Compare commits
11 Commits
d74fd94f06
...
5c77dfbf4d
Author | SHA1 | Date |
---|---|---|
Daniel Olsen | 5c77dfbf4d | |
Daniel Olsen | f7e2c74f89 | |
Felix Albrigtsen | 161265d346 | |
h7x4 | f85d18769f | |
h7x4 | b47a626427 | |
h7x4 | 4d65b9fd1d | |
h7x4 | f3e094520e | |
h7x4 | 69f98933a4 | |
h7x4 | bf2959c68d | |
h7x4 | 17f0268d12 | |
h7x4 | ebce0eb67a |
|
@ -26,10 +26,14 @@ Det er sikkert lurt å lage en PR først om du ikke er vandt til nix enda.
|
||||||
Innen 24h skal alle systemene hente ned den nye konfigurasjonen og deploye den.
|
Innen 24h skal alle systemene hente ned den nye konfigurasjonen og deploye den.
|
||||||
|
|
||||||
Du kan tvinge en maskin til å oppdatere seg før dette ved å kjøre:
|
Du kan tvinge en maskin til å oppdatere seg før dette ved å kjøre:
|
||||||
`nixos-rebuild switch --update-input nixpkgs --update-input nixpkgs-unstable --no-write-lock-file --refresh --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git --upgrade`
|
`nixos-rebuild switch --update-input nixpkgs --update-input nixpkgs-unstable --no-write-lock-file --refresh --upgrade --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git`
|
||||||
|
|
||||||
som root på maskinen.
|
som root på maskinen.
|
||||||
|
|
||||||
|
Hvis du ikke har lyst til å oppdatere alle pakkene (og kanskje måtte vente en stund!) kan du kjøre
|
||||||
|
|
||||||
|
`nixos-rebuild switch --override-input nixpkgs nixpkgs --override-input nixpkgs-unstable nixpkgs-unstable --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git`
|
||||||
|
|
||||||
## Seksjonen for hemmeligheter
|
## Seksjonen for hemmeligheter
|
||||||
|
|
||||||
For at hemmeligheter ikke skal deles med hele verden i git - eller å være world
|
For at hemmeligheter ikke skal deles med hele verden i git - eller å være world
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, ... }:
|
{ pkgs, lib, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
@ -10,12 +10,17 @@
|
||||||
|
|
||||||
./services/acme.nix
|
./services/acme.nix
|
||||||
./services/auto-upgrade.nix
|
./services/auto-upgrade.nix
|
||||||
|
./services/irqbalance.nix
|
||||||
./services/logrotate.nix
|
./services/logrotate.nix
|
||||||
./services/nginx.nix
|
./services/nginx.nix
|
||||||
./services/openssh.nix
|
./services/openssh.nix
|
||||||
|
./services/postfix.nix
|
||||||
|
./services/smartd.nix
|
||||||
./services/thermald.nix
|
./services/thermald.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
boot.tmp.cleanOnBoot = lib.mkDefault true;
|
||||||
|
|
||||||
time.timeZone = "Europe/Oslo";
|
time.timeZone = "Europe/Oslo";
|
||||||
|
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
@ -42,6 +47,11 @@
|
||||||
|
|
||||||
programs.zsh.enable = true;
|
programs.zsh.enable = true;
|
||||||
|
|
||||||
|
security.sudo.execWheelOnly = true;
|
||||||
|
security.sudo.extraConfig = ''
|
||||||
|
Defaults lecture = never
|
||||||
|
'';
|
||||||
|
|
||||||
users.groups."drift".name = "drift";
|
users.groups."drift".name = "drift";
|
||||||
|
|
||||||
# Trusted users on the nix builder machines
|
# Trusted users on the nix builder machines
|
||||||
|
|
29
base/nix.nix
29
base/nix.nix
|
@ -1,8 +1,19 @@
|
||||||
{ inputs, ... }:
|
{ inputs, ... }:
|
||||||
{
|
{
|
||||||
nix.gc.automatic = true;
|
nix = {
|
||||||
nix.gc.options = "--delete-older-than 2d";
|
gc = {
|
||||||
nix.settings.experimental-features = [ "nix-command" "flakes" ];
|
automatic = true;
|
||||||
|
options = "--delete-older-than 2d";
|
||||||
|
};
|
||||||
|
|
||||||
|
settings = {
|
||||||
|
allow-dirty = true;
|
||||||
|
auto-optimise-store = true;
|
||||||
|
builders-use-substitutes = true;
|
||||||
|
experimental-features = [ "nix-command" "flakes" ];
|
||||||
|
log-lines = 50;
|
||||||
|
use-xdg-base-directories = true;
|
||||||
|
};
|
||||||
|
|
||||||
/* This makes commandline tools like
|
/* This makes commandline tools like
|
||||||
** nix run nixpkgs#hello
|
** nix run nixpkgs#hello
|
||||||
|
@ -10,8 +21,14 @@
|
||||||
** use the same channel the system
|
** use the same channel the system
|
||||||
** was built with
|
** was built with
|
||||||
*/
|
*/
|
||||||
nix.registry = {
|
registry = {
|
||||||
nixpkgs.flake = inputs.nixpkgs;
|
"nixpkgs".flake = inputs.nixpkgs;
|
||||||
|
"nixpkgs-unstable".flake = inputs.nixpkgs-unstable;
|
||||||
|
"pvv-nix".flake = inputs.self;
|
||||||
|
};
|
||||||
|
nixPath = [
|
||||||
|
"nixpkgs=${inputs.nixpkgs}"
|
||||||
|
"unstable=${inputs.nixpkgs-unstable}"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ];
|
|
||||||
}
|
}
|
|
@ -0,0 +1,4 @@
|
||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
services.irqbalance.enable = true;
|
||||||
|
}
|
|
@ -2,6 +2,7 @@
|
||||||
{
|
{
|
||||||
services.openssh = {
|
services.openssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
startWhenNeeded = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
PubkeyAcceptedAlgorithms=+ssh-rsa
|
PubkeyAcceptedAlgorithms=+ssh-rsa
|
||||||
Match Group wheel
|
Match Group wheel
|
||||||
|
|
|
@ -0,0 +1,23 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.services.postfix;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
services.postfix = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
hostname = "${config.networking.hostName}.pvv.ntnu.no";
|
||||||
|
domain = "pvv.ntnu.no";
|
||||||
|
|
||||||
|
relayHost = "smtp.pvv.ntnu.no";
|
||||||
|
relayPort = 465;
|
||||||
|
|
||||||
|
config = {
|
||||||
|
smtp_tls_wrappermode = "yes";
|
||||||
|
smtp_tls_security_level = "encrypt";
|
||||||
|
};
|
||||||
|
|
||||||
|
# Nothing should be delivered to this machine
|
||||||
|
destination = [ ];
|
||||||
|
};
|
||||||
|
}
|
|
@ -0,0 +1,8 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
{
|
||||||
|
services.smartd.enable = lib.mkDefault true;
|
||||||
|
|
||||||
|
environment.systemPackages = lib.optionals config.services.smartd.enable (with pkgs; [
|
||||||
|
smartmontools
|
||||||
|
]);
|
||||||
|
}
|
|
@ -214,11 +214,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1722722932,
|
"lastModified": 1725212759,
|
||||||
"narHash": "sha256-K81a2GQpY2kRX+C9ek9r91THlZB674CqRTSMMb5IO7E=",
|
"narHash": "sha256-yZBsefIarFUEhFRj+rCGMp9Zvag3MCafqV/JfGVRVwc=",
|
||||||
"ref": "refs/heads/master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "6580cfe546c902cdf11e17b0b8aa30b3c412bb34",
|
"rev": "e7b66b4bc6a89bab74bac45b87e9434f5165355f",
|
||||||
"revCount": 465,
|
"revCount": 473,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
|
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
|
||||||
},
|
},
|
||||||
|
|
|
@ -92,6 +92,7 @@
|
||||||
heimdal = unstablePkgs.heimdal;
|
heimdal = unstablePkgs.heimdal;
|
||||||
mediawiki-extensions = final.callPackage ./packages/mediawiki-extensions { };
|
mediawiki-extensions = final.callPackage ./packages/mediawiki-extensions { };
|
||||||
simplesamlphp = final.callPackage ./packages/simplesamlphp { };
|
simplesamlphp = final.callPackage ./packages/simplesamlphp { };
|
||||||
|
bluemap = final.callPackage ./packages/bluemap.nix { };
|
||||||
})
|
})
|
||||||
inputs.nix-gitea-themes.overlays.default
|
inputs.nix-gitea-themes.overlays.default
|
||||||
inputs.pvv-nettsiden.overlays.default
|
inputs.pvv-nettsiden.overlays.default
|
||||||
|
|
|
@ -27,9 +27,11 @@
|
||||||
# TODO: render somewhere else lmao
|
# TODO: render somewhere else lmao
|
||||||
systemd.services."render-bluemap-maps" = {
|
systemd.services."render-bluemap-maps" = {
|
||||||
preStart = ''
|
preStart = ''
|
||||||
|
mkdir -p /var/lib/bluemap/world
|
||||||
${pkgs.rsync}/bin/rsync \
|
${pkgs.rsync}/bin/rsync \
|
||||||
-e "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=$CREDENTIALS_DIRECTORY/ssh-known-hosts -i $CREDENTIALS_DIRECTORY/sshkey" \
|
-e "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=$CREDENTIALS_DIRECTORY/ssh-known-hosts -i $CREDENTIALS_DIRECTORY/sshkey" \
|
||||||
-avz root@innovation.pvv.ntnu.no:/var/backups/minecraft/current/world \
|
-avz --no-owner --no-group \
|
||||||
|
root@innovation.pvv.ntnu.no:/ \
|
||||||
/var/lib/bluemap/world
|
/var/lib/bluemap/world
|
||||||
'';
|
'';
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
|
|
|
@ -0,0 +1,30 @@
|
||||||
|
{ lib, stdenvNoCC, fetchurl, makeWrapper, jre }:
|
||||||
|
|
||||||
|
stdenvNoCC.mkDerivation rec {
|
||||||
|
pname = "bluemap";
|
||||||
|
version = "5.2";
|
||||||
|
|
||||||
|
src = fetchurl {
|
||||||
|
url = "https://github.com/BlueMap-Minecraft/BlueMap/releases/download/v${version}/BlueMap-${version}-cli.jar";
|
||||||
|
hash = "sha256-4vld+NBwzBxdwbMtsKuqvO6immkbh4HB//6wdjXaxoU=";
|
||||||
|
};
|
||||||
|
|
||||||
|
dontUnpack = true;
|
||||||
|
|
||||||
|
nativeBuildInputs = [ makeWrapper ];
|
||||||
|
|
||||||
|
installPhase = ''
|
||||||
|
runHook preInstall
|
||||||
|
makeWrapper ${jre}/bin/java $out/bin/bluemap --add-flags "-jar $src"
|
||||||
|
runHook postInstall
|
||||||
|
'';
|
||||||
|
|
||||||
|
meta = {
|
||||||
|
description = "3D minecraft map renderer";
|
||||||
|
homepage = "https://bluemap.bluecolored.de/";
|
||||||
|
sourceProvenance = with lib.sourceTypes; [ binaryBytecode ];
|
||||||
|
license = lib.licenses.mit;
|
||||||
|
maintainers = with lib.maintainers; [ dandellion ];
|
||||||
|
mainProgram = "bluemap";
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue