felixalb
/
pvv-nixos-config
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Compare commits

base: felixalb:77fa7897561ec01548d4a90b9b06923a39ab61c7
Branches Tags
felixalb:main
felixalb:pvvvvv
felixalb:init-bakke
felixalb:hookshot
felixalb:disable-postgres-on-bekkalokk
felixalb:sleipner-authorised-keys
felixalb:sounding
felixalb:retain-flake-inputs
felixalb:openstack-image-builder
felixalb:elysium
felixalb:cleanup
felixalb:fix-openstack-networking
felixalb:systemd_exporter
felixalb:backup-databases
felixalb:smartd-notifs
felixalb:systemd-journald-remote
felixalb:skrot
felixalb:deploy-doorbell
felixalb:misc-gitea-fixes
felixalb:run-vm
felixalb:spotifyd
felixalb:remote
felixalb:nix-topology
felixalb:dagali-heimdal-openldap-sasl-stack
felixalb:setup-bikkje-login
felixalb:ozai-prod
felixalb:add-bluemap
felixalb:ozai
felixalb:setup-postfix-for-service-machines
felixalb:fix-gitea-ci-runner-network-issues
felixalb:heimdal-openldap-sasl-testing-on-salsa-on-buskerud
felixalb:gitea-metrics
felixalb:misc1
felixalb:add-simple-saml-theme
felixalb:misc-extra-gitea-setup
felixalb:add-skrott
felixalb:setup-kerberos
felixalb:setup-home-areas
felixalb:setup-openvpn-tunnel
felixalb:shark-kanidm
felixalb:prometheusexim
..
compare: felixalb:22974fe7067012f367fbf0accb7c0df4dff8d28e
Branches Tags
felixalb:pvvvvv
felixalb:main
felixalb:init-bakke
felixalb:hookshot
felixalb:disable-postgres-on-bekkalokk
felixalb:sleipner-authorised-keys
felixalb:sounding
felixalb:retain-flake-inputs
felixalb:openstack-image-builder
felixalb:elysium
felixalb:cleanup
felixalb:fix-openstack-networking
felixalb:systemd_exporter
felixalb:backup-databases
felixalb:smartd-notifs
felixalb:systemd-journald-remote
felixalb:skrot
felixalb:deploy-doorbell
felixalb:misc-gitea-fixes
felixalb:run-vm
felixalb:spotifyd
felixalb:remote
felixalb:nix-topology
felixalb:dagali-heimdal-openldap-sasl-stack
felixalb:setup-bikkje-login
felixalb:ozai-prod
felixalb:add-bluemap
felixalb:ozai
felixalb:setup-postfix-for-service-machines
felixalb:fix-gitea-ci-runner-network-issues
felixalb:heimdal-openldap-sasl-testing-on-salsa-on-buskerud
felixalb:gitea-metrics
felixalb:misc1
felixalb:add-simple-saml-theme
felixalb:misc-extra-gitea-setup
felixalb:add-skrott
felixalb:setup-kerberos
felixalb:setup-home-areas
felixalb:setup-openvpn-tunnel
felixalb:shark-kanidm
felixalb:prometheusexim

3 Commits
77fa789756 ... 22974fe706

Author SHA1 Message Date
Felix Albrigtsen 22974fe706 Values: Make generic network configs for openstack guests 2024-07-28 20:31:02 +02:00
Felix Albrigtsen 0c74f51c2f Ildkule: Configure both networks with proper routes 2024-07-28 19:30:16 +02:00
Felix Albrigtsen a88f70821a Ildkule: Remove ens3, add global/floating ipv4 addr 2024-07-28 19:25:52 +02:00
5 changed files with 29 additions and 34 deletions
Show Stats Expand all files Collapse all files

1
hosts/bekkalokk/services/gitea/default.nix
View File

@ -43,7 +43,6 @@ in {
SSH_PORT = sshPort;
START_SSH_SERVER = true;
START_LFS_SERVER = true;
LANDING_PAGE = "explore";
};
mailer = {
ENABLED = true;

20
hosts/bekkalokk/services/idp-simplesamlphp/default.nix
View File

@ -84,16 +84,16 @@ let
cp ${./config.php} "$out"
substituteInPlace "$out" \
--replace-warn '$SAML_COOKIE_SECURE' 'true' \
--replace-warn '$SAML_COOKIE_SALT' 'file_get_contents("${config.sops.secrets."idp/cookie_salt".path}")' \
--replace-warn '$SAML_ADMIN_NAME' '"Drift"' \
--replace-warn '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \
--replace-warn '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/admin_password".path}")' \
--replace-warn '$SAML_TRUSTED_DOMAINS' 'array( "idp.pvv.ntnu.no" )' \
--replace-warn '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=idp"' \
--replace-warn '$SAML_DATABASE_USERNAME' '"idp"' \
--replace-warn '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/postgres_password".path}")' \
--replace-warn '$CACHE_DIRECTORY' '/var/cache/idp'
--replace '$SAML_COOKIE_SECURE' 'true' \
--replace '$SAML_COOKIE_SALT' 'file_get_contents("${config.sops.secrets."idp/cookie_salt".path}")' \
--replace '$SAML_ADMIN_NAME' '"Drift"' \
--replace '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \
--replace '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/admin_password".path}")' \
--replace '$SAML_TRUSTED_DOMAINS' 'array( "idp.pvv.ntnu.no" )' \
--replace '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=idp"' \
--replace '$SAML_DATABASE_USERNAME' '"idp"' \
--replace '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."idp/postgres_password".path}")' \
--replace '$CACHE_DIRECTORY' '/var/cache/idp'
'';
"modules/authpwauth/src/Auth/Source/PwAuth.php" = ./authpwauth.php;

20
hosts/bekkalokk/services/mediawiki/default.nix
View File

@ -17,16 +17,16 @@
cp ${./simplesaml-config.php} "$out"
substituteInPlace "$out" \
--replace-warn '$SAML_COOKIE_SECURE' 'true' \
--replace-warn '$SAML_COOKIE_SALT' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/cookie_salt".path}")' \
--replace-warn '$SAML_ADMIN_NAME' '"Drift"' \
--replace-warn '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \
--replace-warn '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/admin_password".path}")' \
--replace-warn '$SAML_TRUSTED_DOMAINS' 'array( "wiki.pvv.ntnu.no" )' \
--replace-warn '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=mediawiki_simplesamlphp"' \
--replace-warn '$SAML_DATABASE_USERNAME' '"mediawiki_simplesamlphp"' \
--replace-warn '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/postgres_password".path}")' \
--replace-warn '$CACHE_DIRECTORY' '/var/cache/mediawiki/idp'
--replace '$SAML_COOKIE_SECURE' 'true' \
--replace '$SAML_COOKIE_SALT' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/cookie_salt".path}")' \
--replace '$SAML_ADMIN_NAME' '"Drift"' \
--replace '$SAML_ADMIN_EMAIL' '"drift@pvv.ntnu.no"' \
--replace '$SAML_ADMIN_PASSWORD' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/admin_password".path}")' \
--replace '$SAML_TRUSTED_DOMAINS' 'array( "wiki.pvv.ntnu.no" )' \
--replace '$SAML_DATABASE_DSN' '"pgsql:host=postgres.pvv.ntnu.no;port=5432;dbname=mediawiki_simplesamlphp"' \
--replace '$SAML_DATABASE_USERNAME' '"mediawiki_simplesamlphp"' \
--replace '$SAML_DATABASE_PASSWORD' 'file_get_contents("${config.sops.secrets."mediawiki/simplesamlphp/postgres_password".path}")' \
--replace '$CACHE_DIRECTORY' '/var/cache/mediawiki/idp'
'';
};
};

8
hosts/ildkule/configuration.nix
View File

@ -25,21 +25,15 @@
systemd.network.networks."30-ntnu-global" = values.openstackGlobalNetworkConfig // {
matchConfig.Name = "ens4";
# Add the global addresses in addition to the local address learned from DHCP
# Add the global address in addition to the local address learned from DHCP
addresses = [
{ addressConfig.Address = "${values.hosts.ildkule.ipv4_global}/32"; }
{ addressConfig.Address = "${values.hosts.ildkule.ipv6_global}/128"; }
];
};
# Secondary connection only for use within the university network
systemd.network.networks."40-ntnu-internal" = values.openstackLocalNetworkConfig // {
matchConfig.Name = "ens3";
# Add the ntnu-internal addresses in addition to the local address learned from DHCP
addresses = [
{ addressConfig.Address = "${values.hosts.ildkule.ipv4}/32"; }
{ addressConfig.Address = "${values.hosts.ildkule.ipv6}/128"; }
];
};
# List packages installed in system profile

14
values.nix
View File

@ -74,7 +74,7 @@ in rec {
};
openstackGlobalNetworkConfig = {
networkConfig.IPv6AcceptRA = "yes";
networkConfig.IPv6AcceptRA = "no";
dns = [ "129.241.0.200" "129.241.0.201" ];
domains = [ "pvv.ntnu.no" "pvv.org" ];
DHCP = "yes";
@ -85,13 +85,15 @@ in rec {
dns = [ "129.241.0.200" "129.241.0.201" ];
domains = [ "pvv.ntnu.no" "pvv.org" ];
DHCP = "yes";
# Only use this network for link-local networking, not global/default routes
dhcpV4Config.UseRoutes = "no";
routes = [
{ routeConfig = { Destination = "10.0.0.0/8"; Gateway = "_dhcp4"; }; }
{
routeConfig.Destination = "10.0.0.0/8";
}
];
linkConfig.RequiredForOnline = "no";
dhcpV4Config = {
# Only use this network for link-local networking, no global/default routes
UseRoutes = "no";
};
};
}