set up homearea automounts

When we upgrade we can go back to tracking master

flake.lock

@@ -7,11 +7,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1699099781,
+        "lastModified": 1700927249,
-        "narHash": "sha256-2WAs839yL6xmIPBLNVwbft46BDh0/RAjq1bAKNRqeR4=",
+        "narHash": "sha256-iqmIWiEng890/ru7ZBf4nUezFPyRm2fjRTvuwwxqk2o=",
         "owner": "nix-community",
         "repo": "disko",
-        "rev": "548962c50b8afad7b8c820c1d6e21dc8394d6e65",
+        "rev": "3cb78c93e6a02f494aaf6aeb37481c27a2e2ee22",
         "type": "github"
       },
       "original": {
@@ -75,16 +75,17 @@
       "original": {
         "owner": "dali99",
         "repo": "nixos-matrix-modules",
+        "rev": "e09814657187c8ed1a5fe1646df6d8da1eb2dee9",
         "type": "github"
       }
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1699110214,
+        "lastModified": 1701362232,
-        "narHash": "sha256-L2TU4RgtiqF69W8Gacg2jEkEYJrW+Kp0Mp4plwQh5b8=",
+        "narHash": "sha256-GVdzxL0lhEadqs3hfRLuj+L1OJFGiL/L7gCcelgBlsw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "78f3a4ae19f0e99d5323dd2e3853916b8ee4afee",
+        "rev": "d2332963662edffacfddfad59ff4f709dde80ffe",
         "type": "github"
       },
       "original": {
@@ -110,11 +111,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1699110214,
+        "lastModified": 1700905716,
-        "narHash": "sha256-L2TU4RgtiqF69W8Gacg2jEkEYJrW+Kp0Mp4plwQh5b8=",
+        "narHash": "sha256-w1vHn2MbGfdC+CrP3xLZ3scsI06N0iQLU7eTHIVEFGw=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "78f3a4ae19f0e99d5323dd2e3853916b8ee4afee",
+        "rev": "dfb95385d21475da10b63da74ae96d89ab352431",
         "type": "github"
       },
       "original": {
@@ -126,11 +127,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1699128932,
+        "lastModified": 1701368325,
-        "narHash": "sha256-4Hn/fpR/FRucpXQqMI0OSgxiu2ImowmR0dThAycPt/4=",
+        "narHash": "sha256-3OqZyi2EdopJxpxwrySPyCTuCvfBY4oXTLVgQ4B6qDg=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "0d2d729bf7091df906a78b69f90620f933ea963f",
+        "rev": "3934dbde4f4a0e266825348bc4ad1bdd00a8d6a3",
         "type": "github"
       },
       "original": {
@@ -179,11 +180,11 @@
         "nixpkgs-stable": "nixpkgs-stable"
       },
       "locked": {
-        "lastModified": 1699153251,
+        "lastModified": 1701127353,
-        "narHash": "sha256-CGx98mbAy9svKTa1dzlrVmkJwgGSXpAQUdMh7U0szts=",
+        "narHash": "sha256-qVNX0wOl0b7+I35aRu78xUphOyELh+mtUp1KBx89K1Q=",
         "owner": "Mic92",
         "repo": "sops-nix",
-        "rev": "5bc2cde6e53241e7df0e8f5df5872223983efa72",
+        "rev": "b1edbf5c0464b4cced90a3ba6f999e671f0af631",
         "type": "github"
       },
       "original": {

flake.nix

@@ -14,7 +14,8 @@
     pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git";
     pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
 
-    matrix-next.url = "github:dali99/nixos-matrix-modules";
+    # Last release compatible with 23.05
+    matrix-next.url = "github:dali99/nixos-matrix-modules/e09814657187c8ed1a5fe1646df6d8da1eb2dee9";
 
     grzegorz.url = "github:Programvareverkstedet/grzegorz";
     grzegorz.inputs.nixpkgs.follows = "nixpkgs-unstable";
@@ -111,6 +112,12 @@
           inputs.grzegorz-clients.nixosModules.grzegorz-webui
         ];
       };
+      buskerud = stableNixosConfig "buskerud" {
+        modules = [
+          ./hosts/buskerud/configuration.nix
+          sops-nix.nixosModules.sops
+        ];
+      };
     };
 
     devShells = forAllSystems (system: {

hosts/bekkalokk/configuration.nix

@@ -5,6 +5,7 @@
 
     ../../base.nix
     ../../misc/metrics-exporters.nix
+    ../../modules/home-areas.nix
 
     #./services/keycloak.nix
 

hosts/bicep/configuration.nix

@@ -5,6 +5,7 @@
 
     ../../base.nix
     ../../misc/metrics-exporters.nix
+    ../../modules/home-areas.nix
     ./services/nginx
 
     ./acmeCert.nix

hosts/bicep/services/matrix/smtp-authenticator/smtp_auth_provider.py

@@ -5,6 +5,7 @@ from smtplib import SMTP_SSL as SMTP
 import synapse
 from synapse import module_api
 
+import re
 
 class SMTPAuthProvider:
     def __init__(self, config: dict, api: module_api):
@@ -27,6 +28,10 @@ class SMTPAuthProvider:
         if login_type != "m.login.password":
             return None
 
+        # Convert `@username:server` to `username`
+        match = re.match(r'^@([\da-z\-\.=_\/\+]+):[\w\d\.:\[\]]+$', username)
+        username = match.group(1) if match else username
+
         result = False
         with SMTP(self.config["smtp_host"]) as smtp:
             password = login_dict.get("password")

hosts/bicep/services/matrix/synapse.nix

@@ -216,7 +216,19 @@ in {
 
   services.redis.servers."".enable = true;
   
-  services.nginx.virtualHosts."matrix.pvv.ntnu.no" = lib.mkMerge [({
+  services.nginx.virtualHosts."matrix.pvv.ntnu.no" = lib.mkMerge [
+  ({
+    locations."/.well-known/matrix/server" = {
+      return = ''
+        200 '{"m.server": "matrix.pvv.ntnu.no:443"}'
+      '';
+      extraConfig = ''
+        default_type application/json;
+        add_header Access-Control-Allow-Origin *;
+      '';
+    };
+  })
+  ({
     locations = let
       connectionInfo = w: matrix-lib.workerConnectionResource "metrics" w;
       socketAddress = w: let c = connectionInfo w; in "${c.host}:${toString (c.port)}";

hosts/buskerud/configuration.nix

@@ -0,0 +1,51 @@
+{ config, pkgs, values, ... }:
+{
+  imports = [
+      # Include the results of the hardware scan.
+      ./hardware-configuration.nix
+      ../../base.nix
+      ../../misc/metrics-exporters.nix
+      ../../modules/home-areas.nix
+
+      ./services/openvpn-client.nix
+    ];
+
+  # buskerud does not support efi?
+  # boot.loader.systemd-boot.enable = true;
+  # boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.grub.enable = true;
+  boot.loader.grub.device = "/dev/sda";
+
+  networking.hostName = "buskerud";
+  networking.search = [ "pvv.ntnu.no" "pvv.org" ];
+  networking.nameservers = [ "129.241.0.200" "129.241.0.201" ];
+  networking.tempAddresses = "disabled";
+
+  systemd.network.networks."enp3s0f0" = values.defaultNetworkConfig // {
+    matchConfig.Name = "enp3s0f0";
+    address = with values.hosts.buskerud; [ (ipv4 + "/25") (ipv6 + "/64") ];
+  };
+
+  # Buskerud should use the default gateway received from DHCP
+  networking.interfaces.enp14s0f1.useDHCP = true;
+
+  # networking.interfaces.tun = {
+  #   virtual = true;
+  #   ipv4.adresses = [ {address="129.241.210.252"; prefixLength=25; } ];
+  # };
+
+  # List packages installed in system profile
+  environment.systemPackages = with pkgs; [
+  ];
+
+  # List services that you want to enable:
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "23.05"; # Did you read the comment?
+
+}

hosts/buskerud/hardware-configuration.nix

@@ -0,0 +1,37 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
+{ config, lib, pkgs, modulesPath, ... }:
+
+{
+  imports =
+    [ (modulesPath + "/installer/scan/not-detected.nix")
+    ];
+
+  boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ata_piix" "hpsa" "usb_storage" "usbhid" "sd_mod" "sr_mod" ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" =
+    { device = "/dev/disk/by-uuid/ed9654fe-575a-4fb3-b6ff-1b059479acff";
+      fsType = "ext4";
+    };
+
+  swapDevices = [ ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp14s0f0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp14s0f1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp3s0f0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp3s0f1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp4s0f0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp4s0f1.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/buskerud/services/openvpn-client.nix

@@ -0,0 +1,109 @@
+{ lib, values, ... }:
+{
+  services.openvpn.servers."ov-tunnel" = {
+    config = let
+      conf = {
+        # TODO: use aliases
+        client = true;
+        dev = "tap";
+        proto = "udp";
+        #remote = "129.241.210.253 1194";
+        remote = "129.241.210.191 1194";
+
+        resolv-retry = "infinite";
+        nobind = true;
+
+        ca = "/etc/openvpn/ca.pem";
+        cert = "/etc/openvpn/crt.pem";
+        key = "/etc/openvpn/key.pem";
+        remote-cert-tls = "server";
+        cipher = "none";
+
+        user = "nobody";
+        group = "nobody";
+
+        status = "/var/log/openvpn-status.log";
+
+        persist-key = true;
+        persist-tun = true;
+
+        verb = 5;
+
+        # script-security = 2;
+        # up = "systemctl restart rwhod";
+      };
+    in lib.pipe conf [
+      (lib.filterAttrs (_: value: !(builtins.isNull value || value == false)))
+      (builtins.mapAttrs (_: value:
+        if builtins.isList value then builtins.concatStringsSep " " (map toString value)
+        else if value == true then value
+        else if builtins.any (f: f value) [
+          builtins.isString
+          builtins.isInt
+          builtins.isFloat
+          lib.isPath
+          lib.isDerivation
+        ] then toString value
+        else throw "Unknown value in buskerud openvpn config, deading now\n${value}"
+      ))
+      (lib.mapAttrsToList (name: value: if value == true then name else "${name} ${value}"))
+      (builtins.concatStringsSep "\n")
+      (x: x + "\n\n")
+    ];
+  };
+
+  systemd.network.networks."enp14s0f1" = {
+    matchConfig.Name = "enp14s0f1";
+    networkConfig = {
+      DefaultRouteOnDevice = true;
+    };
+    routes = [
+      { routeConfig = {
+          Type = "unicast";
+          Destination = values.hosts.knutsen.ipv4 + "/32";
+          Metric = 50;
+        };
+      }
+    ];
+  };
+
+  systemd.network.netdevs."br0" = {
+    netdevConfig = {
+      Kind = "bridge";
+      Name = "br0";
+    };
+  };
+
+  systemd.network.networks."br0" = {
+    matchConfig.Name = "br0";
+    routes = [
+      { routeConfig = {
+          Type = "unicast";
+          Destination = values.ipv4-space;
+          Metric = 100;
+        };
+      }
+    ];
+  };
+
+  systemd.network.networks."enp3s0f0" = {
+    matchConfig.Name = "enp3s0f0";
+    networkConfig.DefaultRouteOnDevice = false;
+  };
+
+  systemd.network.networks."enp3s0f1" = {
+    matchConfig.Name = "enp3s0f1";
+    bridge = [ "br0" ];
+  };
+
+  systemd.network.networks."tap0" = {
+    matchConfig.Name = "tap0";
+    bridge = [ "br0" ];
+  };
+
+  #networking.nat = {
+  #  enable = true;
+  #  externalInterface = "enp14s0f1";
+  #  internalInterfaces  = [ "tun" ];
+  #};
+}

hosts/ildkule/configuration.nix

@@ -5,6 +5,7 @@
       ./hardware-configuration.nix
       ../../base.nix
       ../../misc/metrics-exporters.nix
+      ../../modules/home-areas.nix
 
       ./services/nginx
       ./services/metrics

hosts/shark/configuration.nix

@@ -5,6 +5,7 @@
       ./hardware-configuration.nix
       ../../base.nix
       ../../misc/metrics-exporters.nix
+      ../../modules/home-areas.nix
     ];
 
   sops.defaultSopsFile = ../../secrets/shark/shark.yaml;

modules/home-areas.nix

@@ -0,0 +1,27 @@
+{ pkgs, lib, ... }:
+{
+  fileSystems = let
+    shorthandAreas = {
+      # See toriel:/etc/exports
+      "/home/pvv/t/pederbs" = "homepvvt.pvv.ntnu.no:/export/home/pvv/t/pederbs";
+      "/home/pvv/t/yorinad" = "homepvvt.pvv.ntnu.no:/export/home/pvv/t/yorinad";
+    }
+    //
+    # See microbel:/etc/exports
+    (lib.listToAttrs (map
+      (l: lib.nameValuePair "/home/pvv/${l}" "homepvv${l}.pvv.ntnu.no:/export/home/pvv/${l}")
+      [ "a" "b" "c" "d"  "h" "i" "j" "k" "l" "m" "z" ]));
+  in { }
+  //
+  (lib.mapAttrs (_: device: {
+    inherit device;
+    fsType = "nfs";
+    options = [
+      "nfsvers=3"
+      "noauto"
+      "proto=tcp"
+      "x-systemd.automount"
+      "x-systemd.idle-timeout=300"
+    ];
+  }) shorthandAreas);
+}

users/oysteikt.nix

@@ -6,6 +6,7 @@
     extraGroups = [
       "wheel"
       "drift"
+      "nix-builder-users"
     ];
 
     packages = with pkgs; [

values.nix

@@ -41,6 +41,9 @@ in rec {
       ipv4 = "129.241.152.254";
       # ipv6 = ;
     };
+    knutsen = {
+      ipv4 = pvv-ipv4 191;
+    };
     shark = {
       ipv4 = pvv-ipv4 196;
       ipv6 = pvv-ipv6 196;
@@ -53,6 +56,10 @@ in rec {
       ipv4 = pvv-ipv4 204;
       ipv6 = pvv-ipv6 "1:4f"; # Wtf øystein og daniel why
     };
+    buskerud = {
+      ipv4 = pvv-ipv4 231;
+      ipv6 = pvv-ipv6 231;
+    };
   };
 
   defaultNetworkConfig = {