mirror of
https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git
synced 2026-07-04 17:51:48 +02:00
Compare commits
10 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| d783ea15f7 | |||
| 372511f31e | |||
| d42711e1ed | |||
| 793b6c163a | |||
| 7681089ceb | |||
| 0d41e53589 | |||
| e1c820d37e | |||
| ebb721efc8 | |||
| 352f25f6fe | |||
| b592f0100a |
@@ -46,10 +46,6 @@
|
|||||||
|
|
||||||
system.nixos.tags = lib.optionals (inputs.self.sourceInfo ? dirtyRev) [ "dirty" ];
|
system.nixos.tags = lib.optionals (inputs.self.sourceInfo ? dirtyRev) [ "dirty" ];
|
||||||
|
|
||||||
specialisation."auto-upgrade".configuration = {
|
|
||||||
system.nixos.tags = [ "auto" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.tmp.cleanOnBoot = lib.mkDefault true;
|
boot.tmp.cleanOnBoot = lib.mkDefault true;
|
||||||
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
|
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
|
||||||
|
|
||||||
|
|||||||
@@ -13,7 +13,6 @@ in
|
|||||||
|
|
||||||
"--refresh"
|
"--refresh"
|
||||||
"--no-write-lock-file"
|
"--no-write-lock-file"
|
||||||
"--specialisation auto-upgrade"
|
|
||||||
# --update-input is deprecated since nix 2.22, and removed in lix 2.90
|
# --update-input is deprecated since nix 2.22, and removed in lix 2.90
|
||||||
# as such we instead use --override-input combined with --refresh
|
# as such we instead use --override-input combined with --refresh
|
||||||
# https://git.lix.systems/lix-project/lix/issues/400
|
# https://git.lix.systems/lix-project/lix/issues/400
|
||||||
|
|||||||
@@ -173,71 +173,62 @@
|
|||||||
);
|
);
|
||||||
|
|
||||||
stableNixosConfig = name: extraArgs:
|
stableNixosConfig = name: extraArgs:
|
||||||
nixosConfig nixpkgs name ./hosts/${name}/configuration.nix extraArgs;
|
nixosConfig nixpkgs name ./hosts/${name}/configuration.nix extraArgs;
|
||||||
in
|
in {
|
||||||
{
|
bakke = stableNixosConfig "bakke" {
|
||||||
bicep = stableNixosConfig "bicep" {
|
modules = [
|
||||||
modules = [
|
inputs.disko.nixosModules.disko
|
||||||
inputs.matrix-next.nixosModules.default
|
];
|
||||||
inputs.pvv-calendar-bot.nixosModules.default
|
};
|
||||||
inputs.minecraft-heatmap.nixosModules.default
|
bicep = stableNixosConfig "bicep" {
|
||||||
self.nixosModules.gickup
|
modules = [
|
||||||
self.nixosModules.matrix-ooye
|
inputs.matrix-next.nixosModules.default
|
||||||
];
|
inputs.pvv-calendar-bot.nixosModules.default
|
||||||
overlays = [
|
inputs.minecraft-heatmap.nixosModules.default
|
||||||
inputs.pvv-calendar-bot.overlays.default
|
self.nixosModules.gickup
|
||||||
inputs.minecraft-heatmap.overlays.default
|
self.nixosModules.matrix-ooye
|
||||||
(final: prev: {
|
];
|
||||||
inherit (self.packages.${prev.stdenv.hostPlatform.system}) out-of-your-element;
|
overlays = [
|
||||||
})
|
inputs.pvv-calendar-bot.overlays.default
|
||||||
];
|
inputs.minecraft-heatmap.overlays.default
|
||||||
};
|
(final: prev: {
|
||||||
bekkalokk = stableNixosConfig "bekkalokk" {
|
inherit (self.packages.${prev.stdenv.hostPlatform.system}) out-of-your-element;
|
||||||
overlays = [
|
})
|
||||||
(final: prev: {
|
];
|
||||||
mediawiki-extensions = final.callPackage ./packages/mediawiki-extensions {};
|
};
|
||||||
simplesamlphp = final.callPackage ./packages/simplesamlphp {};
|
bekkalokk = stableNixosConfig "bekkalokk" {
|
||||||
})
|
overlays = [
|
||||||
inputs.pvv-nettsiden.overlays.default
|
(final: prev: {
|
||||||
inputs.qotd.overlays.default
|
mediawiki-extensions = final.callPackage ./packages/mediawiki-extensions { };
|
||||||
];
|
simplesamlphp = final.callPackage ./packages/simplesamlphp { };
|
||||||
modules = [
|
bluemap = final.callPackage ./packages/bluemap.nix { };
|
||||||
inputs.pvv-nettsiden.nixosModules.default
|
})
|
||||||
inputs.qotd.nixosModules.default
|
inputs.pvv-nettsiden.overlays.default
|
||||||
];
|
inputs.qotd.overlays.default
|
||||||
};
|
];
|
||||||
ildkule = stableNixosConfig "ildkule" {
|
modules = [
|
||||||
modules = [
|
inputs.pvv-nettsiden.nixosModules.default
|
||||||
inputs.disko.nixosModules.disko
|
self.nixosModules.bluemap
|
||||||
];
|
inputs.qotd.nixosModules.default
|
||||||
};
|
];
|
||||||
skrot = stableNixosConfig "skrot" {
|
};
|
||||||
modules = [
|
ildkule = stableNixosConfig "ildkule" { };
|
||||||
self.nixosModules.drumknotty
|
#ildkule-unstable = unstableNixosConfig "ildkule" { };
|
||||||
inputs.disko.nixosModules.disko
|
skrot = stableNixosConfig "skrot" {
|
||||||
];
|
modules = [
|
||||||
overlays =
|
self.nixosModules.drumknotty
|
||||||
[
|
inputs.disko.nixosModules.disko
|
||||||
inputs.dibbler.overlays.default
|
];
|
||||||
inputs.worblehat.overlays.default
|
overlays =
|
||||||
];
|
[
|
||||||
};
|
inputs.dibbler.overlays.default
|
||||||
shark = stableNixosConfig "shark" {};
|
inputs.worblehat.overlays.default
|
||||||
wenche = stableNixosConfig "wenche" {};
|
];
|
||||||
temmie = stableNixosConfig "temmie" {
|
};
|
||||||
overlays = [
|
shark = stableNixosConfig "shark" { };
|
||||||
inputs.bro.overlays.default
|
wenche = stableNixosConfig "wenche" { };
|
||||||
];
|
temmie = stableNixosConfig "temmie" { };
|
||||||
modules = [
|
gluttony = stableNixosConfig "gluttony" { };
|
||||||
inputs.bro.nixosModules.default
|
|
||||||
];
|
|
||||||
};
|
|
||||||
gluttony = stableNixosConfig "gluttony" {
|
|
||||||
overlays = [
|
|
||||||
(final: prev: { bluemap = final.callPackage ./packages/bluemap.nix {}; })
|
|
||||||
];
|
|
||||||
modules = [ self.nixosModules.bluemap ];
|
|
||||||
};
|
|
||||||
|
|
||||||
kommode = stableNixosConfig "kommode" {
|
kommode = stableNixosConfig "kommode" {
|
||||||
overlays = [
|
overlays = [
|
||||||
|
|||||||
@@ -7,7 +7,7 @@
|
|||||||
|
|
||||||
./services/alps.nix
|
./services/alps.nix
|
||||||
./services/bluemap.nix
|
./services/bluemap.nix
|
||||||
./services/radicale.nix
|
./services/radicle.nix
|
||||||
./services/idp-simplesamlphp
|
./services/idp-simplesamlphp
|
||||||
./services/kerberos.nix
|
./services/kerberos.nix
|
||||||
./services/mediawiki
|
./services/mediawiki
|
||||||
|
|||||||
@@ -22,7 +22,6 @@ in {
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx.virtualHosts."${domain}" = {
|
services.nginx.virtualHosts."${domain}" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
@@ -37,4 +36,5 @@ in {
|
|||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
networking.firewall.allowedTCPPorts = [ radicalePort ];
|
||||||
}
|
}
|
||||||
@@ -10,9 +10,8 @@
|
|||||||
enableACME = true;
|
enableACME = true;
|
||||||
kTLS = true;
|
kTLS = true;
|
||||||
locations = {
|
locations = {
|
||||||
# "= /".return = "302 https://webmail.pvv.ntnu.no/roundcube";
|
"= /".return = "302 https://webmail.pvv.ntnu.no/roundcube";
|
||||||
|
|
||||||
"/roundcube".return = "302 https://webmail.pvv.ntnu.no/";
|
|
||||||
"/afterlogic_lite".return = "302 https://webmail.pvv.ntnu.no/roundcube";
|
"/afterlogic_lite".return = "302 https://webmail.pvv.ntnu.no/roundcube";
|
||||||
"/squirrelmail".return = "302 https://webmail.pvv.ntnu.no/roundcube";
|
"/squirrelmail".return = "302 https://webmail.pvv.ntnu.no/roundcube";
|
||||||
"/rainloop".return = "302 https://snappymail.pvv.ntnu.no/";
|
"/rainloop".return = "302 https://snappymail.pvv.ntnu.no/";
|
||||||
|
|||||||
@@ -29,7 +29,7 @@ in
|
|||||||
|
|
||||||
dicts = with pkgs.aspellDicts; [ en en-computers nb nn fr de it ];
|
dicts = with pkgs.aspellDicts; [ en en-computers nb nn fr de it ];
|
||||||
maxAttachmentSize = 20;
|
maxAttachmentSize = 20;
|
||||||
hostName = domain;
|
hostName = "roundcubeplaceholder.example.com";
|
||||||
|
|
||||||
database = {
|
database = {
|
||||||
host = "postgres.pvv.ntnu.no";
|
host = "postgres.pvv.ntnu.no";
|
||||||
@@ -49,9 +49,44 @@ in
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO: move this back to `webmail.pvv.ntnu.no/roundcube` subpath
|
services.nginx.virtualHosts."roundcubeplaceholder.example.com" = lib.mkForce { };
|
||||||
|
|
||||||
services.nginx.virtualHosts.${domain} = {
|
services.nginx.virtualHosts.${domain} = {
|
||||||
kTLS = true;
|
kTLS = true;
|
||||||
|
locations."/roundcube" = {
|
||||||
|
tryFiles = "$uri $uri/ =404";
|
||||||
|
index = "index.php";
|
||||||
|
root = pkgs.linkFarm "roundcube-dir" {
|
||||||
|
roundcube = "${cfg.package}";
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
location ~ ^/roundcube/(${builtins.concatStringsSep "|" [
|
||||||
|
# https://wiki.archlinux.org/title/Roundcube
|
||||||
|
"README"
|
||||||
|
"INSTALL"
|
||||||
|
"LICENSE"
|
||||||
|
"CHANGELOG"
|
||||||
|
"UPGRADING"
|
||||||
|
"bin"
|
||||||
|
"SQL"
|
||||||
|
".+\\.md"
|
||||||
|
"\\."
|
||||||
|
"config"
|
||||||
|
"temp"
|
||||||
|
"logs"
|
||||||
|
]})/? {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/roundcube/(.+\.php)(/?.*)$ {
|
||||||
|
fastcgi_split_path_info ^/roundcube(/.+\.php)(/.+)$;
|
||||||
|
include ${config.services.nginx.package}/conf/fastcgi_params;
|
||||||
|
include ${config.services.nginx.package}/conf/fastcgi.conf;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
fastcgi_pass unix:${config.services.phpfpm.pools.roundcube.socket};
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -23,9 +23,6 @@ in
|
|||||||
bind-address = values.services.mysql.ipv4;
|
bind-address = values.services.mysql.ipv4;
|
||||||
skip-networking = 0;
|
skip-networking = 0;
|
||||||
|
|
||||||
# Useful for the mysqld prometheus exporter
|
|
||||||
userstat = 1;
|
|
||||||
|
|
||||||
# This was needed in order to be able to use all of the old users
|
# This was needed in order to be able to use all of the old users
|
||||||
# during migration from knakelibrak to bicep in Sep. 2023
|
# during migration from knakelibrak to bicep in Sep. 2023
|
||||||
secure_auth = 0;
|
secure_auth = 0;
|
||||||
@@ -74,16 +71,4 @@ in
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.logrotate = lib.mkIf (cfg.settings.mysqld.slow-query-log == 1) {
|
|
||||||
enable = true;
|
|
||||||
settings.mysql-slowlog = {
|
|
||||||
files = [ cfg.settings.mysqld.slow-query-log-file ];
|
|
||||||
frequency = "weekly";
|
|
||||||
rotate = 12;
|
|
||||||
create = "0660 mysql mysql";
|
|
||||||
minsize = "1M";
|
|
||||||
compress = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,12 +1,14 @@
|
|||||||
{ ... }:
|
{ ... }:
|
||||||
{
|
{
|
||||||
services.prometheus.scrapeConfigs = [{
|
services.prometheus = {
|
||||||
job_name = "exim";
|
scrapeConfigs = [
|
||||||
scrape_interval = "15s";
|
{
|
||||||
scheme = "http";
|
job_name = "exim";
|
||||||
|
scrape_interval = "15s";
|
||||||
static_configs = [{
|
static_configs = [{
|
||||||
targets = [ "microbel.pvv.ntnu.no:9636" ];
|
targets = [ "microbel.pvv.ntnu.no:9636" ];
|
||||||
}];
|
}];
|
||||||
}];
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -9,12 +9,6 @@
|
|||||||
|
|
||||||
sops.defaultSopsFile = fp /secrets/lupine/lupine.yaml;
|
sops.defaultSopsFile = fp /secrets/lupine/lupine.yaml;
|
||||||
|
|
||||||
boot.binfmt.emulatedSystems = [
|
|
||||||
"aarch64-linux"
|
|
||||||
"armv7l-linux"
|
|
||||||
"i686-linux"
|
|
||||||
];
|
|
||||||
|
|
||||||
systemd.network.networks."30-enp0s31f6" = values.defaultNetworkConfig // {
|
systemd.network.networks."30-enp0s31f6" = values.defaultNetworkConfig // {
|
||||||
matchConfig.Name = "enp0s31f6";
|
matchConfig.Name = "enp0s31f6";
|
||||||
address = with values.hosts.${lupineName}; [ (ipv4 + "/25") (ipv6 + "/64") ];
|
address = with values.hosts.${lupineName}; [ (ipv4 + "/25") (ipv6 + "/64") ];
|
||||||
|
|||||||
@@ -10,18 +10,18 @@ let
|
|||||||
in
|
in
|
||||||
buildNpmPackage {
|
buildNpmPackage {
|
||||||
pname = "delete-your-element";
|
pname = "delete-your-element";
|
||||||
version = "3.6.0";
|
version = "3.5.1";
|
||||||
src = fetchFromGitea {
|
src = fetchFromGitea {
|
||||||
domain = "git.pvv.ntnu.no";
|
domain = "git.pvv.ntnu.no";
|
||||||
owner = "Drift";
|
owner = "Drift";
|
||||||
repo = "delete-your-element";
|
repo = "delete-your-element";
|
||||||
rev = "44fb6a02d3139e8ab10e9660ad931e5e70d1205f";
|
rev = "80ac1d9d79207b6327975a264fcd9747b99a2a5d";
|
||||||
hash = "sha256-wDQhPbxwdkAm0kPhaDNjbk8rVFxnGinffVdASdFrYnU=";
|
hash = "sha256-fcBpUZ+WEMUXyyo/uaArl4D1NJmK95isWqhFSt6HzUU=";
|
||||||
};
|
};
|
||||||
|
|
||||||
inherit nodejs;
|
inherit nodejs;
|
||||||
|
|
||||||
npmDepsHash = "sha256-h1mmE0/+Y7SBwnI0vaYvV+KqRDJGzwJvDUOkigzHcOY=";
|
npmDepsHash = "sha256-EYxJi6ObJQOLyiJq4C3mV6I62ns9l64ZHcdoQxmN5Ao=";
|
||||||
dontNpmBuild = true;
|
dontNpmBuild = true;
|
||||||
|
|
||||||
nativeBuildInputs = [ makeWrapper ];
|
nativeBuildInputs = [ makeWrapper ];
|
||||||
|
|||||||
Reference in New Issue
Block a user