From 87a7b17b49ac60ef9b519bcaa56e2b0185213bb2 Mon Sep 17 00:00:00 2001 From: Daniel Olsen Date: Sun, 3 Sep 2023 01:06:48 +0200 Subject: [PATCH] brzeczyszczykiewicz: init --- flake.lock | 54 ++++++++++++++-- flake.nix | 15 +++++ hosts/brzeczyszczykiewicz/configuration.nix | 36 +++++++++++ .../hardware-configuration.nix | 39 ++++++++++++ modules/grzegorz.nix | 62 +++++++++++++++++++ values.nix | 4 ++ 6 files changed, 204 insertions(+), 6 deletions(-) create mode 100644 hosts/brzeczyszczykiewicz/configuration.nix create mode 100644 hosts/brzeczyszczykiewicz/hardware-configuration.nix create mode 100644 modules/grzegorz.nix diff --git a/flake.lock b/flake.lock index 91daed25..819396c9 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,45 @@ { "nodes": { + "grzegorz": { + "inputs": { + "nixpkgs": [ + "unstable" + ] + }, + "locked": { + "lastModified": 1693865095, + "narHash": "sha256-cU0zWNAF+3RCXuKl05RUS0uR0LhaH05RpXnQS02cRa0=", + "owner": "Programvareverkstedet", + "repo": "grzegorz", + "rev": "973c15af7ab2195eaad4b09bc9e80fef96a744c4", + "type": "github" + }, + "original": { + "owner": "Programvareverkstedet", + "repo": "grzegorz", + "type": "github" + } + }, + "grzegorz-clients": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1693864994, + "narHash": "sha256-oLDiWdCKDtEfeGzfAuDTq+n9VWp6JCo67PEESEZ3y8E=", + "owner": "Programvareverkstedet", + "repo": "grzegorz-clients", + "rev": "a38a0b0fb31ad0ad78a91458cb2c7f77f686468f", + "type": "github" + }, + "original": { + "owner": "Programvareverkstedet", + "repo": "grzegorz-clients", + "type": "github" + } + }, "matrix-next": { "inputs": { "nixpkgs-lib": "nixpkgs-lib" @@ -20,11 +60,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1694526311, - "narHash": "sha256-Y9LCYQBNX7McW0o8x6wT9tx2qy9TVuF84fe62zrQzyA=", + "lastModified": 1694778746, + "narHash": "sha256-6T+tR0Ik/7hzYkVKJ32PqghuGwVZzLbicUZFcyC8Eus=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "36bee398beca22e2428074e0a2e068d87f801718", + "rev": "19969392ddb1182c46bd2dd3f183472a4f8cc904", "type": "github" }, "original": { @@ -87,6 +127,8 @@ }, "root": { "inputs": { + "grzegorz": "grzegorz", + "grzegorz-clients": "grzegorz-clients", "matrix-next": "matrix-next", "nixpkgs": "nixpkgs", "pvv-calendar-bot": "pvv-calendar-bot", @@ -117,11 +159,11 @@ }, "unstable": { "locked": { - "lastModified": 1694534540, - "narHash": "sha256-Cc0Ku0qJZDDx/0kII+0xD94L25EKw4EQzOLm0R9iZO4=", + "lastModified": 1694872002, + "narHash": "sha256-SkZP+NTAzavvjHFvdZJrSMfFUEmg9pTY5w7lYsrN2jU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f22a472661d66c655eae5b0a01ada71e4e13e405", + "rev": "3ee07e9bce77fd2784c40fbd4e2a2a656c0a8ec1", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 775ad5b4..a86e7931 100644 --- a/flake.nix +++ b/flake.nix @@ -12,6 +12,11 @@ pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs"; matrix-next.url = "github:dali99/nixos-matrix-modules"; + + grzegorz.url = "github:Programvareverkstedet/grzegorz"; + grzegorz.inputs.nixpkgs.follows = "unstable"; + grzegorz-clients.url = "github:Programvareverkstedet/grzegorz-clients"; + grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs"; }; outputs = { self, nixpkgs, matrix-next, pvv-calendar-bot, unstable, sops-nix, ... }@inputs: @@ -66,6 +71,16 @@ ildkule = stableNixosConfig "ildkule" { }; #ildkule-unstable = unstableNixosConfig "ildkule" { }; shark = stableNixosConfig "shark" { }; + + brzeczyszczykiewicz = stableNixosConfig "brzeczyszczykiewicz" { + modules = [ + ./hosts/brzeczyszczykiewicz/configuration.nix + sops-nix.nixosModules.sops + + inputs.grzegorz.nixosModules.grzegorz-kiosk + inputs.grzegorz-clients.nixosModules.grzegorz-webui + ]; + }; }; devShells = forAllSystems (system: { diff --git a/hosts/brzeczyszczykiewicz/configuration.nix b/hosts/brzeczyszczykiewicz/configuration.nix new file mode 100644 index 00000000..80ad098b --- /dev/null +++ b/hosts/brzeczyszczykiewicz/configuration.nix @@ -0,0 +1,36 @@ +{ config, pkgs, values, ... }: +{ + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + ../../base.nix + ../../misc/metrics-exporters.nix + + ../../modules/grzegorz.nix + ]; + + boot.loader.systemd-boot.enable = true; + boot.loader.efi.canTouchEfiVariables = true; + + networking.hostName = "brzeczyszczykiewicz"; + + systemd.network.networks."30-eno1" = values.defaultNetworkConfig // { + matchConfig.Name = "eno1"; + address = with values.hosts.brzeczyszczykiewicz; [ (ipv4 + "/25") (ipv6 + "/64") ]; + }; + + # List packages installed in system profile + environment.systemPackages = with pkgs; [ + ]; + + # List services that you want to enable: + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "23.05"; # Did you read the comment? + +} diff --git a/hosts/brzeczyszczykiewicz/hardware-configuration.nix b/hosts/brzeczyszczykiewicz/hardware-configuration.nix new file mode 100644 index 00000000..0e22aa90 --- /dev/null +++ b/hosts/brzeczyszczykiewicz/hardware-configuration.nix @@ -0,0 +1,39 @@ +# Do not modify this file! It was generated by ‘nixos-generate-config’ +# and may be overwritten by future invocations. Please make changes +# to /etc/nixos/configuration.nix instead. +{ config, lib, pkgs, modulesPath, ... }: + +{ + imports = + [ (modulesPath + "/installer/scan/not-detected.nix") + ]; + + boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ]; + boot.initrd.kernelModules = [ ]; + boot.kernelModules = [ "kvm-intel" ]; + boot.extraModulePackages = [ ]; + + fileSystems."/" = + { device = "/dev/disk/by-uuid/4e8667f8-55de-4103-8369-b94665f42204"; + fsType = "ext4"; + }; + + fileSystems."/boot" = + { device = "/dev/disk/by-uuid/82E3-3D03"; + fsType = "vfat"; + }; + + swapDevices = + [ { device = "/dev/disk/by-uuid/d0bf9a21-44bc-44a3-ae55-8f0971875883"; } + ]; + + # Enables DHCP on each ethernet and wireless interface. In case of scripted networking + # (the default) this is the recommended approach. When using systemd-networkd it's + # still possible to use this option, but it's recommended to use it in conjunction + # with explicit per-interface declarations with `networking.interfaces..useDHCP`. + networking.useDHCP = lib.mkDefault true; + # networking.interfaces.eno1.useDHCP = lib.mkDefault true; + + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; + hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; +} diff --git a/modules/grzegorz.nix b/modules/grzegorz.nix new file mode 100644 index 00000000..0bd9b74d --- /dev/null +++ b/modules/grzegorz.nix @@ -0,0 +1,62 @@ +{config, lib, pkgs, ...}: +let + grg = config.services.grzegorz; + grgw = config.services.grzegorz-webui; +in { + services.pipewire.enable = true; + services.pipewire.alsa.enable = true; + services.pipewire.alsa.support32Bit = true; + services.pipewire.pulse.enable = true; + + users.users.pvv = { + isNormalUser = true; + description = "pvv"; + }; + + services.grzegorz.enable = true; + services.grzegorz.listenAddr = "localhost"; + services.grzegorz.listenPort = 31337; + + services.grzegorz-webui.enable = true; + services.grzegorz-webui.listenAddr = "localhost"; + services.grzegorz-webui.listenPort = 42069; + services.grzegorz-webui.listenWebsocketPort = 42042; + services.grzegorz-webui.hostName = "${config.networking.fqdn}"; + services.grzegorz-webui.apiBase = "http://${toString grg.listenAddr}:${toString grg.listenPort}/api"; + + security.acme.acceptTerms = true; + security.acme.defaults.email = "pederbs@pvv.ntnu.no"; + + services.nginx.enable = true; + networking.firewall.allowedTCPPorts = [ 80 443 ]; + + services.nginx.virtualHosts."${config.networking.fqdn}" = { + forceSSL = true; + enableACME = true; + serverAliases = [ + "${config.networking.hostName}.pvv.org" + ]; + extraConfig = '' + allow 129.241.210.128/25; + allow 2001:700:300:1900::/64; + deny all; + ''; + + locations."/" = { + proxyPass = "http://localhost:${builtins.toString config.services.grzegorz-webui.listenPort}"; + }; + # https://github.com/rawpython/remi/issues/216 + locations."/websocket" = { + proxyPass = "http://localhost:${builtins.toString config.services.grzegorz-webui.listenWebsocketPort}"; + proxyWebsockets = true; + }; + locations."/api" = { + proxyPass = "http://localhost:${builtins.toString config.services.grzegorz.listenPort}"; + }; + locations."/docs" = { + proxyPass = "http://localhost:${builtins.toString config.services.grzegorz.listenPort}"; + }; + }; + +} + diff --git a/values.nix b/values.nix index c3a1fb77..3d8dcc66 100644 --- a/values.nix +++ b/values.nix @@ -41,6 +41,10 @@ in rec { ipv4 = pvv-ipv4 196; ipv6 = pvv-ipv6 196; }; + brzeczyszczykiewicz = { + ipv4 = pvv-ipv4 205; + ipv6 = pvv-ipv6 "1:50"; # Wtf peder why + }; }; defaultNetworkConfig = {