forked from Drift/pvv-nixos-config
Compare commits
1 Commits
main
...
nettsiden-
Author | SHA1 | Date | |
---|---|---|---|
2f9bda6fd6 |
@ -26,7 +26,7 @@ Det er sikkert lurt å lage en PR først om du ikke er vandt til nix enda.
|
||||
Innen 24h skal alle systemene hente ned den nye konfigurasjonen og deploye den.
|
||||
|
||||
Du kan tvinge en maskin til å oppdatere seg før dette ved å kjøre:
|
||||
`nixos-rebuild switch --update-input nixpkgs --update-input nixpkgs-unstable --no-write-lock-file --refresh --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git --upgrade`
|
||||
`nixos-rebuild switch --update-input nixpkgs --update-input unstable --no-write-lock-file --refresh --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git --upgrade`
|
||||
|
||||
som root på maskinen.
|
||||
|
||||
|
5
base.nix
5
base.nix
@ -32,7 +32,7 @@
|
||||
flake = "git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git";
|
||||
flags = [
|
||||
"--update-input" "nixpkgs"
|
||||
"--update-input" "nixpkgs-unstable"
|
||||
"--update-input" "unstable"
|
||||
"--no-write-lock-file"
|
||||
];
|
||||
};
|
||||
@ -71,9 +71,6 @@
|
||||
|
||||
users.groups."drift".name = "drift";
|
||||
|
||||
# Trusted users on the nix builder machines
|
||||
users.groups."nix-builder-users".name = "nix-builder-users";
|
||||
|
||||
services.openssh = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
|
88
flake.lock
generated
88
flake.lock
generated
@ -1,29 +1,9 @@
|
||||
{
|
||||
"nodes": {
|
||||
"disko": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1700927249,
|
||||
"narHash": "sha256-iqmIWiEng890/ru7ZBf4nUezFPyRm2fjRTvuwwxqk2o=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "3cb78c93e6a02f494aaf6aeb37481c27a2e2ee22",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"grzegorz": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs-unstable"
|
||||
"unstable"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
@ -65,33 +45,33 @@
|
||||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1697936579,
|
||||
"narHash": "sha256-nMyepKnwoHMzu2OpXvG2ZhU081TV9ENmWCo0vWxs6AI=",
|
||||
"lastModified": 1697420972,
|
||||
"narHash": "sha256-eFDasOzXAN8VswUntNBBwvKFyVKFvmwRNNVTDfGdB3M=",
|
||||
"owner": "dali99",
|
||||
"repo": "nixos-matrix-modules",
|
||||
"rev": "e09814657187c8ed1a5fe1646df6d8da1eb2dee9",
|
||||
"rev": "1e370b96223b94d52006249a60033caaea605c65",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "dali99",
|
||||
"repo": "nixos-matrix-modules",
|
||||
"rev": "e09814657187c8ed1a5fe1646df6d8da1eb2dee9",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1701362232,
|
||||
"narHash": "sha256-GVdzxL0lhEadqs3hfRLuj+L1OJFGiL/L7gCcelgBlsw=",
|
||||
"lastModified": 1697706247,
|
||||
"narHash": "sha256-nWLggeUxn/l8JrcQr9f+RfnCXp8cn0BN568PjMJh9ko=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "d2332963662edffacfddfad59ff4f709dde80ffe",
|
||||
"rev": "4ee5b576ac2861a818950aea99f609d7a6fc02a3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-23.05-small",
|
||||
"type": "indirect"
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-lib": {
|
||||
@ -111,11 +91,11 @@
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1700905716,
|
||||
"narHash": "sha256-w1vHn2MbGfdC+CrP3xLZ3scsI06N0iQLU7eTHIVEFGw=",
|
||||
"lastModified": 1697332183,
|
||||
"narHash": "sha256-ACYvYsgLETfEI2xM1jjp8ZLVNGGC0onoCGe+69VJGGE=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "dfb95385d21475da10b63da74ae96d89ab352431",
|
||||
"rev": "0e1cff585c1a85aeab059d3109f66134a8f76935",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -125,21 +105,6 @@
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1701368325,
|
||||
"narHash": "sha256-3OqZyi2EdopJxpxwrySPyCTuCvfBY4oXTLVgQ4B6qDg=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "3934dbde4f4a0e266825348bc4ad1bdd00a8d6a3",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"id": "nixpkgs",
|
||||
"ref": "nixos-unstable-small",
|
||||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"pvv-calendar-bot": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
@ -162,14 +127,13 @@
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"disko": "disko",
|
||||
"grzegorz": "grzegorz",
|
||||
"grzegorz-clients": "grzegorz-clients",
|
||||
"matrix-next": "matrix-next",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
"pvv-calendar-bot": "pvv-calendar-bot",
|
||||
"sops-nix": "sops-nix"
|
||||
"sops-nix": "sops-nix",
|
||||
"unstable": "unstable"
|
||||
}
|
||||
},
|
||||
"sops-nix": {
|
||||
@ -180,11 +144,11 @@
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1701127353,
|
||||
"narHash": "sha256-qVNX0wOl0b7+I35aRu78xUphOyELh+mtUp1KBx89K1Q=",
|
||||
"lastModified": 1697339241,
|
||||
"narHash": "sha256-ITsFtEtRbCBeEH9XrES1dxZBkE1fyNNUfIyQjQ2AYQs=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "b1edbf5c0464b4cced90a3ba6f999e671f0af631",
|
||||
"rev": "51186b8012068c417dac7c31fb12861726577898",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
@ -192,6 +156,22 @@
|
||||
"repo": "sops-nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1697713104,
|
||||
"narHash": "sha256-DN7YOyKMCpAVeZ44N42LrujtTkoerkS9+kTufQiuntY=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "6be2c349a30fcb489a3153dd331e9df387ab6449",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable-small",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
|
39
flake.nix
39
flake.nix
@ -2,28 +2,24 @@
|
||||
description = "PVV System flake";
|
||||
|
||||
inputs = {
|
||||
nixpkgs.url = "nixpkgs/nixos-23.05-small";
|
||||
nixpkgs-unstable.url = "nixpkgs/nixos-unstable-small";
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.05-small";
|
||||
unstable.url = "github:NixOS/nixpkgs/nixos-unstable-small";
|
||||
|
||||
sops-nix.url = "github:Mic92/sops-nix";
|
||||
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
disko.url = "github:nix-community/disko";
|
||||
disko.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git";
|
||||
pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
||||
# Last release compatible with 23.05
|
||||
matrix-next.url = "github:dali99/nixos-matrix-modules/e09814657187c8ed1a5fe1646df6d8da1eb2dee9";
|
||||
matrix-next.url = "github:dali99/nixos-matrix-modules";
|
||||
|
||||
grzegorz.url = "github:Programvareverkstedet/grzegorz";
|
||||
grzegorz.inputs.nixpkgs.follows = "nixpkgs-unstable";
|
||||
grzegorz.inputs.nixpkgs.follows = "unstable";
|
||||
grzegorz-clients.url = "github:Programvareverkstedet/grzegorz-clients";
|
||||
grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, nixpkgs-unstable, sops-nix, disko, ... }@inputs:
|
||||
outputs = { self, nixpkgs, matrix-next, pvv-calendar-bot, unstable, sops-nix, ... }@inputs:
|
||||
let
|
||||
nixlib = nixpkgs.lib;
|
||||
systems = [
|
||||
@ -46,7 +42,7 @@
|
||||
rec {
|
||||
system = "x86_64-linux";
|
||||
specialArgs = {
|
||||
inherit nixpkgs-unstable inputs;
|
||||
inherit unstable inputs;
|
||||
values = import ./values.nix;
|
||||
};
|
||||
|
||||
@ -61,7 +57,7 @@
|
||||
(final: prev: {
|
||||
mx-puppet-discord = prev.mx-puppet-discord.override { nodejs_14 = final.nodejs_18; };
|
||||
})
|
||||
inputs.pvv-calendar-bot.overlays.${system}.default
|
||||
pvv-calendar-bot.overlays.${system}.default
|
||||
];
|
||||
};
|
||||
}
|
||||
@ -69,27 +65,18 @@
|
||||
);
|
||||
|
||||
stableNixosConfig = nixosConfig nixpkgs;
|
||||
unstableNixosConfig = nixosConfig nixpkgs-unstable;
|
||||
unstableNixosConfig = nixosConfig unstable;
|
||||
in {
|
||||
bicep = stableNixosConfig "bicep" {
|
||||
modules = [
|
||||
./hosts/bicep/configuration.nix
|
||||
sops-nix.nixosModules.sops
|
||||
|
||||
inputs.matrix-next.nixosModules.default
|
||||
inputs.pvv-calendar-bot.nixosModules.default
|
||||
matrix-next.nixosModules.default
|
||||
pvv-calendar-bot.nixosModules.default
|
||||
];
|
||||
};
|
||||
bekkalokk = stableNixosConfig "bekkalokk" { };
|
||||
bob = stableNixosConfig "bob" {
|
||||
modules = [
|
||||
./hosts/bob/configuration.nix
|
||||
sops-nix.nixosModules.sops
|
||||
|
||||
disko.nixosModules.disko
|
||||
{ disko.devices.disk.disk1.device = "/dev/vda"; }
|
||||
];
|
||||
};
|
||||
ildkule = stableNixosConfig "ildkule" { };
|
||||
#ildkule-unstable = unstableNixosConfig "ildkule" { };
|
||||
shark = stableNixosConfig "shark" { };
|
||||
@ -112,12 +99,6 @@
|
||||
inputs.grzegorz-clients.nixosModules.grzegorz-webui
|
||||
];
|
||||
};
|
||||
buskerud = stableNixosConfig "buskerud" {
|
||||
modules = [
|
||||
./hosts/buskerud/configuration.nix
|
||||
sops-nix.nixosModules.sops
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
devShells = forAllSystems (system: {
|
||||
|
@ -5,14 +5,14 @@
|
||||
|
||||
../../base.nix
|
||||
../../misc/metrics-exporters.nix
|
||||
../../modules/wackattack-ctf-stockfish
|
||||
|
||||
#./services/keycloak.nix
|
||||
|
||||
# TODO: set up authentication for the following:
|
||||
# ./services/website.nix
|
||||
./services/nginx
|
||||
./services/website.nix
|
||||
./services/nginx.nix
|
||||
./services/gitea/default.nix
|
||||
./services/webmail
|
||||
# ./services/mediawiki.nix
|
||||
];
|
||||
|
||||
|
6
hosts/bekkalokk/services/nettsiden/default.nix
Normal file
6
hosts/bekkalokk/services/nettsiden/default.nix
Normal file
@ -0,0 +1,6 @@
|
||||
{ pkgs, inputs, ... }:
|
||||
let
|
||||
in
|
||||
{
|
||||
|
||||
}
|
53
hosts/bekkalokk/services/nettsiden/package.nix
Normal file
53
hosts/bekkalokk/services/nettsiden/package.nix
Normal file
@ -0,0 +1,53 @@
|
||||
{
|
||||
src,
|
||||
php82,
|
||||
php82Extensions,
|
||||
sqlite,
|
||||
git,
|
||||
...
|
||||
}:
|
||||
pkgs.stdenvNoCC.mkDerivation {
|
||||
pname = "nettsiden";
|
||||
version = "0.1.0";
|
||||
inherit src;
|
||||
|
||||
buildInputs = [
|
||||
php82
|
||||
(with php82Extensions; [
|
||||
iconv
|
||||
mbstring
|
||||
pdo_mysql
|
||||
pdo_sqlite
|
||||
])
|
||||
sqlite
|
||||
git
|
||||
];
|
||||
|
||||
buildPhase = ''
|
||||
export PHPHOST=localhost
|
||||
export PHPPORT=1080
|
||||
alias runDev='php -S $PHPHOST:$PHPPORT -d error_reporting=E_ALL -d display_errors=1 -t www/'
|
||||
|
||||
# Prepare dev environment with sqlite and config files
|
||||
test -e pvv.sqlite || sqlite3 pvv.sqlite < dist/pvv.sql
|
||||
test -e sql_config.php || cp -v dist/sql_config_example.php sql_config.php
|
||||
|
||||
test -e dataporten_config.php || cp -v dist/dataporten_config.php dataporten_config.php
|
||||
|
||||
test -e composer.phar || curl -O https://getcomposer.org/composer.phar
|
||||
|
||||
if [ ! -f lib/OAuth2-Client/OAuth2Client.php ] ; then
|
||||
echo Missing git submodules. Installing...
|
||||
(set -x; git submodule update --init --recursive) || exit $?
|
||||
fi
|
||||
|
||||
if [ ! -d vendor ] ; then
|
||||
php composer.phar install || exit $?
|
||||
cp -v dist/authsources_example.php vendor/simplesamlphp/simplesamlphp/config/authsources.php
|
||||
cp -v dist/saml20-idp-remote.php vendor/simplesamlphp/simplesamlphp/metadata/saml20-idp-remote.php
|
||||
cp -v vendor/simplesamlphp/simplesamlphp/config-templates/config.php vendor/simplesamlphp/simplesamlphp/config/config.php
|
||||
sed -e "s/'trusted.url.domains' => array()/'trusted.url.domains' => array(\"$PHPHOST:$PHPPORT\")/g" < vendor/simplesamlphp/simplesamlphp/config-templates/config.php > vendor/simplesamlphp/simplesamlphp/config/config.php
|
||||
ln -s ../vendor/simplesamlphp/simplesamlphp/www/ www/simplesaml
|
||||
fi
|
||||
'';
|
||||
};
|
@ -1,9 +1,5 @@
|
||||
{ pkgs, config, ... }:
|
||||
{
|
||||
imports = [
|
||||
./ingress.nix
|
||||
];
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "drift@pvv.ntnu.no";
|
@ -1,55 +0,0 @@
|
||||
{ config, lib, ... }:
|
||||
{
|
||||
services.nginx.virtualHosts = {
|
||||
"www2.pvv.ntnu.no" = {
|
||||
serverAliases = [ "www2.pvv.org" "pvv.ntnu.no" "pvv.org" ];
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
locations = {
|
||||
# Proxy home directories
|
||||
"/~" = {
|
||||
extraConfig = ''
|
||||
proxy_redirect off;
|
||||
proxy_pass https://tom.pvv.ntnu.no;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
'';
|
||||
};
|
||||
|
||||
# Redirect old wiki entries
|
||||
"/disk".return = "301 https://www.pvv.ntnu.no/pvv/Diskkjøp";
|
||||
"/dok/boker.php".return = "301 https://www.pvv.ntnu.no/pvv/Bokhyllen";
|
||||
"/styret/lover/".return = "301 https://www.pvv.ntnu.no/pvv/Lover";
|
||||
"/styret/".return = "301 https://www.pvv.ntnu.no/pvv/Styret";
|
||||
"/info/".return = "301 https://www.pvv.ntnu.no/pvv/";
|
||||
"/info/maskinpark/".return = "301 https://www.pvv.ntnu.no/pvv/Maskiner";
|
||||
"/medlemssider/meldinn.php".return = "301 https://www.pvv.ntnu.no/pvv/Medlemskontingent";
|
||||
"/diverse/medlems-sider.php".return = "301 https://www.pvv.ntnu.no/pvv/Medlemssider";
|
||||
"/cert/".return = "301 https://www.pvv.ntnu.no/pvv/CERT";
|
||||
"/drift".return = "301 https://www.pvv.ntnu.no/pvv/Drift";
|
||||
"/diverse/abuse.php".return = "301 https://www.pvv.ntnu.no/pvv/CERT/Abuse";
|
||||
"/nerds/".return = "301 https://www.pvv.ntnu.no/pvv/Nerdepizza";
|
||||
|
||||
# TODO: Redirect webmail
|
||||
"/webmail".return = "301 https://webmail.pvv.ntnu.no/squirrelmail";
|
||||
|
||||
# Redirect everything else to the main website
|
||||
"/".return = "301 https://www.pvv.ntnu.no$request_uri";
|
||||
|
||||
# Proxy the matrix well-known files
|
||||
# Host has be set before proxy_pass
|
||||
# The header must be set so nginx on the other side routes it to the right place
|
||||
"/.well-known/matrix/" = {
|
||||
extraConfig = ''
|
||||
proxy_set_header Host matrix.pvv.ntnu.no;
|
||||
proxy_pass https://matrix.pvv.ntnu.no/.well-known/matrix/;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
@ -1,15 +0,0 @@
|
||||
{ config, values, pkgs, lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
./roundcube.nix
|
||||
];
|
||||
|
||||
services.nginx.virtualHosts."webmail2.pvv.ntnu.no" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
#locations."/" = lib.mkForce { };
|
||||
locations."= /" = {
|
||||
return = "301 https://www.pvv.ntnu.no/mail/";
|
||||
};
|
||||
};
|
||||
}
|
@ -1,74 +0,0 @@
|
||||
{ config, pkgs, lib, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.services.roundcube;
|
||||
domain = "webmail2.pvv.ntnu.no";
|
||||
in
|
||||
{
|
||||
services.roundcube = {
|
||||
enable = true;
|
||||
|
||||
package = pkgs.roundcube.withPlugins (plugins: with plugins; [
|
||||
persistent_login
|
||||
thunderbird_labels
|
||||
contextmenu
|
||||
custom_from
|
||||
]);
|
||||
|
||||
dicts = with pkgs.aspellDicts; [ en en-science en-computers nb nn fr de it ];
|
||||
maxAttachmentSize = 20;
|
||||
hostName = "roundcubeplaceholder.example.com";
|
||||
|
||||
extraConfig = ''
|
||||
$config['enable_installer'] = false;
|
||||
$config['default_host'] = "ssl://imap.pvv.ntnu.no";
|
||||
$config['default_port'] = 993;
|
||||
$config['smtp_server'] = "ssl://smtp.pvv.ntnu.no";
|
||||
$config['smtp_port'] = 465;
|
||||
$config['mail_domain'] = "pvv.ntnu.no";
|
||||
$config['smtp_user'] = "%u";
|
||||
$config['support_url'] = "";
|
||||
'';
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."roundcubeplaceholder.example.com" = lib.mkForce { };
|
||||
|
||||
services.nginx.virtualHosts.${domain} = {
|
||||
locations."/roundcube" = {
|
||||
tryFiles = "$uri $uri/ =404";
|
||||
index = "index.php";
|
||||
root = pkgs.runCommandLocal "roundcube-dir" { } ''
|
||||
mkdir -p $out
|
||||
ln -s ${cfg.package} $out/roundcube
|
||||
'';
|
||||
extraConfig = ''
|
||||
location ~ ^/roundcube/(${builtins.concatStringsSep "|" [
|
||||
# https://wiki.archlinux.org/title/Roundcube
|
||||
"README"
|
||||
"INSTALL"
|
||||
"LICENSE"
|
||||
"CHANGELOG"
|
||||
"UPGRADING"
|
||||
"bin"
|
||||
"SQL"
|
||||
".+\\.md"
|
||||
"\\."
|
||||
"config"
|
||||
"temp"
|
||||
"logs"
|
||||
]})/? {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ ^/roundcube/(.+\.php)(/?.*)$ {
|
||||
fastcgi_split_path_info ^/roundcube(/.+\.php)(/.+)$;
|
||||
include ${config.services.nginx.package}/conf/fastcgi_params;
|
||||
include ${config.services.nginx.package}/conf/fastcgi.conf;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_pass unix:${config.services.phpfpm.pools.roundcube.socket};
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
@ -5,7 +5,6 @@ from smtplib import SMTP_SSL as SMTP
|
||||
import synapse
|
||||
from synapse import module_api
|
||||
|
||||
import re
|
||||
|
||||
class SMTPAuthProvider:
|
||||
def __init__(self, config: dict, api: module_api):
|
||||
@ -28,10 +27,6 @@ class SMTPAuthProvider:
|
||||
if login_type != "m.login.password":
|
||||
return None
|
||||
|
||||
# Convert `@username:server` to `username`
|
||||
match = re.match(r'^@([\da-z\-\.=_\/\+]+):[\w\d\.:\[\]]+$', username)
|
||||
username = match.group(1) if match else username
|
||||
|
||||
result = False
|
||||
with SMTP(self.config["smtp_host"]) as smtp:
|
||||
password = login_dict.get("password")
|
||||
|
@ -216,19 +216,7 @@ in {
|
||||
|
||||
services.redis.servers."".enable = true;
|
||||
|
||||
services.nginx.virtualHosts."matrix.pvv.ntnu.no" = lib.mkMerge [
|
||||
({
|
||||
locations."/.well-known/matrix/server" = {
|
||||
return = ''
|
||||
200 '{"m.server": "matrix.pvv.ntnu.no:443"}'
|
||||
'';
|
||||
extraConfig = ''
|
||||
default_type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
'';
|
||||
};
|
||||
})
|
||||
({
|
||||
services.nginx.virtualHosts."matrix.pvv.ntnu.no" = lib.mkMerge [({
|
||||
locations = let
|
||||
connectionInfo = w: matrix-lib.workerConnectionResource "metrics" w;
|
||||
socketAddress = w: let c = connectionInfo w; in "${c.host}:${toString (c.port)}";
|
||||
|
@ -1,46 +0,0 @@
|
||||
{ config, pkgs, values, ... }:
|
||||
{
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
../../base.nix
|
||||
../../misc/metrics-exporters.nix
|
||||
./disks.nix
|
||||
|
||||
../../misc/builder.nix
|
||||
];
|
||||
|
||||
sops.defaultSopsFile = ../../secrets/bob/bob.yaml;
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
||||
sops.age.generateKey = true;
|
||||
|
||||
boot.loader.grub = {
|
||||
enable = true;
|
||||
efiSupport = true;
|
||||
efiInstallAsRemovable = true;
|
||||
};
|
||||
|
||||
networking.hostName = "bob"; # Define your hostname.
|
||||
|
||||
systemd.network.networks."30-all" = values.defaultNetworkConfig // {
|
||||
matchConfig.Name = "en*";
|
||||
DHCP = "yes";
|
||||
gateway = [ ];
|
||||
};
|
||||
|
||||
# List packages installed in system profile
|
||||
environment.systemPackages = with pkgs; [
|
||||
];
|
||||
|
||||
# List services that you want to enable:
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "23.05"; # Did you read the comment?
|
||||
|
||||
}
|
@ -1,39 +0,0 @@
|
||||
# Example to create a bios compatible gpt partition
|
||||
{ lib, ... }:
|
||||
{
|
||||
disko.devices = {
|
||||
disk.disk1 = {
|
||||
device = lib.mkDefault "/dev/sda";
|
||||
type = "disk";
|
||||
content = {
|
||||
type = "gpt";
|
||||
partitions = {
|
||||
boot = {
|
||||
name = "boot";
|
||||
size = "1M";
|
||||
type = "EF02";
|
||||
};
|
||||
esp = {
|
||||
name = "ESP";
|
||||
size = "500M";
|
||||
type = "EF00";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "vfat";
|
||||
mountpoint = "/boot";
|
||||
};
|
||||
};
|
||||
root = {
|
||||
name = "root";
|
||||
size = "100%";
|
||||
content = {
|
||||
type = "filesystem";
|
||||
format = "ext4";
|
||||
mountpoint = "/";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
@ -1,24 +0,0 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_blk" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.ens3.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
}
|
@ -6,7 +6,7 @@
|
||||
../../base.nix
|
||||
../../misc/metrics-exporters.nix
|
||||
|
||||
./services/grzegorz.nix
|
||||
../../modules/grzegorz.nix
|
||||
];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
|
@ -1,11 +0,0 @@
|
||||
{ config, ... }:
|
||||
{
|
||||
imports = [ ../../../modules/grzegorz.nix ];
|
||||
|
||||
services.nginx.virtualHosts."${config.networking.fqdn}" = {
|
||||
serverAliases = [
|
||||
"bokhylle.pvv.ntnu.no"
|
||||
"bokhylle.pvv.org"
|
||||
];
|
||||
};
|
||||
}
|
@ -1,50 +0,0 @@
|
||||
{ config, pkgs, values, ... }:
|
||||
{
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware-configuration.nix
|
||||
../../base.nix
|
||||
../../misc/metrics-exporters.nix
|
||||
|
||||
./services/openvpn-client.nix
|
||||
];
|
||||
|
||||
# buskerud does not support efi?
|
||||
# boot.loader.systemd-boot.enable = true;
|
||||
# boot.loader.efi.canTouchEfiVariables = true;
|
||||
boot.loader.grub.enable = true;
|
||||
boot.loader.grub.device = "/dev/sda";
|
||||
|
||||
networking.hostName = "buskerud";
|
||||
networking.search = [ "pvv.ntnu.no" "pvv.org" ];
|
||||
networking.nameservers = [ "129.241.0.200" "129.241.0.201" ];
|
||||
networking.tempAddresses = "disabled";
|
||||
|
||||
systemd.network.networks."enp3s0f0" = values.defaultNetworkConfig // {
|
||||
matchConfig.Name = "enp3s0f0";
|
||||
address = with values.hosts.buskerud; [ (ipv4 + "/25") (ipv6 + "/64") ];
|
||||
};
|
||||
|
||||
# Buskerud should use the default gateway received from DHCP
|
||||
networking.interfaces.enp14s0f1.useDHCP = true;
|
||||
|
||||
# networking.interfaces.tun = {
|
||||
# virtual = true;
|
||||
# ipv4.adresses = [ {address="129.241.210.252"; prefixLength=25; } ];
|
||||
# };
|
||||
|
||||
# List packages installed in system profile
|
||||
environment.systemPackages = with pkgs; [
|
||||
];
|
||||
|
||||
# List services that you want to enable:
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "23.05"; # Did you read the comment?
|
||||
|
||||
}
|
@ -1,37 +0,0 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "hpsa" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/ed9654fe-575a-4fb3-b6ff-1b059479acff";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp14s0f0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp14s0f1.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp3s0f0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp3s0f1.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp4s0f0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp4s0f1.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
@ -1,109 +0,0 @@
|
||||
{ lib, values, ... }:
|
||||
{
|
||||
services.openvpn.servers."ov-tunnel" = {
|
||||
config = let
|
||||
conf = {
|
||||
# TODO: use aliases
|
||||
client = true;
|
||||
dev = "tap";
|
||||
proto = "udp";
|
||||
#remote = "129.241.210.253 1194";
|
||||
remote = "129.241.210.191 1194";
|
||||
|
||||
resolv-retry = "infinite";
|
||||
nobind = true;
|
||||
|
||||
ca = "/etc/openvpn/ca.pem";
|
||||
cert = "/etc/openvpn/crt.pem";
|
||||
key = "/etc/openvpn/key.pem";
|
||||
remote-cert-tls = "server";
|
||||
cipher = "none";
|
||||
|
||||
user = "nobody";
|
||||
group = "nobody";
|
||||
|
||||
status = "/var/log/openvpn-status.log";
|
||||
|
||||
persist-key = true;
|
||||
persist-tun = true;
|
||||
|
||||
verb = 5;
|
||||
|
||||
# script-security = 2;
|
||||
# up = "systemctl restart rwhod";
|
||||
};
|
||||
in lib.pipe conf [
|
||||
(lib.filterAttrs (_: value: !(builtins.isNull value || value == false)))
|
||||
(builtins.mapAttrs (_: value:
|
||||
if builtins.isList value then builtins.concatStringsSep " " (map toString value)
|
||||
else if value == true then value
|
||||
else if builtins.any (f: f value) [
|
||||
builtins.isString
|
||||
builtins.isInt
|
||||
builtins.isFloat
|
||||
lib.isPath
|
||||
lib.isDerivation
|
||||
] then toString value
|
||||
else throw "Unknown value in buskerud openvpn config, deading now\n${value}"
|
||||
))
|
||||
(lib.mapAttrsToList (name: value: if value == true then name else "${name} ${value}"))
|
||||
(builtins.concatStringsSep "\n")
|
||||
(x: x + "\n\n")
|
||||
];
|
||||
};
|
||||
|
||||
systemd.network.networks."enp14s0f1" = {
|
||||
matchConfig.Name = "enp14s0f1";
|
||||
networkConfig = {
|
||||
DefaultRouteOnDevice = true;
|
||||
};
|
||||
routes = [
|
||||
{ routeConfig = {
|
||||
Type = "unicast";
|
||||
Destination = values.hosts.knutsen.ipv4 + "/32";
|
||||
Metric = 50;
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
systemd.network.netdevs."br0" = {
|
||||
netdevConfig = {
|
||||
Kind = "bridge";
|
||||
Name = "br0";
|
||||
};
|
||||
};
|
||||
|
||||
systemd.network.networks."br0" = {
|
||||
matchConfig.Name = "br0";
|
||||
routes = [
|
||||
{ routeConfig = {
|
||||
Type = "unicast";
|
||||
Destination = values.ipv4-space;
|
||||
Metric = 100;
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
systemd.network.networks."enp3s0f0" = {
|
||||
matchConfig.Name = "enp3s0f0";
|
||||
networkConfig.DefaultRouteOnDevice = false;
|
||||
};
|
||||
|
||||
systemd.network.networks."enp3s0f1" = {
|
||||
matchConfig.Name = "enp3s0f1";
|
||||
bridge = [ "br0" ];
|
||||
};
|
||||
|
||||
systemd.network.networks."tap0" = {
|
||||
matchConfig.Name = "tap0";
|
||||
bridge = [ "br0" ];
|
||||
};
|
||||
|
||||
#networking.nat = {
|
||||
# enable = true;
|
||||
# externalInterface = "enp14s0f1";
|
||||
# internalInterfaces = [ "tun" ];
|
||||
#};
|
||||
}
|
@ -1,4 +1,4 @@
|
||||
{ config, ... }: let
|
||||
{ config, unstable, ... }: let
|
||||
cfg = config.services.prometheus;
|
||||
in {
|
||||
sops.secrets."config/mysqld_exporter" = { };
|
||||
|
@ -1,5 +0,0 @@
|
||||
{ ... }:
|
||||
|
||||
{
|
||||
nix.settings.trusted-users = [ "@nix-builder-users" ];
|
||||
}
|
74
modules/wackattack-ctf-stockfish/chess.py
Normal file
74
modules/wackattack-ctf-stockfish/chess.py
Normal file
@ -0,0 +1,74 @@
|
||||
#!/usr/bin/env python3
|
||||
from stockfish import *
|
||||
from inputimeout import inputimeout
|
||||
import time
|
||||
from datetime import datetime
|
||||
import random
|
||||
|
||||
thinking_time = 1000
|
||||
|
||||
game = Stockfish(path="./stockfish", depth=15, parameters={"Threads": 1, "Minimum Thinking Time": thinking_time, "UCI_Chess960": True})
|
||||
|
||||
def create_random_position():
|
||||
pos = "/pppppppp/8/8/8/8/PPPPPPPP/"
|
||||
rank8 = ["r","r","b","q","k","b","n","n"]
|
||||
|
||||
while rank8.index("k") < [i for i, n in enumerate(rank8) if n == "r"][0] or rank8.index("k") > [i for i, n in enumerate(rank8) if n == "r"][1] or [i for i, n in enumerate(rank8) if n == "b"][0] % 2 == [i for i, n in enumerate(rank8) if n == "b"][1] % 2:
|
||||
random.seed(datetime.now().microsecond)
|
||||
random.shuffle(rank8)
|
||||
|
||||
rank1 = [c.upper() for c in rank8]
|
||||
pos = "".join(rank8) + pos + "".join(rank1) + " w KQkq - 0 1"
|
||||
game.set_fen_position(pos)
|
||||
|
||||
def player_won():
|
||||
with open("flag.txt") as file:
|
||||
flag = file.read()
|
||||
print(flag)
|
||||
exit()
|
||||
|
||||
def get_fast_player_move():
|
||||
try:
|
||||
time_over = inputimeout(prompt='Your move: ', timeout=5)
|
||||
except Exception:
|
||||
time_over = 'Too slow, you lost!'
|
||||
print(time_over)
|
||||
exit()
|
||||
return time_over
|
||||
|
||||
def check_game_status():
|
||||
evaluation = game.get_evaluation()
|
||||
turn = game.get_fen_position().split(" ")[1]
|
||||
if evaluation["type"] == "mate" and evaluation["value"] == 0 and turn == "w":
|
||||
print("Wow, you beat me!")
|
||||
player_won()
|
||||
elif evaluation["type"] == "mate" and evaluation["value"] == 0 and turn == "b":
|
||||
print("Hah, I won again")
|
||||
exit()
|
||||
if evaluation["type"] == "draw":
|
||||
print("It's a draw!")
|
||||
print("Impressive, but I am still undefeated.")
|
||||
exit()
|
||||
|
||||
if __name__ == "__main__":
|
||||
create_random_position()
|
||||
print("Welcome to fischer chess.\nYou get 5 seconds per move. Good luck")
|
||||
print(game.get_board_visual())
|
||||
print("Heres the position for this game, Ill give you a few seconds to look at it before we start.")
|
||||
time.sleep(3)
|
||||
while True:
|
||||
server_move = game.get_best_move_time(thinking_time)
|
||||
game.make_moves_from_current_position([server_move])
|
||||
check_game_status()
|
||||
print(game.get_board_visual())
|
||||
print(f"My move: {server_move}")
|
||||
player_move = get_fast_player_move()
|
||||
if type(player_move) != str or len([player_move]) != 1:
|
||||
print("Illegal input")
|
||||
exit()
|
||||
try:
|
||||
game.make_moves_from_current_position([player_move])
|
||||
check_game_status()
|
||||
except:
|
||||
print("Couldn't comprehend that")
|
||||
exit()
|
108
modules/wackattack-ctf-stockfish/default.nix
Normal file
108
modules/wackattack-ctf-stockfish/default.nix
Normal file
@ -0,0 +1,108 @@
|
||||
{ config, pkgs, lib, ... }: let
|
||||
stockfish = with pkgs.python3Packages; buildPythonPackage rec {
|
||||
pname = "stockfish";
|
||||
version = "3.28.0";
|
||||
disabled = pythonOlder "3.7";
|
||||
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "zhelyabuzhsky";
|
||||
repo = pname;
|
||||
rev = version;
|
||||
hash = "sha256-XLgVjLV2QXeTYPjP/lwc0LH850LKJsymFlrAMkAn8HU=";
|
||||
};
|
||||
|
||||
format = "setuptools";
|
||||
nativeBuildInputs = [
|
||||
setuptools
|
||||
];
|
||||
|
||||
propagatedBuildInputs = [
|
||||
pytest-runner
|
||||
];
|
||||
|
||||
doCheck = false;
|
||||
};
|
||||
|
||||
inputimeout = with pkgs.python3Packages; buildPythonPackage rec {
|
||||
pname = "inputimeout";
|
||||
version = "1.0.4";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "johejo";
|
||||
repo = pname;
|
||||
rev = "v${version}";
|
||||
hash = "sha256-Fh1CaqJOK58nURt4imkhCmZKG2eJlP/Hi10SarUJ+Fs=";
|
||||
};
|
||||
|
||||
format = "setuptools";
|
||||
nativeBuildInputs = [ setuptools ];
|
||||
|
||||
doCheck = false;
|
||||
};
|
||||
|
||||
script = pkgs.writers.writePython3 "chess" {
|
||||
libraries = [
|
||||
stockfish
|
||||
inputimeout
|
||||
];
|
||||
|
||||
# Fy!
|
||||
flakeIgnore = [ "F403" "F405" "E231" "E265" "E302" "E305" "E501" "E722" ];
|
||||
} (builtins.replaceStrings [''path="./stockfish"''] [''path="${pkgs.stockfish}/bin/stockfish"''] (builtins.readFile ./chess.py));
|
||||
in
|
||||
{
|
||||
sops.secrets."keys/wackattack_ctf/flag" = { };
|
||||
|
||||
systemd.sockets."wackattack-ctf-stockfish" = {
|
||||
description = "Save some azure credit for the rest of us";
|
||||
partOf = [ "wackattack-ctf-stockfish.service" ];
|
||||
wantedBy = [ "sockets.target" ];
|
||||
|
||||
socketConfig = {
|
||||
ListenStream = "0.0.0.0:9999";
|
||||
Accept = true;
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services."wackattack-ctf-stockfish@" = {
|
||||
description = "Save some azure credit for the rest of us";
|
||||
after = [ "network.target" ];
|
||||
requires = [ "wackattack-ctf-stockfish.socket" ];
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
Type = "simple";
|
||||
DynamicUser = true;
|
||||
WorkingDirectory = "%d";
|
||||
Restart = "always";
|
||||
StandardInput = "socket";
|
||||
LoadCredential = "flag.txt:${config.sops.secrets."keys/wackattack_ctf/flag".path}";
|
||||
|
||||
Exec = script;
|
||||
|
||||
# systemd hardening go barr
|
||||
ProcSubset = "pid";
|
||||
ProtectProc = "invisible";
|
||||
AmbientCapabilities = "";
|
||||
CapabilityBoundingSet = "";
|
||||
NoNewPrivileges = true;
|
||||
ProtectSystem = "strict";
|
||||
ProtectHome = true;
|
||||
PrivateTmp = true;
|
||||
PrivateDevices = true;
|
||||
PrivateUsers = true;
|
||||
ProtectHostname = true;
|
||||
ProtectClock = true;
|
||||
ProtectKernelTunables = true;
|
||||
ProtectKernelModules = true;
|
||||
ProtectKernelLogs = true;
|
||||
ProtectControlGroups = true;
|
||||
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
|
||||
RestrictNamespaces = true;
|
||||
LockPersonality = true;
|
||||
RestrictRealtime = true;
|
||||
RestrictSUIDSGID = true;
|
||||
RemoveIPC = true;
|
||||
PrivateMounts = true;
|
||||
SystemCallArchitectures = "native";
|
||||
};
|
||||
};
|
||||
}
|
@ -13,6 +13,9 @@ mediawiki:
|
||||
database: ENC[AES256_GCM,data:EvVK3Mo6cZiIZS+gTxixU4r9SXN41VqwaWOtortZRNH+WPJ4xcYvzYMJNg==,iv:JtFTRLn3fzKIfgAPRqRgQjct7EdkEHtiyQKPy8/sZ2Q=,tag:nqzseG6BC0X5UNI/3kZZ3A==,type:str]
|
||||
keycloak:
|
||||
database: ENC[AES256_GCM,data:76+AZnNR5EiturTP7BdOCKE90bFFkfGlRtviSP5NHxPbb3RfFPJEMlwtzA==,iv:nS7VTossHdlrHjPeethhX+Ysp9ukrb5JD7kjG28OFpY=,tag:OMpiEv9nQA7v6lWJfNxEEw==,type:str]
|
||||
keys:
|
||||
wackattack_ctf:
|
||||
flag: ENC[AES256_GCM,data:cZCaGb/u/OZgAvXnuJPL3XqmnIa26Rl2IUpWpG/fpt/dJ7+/KssXVa6A5G6ObQhF7deCmTxuoVP8JU+DQzYRr0ftvKhLJ87rgzrE3j+UkA==,iv:3uFkNqXlVj94klU20yPIUd8tIeyUIfp0++2wkdIkiYM=,tag:OZMyEt118u10F5vSUFZE7A==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
@ -46,8 +49,8 @@ sops:
|
||||
akVjeTNTeGorZjJQOVlMeCtPRUVYL3MK+VMvGxrbzGz4Q3sdaDDWjal+OiK+JYKX
|
||||
GHiMXVHQJZu/RrlxMjHKN6V3iaqxZpuvLAEJ2Lzy5EOHPtuiiRyeHQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-09-17T02:02:24Z"
|
||||
mac: ENC[AES256_GCM,data:Lkvj9UOdE/WZtFReMs6n8ucFuJNPb76ZhPHFpYAEqYEe8d9FdMPMzq05DBAJe9IqpFS0jc9SWxJUPHfGgoMR8nPciZuR/mpJ+4s/cRkPbApwBPcLlvatE/qkbcxzoLlb1vN0gth5G/U7UEfk5Pp9gIz6Yo4sEIS3Za42tId1MpI=,iv:s3VELgU/RJ98/lbQV3vPtOLXtwFzB3KlY7bMKbAzp/g=,tag:D8s0XyGnd8UhbCseB/TyFg==,type:str]
|
||||
lastmodified: "2023-10-26T19:59:04Z"
|
||||
mac: ENC[AES256_GCM,data:uH0RfKBjjbYvxjl4XyoXWvwUpi+W7IQZjBdC5UoslotToTw0xnici2fKxPNZ9aFJsukLMPLC+tsT/shUqW373f/NyhsJt0Vb2YtuozFQyQstZQEpnm4WuVoFR/MEjAra/PaM4ATHSGgDuHa7qrpdKTLnrMOai5ZqxLfFbLws3dA=,iv:47hHzrnfZG5NtCN0HjziZdDBJTr451/kvY95GpB3G2M=,tag:3TCs7DSeWB6NujDUlQVGjA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2023-05-21T00:28:40Z"
|
||||
enc: |
|
||||
@ -70,4 +73,4 @@ sops:
|
||||
-----END PGP MESSAGE-----
|
||||
fp: F7D37890228A907440E1FD4846B9228E814A2AAC
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
||||
version: 3.8.1
|
||||
|
12
shell.nix
12
shell.nix
@ -3,17 +3,5 @@ pkgs.mkShell {
|
||||
nativeBuildInputs = with pkgs; [
|
||||
sops
|
||||
gnupg
|
||||
openstackclient
|
||||
];
|
||||
|
||||
shellHook = ''
|
||||
export OS_AUTH_URL=https://api.stack.it.ntnu.no:5000
|
||||
export OS_PROJECT_ID=b78432a088954cdc850976db13cfd61c
|
||||
export OS_PROJECT_NAME="STUDORG_Programvareverkstedet"
|
||||
export OS_USER_DOMAIN_NAME="NTNU"
|
||||
export OS_PROJECT_DOMAIN_ID="d3f99bcdaf974685ad0c74c2e5d259db"
|
||||
export OS_REGION_NAME="NTNU-IT"
|
||||
export OS_INTERFACE=public
|
||||
export OS_IDENTITY_API_VERSION=3
|
||||
'';
|
||||
}
|
||||
|
@ -3,12 +3,7 @@
|
||||
{
|
||||
users.users.danio = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "drift" "nix-builder-users" ];
|
||||
extraGroups = [ "drift" ]; # Enable ‘sudo’ for the user.
|
||||
shell = pkgs.zsh;
|
||||
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCp8iMOx3eTiG5AmDh2KjKcigf7xdRKn9M7iZQ4RqP0np0UN2NUbu+VAMJmkWFyi3JpxmLuhszU0F1xY+3qM3ARduy1cs89B/bBE85xlOeYhcYVmpcgPR5xduS+TuHTBzFAgp+IU7/lgxdjcJ3PH4K0ruGRcX1xrytmk/vdY8IeSk3GVWDRrRbH6brO4cCCFjX0zJ7G6hBQueTPQoOy3jrUvgpRkzZY4ZCuljXtxbuX5X/2qWAkp8ca0iTQ5FzNA5JUyj+DWeEzjIEz6GrckOdV2LjWpT9+CtOqoPZOUudE1J9mJk4snNlMQjE06It7Kr50bpwoPqnxjo7ZjlHFLezl"
|
||||
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDpGSDczzDOhTETCj+uB5e3/9QbOCaVW1knM+n1ey0n6LXH7uiPPmzuZiqfzmfbB1z4bjM2zpn3D6Et6zRCrBUjhTZqf/5GoNlvhVA6QYmBmBp98b8oY7juj5cmu55voxD0S5rC1mQMnWAAf8e8OPbkhs9Lt0XlOYdotLNIZQubzWqE2DK45g/h17ELJs+jkNXoalFjLvLXWzE/C+3pYoeNJVGHfVMTIwt7o64E6JXhxuYTYdSIuzd+BjntkSCXzcAzBFMRwkdlFVoBtLUMMcMQl39kcXv7lAQ8pv+8b1j1N9WuQVf1qEAcZguaimI1ifbXP5d841pZPApCj5KXectIEldfTrcwg8rZpd2UfYS/3XCcOuidBGprY7XsU/jz8wHbH68UjUrsLyaOMnG2ChYztnf63vm3gRs3Fc6FqTycpgYOPDeZBVTcMyPGgtiZvhnTeY20xFS5lK6M+dmgaDqH24kPLiwYSpUF2NK+Rg/2bZxvt/GaSr4U6fJGi3FCJOM= root@DanixLaptop"
|
||||
];
|
||||
};
|
||||
}
|
||||
|
@ -1,12 +0,0 @@
|
||||
{pkgs, ...}:
|
||||
|
||||
{
|
||||
users.users.jonmro = {
|
||||
isNormalUser = true;
|
||||
extraGroups = [ "wheel" "drift" "nix-builder-users" ];
|
||||
shell = pkgs.zsh;
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEm5PfYmfl/0fnAP/3coVlvTw3/TYNLT6r/NwJHZbLAK jonrodtang@gmail.com"
|
||||
];
|
||||
};
|
||||
}
|
@ -6,7 +6,6 @@
|
||||
extraGroups = [
|
||||
"wheel"
|
||||
"drift"
|
||||
"nix-builder-users"
|
||||
];
|
||||
|
||||
packages = with pkgs; [
|
||||
|
11
values.nix
11
values.nix
@ -37,13 +37,6 @@ in rec {
|
||||
ipv4 = pvv-ipv4 209;
|
||||
ipv6 = pvv-ipv6 209;
|
||||
};
|
||||
bob = {
|
||||
ipv4 = "129.241.152.254";
|
||||
# ipv6 = ;
|
||||
};
|
||||
knutsen = {
|
||||
ipv4 = pvv-ipv4 191;
|
||||
};
|
||||
shark = {
|
||||
ipv4 = pvv-ipv4 196;
|
||||
ipv6 = pvv-ipv6 196;
|
||||
@ -56,10 +49,6 @@ in rec {
|
||||
ipv4 = pvv-ipv4 204;
|
||||
ipv6 = pvv-ipv6 "1:4f"; # Wtf øystein og daniel why
|
||||
};
|
||||
buskerud = {
|
||||
ipv4 = pvv-ipv4 231;
|
||||
ipv6 = pvv-ipv6 231;
|
||||
};
|
||||
};
|
||||
|
||||
defaultNetworkConfig = {
|
||||
|
Loading…
Reference in New Issue
Block a user