forked from Drift/pvv-nixos-config
brzeczyszczykiewicz: init
This commit is contained in:
parent
5c529a0233
commit
87a7b17b49
54
flake.lock
54
flake.lock
|
@ -1,5 +1,45 @@
|
||||||
{
|
{
|
||||||
"nodes": {
|
"nodes": {
|
||||||
|
"grzegorz": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"unstable"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1693865095,
|
||||||
|
"narHash": "sha256-cU0zWNAF+3RCXuKl05RUS0uR0LhaH05RpXnQS02cRa0=",
|
||||||
|
"owner": "Programvareverkstedet",
|
||||||
|
"repo": "grzegorz",
|
||||||
|
"rev": "973c15af7ab2195eaad4b09bc9e80fef96a744c4",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "Programvareverkstedet",
|
||||||
|
"repo": "grzegorz",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"grzegorz-clients": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1693864994,
|
||||||
|
"narHash": "sha256-oLDiWdCKDtEfeGzfAuDTq+n9VWp6JCo67PEESEZ3y8E=",
|
||||||
|
"owner": "Programvareverkstedet",
|
||||||
|
"repo": "grzegorz-clients",
|
||||||
|
"rev": "a38a0b0fb31ad0ad78a91458cb2c7f77f686468f",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "Programvareverkstedet",
|
||||||
|
"repo": "grzegorz-clients",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"matrix-next": {
|
"matrix-next": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs-lib": "nixpkgs-lib"
|
"nixpkgs-lib": "nixpkgs-lib"
|
||||||
|
@ -20,11 +60,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1694526311,
|
"lastModified": 1694778746,
|
||||||
"narHash": "sha256-Y9LCYQBNX7McW0o8x6wT9tx2qy9TVuF84fe62zrQzyA=",
|
"narHash": "sha256-6T+tR0Ik/7hzYkVKJ32PqghuGwVZzLbicUZFcyC8Eus=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "36bee398beca22e2428074e0a2e068d87f801718",
|
"rev": "19969392ddb1182c46bd2dd3f183472a4f8cc904",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -87,6 +127,8 @@
|
||||||
},
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
|
"grzegorz": "grzegorz",
|
||||||
|
"grzegorz-clients": "grzegorz-clients",
|
||||||
"matrix-next": "matrix-next",
|
"matrix-next": "matrix-next",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
"pvv-calendar-bot": "pvv-calendar-bot",
|
"pvv-calendar-bot": "pvv-calendar-bot",
|
||||||
|
@ -117,11 +159,11 @@
|
||||||
},
|
},
|
||||||
"unstable": {
|
"unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1694534540,
|
"lastModified": 1694872002,
|
||||||
"narHash": "sha256-Cc0Ku0qJZDDx/0kII+0xD94L25EKw4EQzOLm0R9iZO4=",
|
"narHash": "sha256-SkZP+NTAzavvjHFvdZJrSMfFUEmg9pTY5w7lYsrN2jU=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "f22a472661d66c655eae5b0a01ada71e4e13e405",
|
"rev": "3ee07e9bce77fd2784c40fbd4e2a2a656c0a8ec1",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
15
flake.nix
15
flake.nix
|
@ -12,6 +12,11 @@
|
||||||
pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
|
pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
|
||||||
matrix-next.url = "github:dali99/nixos-matrix-modules";
|
matrix-next.url = "github:dali99/nixos-matrix-modules";
|
||||||
|
|
||||||
|
grzegorz.url = "github:Programvareverkstedet/grzegorz";
|
||||||
|
grzegorz.inputs.nixpkgs.follows = "unstable";
|
||||||
|
grzegorz-clients.url = "github:Programvareverkstedet/grzegorz-clients";
|
||||||
|
grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, matrix-next, pvv-calendar-bot, unstable, sops-nix, ... }@inputs:
|
outputs = { self, nixpkgs, matrix-next, pvv-calendar-bot, unstable, sops-nix, ... }@inputs:
|
||||||
|
@ -66,6 +71,16 @@
|
||||||
ildkule = stableNixosConfig "ildkule" { };
|
ildkule = stableNixosConfig "ildkule" { };
|
||||||
#ildkule-unstable = unstableNixosConfig "ildkule" { };
|
#ildkule-unstable = unstableNixosConfig "ildkule" { };
|
||||||
shark = stableNixosConfig "shark" { };
|
shark = stableNixosConfig "shark" { };
|
||||||
|
|
||||||
|
brzeczyszczykiewicz = stableNixosConfig "brzeczyszczykiewicz" {
|
||||||
|
modules = [
|
||||||
|
./hosts/brzeczyszczykiewicz/configuration.nix
|
||||||
|
sops-nix.nixosModules.sops
|
||||||
|
|
||||||
|
inputs.grzegorz.nixosModules.grzegorz-kiosk
|
||||||
|
inputs.grzegorz-clients.nixosModules.grzegorz-webui
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
devShells = forAllSystems (system: {
|
devShells = forAllSystems (system: {
|
||||||
|
|
|
@ -0,0 +1,36 @@
|
||||||
|
{ config, pkgs, values, ... }:
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
# Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
../../base.nix
|
||||||
|
../../misc/metrics-exporters.nix
|
||||||
|
|
||||||
|
../../modules/grzegorz.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
networking.hostName = "brzeczyszczykiewicz";
|
||||||
|
|
||||||
|
systemd.network.networks."30-eno1" = values.defaultNetworkConfig // {
|
||||||
|
matchConfig.Name = "eno1";
|
||||||
|
address = with values.hosts.brzeczyszczykiewicz; [ (ipv4 + "/25") (ipv6 + "/64") ];
|
||||||
|
};
|
||||||
|
|
||||||
|
# List packages installed in system profile
|
||||||
|
environment.systemPackages = with pkgs; [
|
||||||
|
];
|
||||||
|
|
||||||
|
# List services that you want to enable:
|
||||||
|
|
||||||
|
# This value determines the NixOS release from which the default
|
||||||
|
# settings for stateful data, like file locations and database versions
|
||||||
|
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||||
|
# this value at the release version of the first install of this system.
|
||||||
|
# Before changing this value read the documentation for this option
|
||||||
|
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||||
|
system.stateVersion = "23.05"; # Did you read the comment?
|
||||||
|
|
||||||
|
}
|
|
@ -0,0 +1,39 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{ device = "/dev/disk/by-uuid/4e8667f8-55de-4103-8369-b94665f42204";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{ device = "/dev/disk/by-uuid/82E3-3D03";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices =
|
||||||
|
[ { device = "/dev/disk/by-uuid/d0bf9a21-44bc-44a3-ae55-8f0971875883"; }
|
||||||
|
];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.eno1.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
|
@ -0,0 +1,62 @@
|
||||||
|
{config, lib, pkgs, ...}:
|
||||||
|
let
|
||||||
|
grg = config.services.grzegorz;
|
||||||
|
grgw = config.services.grzegorz-webui;
|
||||||
|
in {
|
||||||
|
services.pipewire.enable = true;
|
||||||
|
services.pipewire.alsa.enable = true;
|
||||||
|
services.pipewire.alsa.support32Bit = true;
|
||||||
|
services.pipewire.pulse.enable = true;
|
||||||
|
|
||||||
|
users.users.pvv = {
|
||||||
|
isNormalUser = true;
|
||||||
|
description = "pvv";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.grzegorz.enable = true;
|
||||||
|
services.grzegorz.listenAddr = "localhost";
|
||||||
|
services.grzegorz.listenPort = 31337;
|
||||||
|
|
||||||
|
services.grzegorz-webui.enable = true;
|
||||||
|
services.grzegorz-webui.listenAddr = "localhost";
|
||||||
|
services.grzegorz-webui.listenPort = 42069;
|
||||||
|
services.grzegorz-webui.listenWebsocketPort = 42042;
|
||||||
|
services.grzegorz-webui.hostName = "${config.networking.fqdn}";
|
||||||
|
services.grzegorz-webui.apiBase = "http://${toString grg.listenAddr}:${toString grg.listenPort}/api";
|
||||||
|
|
||||||
|
security.acme.acceptTerms = true;
|
||||||
|
security.acme.defaults.email = "pederbs@pvv.ntnu.no";
|
||||||
|
|
||||||
|
services.nginx.enable = true;
|
||||||
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
||||||
|
services.nginx.virtualHosts."${config.networking.fqdn}" = {
|
||||||
|
forceSSL = true;
|
||||||
|
enableACME = true;
|
||||||
|
serverAliases = [
|
||||||
|
"${config.networking.hostName}.pvv.org"
|
||||||
|
];
|
||||||
|
extraConfig = ''
|
||||||
|
allow 129.241.210.128/25;
|
||||||
|
allow 2001:700:300:1900::/64;
|
||||||
|
deny all;
|
||||||
|
'';
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://localhost:${builtins.toString config.services.grzegorz-webui.listenPort}";
|
||||||
|
};
|
||||||
|
# https://github.com/rawpython/remi/issues/216
|
||||||
|
locations."/websocket" = {
|
||||||
|
proxyPass = "http://localhost:${builtins.toString config.services.grzegorz-webui.listenWebsocketPort}";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
locations."/api" = {
|
||||||
|
proxyPass = "http://localhost:${builtins.toString config.services.grzegorz.listenPort}";
|
||||||
|
};
|
||||||
|
locations."/docs" = {
|
||||||
|
proxyPass = "http://localhost:${builtins.toString config.services.grzegorz.listenPort}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
||||||
|
|
|
@ -41,6 +41,10 @@ in rec {
|
||||||
ipv4 = pvv-ipv4 196;
|
ipv4 = pvv-ipv4 196;
|
||||||
ipv6 = pvv-ipv6 196;
|
ipv6 = pvv-ipv6 196;
|
||||||
};
|
};
|
||||||
|
brzeczyszczykiewicz = {
|
||||||
|
ipv4 = pvv-ipv4 205;
|
||||||
|
ipv6 = pvv-ipv6 "1:50"; # Wtf peder why
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
defaultNetworkConfig = {
|
defaultNetworkConfig = {
|
||||||
|
|
Loading…
Reference in New Issue