values/grzegorz: migrate ntnu IPs to values.nix

base/default.nix

@@ -50,18 +50,6 @@
     kitty.terminfo
   ];
 
-  # .bash_profile already works, but lets also use .bashrc like literally every other distro
-  # https://man.archlinux.org/man/core/bash/bash.1.en#INVOCATION
-  # home-manager usually handles this for you: https://github.com/nix-community/home-manager/blob/22a36aa709de7dd42b562a433b9cefecf104a6ee/modules/programs/bash.nix#L203-L209
-  # btw, programs.bash.shellInit just goes into environment.shellInit which in turn goes into /etc/profile, spooky shit
-  programs.bash.shellInit = ''
-   if [ -n "''${BASH_VERSION:-}" ]; then
-     if [[ ! -f ~/.bash_profile && ! -f ~/.bash_login ]]; then
-      [[ -f ~/.bashrc ]] && . ~/.bashrc
-     fi
-   fi
-  '';
-
   programs.zsh.enable = true;
 
   security.lockKernelModules = true;

hosts/bekkalokk/services/website/default.nix

@@ -67,12 +67,7 @@ in {
         ADMIN_NAME = "PVV Drift";
         ADMIN_EMAIL = "drift@pvv.ntnu.no";
         ADMIN_PASSWORD = includeFromSops "simplesamlphp/admin_password";
-        TRUSTED_DOMAINS = [
+        TRUSTED_DOMAINS = [ cfg.domainName ];
-          "www.pvv.ntnu.no"
-          "pvv.ntnu.no"
-          "www.pvv.org"
-          "pvv.org"
-        ];
       };
     };
   };

hosts/kommode/services/gitea/default.nix

@@ -49,10 +49,6 @@ in {
         START_LFS_SERVER = true;
         LANDING_PAGE = "explore";
       };
-      "git.timeout" = {
-        MIGRATE = 3600;
-        MIRROR = 1800;
-      };
       mailer = {
         ENABLED = true;
         FROM = "gitea@pvv.ntnu.no";
@@ -140,7 +136,6 @@ in {
 
     dump = {
       enable = true;
-      interval = "weekly";
       type = "tar.gz";
     };
   };

modules/grzegorz.nix

@@ -1,4 +1,4 @@
-{config, lib, pkgs, ...}:
+{config, lib, pkgs, values, ...}:
 let
   grg = config.services.greg-ng;
   grgw = config.services.grzegorz-webui;
@@ -37,8 +37,12 @@ in {
         "${machine}.pvv.org"
       ];
       extraConfig = ''
-        allow 129.241.210.128/25;
+        # pvv
-        allow 2001:700:300:1900::/64;
+        allow ${values.ipv4-space}
+        allow ${values.ipv6-space}
+        # ntnu
+        allow ${values.ntnu.ipv4-space}
+        allow ${values.ntnu.ipv6-space}
         deny all;
       '';
     };
@@ -51,8 +55,12 @@ in {
         "${machine}-backend.pvv.org"
       ];
       extraConfig = ''
-        allow 129.241.210.128/25;
+        # pvv
-        allow 2001:700:300:1900::/64;
+        allow ${values.ipv4-space}
+        allow ${values.ipv6-space}
+        # ntnu
+        allow ${values.ntnu.ipv4-space}
+        allow ${values.ntnu.ipv6-space}
         deny all;
       '';
 
@@ -70,8 +78,12 @@ in {
         "${machine}-old.pvv.org"
       ];
       extraConfig = ''
-        allow 129.241.210.128/25;
+        # pvv
-        allow 2001:700:300:1900::/64;
+        allow ${values.ipv4-space}
+        allow ${values.ipv6-space}
+        # ntnu
+        allow ${values.ntnu.ipv4-space}
+        allow ${values.ntnu.ipv6-space}
         deny all;
       '';
 

values.nix

@@ -1,8 +1,13 @@
 # Feel free to change the structure of this file
 let
-  pvv-ipv4 = suffix: "129.241.210.${toString suffix}";
+  ntnu-ipv4 = suffix: "129.241.${toString suffix}";
-  pvv-ipv6 = suffix: "2001:700:300:1900::${toString suffix}";
+  ntnu-ipv6 = suffix: "2001:700:300:${toString suffix}";
+  pvv-ipv4 = suffix: ntnu-ipv4 "210.${toString suffix}";
+  pvv-ipv6 = suffix: ntnu-ipv6 "1900::${toString suffix}";
 in rec {
+  ntnu.ipv4-space = ntnu-ipv4 "0.0/16"; # https://ipinfo.io/ips/129.241.0.0/16
+  ntnu.ipv6-space = ntnu-ipv6 ":/48"; # https://ipinfo.io/2001:700:300::
+
   ipv4-space = pvv-ipv4 "128/25";
   ipv6-space = pvv-ipv6 "/64";