Compare commits

..

11 Commits

Author SHA1 Message Date
Daniel Olsen 5c77dfbf4d bluemap on bekkalokk 💀 2024-09-01 22:12:24 +02:00
Daniel Olsen f7e2c74f89 base: enable rebuilding nixos-config without updating the channels used 2024-09-01 22:10:58 +02:00
Felix Albrigtsen 161265d346 Bekkalokk/Nettsiden: deploy #78 2024-09-01 20:13:56 +02:00
h7x4 f85d18769f
common: clean `/tmp` on boot by default 2024-09-01 03:29:46 +02:00
h7x4 b47a626427
common/openssh: socket activate 2024-09-01 03:21:13 +02:00
h7x4 4d65b9fd1d
common/sudo: misc config 2024-09-01 03:17:15 +02:00
h7x4 f3e094520e
common/postfix: init 2024-09-01 03:13:18 +02:00
h7x4 69f98933a4
common/smartd: add `smartctl` to environment packages 2024-09-01 01:55:38 +02:00
h7x4 bf2959c68d
common/nix: flesh out 2024-09-01 01:44:59 +02:00
h7x4 17f0268d12
common/irqbalance: init 2024-09-01 01:39:35 +02:00
h7x4 ebce0eb67a
common/smartd: init 2024-09-01 01:23:15 +02:00
11 changed files with 120 additions and 20 deletions

View File

@ -26,10 +26,14 @@ Det er sikkert lurt å lage en PR først om du ikke er vandt til nix enda.
Innen 24h skal alle systemene hente ned den nye konfigurasjonen og deploye den. Innen 24h skal alle systemene hente ned den nye konfigurasjonen og deploye den.
Du kan tvinge en maskin til å oppdatere seg før dette ved å kjøre: Du kan tvinge en maskin til å oppdatere seg før dette ved å kjøre:
`nixos-rebuild switch --update-input nixpkgs --update-input nixpkgs-unstable --no-write-lock-file --refresh --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git --upgrade` `nixos-rebuild switch --update-input nixpkgs --update-input nixpkgs-unstable --no-write-lock-file --refresh --upgrade --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git`
som root på maskinen. som root på maskinen.
Hvis du ikke har lyst til å oppdatere alle pakkene (og kanskje måtte vente en stund!) kan du kjøre
`nixos-rebuild switch --override-input nixpkgs nixpkgs --override-input nixpkgs-unstable nixpkgs-unstable --flake git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git`
## Seksjonen for hemmeligheter ## Seksjonen for hemmeligheter
For at hemmeligheter ikke skal deles med hele verden i git - eller å være world For at hemmeligheter ikke skal deles med hele verden i git - eller å være world

View File

@ -1,4 +1,4 @@
{ pkgs, ... }: { pkgs, lib, ... }:
{ {
imports = [ imports = [
@ -10,12 +10,17 @@
./services/acme.nix ./services/acme.nix
./services/auto-upgrade.nix ./services/auto-upgrade.nix
./services/irqbalance.nix
./services/logrotate.nix ./services/logrotate.nix
./services/nginx.nix ./services/nginx.nix
./services/openssh.nix ./services/openssh.nix
./services/postfix.nix
./services/smartd.nix
./services/thermald.nix ./services/thermald.nix
]; ];
boot.tmp.cleanOnBoot = lib.mkDefault true;
time.timeZone = "Europe/Oslo"; time.timeZone = "Europe/Oslo";
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
@ -42,6 +47,11 @@
programs.zsh.enable = true; programs.zsh.enable = true;
security.sudo.execWheelOnly = true;
security.sudo.extraConfig = ''
Defaults lecture = never
'';
users.groups."drift".name = "drift"; users.groups."drift".name = "drift";
# Trusted users on the nix builder machines # Trusted users on the nix builder machines

View File

@ -1,17 +1,34 @@
{ inputs, ... }: { inputs, ... }:
{ {
nix.gc.automatic = true; nix = {
nix.gc.options = "--delete-older-than 2d"; gc = {
nix.settings.experimental-features = [ "nix-command" "flakes" ]; automatic = true;
options = "--delete-older-than 2d";
};
/* This makes commandline tools like settings = {
** nix run nixpkgs#hello allow-dirty = true;
** and nix-shell -p hello auto-optimise-store = true;
** use the same channel the system builders-use-substitutes = true;
** was built with experimental-features = [ "nix-command" "flakes" ];
*/ log-lines = 50;
nix.registry = { use-xdg-base-directories = true;
nixpkgs.flake = inputs.nixpkgs; };
/* This makes commandline tools like
** nix run nixpkgs#hello
** and nix-shell -p hello
** use the same channel the system
** was built with
*/
registry = {
"nixpkgs".flake = inputs.nixpkgs;
"nixpkgs-unstable".flake = inputs.nixpkgs-unstable;
"pvv-nix".flake = inputs.self;
};
nixPath = [
"nixpkgs=${inputs.nixpkgs}"
"unstable=${inputs.nixpkgs-unstable}"
];
}; };
nix.nixPath = [ "nixpkgs=${inputs.nixpkgs}" ]; }
}

View File

@ -0,0 +1,4 @@
{ ... }:
{
services.irqbalance.enable = true;
}

View File

@ -2,6 +2,7 @@
{ {
services.openssh = { services.openssh = {
enable = true; enable = true;
startWhenNeeded = true;
extraConfig = '' extraConfig = ''
PubkeyAcceptedAlgorithms=+ssh-rsa PubkeyAcceptedAlgorithms=+ssh-rsa
Match Group wheel Match Group wheel

23
base/services/postfix.nix Normal file
View File

@ -0,0 +1,23 @@
{ config, pkgs, lib, ... }:
let
cfg = config.services.postfix;
in
{
services.postfix = {
enable = true;
hostname = "${config.networking.hostName}.pvv.ntnu.no";
domain = "pvv.ntnu.no";
relayHost = "smtp.pvv.ntnu.no";
relayPort = 465;
config = {
smtp_tls_wrappermode = "yes";
smtp_tls_security_level = "encrypt";
};
# Nothing should be delivered to this machine
destination = [ ];
};
}

8
base/services/smartd.nix Normal file
View File

@ -0,0 +1,8 @@
{ config, pkgs, lib, ... }:
{
services.smartd.enable = lib.mkDefault true;
environment.systemPackages = lib.optionals config.services.smartd.enable (with pkgs; [
smartmontools
]);
}

View File

@ -214,11 +214,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1722722932, "lastModified": 1725212759,
"narHash": "sha256-K81a2GQpY2kRX+C9ek9r91THlZB674CqRTSMMb5IO7E=", "narHash": "sha256-yZBsefIarFUEhFRj+rCGMp9Zvag3MCafqV/JfGVRVwc=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "6580cfe546c902cdf11e17b0b8aa30b3c412bb34", "rev": "e7b66b4bc6a89bab74bac45b87e9434f5165355f",
"revCount": 465, "revCount": 473,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Projects/nettsiden.git" "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
}, },

View File

@ -92,6 +92,7 @@
heimdal = unstablePkgs.heimdal; heimdal = unstablePkgs.heimdal;
mediawiki-extensions = final.callPackage ./packages/mediawiki-extensions { }; mediawiki-extensions = final.callPackage ./packages/mediawiki-extensions { };
simplesamlphp = final.callPackage ./packages/simplesamlphp { }; simplesamlphp = final.callPackage ./packages/simplesamlphp { };
bluemap = final.callPackage ./packages/bluemap.nix { };
}) })
inputs.nix-gitea-themes.overlays.default inputs.nix-gitea-themes.overlays.default
inputs.pvv-nettsiden.overlays.default inputs.pvv-nettsiden.overlays.default

View File

@ -27,9 +27,11 @@
# TODO: render somewhere else lmao # TODO: render somewhere else lmao
systemd.services."render-bluemap-maps" = { systemd.services."render-bluemap-maps" = {
preStart = '' preStart = ''
mkdir -p /var/lib/bluemap/world
${pkgs.rsync}/bin/rsync \ ${pkgs.rsync}/bin/rsync \
-e "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=$CREDENTIALS_DIRECTORY/ssh-known-hosts -i $CREDENTIALS_DIRECTORY/sshkey" \ -e "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=$CREDENTIALS_DIRECTORY/ssh-known-hosts -i $CREDENTIALS_DIRECTORY/sshkey" \
-avz root@innovation.pvv.ntnu.no:/var/backups/minecraft/current/world \ -avz --no-owner --no-group \
root@innovation.pvv.ntnu.no:/ \
/var/lib/bluemap/world /var/lib/bluemap/world
''; '';
serviceConfig = { serviceConfig = {

30
packages/bluemap.nix Normal file
View File

@ -0,0 +1,30 @@
{ lib, stdenvNoCC, fetchurl, makeWrapper, jre }:
stdenvNoCC.mkDerivation rec {
pname = "bluemap";
version = "5.2";
src = fetchurl {
url = "https://github.com/BlueMap-Minecraft/BlueMap/releases/download/v${version}/BlueMap-${version}-cli.jar";
hash = "sha256-4vld+NBwzBxdwbMtsKuqvO6immkbh4HB//6wdjXaxoU=";
};
dontUnpack = true;
nativeBuildInputs = [ makeWrapper ];
installPhase = ''
runHook preInstall
makeWrapper ${jre}/bin/java $out/bin/bluemap --add-flags "-jar $src"
runHook postInstall
'';
meta = {
description = "3D minecraft map renderer";
homepage = "https://bluemap.bluecolored.de/";
sourceProvenance = with lib.sourceTypes; [ binaryBytecode ];
license = lib.licenses.mit;
maintainers = with lib.maintainers; [ dandellion ];
mainProgram = "bluemap";
};
}