Compare commits

..

14 Commits

Author SHA1 Message Date
Vegard Bieker Matthey 273110b304 gluttony: set nginx group for serving bluemap files 2026-05-24 10:03:53 +02:00
Vegard Bieker Matthey 32a14e262f gluttony: bluemap don't create a new directory 2026-05-24 09:51:34 +02:00
Vegard Bieker Matthey d66fef033d bekkalokk: add back config added through bluemap module 2026-05-24 09:21:17 +02:00
Vegard Bieker Matthey 4d7fdcc059 bekkalokk: remove bluemap secrets 2026-05-24 09:04:17 +02:00
Vegard Bieker Matthey 52e1d693cc bekkalokk: remove bluemap rendering 2026-05-24 09:01:43 +02:00
Vegard Bieker Matthey df54bcd853 remove unused variable 2026-05-24 09:01:43 +02:00
Vegard Bieker Matthey b8ec6308bd gluttony: use webRoot variable 2026-05-24 09:01:33 +02:00
Vegard Bieker Matthey c67e381065 gluttony: bluemap fix path 2026-05-24 08:37:31 +02:00
Vegard Bieker Matthey 6bf2ede728 gluttony: add private key and set public key for bekkalokk 2026-05-24 08:37:31 +02:00
Vegard Bieker Matthey 7c4439dbc0 bekkalokk: pull rendered map from gluttony 2026-05-24 08:37:31 +02:00
Vegard Bieker Matthey cbb587f79c gluttony: bluemap export to bekkern 2026-05-24 08:37:31 +02:00
Vegard Bieker Matthey 33b7a420e3 add bekkalokk to known_hosts 2026-05-24 08:37:31 +02:00
Vegard Bieker Matthey e08e61d6a1 bluemap: set group to nginx only if nginx is enabled 2026-05-24 08:37:31 +02:00
Vegard Bieker Matthey eeab3b8fa6 gluttony: setup bluemap 2026-05-24 08:37:25 +02:00
16 changed files with 58 additions and 465 deletions
-2
View File
@@ -45,7 +45,6 @@ revert the changes on the next nightly rebuild (tends to happen when everybody i
| [lupine][lup] | Physical | Gitea CI/CD runners |
| shark | Virtual | Test host for authentication, absolutely horrendous |
| [skrot][skr] | Physical | Kiosk, snacks and soda |
| [temmie][tem] | Virtual | User websites |
| [wenche][wen] | Virtual | Nix-builders, general purpose compute |
## Documentation
@@ -64,5 +63,4 @@ revert the changes on the next nightly rebuild (tends to happen when everybody i
[kom]: https://wiki.pvv.ntnu.no/wiki/Maskiner/kommode
[lup]: https://wiki.pvv.ntnu.no/wiki/Maskiner/lupine
[skr]: https://wiki.pvv.ntnu.no/wiki/Maskiner/Skrot
[tem]: https://wiki.pvv.ntnu.no/wiki/Maskiner/temmie
[wen]: https://wiki.pvv.ntnu.no/wiki/Maskiner/wenche
+4 -4
View File
@@ -77,10 +77,10 @@
'';
# These are servers, sleep is for the weak
systemd.sleep.settings.Sleep = {
AllowSuspend = lib.mkDefault false;
AllowHibernation = lib.mkDefault false;
};
systemd.sleep.extraConfig = lib.mkDefault ''
AllowSuspend=no
AllowHibernation=no
'';
# users.mutableUsers = lib.mkDefault false;
+1 -5
View File
@@ -3,15 +3,11 @@
systemd.network.enable = true;
networking.domain = "pvv.ntnu.no";
networking.useDHCP = false;
# networking.search = [ "pvv.ntnu.no" "pvv.org" ];
# networking.nameservers = lib.mkDefault [ "129.241.0.200" "129.241.0.201" ];
# networking.tempAddresses = lib.mkDefault "disabled";
# networking.defaultGateway = values.hosts.gateway;
# The rest of the networking configuration is usually sourced from /values.nix
services.resolved = {
enable = lib.mkDefault true;
settings.Resolve.DNSSEC = false; # Supposdly this keeps breaking and the default is to allow downgrades anyways...
dnssec = "false"; # Supposdly this keeps breaking and the default is to allow downgrades anyways...
};
}
+2 -1
View File
@@ -6,7 +6,8 @@ in
services.journald.upload = {
enable = lib.mkDefault true;
settings.Upload = {
URL = "https://journald.pvv.ntnu.no:${toString config.services.journald.remote.port}";
# URL = "https://journald.pvv.ntnu.no:${toString config.services.journald.remote.port}";
URL = "https://${values.hosts.ildkule.ipv4}:${toString config.services.journald.remote.port}";
ServerKeyFile = "-";
ServerCertificateFile = "-";
TrustedCertificateFile = "-";
Generated
+9 -9
View File
@@ -43,16 +43,16 @@
]
},
"locked": {
"lastModified": 1768920986,
"narHash": "sha256-CNzzBsRhq7gg4BMBuTDObiWDH/rFYHEuDRVOwCcwXw4=",
"lastModified": 1736864502,
"narHash": "sha256-ItkIZyebGvNH2dK9jVGzJHGPtb6BSWLN8Gmef16NeY0=",
"owner": "nix-community",
"repo": "disko",
"rev": "de5708739256238fb912c62f03988815db89ec9a",
"rev": "0141aabed359f063de7413f80d906e1d98c0c123",
"type": "github"
},
"original": {
"owner": "nix-community",
"ref": "v1.13.0",
"ref": "v1.11.0",
"repo": "disko",
"type": "github"
}
@@ -248,15 +248,15 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1779622335,
"narHash": "sha256-06G98ieM6l+OI7EMhlvchgDBDn+DvIWCNj40LDhKpmc=",
"rev": "705e9929918b43bd7b715dc0a878ac870449bb03",
"lastModified": 1778544512,
"narHash": "sha256-VIsPgfIpZ/01XUO6WN+o1NZbP5iKPKPHdHPWqfm4XIg=",
"rev": "c417517f9d525181ee5619c683419d308ee29fe8",
"type": "tarball",
"url": "https://releases.nixos.org/nixos/26.05-small/nixos-26.05beta1.705e9929918b/nixexprs.tar.xz"
"url": "https://releases.nixos.org/nixos/25.11-small/nixos-25.11.10745.c417517f9d52/nixexprs.tar.xz"
},
"original": {
"type": "tarball",
"url": "https://nixos.org/channels/nixos-26.05-small/nixexprs.tar.xz"
"url": "https://nixos.org/channels/nixos-25.11-small/nixexprs.tar.xz"
}
},
"nixpkgs-lib": {
+4 -5
View File
@@ -2,13 +2,13 @@
description = "PVV System flake";
inputs = {
nixpkgs.url = "https://nixos.org/channels/nixos-26.05-small/nixexprs.tar.xz";
nixpkgs.url = "https://nixos.org/channels/nixos-25.11-small/nixexprs.tar.xz";
nixpkgs-unstable.url = "https://nixos.org/channels/nixos-unstable-small/nixexprs.tar.xz";
sops-nix.url = "github:Mic92/sops-nix/master";
sops-nix.inputs.nixpkgs.follows = "nixpkgs";
disko.url = "github:nix-community/disko/v1.13.0";
disko.url = "github:nix-community/disko/v1.11.0";
disko.inputs.nixpkgs.follows = "nixpkgs";
nix-topology.url = "github:oddlama/nix-topology/main";
@@ -85,7 +85,6 @@
[
"nvidia-x11"
"nvidia-settings"
"nvidia-kernel-modules"
];
});
@@ -106,7 +105,6 @@
[
"nvidia-x11"
"nvidia-settings"
"nvidia-kernel-modules"
];
overlays =
(lib.optionals enableDefaults [
@@ -191,12 +189,14 @@
(final: prev: {
mediawiki-extensions = final.callPackage ./packages/mediawiki-extensions {};
simplesamlphp = final.callPackage ./packages/simplesamlphp {};
bluemap = final.callPackage ./packages/bluemap.nix {};
})
inputs.pvv-nettsiden.overlays.default
inputs.qotd.overlays.default
];
modules = [
inputs.pvv-nettsiden.nixosModules.default
self.nixosModules.bluemap
inputs.qotd.nixosModules.default
];
};
@@ -212,7 +212,6 @@
];
overlays = [inputs.dibbler.overlays.default];
};
dagali = stableNixosConfig "dagali" { };
shark = stableNixosConfig "shark" {};
wenche = stableNixosConfig "wenche" {};
temmie = stableNixosConfig "temmie" {};
+7
View File
@@ -64,4 +64,11 @@ in
'';
};
};
networking.firewall.allowedUDPPortRanges = [
{
from = cfg.settings.rtc.port_range_start;
to = cfg.settings.rtc.port_range_end;
}
];
}
-78
View File
@@ -1,78 +0,0 @@
# Tracking document for new PVV kerberos auth stack
![Bensinstasjon på heimdal](https://bydelsnytt.no/wp-content/uploads/2022/08/esso_heimdal003.jpg)
<div align="center">
Bensinstasjon på heimdal
</div>
### TODO:
- [ ] setup heimdal
- [x] ensure running with systemd
- [x] compile smbk5pwd (part of openldap)
- [ ] set `modify -a -disallow-all-tix,requires-pre-auth default` declaratively
- [ ] fully initialize PVV.NTNU.NO
- [x] `kadmin -l init PVV.NTNU.NO`
- [x] add oysteikt/admin@PVV.NTNU.NO principal
- [x] add oysteikt@PVV.NTNU.NO principal
- [x] add krbtgt/PVV.NTNU.NO@PVV.NTNU.NO principal?
- why is this needed, and where is it documented?
- `kadmin check` seems to work under sudo?
- (it is included by default, just included as error message
in a weird state)
- [x] Ensure client is working correctly
- [x] Ensure kinit works on darbu
- [x] Ensure kpasswd works on darbu
- [x] Ensure kadmin get <user> (and other restricted commands) works on darbu
- [ ] Ensure kdc is working correctly
- [x] Ensure kinit works on dagali
- [x] Ensure kpasswd works on dagali
- [ ] Ensure kadmin get <user> (and other restricte commands) works on dagali
- [x] Fix FQDN
- https://github.com/NixOS/nixpkgs/issues/94011
- https://github.com/NixOS/nixpkgs/issues/261269
- Possibly fixed by disabling systemd-resolved
- [ ] setup cyrus sasl
- [x] ensure running with systemd
- [x] verify GSSAPI support plugin is installed
- `nix-shell -p cyrus_sasl --command pluginviewer`
- [x] create "host/localhost@PVV.NTNU.NO" and export to keytab
- [x] verify cyrus sasl is able to talk to heimdal
- `sudo testsaslauthd -u oysteikt -p <password>`
- [ ] provide ldap principal to cyrus sasl through keytab
- [ ] setup openldap
- [x] ensure running with systemd
- [ ] verify openldap is able to talk to cyrus sasl
- [ ] create user for oysteikt in openldap
- [ ] authenticate openldap login through sasl
- does this require creating an ldap user?
- [ ] fix smbk5pwd integration
- [x] add smbk5pwd schemas to openldap
- [x] create openldap db for smbk5pwd with overlays
- [ ] test to ensure that user sync is working
- [ ] test as user source (replace passwd)
- [ ] test as PAM auth source
- [ ] test as auth source for 3rd party appliation
- [ ] Set up ldap administration panel
- Doesn't seem like there are many good ones out there. Maybe phpLDAPAdmin?
- [ ] Set up kerberos SRV DNS entry
### Information and URLS
- OpenLDAP SASL: https://www.openldap.org/doc/admin24/sasl.html
- Use a keytab: https://kb.iu.edu/d/aumh
- 2 ways for openldap to auth: https://security.stackexchange.com/questions/65093/how-to-test-ldap-that-authenticates-with-kerberos
- Cyrus guide OpenLDAP + SASL + GSSAPI: https://www.cyrusimap.org/sasl/sasl/faqs/openldap-sasl-gssapi.html
- Configuring GSSAPI and Cyrus SASL: https://web.mit.edu/darwin/src/modules/passwordserver_sasl/cyrus_sasl/doc/gssapi.html
- PVV Kerberos docs: https://wiki.pvv.ntnu.no/wiki/Drift/Kerberos
- OpenLDAP smbk5pwd source: https://git.openldap.org/nivanova/openldap/-/tree/master/contrib/slapd-modules/smbk5pwd
- saslauthd(8): https://linux.die.net/man/8/saslauthd
-51
View File
@@ -1,51 +0,0 @@
{ config, pkgs, values, lib, ... }:
{
imports = [
./hardware-configuration.nix
../../base.nix
../../misc/metrics-exporters.nix
./services/heimdal.nix
#./services/openldap.nix
./services/cyrus-sasl.nix
];
# buskerud does not support efi?
# boot.loader.systemd-boot.enable = true;
# boot.loader.efi.canTouchEfiVariables = true;
boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda";
# resolved messes up FQDN coming from nscd
services.resolved.enable = false;
networking.hostName = "dagali";
networking.domain = lib.mkForce "pvv.local";
networking.hosts = {
"129.241.210.185" = [ "dagali.pvv.local" ];
};
#networking.search = [ "pvv.ntnu.no" "pvv.org" ];
networking.nameservers = [ "129.241.0.200" "129.241.0.201" ];
networking.tempAddresses = "disabled";
networking.networkmanager.enable = true;
systemd.network.networks."ens18" = values.defaultNetworkConfig // {
matchConfig.Name = "ens18";
address = with values.hosts.dagali; [ (ipv4 + "/25") (ipv6 + "/64") ];
};
# List packages installed in system profile
environment.systemPackages = with pkgs; [
# TODO: consider adding to base.nix
nix-output-monitor
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "24.05"; # Did you read the comment?
}
-33
View File
@@ -1,33 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/4de345e2-be41-4d10-9b90-823b2c77e9b3";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/aa4b9a97-a7d8-4608-9f67-4ad084f1baf7"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}
-21
View File
@@ -1,21 +0,0 @@
{ config, ... }:
let
cfg = config.services.saslauthd;
in
{
# TODO: This is seemingly required for openldap to authenticate
# against kerberos, but I have no idea how to configure it as
# such. Does it need a keytab? There's a binary "testsaslauthd"
# that follows with `pkgs.cyrus_sasl` that might be useful.
services.saslauthd = {
enable = true;
mechanism = "kerberos5";
config = ''
mech_list: gs2-krb5 gssapi
keytab: /etc/krb5.keytab
'';
};
# TODO: maybe the upstream module should consider doing this?
environment.systemPackages = [ cfg.package ];
}
-100
View File
@@ -1,100 +0,0 @@
{ config, pkgs, lib, ... }:
let
realm = "PVV.LOCAL";
cfg = config.security.krb5;
in
{
security.krb5 = {
enable = true;
# NOTE: This is required in order to build smbk5pwd, because of some nested includes.
# We should open an issue upstream (heimdal, not nixpkgs), but this patch
# will do for now.
package = pkgs.heimdal.overrideAttrs (prev: {
postInstall = prev.postInstall + ''
cp include/heim_threads.h $dev/include
'';
});
settings = {
realms.${realm} = {
kdc = [ "dagali.${lib.toLower realm}" ];
admin_server = "dagali.${lib.toLower realm}";
kpasswd_server = "dagali.${lib.toLower realm}";
default_domain = lib.toLower realm;
primary_kdc = "dagali.${lib.toLower realm}";
};
kadmin.default_keys = lib.concatStringsSep " " [
"aes256-cts-hmac-sha1-96:pw-salt"
"aes128-cts-hmac-sha1-96:pw-salt"
];
libdefaults.default_etypes = lib.concatStringsSep " " [
"aes256-cts-hmac-sha1-96"
"aes128-cts-hmac-sha1-96"
];
libdefaults = {
default_realm = realm;
dns_lookup_kdc = false;
dns_lookup_realm = false;
};
domain_realm = {
"${lib.toLower realm}" = realm;
".${lib.toLower realm}" = realm;
};
logging = {
# kdc = "CONSOLE";
kdc = "SYSLOG:DEBUG:AUTH";
admin_server = "SYSLOG:DEBUG:AUTH";
default = "SYSLOG:DEBUG:AUTH";
};
};
};
services.kerberos_server = {
enable = true;
settings = {
realms.${realm} = {
dbname = "/var/lib/heimdal/heimdal";
mkey = "/var/lib/heimdal/m-key";
acl = [
{
principal = "kadmin/admin";
access = "all";
}
{
principal = "felixalb/admin";
access = "all";
}
{
principal = "oysteikt/admin";
access = "all";
}
];
};
# kadmin.default_keys = lib.concatStringsSep " " [
# "aes256-cts-hmac-sha1-96:pw-salt"
# "aes128-cts-hmac-sha1-96:pw-salt"
# ];
# libdefaults.default_etypes = lib.concatStringsSep " " [
# "aes256-cts-hmac-sha1-96"
# "aes128-cts-hmac-sha1-96"
# ];
# password_quality.min_length = 8;
};
};
networking.firewall.allowedTCPPorts = [ 88 464 749 ];
networking.firewall.allowedUDPPorts = [ 88 464 749 ];
networking.hosts = {
"127.0.0.2" = lib.mkForce [ ];
"::1" = lib.mkForce [ ];
};
}
-121
View File
@@ -1,121 +0,0 @@
{ config, pkgs, lib, ... }:
{
services.openldap = let
dn = "dc=pvv,dc=ntnu,dc=no";
cfg = config.services.openldap;
heimdal = config.security.krb5.package;
in {
enable = true;
# NOTE: this is a custom build of openldap with support for
# perl and kerberos.
package = pkgs.openldap.overrideAttrs (prev: {
# https://github.com/openldap/openldap/blob/master/configure
configureFlags = prev.configureFlags ++ [
# Connect to slapd via UNIX socket
"--enable-local"
# Cyrus SASL
"--enable-spasswd"
# Reverse hostname lookups
"--enable-rlookups"
# perl
"--enable-perl"
];
buildInputs = prev.buildInputs ++ [
pkgs.perl
# NOTE: do not upstream this, it might not work with
# MIT in the same way
heimdal
];
extraContribModules = prev.extraContribModules ++ [
# https://git.openldap.org/openldap/openldap/-/tree/master/contrib/slapd-modules
"smbk5pwd"
];
});
settings = {
attrs = {
olcLogLevel = [ "stats" "config" "args" ];
# olcAuthzRegexp = ''
# gidNumber=.*\\\+uidNumber=0,cn=peercred,cn=external,cn=auth
# "uid=heimdal,${dn2}"
# '';
# olcSaslSecProps = "minssf=0";
};
children = {
"cn=schema".includes = let
# NOTE: needed for smbk5pwd.so module
schemaToLdif = name: path: pkgs.runCommandNoCC name {
buildInputs = with pkgs; [ schema2ldif ];
} ''
schema2ldif "${path}" > $out
'';
hdb-ldif = schemaToLdif "hdb.ldif" "${heimdal.src}/lib/hdb/hdb.schema";
samba-ldif = schemaToLdif "samba.ldif" "${heimdal.src}/tests/ldap/samba.schema";
in [
"${cfg.package}/etc/schema/core.ldif"
"${cfg.package}/etc/schema/cosine.ldif"
"${cfg.package}/etc/schema/nis.ldif"
"${cfg.package}/etc/schema/inetorgperson.ldif"
"${hdb-ldif}"
"${samba-ldif}"
];
# NOTE: installation of smbk5pwd.so module
# https://git.openldap.org/openldap/openldap/-/tree/master/contrib/slapd-modules/smbk5pwd
"cn=module{0}".attrs = {
objectClass = [ "olcModuleList" ];
olcModuleLoad = [ "${cfg.package}/lib/modules/smbk5pwd.so" ];
};
# NOTE: activation of smbk5pwd.so module for {1}mdb
"olcOverlay={0}smbk5pwd,olcDatabase={1}mdb".attrs = {
objectClass = [ "olcOverlayConfig" "olcSmbK5PwdConfig" ];
olcOverlay = "{0}smbk5pwd";
olcSmbK5PwdEnable = [ "krb5" "samba" ];
olcSmbK5PwdMustChange = toString (60 * 60 * 24 * 10000);
};
"olcDatabase={1}mdb".attrs = {
objectClass = [ "olcDatabaseConfig" "olcMdbConfig" ];
olcDatabase = "{1}mdb";
olcSuffix = dn;
# TODO: PW is supposed to be a secret, but it's probably fine for testing
olcRootDN = "cn=users,${dn}";
# TODO: replace with proper secret
olcRootPW.path = pkgs.writeText "olcRootPW" "pass";
olcDbDirectory = "/var/lib/openldap/test-smbk5pwd-db";
olcDbIndex = "objectClass eq";
olcAccess = [
''{0}to attrs=userPassword,shadowLastChange
by dn.exact=cn=users,${dn} write
by self write
by anonymous auth
by * none''
''{1}to dn.base=""
by * read''
/* allow read on anything else */
# ''{2}to *
# by cn=users,${dn} write by dn.exact=gidNumber=0+uidNumber=0+cn=peercred,cn=external write
# by * read''
];
};
};
};
};
}
+25 -25
View File
@@ -12,7 +12,7 @@ let
name
, commit
, hash
, tracking-branch ? "REL1_45"
, tracking-branch ? "REL1_44"
, kebab-name ? kebab-case-name name
, fetchgit ? pkgs.fetchgit
}:
@@ -33,63 +33,63 @@ in
lib.mergeAttrsList [
(mw-ext {
name = "CodeEditor";
commit = "af7e82f24ba4b68393712fece6f1b5fa4bb049ec";
hash = "sha256-XT8E4O6MEZYHSs6Q+A/dfYaUvJ4kY13Kd/cq30dA5NA=";
commit = "2db9c9cef35d88a0696b926e8e4ea2d479d0d73a";
hash = "sha256-f0tWJl/4hml+RCp7OoIpQ4WSGKE3/z8DTYOAOHbLA9A=";
})
(mw-ext {
name = "CodeMirror";
commit = "f06dfd40a08562a841ddf11b4ae3444ef06c98c7";
hash = "sha256-5zXkBjOwFdoQezkPRJ2AcBZLZEEpGG6FawO2K3KzllI=";
commit = "b16e614c3c4ba68c346b8dd7393ab005ab127441";
hash = "sha256-J/TJPo5Oxgpy6UQINivLKl8jzJp4k/mKv6br3kcCSMQ=";
})
(mw-ext {
name = "DeleteBatch";
commit = "9bc75a753efefedfc88c598fb01f18a7e4b61f00";
hash = "sha256-1xA758fsvoioN9xuq0hRqZKtPXMQViVLtuRINDtowdk=";
commit = "1b947c0f80249cf052b58138f830b379edf080bc";
hash = "sha256-629RCz+38m2pfyJe/CrYutRoDyN1HzD0KzDdC2wwqlI=";
})
(mw-ext {
name = "PluggableAuth";
commit = "64133683b73d8eeea8069fe7ed9cb7237fd5c212";
hash = "sha256-wqpfgVLenZp6XC510nrsrbvK1IMEPcWVYq5YuAOt5+c=";
commit = "56893b8ee9ecd03eaee256e08c38bc82657ee0a1";
hash = "sha256-gvoJey7YLMk+toutQTdWxpaedNDr59E+3xXWmXWCGl0=";
})
(mw-ext {
name = "Popups";
commit = "f74a8639f57232898978d9f3792293eb2d370e40";
hash = "sha256-uunUtN3M/ksW/kcbeIzDVTdb1P/PHTeTwaTsvspMLko=";
commit = "6732d8d195bd8312779d8514e92bad372ef63096";
hash = "sha256-XZzhA9UjAOUMcoGYYwiqRg2uInZ927JOZ9/IrZtarJU=";
})
(mw-ext {
name = "Scribunto";
commit = "cbab0c740e03c8e6184fd647d95e24e0826d20cb";
hash = "sha256-vXS3+wrUBVtPsETa19pMvud9sALGt4Ao9mM5rQRbBQc=";
commit = "fc9658623bd37fad352e326ce81b2a08ef55f04d";
hash = "sha256-P9WQk8O9qP+vXsBS9A5eXX+bRhnfqHetbkXwU3+c1Vk=";
})
(mw-ext {
name = "SimpleSAMLphp";
kebab-name = "simple-saml-php";
commit = "fc5ad4501434fe85198f0b1f0087d798efa91f9f";
hash = "sha256-se0krTglo1fShJXj38bPLhw65tZC5P54Ywt7oeZrLes=";
commit = "4c615a9203860bb908f2476a5467573e3287d224";
hash = "sha256-zNKvzInhdW3B101Hcghk/8m0Y+Qk/7XN7n0i/x/5hSE=";
})
(mw-ext {
name = "TemplateData";
commit = "d37b02f6ed194138ac7193a0782bbf6efb9164f8";
hash = "sha256-NpzVBzX7qfXkIE+jh33ndooS9GE8ZF3/Jynm22in7IQ=";
commit = "6884b10e603dce82ee39632f839ee5ccd8a6fbe3";
hash = "sha256-jcLe3r5fPIrQlp89N+PdIUSC7bkdd7pTmiYppSpdKVQ=";
})
(mw-ext {
name = "TemplateStyles";
commit = "f85614c26a0057a9f418342f89214a04c9de9988";
hash = "sha256-XZOtM3iadjE5vavsjkx7kfJNhLZlnnFt1CN+mv6XVHQ=";
commit = "f0401a6b82528c8fd5a0375f1e55e72d1211f2ab";
hash = "sha256-tEcCNBz/i9OaE3mNrqw0J2K336BAf6it30TLhQkbtKs=";
})
(mw-ext {
name = "UserMerge";
commit = "2f2432c909a36691ca0002daf6fb304d6c182beb";
hash = "sha256-ZP8Tp6u+uJxx3I39YGMmkP0sTnjAQUSaxImAJaRv+Ek=";
commit = "6c138ffc65991766fd58ff4739fcb7febf097146";
hash = "sha256-366Nb0ilmXixWgk5NgCuoxj82Mf0iRu1bC/L/eofAxU=";
})
(mw-ext {
name = "VisualEditor";
commit = "1508d49d0dd71fdc1d18badd23671441b3bc327b";
hash = "sha256-VNiCVNrCAImAr1tS9T28KPPzzNsKPz5ELFRIBtng+So=";
commit = "9cfcca3195bf88225844f136da90ab7a1f6dd0b9";
hash = "sha256-jHw3RnUB3bQa1OvmzhEBqadZlFPWH62iGl5BLXi3nZ4=";
})
(mw-ext {
name = "WikiEditor";
commit = "aba5e7c6701877a6b43583709751658fec606d47";
hash = "sha256-XmbQy0NXuY3oVGkkgC233kkzfBfx32HDylloGYXU/Nc=";
commit = "fe5329ba7a8c71ac8236cd0e940a64de2645b780";
hash = "sha256-no6kH7esqKiZv34btidzy2zLd75SBVb8EaYVhfRPQSI=";
})
]
+6 -6
View File
@@ -22,12 +22,12 @@ pkgs.mkShell {
stdenv.cc
unzip
util-linux
libX11
libXext
libXi
libXmu
libXrandr
libXv
xorg.libX11
xorg.libXext
xorg.libXi
xorg.libXmu
xorg.libXrandr
xorg.libXv
zlib
cudatoolkit
-4
View File
@@ -36,10 +36,6 @@ in rec {
ipv4 = pvv-ipv4 168;
ipv6 = pvv-ipv6 168;
};
dagali = {
ipv4 = pvv-ipv4 185;
ipv6 = pvv-ipv6 185;
};
ildkule = {
ipv4 = "129.241.100.145";
ipv4_internal = "192.168.1.17";