bikkje: various package additions

bikje: add kerberos auth
base: add motd
2024-06-22 17:35:32 +02:00 · 2024-03-30 21:15:46 +01:00 · 2024-02-19 15:55:42 +01:00 · 2024-02-19 15:48:10 +01:00 · 2024-02-18 22:34:00 +01:00 · 2024-02-12 11:24:14 +01:00
22 changed files with 2024 additions and 159 deletions
--- a/base.nix
+++ b/base.nix
@@ -73,6 +73,7 @@

  # Trusted users on the nix builder machines
  users.groups."nix-builder-users".name = "nix-builder-users";
+  users.motd = builtins.readFile ./misc/motd;

  services.openssh = {
    enable = true;
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1700927249,
-        "narHash": "sha256-iqmIWiEng890/ru7ZBf4nUezFPyRm2fjRTvuwwxqk2o=",
+        "lastModified": 1702569759,
+        "narHash": "sha256-Ze3AdEEsVZBRJ4wn13EZpV1Uubkzi59TkC4j2G9xoFI=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "3cb78c93e6a02f494aaf6aeb37481c27a2e2ee22",
+        "rev": "98ab91109716871f50ea8cb0e0ac7cc1e1e14714",
        "type": "github"
      },
      "original": {
@@ -65,32 +65,31 @@
        "nixpkgs-lib": "nixpkgs-lib"
      },
      "locked": {
-        "lastModified": 1697936579,
-        "narHash": "sha256-nMyepKnwoHMzu2OpXvG2ZhU081TV9ENmWCo0vWxs6AI=",
+        "lastModified": 1701507532,
+        "narHash": "sha256-Zzv8OFB7iilzDGe6z2t/j8qRtR23TN3N8LssGsvRWEA=",
        "owner": "dali99",
        "repo": "nixos-matrix-modules",
-        "rev": "e09814657187c8ed1a5fe1646df6d8da1eb2dee9",
+        "rev": "046194cdadc50d81255a9c57789381ed1153e2b1",
        "type": "github"
      },
      "original": {
        "owner": "dali99",
        "repo": "nixos-matrix-modules",
-        "rev": "e09814657187c8ed1a5fe1646df6d8da1eb2dee9",
        "type": "github"
      }
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1701362232,
-        "narHash": "sha256-GVdzxL0lhEadqs3hfRLuj+L1OJFGiL/L7gCcelgBlsw=",
+        "lastModified": 1702601832,
+        "narHash": "sha256-z+GyetKtwj7ZVZrRcI73N8Xy1B3JGAqDyPniBFRpIgo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d2332963662edffacfddfad59ff4f709dde80ffe",
+        "rev": "dff64d4ba6e9dc3f0a4ef8737f372a528d5bc8d1",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "ref": "nixos-23.05-small",
+        "ref": "nixos-23.11-small",
        "type": "indirect"
      }
    },
@@ -111,11 +110,11 @@
    },
    "nixpkgs-stable": {
      "locked": {
-        "lastModified": 1700905716,
-        "narHash": "sha256-w1vHn2MbGfdC+CrP3xLZ3scsI06N0iQLU7eTHIVEFGw=",
+        "lastModified": 1702148972,
+        "narHash": "sha256-h2jODFP6n+ABrUWcGRSVPRFfLOkM9TJ2pO+h+9JcaL0=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "dfb95385d21475da10b63da74ae96d89ab352431",
+        "rev": "b8f33c044e51de6dde3ad80a9676945e0e4e3227",
        "type": "github"
      },
      "original": {
@@ -127,11 +126,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1701368325,
-        "narHash": "sha256-3OqZyi2EdopJxpxwrySPyCTuCvfBY4oXTLVgQ4B6qDg=",
+        "lastModified": 1702635820,
+        "narHash": "sha256-rClms9NTmSL/WIN5VmEccVhUExMkjCrRNswxU9QGNNo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "3934dbde4f4a0e266825348bc4ad1bdd00a8d6a3",
+        "rev": "02357adddd0889782362d999628de9d309d202dc",
        "type": "github"
      },
      "original": {
@@ -180,11 +179,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1701127353,
-        "narHash": "sha256-qVNX0wOl0b7+I35aRu78xUphOyELh+mtUp1KBx89K1Q=",
+        "lastModified": 1702177193,
+        "narHash": "sha256-J2409SyXROoUHYXVy9h4Pj0VU8ReLuy/mzBc9iK4DBg=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "b1edbf5c0464b4cced90a3ba6f999e671f0af631",
+        "rev": "d806e546f96c88cd9f7d91c1c19ebc99ba6277d9",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@@ -2,7 +2,7 @@
  description = "PVV System flake";

  inputs = {
-    nixpkgs.url = "nixpkgs/nixos-23.05-small";
+    nixpkgs.url = "nixpkgs/nixos-23.11-small";
    nixpkgs-unstable.url = "nixpkgs/nixos-unstable-small";

    sops-nix.url = "github:Mic92/sops-nix";
@@ -14,8 +14,7 @@
    pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git";
    pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";

-    # Last release compatible with 23.05
-    matrix-next.url = "github:dali99/nixos-matrix-modules/e09814657187c8ed1a5fe1646df6d8da1eb2dee9";
+    matrix-next.url = "github:dali99/nixos-matrix-modules";

    grzegorz.url = "github:Programvareverkstedet/grzegorz";
    grzegorz.inputs.nixpkgs.follows = "nixpkgs-unstable";
@@ -58,9 +57,6 @@
          pkgs = import nixpkgs {
            inherit system;
            overlays = [
-              (final: prev: {
-                mx-puppet-discord = prev.mx-puppet-discord.override { nodejs_14 = final.nodejs_18; };
-              })
              inputs.pvv-calendar-bot.overlays.${system}.default
            ];
          };
--- a/hosts/bekkalokk/configuration.nix
+++ b/hosts/bekkalokk/configuration.nix
@@ -10,7 +10,7 @@

    # TODO: set up authentication for the following:
    # ./services/website.nix
-    ./services/nginx.nix
+    ./services/nginx
    ./services/gitea/default.nix
    ./services/webmail
    # ./services/mediawiki.nix
--- a/hosts/bekkalokk/services/gitea/gitea-import-users.py
+++ b/hosts/bekkalokk/services/gitea/gitea-import-users.py
@@ -32,7 +32,6 @@ def add_user(username, name):
            "full_name": name,
            "username": username,
            "login_name": username,
-            "visibility": "public",
            "source_id": 1,  # 1 = SMTP
    }

--- a/hosts/bekkalokk/services/nginx/default.nix
+++ b/hosts/bekkalokk/services/nginx/default.nix
@@ -1,5 +1,9 @@
 { pkgs, config, ... }:
 {
+  imports = [
+    ./ingress.nix
+  ];
+
  security.acme = {
    acceptTerms = true;
    defaults.email = "drift@pvv.ntnu.no";
--- a/hosts/bekkalokk/services/nginx/ingress.nix
+++ b/hosts/bekkalokk/services/nginx/ingress.nix
@@ -0,0 +1,55 @@
+{ config, lib, ... }:
+{
+  services.nginx.virtualHosts = {
+    "www2.pvv.ntnu.no" = {
+      serverAliases = [ "www2.pvv.org" "pvv.ntnu.no" "pvv.org" ];
+      addSSL = true;
+      enableACME = true;
+
+      locations = {
+        # Proxy home directories
+        "/~" = {
+          extraConfig = ''
+            proxy_redirect off;
+            proxy_pass https://tom.pvv.ntnu.no;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+          '';
+        };
+
+        # Redirect old wiki entries
+        "/disk".return = "301 https://www.pvv.ntnu.no/pvv/Diskkjøp";
+        "/dok/boker.php".return = "301 https://www.pvv.ntnu.no/pvv/Bokhyllen";
+        "/styret/lover/".return = "301 https://www.pvv.ntnu.no/pvv/Lover";
+        "/styret/".return = "301 https://www.pvv.ntnu.no/pvv/Styret";
+        "/info/".return = "301 https://www.pvv.ntnu.no/pvv/";
+        "/info/maskinpark/".return = "301 https://www.pvv.ntnu.no/pvv/Maskiner";
+        "/medlemssider/meldinn.php".return = "301 https://www.pvv.ntnu.no/pvv/Medlemskontingent";
+        "/diverse/medlems-sider.php".return = "301 https://www.pvv.ntnu.no/pvv/Medlemssider";
+        "/cert/".return = "301 https://www.pvv.ntnu.no/pvv/CERT";
+        "/drift".return = "301 https://www.pvv.ntnu.no/pvv/Drift";
+        "/diverse/abuse.php".return = "301 https://www.pvv.ntnu.no/pvv/CERT/Abuse";
+        "/nerds/".return = "301 https://www.pvv.ntnu.no/pvv/Nerdepizza";
+
+        # TODO: Redirect webmail
+        "/webmail".return = "301 https://webmail.pvv.ntnu.no/squirrelmail";
+
+        # Redirect everything else to the main website
+        "/".return = "301 https://www.pvv.ntnu.no$request_uri";
+
+        # Proxy the matrix well-known files
+        # Host has be set before proxy_pass
+        # The header must be set so nginx on the other side routes it to the right place
+        "/.well-known/matrix/" = {
+          extraConfig = ''
+            proxy_set_header Host matrix.pvv.ntnu.no;
+            proxy_pass https://matrix.pvv.ntnu.no/.well-known/matrix/;
+          '';
+        };
+      };
+    };
+  };
+}
+
--- a/hosts/bicep/configuration.nix
+++ b/hosts/bicep/configuration.nix
@@ -12,7 +12,8 @@
    ./services/mysql.nix
    ./services/postgres.nix
    ./services/mysql.nix
-    ./services/calendar-bot.nix
+    # TODO: fix the calendar bot
+    # ./services/calendar-bot.nix

    ./services/matrix
  ];
--- a/hosts/buskerud/bikkje/default.nix
+++ b/hosts/buskerud/bikkje/default.nix
@@ -0,0 +1,125 @@
+{ config, pkgs, values, lib, ... }:
+{
+  containers.bikkje = {
+    autoStart = true;
+    interfaces = [ "enp4s0f0" ];
+
+    config = { config, pkgs, ... }: {
+      imports = [
+        ../../../modules/home-areas.nix
+        ./services/kerberos
+      ];
+
+      environment.systemPackages = with pkgs; [
+          zsh
+          bash
+          fish
+          tcsh
+
+          alpine
+          mutt
+          mutt-ics
+          mutt-wizard
+          notmuch
+          mailutils
+          procmail
+
+          irssi
+          weechat
+          weechatScripts.edit
+
+          coreutils-full
+          diffutils
+          findutils
+          ripgrep
+          cvs
+          gawk
+          git
+          gnupg
+          gnused
+          groff
+          less
+          p7zip
+          rcs
+          screen
+          tmux
+          tree
+          unzip
+          zip
+
+          emacs
+          helix
+          joe
+          micro
+          nano
+          neovim
+
+          autossh
+          inetutils
+          lynx
+          mosh
+          rsync
+          w3m
+
+          clang
+          gcc
+          guile
+          lua
+          perl
+          php
+          python3
+          (python3.withPackages (ps: with ps; [
+            numpy
+            sympy
+            scipy
+            requests
+            imageio
+            pillow
+            httpx
+            pycryptodome
+            pandas
+            matplotlib
+          ]))
+          ruby
+          tcl
+      ];
+
+      services.openssh = {
+        enable = true;
+        ports = [ 22 80 443 ];
+        openFirewall = true;
+        extraConfig = ''
+          PubkeyAcceptedAlgorithms=+ssh-rsa
+       '';
+
+        settings = {
+          GatewayPorts = "yes";
+          PermitRootLogin = "yes";
+        };
+      };
+
+      users.motd = builtins.readFile ../../../misc/motd;
+
+      networking = {
+        firewall.enable = true;
+        # Use systemd-resolved inside the container
+        # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
+        useHostResolvConf = lib.mkForce false;
+        hostName = "bikkje";
+      };
+
+      systemd.network.enable = true;
+      systemd.network.networks."30-enp4s0f0" = values.defaultNetworkConfig // {
+        matchConfig.Name = "enp4s0f0";
+        address = with values.hosts.bikkje; [ (ipv4 + "/25") (ipv6 + "/64") ];
+      };
+      
+      system.stateVersion = "23.11";
+      services.resolved.enable = true;
+    };
+  };
+
+  # TODO
+  # - Kerberos Authentication
+  # - Mail Transfer Agent
+}
--- a/hosts/buskerud/bikkje/services/kerberos/default.nix
+++ b/hosts/buskerud/bikkje/services/kerberos/default.nix
@@ -0,0 +1,27 @@
+{ config, pkgs, lib, ... }:
+{
+  #######################
+  # TODO: remove these once nixos 24.05 gets released
+  #######################
+  imports = [
+    ./krb5.nix
+    ./pam.nix
+  ];
+  disabledModules = [
+    "config/krb5/default.nix"
+    "security/pam.nix"
+  ];
+  #######################
+
+  security.krb5 = {
+    enable = true;
+    settings = {
+      libdefaults = {
+        default_realm = "PVV.NTNU.NO";
+        dns_lookup_realm = "yes";
+        dns_lookup_kdc = "yes";
+      };
+      realms."PVV.NTNU.NO".admin_server = "kdc.pvv.ntnu.no";
+    };
+  };
+}
--- a/hosts/buskerud/bikkje/services/kerberos/krb5-conf-format.nix
+++ b/hosts/buskerud/bikkje/services/kerberos/krb5-conf-format.nix
@@ -0,0 +1,88 @@
+{ pkgs, lib, ... }:
+
+# Based on
+# - https://web.mit.edu/kerberos/krb5-1.12/doc/admin/conf_files/krb5_conf.html
+# - https://manpages.debian.org/unstable/heimdal-docs/krb5.conf.5heimdal.en.html
+
+let
+  inherit (lib) boolToString concatMapStringsSep concatStringsSep filter
+    isAttrs isBool isList mapAttrsToList mdDoc mkOption singleton splitString;
+  inherit (lib.types) attrsOf bool coercedTo either int listOf oneOf path
+    str submodule;
+in
+{ }: {
+  type = let
+    section = attrsOf relation;
+    relation = either (attrsOf value) value;
+    value = either (listOf atom) atom;
+    atom = oneOf [int str bool];
+  in submodule {
+    freeformType = attrsOf section;
+    options = {
+      include = mkOption {
+        default = [ ];
+        description = mdDoc ''
+          Files to include in the Kerberos configuration.
+        '';
+        type = coercedTo path singleton (listOf path);
+      };
+      includedir = mkOption {
+        default = [ ];
+        description = mdDoc ''
+          Directories containing files to include in the Kerberos configuration.
+        '';
+        type = coercedTo path singleton (listOf path);
+      };
+      module = mkOption {
+        default = [ ];
+        description = mdDoc ''
+          Modules to obtain Kerberos configuration from.
+        '';
+        type = coercedTo path singleton (listOf path);
+      };
+    };
+  };
+
+  generate = let
+    indent = str: concatMapStringsSep "\n" (line: "  " + line) (splitString "\n" str);
+
+    formatToplevel = args @ {
+      include ? [ ],
+      includedir ? [ ],
+      module ? [ ],
+      ...
+    }: let
+      sections = removeAttrs args [ "include" "includedir" "module" ];
+    in concatStringsSep "\n" (filter (x: x != "") [
+      (concatStringsSep "\n" (mapAttrsToList formatSection sections))
+      (concatMapStringsSep "\n" (m: "module ${m}") module)
+      (concatMapStringsSep "\n" (i: "include ${i}") include)
+      (concatMapStringsSep "\n" (i: "includedir ${i}") includedir)
+    ]);
+
+    formatSection = name: section: ''
+      [${name}]
+      ${indent (concatStringsSep "\n" (mapAttrsToList formatRelation section))}
+    '';
+
+    formatRelation = name: relation:
+      if isAttrs relation
+      then ''
+        ${name} = {
+        ${indent (concatStringsSep "\n" (mapAttrsToList formatValue relation))}
+        }''
+      else formatValue name relation;
+
+    formatValue = name: value:
+      if isList value
+      then concatMapStringsSep "\n" (formatAtom name) value
+      else formatAtom name value;
+
+    formatAtom = name: atom: let
+      v = if isBool atom then boolToString atom else toString atom;
+    in "${name} = ${v}";
+  in
+    name: value: pkgs.writeText name ''
+      ${formatToplevel value}
+    '';
+}
--- a/hosts/buskerud/bikkje/services/kerberos/krb5.nix
+++ b/hosts/buskerud/bikkje/services/kerberos/krb5.nix
@@ -0,0 +1,90 @@
+{ config, lib, pkgs, ... }:
+let
+  inherit (lib) mdDoc mkIf mkOption mkPackageOption mkRemovedOptionModule;
+  inherit (lib.types) bool;
+
+  mkRemovedOptionModule' = name: reason: mkRemovedOptionModule ["krb5" name] reason;
+  mkRemovedOptionModuleCfg = name: mkRemovedOptionModule' name ''
+    The option `krb5.${name}' has been removed. Use
+    `security.krb5.settings.${name}' for structured configuration.
+  '';
+
+  cfg = config.security.krb5;
+  format = import ./krb5-conf-format.nix { inherit pkgs lib; } { };
+in {
+  imports = [
+    (mkRemovedOptionModuleCfg "libdefaults")
+    (mkRemovedOptionModuleCfg "realms")
+    (mkRemovedOptionModuleCfg "domain_realm")
+    (mkRemovedOptionModuleCfg "capaths")
+    (mkRemovedOptionModuleCfg "appdefaults")
+    (mkRemovedOptionModuleCfg "plugins")
+    (mkRemovedOptionModuleCfg "config")
+    (mkRemovedOptionModuleCfg "extraConfig")
+    (mkRemovedOptionModule' "kerberos" ''
+      The option `krb5.kerberos' has been moved to `security.krb5.package'.
+    '')
+  ];
+
+  options = {
+    security.krb5 = {
+      enable = mkOption {
+        default = false;
+        description = mdDoc "Enable and configure Kerberos utilities";
+        type = bool;
+      };
+
+      package = mkPackageOption pkgs "krb5" {
+        example = "heimdal";
+      };
+
+      settings = mkOption {
+        default = { };
+        type = format.type;
+        description = mdDoc ''
+          Structured contents of the {file}`krb5.conf` file. See
+          {manpage}`krb5.conf(5)` for details about configuration.
+        '';
+        example = {
+          include = [ "/run/secrets/secret-krb5.conf" ];
+          includedir = [ "/run/secrets/secret-krb5.conf.d" ];
+
+          libdefaults = {
+            default_realm = "ATHENA.MIT.EDU";
+          };
+
+          realms = {
+            "ATHENA.MIT.EDU" = {
+              admin_server = "athena.mit.edu";
+              kdc = [
+                "athena01.mit.edu"
+                "athena02.mit.edu"
+              ];
+            };
+          };
+
+          domain_realm = {
+            "mit.edu" = "ATHENA.MIT.EDU";
+          };
+
+          logging = {
+            kdc = "SYSLOG:NOTICE";
+            admin_server = "SYSLOG:NOTICE";
+            default = "SYSLOG:NOTICE";
+          };
+        };
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    environment = {
+      systemPackages = [ cfg.package ];
+      etc."krb5.conf".source = format.generate "krb5.conf" cfg.settings;
+    };
+  };
+
+  meta.maintainers = builtins.attrValues {
+    inherit (lib.maintainers) dblsaiko h7x4;
+  };
+}
--- a/hosts/buskerud/bikkje/services/kerberos/pam.nix
+++ b/hosts/buskerud/bikkje/services/kerberos/pam.nix
--- a/hosts/buskerud/configuration.nix
+++ b/hosts/buskerud/configuration.nix
@@ -1,19 +1,18 @@
 { config, pkgs, values, ... }:
 {
  imports = [
-      # Include the results of the hardware scan.
-      ./hardware-configuration.nix
-      ../../base.nix
-      ../../misc/metrics-exporters.nix
+    ./hardware-configuration.nix
+    ../../base.nix
+    ../../misc/metrics-exporters.nix

-      ./services/openvpn-client.nix
-    ];
+    ./bikkje
+  ];

  # buskerud does not support efi?
  # boot.loader.systemd-boot.enable = true;
  # boot.loader.efi.canTouchEfiVariables = true;
  boot.loader.grub.enable = true;
-  boot.loader.grub.device = "/dev/sda";
+  boot.loader.grub.device = "/dev/sdb";

  networking.hostName = "buskerud";
  networking.search = [ "pvv.ntnu.no" "pvv.org" ];
@@ -25,20 +24,10 @@
    address = with values.hosts.buskerud; [ (ipv4 + "/25") (ipv6 + "/64") ];
  };

-  # Buskerud should use the default gateway received from DHCP
-  networking.interfaces.enp14s0f1.useDHCP = true;
-
-  # networking.interfaces.tun = {
-  #   virtual = true;
-  #   ipv4.adresses = [ {address="129.241.210.252"; prefixLength=25; } ];
-  # };
-
  # List packages installed in system profile
  environment.systemPackages = with pkgs; [
  ];

-  # List services that you want to enable:
-
  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It‘s perfectly fine and recommended to leave
@@ -46,5 +35,4 @@
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "23.05"; # Did you read the comment?
-
 }
--- a/hosts/buskerud/services/openvpn-client.nix
+++ b/hosts/buskerud/services/openvpn-client.nix
@@ -1,109 +0,0 @@
-{ lib, values, ... }:
-{
-  services.openvpn.servers."ov-tunnel" = {
-    config = let
-      conf = {
-        # TODO: use aliases
-        client = true;
-        dev = "tap";
-        proto = "udp";
-        #remote = "129.241.210.253 1194";
-        remote = "129.241.210.191 1194";
-
-        resolv-retry = "infinite";
-        nobind = true;
-
-        ca = "/etc/openvpn/ca.pem";
-        cert = "/etc/openvpn/crt.pem";
-        key = "/etc/openvpn/key.pem";
-        remote-cert-tls = "server";
-        cipher = "none";
-
-        user = "nobody";
-        group = "nobody";
-
-        status = "/var/log/openvpn-status.log";
-
-        persist-key = true;
-        persist-tun = true;
-
-        verb = 5;
-
-        # script-security = 2;
-        # up = "systemctl restart rwhod";
-      };
-    in lib.pipe conf [
-      (lib.filterAttrs (_: value: !(builtins.isNull value || value == false)))
-      (builtins.mapAttrs (_: value:
-        if builtins.isList value then builtins.concatStringsSep " " (map toString value)
-        else if value == true then value
-        else if builtins.any (f: f value) [
-          builtins.isString
-          builtins.isInt
-          builtins.isFloat
-          lib.isPath
-          lib.isDerivation
-        ] then toString value
-        else throw "Unknown value in buskerud openvpn config, deading now\n${value}"
-      ))
-      (lib.mapAttrsToList (name: value: if value == true then name else "${name} ${value}"))
-      (builtins.concatStringsSep "\n")
-      (x: x + "\n\n")
-    ];
-  };
-
-  systemd.network.networks."enp14s0f1" = {
-    matchConfig.Name = "enp14s0f1";
-    networkConfig = {
-      DefaultRouteOnDevice = true;
-    };
-    routes = [
-      { routeConfig = {
-          Type = "unicast";
-          Destination = values.hosts.knutsen.ipv4 + "/32";
-          Metric = 50;
-        };
-      }
-    ];
-  };
-
-  systemd.network.netdevs."br0" = {
-    netdevConfig = {
-      Kind = "bridge";
-      Name = "br0";
-    };
-  };
-
-  systemd.network.networks."br0" = {
-    matchConfig.Name = "br0";
-    routes = [
-      { routeConfig = {
-          Type = "unicast";
-          Destination = values.ipv4-space;
-          Metric = 100;
-        };
-      }
-    ];
-  };
-
-  systemd.network.networks."enp3s0f0" = {
-    matchConfig.Name = "enp3s0f0";
-    networkConfig.DefaultRouteOnDevice = false;
-  };
-
-  systemd.network.networks."enp3s0f1" = {
-    matchConfig.Name = "enp3s0f1";
-    bridge = [ "br0" ];
-  };
-
-  systemd.network.networks."tap0" = {
-    matchConfig.Name = "tap0";
-    bridge = [ "br0" ];
-  };
-
-  #networking.nat = {
-  #  enable = true;
-  #  externalInterface = "enp14s0f1";
-  #  internalInterfaces  = [ "tun" ];
-  #};
-}
--- a/misc/motd
+++ b/misc/motd
@@ -0,0 +1,16 @@
+		 ███████████  █████   █████ █████   █████
+		░░███░░░░░███░░███   ░░███ ░░███   ░░███
+		 ░███    ░███ ░███    ░███  ░███    ░███
+		 ░██████████  ░███    ░███  ░███    ░███
+		 ░███░░░░░░   ░░███   ███   ░░███   ███
+		 ░███          ░░░█████░     ░░░█████░
+		 █████           ░░███         ░░███
+		░░░░░             ░░░           ░░░
+
+================= EN ==================|================== NB =================
+Welcome to a PVV machine, life is good.|Velkommen til en PVV-maskin,
+                                       |livet er deilig.
+If you are confused, try pvv.ntnu.no or|Hvis du er forvirret prøv pvv.ntnu.no
+our discord server.                    |eller vår discord-server.
+More info at pvv.ntnu.no/kontakt/      |Mer info på pvv.ntnu.no/kontakt/
+===============================================================================
--- a/modules/home-areas.nix
+++ b/modules/home-areas.nix
@@ -0,0 +1,20 @@
+{ pkgs, lib, ... }:
+{
+  fileSystems = let
+    # See microbel:/etc/exports
+    homeMounts = (lib.listToAttrs (map
+      (l: lib.nameValuePair "/home/pvv/${l}" "homepvv${l}.pvv.ntnu.no:/export/home/pvv/${l}")
+      [ "a" "b" "c" "d"  "h" "i" "j" "k" "l" "m" "z" ]));
+  in { }
+  //
+  (lib.mapAttrs (_: device: {
+    inherit device;
+    fsType = "nfs";
+    options = [
+      "nfsvers=3"
+      "proto=tcp"
+      "nofail"
+      "_netdev"
+    ];
+  }) homeMounts);
+}
--- a/users/adriangl.nix
+++ b/users/adriangl.nix
@@ -9,7 +9,7 @@
    ];

    packages = with pkgs; [
-      exa
+      eza
      neovim
    ];

--- a/users/eirikwit.nix
+++ b/users/eirikwit.nix
@@ -0,0 +1,18 @@
+{ pkgs, ... }:
+{
+  users.users.eirikwit = {
+    isNormalUser = true;
+    extraGroups = [
+      "wheel"
+      "drift"
+    ];
+
+    packages = with pkgs; [
+      micro
+    ];
+
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGZusOSiUVSMjrvNdUq4R91Gafq4XVs9C77Zt+LMPhCU eirikw@live.no"
+    ];
+  };
+}
--- a/users/jonmro.nix
+++ b/users/jonmro.nix
@@ -3,7 +3,7 @@
 {
  users.users.jonmro = {
    isNormalUser = true;
-    extraGroups = [ "wheel" ]; 
+    extraGroups = [ "wheel" "drift" "nix-builder-users" ]; 
    shell = pkgs.zsh;
    openssh.authorizedKeys.keys = [
      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEm5PfYmfl/0fnAP/3coVlvTw3/TYNLT6r/NwJHZbLAK jonrodtang@gmail.com"
--- a/users/oysteikt.nix
+++ b/users/oysteikt.nix
@@ -11,7 +11,7 @@

    packages = with pkgs; [
      bottom
-      exa
+      eza
      neovim
      diskonaut
      ripgrep
--- a/values.nix
+++ b/values.nix
@@ -56,6 +56,10 @@ in rec {
      ipv4 = pvv-ipv4 204;
      ipv6 = pvv-ipv6 "1:4f"; # Wtf øystein og daniel why
    };
+    bikkje = {
+      ipv4 = pvv-ipv4 216;
+      ipv6 = pvv-ipv6 216;
+    };
    buskerud = {
      ipv4 = pvv-ipv4 231;
      ipv6 = pvv-ipv6 231;
Author	SHA1	Message	Date
Felix Albrigtsen	e84318e59b	bikkje: various package additions	2024-06-22 17:35:32 +02:00
jovre	49c06b2abe	bikje: add kerberos auth Some checks failed Eval nix flake / evals (push) Failing after 1m45s Details Eval nix flake / evals (pull_request) Failing after 1m49s Details	2024-03-30 21:15:46 +01:00
Felix Albrigtsen	8b44ddd56d	base: add motd Some checks failed Eval nix flake / evals (push) Failing after 1m43s Details Eval nix flake / evals (pull_request) Failing after 1m47s Details	2024-02-19 15:55:42 +01:00
Felix Albrigtsen	c683a6d4c2	bikkje: mount home directories Some checks failed Eval nix flake / evals (push) Failing after 1m48s Details Eval nix flake / evals (pull_request) Failing after 1m49s Details	2024-02-19 15:48:10 +01:00
Felix Albrigtsen	5e30f30ac2	bikkje: initialize on buskerud Some checks failed Eval nix flake / evals (push) Failing after 1m43s Details	2024-02-18 22:34:00 +01:00
Felix Albrigtsen	62b269637a	bekkalokk/gitea: unset visibility when updating users Some checks failed Eval nix flake / evals (push) Failing after 1m50s Details	2024-02-12 11:24:14 +01:00
Adrian Gunnar Lauterer	7fd9a1e646	started on bikkje container for new loginbox - work in progress Some checks failed Eval nix flake / evals (push) Failing after 1m47s Details	2024-01-07 01:21:11 +01:00
Daniel Olsen	4ea90380ad	bicep/matrix: use synapse package from stable Some checks failed Eval nix flake / evals (push) Failing after 1m52s Details It's fixed now	2023-12-16 00:22:02 +01:00
Daniel Olsen	bcd5292f78	update flake.lock Some checks failed Eval nix flake / evals (push) Failing after 1m46s Details	2023-12-13 20:02:09 +01:00
Felix Albrigtsen	1ab1b3a84e	Merge pull request 'Buskerud: Comment out openvpn-client' (#23 ) from buskerud-no-vpn into main Some checks failed Eval nix flake / evals (push) Failing after 1m48s Details Reviewed-on: #23	2023-12-12 18:09:31 +01:00
Felix Albrigtsen	80ef1ce4fa	Buskerud: Remove OV-link, general cleanup Some checks failed Eval nix flake / evals (push) Failing after 1m43s Details Eval nix flake / evals (pull_request) Failing after 1m42s Details	2023-12-12 15:27:20 +01:00
Felix Albrigtsen	2b834eee14	Buskerud: Comment out openvpn-client Some checks failed Eval nix flake / evals (pull_request) Failing after 1m42s Details Eval nix flake / evals (push) Failing after 1m40s Details	2023-12-12 11:39:33 +01:00
Daniel Lovbrotte Olsen	9ed2ca8883	Merge pull request 'Update users/jonmro.nix' (#21 ) from jonmro/pvv-nixos-config:main into main Some checks failed Eval nix flake / evals (push) Failing after 1m50s Details Reviewed-on: #21	2023-12-10 05:46:20 +01:00
Daniel Lovbrotte Olsen	fe12e5441a	Merge pull request '🎉 nixpkgs 23.11' (#20 ) from upgrade-to-nixpkgs-23-11 into main Some checks failed Eval nix flake / evals (push) Failing after 1m43s Details Reviewed-on: #20	2023-12-10 05:43:01 +01:00
Daniel Olsen	2b305678df	update flake.lock Some checks failed Eval nix flake / evals (pull_request) Failing after 1m43s Details Eval nix flake / evals (push) Failing after 1m48s Details	2023-12-10 05:41:45 +01:00
Daniel Olsen	dd8b677a79	buskerud: bootloader - 3.3TB, OS - 256GB 👍 Some checks failed Eval nix flake / evals (pull_request) Failing after 1m49s Details Eval nix flake / evals (push) Failing after 1m57s Details	2023-12-10 05:27:58 +01:00
Daniel Olsen	eabd8df3d8	bicep/matrix: use package with fixed pythonEnv Some checks failed Eval nix flake / evals (pull_request) Failing after 1m46s Details Eval nix flake / evals (push) Failing after 1m52s Details	2023-12-10 04:32:26 +01:00
Eirik Wittersø	8a0ebe761e	Add user eirikwit Some checks failed Eval nix flake / evals (pull_request) Failing after 1m43s Details Eval nix flake / evals (push) Failing after 1m48s Details	2023-12-10 02:00:18 +01:00
Jon Martinus Rodtang	0c816068fe	Update users/jonmro.nix Some checks failed Eval nix flake / evals (pull_request) Failing after 2m1s Details Added "drift" "nix-builder-users" groups	2023-12-10 00:25:04 +01:00
h7x4	0b5e03471f	upgrade to nixpkgs 23.11 Some checks failed Eval nix flake / evals (push) Failing after 3h8m33s Details Eval nix flake / evals (pull_request) Failing after 3h5m17s Details	2023-12-05 00:36:09 +01:00
Daniel Lovbrotte Olsen	d8031ecca1	Merge pull request 'replace-knakelibrak-nginx-reverse-proxy' (#18 ) from replace-knakelibrak-nginx-reverse-proxy into main All checks were successful Eval nix flake / evals (push) Successful in 4m2s Details Reviewed-on: #18	2023-12-03 07:01:13 +01:00
Daniel Olsen	1ef033c754	bekkalokk/ingress: proxy matrix well-known files to bicep All checks were successful Eval nix flake / evals (push) Successful in 3m44s Details Eval nix flake / evals (pull_request) Successful in 3m31s Details	2023-11-28 10:24:18 +01:00
Felix Albrigtsen	d900dc1b1b	Redirect subpages like ./well-known, add @-domains	2023-11-28 10:24:18 +01:00
h7x4	d5985e02f3	Prepare to replace knakelibrak Co-authored-by: Felix Albrigtsen <felix@albrigtsen.it>	2023-11-28 10:23:02 +01:00