Compare commits

..

1 Commits

Author SHA1 Message Date
h7x4 e9bc07d6e9 grr: fix the heccin quotes
... of the day
2026-05-26 22:26:39 +09:00
11 changed files with 47 additions and 68 deletions
-1
View File
@@ -35,7 +35,6 @@
./services/prometheus-node-exporter.nix ./services/prometheus-node-exporter.nix
./services/prometheus-systemd-exporter.nix ./services/prometheus-systemd-exporter.nix
./services/roowho2.nix ./services/roowho2.nix
./services/scrutiny-collector.nix
./services/smartd.nix ./services/smartd.nix
./services/thermald.nix ./services/thermald.nix
./services/uptimed.nix ./services/uptimed.nix
+5 -8
View File
@@ -6,13 +6,10 @@ in
security.polkit.enable = true; security.polkit.enable = true;
environment.etc."polkit-1/rules.d/9-nixos-overrides.rules".text = lib.mkIf cfg.enable '' environment.etc."polkit-1/rules.d/9-nixos-overrides.rules".text = lib.mkIf cfg.enable ''
polkit.addRule(function(action, subject) { polkit.addAdminRule(function(action, subject) {
if ( if(subject.isInGroup("wheel")) {
action.id.startsWith("org.freedesktop.systemd1.") && return ["unix-user:"+subject.user];
subject.isInGroup("wheel") }
) { });
return polkit.Result.AUTH_SELF_KEEP;
}
});
''; '';
} }
-11
View File
@@ -1,11 +0,0 @@
{ config, ... }:
{
services.scrutiny.collector = {
enable = !config.services.qemuGuest.enable;
settings = {
version = 1;
host.id = config.networking.hostName;
api.endpoint = "https://scrutiny.pvv.ntnu.no/";
};
};
}
@@ -119,7 +119,6 @@ in {
services.nginx.virtualHosts."pvv.ntnu.no" = { services.nginx.virtualHosts."pvv.ntnu.no" = {
globalRedirect = cfg.domainName; globalRedirect = cfg.domainName;
redirectCode = 307; redirectCode = 307;
kTLS = true;
forceSSL = true; forceSSL = true;
useACMEHost = "www.pvv.ntnu.no"; useACMEHost = "www.pvv.ntnu.no";
}; };
@@ -127,7 +126,6 @@ in {
services.nginx.virtualHosts."www.pvv.org" = { services.nginx.virtualHosts."www.pvv.org" = {
globalRedirect = cfg.domainName; globalRedirect = cfg.domainName;
redirectCode = 307; redirectCode = 307;
kTLS = true;
forceSSL = true; forceSSL = true;
useACMEHost = "www.pvv.ntnu.no"; useACMEHost = "www.pvv.ntnu.no";
}; };
@@ -135,13 +133,11 @@ in {
services.nginx.virtualHosts."pvv.org" = { services.nginx.virtualHosts."pvv.org" = {
globalRedirect = cfg.domainName; globalRedirect = cfg.domainName;
redirectCode = 307; redirectCode = 307;
kTLS = true;
forceSSL = true; forceSSL = true;
useACMEHost = "www.pvv.ntnu.no"; useACMEHost = "www.pvv.ntnu.no";
}; };
services.nginx.virtualHosts.${cfg.domainName} = { services.nginx.virtualHosts.${cfg.domainName} = {
kTLS = true;
locations = { locations = {
# Proxy home directories # Proxy home directories
"^~ /~" = { "^~ /~" = {
@@ -83,7 +83,6 @@ in
}; };
services.nginx.virtualHosts."mirrors.pvv.ntnu.no" = { services.nginx.virtualHosts."mirrors.pvv.ntnu.no" = {
kTLS = true;
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@@ -146,7 +146,6 @@ in
}; };
services.nginx.virtualHosts."hookshot.pvv.ntnu.no" = { services.nginx.virtualHosts."hookshot.pvv.ntnu.no" = {
kTLS = true;
enableACME = true; enableACME = true;
addSSL = true; addSSL = true;
locations."/" = { locations."/" = {
@@ -80,7 +80,6 @@ in
}; };
services.nginx.virtualHosts."ooye.pvv.ntnu.no" = { services.nginx.virtualHosts."ooye.pvv.ntnu.no" = {
kTLS = true;
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/".proxyPass = "http://localhost:${cfg.socket}"; locations."/".proxyPass = "http://localhost:${cfg.socket}";
+39
View File
@@ -0,0 +1,39 @@
# Do modify this file! It was generated by „nixos-generate-config“
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix and run ⟪nix-env --switch-profile⟫ instead.
{ config, lib, pkgs, modulesPath, home-manager, ... }:
{
imports =
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "af_alg" "esp4" "esp6" "rds" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/sdj1";
fsType = "bcachefs";
};
fileSystems."/boott" =
{ device = "/dev/disk/by-uuid/AAAA-AAAA";
fsType = "vfat";
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with networking.interfaces.<interface>.useDHCP.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.em1.useDHCP = lib.mkDefault true;
# networking.interfaces.em2.useDHCP = lib.mkDefault true;
# networking.interfaces.pflog0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "i686-freebsd";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.infiniband.enable = true;
hardware.flipperzero.enable = lib.mkIf (config.security.isolate.cgRoot == "auto:/run/isolate/tank") true;
}
@@ -5,7 +5,6 @@
./grafana.nix ./grafana.nix
./loki.nix ./loki.nix
./prometheus ./prometheus
./scrutiny.nix
./uptime-kuma.nix ./uptime-kuma.nix
]; ];
} }
@@ -1,40 +0,0 @@
{ config, values, ... }:
let
cfg = config.services.scrutiny;
in
{
services.scrutiny = {
enable = true;
settings = {
web.listen = {
host = "127.0.0.1";
port = 18293;
basepath = "";
};
# notify.urls = [
# "matrix://username:password@host:port/[?rooms=!roomID1[,roomAlias2]]"
# ];
};
};
services.nginx.virtualHosts."scrutiny.pvv.ntnu.no" = {
kTLS = true;
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${cfg.settings.web.listen.host}:${toString cfg.settings.web.listen.port}";
};
# TODO: allow website access to the outside world, but restrict input api
extraConfig = ''
allow ${values.hosts.ildkule.ipv4}/32;
allow ${values.hosts.ildkule.ipv6}/128;
allow 127.0.0.1/32;
allow ::1/128;
allow ${values.ipv4-space};
allow ${values.ipv6-space};
deny all;
'';
};
}
+3
View File
@@ -18,6 +18,9 @@
anyInterface = true; anyInterface = true;
}; };
# There are no smart devices
services.smartd.enable = false;
# Don't change (even during upgrades) unless you know what you are doing. # Don't change (even during upgrades) unless you know what you are doing.
# See https://search.nixos.org/options?show=system.stateVersion # See https://search.nixos.org/options?show=system.stateVersion
system.stateVersion = "25.05"; system.stateVersion = "25.05";