From ae1a91bc2dea6e36dda7ae0dafaa089a9dbc8a83 Mon Sep 17 00:00:00 2001 From: System administrator Date: Wed, 15 Dec 2021 18:14:48 +0100 Subject: [PATCH] modularize configuration --- .gitignore | 2 + configuration.nix | 94 +------------------------------ hosts/jokum/configuration.nix | 101 ++++++++++++++++++++++++++++++++++ services/matrix/synapse.nix | 81 ++++++++++++++++++++++++++- users/default.nix | 20 +++++++ users/oysteikt.nix | 9 +++ 6 files changed, 213 insertions(+), 94 deletions(-) create mode 100644 .gitignore mode change 100644 => 120000 configuration.nix create mode 100644 hosts/jokum/configuration.nix create mode 100644 users/default.nix create mode 100644 users/oysteikt.nix diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..8de49b64 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +result* +hardware-configuration.nix diff --git a/configuration.nix b/configuration.nix deleted file mode 100644 index 4ad441d3..00000000 --- a/configuration.nix +++ /dev/null @@ -1,93 +0,0 @@ -{ config, pkgs, ... }: -let - unstable = import { }; -in -{ - imports = [ # Include the results of the hardware scan. - ./hardware-configuration.nix - ./services/matrix - ./services/nginx - ./services/postgres - ]; - - - nixpkgs.config.packageOverrides = pkgs: { - inherit unstable; - }; - - # Use the GRUB 2 boot loader. - boot.loader.grub.enable = true; - boot.loader.grub.version = 2; - boot.loader.grub.devices = [ "/dev/sda" ]; - - networking.hostName = "jokum"; # Define your hostname. - networking.domain = "pvv.ntnu.no"; - - # Set your time zone. - time.timeZone = "Europe/Oslo"; - - # The global useDHCP flag is deprecated, therefore explicitly set to false here. - # Per-interface useDHCP will be mandatory in the future, so this generated config - # replicates the default behaviour. - networking.useDHCP = false; - networking.interfaces.ens18.useDHCP = false; - - networking.defaultGateway = "129.241.210.129"; - networking.interfaces.ens18.ipv4 = { - addresses = [ - { - address = "129.241.210.169"; - prefixLength = 25; - } - ]; - }; - networking.interfaces.ens18.ipv6 = { - addresses = [ - { - address = "2001:700:300:1900::169"; - prefixLength = 64; - } - ]; - }; - networking.nameservers = [ "129.241.0.200" "129.241.0.201" ]; - - # Select internationalisation properties. - i18n.defaultLocale = "en_US.UTF-8"; - console = { - font = "Lat2-Terminus16"; - keyMap = "no"; - }; - - - # Define a user account. Don't forget to set a password with ‘passwd’. - # users.users.jane = { - # isNormalUser = true; - # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. - # }; - - # List packages installed in system profile - environment.systemPackages = with pkgs; [ - git - vim - nano - wget - tmux - kitty.terminfo - ]; - - # List services that you want to enable: - - # Enable the OpenSSH daemon. - services.openssh.enable = true; - services.openssh.permitRootLogin = "yes"; - - # This value determines the NixOS release from which the default - # settings for stateful data, like file locations and database versions - # on your system were taken. It‘s perfectly fine and recommended to leave - # this value at the release version of the first install of this system. - # Before changing this value read the documentation for this option - # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "21.05"; # Did you read the comment? - -} - diff --git a/configuration.nix b/configuration.nix new file mode 120000 index 00000000..a8829c8e --- /dev/null +++ b/configuration.nix @@ -0,0 +1 @@ +hosts/jokum/configuration.nix \ No newline at end of file diff --git a/hosts/jokum/configuration.nix b/hosts/jokum/configuration.nix new file mode 100644 index 00000000..2e0a0c2c --- /dev/null +++ b/hosts/jokum/configuration.nix @@ -0,0 +1,101 @@ +{ config, pkgs, ... }: +let + unstable = import { }; +in +{ + imports = [ + # Include the results of the hardware scan. + ../../hardware-configuration.nix + + # Users can just import any configuration they want even for non-user things. Improve the users/default.nix to just load some specific attributes if this isn't wanted + ../../users + + ../../modules/rust-motd.nix + + ../../services/matrix + ../../services/nginx + ../../services/postgres + ]; + + + # Allow accessing through pkgs.unstable.* + nixpkgs.config.packageOverrides = pkgs: { + inherit unstable; + }; + + # Use the GRUB 2 boot loader. + boot.loader.grub.enable = true; + boot.loader.grub.version = 2; + boot.loader.grub.devices = [ "/dev/sda" ]; + + networking.hostName = "jokum"; # Define your hostname. + networking.domain = "pvv.ntnu.no"; + + # Set your time zone. + time.timeZone = "Europe/Oslo"; + + # The global useDHCP flag is deprecated, therefore explicitly set to false here. + # Per-interface useDHCP will be mandatory in the future, so this generated config + # replicates the default behaviour. + networking.useDHCP = false; + networking.interfaces.ens18.useDHCP = false; + + networking.defaultGateway = "129.241.210.129"; + networking.interfaces.ens18.ipv4 = { + addresses = [ + { + address = "129.241.210.169"; + prefixLength = 25; + } + ]; + }; + networking.interfaces.ens18.ipv6 = { + addresses = [ + { + address = "2001:700:300:1900::169"; + prefixLength = 64; + } + ]; + }; + networking.nameservers = [ "129.241.0.200" "129.241.0.201" ]; + + # Select internationalisation properties. + i18n.defaultLocale = "en_US.UTF-8"; + console = { + font = "Lat2-Terminus16"; + keyMap = "no"; + }; + + + # Define a user account. Don't forget to set a password with ‘passwd’. + # users.users.jane = { + # isNormalUser = true; + # extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + # }; + + # List packages installed in system profile + environment.systemPackages = with pkgs; [ + git + vim + nano + wget + tmux + kitty.terminfo + ]; + + # List services that you want to enable: + + # Enable the OpenSSH daemon. + services.openssh.enable = true; + services.openssh.permitRootLogin = "yes"; + + # This value determines the NixOS release from which the default + # settings for stateful data, like file locations and database versions + # on your system were taken. It‘s perfectly fine and recommended to leave + # this value at the release version of the first install of this system. + # Before changing this value read the documentation for this option + # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). + system.stateVersion = "21.05"; # Did you read the comment? + +} + diff --git a/services/matrix/synapse.nix b/services/matrix/synapse.nix index a24830ea..7a494d81 100644 --- a/services/matrix/synapse.nix +++ b/services/matrix/synapse.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, lib, pkgs, ... }: let cfg = config.services.matrix-synapse-next; @@ -69,6 +69,85 @@ in use_presence = true; + + saml2_config = { + sp_config.metadata.remote = [ + { url = "https://idp.pvv.ntnu.no/simplesaml/saml2/idp/metadata.php"; } + ]; + + description = [ "Matrix Synapse SP" "en" ]; + name = [ "Matrix Synapse SP" "en" ]; + + ui_info = { + display_name = [ + { + lang = "en"; + text = "PVV Matrix login"; + } + ]; + description = [ + { + lang = "en"; + text = "Matrix is a modern free and open federated chat protocol"; + } + ]; + #information_url = [ + # { + # lang = "en"; + # text = ""; + # }; + #]; + #privacy_statement_url = [ + # { + # lang = "en"; + # text = ""; + # }; + #]; + keywords = [ + { + lang = "en"; + text = [ "Matrix" "Element" ]; + } + ]; + #logo = [ + # { + # lang = "en"; + # text = ""; + # width = ""; + # height = ""; + # } + #]; + }; + + organization = { + name = "Programvareverkstedet"; + display_name = [ "Programvareverkstedet" "en" ]; + url = "https://www.pvv.ntnu.no"; + }; + contact_person = [ + { + given_name = "Drift"; + sur_name = "King"; + email_adress = [ "drift@pvv.ntnu.no" ]; + contact_type = "technical"; + } + ]; + + user_mapping_provider = { + config = { + mxid_source_attribute = "uid"; # What is this supposed to be? + mxid_mapping = "hexencode"; + }; + }; + + #attribute_requirements = [ + # {attribute = "userGroup"; value = "medlem";} # Do we have this? + #]; + + }; + + password_config.enable = lib.mkForce false; + signing_key_path = "${cfg.dataDir}/homeserver.signing.key"; media_store_path = "${cfg.dataDir}/media"; diff --git a/users/default.nix b/users/default.nix new file mode 100644 index 00000000..3d16fb49 --- /dev/null +++ b/users/default.nix @@ -0,0 +1,20 @@ +{lib, ...}: +with lib; +let + # get all files in folder + getDir = dir: builtins.readDir dir; + + # find all files ending in ".nix" which are not this file, or directories, which may or may not contain a default.nix + files = dir: filterAttrs + (file: type: (type == "regular" && hasSuffix ".nix" file && file != "default.nix") || type == "directory") + (getDir dir); + # Turn the attrset into a list of the filenames + flatten = dir: mapAttrsToList (file: type: file) (files dir); + # Turn the filenames into absolute paths + makeAbsolute = dir: map (file: ./. + "/${file}") (flatten dir); +in +{ + + imports = makeAbsolute ./.; + +} diff --git a/users/oysteikt.nix b/users/oysteikt.nix new file mode 100644 index 00000000..8d0b1659 --- /dev/null +++ b/users/oysteikt.nix @@ -0,0 +1,9 @@ +{pkgs, ...}: + +{ + users.users.oysteikt = { + isNormalUser = true; + #extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user. + shell = pkgs.zsh; + }; +}