mirror of
https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git
synced 2026-07-04 17:51:48 +02:00
Compare commits
2 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 14623252a1 | |||
| ffb2d261ae |
@@ -46,10 +46,6 @@
|
|||||||
|
|
||||||
system.nixos.tags = lib.optionals (inputs.self.sourceInfo ? dirtyRev) [ "dirty" ];
|
system.nixos.tags = lib.optionals (inputs.self.sourceInfo ? dirtyRev) [ "dirty" ];
|
||||||
|
|
||||||
specialisation."auto-upgrade".configuration = {
|
|
||||||
system.nixos.tags = [ "auto" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.tmp.cleanOnBoot = lib.mkDefault true;
|
boot.tmp.cleanOnBoot = lib.mkDefault true;
|
||||||
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
|
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
|
||||||
|
|
||||||
|
|||||||
@@ -13,7 +13,6 @@ in
|
|||||||
|
|
||||||
"--refresh"
|
"--refresh"
|
||||||
"--no-write-lock-file"
|
"--no-write-lock-file"
|
||||||
"--specialisation auto-upgrade"
|
|
||||||
# --update-input is deprecated since nix 2.22, and removed in lix 2.90
|
# --update-input is deprecated since nix 2.22, and removed in lix 2.90
|
||||||
# as such we instead use --override-input combined with --refresh
|
# as such we instead use --override-input combined with --refresh
|
||||||
# https://git.lix.systems/lix-project/lix/issues/400
|
# https://git.lix.systems/lix-project/lix/issues/400
|
||||||
|
|||||||
@@ -7,7 +7,6 @@
|
|||||||
|
|
||||||
./services/alps.nix
|
./services/alps.nix
|
||||||
./services/bluemap.nix
|
./services/bluemap.nix
|
||||||
./services/radicale.nix
|
|
||||||
./services/idp-simplesamlphp
|
./services/idp-simplesamlphp
|
||||||
./services/kerberos.nix
|
./services/kerberos.nix
|
||||||
./services/mediawiki
|
./services/mediawiki
|
||||||
|
|||||||
@@ -107,6 +107,7 @@ in {
|
|||||||
CodeEditor
|
CodeEditor
|
||||||
CodeMirror
|
CodeMirror
|
||||||
DeleteBatch
|
DeleteBatch
|
||||||
|
MediawikiMatrixNotifs
|
||||||
PdfHandler
|
PdfHandler
|
||||||
PluggableAuth
|
PluggableAuth
|
||||||
Popups
|
Popups
|
||||||
|
|||||||
@@ -1,40 +0,0 @@
|
|||||||
{ config, lib, ... }:
|
|
||||||
let
|
|
||||||
domain = "dav.pvv.ntnu.no";
|
|
||||||
radicalePort = 5232;
|
|
||||||
in {
|
|
||||||
services.radicale = {
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
settings = {
|
|
||||||
server = {
|
|
||||||
hosts = [ "127.0.0.1:${toString radicalePort}" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
auth = {
|
|
||||||
type = "imap";
|
|
||||||
imap_host = "imap.pvv.ntnu.no";
|
|
||||||
imap_security = "tls";
|
|
||||||
};
|
|
||||||
|
|
||||||
storage = {
|
|
||||||
filesystem_folder = "/var/lib/radicale/collections";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.nginx.virtualHosts."${domain}" = {
|
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
kTLS = true;
|
|
||||||
|
|
||||||
extraConfig = ''
|
|
||||||
client_max_body_size 128M;
|
|
||||||
'';
|
|
||||||
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://127.0.0.1:${toString radicalePort}";
|
|
||||||
proxyWebsockets = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
||||||
@@ -10,9 +10,8 @@
|
|||||||
enableACME = true;
|
enableACME = true;
|
||||||
kTLS = true;
|
kTLS = true;
|
||||||
locations = {
|
locations = {
|
||||||
# "= /".return = "302 https://webmail.pvv.ntnu.no/roundcube";
|
"= /".return = "302 https://webmail.pvv.ntnu.no/roundcube";
|
||||||
|
|
||||||
"/roundcube".return = "302 https://webmail.pvv.ntnu.no/";
|
|
||||||
"/afterlogic_lite".return = "302 https://webmail.pvv.ntnu.no/roundcube";
|
"/afterlogic_lite".return = "302 https://webmail.pvv.ntnu.no/roundcube";
|
||||||
"/squirrelmail".return = "302 https://webmail.pvv.ntnu.no/roundcube";
|
"/squirrelmail".return = "302 https://webmail.pvv.ntnu.no/roundcube";
|
||||||
"/rainloop".return = "302 https://snappymail.pvv.ntnu.no/";
|
"/rainloop".return = "302 https://snappymail.pvv.ntnu.no/";
|
||||||
|
|||||||
@@ -29,7 +29,7 @@ in
|
|||||||
|
|
||||||
dicts = with pkgs.aspellDicts; [ en en-computers nb nn fr de it ];
|
dicts = with pkgs.aspellDicts; [ en en-computers nb nn fr de it ];
|
||||||
maxAttachmentSize = 20;
|
maxAttachmentSize = 20;
|
||||||
hostName = domain;
|
hostName = "roundcubeplaceholder.example.com";
|
||||||
|
|
||||||
database = {
|
database = {
|
||||||
host = "postgres.pvv.ntnu.no";
|
host = "postgres.pvv.ntnu.no";
|
||||||
@@ -49,9 +49,44 @@ in
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO: move this back to `webmail.pvv.ntnu.no/roundcube` subpath
|
services.nginx.virtualHosts."roundcubeplaceholder.example.com" = lib.mkForce { };
|
||||||
|
|
||||||
services.nginx.virtualHosts.${domain} = {
|
services.nginx.virtualHosts.${domain} = {
|
||||||
kTLS = true;
|
kTLS = true;
|
||||||
|
locations."/roundcube" = {
|
||||||
|
tryFiles = "$uri $uri/ =404";
|
||||||
|
index = "index.php";
|
||||||
|
root = pkgs.linkFarm "roundcube-dir" {
|
||||||
|
roundcube = "${cfg.package}";
|
||||||
|
};
|
||||||
|
|
||||||
|
extraConfig = ''
|
||||||
|
location ~ ^/roundcube/(${builtins.concatStringsSep "|" [
|
||||||
|
# https://wiki.archlinux.org/title/Roundcube
|
||||||
|
"README"
|
||||||
|
"INSTALL"
|
||||||
|
"LICENSE"
|
||||||
|
"CHANGELOG"
|
||||||
|
"UPGRADING"
|
||||||
|
"bin"
|
||||||
|
"SQL"
|
||||||
|
".+\\.md"
|
||||||
|
"\\."
|
||||||
|
"config"
|
||||||
|
"temp"
|
||||||
|
"logs"
|
||||||
|
]})/? {
|
||||||
|
deny all;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ ^/roundcube/(.+\.php)(/?.*)$ {
|
||||||
|
fastcgi_split_path_info ^/roundcube(/.+\.php)(/.+)$;
|
||||||
|
include ${config.services.nginx.package}/conf/fastcgi_params;
|
||||||
|
include ${config.services.nginx.package}/conf/fastcgi.conf;
|
||||||
|
fastcgi_index index.php;
|
||||||
|
fastcgi_pass unix:${config.services.phpfpm.pools.roundcube.socket};
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -23,9 +23,6 @@ in
|
|||||||
bind-address = values.services.mysql.ipv4;
|
bind-address = values.services.mysql.ipv4;
|
||||||
skip-networking = 0;
|
skip-networking = 0;
|
||||||
|
|
||||||
# Useful for the mysqld prometheus exporter
|
|
||||||
userstat = 1;
|
|
||||||
|
|
||||||
# This was needed in order to be able to use all of the old users
|
# This was needed in order to be able to use all of the old users
|
||||||
# during migration from knakelibrak to bicep in Sep. 2023
|
# during migration from knakelibrak to bicep in Sep. 2023
|
||||||
secure_auth = 0;
|
secure_auth = 0;
|
||||||
@@ -74,16 +71,4 @@ in
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
services.logrotate = lib.mkIf (cfg.settings.mysqld.slow-query-log == 1) {
|
|
||||||
enable = true;
|
|
||||||
settings.mysql-slowlog = {
|
|
||||||
files = [ cfg.settings.mysqld.slow-query-log-file ];
|
|
||||||
frequency = "weekly";
|
|
||||||
rotate = 12;
|
|
||||||
create = "0660 mysql mysql";
|
|
||||||
minsize = "1M";
|
|
||||||
compress = true;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,12 +1,14 @@
|
|||||||
{ ... }:
|
{ ... }:
|
||||||
{
|
{
|
||||||
services.prometheus.scrapeConfigs = [{
|
services.prometheus = {
|
||||||
job_name = "exim";
|
scrapeConfigs = [
|
||||||
scrape_interval = "15s";
|
{
|
||||||
scheme = "http";
|
job_name = "exim";
|
||||||
|
scrape_interval = "15s";
|
||||||
static_configs = [{
|
static_configs = [{
|
||||||
targets = [ "microbel.pvv.ntnu.no:9636" ];
|
targets = [ "microbel.pvv.ntnu.no:9636" ];
|
||||||
}];
|
}];
|
||||||
}];
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -9,12 +9,6 @@
|
|||||||
|
|
||||||
sops.defaultSopsFile = fp /secrets/lupine/lupine.yaml;
|
sops.defaultSopsFile = fp /secrets/lupine/lupine.yaml;
|
||||||
|
|
||||||
boot.binfmt.emulatedSystems = [
|
|
||||||
"aarch64-linux"
|
|
||||||
"armv7l-linux"
|
|
||||||
"i686-linux"
|
|
||||||
];
|
|
||||||
|
|
||||||
systemd.network.networks."30-enp0s31f6" = values.defaultNetworkConfig // {
|
systemd.network.networks."30-enp0s31f6" = values.defaultNetworkConfig // {
|
||||||
matchConfig.Name = "enp0s31f6";
|
matchConfig.Name = "enp0s31f6";
|
||||||
address = with values.hosts.${lupineName}; [ (ipv4 + "/25") (ipv6 + "/64") ];
|
address = with values.hosts.${lupineName}; [ (ipv4 + "/25") (ipv6 + "/64") ];
|
||||||
|
|||||||
@@ -15,12 +15,13 @@ let
|
|||||||
, tracking-branch ? "REL1_45"
|
, tracking-branch ? "REL1_45"
|
||||||
, kebab-name ? kebab-case-name name
|
, kebab-name ? kebab-case-name name
|
||||||
, fetchgit ? pkgs.fetchgit
|
, fetchgit ? pkgs.fetchgit
|
||||||
|
, url ? "https://gerrit.wikimedia.org/r/mediawiki/extensions/${name}"
|
||||||
}:
|
}:
|
||||||
{
|
{
|
||||||
${name} = (fetchgit {
|
${name} = (fetchgit {
|
||||||
name = "mediawiki-${kebab-name}-source";
|
name = "mediawiki-${kebab-name}-source";
|
||||||
url = "https://gerrit.wikimedia.org/r/mediawiki/extensions/${name}";
|
|
||||||
rev = commit;
|
rev = commit;
|
||||||
|
inherit url;
|
||||||
inherit hash;
|
inherit hash;
|
||||||
}).overrideAttrs (_: {
|
}).overrideAttrs (_: {
|
||||||
passthru = { inherit name kebab-name tracking-branch; };
|
passthru = { inherit name kebab-name tracking-branch; };
|
||||||
@@ -97,4 +98,12 @@ lib.mergeAttrsList [
|
|||||||
commit = "f53000f0499858fe74e4f5008b2f5e467d9d9382";
|
commit = "f53000f0499858fe74e4f5008b2f5e467d9d9382";
|
||||||
hash = "sha256-+HTXZEVCwMD8z6c1kCZA3k686HzNd30pJljzRvf+gMg=";
|
hash = "sha256-+HTXZEVCwMD8z6c1kCZA3k686HzNd30pJljzRvf+gMg=";
|
||||||
})
|
})
|
||||||
|
|
||||||
|
(mw-ext {
|
||||||
|
name = "MediawikiMatrixNotifs";
|
||||||
|
commit = "52d2a46c03f51af7c16ed4d7b3b07b0cbbffb4df";
|
||||||
|
hash = "sha256-AADWunm2Rn2cfxeu9xyYBw5txnaIbJNdR3jxLqgzAy8=";
|
||||||
|
url = "https://git.pvv.ntnu.no/oysteikt/mediawiki-matrix-notifs.git";
|
||||||
|
tracking-branch = "master";
|
||||||
|
})
|
||||||
]
|
]
|
||||||
|
|||||||
Reference in New Issue
Block a user