Compare commits
	
		
			41 Commits
		
	
	
		
			setup-open
			...
			nix-topolo
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
| b20119ff8d | |||
| 9ad30e9921 | |||
| 9a81d570bb | |||
| c8bf3b7c01 | |||
| 069da36895 | |||
| 83f83a91b7 | |||
| 6372a4111e | |||
| bdfb7384c2 | |||
| ace351c0a7 | |||
| cd5c2c0e01 | |||
| 2be9eb16fe | |||
| 64bd33a213 | |||
| 7b5e114944 | |||
| ee8965e18c | |||
| 7125fd2478 | |||
| 0c1762619a | |||
| 84d1ae13c0 | |||
| a3c88b7869 | |||
| 4aa994e7a3 | |||
| fc64139739 | |||
| 75b0c00212 | |||
| 94d73b34ad | |||
| bf50d6478b | |||
| e9dc0d85a0 | |||
| a009b05977 | |||
| 8a8f5659fb | |||
| 13c921c47b | |||
| 819fcef4c2 | |||
| 102a6f9011 | |||
| 86e68f496e | |||
| 394ff94033 | |||
| 6cb7f576a5 | |||
| edb448f7a0 | |||
| 4507ffe2ab | |||
| 882a8f2e88 | |||
| 65da25da7e | |||
| fd81d61a56 | |||
| 2776273a27 | |||
| ebc5b269ef | |||
| 850d0b0ec5 | |||
| 02792fc20e | 
| @@ -10,6 +10,8 @@ | |||||||
|  |  | ||||||
|     ./services/acme.nix |     ./services/acme.nix | ||||||
|     ./services/auto-upgrade.nix |     ./services/auto-upgrade.nix | ||||||
|  |     ./services/dbus.nix | ||||||
|  |     ./services/fwupd.nix | ||||||
|     ./services/irqbalance.nix |     ./services/irqbalance.nix | ||||||
|     ./services/logrotate.nix |     ./services/logrotate.nix | ||||||
|     ./services/nginx.nix |     ./services/nginx.nix | ||||||
| @@ -17,9 +19,12 @@ | |||||||
|     ./services/postfix.nix |     ./services/postfix.nix | ||||||
|     ./services/smartd.nix |     ./services/smartd.nix | ||||||
|     ./services/thermald.nix |     ./services/thermald.nix | ||||||
|  |     ./services/userborn.nix | ||||||
|  |     ./services/userdbd.nix | ||||||
|   ]; |   ]; | ||||||
|  |  | ||||||
|   boot.tmp.cleanOnBoot = lib.mkDefault true; |   boot.tmp.cleanOnBoot = lib.mkDefault true; | ||||||
|  |   boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; | ||||||
|  |  | ||||||
|   time.timeZone = "Europe/Oslo"; |   time.timeZone = "Europe/Oslo"; | ||||||
|  |  | ||||||
| @@ -47,6 +52,8 @@ | |||||||
|  |  | ||||||
|   programs.zsh.enable = true; |   programs.zsh.enable = true; | ||||||
|  |  | ||||||
|  |   security.lockKernelModules = true; | ||||||
|  |   security.protectKernelImage = true; | ||||||
|   security.sudo.execWheelOnly = true; |   security.sudo.execWheelOnly = true; | ||||||
|   security.sudo.extraConfig = '' |   security.sudo.extraConfig = '' | ||||||
|     Defaults lecture = never |     Defaults lecture = never | ||||||
|   | |||||||
| @@ -5,10 +5,10 @@ | |||||||
|       automatic = true; |       automatic = true; | ||||||
|       options = "--delete-older-than 2d"; |       options = "--delete-older-than 2d"; | ||||||
|     }; |     }; | ||||||
|  |     optimise.automatic = true; | ||||||
|  |  | ||||||
|     settings = { |     settings = { | ||||||
|       allow-dirty = true; |       allow-dirty = true; | ||||||
|       auto-optimise-store = true; |  | ||||||
|       builders-use-substitutes = true; |       builders-use-substitutes = true; | ||||||
|       experimental-features = [ "nix-command" "flakes" ]; |       experimental-features = [ "nix-command" "flakes" ]; | ||||||
|       log-lines = 50; |       log-lines = 50; | ||||||
|   | |||||||
| @@ -7,7 +7,7 @@ | |||||||
|       # --update-input is deprecated since nix 2.22, and removed in lix 2.90 |       # --update-input is deprecated since nix 2.22, and removed in lix 2.90 | ||||||
|       # https://git.lix.systems/lix-project/lix/issues/400 |       # https://git.lix.systems/lix-project/lix/issues/400 | ||||||
|       "--refresh" |       "--refresh" | ||||||
|       "--override-input" "nixpkgs" "github:nixos/nixpkgs/nixos-24.05-small" |       "--override-input" "nixpkgs" "github:nixos/nixpkgs/nixos-24.11-small" | ||||||
|       "--override-input" "nixpkgs-unstable" "github:nixos/nixpkgs/nixos-unstable-small" |       "--override-input" "nixpkgs-unstable" "github:nixos/nixpkgs/nixos-unstable-small" | ||||||
|       "--no-write-lock-file" |       "--no-write-lock-file" | ||||||
|     ]; |     ]; | ||||||
|   | |||||||
							
								
								
									
										7
									
								
								base/services/dbus.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								base/services/dbus.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | |||||||
|  | { ... }: | ||||||
|  | { | ||||||
|  |   services.dbus = { | ||||||
|  |     enable = true; | ||||||
|  |     implementation = "broker"; | ||||||
|  |   }; | ||||||
|  | } | ||||||
							
								
								
									
										4
									
								
								base/services/fwupd.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								base/services/fwupd.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,4 @@ | |||||||
|  | { ... }: | ||||||
|  | { | ||||||
|  |   services.fwupd.enable = true; | ||||||
|  | } | ||||||
| @@ -1,42 +1,8 @@ | |||||||
| { ... }: | { ... }: | ||||||
| { | { | ||||||
|   # source: https://github.com/logrotate/logrotate/blob/main/examples/logrotate.service |  | ||||||
|   systemd.services.logrotate = { |   systemd.services.logrotate = { | ||||||
|     documentation = [ "man:logrotate(8)" "man:logrotate.conf(5)" ]; |     documentation = [ "man:logrotate(8)" "man:logrotate.conf(5)" ]; | ||||||
|     unitConfig.RequiresMountsFor = "/var/log"; |     unitConfig.RequiresMountsFor = "/var/log"; | ||||||
|     serviceConfig = { |     serviceConfig.ReadWritePaths = [ "/var/log" ]; | ||||||
|       Nice = 19; |  | ||||||
|       IOSchedulingClass = "best-effort"; |  | ||||||
|       IOSchedulingPriority = 7; |  | ||||||
|  |  | ||||||
|       ReadWritePaths = [ "/var/log" ]; |  | ||||||
|  |  | ||||||
|       AmbientCapabilities = [ "" ]; |  | ||||||
|       CapabilityBoundingSet = [ "" ]; |  | ||||||
|       DeviceAllow = [ "" ]; |  | ||||||
|       LockPersonality = true; |  | ||||||
|       MemoryDenyWriteExecute = true; |  | ||||||
|       NoNewPrivileges = true; # disable for third party rotate scripts |  | ||||||
|       PrivateDevices = true; |  | ||||||
|       PrivateNetwork = true; # disable for mail delivery |  | ||||||
|       PrivateTmp = true; |  | ||||||
|       ProtectClock = true; |  | ||||||
|       ProtectControlGroups = true; |  | ||||||
|       ProtectHome = true; # disable for userdir logs |  | ||||||
|       ProtectHostname = true; |  | ||||||
|       ProtectKernelLogs = true; |  | ||||||
|       ProtectKernelModules = true; |  | ||||||
|       ProtectKernelTunables = true; |  | ||||||
|       ProtectProc = "invisible"; |  | ||||||
|       ProtectSystem = "full"; |  | ||||||
|       RestrictNamespaces = true; |  | ||||||
|       RestrictRealtime = true; |  | ||||||
|       RestrictSUIDSGID = true; # disable for creating setgid directories |  | ||||||
|       SocketBindDeny = [ "any" ]; |  | ||||||
|       SystemCallArchitectures = "native"; |  | ||||||
|       SystemCallFilter = [ |  | ||||||
|         "@system-service" |  | ||||||
|       ]; |  | ||||||
|     }; |  | ||||||
|   }; |   }; | ||||||
| } | } | ||||||
|   | |||||||
| @@ -33,6 +33,10 @@ | |||||||
|  |  | ||||||
|   systemd.services.nginx.serviceConfig = lib.mkIf config.services.nginx.enable { |   systemd.services.nginx.serviceConfig = lib.mkIf config.services.nginx.enable { | ||||||
|     LimitNOFILE = 65536; |     LimitNOFILE = 65536; | ||||||
|  |     # We use jit my dudes | ||||||
|  |     MemoryDenyWriteExecute = lib.mkForce false; | ||||||
|  |     # What the fuck do we use that where the defaults are not enough??? | ||||||
|  |     SystemCallFilter = lib.mkForce null; | ||||||
|   }; |   }; | ||||||
|  |  | ||||||
|   services.nginx.virtualHosts."_" = lib.mkIf config.services.nginx.enable { |   services.nginx.virtualHosts."_" = lib.mkIf config.services.nginx.enable { | ||||||
| @@ -41,4 +45,4 @@ | |||||||
|     addSSL = true; |     addSSL = true; | ||||||
|     extraConfig = "return 444;"; |     extraConfig = "return 444;"; | ||||||
|   }; |   }; | ||||||
| } | } | ||||||
|   | |||||||
							
								
								
									
										4
									
								
								base/services/userborn.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								base/services/userborn.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,4 @@ | |||||||
|  | { ... }: | ||||||
|  | { | ||||||
|  |   services.userborn.enable = true; | ||||||
|  | } | ||||||
							
								
								
									
										4
									
								
								base/services/userdbd.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										4
									
								
								base/services/userdbd.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,4 @@ | |||||||
|  | { ... }: | ||||||
|  | { | ||||||
|  |   services.userdbd.enable = true; | ||||||
|  | } | ||||||
							
								
								
									
										278
									
								
								flake.lock
									
									
									
										generated
									
									
									
								
							
							
						
						
									
										278
									
								
								flake.lock
									
									
									
										generated
									
									
									
								
							| @@ -1,5 +1,26 @@ | |||||||
| { | { | ||||||
|   "nodes": { |   "nodes": { | ||||||
|  |     "devshell": { | ||||||
|  |       "inputs": { | ||||||
|  |         "nixpkgs": [ | ||||||
|  |           "nix-topology", | ||||||
|  |           "nixpkgs" | ||||||
|  |         ] | ||||||
|  |       }, | ||||||
|  |       "locked": { | ||||||
|  |         "lastModified": 1728330715, | ||||||
|  |         "narHash": "sha256-xRJ2nPOXb//u1jaBnDP56M7v5ldavjbtR6lfGqSvcKg=", | ||||||
|  |         "owner": "numtide", | ||||||
|  |         "repo": "devshell", | ||||||
|  |         "rev": "dd6b80932022cea34a019e2bb32f6fa9e494dfef", | ||||||
|  |         "type": "github" | ||||||
|  |       }, | ||||||
|  |       "original": { | ||||||
|  |         "owner": "numtide", | ||||||
|  |         "repo": "devshell", | ||||||
|  |         "type": "github" | ||||||
|  |       } | ||||||
|  |     }, | ||||||
|     "disko": { |     "disko": { | ||||||
|       "inputs": { |       "inputs": { | ||||||
|         "nixpkgs": [ |         "nixpkgs": [ | ||||||
| @@ -7,11 +28,11 @@ | |||||||
|         ] |         ] | ||||||
|       }, |       }, | ||||||
|       "locked": { |       "locked": { | ||||||
|         "lastModified": 1731746438, |         "lastModified": 1741786315, | ||||||
|         "narHash": "sha256-f3SSp1axoOk0NAI7oFdRzbxG2XPBSIXC+/DaAXnvS1A=", |         "narHash": "sha256-VT65AE2syHVj6v/DGB496bqBnu1PXrrzwlw07/Zpllc=", | ||||||
|         "owner": "nix-community", |         "owner": "nix-community", | ||||||
|         "repo": "disko", |         "repo": "disko", | ||||||
|         "rev": "cb64993826fa7a477490be6ccb38ba1fa1e18fa8", |         "rev": "0d8c6ad4a43906d14abd5c60e0ffe7b587b213de", | ||||||
|         "type": "github" |         "type": "github" | ||||||
|       }, |       }, | ||||||
|       "original": { |       "original": { | ||||||
| @@ -20,6 +41,83 @@ | |||||||
|         "type": "github" |         "type": "github" | ||||||
|       } |       } | ||||||
|     }, |     }, | ||||||
|  |     "flake-compat": { | ||||||
|  |       "flake": false, | ||||||
|  |       "locked": { | ||||||
|  |         "lastModified": 1696426674, | ||||||
|  |         "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", | ||||||
|  |         "owner": "edolstra", | ||||||
|  |         "repo": "flake-compat", | ||||||
|  |         "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", | ||||||
|  |         "type": "github" | ||||||
|  |       }, | ||||||
|  |       "original": { | ||||||
|  |         "owner": "edolstra", | ||||||
|  |         "repo": "flake-compat", | ||||||
|  |         "type": "github" | ||||||
|  |       } | ||||||
|  |     }, | ||||||
|  |     "flake-utils": { | ||||||
|  |       "inputs": { | ||||||
|  |         "systems": "systems" | ||||||
|  |       }, | ||||||
|  |       "locked": { | ||||||
|  |         "lastModified": 1726560853, | ||||||
|  |         "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=", | ||||||
|  |         "owner": "numtide", | ||||||
|  |         "repo": "flake-utils", | ||||||
|  |         "rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a", | ||||||
|  |         "type": "github" | ||||||
|  |       }, | ||||||
|  |       "original": { | ||||||
|  |         "owner": "numtide", | ||||||
|  |         "repo": "flake-utils", | ||||||
|  |         "type": "github" | ||||||
|  |       } | ||||||
|  |     }, | ||||||
|  |     "gergle": { | ||||||
|  |       "inputs": { | ||||||
|  |         "nixpkgs": [ | ||||||
|  |           "nixpkgs" | ||||||
|  |         ] | ||||||
|  |       }, | ||||||
|  |       "locked": { | ||||||
|  |         "lastModified": 1736621371, | ||||||
|  |         "narHash": "sha256-45UIQSQA7R5iU4YWvilo7mQbhY1Liql9bHBvYa3qRI0=", | ||||||
|  |         "ref": "main", | ||||||
|  |         "rev": "3729796c1213fe76e568ac28f1df8de4e596950b", | ||||||
|  |         "revCount": 20, | ||||||
|  |         "type": "git", | ||||||
|  |         "url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git" | ||||||
|  |       }, | ||||||
|  |       "original": { | ||||||
|  |         "ref": "main", | ||||||
|  |         "type": "git", | ||||||
|  |         "url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git" | ||||||
|  |       } | ||||||
|  |     }, | ||||||
|  |     "gitignore": { | ||||||
|  |       "inputs": { | ||||||
|  |         "nixpkgs": [ | ||||||
|  |           "nix-topology", | ||||||
|  |           "pre-commit-hooks", | ||||||
|  |           "nixpkgs" | ||||||
|  |         ] | ||||||
|  |       }, | ||||||
|  |       "locked": { | ||||||
|  |         "lastModified": 1709087332, | ||||||
|  |         "narHash": "sha256-HG2cCnktfHsKV0s4XW83gU3F57gaTljL9KNSuG6bnQs=", | ||||||
|  |         "owner": "hercules-ci", | ||||||
|  |         "repo": "gitignore.nix", | ||||||
|  |         "rev": "637db329424fd7e46cf4185293b9cc8c88c95394", | ||||||
|  |         "type": "github" | ||||||
|  |       }, | ||||||
|  |       "original": { | ||||||
|  |         "owner": "hercules-ci", | ||||||
|  |         "repo": "gitignore.nix", | ||||||
|  |         "type": "github" | ||||||
|  |       } | ||||||
|  |     }, | ||||||
|     "greg-ng": { |     "greg-ng": { | ||||||
|       "inputs": { |       "inputs": { | ||||||
|         "nixpkgs": [ |         "nixpkgs": [ | ||||||
| @@ -28,17 +126,18 @@ | |||||||
|         "rust-overlay": "rust-overlay" |         "rust-overlay": "rust-overlay" | ||||||
|       }, |       }, | ||||||
|       "locked": { |       "locked": { | ||||||
|         "lastModified": 1730249639, |         "lastModified": 1736545379, | ||||||
|         "narHash": "sha256-G3URSlqCcb+GIvGyki+HHrDM5ZanX/dP9BtppD/SdfI=", |         "narHash": "sha256-PeTTmGumdOX3rd6OKI7QMCrZovCDkrckZbcHr+znxWA=", | ||||||
|         "ref": "refs/heads/main", |         "ref": "main", | ||||||
|         "rev": "80e0447bcb79adad4f459ada5610f3eae987b4e3", |         "rev": "74f5316121776db2769385927ec0d0c2cc2b23e4", | ||||||
|         "revCount": 34, |         "revCount": 42, | ||||||
|         "type": "git", |         "type": "git", | ||||||
|         "url": "https://git.pvv.ntnu.no/Projects/greg-ng.git" |         "url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git" | ||||||
|       }, |       }, | ||||||
|       "original": { |       "original": { | ||||||
|  |         "ref": "main", | ||||||
|         "type": "git", |         "type": "git", | ||||||
|         "url": "https://git.pvv.ntnu.no/Projects/greg-ng.git" |         "url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git" | ||||||
|       } |       } | ||||||
|     }, |     }, | ||||||
|     "grzegorz-clients": { |     "grzegorz-clients": { | ||||||
| @@ -48,17 +147,17 @@ | |||||||
|         ] |         ] | ||||||
|       }, |       }, | ||||||
|       "locked": { |       "locked": { | ||||||
|         "lastModified": 1726861934, |         "lastModified": 1736178795, | ||||||
|         "narHash": "sha256-lOzPDwktd+pwszUTbpUdQg6iCzInS11fHLfkjmnvJrM=", |         "narHash": "sha256-mPdi8cgvIDYcgG3FRG7A4BOIMu2Jef96TPMnV00uXlM=", | ||||||
|         "ref": "refs/heads/master", |         "ref": "master", | ||||||
|         "rev": "546d921ec46735dbf876e36f4af8df1064d09432", |         "rev": "fde738910de1fd8293535a6382c2f0c2749dd7c1", | ||||||
|         "revCount": 78, |         "revCount": 79, | ||||||
|         "type": "git", |         "type": "git", | ||||||
|         "url": "https://git.pvv.ntnu.no/Projects/grzegorz-clients.git" |         "url": "https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git" | ||||||
|       }, |       }, | ||||||
|       "original": { |       "original": { | ||||||
|         "type": "git", |         "type": "git", | ||||||
|         "url": "https://git.pvv.ntnu.no/Projects/grzegorz-clients.git" |         "url": "https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git" | ||||||
|       } |       } | ||||||
|     }, |     }, | ||||||
|     "matrix-next": { |     "matrix-next": { | ||||||
| @@ -68,16 +167,16 @@ | |||||||
|         ] |         ] | ||||||
|       }, |       }, | ||||||
|       "locked": { |       "locked": { | ||||||
|         "lastModified": 1727410897, |         "lastModified": 1735857245, | ||||||
|         "narHash": "sha256-tWsyxvf421ieWUJYgjV7m1eTdr2ZkO3vId7vmtvfFpQ=", |         "narHash": "sha256-AKLLPrgXTxgzll3DqVUMa4QlPlRN3QceutgFBmEf8Nk=", | ||||||
|         "owner": "dali99", |         "owner": "dali99", | ||||||
|         "repo": "nixos-matrix-modules", |         "repo": "nixos-matrix-modules", | ||||||
|         "rev": "ff787d410cba17882cd7b6e2e22cc88d4064193c", |         "rev": "da9dc0479ffe22362793c87dc089035facf6ec4d", | ||||||
|         "type": "github" |         "type": "github" | ||||||
|       }, |       }, | ||||||
|       "original": { |       "original": { | ||||||
|         "owner": "dali99", |         "owner": "dali99", | ||||||
|         "ref": "v0.6.1", |         "ref": "0.7.0", | ||||||
|         "repo": "nixos-matrix-modules", |         "repo": "nixos-matrix-modules", | ||||||
|         "type": "github" |         "type": "github" | ||||||
|       } |       } | ||||||
| @@ -86,15 +185,15 @@ | |||||||
|       "locked": { |       "locked": { | ||||||
|         "lastModified": 1725277886, |         "lastModified": 1725277886, | ||||||
|         "narHash": "sha256-Fw4VbbE3EfypQWSgPDFfvVH47BHeg3ptsO715NlUM8Q=", |         "narHash": "sha256-Fw4VbbE3EfypQWSgPDFfvVH47BHeg3ptsO715NlUM8Q=", | ||||||
|         "ref": "refs/heads/master", |         "ref": "master", | ||||||
|         "rev": "1b4087bd3322a2e2ba84271c8fcc013e6b641a58", |         "rev": "1b4087bd3322a2e2ba84271c8fcc013e6b641a58", | ||||||
|         "revCount": 2, |         "revCount": 2, | ||||||
|         "type": "git", |         "type": "git", | ||||||
|         "url": "https://git.pvv.ntnu.no/Drift/minecraft-data.git" |         "url": "https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git" | ||||||
|       }, |       }, | ||||||
|       "original": { |       "original": { | ||||||
|         "type": "git", |         "type": "git", | ||||||
|         "url": "https://git.pvv.ntnu.no/Drift/minecraft-data.git" |         "url": "https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git" | ||||||
|       } |       } | ||||||
|     }, |     }, | ||||||
|     "nix-gitea-themes": { |     "nix-gitea-themes": { | ||||||
| @@ -104,58 +203,66 @@ | |||||||
|         ] |         ] | ||||||
|       }, |       }, | ||||||
|       "locked": { |       "locked": { | ||||||
|         "lastModified": 1714416973, |         "lastModified": 1736531400, | ||||||
|         "narHash": "sha256-aZUcvXjdETUC6wVQpWDVjLUzwpDAEca8yR0ITDeK39o=", |         "narHash": "sha256-+X/HVI1AwoPcud28wI35XRrc1kDgkYdDUGABJBAkxDI=", | ||||||
|         "ref": "refs/heads/main", |         "ref": "main", | ||||||
|         "rev": "2b23c0ba8aae68d3cb6789f0f6e4891cef26cc6d", |         "rev": "e4dafd06b3d7e9e6e07617766e9c3743134571b7", | ||||||
|         "revCount": 6, |         "revCount": 7, | ||||||
|         "type": "git", |         "type": "git", | ||||||
|         "url": "https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git" |         "url": "https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git" | ||||||
|       }, |       }, | ||||||
|       "original": { |       "original": { | ||||||
|  |         "ref": "main", | ||||||
|         "type": "git", |         "type": "git", | ||||||
|         "url": "https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git" |         "url": "https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git" | ||||||
|       } |       } | ||||||
|     }, |     }, | ||||||
|  |     "nix-topology": { | ||||||
|  |       "inputs": { | ||||||
|  |         "devshell": "devshell", | ||||||
|  |         "flake-utils": "flake-utils", | ||||||
|  |         "nixpkgs": [ | ||||||
|  |           "nixpkgs" | ||||||
|  |         ], | ||||||
|  |         "pre-commit-hooks": "pre-commit-hooks" | ||||||
|  |       }, | ||||||
|  |       "locked": { | ||||||
|  |         "lastModified": 1738246091, | ||||||
|  |         "narHash": "sha256-2+KkZsRO+XlOFbXbRgMZbRtlqn5MBNYj4HNmZ/2Tojg=", | ||||||
|  |         "owner": "oddlama", | ||||||
|  |         "repo": "nix-topology", | ||||||
|  |         "rev": "5526269fa3eedf4f4bc00c0bf7a03db31d24b029", | ||||||
|  |         "type": "github" | ||||||
|  |       }, | ||||||
|  |       "original": { | ||||||
|  |         "owner": "oddlama", | ||||||
|  |         "repo": "nix-topology", | ||||||
|  |         "type": "github" | ||||||
|  |       } | ||||||
|  |     }, | ||||||
|     "nixpkgs": { |     "nixpkgs": { | ||||||
|       "locked": { |       "locked": { | ||||||
|         "lastModified": 1731663789, |         "lastModified": 1741969460, | ||||||
|         "narHash": "sha256-x07g4NcqGP6mQn6AISXJaks9sQYDjZmTMBlKIvajvyc=", |         "narHash": "sha256-SCNxTTBfMJV7XuTcLUfdAd6cgCGsazzi+DoPrceQrZ0=", | ||||||
|         "owner": "NixOS", |         "owner": "NixOS", | ||||||
|         "repo": "nixpkgs", |         "repo": "nixpkgs", | ||||||
|         "rev": "035d434d48f4375ac5d3a620954cf5fda7dd7c36", |         "rev": "68612419aa6c9fd5b178b81e6fabbdf46d300ea4", | ||||||
|         "type": "github" |         "type": "github" | ||||||
|       }, |       }, | ||||||
|       "original": { |       "original": { | ||||||
|         "owner": "NixOS", |         "owner": "NixOS", | ||||||
|         "ref": "nixos-24.05-small", |         "ref": "nixos-24.11-small", | ||||||
|         "repo": "nixpkgs", |  | ||||||
|         "type": "github" |  | ||||||
|       } |  | ||||||
|     }, |  | ||||||
|     "nixpkgs-stable": { |  | ||||||
|       "locked": { |  | ||||||
|         "lastModified": 1730602179, |  | ||||||
|         "narHash": "sha256-efgLzQAWSzJuCLiCaQUCDu4NudNlHdg2NzGLX5GYaEY=", |  | ||||||
|         "owner": "NixOS", |  | ||||||
|         "repo": "nixpkgs", |  | ||||||
|         "rev": "3c2f1c4ca372622cb2f9de8016c9a0b1cbd0f37c", |  | ||||||
|         "type": "github" |  | ||||||
|       }, |  | ||||||
|       "original": { |  | ||||||
|         "owner": "NixOS", |  | ||||||
|         "ref": "release-24.05", |  | ||||||
|         "repo": "nixpkgs", |         "repo": "nixpkgs", | ||||||
|         "type": "github" |         "type": "github" | ||||||
|       } |       } | ||||||
|     }, |     }, | ||||||
|     "nixpkgs-unstable": { |     "nixpkgs-unstable": { | ||||||
|       "locked": { |       "locked": { | ||||||
|         "lastModified": 1731745710, |         "lastModified": 1742051767, | ||||||
|         "narHash": "sha256-SVeiClbgqL071JpAspOu0gCkPSAL51kSIRwo4C/pghA=", |         "narHash": "sha256-JpyjnalnIqJ7cvP8HzaoJN9/i2bDx83dToodHHjGuNg=", | ||||||
|         "owner": "NixOS", |         "owner": "NixOS", | ||||||
|         "repo": "nixpkgs", |         "repo": "nixpkgs", | ||||||
|         "rev": "dfaa4cb76c2d450d8f396bb6b9f43cede3ade129", |         "rev": "ec886d10b507760c90ed01e2eac7f0679d0a47ae", | ||||||
|         "type": "github" |         "type": "github" | ||||||
|       }, |       }, | ||||||
|       "original": { |       "original": { | ||||||
| @@ -165,6 +272,33 @@ | |||||||
|         "type": "github" |         "type": "github" | ||||||
|       } |       } | ||||||
|     }, |     }, | ||||||
|  |     "pre-commit-hooks": { | ||||||
|  |       "inputs": { | ||||||
|  |         "flake-compat": "flake-compat", | ||||||
|  |         "gitignore": "gitignore", | ||||||
|  |         "nixpkgs": [ | ||||||
|  |           "nix-topology", | ||||||
|  |           "nixpkgs" | ||||||
|  |         ], | ||||||
|  |         "nixpkgs-stable": [ | ||||||
|  |           "nix-topology", | ||||||
|  |           "nixpkgs" | ||||||
|  |         ] | ||||||
|  |       }, | ||||||
|  |       "locked": { | ||||||
|  |         "lastModified": 1730797577, | ||||||
|  |         "narHash": "sha256-SrID5yVpyUfknUTGWgYkTyvdr9J1LxUym4om3SVGPkg=", | ||||||
|  |         "owner": "cachix", | ||||||
|  |         "repo": "pre-commit-hooks.nix", | ||||||
|  |         "rev": "1864030ed24a2b8b4e4d386a5eeaf0c5369e50a9", | ||||||
|  |         "type": "github" | ||||||
|  |       }, | ||||||
|  |       "original": { | ||||||
|  |         "owner": "cachix", | ||||||
|  |         "repo": "pre-commit-hooks.nix", | ||||||
|  |         "type": "github" | ||||||
|  |       } | ||||||
|  |     }, | ||||||
|     "pvv-calendar-bot": { |     "pvv-calendar-bot": { | ||||||
|       "inputs": { |       "inputs": { | ||||||
|         "nixpkgs": [ |         "nixpkgs": [ | ||||||
| @@ -174,13 +308,14 @@ | |||||||
|       "locked": { |       "locked": { | ||||||
|         "lastModified": 1723850344, |         "lastModified": 1723850344, | ||||||
|         "narHash": "sha256-aT37O9l9eclWEnqxASVNBL1dKwDHZUOqdbA4VO9DJvw=", |         "narHash": "sha256-aT37O9l9eclWEnqxASVNBL1dKwDHZUOqdbA4VO9DJvw=", | ||||||
|         "ref": "refs/heads/main", |         "ref": "main", | ||||||
|         "rev": "38b66677ab8c01aee10cd59e745af9ce3ea88092", |         "rev": "38b66677ab8c01aee10cd59e745af9ce3ea88092", | ||||||
|         "revCount": 19, |         "revCount": 19, | ||||||
|         "type": "git", |         "type": "git", | ||||||
|         "url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git" |         "url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git" | ||||||
|       }, |       }, | ||||||
|       "original": { |       "original": { | ||||||
|  |         "ref": "main", | ||||||
|         "type": "git", |         "type": "git", | ||||||
|         "url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git" |         "url": "https://git.pvv.ntnu.no/Projects/calendar-bot.git" | ||||||
|       } |       } | ||||||
| @@ -192,15 +327,16 @@ | |||||||
|         ] |         ] | ||||||
|       }, |       }, | ||||||
|       "locked": { |       "locked": { | ||||||
|         "lastModified": 1725212759, |         "lastModified": 1741738148, | ||||||
|         "narHash": "sha256-yZBsefIarFUEhFRj+rCGMp9Zvag3MCafqV/JfGVRVwc=", |         "narHash": "sha256-cJo6nbcJEOjkazkZ194NDnlsZe0W0wpxeUh2/886uC8=", | ||||||
|         "ref": "refs/heads/master", |         "ref": "main", | ||||||
|         "rev": "e7b66b4bc6a89bab74bac45b87e9434f5165355f", |         "rev": "c1802e7cf27c7cf8b4890354c982a4eef5b11593", | ||||||
|         "revCount": 473, |         "revCount": 486, | ||||||
|         "type": "git", |         "type": "git", | ||||||
|         "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git" |         "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git" | ||||||
|       }, |       }, | ||||||
|       "original": { |       "original": { | ||||||
|  |         "ref": "main", | ||||||
|         "type": "git", |         "type": "git", | ||||||
|         "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git" |         "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git" | ||||||
|       } |       } | ||||||
| @@ -208,11 +344,13 @@ | |||||||
|     "root": { |     "root": { | ||||||
|       "inputs": { |       "inputs": { | ||||||
|         "disko": "disko", |         "disko": "disko", | ||||||
|  |         "gergle": "gergle", | ||||||
|         "greg-ng": "greg-ng", |         "greg-ng": "greg-ng", | ||||||
|         "grzegorz-clients": "grzegorz-clients", |         "grzegorz-clients": "grzegorz-clients", | ||||||
|         "matrix-next": "matrix-next", |         "matrix-next": "matrix-next", | ||||||
|         "minecraft-data": "minecraft-data", |         "minecraft-data": "minecraft-data", | ||||||
|         "nix-gitea-themes": "nix-gitea-themes", |         "nix-gitea-themes": "nix-gitea-themes", | ||||||
|  |         "nix-topology": "nix-topology", | ||||||
|         "nixpkgs": "nixpkgs", |         "nixpkgs": "nixpkgs", | ||||||
|         "nixpkgs-unstable": "nixpkgs-unstable", |         "nixpkgs-unstable": "nixpkgs-unstable", | ||||||
|         "pvv-calendar-bot": "pvv-calendar-bot", |         "pvv-calendar-bot": "pvv-calendar-bot", | ||||||
| @@ -245,15 +383,14 @@ | |||||||
|       "inputs": { |       "inputs": { | ||||||
|         "nixpkgs": [ |         "nixpkgs": [ | ||||||
|           "nixpkgs" |           "nixpkgs" | ||||||
|         ], |         ] | ||||||
|         "nixpkgs-stable": "nixpkgs-stable" |  | ||||||
|       }, |       }, | ||||||
|       "locked": { |       "locked": { | ||||||
|         "lastModified": 1731748189, |         "lastModified": 1741861888, | ||||||
|         "narHash": "sha256-Zd/Uukvpcu26M6YGhpbsgqm6LUSLz+Q8mDZ5LOEGdiE=", |         "narHash": "sha256-ynOgXAyToeE1UdLNfrUn/hL7MN0OpIS2BtNdLjpjPf0=", | ||||||
|         "owner": "Mic92", |         "owner": "Mic92", | ||||||
|         "repo": "sops-nix", |         "repo": "sops-nix", | ||||||
|         "rev": "d2bd7f433b28db6bc7ae03d5eca43564da0af054", |         "rev": "d016ce0365b87d848a57c12ffcfdc71da7a2b55f", | ||||||
|         "type": "github" |         "type": "github" | ||||||
|       }, |       }, | ||||||
|       "original": { |       "original": { | ||||||
| @@ -261,6 +398,21 @@ | |||||||
|         "repo": "sops-nix", |         "repo": "sops-nix", | ||||||
|         "type": "github" |         "type": "github" | ||||||
|       } |       } | ||||||
|  |     }, | ||||||
|  |     "systems": { | ||||||
|  |       "locked": { | ||||||
|  |         "lastModified": 1681028828, | ||||||
|  |         "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", | ||||||
|  |         "owner": "nix-systems", | ||||||
|  |         "repo": "default", | ||||||
|  |         "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", | ||||||
|  |         "type": "github" | ||||||
|  |       }, | ||||||
|  |       "original": { | ||||||
|  |         "owner": "nix-systems", | ||||||
|  |         "repo": "default", | ||||||
|  |         "type": "github" | ||||||
|  |       } | ||||||
|     } |     } | ||||||
|   }, |   }, | ||||||
|   "root": "root", |   "root": "root", | ||||||
|   | |||||||
							
								
								
									
										54
									
								
								flake.nix
									
									
									
									
									
								
							
							
						
						
									
										54
									
								
								flake.nix
									
									
									
									
									
								
							| @@ -2,7 +2,7 @@ | |||||||
|   description = "PVV System flake"; |   description = "PVV System flake"; | ||||||
|  |  | ||||||
|   inputs = { |   inputs = { | ||||||
|     nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.05-small"; # remember to also update the url in base/services/auto-upgrade.nix |     nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11-small"; # remember to also update the url in base/services/auto-upgrade.nix | ||||||
|     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; |     nixpkgs-unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small"; | ||||||
|  |  | ||||||
|     sops-nix.url = "github:Mic92/sops-nix"; |     sops-nix.url = "github:Mic92/sops-nix"; | ||||||
| @@ -11,24 +11,29 @@ | |||||||
|     disko.url = "github:nix-community/disko"; |     disko.url = "github:nix-community/disko"; | ||||||
|     disko.inputs.nixpkgs.follows = "nixpkgs"; |     disko.inputs.nixpkgs.follows = "nixpkgs"; | ||||||
|  |  | ||||||
|     pvv-nettsiden.url = "git+https://git.pvv.ntnu.no/Projects/nettsiden.git"; |     nix-topology.url = "github:oddlama/nix-topology"; | ||||||
|  |     nix-topology.inputs.nixpkgs.follows = "nixpkgs"; | ||||||
|  |  | ||||||
|  |     pvv-nettsiden.url = "git+https://git.pvv.ntnu.no/Projects/nettsiden.git?ref=main"; | ||||||
|     pvv-nettsiden.inputs.nixpkgs.follows = "nixpkgs"; |     pvv-nettsiden.inputs.nixpkgs.follows = "nixpkgs"; | ||||||
|  |  | ||||||
|     pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git"; |     pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git?ref=main"; | ||||||
|     pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs"; |     pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs"; | ||||||
|  |  | ||||||
|     matrix-next.url = "github:dali99/nixos-matrix-modules/v0.6.1"; |     matrix-next.url = "github:dali99/nixos-matrix-modules/0.7.0"; | ||||||
|     matrix-next.inputs.nixpkgs.follows = "nixpkgs"; |     matrix-next.inputs.nixpkgs.follows = "nixpkgs"; | ||||||
|  |  | ||||||
|     nix-gitea-themes.url = "git+https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git"; |     nix-gitea-themes.url = "git+https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git?ref=main"; | ||||||
|     nix-gitea-themes.inputs.nixpkgs.follows = "nixpkgs"; |     nix-gitea-themes.inputs.nixpkgs.follows = "nixpkgs"; | ||||||
|  |  | ||||||
|     greg-ng.url = "git+https://git.pvv.ntnu.no/Projects/greg-ng.git"; |     greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git?ref=main"; | ||||||
|     greg-ng.inputs.nixpkgs.follows = "nixpkgs"; |     greg-ng.inputs.nixpkgs.follows = "nixpkgs"; | ||||||
|     grzegorz-clients.url = "git+https://git.pvv.ntnu.no/Projects/grzegorz-clients.git"; |     gergle.url = "git+https://git.pvv.ntnu.no/Grzegorz/gergle.git?ref=main"; | ||||||
|  |     gergle.inputs.nixpkgs.follows = "nixpkgs"; | ||||||
|  |     grzegorz-clients.url = "git+https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git"; | ||||||
|     grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs"; |     grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs"; | ||||||
|  |  | ||||||
|     minecraft-data.url = "git+https://git.pvv.ntnu.no/Drift/minecraft-data.git"; |     minecraft-data.url = "git+https://git.pvv.ntnu.no/Projects/minecraft-kartverket.git"; | ||||||
|   }; |   }; | ||||||
|  |  | ||||||
|   outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, disko, ... }@inputs: |   outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, disko, ... }@inputs: | ||||||
| @@ -65,6 +70,7 @@ | |||||||
|           modules = [ |           modules = [ | ||||||
|             ./hosts/${name}/configuration.nix |             ./hosts/${name}/configuration.nix | ||||||
|             sops-nix.nixosModules.sops |             sops-nix.nixosModules.sops | ||||||
|  |             inputs.nix-topology.nixosModules.default | ||||||
|           ] ++ config.modules or []; |           ] ++ config.modules or []; | ||||||
|  |  | ||||||
|           pkgs = import nixpkgs { |           pkgs = import nixpkgs { | ||||||
| @@ -124,33 +130,23 @@ | |||||||
|       brzeczyszczykiewicz = stableNixosConfig "brzeczyszczykiewicz" { |       brzeczyszczykiewicz = stableNixosConfig "brzeczyszczykiewicz" { | ||||||
|         modules = [ |         modules = [ | ||||||
|           inputs.grzegorz-clients.nixosModules.grzegorz-webui |           inputs.grzegorz-clients.nixosModules.grzegorz-webui | ||||||
|  |           inputs.gergle.nixosModules.default | ||||||
|           inputs.greg-ng.nixosModules.default |           inputs.greg-ng.nixosModules.default | ||||||
|         ]; |         ]; | ||||||
|         overlays = [ |         overlays = [ | ||||||
|           inputs.greg-ng.overlays.default |           inputs.greg-ng.overlays.default | ||||||
|  |           inputs.gergle.overlays.default | ||||||
|         ]; |         ]; | ||||||
|       }; |       }; | ||||||
|       georg = stableNixosConfig "georg" { |       georg = stableNixosConfig "georg" { | ||||||
|         modules = [ |         modules = [ | ||||||
|           inputs.grzegorz-clients.nixosModules.grzegorz-webui |           inputs.grzegorz-clients.nixosModules.grzegorz-webui | ||||||
|  |           inputs.gergle.nixosModules.default | ||||||
|           inputs.greg-ng.nixosModules.default |           inputs.greg-ng.nixosModules.default | ||||||
|         ]; |         ]; | ||||||
|         overlays = [ |         overlays = [ | ||||||
|           inputs.greg-ng.overlays.default |           inputs.greg-ng.overlays.default | ||||||
|         ]; |           inputs.gergle.overlays.default | ||||||
|       }; |  | ||||||
|  |  | ||||||
|       grevling = stableNixosConfig "grevling" { |  | ||||||
|         modules = [ |  | ||||||
|           ./hosts/grevling/configuration.nix |  | ||||||
|           sops-nix.nixosModules.sops |  | ||||||
|         ]; |  | ||||||
|       }; |  | ||||||
|  |  | ||||||
|       tuba = stableNixosConfig "grevling" { |  | ||||||
|         modules = [ |  | ||||||
|           ./hosts/tuba/configuration.nix |  | ||||||
|           sops-nix.nixosModules.sops |  | ||||||
|         ]; |         ]; | ||||||
|       }; |       }; | ||||||
|     }; |     }; | ||||||
| @@ -158,6 +154,7 @@ | |||||||
|     nixosModules = { |     nixosModules = { | ||||||
|       snakeoil-certs = ./modules/snakeoil-certs.nix; |       snakeoil-certs = ./modules/snakeoil-certs.nix; | ||||||
|       snappymail = ./modules/snappymail.nix; |       snappymail = ./modules/snappymail.nix; | ||||||
|  |       robots-txt = ./modules/robots-txt.nix; | ||||||
|     }; |     }; | ||||||
|  |  | ||||||
|     devShells = forAllSystems (system: { |     devShells = forAllSystems (system: { | ||||||
| @@ -185,5 +182,18 @@ | |||||||
|       // lib.genAttrs allMachines |       // lib.genAttrs allMachines | ||||||
|         (machine: self.nixosConfigurations.${machine}.config.system.build.toplevel); |         (machine: self.nixosConfigurations.${machine}.config.system.build.toplevel); | ||||||
|     }; |     }; | ||||||
|  |  | ||||||
|  |     topology.x86_64-linux = import inputs.nix-topology { | ||||||
|  |       pkgs = import nixpkgs { | ||||||
|  |         system = "x86_64-linux"; | ||||||
|  |         overlays = [inputs.nix-topology.overlays.default]; | ||||||
|  |       }; # Only this package set must include nix-topology.overlays.default | ||||||
|  |       modules = [ | ||||||
|  |         # Your own file to define global topology. Works in principle like a nixos module but uses different options. | ||||||
|  |         ./topology.nix | ||||||
|  |         # Inline module to inform topology of your existing NixOS hosts. | ||||||
|  |         { nixosConfigurations = self.nixosConfigurations; } | ||||||
|  |       ]; | ||||||
|  |     }; | ||||||
|   }; |   }; | ||||||
| } | } | ||||||
|   | |||||||
| @@ -6,13 +6,15 @@ in { | |||||||
|     ./module.nix # From danio, pending upstreaming |     ./module.nix # From danio, pending upstreaming | ||||||
|   ]; |   ]; | ||||||
|  |  | ||||||
|   disabledModules = [ "services/web-servers/bluemap.nix" ]; |   disabledModules = [ "services/web-apps/bluemap.nix" ]; | ||||||
|  |  | ||||||
|   sops.secrets."bluemap/ssh-key" = { }; |   sops.secrets."bluemap/ssh-key" = { }; | ||||||
|   sops.secrets."bluemap/ssh-known-hosts" = { }; |   sops.secrets."bluemap/ssh-known-hosts" = { }; | ||||||
|  |  | ||||||
|   services.bluemap = { |   services.bluemap = { | ||||||
|     enable = true; |     enable = true; | ||||||
|  |     package = pkgs.callPackage ./package.nix { }; | ||||||
|  |      | ||||||
|     eula = true; |     eula = true; | ||||||
|     onCalendar = "*-*-* 05:45:00"; # a little over an hour after auto-upgrade |     onCalendar = "*-*-* 05:45:00"; # a little over an hour after auto-upgrade | ||||||
|  |  | ||||||
|   | |||||||
| @@ -26,7 +26,6 @@ let | |||||||
|     "webapp.conf" = webappConfig; |     "webapp.conf" = webappConfig; | ||||||
|     "webserver.conf" = webserverConfig; |     "webserver.conf" = webserverConfig; | ||||||
|     "packs" = cfg.resourcepacks; |     "packs" = cfg.resourcepacks; | ||||||
|     "addons" = cfg.resourcepacks; # TODO |  | ||||||
|   }; |   }; | ||||||
|  |  | ||||||
|   renderConfigFolder = name: value: pkgs.linkFarm "bluemap-${name}-config" { |   renderConfigFolder = name: value: pkgs.linkFarm "bluemap-${name}-config" { | ||||||
| @@ -38,13 +37,13 @@ let | |||||||
|     "webapp.conf" = format.generate "webapp.conf" (cfg.webappSettings // { "update-settings-file" = false; }); |     "webapp.conf" = format.generate "webapp.conf" (cfg.webappSettings // { "update-settings-file" = false; }); | ||||||
|     "webserver.conf" = webserverConfig; |     "webserver.conf" = webserverConfig; | ||||||
|     "packs" = value.resourcepacks; |     "packs" = value.resourcepacks; | ||||||
|     "addons" = cfg.resourcepacks; # TODO |  | ||||||
|   }; |   }; | ||||||
|  |  | ||||||
|   inherit (lib) mkOption; |   inherit (lib) mkOption; | ||||||
| in { | in { | ||||||
|   options.services.bluemap = { |   options.services.bluemap = { | ||||||
|     enable = lib.mkEnableOption "bluemap"; |     enable = lib.mkEnableOption "bluemap"; | ||||||
|  |     package = lib.mkPackageOption pkgs "bluemap" { }; | ||||||
|  |  | ||||||
|     eula = mkOption { |     eula = mkOption { | ||||||
|       type = lib.types.bool; |       type = lib.types.bool; | ||||||
| @@ -159,7 +158,7 @@ in { | |||||||
|             type = lib.types.path; |             type = lib.types.path; | ||||||
|             default = cfg.resourcepacks; |             default = cfg.resourcepacks; | ||||||
|             defaultText = lib.literalExpression "config.services.bluemap.resourcepacks"; |             defaultText = lib.literalExpression "config.services.bluemap.resourcepacks"; | ||||||
|             description = "A set of resourcepacks/mods to extract models from loaded in alphabetical order"; |             description = "A set of resourcepacks/mods/bluemap-addons to extract models from loaded in alphabetical order"; | ||||||
|           }; |           }; | ||||||
|           settings = mkOption { |           settings = mkOption { | ||||||
|             type = (lib.types.submodule { |             type = (lib.types.submodule { | ||||||
| @@ -310,9 +309,18 @@ in { | |||||||
|         Group = "nginx"; |         Group = "nginx"; | ||||||
|         UMask = "026"; |         UMask = "026"; | ||||||
|       }; |       }; | ||||||
|       script = lib.strings.concatStringsSep "\n" ((lib.attrsets.mapAttrsToList |       script = '' | ||||||
|         (name: value: "${lib.getExe pkgs.bluemap} -c ${renderConfigFolder name value} -r") |         # If web folder doesnt exist generate it | ||||||
|         cfg.maps) ++ [ "${lib.getExe pkgs.bluemap} -c ${webappConfigFolder} -gs" ]); |         test -f "${cfg.webRoot}" || ${lib.getExe cfg.package} -c ${webappConfigFolder} -gs | ||||||
|  |  | ||||||
|  |         # Render each minecraft map | ||||||
|  |         ${lib.strings.concatStringsSep "\n" (lib.attrsets.mapAttrsToList | ||||||
|  |           (name: value: "${lib.getExe cfg.package} -c ${renderConfigFolder name value} -r") | ||||||
|  |           cfg.maps)} | ||||||
|  |  | ||||||
|  |         # Generate updated webapp | ||||||
|  |         ${lib.getExe cfg.package} -c ${webappConfigFolder} -gs | ||||||
|  |       ''; | ||||||
|     }; |     }; | ||||||
|  |  | ||||||
|     systemd.timers."render-bluemap-maps" = lib.mkIf cfg.enableRender { |     systemd.timers."render-bluemap-maps" = lib.mkIf cfg.enableRender { | ||||||
|   | |||||||
							
								
								
									
										30
									
								
								hosts/bekkalokk/services/bluemap/package.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										30
									
								
								hosts/bekkalokk/services/bluemap/package.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,30 @@ | |||||||
|  | { lib, stdenvNoCC, fetchurl, makeWrapper, jre }: | ||||||
|  |  | ||||||
|  | stdenvNoCC.mkDerivation rec { | ||||||
|  |   pname = "bluemap"; | ||||||
|  |   version = "5.7"; | ||||||
|  |  | ||||||
|  |   src = fetchurl { | ||||||
|  |     url = "https://github.com/BlueMap-Minecraft/BlueMap/releases/download/v${version}/BlueMap-${version}-cli.jar"; | ||||||
|  |     hash = "sha256-8udZYJgrr4bi2mjRYrASd8JwUoUVZW1tZpOLRgafAIw="; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   dontUnpack = true; | ||||||
|  |  | ||||||
|  |   nativeBuildInputs = [ makeWrapper ]; | ||||||
|  |  | ||||||
|  |   installPhase = '' | ||||||
|  |     runHook preInstall | ||||||
|  |     makeWrapper ${jre}/bin/java $out/bin/bluemap --add-flags "-jar $src" | ||||||
|  |     runHook postInstall | ||||||
|  |   ''; | ||||||
|  |  | ||||||
|  |   meta = { | ||||||
|  |     description = "3D minecraft map renderer"; | ||||||
|  |     homepage = "https://bluemap.bluecolored.de/"; | ||||||
|  |     sourceProvenance = with lib.sourceTypes; [ binaryBytecode ]; | ||||||
|  |     license = lib.licenses.mit; | ||||||
|  |     maintainers = with lib.maintainers; [ dandellion h7x4 ]; | ||||||
|  |     mainProgram = "bluemap"; | ||||||
|  |   }; | ||||||
|  | } | ||||||
							
								
								
									
										52
									
								
								hosts/bekkalokk/services/gitea/customization.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										52
									
								
								hosts/bekkalokk/services/gitea/customization.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,52 @@ | |||||||
|  | { config, pkgs, lib, fp, ... }: | ||||||
|  | let | ||||||
|  |   cfg = config.services.gitea; | ||||||
|  | in | ||||||
|  | { | ||||||
|  |   services.gitea-themes.monokai = pkgs.gitea-theme-monokai; | ||||||
|  |  | ||||||
|  |   systemd.services.gitea-customization = lib.mkIf cfg.enable { | ||||||
|  |     description = "Install extra customization in gitea's CUSTOM_DIR"; | ||||||
|  |     wantedBy = [ "gitea.service" ]; | ||||||
|  |     requiredBy = [ "gitea.service" ]; | ||||||
|  |  | ||||||
|  |     serviceConfig =  { | ||||||
|  |       Type = "oneshot"; | ||||||
|  |       User = cfg.user; | ||||||
|  |       Group = cfg.group; | ||||||
|  |     }; | ||||||
|  |  | ||||||
|  |     script = let | ||||||
|  |       logo-svg = fp /assets/logo_blue_regular.svg; | ||||||
|  |       logo-png = fp /assets/logo_blue_regular.png; | ||||||
|  |       extraLinks = pkgs.writeText "gitea-extra-links.tmpl" '' | ||||||
|  |         <a class="item" href="https://www.pvv.ntnu.no/">PVV</a> | ||||||
|  |         <a class="item" href="https://wiki.pvv.ntnu.no/">Wiki</a> | ||||||
|  |         <a class="item" href="https://git.pvv.ntnu.no/Drift/-/projects/4">Tokyo Drift Issues</a> | ||||||
|  |       ''; | ||||||
|  |  | ||||||
|  |       project-labels = (pkgs.formats.yaml { }).generate "gitea-project-labels.yaml" { | ||||||
|  |         labels = lib.importJSON ./labels/projects.json; | ||||||
|  |       }; | ||||||
|  |  | ||||||
|  |       customTemplates = pkgs.runCommandLocal "gitea-templates" { | ||||||
|  |         nativeBuildInputs = with pkgs; [ | ||||||
|  |           coreutils | ||||||
|  |           gnused | ||||||
|  |         ]; | ||||||
|  |       } '' | ||||||
|  |         # Bigger icons | ||||||
|  |         install -Dm444 "${cfg.package.src}/templates/repo/icon.tmpl" "$out/repo/icon.tmpl" | ||||||
|  |         sed -i -e 's/24/48/g' "$out/repo/icon.tmpl" | ||||||
|  |       ''; | ||||||
|  |     in '' | ||||||
|  |       install -Dm444 ${logo-svg} ${cfg.customDir}/public/assets/img/logo.svg | ||||||
|  |       install -Dm444 ${logo-png} ${cfg.customDir}/public/assets/img/logo.png | ||||||
|  |       install -Dm444 ${./loading.apng} ${cfg.customDir}/public/assets/img/loading.png | ||||||
|  |       install -Dm444 ${extraLinks} ${cfg.customDir}/templates/custom/extra_links.tmpl | ||||||
|  |       install -Dm444 ${project-labels} ${cfg.customDir}/options/label/project-labels.yaml | ||||||
|  |  | ||||||
|  |       "${lib.getExe pkgs.rsync}" -a "${customTemplates}/" ${cfg.customDir}/templates/ | ||||||
|  |     ''; | ||||||
|  |   }; | ||||||
|  | } | ||||||
| @@ -1,10 +1,11 @@ | |||||||
| { config, values, fp, pkgs, lib, ... }: | { config, values, lib, unstablePkgs, ... }: | ||||||
| let | let | ||||||
|   cfg = config.services.gitea; |   cfg = config.services.gitea; | ||||||
|   domain = "git.pvv.ntnu.no"; |   domain = "git.pvv.ntnu.no"; | ||||||
|   sshPort  = 2222; |   sshPort  = 2222; | ||||||
| in { | in { | ||||||
|   imports = [ |   imports = [ | ||||||
|  |     ./customization.nix | ||||||
|     ./gpg.nix |     ./gpg.nix | ||||||
|     ./import-users |     ./import-users | ||||||
|     ./web-secret-provider |     ./web-secret-provider | ||||||
| @@ -25,6 +26,8 @@ in { | |||||||
|     enable = true; |     enable = true; | ||||||
|     appName = "PVV Git"; |     appName = "PVV Git"; | ||||||
|  |  | ||||||
|  |     package = unstablePkgs.gitea; | ||||||
|  |  | ||||||
|     database = { |     database = { | ||||||
|       type = "postgres"; |       type = "postgres"; | ||||||
|       host = "postgres.pvv.ntnu.no"; |       host = "postgres.pvv.ntnu.no"; | ||||||
| @@ -130,6 +133,11 @@ in { | |||||||
|       }; |       }; | ||||||
|       "ui.meta".DESCRIPTION = "Bokstavelig talt programvareverkstedet"; |       "ui.meta".DESCRIPTION = "Bokstavelig talt programvareverkstedet"; | ||||||
|     }; |     }; | ||||||
|  |  | ||||||
|  |     dump = { | ||||||
|  |       enable = true; | ||||||
|  |       type = "tar.gz"; | ||||||
|  |     }; | ||||||
|   }; |   }; | ||||||
|  |  | ||||||
|   environment.systemPackages = [ cfg.package ]; |   environment.systemPackages = [ cfg.package ]; | ||||||
| @@ -156,35 +164,4 @@ in { | |||||||
|   }; |   }; | ||||||
|  |  | ||||||
|   networking.firewall.allowedTCPPorts = [ sshPort ]; |   networking.firewall.allowedTCPPorts = [ sshPort ]; | ||||||
|  |  | ||||||
|   # Extra customization |  | ||||||
|  |  | ||||||
|   services.gitea-themes.monokai = pkgs.gitea-theme-monokai; |  | ||||||
|  |  | ||||||
|   systemd.services.install-gitea-customization = { |  | ||||||
|     description = "Install extra customization in gitea's CUSTOM_DIR"; |  | ||||||
|     wantedBy = [ "gitea.service" ]; |  | ||||||
|     requiredBy = [ "gitea.service" ]; |  | ||||||
|  |  | ||||||
|     serviceConfig =  { |  | ||||||
|       Type = "oneshot"; |  | ||||||
|       User = cfg.user; |  | ||||||
|       Group = cfg.group; |  | ||||||
|     }; |  | ||||||
|  |  | ||||||
|     script = let |  | ||||||
|       logo-svg = fp /assets/logo_blue_regular.svg; |  | ||||||
|       logo-png = fp /assets/logo_blue_regular.png; |  | ||||||
|       extraLinks = pkgs.writeText "gitea-extra-links.tmpl" '' |  | ||||||
|         <a class="item" href="https://www.pvv.ntnu.no/">PVV</a> |  | ||||||
|         <a class="item" href="https://wiki.pvv.ntnu.no/">Wiki</a> |  | ||||||
|         <a class="item" href="https://git.pvv.ntnu.no/Drift/-/projects/4">Tokyo Drift Issues</a> |  | ||||||
|       ''; |  | ||||||
|     in '' |  | ||||||
|       install -Dm444 ${logo-svg} ${cfg.customDir}/public/assets/img/logo.svg |  | ||||||
|       install -Dm444 ${logo-png} ${cfg.customDir}/public/assets/img/logo.png |  | ||||||
|       install -Dm444 ${./loading.apng} ${cfg.customDir}/public/assets/img/loading.png |  | ||||||
|       install -Dm444 ${extraLinks} ${cfg.customDir}/templates/custom/extra_links.tmpl |  | ||||||
|     ''; |  | ||||||
|   }; |  | ||||||
| } | } | ||||||
|   | |||||||
| @@ -177,6 +177,7 @@ def ensure_gitea_user_is_part_of_team( | |||||||
| # List of teams that all users should be part of by default | # List of teams that all users should be part of by default | ||||||
| COMMON_USER_TEAMS = [ | COMMON_USER_TEAMS = [ | ||||||
|     ("Projects", "Members"), |     ("Projects", "Members"), | ||||||
|  |     ("Grzegorz", "Members"), | ||||||
|     ("Kurs", "Members"), |     ("Kurs", "Members"), | ||||||
| ] | ] | ||||||
|  |  | ||||||
|   | |||||||
							
								
								
									
										116
									
								
								hosts/bekkalokk/services/gitea/labels/projects.json
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										116
									
								
								hosts/bekkalokk/services/gitea/labels/projects.json
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,116 @@ | |||||||
|  | [ | ||||||
|  |   { | ||||||
|  |     "name": "art", | ||||||
|  |     "exclusive": false, | ||||||
|  |     "color": "#006b75", | ||||||
|  |     "description": "Requires some creativity" | ||||||
|  |   }, | ||||||
|  |   { | ||||||
|  |     "name": "big", | ||||||
|  |     "exclusive": false, | ||||||
|  |     "color": "#754bc4", | ||||||
|  |     "description": "This is gonna take a while" | ||||||
|  |   }, | ||||||
|  |   { | ||||||
|  |     "name": "blocked", | ||||||
|  |     "exclusive": false, | ||||||
|  |     "color": "#850021", | ||||||
|  |     "description": "This issue/PR depends on one or more other issues/PRs" | ||||||
|  |   }, | ||||||
|  |   { | ||||||
|  |     "name": "bug", | ||||||
|  |     "exclusive": false, | ||||||
|  |     "color": "#f05048", | ||||||
|  |     "description": "Something brokey" | ||||||
|  |   }, | ||||||
|  |   { | ||||||
|  |     "name": "ci-cd", | ||||||
|  |     "exclusive": false, | ||||||
|  |     "color": "#d1ff78", | ||||||
|  |     "description": "Continuous integrals and continuous derivation" | ||||||
|  |   }, | ||||||
|  |   { | ||||||
|  |     "name": "crash report", | ||||||
|  |     "exclusive": false, | ||||||
|  |     "color": "#ed1111", | ||||||
|  |     "description": "Report an oopsie" | ||||||
|  |   }, | ||||||
|  |   { | ||||||
|  |     "name": "disputed", | ||||||
|  |     "exclusive": false, | ||||||
|  |     "color": "#5319e7", | ||||||
|  |     "description": "Kranglefanter" | ||||||
|  |   }, | ||||||
|  |   { | ||||||
|  |     "name": "documentation", | ||||||
|  |     "exclusive": false, | ||||||
|  |     "color": "#fbca04", | ||||||
|  |     "description": "Documentation changes required" | ||||||
|  |   }, | ||||||
|  |   { | ||||||
|  |     "name": "duplicate", | ||||||
|  |     "exclusive": false, | ||||||
|  |     "color": "#cccccc", | ||||||
|  |     "description": "This issue or pull request already exists" | ||||||
|  |   }, | ||||||
|  |   { | ||||||
|  |     "name": "feature request", | ||||||
|  |     "exclusive": false, | ||||||
|  |     "color": "#0052cc", | ||||||
|  |     "description": "" | ||||||
|  |   }, | ||||||
|  |   { | ||||||
|  |     "name": "good first issue", | ||||||
|  |     "exclusive": false, | ||||||
|  |     "color": "#009800", | ||||||
|  |     "description": "Get your hands dirty with a new project here" | ||||||
|  |   }, | ||||||
|  |   { | ||||||
|  |     "name": "me gusta", | ||||||
|  |     "exclusive": false, | ||||||
|  |     "color": "#30ff36", | ||||||
|  |     "description": "( ͡° ͜ʖ ͡°)" | ||||||
|  |   }, | ||||||
|  |   { | ||||||
|  |     "name": "packaging", | ||||||
|  |     "exclusive": false, | ||||||
|  |     "color": "#bf642b", | ||||||
|  |     "description": "" | ||||||
|  |   }, | ||||||
|  |   { | ||||||
|  |     "name": "question", | ||||||
|  |     "exclusive": false, | ||||||
|  |     "color": "#cc317c", | ||||||
|  |     "description": "" | ||||||
|  |   }, | ||||||
|  |   { | ||||||
|  |     "name": "security", | ||||||
|  |     "exclusive": false, | ||||||
|  |     "color": "#ed1111", | ||||||
|  |     "description": "Skommel" | ||||||
|  |   }, | ||||||
|  |   { | ||||||
|  |     "name": "techdebt spring cleaning", | ||||||
|  |     "exclusive": false, | ||||||
|  |     "color": "#8c6217", | ||||||
|  |     "description": "The code is smelly 👃" | ||||||
|  |   }, | ||||||
|  |   { | ||||||
|  |     "name": "testing", | ||||||
|  |     "exclusive": false, | ||||||
|  |     "color": "#52b373", | ||||||
|  |     "description": "Poke it and see if it explodes" | ||||||
|  |   }, | ||||||
|  |   { | ||||||
|  |     "name": "ui/ux", | ||||||
|  |     "exclusive": false, | ||||||
|  |     "color": "#f28852", | ||||||
|  |     "description": "User complaints about ergonomics and economics and whatever" | ||||||
|  |   }, | ||||||
|  |   { | ||||||
|  |     "name": "wontfix", | ||||||
|  |     "exclusive": false, | ||||||
|  |     "color": "#ffffff", | ||||||
|  |     "description": "Nei, vil ikke" | ||||||
|  |   } | ||||||
|  | ] | ||||||
| @@ -3,6 +3,7 @@ let | |||||||
|   organizations = [ |   organizations = [ | ||||||
|     "Drift" |     "Drift" | ||||||
|     "Projects" |     "Projects" | ||||||
|  |     "Grzegorz" | ||||||
|     "Kurs" |     "Kurs" | ||||||
|   ]; |   ]; | ||||||
|  |  | ||||||
| @@ -27,6 +28,7 @@ in | |||||||
|   users.users."gitea-web" = { |   users.users."gitea-web" = { | ||||||
|     group = "gitea-web"; |     group = "gitea-web"; | ||||||
|     isSystemUser = true; |     isSystemUser = true; | ||||||
|  |     shell = pkgs.bash; | ||||||
|   }; |   }; | ||||||
|  |  | ||||||
|   sops.secrets."gitea/web-secret-provider/token" = { |   sops.secrets."gitea/web-secret-provider/token" = { | ||||||
| @@ -58,6 +60,7 @@ in | |||||||
|           key-dir = "/var/lib/gitea-web/keys/%i"; |           key-dir = "/var/lib/gitea-web/keys/%i"; | ||||||
|           authorized-keys-path = "/var/lib/gitea-web/authorized_keys.d/%i"; |           authorized-keys-path = "/var/lib/gitea-web/authorized_keys.d/%i"; | ||||||
|           rrsync-script = pkgs.writeShellScript "rrsync-chown" '' |           rrsync-script = pkgs.writeShellScript "rrsync-chown" '' | ||||||
|  |             mkdir -p "$1" | ||||||
|             ${lib.getExe pkgs.rrsync} -wo "$1" |             ${lib.getExe pkgs.rrsync} -wo "$1" | ||||||
|             ${pkgs.coreutils}/bin/chown -R gitea-web:gitea-web "$1" |             ${pkgs.coreutils}/bin/chown -R gitea-web:gitea-web "$1" | ||||||
|           ''; |           ''; | ||||||
|   | |||||||
| @@ -34,7 +34,21 @@ def get_org_repo_list(args: argparse.Namespace, token: str): | |||||||
|         f"{args.api_url}/orgs/{args.org}/repos", |         f"{args.api_url}/orgs/{args.org}/repos", | ||||||
|         headers = { 'Authorization': 'token ' + token }, |         headers = { 'Authorization': 'token ' + token }, | ||||||
|     ) |     ) | ||||||
|     return [repo["name"] for repo in result.json()] |  | ||||||
|  |     results = [repo["name"] for repo in result.json()] | ||||||
|  |     target = int(result.headers['X-Total-Count']) | ||||||
|  |  | ||||||
|  |     i = 2 | ||||||
|  |     while len(results) < target: | ||||||
|  |         result = requests.get( | ||||||
|  |             f"{args.api_url}/orgs/{args.org}/repos", | ||||||
|  |             params = { 'page': i }, | ||||||
|  |             headers = { 'Authorization': 'token ' + token }, | ||||||
|  |         ) | ||||||
|  |         results += [repo["name"] for repo in result.json()] | ||||||
|  |         i += 1 | ||||||
|  |  | ||||||
|  |     return results | ||||||
|  |  | ||||||
|  |  | ||||||
| def generate_ssh_key(args: argparse.Namespace, repository: str): | def generate_ssh_key(args: argparse.Namespace, repository: str): | ||||||
|   | |||||||
| @@ -83,7 +83,6 @@ in { | |||||||
|       ProtectKernelLogs = true; |       ProtectKernelLogs = true; | ||||||
|       ProtectKernelModules = true; |       ProtectKernelModules = true; | ||||||
|       ProtectKernelTunables = true; |       ProtectKernelTunables = true; | ||||||
|       ProtectProc = "invisible"; |  | ||||||
|       RestrictAddressFamilies = [ |       RestrictAddressFamilies = [ | ||||||
|         "AF_INET" |         "AF_INET" | ||||||
|         "AF_INET6" |         "AF_INET6" | ||||||
| @@ -98,7 +97,6 @@ in { | |||||||
|         "@system-service" |         "@system-service" | ||||||
|         "~@privileged" |         "~@privileged" | ||||||
|       ]; |       ]; | ||||||
|       UMask = "0007"; |  | ||||||
|     }; |     }; | ||||||
|   }; |   }; | ||||||
| } | } | ||||||
|   | |||||||
| @@ -21,7 +21,7 @@ in | |||||||
|       custom_from |       custom_from | ||||||
|     ]); |     ]); | ||||||
|  |  | ||||||
|     dicts = with pkgs.aspellDicts; [ en en-science en-computers nb nn fr de it ]; |     dicts = with pkgs.aspellDicts; [ en en-computers nb nn fr de it ]; | ||||||
|     maxAttachmentSize = 20; |     maxAttachmentSize = 20; | ||||||
|     hostName = "roundcubeplaceholder.example.com"; |     hostName = "roundcubeplaceholder.example.com"; | ||||||
|  |  | ||||||
|   | |||||||
| @@ -48,6 +48,9 @@ | |||||||
|  |  | ||||||
|   users.users.turnserver.extraGroups = [ "acme" ]; |   users.users.turnserver.extraGroups = [ "acme" ]; | ||||||
|  |  | ||||||
|  |   # It needs this to be allowed to access the files with the acme group | ||||||
|  |   systemd.services.coturn.serviceConfig.PrivateUsers = lib.mkForce false; | ||||||
|  |  | ||||||
|   systemd.services."acme-${config.services.coturn.realm}".serviceConfig = { |   systemd.services."acme-${config.services.coturn.realm}".serviceConfig = { | ||||||
|     AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; |     AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ]; | ||||||
|   }; |   }; | ||||||
| @@ -66,7 +69,7 @@ | |||||||
|  |  | ||||||
|     listening-ips = [ |     listening-ips = [ | ||||||
|       values.services.turn.ipv4 |       values.services.turn.ipv4 | ||||||
|       # values.services.turn.ipv6 |       values.services.turn.ipv6 | ||||||
|     ]; |     ]; | ||||||
|  |  | ||||||
|     tls-listening-port = 443; |     tls-listening-port = 443; | ||||||
|   | |||||||
| @@ -6,10 +6,6 @@ let | |||||||
|   webhookListenPort = 8435; |   webhookListenPort = 8435; | ||||||
| in | in | ||||||
| { | { | ||||||
|   imports = [ |  | ||||||
|     ./module.nix |  | ||||||
|   ]; |  | ||||||
|  |  | ||||||
|   sops.secrets."matrix/hookshot/as_token" = { |   sops.secrets."matrix/hookshot/as_token" = { | ||||||
|     sopsFile = fp /secrets/bicep/matrix.yaml; |     sopsFile = fp /secrets/bicep/matrix.yaml; | ||||||
|     key = "hookshot/as_token"; |     key = "hookshot/as_token"; | ||||||
|   | |||||||
| @@ -1,127 +0,0 @@ | |||||||
| { |  | ||||||
|   config, |  | ||||||
|   pkgs, |  | ||||||
|   lib, |  | ||||||
|   ... |  | ||||||
| }: |  | ||||||
| let |  | ||||||
|   cfg = config.services.matrix-hookshot; |  | ||||||
|   settingsFormat = pkgs.formats.yaml { }; |  | ||||||
|   configFile = settingsFormat.generate "matrix-hookshot-config.yml" cfg.settings; |  | ||||||
| in |  | ||||||
| { |  | ||||||
|   options = { |  | ||||||
|     services.matrix-hookshot = { |  | ||||||
|       enable = lib.mkEnableOption "matrix-hookshot, a bridge between Matrix and project management services"; |  | ||||||
|  |  | ||||||
|       package = lib.mkPackageOption pkgs "matrix-hookshot" { }; |  | ||||||
|  |  | ||||||
|       registrationFile = lib.mkOption { |  | ||||||
|         type = lib.types.path; |  | ||||||
|         description = '' |  | ||||||
|           Appservice registration file. |  | ||||||
|           As it contains secret tokens, you may not want to add this to the publicly readable Nix store. |  | ||||||
|         ''; |  | ||||||
|         example = lib.literalExpression '' |  | ||||||
|           pkgs.writeText "matrix-hookshot-registration" \'\' |  | ||||||
|             id: matrix-hookshot |  | ||||||
|             as_token: aaaaaaaaaa |  | ||||||
|             hs_token: aaaaaaaaaa |  | ||||||
|             namespaces: |  | ||||||
|               rooms: [] |  | ||||||
|               users: |  | ||||||
|                 - regex: "@_webhooks_.*:foobar" |  | ||||||
|                   exclusive: true |  | ||||||
|  |  | ||||||
|             sender_localpart: hookshot |  | ||||||
|             url: "http://localhost:9993" |  | ||||||
|             rate_limited: false |  | ||||||
|             \'\' |  | ||||||
|         ''; |  | ||||||
|       }; |  | ||||||
|  |  | ||||||
|       settings = lib.mkOption { |  | ||||||
|         description = '' |  | ||||||
|           {file}`config.yml` configuration as a Nix attribute set. |  | ||||||
|  |  | ||||||
|           For details please see the [documentation](https://matrix-org.github.io/matrix-hookshot/latest/setup/sample-configuration.html). |  | ||||||
|         ''; |  | ||||||
|         example = { |  | ||||||
|           bridge = { |  | ||||||
|             domain = "example.com"; |  | ||||||
|             url = "http://localhost:8008"; |  | ||||||
|             mediaUrl = "https://example.com"; |  | ||||||
|             port = 9993; |  | ||||||
|             bindAddress = "127.0.0.1"; |  | ||||||
|           }; |  | ||||||
|           listeners = [ |  | ||||||
|             { |  | ||||||
|               port = 9000; |  | ||||||
|               bindAddress = "0.0.0.0"; |  | ||||||
|               resources = [ "webhooks" ]; |  | ||||||
|             } |  | ||||||
|             { |  | ||||||
|               port = 9001; |  | ||||||
|               bindAddress = "localhost"; |  | ||||||
|               resources = [ |  | ||||||
|                 "metrics" |  | ||||||
|                 "provisioning" |  | ||||||
|               ]; |  | ||||||
|             } |  | ||||||
|           ]; |  | ||||||
|         }; |  | ||||||
|         default = { }; |  | ||||||
|         type = lib.types.submodule { |  | ||||||
|           freeformType = settingsFormat.type; |  | ||||||
|           options = { |  | ||||||
|             passFile = lib.mkOption { |  | ||||||
|               type = lib.types.path; |  | ||||||
|               default = "/var/lib/matrix-hookshot/passkey.pem"; |  | ||||||
|               description = '' |  | ||||||
|                 A passkey used to encrypt tokens stored inside the bridge. |  | ||||||
|                 File will be generated if not found. |  | ||||||
|               ''; |  | ||||||
|             }; |  | ||||||
|           }; |  | ||||||
|         }; |  | ||||||
|       }; |  | ||||||
|  |  | ||||||
|       serviceDependencies = lib.mkOption { |  | ||||||
|         type = with lib.types; listOf str; |  | ||||||
|         default = lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit; |  | ||||||
|         defaultText = lib.literalExpression '' |  | ||||||
|           lib.optional config.services.matrix-synapse.enable config.services.matrix-synapse.serviceUnit |  | ||||||
|         ''; |  | ||||||
|         description = '' |  | ||||||
|           List of Systemd services to require and wait for when starting the application service, |  | ||||||
|           such as the Matrix homeserver if it's running on the same host. |  | ||||||
|         ''; |  | ||||||
|       }; |  | ||||||
|     }; |  | ||||||
|   }; |  | ||||||
|  |  | ||||||
|   config = lib.mkIf cfg.enable { |  | ||||||
|     systemd.services.matrix-hookshot = { |  | ||||||
|       description = "a bridge between Matrix and multiple project management services"; |  | ||||||
|  |  | ||||||
|       wantedBy = [ "multi-user.target" ]; |  | ||||||
|       wants = [ "network-online.target" ] ++ cfg.serviceDependencies; |  | ||||||
|       after = [ "network-online.target" ] ++ cfg.serviceDependencies; |  | ||||||
|  |  | ||||||
|       preStart = '' |  | ||||||
|         if [ ! -f '${cfg.settings.passFile}' ]; then |  | ||||||
|           mkdir -p $(dirname '${cfg.settings.passFile}') |  | ||||||
|           ${pkgs.openssl}/bin/openssl genpkey -out '${cfg.settings.passFile}' -outform PEM -algorithm RSA -pkeyopt rsa_keygen_bits:4096 |  | ||||||
|         fi |  | ||||||
|       ''; |  | ||||||
|  |  | ||||||
|       serviceConfig = { |  | ||||||
|         Type = "simple"; |  | ||||||
|         Restart = "always"; |  | ||||||
|         ExecStart = "${cfg.package}/bin/matrix-hookshot ${configFile} ${cfg.registrationFile}"; |  | ||||||
|       }; |  | ||||||
|     }; |  | ||||||
|   }; |  | ||||||
|  |  | ||||||
|   meta.maintainers = with lib.maintainers; [ flandweber ]; |  | ||||||
| } |  | ||||||
| @@ -1,36 +0,0 @@ | |||||||
| { config, pkgs, values, ... }: |  | ||||||
| { |  | ||||||
|   imports = [ |  | ||||||
|       # Include the results of the hardware scan. |  | ||||||
|       ./hardware-configuration.nix |  | ||||||
|       ../../base.nix |  | ||||||
|       ../../misc/metrics-exporters.nix |  | ||||||
|  |  | ||||||
|       ./services/openvpn |  | ||||||
|     ]; |  | ||||||
|  |  | ||||||
|   boot.loader.systemd-boot.enable = true; |  | ||||||
|   boot.loader.efi.canTouchEfiVariables = true; |  | ||||||
|  |  | ||||||
|   networking.hostName = "grevling"; |  | ||||||
|  |  | ||||||
|   # systemd.network.networks."30-eno1" = values.defaultNetworkConfig // { |  | ||||||
|   #   matchConfig.Name = "eno1"; |  | ||||||
|   #   address = with values.hosts.georg; [ (ipv4 + "/25") (ipv6 + "/64") ]; |  | ||||||
|   # }; |  | ||||||
|  |  | ||||||
|   # List packages installed in system profile |  | ||||||
|   environment.systemPackages = with pkgs; [ |  | ||||||
|   ]; |  | ||||||
|  |  | ||||||
|   # List services that you want to enable: |  | ||||||
|  |  | ||||||
|   # This value determines the NixOS release from which the default |  | ||||||
|   # settings for stateful data, like file locations and database versions |  | ||||||
|   # on your system were taken. It‘s perfectly fine and recommended to leave |  | ||||||
|   # this value at the release version of the first install of this system. |  | ||||||
|   # Before changing this value read the documentation for this option |  | ||||||
|   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). |  | ||||||
|   system.stateVersion = "23.05"; # Did you read the comment? |  | ||||||
|  |  | ||||||
| } |  | ||||||
| @@ -1,40 +0,0 @@ | |||||||
| # Do not modify this file!  It was generated by ‘nixos-generate-config’ |  | ||||||
| # and may be overwritten by future invocations.  Please make changes |  | ||||||
| # to /etc/nixos/configuration.nix instead. |  | ||||||
| { config, lib, pkgs, modulesPath, ... }: |  | ||||||
|  |  | ||||||
| { |  | ||||||
|   imports = |  | ||||||
|     [ (modulesPath + "/installer/scan/not-detected.nix") |  | ||||||
|     ]; |  | ||||||
|  |  | ||||||
|   boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; |  | ||||||
|   boot.initrd.kernelModules = [ ]; |  | ||||||
|   boot.kernelModules = [ "kvm-intel" ]; |  | ||||||
|   boot.extraModulePackages = [ ]; |  | ||||||
|  |  | ||||||
|   fileSystems."/" = |  | ||||||
|     { device = "/dev/disk/by-uuid/33825f0d-5a63-40fc-83db-bfa1ebb72ba0"; |  | ||||||
|       fsType = "ext4"; |  | ||||||
|     }; |  | ||||||
|  |  | ||||||
|   fileSystems."/boot" = |  | ||||||
|     { device = "/dev/disk/by-uuid/145E-7362"; |  | ||||||
|       fsType = "vfat"; |  | ||||||
|     }; |  | ||||||
|  |  | ||||||
|   swapDevices = |  | ||||||
|     [ { device = "/dev/disk/by-uuid/7ed27e21-3247-44cd-8bcc-5d4a2efebf57"; } |  | ||||||
|     ]; |  | ||||||
|  |  | ||||||
|   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking |  | ||||||
|   # (the default) this is the recommended approach. When using systemd-networkd it's |  | ||||||
|   # still possible to use this option, but it's recommended to use it in conjunction |  | ||||||
|   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. |  | ||||||
|   networking.useDHCP = lib.mkDefault true; |  | ||||||
|   # networking.interfaces.eno1.useDHCP = lib.mkDefault true; |  | ||||||
|   # networking.interfaces.enp2s2.useDHCP = lib.mkDefault true; |  | ||||||
|  |  | ||||||
|   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; |  | ||||||
|   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; |  | ||||||
| } |  | ||||||
| @@ -1,77 +0,0 @@ | |||||||
| { pkgs, lib, values, ... }: |  | ||||||
| { |  | ||||||
|   services.openvpn.servers."ov-tunnel" = { |  | ||||||
|     config = let |  | ||||||
|       conf = { |  | ||||||
|         # TODO: use aliases |  | ||||||
|         local = "129.241.210.191"; |  | ||||||
|         port = 1194; |  | ||||||
|         proto = "udp"; |  | ||||||
|         dev = "tap"; |  | ||||||
|  |  | ||||||
|         # TODO: set up |  | ||||||
|         ca = ""; |  | ||||||
|         cert = ""; |  | ||||||
|         key = ""; |  | ||||||
|         dh = ""; |  | ||||||
|  |  | ||||||
|         # Maintain a record of client <-> virtual IP address |  | ||||||
|         # associations in this file.  If OpenVPN goes down or |  | ||||||
|         # is restarted, reconnecting clients can be assigned |  | ||||||
|         # the same virtual IP address from the pool that was |  | ||||||
|         # previously assigned. |  | ||||||
|         ifconfig-pool-persist = ./ipp.txt; |  | ||||||
|  |  | ||||||
|         server-bridge = builtins.concatStringsSep " " [ |  | ||||||
|           "129.241.210.129" |  | ||||||
|           "255.255.255.128" |  | ||||||
|           "129.241.210.253" |  | ||||||
|           "129.241.210.254" |  | ||||||
|         ]; |  | ||||||
|  |  | ||||||
|         keepalive = "10 120"; |  | ||||||
|         cipher = "none"; |  | ||||||
|  |  | ||||||
|         user = "nobody"; |  | ||||||
|         group = "nobody"; |  | ||||||
|  |  | ||||||
|         status = "/var/log/openvpn-status.log"; |  | ||||||
|  |  | ||||||
|         client-config-dir = pkgs.writeTextDir "tuba" '' |  | ||||||
|           # Sett IP-adr. for tap0 til tubas PVV-adr. |  | ||||||
|           ifconfig-push ${values.services.tuba-tap} 255.255.255.128 |  | ||||||
|           # Hvordan skal man faa dette til aa funke, tro? |  | ||||||
|           #ifconfig-ipv6-push 2001:700:300:1900::xxx/64 |  | ||||||
|            |  | ||||||
|           # La tuba bruke std. PVV-gateway til all trafikk (unntatt |  | ||||||
|           # VPN-tunnellen). |  | ||||||
|           push "redirect-gateway" |  | ||||||
|         ''; |  | ||||||
|  |  | ||||||
|         persist-key = true; |  | ||||||
|         persist-tun = true; |  | ||||||
|  |  | ||||||
|         verb = 5; |  | ||||||
|  |  | ||||||
|         explicit-exit-notify = 1; |  | ||||||
|       }; |  | ||||||
|     in lib.pipe conf [ |  | ||||||
|       (lib.filterAttrs (_: value: !(builtins.isNull value || value == false))) |  | ||||||
|       (builtins.mapAttrs (_: value: |  | ||||||
|         if builtins.isList value then builtins.concatStringsSep " " (map toString value) |  | ||||||
|         else if value == true then value |  | ||||||
|         else if builtins.any (f: f value) [ |  | ||||||
|           builtins.isString |  | ||||||
|           builtins.isInt |  | ||||||
|           builtins.isFloat |  | ||||||
|           lib.isPath |  | ||||||
|           lib.isDerivation |  | ||||||
|         ] then toString value |  | ||||||
|         else throw "Unknown value in grevling openvpn config, deading now\n${value}" |  | ||||||
|       )) |  | ||||||
|       (lib.mapAttrsToList (name: value: if value == true then name else "${name} ${value}")) |  | ||||||
|       (builtins.concatStringsSep "\n") |  | ||||||
|       (x: x + "\n\n") |  | ||||||
|     ]; |  | ||||||
|   }; |  | ||||||
| } |  | ||||||
| @@ -1,36 +0,0 @@ | |||||||
| { config, pkgs, values, ... }: |  | ||||||
| { |  | ||||||
|   imports = [ |  | ||||||
|       # Include the results of the hardware scan. |  | ||||||
|       ./hardware-configuration.nix |  | ||||||
|       ../../base.nix |  | ||||||
|       ../../misc/metrics-exporters.nix |  | ||||||
|  |  | ||||||
|       ./services/openvpn |  | ||||||
|     ]; |  | ||||||
|  |  | ||||||
|   boot.loader.systemd-boot.enable = true; |  | ||||||
|   boot.loader.efi.canTouchEfiVariables = true; |  | ||||||
|  |  | ||||||
|   networking.hostName = "tuba"; |  | ||||||
|  |  | ||||||
|   # systemd.network.networks."30-eno1" = values.defaultNetworkConfig // { |  | ||||||
|   #   matchConfig.Name = "eno1"; |  | ||||||
|   #   address = with values.hosts.georg; [ (ipv4 + "/25") (ipv6 + "/64") ]; |  | ||||||
|   # }; |  | ||||||
|  |  | ||||||
|   # List packages installed in system profile |  | ||||||
|   environment.systemPackages = with pkgs; [ |  | ||||||
|   ]; |  | ||||||
|  |  | ||||||
|   # List services that you want to enable: |  | ||||||
|  |  | ||||||
|   # This value determines the NixOS release from which the default |  | ||||||
|   # settings for stateful data, like file locations and database versions |  | ||||||
|   # on your system were taken. It‘s perfectly fine and recommended to leave |  | ||||||
|   # this value at the release version of the first install of this system. |  | ||||||
|   # Before changing this value read the documentation for this option |  | ||||||
|   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). |  | ||||||
|   system.stateVersion = "23.05"; # Did you read the comment? |  | ||||||
|  |  | ||||||
| } |  | ||||||
| @@ -1,40 +0,0 @@ | |||||||
| # Do not modify this file!  It was generated by ‘nixos-generate-config’ |  | ||||||
| # and may be overwritten by future invocations.  Please make changes |  | ||||||
| # to /etc/nixos/configuration.nix instead. |  | ||||||
| { config, lib, pkgs, modulesPath, ... }: |  | ||||||
|  |  | ||||||
| { |  | ||||||
|   imports = |  | ||||||
|     [ (modulesPath + "/installer/scan/not-detected.nix") |  | ||||||
|     ]; |  | ||||||
|  |  | ||||||
|   boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; |  | ||||||
|   boot.initrd.kernelModules = [ ]; |  | ||||||
|   boot.kernelModules = [ "kvm-intel" ]; |  | ||||||
|   boot.extraModulePackages = [ ]; |  | ||||||
|  |  | ||||||
|   fileSystems."/" = |  | ||||||
|     { device = "/dev/disk/by-uuid/33825f0d-5a63-40fc-83db-bfa1ebb72ba0"; |  | ||||||
|       fsType = "ext4"; |  | ||||||
|     }; |  | ||||||
|  |  | ||||||
|   fileSystems."/boot" = |  | ||||||
|     { device = "/dev/disk/by-uuid/145E-7362"; |  | ||||||
|       fsType = "vfat"; |  | ||||||
|     }; |  | ||||||
|  |  | ||||||
|   swapDevices = |  | ||||||
|     [ { device = "/dev/disk/by-uuid/7ed27e21-3247-44cd-8bcc-5d4a2efebf57"; } |  | ||||||
|     ]; |  | ||||||
|  |  | ||||||
|   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking |  | ||||||
|   # (the default) this is the recommended approach. When using systemd-networkd it's |  | ||||||
|   # still possible to use this option, but it's recommended to use it in conjunction |  | ||||||
|   # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. |  | ||||||
|   networking.useDHCP = lib.mkDefault true; |  | ||||||
|   # networking.interfaces.eno1.useDHCP = lib.mkDefault true; |  | ||||||
|   # networking.interfaces.enp2s2.useDHCP = lib.mkDefault true; |  | ||||||
|  |  | ||||||
|   nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; |  | ||||||
|   hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; |  | ||||||
| } |  | ||||||
| @@ -1,54 +0,0 @@ | |||||||
| { lib, values, ... }: |  | ||||||
| { |  | ||||||
|   services.openvpn.servers."ov-tunnel" = { |  | ||||||
|     config = let |  | ||||||
|       conf = { |  | ||||||
|         # TODO: use aliases |  | ||||||
|         client = true; |  | ||||||
|         dev = "tap"; |  | ||||||
|         proto = "udp"; |  | ||||||
|         remote = "129.241.210.191 1194"; |  | ||||||
|  |  | ||||||
|         resolv-retry = "infinite"; |  | ||||||
|         nobind = true; |  | ||||||
|  |  | ||||||
|         # # TODO: set up |  | ||||||
|         ca = ""; |  | ||||||
|         cert = ""; |  | ||||||
|         key = ""; |  | ||||||
|         remote-cert-tls = "server"; |  | ||||||
|         cipher = "none"; |  | ||||||
|  |  | ||||||
|         user = "nobody"; |  | ||||||
|         group = "nobody"; |  | ||||||
|  |  | ||||||
|         status = "/var/log/openvpn-status.log"; |  | ||||||
|  |  | ||||||
|         persist-key = true; |  | ||||||
|         persist-tun = true; |  | ||||||
|  |  | ||||||
|         verb = 5; |  | ||||||
|  |  | ||||||
|         # script-security = 2; |  | ||||||
|         # up = "systemctl restart rwhod"; |  | ||||||
|       }; |  | ||||||
|     in lib.pipe conf [ |  | ||||||
|       (lib.filterAttrs (_: value: !(builtins.isNull value || value == false))) |  | ||||||
|       (builtins.mapAttrs (_: value: |  | ||||||
|         if builtins.isList value then builtins.concatStringsSep " " (map toString value) |  | ||||||
|         else if value == true then value |  | ||||||
|         else if builtins.any (f: f value) [ |  | ||||||
|           builtins.isString |  | ||||||
|           builtins.isInt |  | ||||||
|           builtins.isFloat |  | ||||||
|           lib.isPath |  | ||||||
|           lib.isDerivation |  | ||||||
|         ] then toString value |  | ||||||
|         else throw "Unknown value in tuba openvpn config, deading now\n${value}" |  | ||||||
|       )) |  | ||||||
|       (lib.mapAttrsToList (name: value: if value == true then name else "${name} ${value}")) |  | ||||||
|       (builtins.concatStringsSep "\n") |  | ||||||
|       (x: x + "\n\n") |  | ||||||
|     ]; |  | ||||||
|   }; |  | ||||||
| } |  | ||||||
| @@ -15,8 +15,8 @@ let | |||||||
|         enable = true; |         enable = true; | ||||||
|         name = "git-runner-${name}"; url = "https://git.pvv.ntnu.no"; |         name = "git-runner-${name}"; url = "https://git.pvv.ntnu.no"; | ||||||
|         labels = [ |         labels = [ | ||||||
|           "debian-latest:docker://node:18-bullseye" |           "debian-latest:docker://node:current-bookworm" | ||||||
|           "ubuntu-latest:docker://node:18-bullseye" |           "ubuntu-latest:docker://node:current-bookworm" | ||||||
|         ]; |         ]; | ||||||
|         tokenFile = config.sops.secrets."gitea/runners/${name}".path; |         tokenFile = config.sops.secrets."gitea/runners/${name}".path; | ||||||
|       }; |       }; | ||||||
|   | |||||||
| @@ -2,4 +2,10 @@ | |||||||
|  |  | ||||||
| { | { | ||||||
|   nix.settings.trusted-users = [ "@nix-builder-users" ]; |   nix.settings.trusted-users = [ "@nix-builder-users" ]; | ||||||
|  |   nix.daemonCPUSchedPolicy = "batch"; | ||||||
|  |  | ||||||
|  |   boot.binfmt.emulatedSystems = [ | ||||||
|  |     "aarch64-linux" | ||||||
|  |     "armv7l-linux" | ||||||
|  |   ]; | ||||||
| } | } | ||||||
|   | |||||||
| @@ -2,6 +2,8 @@ | |||||||
| let | let | ||||||
|   grg = config.services.greg-ng; |   grg = config.services.greg-ng; | ||||||
|   grgw = config.services.grzegorz-webui; |   grgw = config.services.grzegorz-webui; | ||||||
|  |  | ||||||
|  |   machine = config.networking.hostName; | ||||||
| in { | in { | ||||||
|   services.greg-ng = { |   services.greg-ng = { | ||||||
|     enable = true; |     enable = true; | ||||||
| @@ -16,37 +18,77 @@ in { | |||||||
|     listenAddr = "localhost"; |     listenAddr = "localhost"; | ||||||
|     listenPort = 42069; |     listenPort = 42069; | ||||||
|     listenWebsocketPort = 42042; |     listenWebsocketPort = 42042; | ||||||
|     hostName = "${config.networking.fqdn}"; |     hostName = "${machine}-old.pvv.ntnu.no"; | ||||||
|     apiBase = "http://${grg.settings.host}:${toString grg.settings.port}/api"; |     apiBase = "https://${machine}-backend.pvv.ntnu.no/api"; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   services.gergle = { | ||||||
|  |     enable = true; | ||||||
|  |     virtualHost = config.networking.fqdn; | ||||||
|   }; |   }; | ||||||
|  |  | ||||||
|   services.nginx.enable = true; |   services.nginx.enable = true; | ||||||
|   services.nginx.virtualHosts."${config.networking.fqdn}" = { |   services.nginx.virtualHosts = { | ||||||
|     forceSSL = true; |     ${config.networking.fqdn} = { | ||||||
|     enableACME = true; |       forceSSL = true; | ||||||
|     kTLS = true; |       enableACME = true; | ||||||
|     serverAliases = [ |       kTLS = true; | ||||||
|       "${config.networking.hostName}.pvv.org" |       serverAliases = [ | ||||||
|     ]; |         "${machine}.pvv.org" | ||||||
|     extraConfig = '' |       ]; | ||||||
|       allow 129.241.210.128/25; |       extraConfig = '' | ||||||
|       allow 2001:700:300:1900::/64; |         allow 129.241.210.128/25; | ||||||
|       deny all; |         allow 2001:700:300:1900::/64; | ||||||
|     ''; |         deny all; | ||||||
|  |       ''; | ||||||
|  |     }; | ||||||
|  |  | ||||||
|     locations."/" = { |     "${machine}-backend.pvv.ntnu.no" = { | ||||||
|       proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenPort}"; |       forceSSL = true; | ||||||
|  |       enableACME = true; | ||||||
|  |       kTLS = true; | ||||||
|  |       serverAliases = [ | ||||||
|  |         "${machine}-backend.pvv.org" | ||||||
|  |       ]; | ||||||
|  |       extraConfig = '' | ||||||
|  |         allow 129.241.210.128/25; | ||||||
|  |         allow 2001:700:300:1900::/64; | ||||||
|  |         deny all; | ||||||
|  |       ''; | ||||||
|  |  | ||||||
|  |       locations."/" = { | ||||||
|  |         proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}"; | ||||||
|  |         proxyWebsockets = true; | ||||||
|  |       }; | ||||||
|     }; |     }; | ||||||
|     # https://github.com/rawpython/remi/issues/216 |  | ||||||
|     locations."/websocket" = { |     "${machine}-old.pvv.ntnu.no" = { | ||||||
|       proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenWebsocketPort}"; |       forceSSL = true; | ||||||
|       proxyWebsockets = true; |       enableACME = true; | ||||||
|     }; |       kTLS = true; | ||||||
|     locations."/api" = { |       serverAliases = [ | ||||||
|       proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}"; |         "${machine}-old.pvv.org" | ||||||
|     }; |       ]; | ||||||
|     locations."/docs" = { |       extraConfig = '' | ||||||
|       proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}"; |         allow 129.241.210.128/25; | ||||||
|  |         allow 2001:700:300:1900::/64; | ||||||
|  |         deny all; | ||||||
|  |       ''; | ||||||
|  |  | ||||||
|  |       locations."/" = { | ||||||
|  |         proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenPort}"; | ||||||
|  |       }; | ||||||
|  |       # https://github.com/rawpython/remi/issues/216 | ||||||
|  |       locations."/websocket" = { | ||||||
|  |         proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenWebsocketPort}"; | ||||||
|  |         proxyWebsockets = true; | ||||||
|  |       }; | ||||||
|  |       locations."/api" = { | ||||||
|  |         proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}"; | ||||||
|  |       }; | ||||||
|  |       locations."/docs" = { | ||||||
|  |         proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}"; | ||||||
|  |       }; | ||||||
|     }; |     }; | ||||||
|   }; |   }; | ||||||
| } | } | ||||||
|   | |||||||
							
								
								
									
										116
									
								
								modules/robots-txt.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										116
									
								
								modules/robots-txt.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,116 @@ | |||||||
|  | { config, pkgs, lib, ... }: | ||||||
|  | let | ||||||
|  |   cfg = config.environment.robots-txt; | ||||||
|  |  | ||||||
|  |   robots-txt-format = { | ||||||
|  |     type = let | ||||||
|  |       coercedStrToNonEmptyListOfStr = lib.types.coercedTo lib.types.str lib.singleton (lib.types.nonEmptyListOf lib.types.str); | ||||||
|  |     in lib.types.listOf (lib.types.submodule { | ||||||
|  |       freeformType = lib.types.attrsOf coercedStrToNonEmptyListOfStr; | ||||||
|  |       options = { | ||||||
|  |         pre_comment = lib.mkOption { | ||||||
|  |           description = "Comment to add before the rule"; | ||||||
|  |           type = lib.types.lines; | ||||||
|  |           default = ""; | ||||||
|  |         }; | ||||||
|  |         post_comment = lib.mkOption { | ||||||
|  |           description = "Comment to add after the rule"; | ||||||
|  |           type = lib.types.lines; | ||||||
|  |           default = ""; | ||||||
|  |         }; | ||||||
|  |       }; | ||||||
|  |     }); | ||||||
|  |  | ||||||
|  |     generate = name: value: let | ||||||
|  |       makeComment = comment: lib.pipe comment [ | ||||||
|  |         (lib.splitString "\n") | ||||||
|  |         (lib.map (line: if line == "" then "#" else "# ${line}")) | ||||||
|  |         (lib.concatStringsSep "\n") | ||||||
|  |       ]; | ||||||
|  |  | ||||||
|  |       ruleToString = rule: let | ||||||
|  |         user_agent = rule.User-agent or []; | ||||||
|  |         pre_comment = rule.pre_comment; | ||||||
|  |         post_comment = rule.post_comment; | ||||||
|  |         rest = builtins.removeAttrs rule [ "User-agent" "pre_comment" "post_comment" ]; | ||||||
|  |       in lib.concatStringsSep "\n" (lib.filter (x: x != null) [ | ||||||
|  |         (if (pre_comment != "") then makeComment pre_comment else null) | ||||||
|  |         (let | ||||||
|  |           user-agents = lib.concatMapStringsSep "\n" (value: "User-agent: ${value}") user_agent; | ||||||
|  |         in | ||||||
|  |           if user_agent == [] then null else user-agents | ||||||
|  |         ) | ||||||
|  |         (lib.pipe rest [ | ||||||
|  |           (lib.mapAttrsToList (ruleName: map (value: "${ruleName}: ${value}"))) | ||||||
|  |           lib.concatLists | ||||||
|  |           (lib.concatStringsSep "\n") | ||||||
|  |         ]) | ||||||
|  |         (if (post_comment != "") then makeComment post_comment else null) | ||||||
|  |       ]); | ||||||
|  |  | ||||||
|  |       content = lib.concatMapStringsSep "\n\n" ruleToString value; | ||||||
|  |     in pkgs.writeText name content; | ||||||
|  |   }; | ||||||
|  | in | ||||||
|  | { | ||||||
|  |   options.environment.robots-txt = lib.mkOption { | ||||||
|  |     default = { }; | ||||||
|  |     description = '' | ||||||
|  |       Different instances of robots.txt to use with web services. | ||||||
|  |     ''; | ||||||
|  |     type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: { | ||||||
|  |       options = { | ||||||
|  |         enable = lib.mkEnableOption "this instance of robots.txt" // { | ||||||
|  |           default = true; | ||||||
|  |         }; | ||||||
|  |  | ||||||
|  |         path = lib.mkOption { | ||||||
|  |           description = "The resulting path of the dir containing the robots.txt file"; | ||||||
|  |           type = lib.types.path; | ||||||
|  |           readOnly = true; | ||||||
|  |           default = "/etc/robots-txt/${name}"; | ||||||
|  |         }; | ||||||
|  |  | ||||||
|  |         rules = lib.mkOption { | ||||||
|  |           description = "Rules to include in robots.txt"; | ||||||
|  |           default = [ ]; | ||||||
|  |           example = [ | ||||||
|  |             { User-agent = "Googlebot"; Disallow = "/no-googlebot"; } | ||||||
|  |             { User-agent = "Bingbot"; Disallow = [ "/no-bingbot" "/no-bingbot2" ]; } | ||||||
|  |           ]; | ||||||
|  |           type = robots-txt-format.type; | ||||||
|  |         }; | ||||||
|  |  | ||||||
|  |         virtualHost = lib.mkOption { | ||||||
|  |           description = "An nginx virtual host to add the robots.txt to"; | ||||||
|  |           type = lib.types.nullOr lib.types.str; | ||||||
|  |           default = null; | ||||||
|  |         }; | ||||||
|  |       }; | ||||||
|  |     })); | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   config = { | ||||||
|  |     environment.etc = lib.mapAttrs' (name: value: { | ||||||
|  |       name = "robots-txt/${name}/robots.txt"; | ||||||
|  |       value.source = robots-txt-format.generate name value.rules; | ||||||
|  |     }) cfg; | ||||||
|  |  | ||||||
|  |     services.nginx.virtualHosts = lib.pipe cfg [ | ||||||
|  |       (lib.filterAttrs (_: value: value.virtualHost != null)) | ||||||
|  |       (lib.mapAttrs' (name: value: { | ||||||
|  |         name = value.virtualHost; | ||||||
|  |         value = { | ||||||
|  |           locations = { | ||||||
|  |             "= /robots.txt" = { | ||||||
|  |               extraConfig = '' | ||||||
|  |                 add_header Content-Type text/plain; | ||||||
|  |               ''; | ||||||
|  |               root = cfg.${name}.path; | ||||||
|  |             }; | ||||||
|  |           }; | ||||||
|  |         }; | ||||||
|  |       })) | ||||||
|  |     ]; | ||||||
|  |   }; | ||||||
|  | } | ||||||
| @@ -12,7 +12,7 @@ let | |||||||
|     name |     name | ||||||
|   , commit |   , commit | ||||||
|   , hash |   , hash | ||||||
|   , tracking-branch ? "REL1_41" |   , tracking-branch ? "REL1_42" | ||||||
|   , kebab-name ? kebab-case-name name |   , kebab-name ? kebab-case-name name | ||||||
|   , fetchgit ? pkgs.fetchgit |   , fetchgit ? pkgs.fetchgit | ||||||
|   }: |   }: | ||||||
| @@ -33,63 +33,63 @@ in | |||||||
| lib.mergeAttrsList [ | lib.mergeAttrsList [ | ||||||
|   (mw-ext { |   (mw-ext { | ||||||
|     name = "CodeEditor"; |     name = "CodeEditor"; | ||||||
|     commit = "7d8447035e381d76387e38b92e4d1e2b8d373a01"; |     commit = "9f69f2cf7616342d236726608a702d651b611938"; | ||||||
|     hash = "sha256-v2AlbP0vZma3qZyEAWGjZ/rLcvOpIMroyc1EixKjlAU="; |     hash = "sha256-sRaYj34+7aghJUw18RoowzEiMx0aOANU1a7YT8jivBw="; | ||||||
|   }) |   }) | ||||||
|   (mw-ext { |   (mw-ext { | ||||||
|     name = "CodeMirror"; |     name = "CodeMirror"; | ||||||
|     commit = "a7b4541089f9b88a0b722d9d790e4cf0f13aa328"; |     commit = "1a1048c770795789676adcf8a33c1b69f6f5d3ae"; | ||||||
|     hash = "sha256-clyzN3v3+J4GjdyhrCsytBrH7VR1tq5yd0rB+32eWCg="; |     hash = "sha256-Y5ePrtLNiko2uU/sesm8jdYmxZkYzQDHfkIG1Q0v47I="; | ||||||
|   }) |   }) | ||||||
|   (mw-ext { |   (mw-ext { | ||||||
|     name = "DeleteBatch"; |     name = "DeleteBatch"; | ||||||
|     commit = "cad869fbd95637902673f744581b29e0f3e3f61a"; |     commit = "b76bb482e026453079104d00f9675b4ab851947e"; | ||||||
|     hash = "sha256-M1ek1WdO1/uTjeYlrk3Tz+nlb/fFZH+O0Ok7b10iKak="; |     hash = "sha256-GebF9B3RVwpPw8CYKDDT6zHv/MrrzV6h2TEIvNlRmcw="; | ||||||
|   }) |   }) | ||||||
|   (mw-ext { |   (mw-ext { | ||||||
|     name = "PluggableAuth"; |     name = "PluggableAuth"; | ||||||
|     commit = "4111a57c34e25bde579cce5d14ea094021e450c8"; |     commit = "1da98f447fd8321316d4286d8106953a6665f1cc"; | ||||||
|     hash = "sha256-aPtN8A9gDxLlq2+EloRZBO0DfHtE0E5kbV/adk82jvM="; |     hash = "sha256-DKDVcAfWL90FmZbSsdx1J5PkGu47EsDQmjlCpcgLCn4="; | ||||||
|   }) |   }) | ||||||
|   (mw-ext { |   (mw-ext { | ||||||
|     name = "Popups"; |     name = "Popups"; | ||||||
|     commit = "f1bcadbd8b868f32ed189feff232c47966c2c49e"; |     commit = "9b9e986316b9662b1b45ce307a58dd0320dd33cf"; | ||||||
|     hash = "sha256-PQAjq/X4ZYwnnZ6ADCp3uGWMIucJy0ZXxsTTbAyxlSE="; |     hash = "sha256-rSOZHT3yFIxA3tPhIvztwMSmSef/XHKmNfQl1JtGrUA="; | ||||||
|   }) |   }) | ||||||
|   (mw-ext { |   (mw-ext { | ||||||
|     name = "Scribunto"; |     name = "Scribunto"; | ||||||
|     commit = "7b99c95f588b06635ee3c487080d6cb04617d4b5"; |     commit = "eb6a987e90db47b09b0454fd06cddb69fdde9c40"; | ||||||
|     hash = "sha256-pviueRHQAsSlv4AtnUpo2Cjci7CbJ5aM75taEXY+WrI="; |     hash = "sha256-Nr0ZLIrS5jnpiBgGnd90lzi6KshcsxeC+xGmNsB/g88="; | ||||||
|   }) |   }) | ||||||
|   (mw-ext { |   (mw-ext { | ||||||
|     name = "SimpleSAMLphp"; |     name = "SimpleSAMLphp"; | ||||||
|     kebab-name = "simple-saml-php"; |     kebab-name = "simple-saml-php"; | ||||||
|     commit = "ecb47191fecd1e0dc4c9d8b90a9118e393d82c23"; |     commit = "fd4d49cf48d16efdb91ae8128cdd507efe84d311"; | ||||||
|     hash = "sha256-gKu+O49XrAVt6hXdt36Ru7snjsKX6g2CYJ0kk/d+CI8="; |     hash = "sha256-Qdtroew2j3AsZYlhAAUKQXXS2kUzUeQFnuR6ZHdFhAQ="; | ||||||
|   }) |   }) | ||||||
|   (mw-ext { |   (mw-ext { | ||||||
|     name = "TemplateData"; |     name = "TemplateData"; | ||||||
|     commit = "1ec66ce80f8a4322138efa56864502d0ee069bad"; |     commit = "836e3ca277301addd2578b2e746498ff6eb8e574"; | ||||||
|     hash = "sha256-Lv3Lq9dYAtdgWcwelveTuOhkP38MTu0m5kmW8+ltRis="; |     hash = "sha256-UMcRLYxYn+AormwTYjKjjZZjA806goMY2TRQ4KoS5fY="; | ||||||
|   }) |   }) | ||||||
|   (mw-ext { |   (mw-ext { | ||||||
|     name = "TemplateStyles"; |     name = "TemplateStyles"; | ||||||
|     commit = "581180e898d6a942e2a65c8f13435a5d50fffa67"; |     commit = "06a2587689eba0a17945fd9bd4bb61674d3a7853"; | ||||||
|     hash = "sha256-zW8O0mzG4jYfQoKi2KzsP+8iwRCLnWgH7qfmDE2R+HU="; |     hash = "sha256-C7j0jCkMeVZiLKpk+55X+lLnbG4aeH+hWIm3P5fF4fw="; | ||||||
|   }) |   }) | ||||||
|   (mw-ext { |   (mw-ext { | ||||||
|     name = "UserMerge"; |     name = "UserMerge"; | ||||||
|     commit = "c17c919bdb9b67bb69f80df43e9ee9d33b1ecf1b"; |     commit = "41759d0c61377074d159f7d84130a095822bc7a3"; | ||||||
|     hash = "sha256-+mkzTCo8RVlGoFyfCrSb5YMh4J6Pbi1PZLFu5ps8bWY="; |     hash = "sha256-pGjA7r30StRw4ff0QzzZYUhgD3dC3ZuiidoSEz8kA8Q="; | ||||||
|   }) |   }) | ||||||
|   (mw-ext { |   (mw-ext { | ||||||
|     name = "VisualEditor"; |     name = "VisualEditor"; | ||||||
|     commit = "90bb3d455892e25317029ffd4bda93159e8faac8"; |     commit = "a128b11fe109aa882de5a40d2be0cdd0947ab11b"; | ||||||
|     hash = "sha256-SZAVELQUKZtwSM6NVlxvIHdFPodko8fhZ/uwB0LCFDA="; |     hash = "sha256-bv1TkomouOxe+DKzthyLyppdEUFSXJ9uE0zsteVU+D4="; | ||||||
|   }) |   }) | ||||||
|   (mw-ext { |   (mw-ext { | ||||||
|     name = "WikiEditor"; |     name = "WikiEditor"; | ||||||
|     commit = "8dba5b13246d7ae09193f87e6273432b3264de5f"; |     commit = "21383e39a4c9169000acd03edfbbeec4451d7974"; | ||||||
|     hash = "sha256-vF9PBuM+VfOIs/a2X1JcPn6WH4GqP/vUJDFkfXzWyFU="; |     hash = "sha256-aPVpE6e4qLLliN9U5TA36e8tFrIt7Fl8RT1cGPUWoNI="; | ||||||
|   }) |   }) | ||||||
| ] | ] | ||||||
|   | |||||||
| @@ -1,8 +1,8 @@ | |||||||
| gitea: | gitea: | ||||||
|     runners: |     runners: | ||||||
|         alpha: ENC[AES256_GCM,data:aAFv+/ygC7oxGT3qnoEf+AZL3Nk1yOq3HupL9l0j8P913GefPKqlBt/mbuRVug==,iv:usXElENwbOHxUdoqHScK7PjeZavXUwoxpQWEMjxU2u4=,tag:E8OzZ9pmxIru7Glgh7v0lg==,type:str] |         alpha: ENC[AES256_GCM,data:Hnq2guka4oERPIFCv1/ggrLjaePA7907VHXMStDQ7ll3hntTioT76qGOUJgfIw==,iv:wDPYuuL6VAWJakrz6asVRrzwRxqw0JDRes13MgJIT6E=,tag:ogFUeUirHVkCLN63nctxOw==,type:str] | ||||||
|         beta: ENC[AES256_GCM,data:riRSBDzX9DAxKl2UCds1ANddl3ij+byAgigOafJ5RjWl8cNVlowK21klBiKTxw==,iv:clijEUKX9o52p5A94eEW0f8qGGhFpy/LFe+uQG/iQLg=,tag:PchXbsZMnW//O7brEAEeWw==,type:str] |         beta: ENC[AES256_GCM,data:HmdjBvW8eO5MkzXf7KEzSNQAptF/RKN8Bh03Ru7Ru/Ky+eJJtk91aqSSIjFa+Q==,iv:Hz9HE3U6CFfZFcPmYMd6wSzZkSvszt92L2gV+pUlMis=,tag:LG3NfsS7B1EdRFvnP3XESQ==,type:str] | ||||||
|         epsilon: ENC[AES256_GCM,data:lUt8uaqh9eC1IdIUfiw3dzxcDErSWaiT9lzg4ONf/QZeXj7Do7Es0GXBFd41Hw==,iv:hPm5Lez5ISHIlw1+i4z/oBsh4H5ZXPVYnXXSGq1eal0=,tag:/KcmPw30622tN9ruMUwfUw==,type:str] |         epsilon: ENC[AES256_GCM,data:wfGxwWwDzb6AJaFnxe/93WNZGtuTpCkLci/Cc5MTCTKJz6XlNuy3m/1Xsnw0hA==,iv:I6Zl+4BBAUTXym2qUlFfdnoLTHShu+VyxPMjRlFzMis=,tag:jjTyZs1Nzqlhjd8rAldxDw==,type:str] | ||||||
| sops: | sops: | ||||||
|     kms: [] |     kms: [] | ||||||
|     gcp_kms: [] |     gcp_kms: [] | ||||||
| @@ -63,8 +63,8 @@ sops: | |||||||
|             aU4xWjVYYlNvSmYxajVGdzk5dTQ4WG8Klq12bSegsW29xp4qteuCB5Tzis6EhVCk |             aU4xWjVYYlNvSmYxajVGdzk5dTQ4WG8Klq12bSegsW29xp4qteuCB5Tzis6EhVCk | ||||||
|             53jqtYe5UG9MjFVQYiSi2jJz5/dxfqSINMZ/Y/EB5LxbwgbFws8Yuw== |             53jqtYe5UG9MjFVQYiSi2jJz5/dxfqSINMZ/Y/EB5LxbwgbFws8Yuw== | ||||||
|             -----END AGE ENCRYPTED FILE----- |             -----END AGE ENCRYPTED FILE----- | ||||||
|     lastmodified: "2024-12-09T21:17:40Z" |     lastmodified: "2024-12-12T12:20:19Z" | ||||||
|     mac: ENC[AES256_GCM,data:HensJbPU1Kx9aQNUhdtFkX/6qdxj7yby6GeSruOT+HYEtoq0py/zvMtdCqmfjc4AOptYlXdgK7w30P976dG1esjlYwF07qtVvAbUqvExkksuV4zp81VKHMXUOAyiQK79kLe3rx6cvEdUDbOjZOsxN02eRrcanN+7rJS6f7vNN88=,iv:PlePCik6JcOtVBQhhOj9khhp2LwwfXBwAGpzu4ywhTA=,tag:Clz+xX1Cffs8Zpv2LdsGVA==,type:str] |     mac: ENC[AES256_GCM,data:D9/NAd/zrF6pHFdZjTUqI+u4WiwJqt0w5Y+SYCS1o/dAXJE/ajHzse/vCSGXZIjP0yqe+S/NyTvhf+stw2B4dk6Njtabjd+PhG0hR4L0X07FtFqzB3u5pLHCb0bH9QLG5zWcyMkwNiNTCvhRUZzbcqLEGqqJ7ZjZAEUfYSR+Jls=,iv:5xPfODPxtQjgbl8delUHsmhD0TI2gHjrxpHV+qiFE00=,tag:HHLo5G8jhy/sKB3R+sKmwQ==,type:str] | ||||||
|     pgp: |     pgp: | ||||||
|         - created_at: "2024-12-09T21:17:27Z" |         - created_at: "2024-12-09T21:17:27Z" | ||||||
|           enc: |- |           enc: |- | ||||||
| @@ -87,4 +87,4 @@ sops: | |||||||
|             -----END PGP MESSAGE----- |             -----END PGP MESSAGE----- | ||||||
|           fp: F7D37890228A907440E1FD4846B9228E814A2AAC |           fp: F7D37890228A907440E1FD4846B9228E814A2AAC | ||||||
|     unencrypted_suffix: _unencrypted |     unencrypted_suffix: _unencrypted | ||||||
|     version: 3.8.1 |     version: 3.9.2 | ||||||
|   | |||||||
							
								
								
									
										20
									
								
								shell.nix
									
									
									
									
									
								
							
							
						
						
									
										20
									
								
								shell.nix
									
									
									
									
									
								
							| @@ -11,14 +11,14 @@ pkgs.mkShellNoCC { | |||||||
|     editorconfig-checker |     editorconfig-checker | ||||||
|   ]; |   ]; | ||||||
|  |  | ||||||
|   shellHook = '' |   env = { | ||||||
|     export OS_AUTH_URL=https://api.stack.it.ntnu.no:5000 |     OS_AUTH_URL = "https://api.stack.it.ntnu.no:5000"; | ||||||
|     export OS_PROJECT_ID=b78432a088954cdc850976db13cfd61c |     OS_PROJECT_ID = "b78432a088954cdc850976db13cfd61c"; | ||||||
|     export OS_PROJECT_NAME="STUDORG_Programvareverkstedet" |     OS_PROJECT_NAME = "STUDORG_Programvareverkstedet"; | ||||||
|     export OS_USER_DOMAIN_NAME="NTNU" |     OS_USER_DOMAIN_NAME = "NTNU"; | ||||||
|     export OS_PROJECT_DOMAIN_ID="d3f99bcdaf974685ad0c74c2e5d259db" |     OS_PROJECT_DOMAIN_ID = "d3f99bcdaf974685ad0c74c2e5d259db"; | ||||||
|     export OS_REGION_NAME="NTNU-IT" |     OS_REGION_NAME = "NTNU-IT"; | ||||||
|     export OS_INTERFACE=public |     OS_INTERFACE = "public"; | ||||||
|     export OS_IDENTITY_API_VERSION=3 |     OS_IDENTITY_API_VERSION = "3"; | ||||||
|   ''; |   }; | ||||||
| } | } | ||||||
|   | |||||||
							
								
								
									
										120
									
								
								topology.nix
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										120
									
								
								topology.nix
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,120 @@ | |||||||
|  | { config, ... }: | ||||||
|  | let | ||||||
|  |   inherit | ||||||
|  |     (config.lib.topology) | ||||||
|  |     mkInternet | ||||||
|  |     mkRouter | ||||||
|  |     mkSwitch | ||||||
|  |     mkDevice | ||||||
|  |     mkConnection | ||||||
|  |     mkConnectionRev; | ||||||
|  |   values = import ./values.nix; | ||||||
|  | in { | ||||||
|  |  | ||||||
|  | ### Networks | ||||||
|  |  | ||||||
|  |   networks.pvv = { | ||||||
|  |     name = "PVV Network"; | ||||||
|  |     cidrv4 = values.ipv4-space; | ||||||
|  |     cidrv6 = values.ipv6-space; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   networks.site-vpn = { | ||||||
|  |     name = "OpenVPN Site to Site"; | ||||||
|  |     style = { | ||||||
|  |       primaryColor = "#9dd68d"; | ||||||
|  |       secondaryColor = null; | ||||||
|  |       pattern = "dashed"; | ||||||
|  |     }; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   networks.ntnu = { | ||||||
|  |     name = "NTNU"; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   nodes.internet = mkInternet { | ||||||
|  |     connections = mkConnection "ntnu" "wan1"; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   nodes.ntnu = mkRouter "NTNU" { | ||||||
|  |     interfaceGroups = [ ["wan1"] ["eth1" "eth2" "eth3"] ]; | ||||||
|  |     connections.eth1 = mkConnection "ntnu-pvv-router" "wan1"; | ||||||
|  |     connections.eth2 = mkConnection "ntnu-veggen" "wan1"; | ||||||
|  |     connections.eth3 = mkConnection "stackit" "*"; | ||||||
|  |     interfaces.eth1.network = "ntnu"; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  | ### Brus | ||||||
|  |  | ||||||
|  |   nodes.ntnu-pvv-router = mkRouter "NTNU PVV Gateway" { | ||||||
|  |     interfaceGroups = [ ["wan1"] ["eth1"] ]; | ||||||
|  |     connections.eth1 = mkConnection "brus-switch" "eth1"; | ||||||
|  |     interfaces.eth1.network = "pvv"; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   nodes.brus-switch = mkSwitch "Brus Switch" { | ||||||
|  |     interfaceGroups = [ ["eth1" "eth2" "eth3" "eth4" "eth5" "eth6" "eth7"] ]; | ||||||
|  |     connections.eth2 = mkConnection "bekkalokk" "enp2s0"; | ||||||
|  |     connections.eth3 = mkConnection "bicep" "enp6s0f0"; | ||||||
|  |     # connections.eth4 = mkConnection "buskerud" "enp3s0f0"; | ||||||
|  |     connections.eth5 = mkConnection "knutsen" "eth1"; | ||||||
|  |     connections.eth7 = mkConnection "joshua" "eth1"; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   nodes.knutsen = mkRouter "knutsen" { | ||||||
|  |     interfaceGroups = [ ["eth1"] ["eth2"] ["vpn1"] ]; | ||||||
|  |     connections.eth2 = mkConnectionRev "brus-switch" "eth6"; | ||||||
|  |     # connections.vpn1 = mkConnection "ludvigsen" "vpn1"; | ||||||
|  |     interfaces.vpn1.network = "site-vpn"; | ||||||
|  |     interfaces.vpn1.virtual = true; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   nodes.joshua = mkDevice "joshua" { | ||||||
|  |     interfaceGroups = [ ["eth1"] ]; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   nodes.shark = { | ||||||
|  |     guestType = "proxmox"; | ||||||
|  |     parent = config.nodes.joshua.id; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |  | ||||||
|  | ### PVV | ||||||
|  |  | ||||||
|  |   nodes.ntnu-veggen = mkRouter "NTNU-Veggen" { | ||||||
|  |     interfaceGroups = [ ["wan1"] ["eth1"] ]; | ||||||
|  |     connections.eth1 = mkConnection "ludvigsen" "eth1"; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   nodes.ludvigsen = mkRouter "ludvigsen" { | ||||||
|  |     interfaceGroups = [ ["eth1"] ["eth2"] ["vpn1"] ]; | ||||||
|  |     connections.eth2 = mkConnection "pvv-switch" "eth1"; | ||||||
|  |     interfaces.vpn1.network = "site-vpn"; | ||||||
|  |     interfaces.vpn1.virtual = true; | ||||||
|  |     interfaces.eth1.network = "ntnu"; | ||||||
|  |     interfaces.eth2.network = "pvv"; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   nodes.pvv-switch = mkSwitch "PVV Switch (Terminalrommet)" { | ||||||
|  |     interfaceGroups = [ ["eth1" "eth2" "eth3"] ]; | ||||||
|  |     connections.eth2 = mkConnection "brzeczyszczykiewicz" "eno1"; | ||||||
|  |     connections.eth3 = mkConnection "georg" "eno1"; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |  | ||||||
|  | ### Openstack | ||||||
|  |  | ||||||
|  |   nodes.stackit = mkDevice "stackit" { | ||||||
|  |     interfaceGroups = [ ["*"] ]; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  |   nodes.ildkule = { | ||||||
|  |     guestType = "openstack"; | ||||||
|  |     parent = config.nodes.stackit.id; | ||||||
|  |   }; | ||||||
|  |   nodes.bob = { | ||||||
|  |     guestType = "openstack"; | ||||||
|  |     parent = config.nodes.stackit.id; | ||||||
|  |   }; | ||||||
|  |  | ||||||
|  | } | ||||||
							
								
								
									
										14
									
								
								values.nix
									
									
									
									
									
								
							
							
						
						
									
										14
									
								
								values.nix
									
									
									
									
									
								
							| @@ -21,12 +21,6 @@ in rec { | |||||||
|       ipv4 = pvv-ipv4 213; |       ipv4 = pvv-ipv4 213; | ||||||
|       ipv6 = pvv-ipv6 213; |       ipv6 = pvv-ipv6 213; | ||||||
|     }; |     }; | ||||||
|     grevling-tap = { |  | ||||||
|       ipv4 = pvv-ipv4 251; |  | ||||||
|     }; |  | ||||||
|     tuba-tap = { |  | ||||||
|       ipv4 = pvv-ipv4 252; |  | ||||||
|     }; |  | ||||||
|   }; |   }; | ||||||
|  |  | ||||||
|   hosts = { |   hosts = { | ||||||
| @@ -70,14 +64,6 @@ in rec { | |||||||
|       ipv4 = pvv-ipv4 234; |       ipv4 = pvv-ipv4 234; | ||||||
|       ipv6 = pvv-ipv6 234; |       ipv6 = pvv-ipv6 234; | ||||||
|     }; |     }; | ||||||
|     grevling = { |  | ||||||
|       ipv4 = pvv-ipv4 198; |  | ||||||
|       ipv6 = pvv-ipv6 198; |  | ||||||
|     }; |  | ||||||
|     tuba = { |  | ||||||
|       ipv4 = pvv-ipv4 199; |  | ||||||
|       ipv6 = pvv-ipv6 199; |  | ||||||
|     }; |  | ||||||
|   }; |   }; | ||||||
|  |  | ||||||
|   defaultNetworkConfig = { |   defaultNetworkConfig = { | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user