mirror of
https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git
synced 2026-07-04 09:51:47 +02:00
Compare commits
16 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 8a290d30e7 | |||
| 3197c6a5e3 | |||
| f8dcaddefb | |||
| 009d89f959 | |||
| 21bba3ec7e | |||
| 9552351776 | |||
| 7e754ade71 | |||
| fcd81aed00 | |||
| 966081ebfc | |||
| 39d313579c | |||
| 3386153b8b | |||
| 56906241f6 | |||
| 3fe71d21f6 | |||
| 074d240595 | |||
| 1ce3372683 | |||
| 5f14c15679 |
@@ -46,6 +46,10 @@
|
||||
|
||||
system.nixos.tags = lib.optionals (inputs.self.sourceInfo ? dirtyRev) [ "dirty" ];
|
||||
|
||||
specialisation."auto-upgrade".configuration = {
|
||||
system.nixos.tags = [ "auto" ];
|
||||
};
|
||||
|
||||
boot.tmp.cleanOnBoot = lib.mkDefault true;
|
||||
boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
|
||||
|
||||
|
||||
@@ -13,6 +13,7 @@ in
|
||||
|
||||
"--refresh"
|
||||
"--no-write-lock-file"
|
||||
"--specialisation auto-upgrade"
|
||||
# --update-input is deprecated since nix 2.22, and removed in lix 2.90
|
||||
# as such we instead use --override-input combined with --refresh
|
||||
# https://git.lix.systems/lix-project/lix/issues/400
|
||||
|
||||
@@ -173,62 +173,71 @@
|
||||
);
|
||||
|
||||
stableNixosConfig = name: extraArgs:
|
||||
nixosConfig nixpkgs name ./hosts/${name}/configuration.nix extraArgs;
|
||||
in {
|
||||
bakke = stableNixosConfig "bakke" {
|
||||
modules = [
|
||||
inputs.disko.nixosModules.disko
|
||||
];
|
||||
};
|
||||
bicep = stableNixosConfig "bicep" {
|
||||
modules = [
|
||||
inputs.matrix-next.nixosModules.default
|
||||
inputs.pvv-calendar-bot.nixosModules.default
|
||||
inputs.minecraft-heatmap.nixosModules.default
|
||||
self.nixosModules.gickup
|
||||
self.nixosModules.matrix-ooye
|
||||
];
|
||||
overlays = [
|
||||
inputs.pvv-calendar-bot.overlays.default
|
||||
inputs.minecraft-heatmap.overlays.default
|
||||
(final: prev: {
|
||||
inherit (self.packages.${prev.stdenv.hostPlatform.system}) out-of-your-element;
|
||||
})
|
||||
];
|
||||
};
|
||||
bekkalokk = stableNixosConfig "bekkalokk" {
|
||||
overlays = [
|
||||
(final: prev: {
|
||||
mediawiki-extensions = final.callPackage ./packages/mediawiki-extensions { };
|
||||
simplesamlphp = final.callPackage ./packages/simplesamlphp { };
|
||||
bluemap = final.callPackage ./packages/bluemap.nix { };
|
||||
})
|
||||
inputs.pvv-nettsiden.overlays.default
|
||||
inputs.qotd.overlays.default
|
||||
];
|
||||
modules = [
|
||||
inputs.pvv-nettsiden.nixosModules.default
|
||||
self.nixosModules.bluemap
|
||||
inputs.qotd.nixosModules.default
|
||||
];
|
||||
};
|
||||
ildkule = stableNixosConfig "ildkule" { };
|
||||
#ildkule-unstable = unstableNixosConfig "ildkule" { };
|
||||
skrot = stableNixosConfig "skrot" {
|
||||
modules = [
|
||||
self.nixosModules.drumknotty
|
||||
inputs.disko.nixosModules.disko
|
||||
];
|
||||
overlays =
|
||||
[
|
||||
inputs.dibbler.overlays.default
|
||||
inputs.worblehat.overlays.default
|
||||
];
|
||||
};
|
||||
shark = stableNixosConfig "shark" { };
|
||||
wenche = stableNixosConfig "wenche" { };
|
||||
temmie = stableNixosConfig "temmie" { };
|
||||
gluttony = stableNixosConfig "gluttony" { };
|
||||
nixosConfig nixpkgs name ./hosts/${name}/configuration.nix extraArgs;
|
||||
in
|
||||
{
|
||||
bicep = stableNixosConfig "bicep" {
|
||||
modules = [
|
||||
inputs.matrix-next.nixosModules.default
|
||||
inputs.pvv-calendar-bot.nixosModules.default
|
||||
inputs.minecraft-heatmap.nixosModules.default
|
||||
self.nixosModules.gickup
|
||||
self.nixosModules.matrix-ooye
|
||||
];
|
||||
overlays = [
|
||||
inputs.pvv-calendar-bot.overlays.default
|
||||
inputs.minecraft-heatmap.overlays.default
|
||||
(final: prev: {
|
||||
inherit (self.packages.${prev.stdenv.hostPlatform.system}) out-of-your-element;
|
||||
})
|
||||
];
|
||||
};
|
||||
bekkalokk = stableNixosConfig "bekkalokk" {
|
||||
overlays = [
|
||||
(final: prev: {
|
||||
mediawiki-extensions = final.callPackage ./packages/mediawiki-extensions {};
|
||||
simplesamlphp = final.callPackage ./packages/simplesamlphp {};
|
||||
})
|
||||
inputs.pvv-nettsiden.overlays.default
|
||||
inputs.qotd.overlays.default
|
||||
];
|
||||
modules = [
|
||||
inputs.pvv-nettsiden.nixosModules.default
|
||||
inputs.qotd.nixosModules.default
|
||||
];
|
||||
};
|
||||
ildkule = stableNixosConfig "ildkule" {
|
||||
modules = [
|
||||
inputs.disko.nixosModules.disko
|
||||
];
|
||||
};
|
||||
skrot = stableNixosConfig "skrot" {
|
||||
modules = [
|
||||
self.nixosModules.drumknotty
|
||||
inputs.disko.nixosModules.disko
|
||||
];
|
||||
overlays =
|
||||
[
|
||||
inputs.dibbler.overlays.default
|
||||
inputs.worblehat.overlays.default
|
||||
];
|
||||
};
|
||||
shark = stableNixosConfig "shark" {};
|
||||
wenche = stableNixosConfig "wenche" {};
|
||||
temmie = stableNixosConfig "temmie" {
|
||||
overlays = [
|
||||
inputs.bro.overlays.default
|
||||
];
|
||||
modules = [
|
||||
inputs.bro.nixosModules.default
|
||||
];
|
||||
};
|
||||
gluttony = stableNixosConfig "gluttony" {
|
||||
overlays = [
|
||||
(final: prev: { bluemap = final.callPackage ./packages/bluemap.nix {}; })
|
||||
];
|
||||
modules = [ self.nixosModules.bluemap ];
|
||||
};
|
||||
|
||||
kommode = stableNixosConfig "kommode" {
|
||||
overlays = [
|
||||
|
||||
@@ -7,7 +7,7 @@
|
||||
|
||||
./services/alps.nix
|
||||
./services/bluemap.nix
|
||||
./services/radicle.nix
|
||||
./services/radicale.nix
|
||||
./services/idp-simplesamlphp
|
||||
./services/kerberos.nix
|
||||
./services/mediawiki
|
||||
|
||||
@@ -22,6 +22,7 @@ in {
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
@@ -36,5 +37,4 @@ in {
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ radicalePort ];
|
||||
}
|
||||
@@ -10,8 +10,9 @@
|
||||
enableACME = true;
|
||||
kTLS = true;
|
||||
locations = {
|
||||
"= /".return = "302 https://webmail.pvv.ntnu.no/roundcube";
|
||||
# "= /".return = "302 https://webmail.pvv.ntnu.no/roundcube";
|
||||
|
||||
"/roundcube".return = "302 https://webmail.pvv.ntnu.no/";
|
||||
"/afterlogic_lite".return = "302 https://webmail.pvv.ntnu.no/roundcube";
|
||||
"/squirrelmail".return = "302 https://webmail.pvv.ntnu.no/roundcube";
|
||||
"/rainloop".return = "302 https://snappymail.pvv.ntnu.no/";
|
||||
|
||||
@@ -29,7 +29,7 @@ in
|
||||
|
||||
dicts = with pkgs.aspellDicts; [ en en-computers nb nn fr de it ];
|
||||
maxAttachmentSize = 20;
|
||||
hostName = "roundcubeplaceholder.example.com";
|
||||
hostName = domain;
|
||||
|
||||
database = {
|
||||
host = "postgres.pvv.ntnu.no";
|
||||
@@ -49,44 +49,9 @@ in
|
||||
'';
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."roundcubeplaceholder.example.com" = lib.mkForce { };
|
||||
# TODO: move this back to `webmail.pvv.ntnu.no/roundcube` subpath
|
||||
|
||||
services.nginx.virtualHosts.${domain} = {
|
||||
kTLS = true;
|
||||
locations."/roundcube" = {
|
||||
tryFiles = "$uri $uri/ =404";
|
||||
index = "index.php";
|
||||
root = pkgs.linkFarm "roundcube-dir" {
|
||||
roundcube = "${cfg.package}";
|
||||
};
|
||||
|
||||
extraConfig = ''
|
||||
location ~ ^/roundcube/(${builtins.concatStringsSep "|" [
|
||||
# https://wiki.archlinux.org/title/Roundcube
|
||||
"README"
|
||||
"INSTALL"
|
||||
"LICENSE"
|
||||
"CHANGELOG"
|
||||
"UPGRADING"
|
||||
"bin"
|
||||
"SQL"
|
||||
".+\\.md"
|
||||
"\\."
|
||||
"config"
|
||||
"temp"
|
||||
"logs"
|
||||
]})/? {
|
||||
deny all;
|
||||
}
|
||||
|
||||
location ~ ^/roundcube/(.+\.php)(/?.*)$ {
|
||||
fastcgi_split_path_info ^/roundcube(/.+\.php)(/.+)$;
|
||||
include ${config.services.nginx.package}/conf/fastcgi_params;
|
||||
include ${config.services.nginx.package}/conf/fastcgi.conf;
|
||||
fastcgi_index index.php;
|
||||
fastcgi_pass unix:${config.services.phpfpm.pools.roundcube.socket};
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -23,6 +23,9 @@ in
|
||||
bind-address = values.services.mysql.ipv4;
|
||||
skip-networking = 0;
|
||||
|
||||
# Useful for the mysqld prometheus exporter
|
||||
userstat = 1;
|
||||
|
||||
# This was needed in order to be able to use all of the old users
|
||||
# during migration from knakelibrak to bicep in Sep. 2023
|
||||
secure_auth = 0;
|
||||
@@ -71,4 +74,16 @@ in
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.logrotate = lib.mkIf (cfg.settings.mysqld.slow-query-log == 1) {
|
||||
enable = true;
|
||||
settings.mysql-slowlog = {
|
||||
files = [ cfg.settings.mysqld.slow-query-log-file ];
|
||||
frequency = "weekly";
|
||||
rotate = 12;
|
||||
create = "0660 mysql mysql";
|
||||
minsize = "1M";
|
||||
compress = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -1,14 +1,12 @@
|
||||
{ ... }:
|
||||
{
|
||||
services.prometheus = {
|
||||
scrapeConfigs = [
|
||||
{
|
||||
job_name = "exim";
|
||||
scrape_interval = "15s";
|
||||
static_configs = [{
|
||||
targets = [ "microbel.pvv.ntnu.no:9636" ];
|
||||
}];
|
||||
}
|
||||
];
|
||||
};
|
||||
services.prometheus.scrapeConfigs = [{
|
||||
job_name = "exim";
|
||||
scrape_interval = "15s";
|
||||
scheme = "http";
|
||||
|
||||
static_configs = [{
|
||||
targets = [ "microbel.pvv.ntnu.no:9636" ];
|
||||
}];
|
||||
}];
|
||||
}
|
||||
|
||||
@@ -9,6 +9,12 @@
|
||||
|
||||
sops.defaultSopsFile = fp /secrets/lupine/lupine.yaml;
|
||||
|
||||
boot.binfmt.emulatedSystems = [
|
||||
"aarch64-linux"
|
||||
"armv7l-linux"
|
||||
"i686-linux"
|
||||
];
|
||||
|
||||
systemd.network.networks."30-enp0s31f6" = values.defaultNetworkConfig // {
|
||||
matchConfig.Name = "enp0s31f6";
|
||||
address = with values.hosts.${lupineName}; [ (ipv4 + "/25") (ipv6 + "/64") ];
|
||||
|
||||
@@ -10,18 +10,18 @@ let
|
||||
in
|
||||
buildNpmPackage {
|
||||
pname = "delete-your-element";
|
||||
version = "3.5.1";
|
||||
version = "3.6.0";
|
||||
src = fetchFromGitea {
|
||||
domain = "git.pvv.ntnu.no";
|
||||
owner = "Drift";
|
||||
repo = "delete-your-element";
|
||||
rev = "80ac1d9d79207b6327975a264fcd9747b99a2a5d";
|
||||
hash = "sha256-fcBpUZ+WEMUXyyo/uaArl4D1NJmK95isWqhFSt6HzUU=";
|
||||
rev = "44fb6a02d3139e8ab10e9660ad931e5e70d1205f";
|
||||
hash = "sha256-wDQhPbxwdkAm0kPhaDNjbk8rVFxnGinffVdASdFrYnU=";
|
||||
};
|
||||
|
||||
inherit nodejs;
|
||||
|
||||
npmDepsHash = "sha256-EYxJi6ObJQOLyiJq4C3mV6I62ns9l64ZHcdoQxmN5Ao=";
|
||||
npmDepsHash = "sha256-h1mmE0/+Y7SBwnI0vaYvV+KqRDJGzwJvDUOkigzHcOY=";
|
||||
dontNpmBuild = true;
|
||||
|
||||
nativeBuildInputs = [ makeWrapper ];
|
||||
|
||||
Reference in New Issue
Block a user