||||
|         "lastModified": 1710248792, | ||||
|         "narHash": "sha256-yFyWw4na+nJgtXwhHs2SJSy5Lcw94/FcMbBOorlGdfI=", | ||||
|         "owner": "NixOS", | ||||
|         "repo": "nixpkgs", | ||||
|         "rev": "d2332963662edffacfddfad59ff4f709dde80ffe", | ||||
|         "rev": "efbb274f364c918b9937574de879b5874b5833cc", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "id": "nixpkgs", | ||||
|         "ref": "nixos-23.05-small", | ||||
|         "ref": "nixos-23.11-small", | ||||
|         "type": "indirect" | ||||
|       } | ||||
|     }, | ||||
|     "nixpkgs-lib": { | ||||
|       "locked": { | ||||
|         "lastModified": 1673743903, | ||||
|         "narHash": "sha256-sloY6KYyVOozJ1CkbgJPpZ99TKIjIvM+04V48C04sMQ=", | ||||
|         "owner": "nix-community", | ||||
|         "repo": "nixpkgs.lib", | ||||
|         "rev": "7555e2dfcbac1533f047021f1744ac8871150f9f", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "nix-community", | ||||
|         "repo": "nixpkgs.lib", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "nixpkgs-stable": { | ||||
|       "locked": { | ||||
|         "lastModified": 1700905716, | ||||
|         "narHash": "sha256-w1vHn2MbGfdC+CrP3xLZ3scsI06N0iQLU7eTHIVEFGw=", | ||||
|         "lastModified": 1710033658, | ||||
|         "narHash": "sha256-yiZiVKP5Ya813iYLho2+CcFuuHpaqKc/CoxOlANKcqM=", | ||||
|         "owner": "NixOS", | ||||
|         "repo": "nixpkgs", | ||||
|         "rev": "dfb95385d21475da10b63da74ae96d89ab352431", | ||||
|         "rev": "b17375d3bb7c79ffc52f3538028b2ec06eb79ef8", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|         "owner": "NixOS", | ||||
|         "ref": "release-23.05", | ||||
|         "ref": "release-23.11", | ||||
|         "repo": "nixpkgs", | ||||
|         "type": "github" | ||||
|       } | ||||
|     }, | ||||
|     "nixpkgs-unstable": { | ||||
|       "locked": { | ||||
|         "lastModified": 1701368325, | ||||
|         "narHash": "sha256-3OqZyi2EdopJxpxwrySPyCTuCvfBY4oXTLVgQ4B6qDg=", | ||||
|         "lastModified": 1710247538, | ||||
|         "narHash": "sha256-Mm3aCwfAdYgG2zKf5SLRBktPH0swXN1yEetAMn05KAA=", | ||||
|         "owner": "NixOS", | ||||
|         "repo": "nixpkgs", | ||||
|         "rev": "3934dbde4f4a0e266825348bc4ad1bdd00a8d6a3", | ||||
|         "rev": "21adc4f16a8ab151fec83b9d9368cd62d9de86bc", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
| @@ -180,11 +166,11 @@ | ||||
|         "nixpkgs-stable": "nixpkgs-stable" | ||||
|       }, | ||||
|       "locked": { | ||||
|         "lastModified": 1701127353, | ||||
|         "narHash": "sha256-qVNX0wOl0b7+I35aRu78xUphOyELh+mtUp1KBx89K1Q=", | ||||
|         "lastModified": 1710195194, | ||||
|         "narHash": "sha256-KFxCJp0T6TJOz1IOKlpRdpsCr9xsvlVuWY/VCiAFnTE=", | ||||
|         "owner": "Mic92", | ||||
|         "repo": "sops-nix", | ||||
|         "rev": "b1edbf5c0464b4cced90a3ba6f999e671f0af631", | ||||
|         "rev": "e52d8117b330f690382f1d16d81ae43daeb4b880", | ||||
|         "type": "github" | ||||
|       }, | ||||
|       "original": { | ||||
|   | ||||
| @@ -2,7 +2,7 @@ | ||||
|   description = "PVV System flake"; | ||||
|  | ||||
|   inputs = { | ||||
|     nixpkgs.url = "nixpkgs/nixos-23.05-small"; | ||||
|     nixpkgs.url = "nixpkgs/nixos-23.11-small"; | ||||
|     nixpkgs-unstable.url = "nixpkgs/nixos-unstable-small"; | ||||
|  | ||||
|     sops-nix.url = "github:Mic92/sops-nix"; | ||||
| @@ -14,8 +14,8 @@ | ||||
|     pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git"; | ||||
|     pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs"; | ||||
|  | ||||
|     # Last release compatible with 23.05 | ||||
|     matrix-next.url = "github:dali99/nixos-matrix-modules/e09814657187c8ed1a5fe1646df6d8da1eb2dee9"; | ||||
|     matrix-next.url = "github:dali99/nixos-matrix-modules"; | ||||
|     matrix-next.inputs.nixpkgs.follows = "nixpkgs"; | ||||
|  | ||||
|     grzegorz.url = "github:Programvareverkstedet/grzegorz"; | ||||
|     grzegorz.inputs.nixpkgs.follows = "nixpkgs-unstable"; | ||||
| @@ -58,9 +58,6 @@ | ||||
|           pkgs = import nixpkgs { | ||||
|             inherit system; | ||||
|             overlays = [ | ||||
|               (final: prev: { | ||||
|                 mx-puppet-discord = prev.mx-puppet-discord.override { nodejs_14 = final.nodejs_18; }; | ||||
|               }) | ||||
|               inputs.pvv-calendar-bot.overlays.${system}.default | ||||
|             ]; | ||||
|           }; | ||||
|   | ||||
| @@ -10,7 +10,7 @@ | ||||
|  | ||||
|     # TODO: set up authentication for the following: | ||||
|     # ./services/website.nix | ||||
|     ./services/nginx.nix | ||||
|     ./services/nginx | ||||
|     ./services/gitea/default.nix | ||||
|     ./services/webmail | ||||
|     # ./services/mediawiki.nix | ||||
|   | ||||
| @@ -1,4 +1,4 @@ | ||||
| { config, values, pkgs, ... }: | ||||
| { config, values, pkgs, lib, ... }: | ||||
| let | ||||
|   cfg = config.services.gitea; | ||||
|   domain = "git.pvv.ntnu.no"; | ||||
| @@ -32,12 +32,18 @@ in { | ||||
|     }; | ||||
|  | ||||
|     settings = { | ||||
|       dump = { | ||||
|         enable = true; | ||||
|         interval = "monthly"; | ||||
|       }; | ||||
|  | ||||
|       server = { | ||||
|         DOMAIN   = domain; | ||||
|         ROOT_URL = "https://${domain}/"; | ||||
|         PROTOCOL = "http+unix"; | ||||
|         SSH_PORT = sshPort; | ||||
| 	      START_SSH_SERVER = true; | ||||
|         LFS_START_SERVER = true; | ||||
|       }; | ||||
|       indexer.REPO_INDEXER_ENABLED = true; | ||||
|       service.DISABLE_REGISTRATION = true; | ||||
| @@ -49,6 +55,35 @@ in { | ||||
|       }; | ||||
|       actions.ENABLED = true; | ||||
|       "ui.meta".DESCRIPTION = "Bokstavelig talt programvareverkstedet"; | ||||
|       "ui.svg".RENDER = true; | ||||
|  | ||||
|       markup = { | ||||
|         asciidoc = {  | ||||
|           ENABLED = true; | ||||
|           NEED_POSTPROCESS = true; | ||||
|           FILE_EXTENSIONS = ".adoc,.asciidoc"; | ||||
|           RENDER_COMMAND = "${lib.getExe pkgs.asciidoctor} --embedded --safe-mode=secure --out-file=- -"; | ||||
|           IS_INPUT_FILE = false; | ||||
|         }; | ||||
|  | ||||
|         html = { | ||||
|           ENABLED         = true; | ||||
|           FILE_EXTENSIONS = ".html,.htm"; | ||||
|           RENDER_COMMAND  = "cat"; | ||||
|           # Input is not a standard input but a file | ||||
|           IS_INPUT_FILE   = true; | ||||
|         }; | ||||
|          | ||||
|         sanitizer.html.1 = { | ||||
|           ELEMENT = "div"; | ||||
|           ALLOW_ATTR = "class"; | ||||
|         }; | ||||
|          | ||||
|         sanitizer.html.2 = { | ||||
|           ELEMENT = "a"; | ||||
|           ALLOW_ATTR = "class"; | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   | ||||
| @@ -32,7 +32,6 @@ def add_user(username, name): | ||||
|             "full_name": name, | ||||
|             "username": username, | ||||
|             "login_name": username, | ||||
|             "visibility": "public", | ||||
|             "source_id": 1,  # 1 = SMTP | ||||
|     } | ||||
|  | ||||
| @@ -52,6 +51,7 @@ def add_user(username, name): | ||||
|         existing_users[username] = user | ||||
|  | ||||
|     else: | ||||
|         user["visibility"] = existing_users[username]["visibility"] | ||||
|         r = requests.patch(GITEA_API_URL + f'/admin/users/{username}', | ||||
|                            json=user, | ||||
|                            headers={'Authorization': 'token ' + API_TOKEN}) | ||||
|   | ||||
| @@ -1,5 +1,9 @@ | ||||
| { pkgs, config, ... }: | ||||
| { | ||||
|   imports = [ | ||||
|     ./ingress.nix | ||||
|   ]; | ||||
| 
 | ||||
|   security.acme = { | ||||
|     acceptTerms = true; | ||||
|     defaults.email = "drift@pvv.ntnu.no"; | ||||
							
								
								
									
										55
									
								
								hosts/bekkalokk/services/nginx/ingress.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										55
									
								
								hosts/bekkalokk/services/nginx/ingress.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,55 @@ | ||||
| { config, lib, ... }: | ||||
| { | ||||
|   services.nginx.virtualHosts = { | ||||
|     "www2.pvv.ntnu.no" = { | ||||
|       serverAliases = [ "www2.pvv.org" "pvv.ntnu.no" "pvv.org" ]; | ||||
|       addSSL = true; | ||||
|       enableACME = true; | ||||
|  | ||||
|       locations = { | ||||
|         # Proxy home directories | ||||
|         "/~" = { | ||||
|           extraConfig = '' | ||||
|             proxy_redirect off; | ||||
|             proxy_pass https://tom.pvv.ntnu.no; | ||||
|             proxy_set_header Host $host; | ||||
|             proxy_set_header X-Real-IP $remote_addr; | ||||
|             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||||
|             proxy_set_header X-Forwarded-Proto $scheme; | ||||
|           ''; | ||||
|         }; | ||||
|  | ||||
|         # Redirect old wiki entries | ||||
|         "/disk".return = "301 https://www.pvv.ntnu.no/pvv/Diskkjøp"; | ||||
|         "/dok/boker.php".return = "301 https://www.pvv.ntnu.no/pvv/Bokhyllen"; | ||||
|         "/styret/lover/".return = "301 https://www.pvv.ntnu.no/pvv/Lover"; | ||||
|         "/styret/".return = "301 https://www.pvv.ntnu.no/pvv/Styret"; | ||||
|         "/info/".return = "301 https://www.pvv.ntnu.no/pvv/"; | ||||
|         "/info/maskinpark/".return = "301 https://www.pvv.ntnu.no/pvv/Maskiner"; | ||||
|         "/medlemssider/meldinn.php".return = "301 https://www.pvv.ntnu.no/pvv/Medlemskontingent"; | ||||
|         "/diverse/medlems-sider.php".return = "301 https://www.pvv.ntnu.no/pvv/Medlemssider"; | ||||
|         "/cert/".return = "301 https://www.pvv.ntnu.no/pvv/CERT"; | ||||
|         "/drift".return = "301 https://www.pvv.ntnu.no/pvv/Drift"; | ||||
|         "/diverse/abuse.php".return = "301 https://www.pvv.ntnu.no/pvv/CERT/Abuse"; | ||||
|         "/nerds/".return = "301 https://www.pvv.ntnu.no/pvv/Nerdepizza"; | ||||
|  | ||||
|         # TODO: Redirect webmail | ||||
|         "/webmail".return = "301 https://webmail.pvv.ntnu.no/squirrelmail"; | ||||
|  | ||||
|         # Redirect everything else to the main website | ||||
|         "/".return = "301 https://www.pvv.ntnu.no$request_uri"; | ||||
|  | ||||
|         # Proxy the matrix well-known files | ||||
|         # Host has be set before proxy_pass | ||||
|         # The header must be set so nginx on the other side routes it to the right place | ||||
|         "/.well-known/matrix/" = { | ||||
|           extraConfig = '' | ||||
|             proxy_set_header Host matrix.pvv.ntnu.no; | ||||
|             proxy_pass https://matrix.pvv.ntnu.no/.well-known/matrix/; | ||||
|           ''; | ||||
|         }; | ||||
|       }; | ||||
|     }; | ||||
|   }; | ||||
| } | ||||
|  | ||||
| @@ -12,7 +12,8 @@ | ||||
|     ./services/mysql.nix | ||||
|     ./services/postgres.nix | ||||
|     ./services/mysql.nix | ||||
|     ./services/calendar-bot.nix | ||||
|     # TODO: fix the calendar bot | ||||
|     # ./services/calendar-bot.nix | ||||
|  | ||||
|     ./services/matrix | ||||
|   ]; | ||||
|   | ||||
| @@ -24,21 +24,26 @@ in { | ||||
|         features = { | ||||
|           feature_latex_maths = true; | ||||
|           feature_pinning = true; | ||||
|           feature_render_reaction_images = true; | ||||
|           feature_state_counters = true; | ||||
|           feature_custom_status = false; | ||||
|           # element call group calls | ||||
|           feature_group_calls = true; | ||||
|         }; | ||||
|         default_theme = "dark"; | ||||
|         # Servers in this list should provide some sort of valuable scoping | ||||
|         # matrix.org is not useful compared to matrixrooms.info, | ||||
|         # because it has so many general members, rooms of all topics are on it. | ||||
|         # Something matrixrooms.info is already providing. | ||||
|         room_directory.servers = [ | ||||
|           "pvv.ntnu.no" | ||||
|           "matrix.omegav.no" | ||||
|           "matrix.org" | ||||
|           "libera.chat" | ||||
|           "gitter.im" | ||||
|           "mozilla.org" | ||||
|           "kde.org" | ||||
|           "t2bot.io" | ||||
|           "fosdem.org" | ||||
|           "dodsorf.as" | ||||
|           "matrixrooms.info" # Searches all public room directories | ||||
|           "matrix.omegav.no" # Friends | ||||
|           "gitter.im" # gitter rooms | ||||
|           "mozilla.org" # mozilla and friends | ||||
|           "kde.org" # KDE rooms | ||||
|           "fosdem.org" # FOSDEM | ||||
|           "dodsorf.as" # PVV Member | ||||
|           "nani.wtf" # PVV Member | ||||
|         ]; | ||||
|         enable_presence_by_hs_url = { | ||||
|           "https://matrix.org" = false; | ||||
|   | ||||
							
								
								
									
										44
									
								
								hosts/bikkje/configuration.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										44
									
								
								hosts/bikkje/configuration.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,44 @@ | ||||
| { config, pkgs, values, ... }: | ||||
| { | ||||
|     networking.nat = { | ||||
|     enable = true; | ||||
|     internalInterfaces = ["ve-+"]; | ||||
|     externalInterface = "ens3"; | ||||
|     # Lazy IPv6 connectivity for the container | ||||
|     enableIPv6 = true; | ||||
|   }; | ||||
|  | ||||
|   containers.bikkje = { | ||||
|     autoStart = true; | ||||
|     config = { config, pkgs, ... }: { | ||||
|       #import packages | ||||
|       packages = with pkgs; [ | ||||
|           alpine | ||||
|           mutt | ||||
|           mutt-ics | ||||
|           mutt-wizard | ||||
|           weechat | ||||
|           weechatScripts.edit | ||||
|           hexchat | ||||
|           irssi | ||||
|           pidgin | ||||
|       ]; | ||||
|  | ||||
|       networking = { | ||||
|         firewall = { | ||||
|           enable = true; | ||||
|           # Allow SSH and HTTP and ports for email and irc | ||||
|           allowedTCPPorts = [ 80 22 194 994 6665 6666 6667 6668 6669 6697 995 993 25 465 587 110 143 993 995 ]; | ||||
|           allowedUDPPorts = [ 80 22 194 994 6665 6666 6667 6668 6669 6697 995 993 25 465 587 110 143 993 995 ]; | ||||
|         }; | ||||
|         # Use systemd-resolved inside the container | ||||
|         # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686 | ||||
|         useHostResolvConf = mkForce false; | ||||
|       }; | ||||
|        | ||||
|       system.stateVersion = "23.11"; | ||||
|       services.resolved.enable = true; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
| }; | ||||
| @@ -1,19 +1,16 @@ | ||||
| { config, pkgs, values, ... }: | ||||
| { | ||||
|   imports = [ | ||||
|       # Include the results of the hardware scan. | ||||
|       ./hardware-configuration.nix | ||||
|       ../../base.nix | ||||
|       ../../misc/metrics-exporters.nix | ||||
|  | ||||
|       ./services/openvpn-client.nix | ||||
|     ]; | ||||
|     ./hardware-configuration.nix | ||||
|     ../../base.nix | ||||
|     ../../misc/metrics-exporters.nix | ||||
|   ]; | ||||
|  | ||||
|   # buskerud does not support efi? | ||||
|   # boot.loader.systemd-boot.enable = true; | ||||
|   # boot.loader.efi.canTouchEfiVariables = true; | ||||
|   boot.loader.grub.enable = true; | ||||
|   boot.loader.grub.device = "/dev/sda"; | ||||
|   boot.loader.grub.device = "/dev/sdb"; | ||||
|  | ||||
|   networking.hostName = "buskerud"; | ||||
|   networking.search = [ "pvv.ntnu.no" "pvv.org" ]; | ||||
| @@ -25,20 +22,10 @@ | ||||
|     address = with values.hosts.buskerud; [ (ipv4 + "/25") (ipv6 + "/64") ]; | ||||
|   }; | ||||
|  | ||||
|   # Buskerud should use the default gateway received from DHCP | ||||
|   networking.interfaces.enp14s0f1.useDHCP = true; | ||||
|  | ||||
|   # networking.interfaces.tun = { | ||||
|   #   virtual = true; | ||||
|   #   ipv4.adresses = [ {address="129.241.210.252"; prefixLength=25; } ]; | ||||
|   # }; | ||||
|  | ||||
|   # List packages installed in system profile | ||||
|   environment.systemPackages = with pkgs; [ | ||||
|   ]; | ||||
|  | ||||
|   # List services that you want to enable: | ||||
|  | ||||
|   # This value determines the NixOS release from which the default | ||||
|   # settings for stateful data, like file locations and database versions | ||||
|   # on your system were taken. It‘s perfectly fine and recommended to leave | ||||
| @@ -46,5 +33,4 @@ | ||||
|   # Before changing this value read the documentation for this option | ||||
|   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). | ||||
|   system.stateVersion = "23.05"; # Did you read the comment? | ||||
|  | ||||
| } | ||||
|   | ||||
| @@ -1,109 +0,0 @@ | ||||
| { lib, values, ... }: | ||||
| { | ||||
|   services.openvpn.servers."ov-tunnel" = { | ||||
|     config = let | ||||
|       conf = { | ||||
|         # TODO: use aliases | ||||
|         client = true; | ||||
|         dev = "tap"; | ||||
|         proto = "udp"; | ||||
|         #remote = "129.241.210.253 1194"; | ||||
|         remote = "129.241.210.191 1194"; | ||||
|  | ||||
|         resolv-retry = "infinite"; | ||||
|         nobind = true; | ||||
|  | ||||
|         ca = "/etc/openvpn/ca.pem"; | ||||
|         cert = "/etc/openvpn/crt.pem"; | ||||
|         key = "/etc/openvpn/key.pem"; | ||||
|         remote-cert-tls = "server"; | ||||
|         cipher = "none"; | ||||
|  | ||||
|         user = "nobody"; | ||||
|         group = "nobody"; | ||||
|  | ||||
|         status = "/var/log/openvpn-status.log"; | ||||
|  | ||||
|         persist-key = true; | ||||
|         persist-tun = true; | ||||
|  | ||||
|         verb = 5; | ||||
|  | ||||
|         # script-security = 2; | ||||
|         # up = "systemctl restart rwhod"; | ||||
|       }; | ||||
|     in lib.pipe conf [ | ||||
|       (lib.filterAttrs (_: value: !(builtins.isNull value || value == false))) | ||||
|       (builtins.mapAttrs (_: value: | ||||
|         if builtins.isList value then builtins.concatStringsSep " " (map toString value) | ||||
|         else if value == true then value | ||||
|         else if builtins.any (f: f value) [ | ||||
|           builtins.isString | ||||
|           builtins.isInt | ||||
|           builtins.isFloat | ||||
|           lib.isPath | ||||
|           lib.isDerivation | ||||
|         ] then toString value | ||||
|         else throw "Unknown value in buskerud openvpn config, deading now\n${value}" | ||||
|       )) | ||||
|       (lib.mapAttrsToList (name: value: if value == true then name else "${name} ${value}")) | ||||
|       (builtins.concatStringsSep "\n") | ||||
|       (x: x + "\n\n") | ||||
|     ]; | ||||
|   }; | ||||
|  | ||||
|   systemd.network.networks."enp14s0f1" = { | ||||
|     matchConfig.Name = "enp14s0f1"; | ||||
|     networkConfig = { | ||||
|       DefaultRouteOnDevice = true; | ||||
|     }; | ||||
|     routes = [ | ||||
|       { routeConfig = { | ||||
|           Type = "unicast"; | ||||
|           Destination = values.hosts.knutsen.ipv4 + "/32"; | ||||
|           Metric = 50; | ||||
|         }; | ||||
|       } | ||||
|     ]; | ||||
|   }; | ||||
|  | ||||
|   systemd.network.netdevs."br0" = { | ||||
|     netdevConfig = { | ||||
|       Kind = "bridge"; | ||||
|       Name = "br0"; | ||||
|     }; | ||||
|   }; | ||||
|  | ||||
|   systemd.network.networks."br0" = { | ||||
|     matchConfig.Name = "br0"; | ||||
|     routes = [ | ||||
|       { routeConfig = { | ||||
|           Type = "unicast"; | ||||
|           Destination = values.ipv4-space; | ||||
|           Metric = 100; | ||||
|         }; | ||||
|       } | ||||
|     ]; | ||||
|   }; | ||||
|  | ||||
|   systemd.network.networks."enp3s0f0" = { | ||||
|     matchConfig.Name = "enp3s0f0"; | ||||
|     networkConfig.DefaultRouteOnDevice = false; | ||||
|   }; | ||||
|  | ||||
|   systemd.network.networks."enp3s0f1" = { | ||||
|     matchConfig.Name = "enp3s0f1"; | ||||
|     bridge = [ "br0" ]; | ||||
|   }; | ||||
|  | ||||
|   systemd.network.networks."tap0" = { | ||||
|     matchConfig.Name = "tap0"; | ||||
|     bridge = [ "br0" ]; | ||||
|   }; | ||||
|  | ||||
|   #networking.nat = { | ||||
|   #  enable = true; | ||||
|   #  externalInterface = "enp14s0f1"; | ||||
|   #  internalInterfaces  = [ "tun" ]; | ||||
|   #}; | ||||
| } | ||||
| @@ -9,7 +9,7 @@ | ||||
|     ]; | ||||
|  | ||||
|     packages = with pkgs; [ | ||||
|       exa | ||||
|       eza | ||||
|       neovim | ||||
|     ]; | ||||
|  | ||||
|   | ||||
							
								
								
									
										18
									
								
								users/eirikwit.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										18
									
								
								users/eirikwit.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,18 @@ | ||||
| { pkgs, ... }: | ||||
| { | ||||
|   users.users.eirikwit = { | ||||
|     isNormalUser = true; | ||||
|     extraGroups = [ | ||||
|       "wheel" | ||||
|       "drift" | ||||
|     ]; | ||||
|  | ||||
|     packages = with pkgs; [ | ||||
|       micro | ||||
|     ]; | ||||
|  | ||||
|     openssh.authorizedKeys.keys = [ | ||||
|       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGZusOSiUVSMjrvNdUq4R91Gafq4XVs9C77Zt+LMPhCU eirikw@live.no" | ||||
|     ]; | ||||
|   }; | ||||
| } | ||||
| @@ -3,7 +3,7 @@ | ||||
| { | ||||
|   users.users.jonmro = { | ||||
|     isNormalUser = true; | ||||
|     extraGroups = [ "wheel" ];  | ||||
|     extraGroups = [ "wheel" "drift" "nix-builder-users" ];  | ||||
|     shell = pkgs.zsh; | ||||
|     openssh.authorizedKeys.keys = [ | ||||
|       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEm5PfYmfl/0fnAP/3coVlvTw3/TYNLT6r/NwJHZbLAK jonrodtang@gmail.com" | ||||
|   | ||||
| @@ -11,7 +11,7 @@ | ||||
|  | ||||
|     packages = with pkgs; [ | ||||
|       bottom | ||||
|       exa | ||||
|       eza | ||||
|       neovim | ||||
|       diskonaut | ||||
|       ripgrep | ||||
|   | ||||
		Reference in New Issue
	
	Block a user