felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2025-01-18 08:46:46 +01:00
Code Issues Projects Releases Wiki Activity

WIP

Browse Source
This commit is contained in:
Øystein Tveit 2025-01-11 19:52:03 +01:00
parent 819fcef4c2
commit 28c459868f
3 changed files with 93 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
flake.lock generated
View File

@ -20,6 +20,26 @@
"type": "github" "type": "github"
} }
}, },
"gergle": {
"inputs": {
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1736621371,
"narHash": "sha256-45UIQSQA7R5iU4YWvilo7mQbhY1Liql9bHBvYa3qRI0=",
"ref": "refs/heads/main",
"rev": "3729796c1213fe76e568ac28f1df8de4e596950b",
"revCount": 20,
"type": "git",
"url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git"
},
"original": {
"type": "git",
"url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git"
}
},
"greg-ng": { "greg-ng": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -192,6 +212,7 @@
"root": { "root": {
"inputs": { "inputs": {
"disko": "disko", "disko": "disko",
"gergle": "gergle",
"greg-ng": "greg-ng", "greg-ng": "greg-ng",
"grzegorz-clients": "grzegorz-clients", "grzegorz-clients": "grzegorz-clients",
"matrix-next": "matrix-next", "matrix-next": "matrix-next",

6
flake.nix
View File

@ -25,6 +25,8 @@
greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git"; greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git";
greg-ng.inputs.nixpkgs.follows = "nixpkgs"; greg-ng.inputs.nixpkgs.follows = "nixpkgs";
gergle.url = "git+https://git.pvv.ntnu.no/Grzegorz/gergle.git";
gergle.inputs.nixpkgs.follows = "nixpkgs";
grzegorz-clients.url = "git+https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git"; grzegorz-clients.url = "git+https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git";
grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs"; grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";
@ -124,19 +126,23 @@
brzeczyszczykiewicz = stableNixosConfig "brzeczyszczykiewicz" { brzeczyszczykiewicz = stableNixosConfig "brzeczyszczykiewicz" {
modules = [ modules = [
inputs.grzegorz-clients.nixosModules.grzegorz-webui inputs.grzegorz-clients.nixosModules.grzegorz-webui
inputs.gergle.nixosModules.default
inputs.greg-ng.nixosModules.default inputs.greg-ng.nixosModules.default
]; ];
overlays = [ overlays = [
inputs.greg-ng.overlays.default inputs.greg-ng.overlays.default
inputs.gergle.overlays.default
]; ];
}; };
georg = stableNixosConfig "georg" { georg = stableNixosConfig "georg" {
modules = [ modules = [
inputs.grzegorz-clients.nixosModules.grzegorz-webui inputs.grzegorz-clients.nixosModules.grzegorz-webui
inputs.gergle.nixosModules.default
inputs.greg-ng.nixosModules.default inputs.greg-ng.nixosModules.default
]; ];
overlays = [ overlays = [
inputs.greg-ng.overlays.default inputs.greg-ng.overlays.default
inputs.gergle.overlays.default
]; ];
}; };
}; };

92
modules/grzegorz.nix
View File

@ -16,37 +16,77 @@ in {
listenAddr = "localhost"; listenAddr = "localhost";
listenPort = 42069; listenPort = 42069;
listenWebsocketPort = 42042; listenWebsocketPort = 42042;
hostName = "${config.networking.fqdn}"; hostName = "georg-old.pvv.ntnu.no";
apiBase = "http://${grg.settings.host}:${toString grg.settings.port}/api"; apiBase = "http://georg-backend.pvv.ntnu.no/api";
};
services.gergle = {
enable = true;
virtualHost = config.networking.fqdn;
}; };
services.nginx.enable = true; services.nginx.enable = true;
services.nginx.virtualHosts."${config.networking.fqdn}" = { services.nginx.virtualHosts = {
forceSSL = true; ${config.networking.fqdn} = {
enableACME = true; forceSSL = true;
kTLS = true; enableACME = true;
serverAliases = [ kTLS = true;
"${config.networking.hostName}.pvv.org" serverAliases = [
]; "${config.networking.hostName}.pvv.org"
extraConfig = '' ];
allow 129.241.210.128/25; extraConfig = ''
allow 2001:700:300:1900::/64; allow 129.241.210.128/25;
deny all; allow 2001:700:300:1900::/64;
''; deny all;
'';
};
locations."/" = { "georg-backend.pvv.ntnu.no" = {
proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenPort}"; forceSSL = true;
enableACME = true;
kTLS = true;
serverAliases = [
"georg-backend.pvv.org"
];
extraConfig = ''
allow 129.241.210.128/25;
allow 2001:700:300:1900::/64;
deny all;
'';
locations."/" = {
proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
proxyWebsockets = true;
};
}; };
# https://github.com/rawpython/remi/issues/216
locations."/websocket" = { "georg-old.pvv.ntnu.no" = {
proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenWebsocketPort}"; forceSSL = true;
proxyWebsockets = true; enableACME = true;
}; kTLS = true;
locations."/api" = { serverAliases = [
proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}"; "georg-old.pvv.org"
}; ];
locations."/docs" = { extraConfig = ''
proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}"; allow 129.241.210.128/25;
allow 2001:700:300:1900::/64;
deny all;
'';
locations."/" = {
proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenPort}";
};
# https://github.com/rawpython/remi/issues/216
locations."/websocket" = {
proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenWebsocketPort}";
proxyWebsockets = true;
};
locations."/api" = {
proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
};
locations."/docs" = {
proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
};
}; };
}; };
} }