kommode/gitea: hire cleaners

base/nixos-exporter: allow localhost to fetch
bicep/matrix/hookshot: enable widgets and js transformations
2026-01-13 19:08:25 +01:00 · 2025-10-30 17:11:43 +09:00 · 2025-10-13 06:41:28 +02:00 · 2025-10-13 06:02:33 +02:00 · 2025-10-13 05:42:06 +02:00
5 changed files with 79 additions and 11 deletions
--- a/base/flake-input-exporter.nix
+++ b/base/flake-input-exporter.nix
@@ -42,7 +42,9 @@ in
    ];
    extraConfig = ''
      allow ${values.hosts.ildkule.ipv4}/32;
-      allow ${values.hosts.ildkule.ipv6}/32;
+      allow ${values.hosts.ildkule.ipv6}/128;
      allow 127.0.0.1/32;
      allow ::1/128;
      allow 129.241.210.128/25;
      allow 2001:700:300:1900::/64;
      deny all;
--- a/flake.lock
+++ b/flake.lock
@@ -159,11 +159,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1760181981,
+        "lastModified": 1760254360,
-        "narHash": "sha256-xDZe6SFMbTcnDIdcYixiDgAEuk95qamQqSQN2AHwH3A=",
+        "narHash": "sha256-Npp92Joy2bRyickrrVP9+85z31aGS8kVNiLlKvd5pC4=",
-        "rev": "848c3a9fbba628987c98256fa34c6e2927ee1bde",
+        "rev": "bafe987a29b8bea2edbb3aba76b51464b3d222f0",
        "type": "tarball",
-        "url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.811127.848c3a9fbba6/nixexprs.tar.xz"
+        "url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.811161.bafe987a29b8/nixexprs.tar.xz"
      },
      "original": {
        "type": "tarball",
@@ -172,11 +172,11 @@
    },
    "nixpkgs-unstable": {
      "locked": {
-        "lastModified": 1760170014,
+        "lastModified": 1760252326,
-        "narHash": "sha256-oP2fv8Vl0sYauPVmIFwMnNl0Nw8+ZJ2Cm1vaeS9t1to=",
+        "narHash": "sha256-5v32B25kSE++E+KtP4DO687r/AlWL9qOlOjtYyfcDSw=",
-        "rev": "e18d8ec6fafaed55561b7a1b54eb1c1ce3ffa2c5",
+        "rev": "66e5020bfe0af40ffa127426f8405edbdadbb40b",
        "type": "tarball",
-        "url": "https://releases.nixos.org/nixos/unstable-small/nixos-25.11pre875961.e18d8ec6fafa/nixexprs.tar.xz"
+        "url": "https://releases.nixos.org/nixos/unstable-small/nixos-25.11pre876242.66e5020bfe0a/nixexprs.tar.xz"
      },
      "original": {
        "type": "tarball",
--- a/hosts/bicep/services/matrix/hookshot/default.nix
+++ b/hosts/bicep/services/matrix/hookshot/default.nix
@@ -77,14 +77,14 @@ in
        outbound = true;
        urlPrefix = "https://hookshot.pvv.ntnu.no/webhook/";
        userIdPrefix = "_webhooks_";
-        allowJsTransformationFunctions = false;
+        allowJsTransformationFunctions = true;
        waitForComplete = false;
      };
      feeds = {
        enabled = true;
        pollIntervalSeconds = 600;
      };
-      
+
      serviceBots = [
        { localpart = "bot_feeds";
          displayname = "Aya";
@@ -94,6 +94,11 @@ in
        }
      ];
      widgets = {
        roomSetupWidget.addOnInvite = false;
        publicUrl = "https://hookshot.pvv.ntnu.no/widgetapi/v1/static";
      };
      permissions = [
        # Users of the PVV Server
        { actor = "pvv.ntnu.no";
@@ -128,6 +133,7 @@ in
  services.nginx.virtualHosts."hookshot.pvv.ntnu.no" = {
    enableACME = true;
    addSSL = true;
    locations."/" = {
      proxyPass = "http://${webhookListenAddress}:${toString webhookListenPort}";
    };
--- a/hosts/kommode/services/gitea/default.nix
+++ b/hosts/kommode/services/gitea/default.nix
@@ -8,6 +8,7 @@ in {
    ./customization
    ./gpg.nix
    ./import-users
    ./vaskepersonalet.nix
    ./web-secret-provider
  ];
--- a/hosts/kommode/services/gitea/vaskepersonalet.nix
+++ b/hosts/kommode/services/gitea/vaskepersonalet.nix
@@ -0,0 +1,59 @@
 { config, ... }:
 let
  cfg = config.services.gitea;
  cacheDir = "/var/cache/${config.systemd.services.gitea.serviceConfig.CacheDirectory}";
 in
 {
  systemd.services."gitea-vaskepersonalet" = {
    description = "yeeet";
    startAt = "hourly";
    serviceConfig = rec {
      User = cfg.user;
      Group = cfg.group;
      RuntimeDirectory = "gitea-vaskepersonalet";
      RootDirectory = "/run/${RuntimeDirectory}";
      BindPaths = [
        builtins.storeDir
        cacheDir
        cfg.dump.backupDir
      ];
    };
    script = let
      percentageLimit = 80;
    in ''
      USED=$(df --output=pcent '${cacheDir}' | grep '[0-9]' | tr -d '%')
      if [[ $USED -lt ${toString percentageLimit} ]]; then exit 0; fi
      echo "omg omg, we're running out of space, imma yeet the cache"
      rm -rf '${cacheDir}'/*
      echo "yeetus deletus"
      USED=$(df --output=pcent '${cacheDir}' | grep '[0-9]' | tr -d '%')
      if [[ $USED -lt ${toString percentageLimit} ]]; then exit 0; fi
      echo ""
      echo "bruh, still low on space, yeeting old backups"
      echo ""
      # tail -n+2 ensure we keep at least one backup.
      for file in $(ls -t1 '${cfg.dump.backupDir}' | sort --reverse | tail -n+2); do
        echo "> Chose $file"
        echo "> Do you really want to release this pokemon? [Y/n] Y"
        rm "$file"
        echo "> ..."
        echo "> The pokemon was released back into the wild"
        echo ""
        USED=$(df --output=pcent '${cacheDir}' | grep '[0-9]' | tr -d '%')
        if [[ $USED -lt ${toString percentageLimit} ]]; then exit 0; fi
      done
      echo "No way, we're still out of space? Not my problem anymore"
    '';
  };
 }
Author	SHA1	Message	Date
h7x4	bd5cb05ecf	kommode/gitea: hire cleaners	2025-10-30 17:11:43 +09:00
Daniel Olsen	3faad36418	base/nixos-exporter: allow localhost to fetch	2025-10-13 06:41:28 +02:00
Daniel Olsen	0b74907f76	bicep/matrix/hookshot: enable widgets and js transformations	2025-10-13 06:02:33 +02:00
Daniel Olsen	bacfdeff23	bicep/matrix/hookshot: try fix up widgets and SSL	2025-10-13 05:42:06 +02:00