docs/development: fix warning blocks

base/default.nix

@@ -16,7 +16,6 @@
     ./flake-input-exporter.nix
 
     ./services/acme.nix
-    ./services/uptimed.nix
     ./services/auto-upgrade.nix
     ./services/dbus.nix
     ./services/fwupd.nix
@@ -28,8 +27,10 @@
     ./services/prometheus-node-exporter.nix
     ./services/prometheus-systemd-exporter.nix
     ./services/promtail.nix
+    ./services/roowho2.nix
     ./services/smartd.nix
     ./services/thermald.nix
+    ./services/uptimed.nix
     ./services/userborn.nix
     ./services/userdbd.nix
   ];

base/services/roowho2.nix

@@ -0,0 +1,12 @@
+{ lib, values, ... }:
+{
+  services.roowho2.enable = lib.mkDefault true;
+
+  systemd.sockets.roowho2-rwhod.socketConfig = {
+    IPAddressDeny = "any";
+    IPAddressAllow = [
+      "127.0.0.1"
+      values.ipv4-space
+    ];
+  };
+}

docs/development.md

@@ -7,7 +7,7 @@ the links from the *Upstream documentation* section below, or in [Miscellaneous
 
 ## Editing nix files
 
-> [!WARN]
+> [!WARNING]
 > Before editing any nix files, make sure to read [Secret management and `sops-nix`](./secret-management.md)!
 > We do not want to add any secrets in plaintext to the nix files, and certainly not commit and publish
 > them into the common public.
@@ -158,7 +158,7 @@ nix build .#
 
 ### Deploying to machines
 
-> [!WARN]
+> [!WARNING]
 > Be careful to think about state when testing changes against the machines. Sometimes, a certain change
 > can lead to irreversible changes to the data stored on the machine. An example would be a set of database
 > migrations applied when testing a newer version of a service. Unless that service also comes with downwards

flake.lock

@@ -21,6 +21,28 @@
         "type": "github"
       }
     },
+    "dibbler": {
+      "inputs": {
+        "flake-utils": "flake-utils",
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1767688395,
+        "narHash": "sha256-vvAr3XPLmpG8cP1F0csbxfVNipiWD5Jhtg2lE42H+AQ=",
+        "ref": "main",
+        "rev": "1733843b772dc0055f0182155c9a105bccd7a858",
+        "revCount": 216,
+        "type": "git",
+        "url": "https://git.pvv.ntnu.no/Projects/dibbler.git"
+      },
+      "original": {
+        "ref": "main",
+        "type": "git",
+        "url": "https://git.pvv.ntnu.no/Projects/dibbler.git"
+      }
+    },
     "disko": {
       "inputs": {
         "nixpkgs": [
@@ -62,6 +84,23 @@
       "inputs": {
         "systems": "systems"
       },
+      "locked": {
+        "lastModified": 1731533236,
+        "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
+        "type": "github"
+      },
+      "original": {
+        "id": "flake-utils",
+        "type": "indirect"
+      }
+    },
+    "flake-utils_2": {
+      "inputs": {
+        "systems": "systems_2"
+      },
       "locked": {
         "lastModified": 1726560853,
         "narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
@@ -250,7 +289,7 @@
     "nix-topology": {
       "inputs": {
         "devshell": "devshell",
-        "flake-utils": "flake-utils",
+        "flake-utils": "flake-utils_2",
         "nixpkgs": [
           "nixpkgs"
         ],
@@ -368,6 +407,7 @@
     },
     "root": {
       "inputs": {
+        "dibbler": "dibbler",
         "disko": "disko",
         "gergle": "gergle",
         "greg-ng": "greg-ng",
@@ -381,9 +421,32 @@
         "nixpkgs-unstable": "nixpkgs-unstable",
         "pvv-calendar-bot": "pvv-calendar-bot",
         "pvv-nettsiden": "pvv-nettsiden",
+        "roowho2": "roowho2",
         "sops-nix": "sops-nix"
       }
     },
+    "roowho2": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "rust-overlay": "rust-overlay_3"
+      },
+      "locked": {
+        "lastModified": 1767669800,
+        "narHash": "sha256-b1r1VSDBTRuxYHZVV4his8KhafAqNcWlAZBLOX1UORg=",
+        "ref": "main",
+        "rev": "369d37513c85855751f406191fbd493a2461f072",
+        "revCount": 33,
+        "type": "git",
+        "url": "https://git.pvv.ntnu.no/Projects/roowho2.git"
+      },
+      "original": {
+        "ref": "main",
+        "type": "git",
+        "url": "https://git.pvv.ntnu.no/Projects/roowho2.git"
+      }
+    },
     "rust-overlay": {
       "inputs": {
         "nixpkgs": [
@@ -426,6 +489,27 @@
         "type": "github"
       }
     },
+    "rust-overlay_3": {
+      "inputs": {
+        "nixpkgs": [
+          "roowho2",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1767322002,
+        "narHash": "sha256-yHKXXw2OWfIFsyTjduB4EyFwR0SYYF0hK8xI9z4NIn0=",
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "rev": "03c6e38661c02a27ca006a284813afdc461e9f7e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "oxalica",
+        "repo": "rust-overlay",
+        "type": "github"
+      }
+    },
     "sops-nix": {
       "inputs": {
         "nixpkgs": [
@@ -461,6 +545,21 @@
         "repo": "default",
         "type": "github"
       }
+    },
+    "systems_2": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
     }
   },
   "root": "root",

flake.nix

@@ -20,6 +20,9 @@
     pvv-calendar-bot.url = "git+https://git.pvv.ntnu.no/Projects/calendar-bot.git?ref=main";
     pvv-calendar-bot.inputs.nixpkgs.follows = "nixpkgs";
 
+    dibbler.url = "git+https://git.pvv.ntnu.no/Projects/dibbler.git?ref=main";
+    dibbler.inputs.nixpkgs.follows = "nixpkgs";
+
     matrix-next.url = "github:dali99/nixos-matrix-modules/v0.8.0";
     matrix-next.inputs.nixpkgs.follows = "nixpkgs";
 
@@ -29,6 +32,9 @@
     minecraft-heatmap.url = "git+https://git.pvv.ntnu.no/Projects/minecraft-heatmap.git?ref=main";
     minecraft-heatmap.inputs.nixpkgs.follows = "nixpkgs";
 
+    roowho2.url = "git+https://git.pvv.ntnu.no/Projects/roowho2.git?ref=main";
+    roowho2.inputs.nixpkgs.follows = "nixpkgs";
+
     greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git?ref=main";
     greg-ng.inputs.nixpkgs.follows = "nixpkgs";
     gergle.url = "git+https://git.pvv.ntnu.no/Grzegorz/gergle.git?ref=main";
@@ -77,23 +83,30 @@
         nixpkgs:
         name:
         configurationPath:
-        extraArgs:
+        extraArgs@{
+          system ? "x86_64-linux",
+          specialArgs ? { },
+          modules ? [ ],
+          overlays ? [ ],
+          enableDefaults ? true,
+          ...
+        }:
         lib.nixosSystem (lib.recursiveUpdate
-        (let
+        {
-          system = "x86_64-linux";
-        in {
           inherit system;
 
           specialArgs = {
             inherit unstablePkgs inputs;
             values = import ./values.nix;
             fp = path: ./${path};
-          } // extraArgs.specialArgs or { };
+          } // specialArgs;
 
           modules = [
             configurationPath
+          ] ++ (lib.optionals enableDefaults [
             sops-nix.nixosModules.sops
-          ] ++ extraArgs.modules or [];
+            inputs.roowho2.nixosModules.default
+          ]) ++ modules;
 
           pkgs = import nixpkgs {
             inherit system;
@@ -102,15 +115,18 @@
                 "nvidia-x11"
                 "nvidia-settings"
               ];
-            overlays = [
+            overlays = (lib.optionals enableDefaults [
               # Global overlays go here
-            ] ++ extraArgs.overlays or [ ];
+              inputs.roowho2.overlays.default
+            ]) ++ overlays;
           };
-        })
+        }
         (builtins.removeAttrs extraArgs [
+          "system"
           "modules"
           "overlays"
           "specialArgs"
+          "enableDefaults"
         ])
       );
 
@@ -195,6 +211,16 @@
           inputs.gergle.overlays.default
         ];
       };
+      skrott = stableNixosConfig "skrott" {
+        system = "aarch64-linux";
+        modules = [
+          (nixpkgs + "/nixos/modules/installer/sd-card/sd-image-aarch64.nix")
+          inputs.dibbler.nixosModules.default
+        ];
+        overlays = [
+          inputs.dibbler.overlays.default
+        ];
+      };
     }
     //
     (let
@@ -256,12 +282,22 @@
       lib.genAttrs allMachines
         (machine: self.nixosConfigurations.${machine}.config.system.build.toplevel)
       //
+      # Skrott is exception
+      {
+        skrott = self.nixosConfigurations.skrott.config.system.build.sdImage;
+      }
+      //
       # Nix-topology
       (let
         topology' = import inputs.nix-topology {
           pkgs = import nixpkgs {
             system = "x86_64-linux";
-            overlays = [ inputs.nix-topology.overlays.default ];
+            overlays = [
+              inputs.nix-topology.overlays.default
+              (final: prev: {
+                inherit (nixpkgs-unstable.legacyPackages.x86_64-linux) super-tiny-icons;
+              })
+            ];
           };
 
           specialArgs = {
@@ -275,6 +311,9 @@
                 modules = [
                   inputs.nix-topology.nixosModules.default
                   ./topology/service-extractors/greg-ng.nix
+                  ./topology/service-extractors/postgresql.nix
+                  ./topology/service-extractors/mysql.nix
+                  ./topology/service-extractors/gitea-runners.nix
                 ];
               }) self.nixosConfigurations;
             }

hosts/bekkalokk/configuration.nix

@@ -5,6 +5,7 @@
 
     (fp /base)
 
+    ./services/alps.nix
     ./services/bluemap.nix
     ./services/idp-simplesamlphp
     ./services/kerberos.nix

hosts/bekkalokk/services/alps.nix

@@ -0,0 +1,22 @@
+{ config, lib, ... }:
+let
+  cfg = config.services.alps;
+in
+{
+  services.alps = {
+    enable = true;
+    theme = "sourcehut";
+    smtps.host = "smtp.pvv.ntnu.no";
+    imaps.host = "imap.pvv.ntnu.no";
+    bindIP = "127.0.0.1";
+  };
+
+  services.nginx.virtualHosts."alps.pvv.ntnu.no" = lib.mkIf cfg.enable {
+    enableACME = true;
+    forceSSL = true;
+    kTLS = true;
+    locations."/" = {
+      proxyPass = "http://${cfg.bindIP}:${toString cfg.port}";
+    };
+  };
+}

hosts/skrott/configuration.nix

@@ -0,0 +1,60 @@
+{ lib, fp, ... }: {
+  imports = [
+    # ./hardware-configuration.nix
+
+    (fp /base)
+  ];
+
+  boot = {
+    consoleLogLevel = 0;
+    enableContainers = false;
+    loader.grub.enable = false;
+  };
+
+  # Now turn off a bunch of stuff lol
+  system.autoUpgrade.enable = lib.mkForce false;
+  services.irqbalance.enable = lib.mkForce false;
+  services.logrotate.enable = lib.mkForce false;
+  services.nginx.enable = lib.mkForce false;
+  services.postfix.enable = lib.mkForce false;
+
+  # TODO: can we reduce further?
+
+  system.stateVersion = "25.05";
+
+  # sops.defaultSopsFile = fp /secrets/skrott/skrott.yaml;
+  # sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  # sops.age.keyFile = "/var/lib/sops-nix/key.txt";
+  # sops.age.generateKey = true;
+
+  # zramSwap.enable = true;
+
+  networking = {
+    hostName = "skrot";
+    interfaces.eth0 = {
+      useDHCP = false;
+      ipv4.addresses = [{
+        address = "129.241.210.235";
+        prefixLength = 25;
+      }];
+    };
+  };
+
+  services.dibbler = {
+    enable = true;
+    kioskMode = true;
+    limitScreenWidth = 80;
+    limitScreenHeight = 42;
+  };
+
+  # https://github.com/NixOS/nixpkgs/issues/84105
+  boot.kernelParams = [
+    "console=ttyUSB0,9600"
+    # "console=tty1" # Already part of the module
+  ];
+  systemd.services."serial-getty@ttyUSB0" = {
+    enable = true;
+    wantedBy = [ "getty.target" ]; # to start at boot
+    serviceConfig.Restart = "always"; # restart when session is closed
+  };
+}

topology/default.nix

@@ -103,11 +103,26 @@ in {
     );
   };
 
+  nodes.bekkalokk.hardware.info = "Supermicro X9SCL/X9SCM";
+
+  nodes.lupine-1.hardware.info = "Dell OptiPlex 7040";
+  # nodes.lupine-2.hardware.info = "Dell OptiPlex 5050";
+  nodes.lupine-3.hardware.info = "Dell OptiPlex 5050";
+  nodes.lupine-4.hardware.info = "Dell OptiPlex 5050";
+  # nodes.lupine-5.hardware.info = "Dell OptiPlex 5050";
+
   nodes.buskerud = mkDevice "buskerud" {
     deviceIcon = ./icons/proxmox.svg;
     interfaceGroups = [ [ "eth1" ] ];
 
     interfaces.eth1.network = "pvv";
+
+    services = {
+      proxmox = {
+        name = "Proxmox web interface";
+        info = "https://buskerud.pvv.ntnu.no:8006/";
+      };
+    };
   };
 
   nodes.shark = {
@@ -125,6 +140,15 @@ in {
     hardware.info = "Dell PowerEdge R730 x 3";
 
     interfaceGroups = [ [ "eth1" ] ];
+
+    services = {
+      proxmox = {
+        name = "Proxmox web interface";
+        details.bubbles.text = "https://bubbles.pvv.ntnu.no:8006/";
+        details.blossom.text = "https://blossom.pvv.ntnu.no:8006/";
+        details.buttercup.text = "https://buttercup.pvv.ntnu.no:8006/";
+      };
+    };
   };
 
   nodes.kommode = {

topology/non-nixos-machines.nix

@@ -120,6 +120,30 @@ in {
         values.hosts.gateway6
       ];
     };
+
+    services = {
+      dovecot = {
+        name = "Dovecot";
+        info = "imap.pvv.ntnu.no pop.pvv.ntnu.no";
+        icon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/dovecot.svg";
+        details.imap.text = "0.0.0.0:993";
+        details.pop3.text = "0.0.0.0:995";
+      };
+
+      exim4 = {
+        name = "Exim4";
+        info = "mail.pvv.ntnu.no mailhost.pvv.ntnu.no";
+        details.smtp.text = "0.0.0.0:25";
+        details.smtps.text = "0.0.0.0:465";
+        details.starttls.text = "0.0.0.0:587";
+      };
+
+      nfs = {
+        name = "NFS";
+        info = "homepvv.pvv.ntnu.no";
+        details.rpcbind.text = "0.0.0.0:111";
+      };
+    };
   };
 
   nodes.innovation = mkDevice "innovation" {
@@ -145,6 +169,7 @@ in {
         icon = "services.minecraft";
         info = "minecraft.pvv.ntnu.no";
         details.listen.text = "0.0.0.0:25565";
+        details.directory.text = "/srv/minecraft-pvv";
       };
     };
   };
@@ -220,11 +245,26 @@ in {
         values.hosts.gateway6
       ];
     };
+
+    services = {
+      mapcrafter = {
+        name = "Mapcrafter Minecraft Map";
+        info = "http://isvegg.pvv.ntnu.no/kart/";
+        details.directory.text = "/scratch/mckart/kart";
+      };
+      gophernicus = {
+        name = "Gophernicus";
+        info = "gopher://gopher.pvv.ntnu.no/";
+        details.directory.text = "/var/gopher";
+      };
+    };
   };
 
   nodes.ameno = mkDevice "ameno" {
     deviceIcon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/ubuntu.svg";
 
+    hardware.info = "Raspberry Pi 2B 1.1";
+
     interfaceGroups = [ [ "eth0" ] ];
     interfaces.eth0 = {
       mac = "b8:27:eb:62:1d:d8";

topology/service-extractors/gitea-runners.nix

@@ -0,0 +1,13 @@
+{ config, unstablePkgs, lib, ... }:
+let
+  cfg = config.services.gitea-actions-runner;
+in
+{
+  config.topology.self.services = lib.mapAttrs' (name: instance: {
+    name = "gitea-runner-${name}";
+    value = {
+      name = "Gitea runner ${name}";
+      icon = "services.gitea";
+    };
+  }) (lib.filterAttrs (_: instance: instance.enable) cfg.instances);
+}

topology/service-extractors/mysql.nix

@@ -0,0 +1,19 @@
+{ config, unstablePkgs, lib, ... }:
+let
+  cfg = config.services.mysql;
+  cfgBak = config.services.mysqlBackup;
+in
+{
+  config.topology.self.services.mysql = lib.mkIf cfg.enable {
+    name = "MySQL";
+    icon = "${unstablePkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/mysql.svg";
+
+    details.listen.text = "${cfg.settings.mysqld.bind-address or "127.0.0.1"}:${toString (cfg.settings.mysqld.port or 3306)}";
+    details.socket.text = cfg.settings.mysqld.socket or "/run/mysqld/mysqld.sock";
+    details.type.text = cfg.package.pname;
+    details.dataDir.text = cfg.dataDir;
+
+    # details.backup-time = lib.mkIf cfgBak.enable cfgBak.calendar;
+    # details.backup-location = lib.mkIf cfgBak.enable cfgBak.location;
+  };
+}

topology/service-extractors/postgresql.nix

@@ -0,0 +1,19 @@
+{ config, unstablePkgs, lib, ... }:
+let
+  cfg = config.services.postgresql;
+  cfgBak = config.services.postgresqlBackup;
+in
+{
+  config.topology.self.services.postgresql = lib.mkIf cfg.enable {
+    name = "PostgreSQL";
+    icon = "${unstablePkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/postgresql.svg";
+
+    details.listen.text = lib.mkIf cfg.enableTCPIP "0.0.0.0:${toString cfg.settings.port}";
+    details.socket.text = "/run/postgresql/.s.PGSQL.${toString cfg.settings.port}";
+    details.version.text = cfg.package.version;
+    details.dataDir.text = cfg.dataDir;
+
+    # details.backup-time = lib.mkIf cfgBak.enable cfgBak.startAt;
+    # details.backup-location = lib.mkIf cfgBak.enable cfgBak.location;
+  };
+}