WIP

Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/61
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>

base.nix

@@ -76,10 +76,19 @@
   # Trusted users on the nix builder machines
   users.groups."nix-builder-users".name = "nix-builder-users";
 
+  # Let's not thermal throttle
+  services.thermald.enable = lib.mkIf (lib.all (x: x) [
+      (config.nixpkgs.system == "x86_64-linux")
+      (!config.boot.isContainer or false)
+    ]) true;
+
   services.openssh = {
     enable = true;
     extraConfig = ''
       PubkeyAcceptedAlgorithms=+ssh-rsa
+      Match Group wheel
+        PasswordAuthentication no
+      Match All
     '';
     settings.PermitRootLogin = "yes";
   };

flake.nix

@@ -38,7 +38,7 @@
       "aarch64-darwin"
     ];
     forAllSystems = f: nixlib.genAttrs systems f;
-    allMachines = nixlib.mapAttrsToList (name: _: name) self.nixosConfigurations;
+    allMachines = builtins.attrNames self.nixosConfigurations;
     importantMachines = [
       "bekkalokk"
       "bicep"
@@ -47,6 +47,8 @@
       "ildkule"
     ];
   in {
+    inherit inputs;
+
     nixosConfigurations = let
       unstablePkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
       nixosConfig = nixpkgs: name: config: nixpkgs.lib.nixosSystem (nixpkgs.lib.recursiveUpdate
@@ -124,6 +126,11 @@
       buskerud = stableNixosConfig "buskerud" { };
     };
 
+    nixosModules = {
+      snakeoil-certs = ./modules/snakeoil-certs.nix;
+      snappymail = ./modules/snappymail.nix;
+    };
+
     devShells = forAllSystems (system: {
       default = nixpkgs.legacyPackages.${system}.callPackage ./shell.nix { };
     });

hosts/bekkalokk/services/gitea/default.nix

@@ -58,6 +58,14 @@ in {
       service = {
         DISABLE_REGISTRATION = true;
         ENABLE_NOTIFY_MAIL = true;
+
+        # Not a very commonly used feature, make opt-in
+        DEFAULT_ENABLE_TIMETRACKING = false;
+
+        # Everyone here are contributors
+        DEFAULT_ALLOW_ONLY_CONTRIBUTORS_TO_TRACK_TIME = false;
+
+        DEFAULT_ORG_MEMBER_VISIBLE = true;
       };
       admin.DEFAULT_EMAIL_NOTIFICATIONS = "onmention";
       session.COOKIE_SECURE = true;
@@ -135,10 +143,16 @@ in {
     script = let
       logo-svg = ../../../../assets/logo_blue_regular.svg;
       logo-png = ../../../../assets/logo_blue_regular.png;
+      extraLinks = pkgs.writeText "gitea-extra-links.tmpl" ''
+        <a class="item" href="https://www.pvv.ntnu.no/">PVV</a>
+        <a class="item" href="https://wiki.pvv.ntnu.no/">Wiki</a>
+        <a class="item" href="https://git.pvv.ntnu.no/Drift/-/projects/4">Tokyo Drift Issues</a>
+      '';
     in ''
       install -Dm444 ${logo-svg} ${cfg.customDir}/public/assets/img/logo.svg
       install -Dm444 ${logo-png} ${cfg.customDir}/public/assets/img/logo.png
       install -Dm444 ${./loading.apng} ${cfg.customDir}/public/assets/img/loading.png
+      install -Dm444 ${extraLinks} ${cfg.customDir}/templates/custom/extra_links.tmpl
     '';
   };
 }

justfile

@@ -0,0 +1,21 @@
+export GUM_FILTER_HEIGHT := "15"
+nom := `if command -v nom >/dev/null; then echo nom; else echo nix; fi`
+
+@_default:
+  just "$(gum choose --ordered --header "Pick a recipie..." $(just --summary --unsorted))"
+
+check:
+  nix flake check --keep-going
+
+build-machine machine=`just _a_machine`:
+  {{nom}} build .#nixosConfigurations.{{ machine }}.config.system.build.toplevel
+
+@update-inputs:
+  nix eval .#inputs --apply builtins.attrNames --json \
+    | jq '.[]' -r \
+    | gum choose --no-limit --height=15 \
+    | xargs nix flake update --commit-lock-file
+
+
+_a_machine:
+  nix eval .#nixosConfigurations --apply builtins.attrNames --json | jq .[] -r | gum filter

shell.nix

@@ -1,6 +1,9 @@
 { pkgs ? import <nixpkgs> {} }:
 pkgs.mkShellNoCC {
   packages = with pkgs; [
+    just
+    jq
+    gum
     sops
     gnupg
     statix