base: create flake input exporter

flake.lock: bump
kommode/gitea: skip some parts in the dumps
2026-01-13 19:08:25 +01:00 · 2025-10-12 02:40:43 +02:00 · 2025-09-20 18:59:35 +02:00 · 2025-09-10 11:27:44 +02:00 · 2025-09-08 13:59:41 +02:00 · 2025-09-08 12:20:09 +02:00
4 changed files with 118 additions and 36 deletions
--- a/base/default.nix
+++ b/base/default.nix
@@ -1,4 +1,9 @@
-{ pkgs, lib, fp, ... }:
+{
  pkgs,
  lib,
  fp,
  ...
 }:
 {
  imports = [
@@ -8,6 +13,7 @@
    ./networking.nix
    ./nix.nix
    ./vm.nix
    ./flake-input-exporter.nix
    ./services/acme.nix
    ./services/uptimed.nix
@@ -57,11 +63,11 @@
  # home-manager usually handles this for you: https://github.com/nix-community/home-manager/blob/22a36aa709de7dd42b562a433b9cefecf104a6ee/modules/programs/bash.nix#L203-L209
  # btw, programs.bash.shellInit just goes into environment.shellInit which in turn goes into /etc/profile, spooky shit
  programs.bash.shellInit = ''
-   if [ -n "''${BASH_VERSION:-}" ]; then
+    if [ -n "''${BASH_VERSION:-}" ]; then
-     if [[ ! -f ~/.bash_profile && ! -f ~/.bash_login ]]; then
+      if [[ ! -f ~/.bash_profile && ! -f ~/.bash_login ]]; then
-      [[ -f ~/.bashrc ]] && . ~/.bashrc
+       [[ -f ~/.bashrc ]] && . ~/.bashrc
-     fi
+      fi
-   fi
+    fi
  '';
  programs.zsh.enable = true;
--- a/base/flake-input-exporter.nix
+++ b/base/flake-input-exporter.nix
@@ -0,0 +1,40 @@
 {
  config,
  inputs,
  lib,
  pkgs,
  ...
 }:
 let
  data = lib.flip lib.mapAttrs inputs (
    name: input: {
      inherit (input)
        lastModified
        ;
    }
  );
  folder = pkgs.writeTextDir "share/flake-inputs" (
    lib.concatMapStringsSep "\n" (
      { name, value }:
      "nixos_last_modified_input{flake=${name},host=${config.networking.hostName}} ${toString value.lastModified}"
    ) (lib.attrsToList data)
  );
 in
 {
  services.nginx.virtualHosts."${config.networking.fqdn}" = {
    forceSSL = true;
    enableACME = true;
    kTLS = true;
    serverAliases = [
      "${config.networking.hostName}.pvv.org"
    ];
    locations."/metrics" = {
      root = "${folder}/share";
    };
    extraConfig = ''
      allow 129.241.210.128/25;
      allow 2001:700:300:1900::/64;
      deny all;
    '';
  };
 }
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1752113600,
+        "lastModified": 1758287904,
-        "narHash": "sha256-7LYDxKxZgBQ8LZUuolAQ8UkIB+jb4A2UmiR+kzY9CLI=",
+        "narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=",
        "owner": "nix-community",
        "repo": "disko",
-        "rev": "79264292b7e3482e5702932949de9cbb69fedf6d",
+        "rev": "67ff9807dd148e704baadbd4fd783b54282ca627",
        "type": "github"
      },
      "original": {
@@ -27,11 +27,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1736621371,
+        "lastModified": 1758384693,
-        "narHash": "sha256-45UIQSQA7R5iU4YWvilo7mQbhY1Liql9bHBvYa3qRI0=",
+        "narHash": "sha256-zakdGo9micgEXGiC5Uq0gE5GkHtX12qaRYLcstKPek4=",
        "ref": "refs/heads/main",
-        "rev": "3729796c1213fe76e568ac28f1df8de4e596950b",
+        "rev": "5f6a462d87cbe25834e8f31283f39fb46c9c3561",
-        "revCount": 20,
+        "revCount": 21,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git"
      },
@@ -48,11 +48,11 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1752258704,
+        "lastModified": 1758386174,
-        "narHash": "sha256-pRK99+MCgkeVptbJxXhVMXIXl8uwSdkZDpQzFi3OgkA=",
+        "narHash": "sha256-iNDxHSDdb/LlqDbqP9BcZd1QEmks4iYiyN34UhUizZ8=",
        "ref": "refs/heads/main",
-        "rev": "9ff525339b62855d53a44b4dc0154a33ac19e44d",
+        "rev": "a21fdfe56743afc7de1fb14597711fbd97ddef76",
-        "revCount": 48,
+        "revCount": 50,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git"
      },
@@ -159,11 +159,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1752439653,
+        "lastModified": 1758363343,
-        "narHash": "sha256-mG27U2CFuggpAuozOu/4XAMKaOtJxzJVzdEemjQEBgg=",
+        "narHash": "sha256-TWem5ajoX0vD7j1v/cg3XU7GHWW10HRUQbZL++QNXLk=",
-        "rev": "dfcd5b901dbab46c9c6e80b265648481aafb01f8",
+        "rev": "b2a3852bd078e68dd2b3dfa8c00c67af1f0a7d20",
        "type": "tarball",
-        "url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.806304.dfcd5b901dba/nixexprs.tar.xz"
+        "url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.810175.b2a3852bd078/nixexprs.tar.xz"
      },
      "original": {
        "type": "tarball",
@@ -172,11 +172,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1752439402,
+        "lastModified": 1758361324,
-        "narHash": "sha256-xDfOnjnKStgsgcn9SFPgOV6qzwac4JvGKYyfR++49Pw=",
+        "narHash": "sha256-uCqhgJlmxP3UmyCNZ21ucc5Ic0I2le3rA7+Q61UH1YA=",
-        "rev": "b47d4f01d4213715a1f09b999bab96bb6a5b675e",
+        "rev": "0f3383ef02bc092d2f82afa4e556743c6e6b74d6",
        "type": "tarball",
-        "url": "https://releases.nixos.org/nixos/unstable-small/nixos-25.11pre829909.b47d4f01d421/nixexprs.tar.xz"
+        "url": "https://releases.nixos.org/nixos/unstable-small/nixos-25.11pre864278.0f3383ef02bc/nixexprs.tar.xz"
      },
      "original": {
        "type": "tarball",
@@ -210,11 +210,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1756750544,
+        "lastModified": 1757332682,
-        "narHash": "sha256-6mpzBbb4rlRGF9yfy6wsA20AeR0srUjIUjzlYbXPZYQ=",
+        "narHash": "sha256-4p4aVQWs7jHu3xb6TJlGik20lqbUU/Fc0/EHpzoRlO0=",
        "ref": "refs/heads/main",
-        "rev": "c38c502598a2dda8f8570e0eeffa15840028fb5f",
+        "rev": "da1113341ad9881d8d333d1e29790317bd7701e7",
-        "revCount": 512,
+        "revCount": 518,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
      },
@@ -248,11 +248,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1752201818,
+        "lastModified": 1758335443,
-        "narHash": "sha256-d8KczaVT8WFEZdWg//tMAbv8EDyn2YTWcJvSY8gqKBU=",
+        "narHash": "sha256-2jaGMj32IckpZgBjn7kG4zyJl66T+2A1Fn2ppkHh91o=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "bd8f8329780b348fedcd37b53dbbee48c08c496d",
+        "rev": "f1ccb14649cf87e48051a6ac3a571b4a57d84ff3",
        "type": "github"
      },
      "original": {
@@ -268,11 +268,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1751606940,
+        "lastModified": 1758007585,
-        "narHash": "sha256-KrDPXobG7DFKTOteqdSVeL1bMVitDcy7otpVZWDE6MA=",
+        "narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=",
        "owner": "Mic92",
        "repo": "sops-nix",
-        "rev": "3633fc4acf03f43b260244d94c71e9e14a2f6e0d",
+        "rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139",
        "type": "github"
      },
      "original": {
--- a/hosts/kommode/services/gitea/default.nix
+++ b/hosts/kommode/services/gitea/default.nix
@@ -1,4 +1,4 @@
-{ config, values, lib, unstablePkgs, ... }:
+{ config, values, lib, pkgs, unstablePkgs, ... }:
 let
  cfg = config.services.gitea;
  domain = "git.pvv.ntnu.no";
@@ -159,8 +159,17 @@ in {
  environment.systemPackages = [ cfg.package ];
  systemd.services.gitea.serviceConfig.Type = lib.mkForce "notify";
  systemd.services.gitea.serviceConfig.WatchdogSec = "60";
  systemd.services.gitea.serviceConfig.CPUSchedulingPolicy = "batch";
  systemd.services.gitea.serviceConfig.CacheDirectory = "gitea/repo-archive";
  systemd.services.gitea.serviceConfig.BindPaths = [
    "%C/gitea/repo-archive:${cfg.stateDir}/data/repo-archive"
  ];
  services.nginx.virtualHosts."${domain}" = {
    forceSSL = true;
    enableACME = true;
@@ -184,4 +193,31 @@ in {
  };
  networking.firewall.allowedTCPPorts = [ sshPort ];
  systemd.services.gitea-dump = {
    serviceConfig.ExecStart = let
      args = lib.cli.toGNUCommandLineShell { } {
        type = cfg.dump.type;
        # This should be declarative on nixos, no need to backup.
        skip-custom-dir = true;
        # This can be regenerated, no need to backup
        skip-index = true;
        # Logs are stored in the systemd journal
        skip-log = true;
      };
    in lib.mkForce "${lib.getExe cfg.package} ${args}";
    # Only keep n backup files at a time
    postStop = let
      cu = prog: "'${lib.getExe' pkgs.coreutils prog}'";
      backupCount = 3;
    in ''
      for file in $(${cu "ls"} -t1 '${cfg.dump.backupDir}' | ${cu "sort"} --reverse | ${cu "tail"} -n+${toString (backupCount + 1)}); do
        ${cu "rm"} "$file"
      done
      '';
  };
 }
Author	SHA1	Message	Date
fredrikr79	b4aada6fbc	base: create flake input exporter	2025-10-12 02:40:43 +02:00
h7x4	dbe9dbe6f4	flake.lock: bump	2025-09-20 18:59:35 +02:00
h7x4	2e75f31d3e	kommode/gitea: skip some parts in the dumps	2025-09-10 11:27:44 +02:00
Vegard Matthey	1166161858	oppdatere nettsiden	2025-09-08 13:59:41 +02:00
Vegard Matthey	a0164a4038	oppdatere nettsiden	2025-09-08 12:20:09 +02:00
h7x4	470cc451e0	kommode/gitea: fix backup count	2025-09-04 00:02:58 +02:00
h7x4	a803de2b23	kommode/gitea: enable sd_notify, enable hardware watchdog	2025-09-03 23:48:22 +02:00
h7x4	1dc78b6101	kommode/gitea: bindmount repo-archives to `/var/cache/gitea`	2025-09-03 23:23:16 +02:00
h7x4	54434b7f93	kommode/gitea: only keep 3 backups	2025-09-03 22:46:13 +02:00