felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2026-02-20 08:57:53 +01:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: felixalb:c3ce6a40ea6c21cd26e76b8201d2a6042dd8bcdb
Branches Tags
felixalb:main felixalb:errorpages felixalb:PVVtheme2026 felixalb:dagali-heimdal-openldap-sasl-stack felixalb:skrot-new-thing felixalb:shellcheck felixalb:loginpage felixalb:temmie-userweb felixalb:gitea-robots-txt felixalb:kommode-disko felixalb:skrott-cross-compile felixalb:nettsiden-postgresql felixalb:gitea-vaskepersonalet felixalb:create-flake-input-exporter felixalb:gitea-runners-secrets felixalb:nom felixalb:add-skrott felixalb:pvvvvv felixalb:gitea-show-license-in-list-view felixalb:backup-databases felixalb:openwebui felixalb:setup-openvpn-tunnel felixalb:gitea-gpg-signing felixalb:sleipner-authorised-keys felixalb:openstack-image-builder felixalb:elysium felixalb:smartd-notifs felixalb:systemd-journald-remote felixalb:skrot felixalb:deploy-doorbell felixalb:misc-gitea-fixes felixalb:spotifyd felixalb:remote felixalb:setup-bikkje-login felixalb:ozai-prod felixalb:add-bluemap felixalb:ozai felixalb:setup-postfix-for-service-machines felixalb:fix-gitea-ci-runner-network-issues felixalb:heimdal-openldap-sasl-testing-on-salsa-on-buskerud felixalb:gitea-metrics felixalb:misc1 felixalb:add-simple-saml-theme felixalb:misc-extra-gitea-setup felixalb:setup-kerberos felixalb:setup-home-areas felixalb:shark-kanidm felixalb:prometheusexim
..
compare: felixalb:3ba1ea2e4f14fc37122f5b5fa4880df9792ffd4c
Branches Tags
felixalb:errorpages felixalb:PVVtheme2026 felixalb:dagali-heimdal-openldap-sasl-stack felixalb:main felixalb:skrot-new-thing felixalb:shellcheck felixalb:loginpage felixalb:temmie-userweb felixalb:gitea-robots-txt felixalb:kommode-disko felixalb:skrott-cross-compile felixalb:nettsiden-postgresql felixalb:gitea-vaskepersonalet felixalb:create-flake-input-exporter felixalb:gitea-runners-secrets felixalb:nom felixalb:add-skrott felixalb:pvvvvv felixalb:gitea-show-license-in-list-view felixalb:backup-databases felixalb:openwebui felixalb:setup-openvpn-tunnel felixalb:gitea-gpg-signing felixalb:sleipner-authorised-keys felixalb:openstack-image-builder felixalb:elysium felixalb:smartd-notifs felixalb:systemd-journald-remote felixalb:skrot felixalb:deploy-doorbell felixalb:misc-gitea-fixes felixalb:spotifyd felixalb:remote felixalb:setup-bikkje-login felixalb:ozai-prod felixalb:add-bluemap felixalb:ozai felixalb:setup-postfix-for-service-machines felixalb:fix-gitea-ci-runner-network-issues felixalb:heimdal-openldap-sasl-testing-on-salsa-on-buskerud felixalb:gitea-metrics felixalb:misc1 felixalb:add-simple-saml-theme felixalb:misc-extra-gitea-setup felixalb:setup-kerberos felixalb:setup-home-areas felixalb:shark-kanidm felixalb:prometheusexim

2 Commits
c3ce6a40ea ... 3ba1ea2e4f

Author SHA1 Message Date
h7x4
3ba1ea2e4f flake.lock: bump 2026-01-31 13:44:39 +09:00
h7x4
91de031896 treewide: limit rsync pull target access to principal 2026-01-31 11:14:18 +09:00
9 changed files with 27 additions and 16 deletions
Expand all files Collapse all files

24
flake.lock generated
View File

@@ -233,11 +233,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1769484787, "lastModified": 1769724120,
"narHash": "sha256-ufhG9uSA8cCEk/97D/7xQEKcO/ftr4IPRH+HQFaKNdE=", "narHash": "sha256-oQBM04hQk1kotfv4qmIG1tHmuwODd1+hqRJE5TELeCE=",
"rev": "999ca0e5484922624254294ea1adc2b90081579e", "rev": "8ec59ed5093c2a742d7744e9ecf58f358aa4a87d",
"type": "tarball", "type": "tarball",
"url": "https://releases.nixos.org/nixos/25.11-small/nixos-25.11.4804.999ca0e54849/nixexprs.tar.xz" "url": "https://releases.nixos.org/nixos/25.11-small/nixos-25.11.4961.8ec59ed5093c/nixexprs.tar.xz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
@@ -261,11 +261,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1769434638, "lastModified": 1769813739,
"narHash": "sha256-u19M4QdjvjEySkGhP4fUNyY6rqAbPCdQf/AFw04CkQU=", "narHash": "sha256-RmNWW1DQczvDwBHu11P0hGwJZxbngdoymVu7qkwq/2M=",
"rev": "9c2822d7024c032e66000a8b8a47e91b4e63ffc8", "rev": "16a3cae5c2487b1afa240e5f2c1811f172419558",
"type": "tarball", "type": "tarball",
"url": "https://releases.nixos.org/nixos/unstable-small/nixos-26.05pre935000.9c2822d7024c/nixexprs.tar.xz" "url": "https://releases.nixos.org/nixos/unstable-small/nixos-26.05pre937548.16a3cae5c248/nixexprs.tar.xz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
@@ -364,11 +364,11 @@
"rust-overlay": "rust-overlay_3" "rust-overlay": "rust-overlay_3"
}, },
"locked": { "locked": {
"lastModified": 1769325266, "lastModified": 1769834595,
"narHash": "sha256-q2G2NG7I1tvfFK4GDnn3vt1CCg0GN4ncdo0NSY+Q2Nc=", "narHash": "sha256-P1jrO7BxHyIKDuOXHuUb7bi4H2TuYnACW5eqf1gG47g=",
"ref": "main", "ref": "main",
"rev": "23b163e828901cb981eec6f3262e922f437f850b", "rev": "def4eec2d59a69b4638b3f25d6d713b703b2fa56",
"revCount": 45, "revCount": 49,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Projects/roowho2.git" "url": "https://git.pvv.ntnu.no/Projects/roowho2.git"
}, },

1
hosts/bekkalokk/services/mediawiki/default.nix
View File

@@ -56,6 +56,7 @@ in {
rrsyncArgs.ro = true; rrsyncArgs.ro = true;
authorizedKeysAttrs = [ authorizedKeysAttrs = [
"restrict" "restrict"
"from=\"principal.pvv.ntnu.no,${values.hosts.principal.ipv6},${values.hosts.principal.ipv4}\""
"no-agent-forwarding" "no-agent-forwarding"
"no-port-forwarding" "no-port-forwarding"
"no-pty" "no-pty"

3
hosts/bekkalokk/services/vaultwarden.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, values, ... }:
let let
cfg = config.services.vaultwarden; cfg = config.services.vaultwarden;
domain = "pw.pvv.ntnu.no"; domain = "pw.pvv.ntnu.no";
@@ -107,6 +107,7 @@ in {
rrsyncArgs.ro = true; rrsyncArgs.ro = true;
authorizedKeysAttrs = [ authorizedKeysAttrs = [
"restrict" "restrict"
"from=\"principal.pvv.ntnu.no,${values.hosts.principal.ipv6},${values.hosts.principal.ipv4}\""
"no-agent-forwarding" "no-agent-forwarding"
"no-port-forwarding" "no-port-forwarding"
"no-pty" "no-pty"

3
hosts/bekkalokk/services/webmail/snappymail.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, fp, pkgs, ... }: { config, lib, fp, pkgs, values, ... }:
let let
cfg = config.services.snappymail; cfg = config.services.snappymail;
in { in {
@@ -22,6 +22,7 @@ in {
rrsyncArgs.ro = true; rrsyncArgs.ro = true;
authorizedKeysAttrs = [ authorizedKeysAttrs = [
"restrict" "restrict"
"from=\"principal.pvv.ntnu.no,${values.hosts.principal.ipv6},${values.hosts.principal.ipv4}\""
"no-agent-forwarding" "no-agent-forwarding"
"no-port-forwarding" "no-port-forwarding"
"no-pty" "no-pty"

1
hosts/bicep/services/matrix/synapse.nix
View File

@@ -34,6 +34,7 @@ in {
rrsyncArgs.ro = true; rrsyncArgs.ro = true;
authorizedKeysAttrs = [ authorizedKeysAttrs = [
"restrict" "restrict"
"from=\"principal.pvv.ntnu.no,${values.hosts.principal.ipv6},${values.hosts.principal.ipv4}\""
"no-agent-forwarding" "no-agent-forwarding"
"no-port-forwarding" "no-port-forwarding"
"no-pty" "no-pty"

3
hosts/bicep/services/mysql/backup.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, values, ... }:
let let
cfg = config.services.mysql; cfg = config.services.mysql;
backupDir = "/data/mysql-backups"; backupDir = "/data/mysql-backups";
@@ -22,6 +22,7 @@ in
rrsyncArgs.ro = true; rrsyncArgs.ro = true;
authorizedKeysAttrs = [ authorizedKeysAttrs = [
"restrict" "restrict"
"from=\"principal.pvv.ntnu.no,${values.hosts.principal.ipv6},${values.hosts.principal.ipv4}\""
"no-agent-forwarding" "no-agent-forwarding"
"no-port-forwarding" "no-port-forwarding"
"no-pty" "no-pty"

3
hosts/bicep/services/postgresql/backup.nix
View File

@@ -1,4 +1,4 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, values, ... }:
let let
cfg = config.services.postgresql; cfg = config.services.postgresql;
backupDir = "/data/postgresql-backups"; backupDir = "/data/postgresql-backups";
@@ -23,6 +23,7 @@ in
rrsyncArgs.ro = true; rrsyncArgs.ro = true;
authorizedKeysAttrs = [ authorizedKeysAttrs = [
"restrict" "restrict"
"from=\"principal.pvv.ntnu.no,${values.hosts.principal.ipv6},${values.hosts.principal.ipv4}\""
"no-agent-forwarding" "no-agent-forwarding"
"no-port-forwarding" "no-port-forwarding"
"no-pty" "no-pty"

1
hosts/kommode/services/gitea/default.nix
View File

@@ -202,6 +202,7 @@ in {
rrsyncArgs.ro = true; rrsyncArgs.ro = true;
authorizedKeysAttrs = [ authorizedKeysAttrs = [
"restrict" "restrict"
"from=\"principal.pvv.ntnu.no,${values.hosts.principal.ipv6},${values.hosts.principal.ipv4}\""
"no-agent-forwarding" "no-agent-forwarding"
"no-port-forwarding" "no-port-forwarding"
"no-pty" "no-pty"

4
values.nix
View File

@@ -73,6 +73,10 @@ in rec {
ipv4 = pvv-ipv4 179; ipv4 = pvv-ipv4 179;
ipv6 = pvv-ipv6 "1:2"; ipv6 = pvv-ipv6 "1:2";
}; };
principal = {
ipv4 = pvv-ipv4 233;
ipv6 = pvv-ipv6 "4:233";
};
ustetind = { ustetind = {
ipv4 = pvv-ipv4 234; ipv4 = pvv-ipv4 234;
ipv6 = pvv-ipv6 234; ipv6 = pvv-ipv6 234;