felixalb
/
pvv-nixos-config
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: felixalb:22974fe7067012f367fbf0accb7c0df4dff8d28e
Branches Tags
felixalb:main
felixalb:pvvvvv
felixalb:init-bakke
felixalb:hookshot
felixalb:disable-postgres-on-bekkalokk
felixalb:sleipner-authorised-keys
felixalb:sounding
felixalb:retain-flake-inputs
felixalb:openstack-image-builder
felixalb:elysium
felixalb:cleanup
felixalb:fix-openstack-networking
felixalb:systemd_exporter
felixalb:backup-databases
felixalb:smartd-notifs
felixalb:systemd-journald-remote
felixalb:skrot
felixalb:deploy-doorbell
felixalb:misc-gitea-fixes
felixalb:run-vm
felixalb:spotifyd
felixalb:remote
felixalb:nix-topology
felixalb:dagali-heimdal-openldap-sasl-stack
felixalb:setup-bikkje-login
felixalb:ozai-prod
felixalb:add-bluemap
felixalb:ozai
felixalb:setup-postfix-for-service-machines
felixalb:fix-gitea-ci-runner-network-issues
felixalb:heimdal-openldap-sasl-testing-on-salsa-on-buskerud
felixalb:gitea-metrics
felixalb:misc1
felixalb:add-simple-saml-theme
felixalb:misc-extra-gitea-setup
felixalb:add-skrott
felixalb:setup-kerberos
felixalb:setup-home-areas
felixalb:setup-openvpn-tunnel
felixalb:shark-kanidm
felixalb:prometheusexim
..
compare: felixalb:77fa7897561ec01548d4a90b9b06923a39ab61c7
Branches Tags
felixalb:pvvvvv
felixalb:main
felixalb:init-bakke
felixalb:hookshot
felixalb:disable-postgres-on-bekkalokk
felixalb:sleipner-authorised-keys
felixalb:sounding
felixalb:retain-flake-inputs
felixalb:openstack-image-builder
felixalb:elysium
felixalb:cleanup
felixalb:fix-openstack-networking
felixalb:systemd_exporter
felixalb:backup-databases
felixalb:smartd-notifs
felixalb:systemd-journald-remote
felixalb:skrot
felixalb:deploy-doorbell
felixalb:misc-gitea-fixes
felixalb:run-vm
felixalb:spotifyd
felixalb:remote
felixalb:nix-topology
felixalb:dagali-heimdal-openldap-sasl-stack
felixalb:setup-bikkje-login
felixalb:ozai-prod
felixalb:add-bluemap
felixalb:ozai
felixalb:setup-postfix-for-service-machines
felixalb:fix-gitea-ci-runner-network-issues
felixalb:heimdal-openldap-sasl-testing-on-salsa-on-buskerud
felixalb:gitea-metrics
felixalb:misc1
felixalb:add-simple-saml-theme
felixalb:misc-extra-gitea-setup
felixalb:add-skrott
felixalb:setup-kerberos
felixalb:setup-home-areas
felixalb:setup-openvpn-tunnel
felixalb:shark-kanidm
felixalb:prometheusexim

9 Commits
22974fe706 ... 77fa789756

Author SHA1 Message Date
Felix Albrigtsen 77fa789756 Openstack: fix broken ntnu-internal route 2024-07-29 15:22:56 +02:00
Felix Albrigtsen 4b3d3709b5 Openstack: Add ipv6, clean up config 2024-07-29 15:13:25 +02:00
Felix Albrigtsen 381d5b6734 Values: Make generic network configs for openstack guests 2024-07-29 15:13:25 +02:00
Felix Albrigtsen 6c2211b7f9 Ildkule: Configure both networks with proper routes 2024-07-29 15:13:25 +02:00
Felix Albrigtsen c0473aae37 Ildkule: Remove ens3, add global/floating ipv4 addr 2024-07-29 15:13:25 +02:00
Felix Albrigtsen c7797bdd04 Merge pull request 'SimpleSAMLPHP/MediaWiki: Update deprecated --replace' (!48) from fix-replace-warn into main 
Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/48
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
 2024-07-28 23:30:44 +02:00
Felix Albrigtsen 615b5fc1f1 SimpleSAMLPHP/MediaWiki: Update deprecated --replace 2024-07-28 23:28:33 +02:00
Oystein Kristoffer Tveit a0a837e26d Merge pull request 'bekkalokk/gitea: direct non-logged-in users to the explore tab' (!46) from gitea-explore into main 
Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/46
Reviewed-by: Felix Albrigtsen <felixalb@pvv.ntnu.no>
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>
 2024-07-28 23:10:38 +02:00
Daniel Olsen 8f3013dc00 bekkalokk/gitea: direct non-logged-in users to the explore tab 
This is a much more interesting page rather than trying to sell gitea
 2024-07-19 21:19:06 +02:00
5 changed files with 34 additions and 29 deletions
Show Stats Expand all files Collapse all files

1
hosts/bekkalokk/services/gitea/default.nix
View File

@ -43,6 +43,7 @@ in {
SSH_PORT = sshPort; SSH_PORT = sshPort;
START_SSH_SERVER = true; START_SSH_SERVER = true;
START_LFS_SERVER = true; START_LFS_SERVER = true;
LANDING_PAGE = "explore";
}; };
mailer = { mailer = {
ENABLED = true; ENABLED = true;

20
hosts/bekkalokk/services/idp-simplesamlphp/default.nix
View File

@ -84,16 +84,16 @@ let
cp ${./config.php} "$out" cp ${./config.php} "$out"
substituteInPlace "$out" \ substituteInPlace "$out" \
--replace '$SAML_COOKIE_SECURE' 'true' \ --replace-warn '$SAML_COOKIE_SECURE' 'true' \
--replace '$SAML_COOKIE_SALT' 'file_get_contents("${config.sops.secrets."idp/cookie_salt".path}")' \ --replace-warn '$SAML_COOKIE_SALT' 'file_get_contents("${config.sops.secrets."idp/cookie_salt".path}")' \
--replace '$SAML_ADMIN_NAME' '"Drift"' \ --replace-warn '$SAML_ADMIN_NAME' '"Drift"' \
--replace '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \ --replace-warn '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \
--replace '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/admin_password".path}")' \ --replace-warn '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/admin_password".path}")' \
--replace '$SAML_TRUSTED_DOMAINS' 'array( "idp.pvv.ntnu.no" )' \ --replace-warn '$SAML_TRUSTED_DOMAINS' 'array( "idp.pvv.ntnu.no" )' \
--replace '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=idp"' \ --replace-warn '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=idp"' \
--replace '$SAML_DATABASE_USERNAME' '"idp"' \ --replace-warn '$SAML_DATABASE_USERNAME' '"idp"' \
--replace '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/postgres_password".path}")' \ --replace-warn '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/postgres_password".path}")' \
--replace '$CACHE_DIRECTORY' '/var/cache/idp' --replace-warn '$CACHE_DIRECTORY' '/var/cache/idp'
''; '';
"modules/authpwauth/src/Auth/Source/PwAuth.php" = ./authpwauth.php; "modules/authpwauth/src/Auth/Source/PwAuth.php" = ./authpwauth.php;

20
hosts/bekkalokk/services/mediawiki/default.nix
View File

@ -17,16 +17,16 @@
cp ${./simplesaml-config.php} "$out" cp ${./simplesaml-config.php} "$out"
substituteInPlace "$out" \ substituteInPlace "$out" \
--replace '$SAML_COOKIE_SECURE' 'true' \ --replace-warn '$SAML_COOKIE_SECURE' 'true' \
--replace '$SAML_COOKIE_SALT' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/cookie_salt".path}")' \ --replace-warn '$SAML_COOKIE_SALT' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/cookie_salt".path}")' \
--replace '$SAML_ADMIN_NAME' '"Drift"' \ --replace-warn '$SAML_ADMIN_NAME' '"Drift"' \
--replace '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \ --replace-warn '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \
--replace '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/admin_password".path}")' \ --replace-warn '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/admin_password".path}")' \
--replace '$SAML_TRUSTED_DOMAINS' 'array( "wiki.pvv.ntnu.no" )' \ --replace-warn '$SAML_TRUSTED_DOMAINS' 'array( "wiki.pvv.ntnu.no" )' \
--replace '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=mediawiki_simplesamlphp"' \ --replace-warn '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=mediawiki_simplesamlphp"' \
--replace '$SAML_DATABASE_USERNAME' '"mediawiki_simplesamlphp"' \ --replace-warn '$SAML_DATABASE_USERNAME' '"mediawiki_simplesamlphp"' \
--replace '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/postgres_password".path}")' \ --replace-warn '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/postgres_password".path}")' \
--replace '$CACHE_DIRECTORY' '/var/cache/mediawiki/idp' --replace-warn '$CACHE_DIRECTORY' '/var/cache/mediawiki/idp'
''; '';
}; };
}; };

8
hosts/ildkule/configuration.nix
View File

@ -25,15 +25,21 @@
systemd.network.networks."30-ntnu-global" = values.openstackGlobalNetworkConfig // { systemd.network.networks."30-ntnu-global" = values.openstackGlobalNetworkConfig // {
matchConfig.Name = "ens4"; matchConfig.Name = "ens4";
# Add the global address in addition to the local address learned from DHCP # Add the global addresses in addition to the local address learned from DHCP
addresses = [ addresses = [
{ addressConfig.Address = "${values.hosts.ildkule.ipv4_global}/32"; } { addressConfig.Address = "${values.hosts.ildkule.ipv4_global}/32"; }
{ addressConfig.Address = "${values.hosts.ildkule.ipv6_global}/128"; }
]; ];
}; };
# Secondary connection only for use within the university network # Secondary connection only for use within the university network
systemd.network.networks."40-ntnu-internal" = values.openstackLocalNetworkConfig // { systemd.network.networks."40-ntnu-internal" = values.openstackLocalNetworkConfig // {
matchConfig.Name = "ens3"; matchConfig.Name = "ens3";
# Add the ntnu-internal addresses in addition to the local address learned from DHCP
addresses = [
{ addressConfig.Address = "${values.hosts.ildkule.ipv4}/32"; }
{ addressConfig.Address = "${values.hosts.ildkule.ipv6}/128"; }
];
}; };
# List packages installed in system profile # List packages installed in system profile

14
values.nix
View File

@ -74,7 +74,7 @@ in rec {
}; };
openstackGlobalNetworkConfig = { openstackGlobalNetworkConfig = {
networkConfig.IPv6AcceptRA = "no"; networkConfig.IPv6AcceptRA = "yes";
dns = [ "129.241.0.200" "129.241.0.201" ]; dns = [ "129.241.0.200" "129.241.0.201" ];
domains = [ "pvv.ntnu.no" "pvv.org" ]; domains = [ "pvv.ntnu.no" "pvv.org" ];
DHCP = "yes"; DHCP = "yes";
@ -85,15 +85,13 @@ in rec {
dns = [ "129.241.0.200" "129.241.0.201" ]; dns = [ "129.241.0.200" "129.241.0.201" ];
domains = [ "pvv.ntnu.no" "pvv.org" ]; domains = [ "pvv.ntnu.no" "pvv.org" ];
DHCP = "yes"; DHCP = "yes";
# Only use this network for link-local networking, not global/default routes
dhcpV4Config.UseRoutes = "no";
routes = [ routes = [
{ { routeConfig = { Destination = "10.0.0.0/8"; Gateway = "_dhcp4"; }; }
routeConfig.Destination = "10.0.0.0/8";
}
]; ];
linkConfig.RequiredForOnline = "no"; linkConfig.RequiredForOnline = "no";
dhcpV4Config = {
# Only use this network for link-local networking, no global/default routes
UseRoutes = "no";
};
}; };
} }