modules/grzegorz: use unstable mpv for greg-ng

add vegardbm
Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/114
2026-01-13 19:08:25 +01:00 · 2025-08-23 14:04:48 +02:00 · 2025-08-21 14:21:39 +02:00 · 2025-08-18 02:08:05 +02:00 · 2025-08-18 02:05:57 +02:00 · 2025-08-17 20:59:45 +02:00
9 changed files with 76 additions and 16 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -190,11 +190,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1752865540,
-        "narHash": "sha256-VYLXcV8FsaMTsmxISOejvBq76eA41yi7BCRNW1qGbV0=",
+        "lastModified": 1755475409,
+        "narHash": "sha256-9nzP3rpYNWNXtGQnGUS+WjeDkhFiTOBwxoJL9bMi1w0=",
        "ref": "refs/heads/main",
-        "rev": "f732582d0d1389721ea2c91ab370ba2fb824d644",
-        "revCount": 496,
+        "rev": "617a799ad8e365192084e51de25cb6f8260668ae",
+        "revCount": 511,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
      },
--- a/hosts/kommode/services/gitea/default.nix
+++ b/hosts/kommode/services/gitea/default.nix
@@ -51,11 +51,11 @@ in {
        START_SSH_SERVER = true;
        START_LFS_SERVER = true;
        LFS_JWT_SECRET = lib.mkForce "";
-        LFS_JWT_SECRET_URI = config.sops.secrets."gitea/lfs-jwt-secret".path;
+        LFS_JWT_SECRET_URI = "file:${config.sops.secrets."gitea/lfs-jwt-secret".path}";
      };
      oauth2 = {
        JWT_SECRET = lib.mkForce "";
-        JWT_SECRET_URI = config.sops.secrets."gitea/oauth2-jwt-secret".path;
+        JWT_SECRET_URI = "file:${config.sops.secrets."gitea/oauth2-jwt-secret".path}";
      };
      "git.timeout" = {
        MIGRATE = 3600;
@@ -85,7 +85,7 @@ in {
      session.COOKIE_SECURE = true;
      security = {
        SECRET_KEY = lib.mkForce "";
-        SECRET_KEY_PATH = config.sops.secrets."gitea/secret-key".path;
+        SECRET_KEY_URI = "file:${config.sops.secrets."gitea/secret-key".path}";
      };
      database.LOG_SQL = false;
      repository = {
--- a/hosts/kommode/services/gitea/import-users/default.nix
+++ b/hosts/kommode/services/gitea/import-users/default.nix
@@ -11,7 +11,8 @@ in

  systemd.services.gitea-import-users = lib.mkIf cfg.enable {
    enable = true;
-    preStart=''${pkgs.rsync}/bin/rsync -e "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=$CREDENTIALS_DIRECTORY/ssh-known-hosts -i $CREDENTIALS_DIRECTORY/sshkey" -a pvv@smtp.pvv.ntnu.no:/etc/passwd /tmp/passwd-import'';
+    preStart=''${pkgs.rsync}/bin/rsync -e "${pkgs.openssh}/bin/ssh -o UserKnownHostsFile=$CREDENTIALS_DIRECTORY/ssh-known-hosts -i $CREDENTIALS_DIRECTORY/sshkey" -a pvv@smtp.pvv.ntnu.no:/etc/passwd /run/gitea-import-users/passwd'';
+    environment.PASSWD_FILE_PATH = "/run/gitea-import-users/passwd";
    serviceConfig = {
      ExecStart = pkgs.writers.writePython3 "gitea-import-users" {
        flakeIgnore = [
@@ -25,6 +26,7 @@ in
      ];
      DynamicUser="yes";
      EnvironmentFile=config.sops.secrets."gitea/import-user-env".path;
+      RuntimeDirectory = "gitea-import-users";
    };
  };

--- a/hosts/kommode/services/gitea/import-users/gitea-import-users.py
+++ b/hosts/kommode/services/gitea/import-users/gitea-import-users.py
@@ -17,6 +17,10 @@ GITEA_API_URL = os.getenv('GITEA_API_URL')
 if GITEA_API_URL is None:
    GITEA_API_URL = 'https://git.pvv.ntnu.no/api/v1'

+PASSWD_FILE_PATH = os.getenv('PASSWD_FILE_PATH')
+if PASSWD_FILE_PATH is None:
+    PASSWD_FILE_PATH = '/tmp/passwd-import'
+

 def gitea_list_all_users() -> dict[str, dict[str, any]] | None:
    r = requests.get(
@@ -187,7 +191,8 @@ def main():
    if existing_users is None:
        exit(1)

-    for username, name in passwd_file_parser("/tmp/passwd-import"):
+    print(f"Reading passwd entries from {PASSWD_FILE_PATH}")
+    for username, name in passwd_file_parser(PASSWD_FILE_PATH):
        print(f"Processing {username}")
        add_or_patch_gitea_user(username, name, existing_users)
        for org, team_name in COMMON_USER_TEAMS:
--- a/hosts/lupine/services/gitea-runner.nix
+++ b/hosts/lupine/services/gitea-runner.nix
@@ -6,14 +6,16 @@
  # successfully registered will gitea give you the next token.
  # - oysteikt Sep 2023
  sops = {
-    secrets."gitea/runners/token" = { };
+    secrets."gitea/runners/token" = {
+      key = "gitea/runners/${lupineName}";
+    };

    templates."gitea-runner-envfile" = {
      restartUnits = [
        "gitea-runner-${lupineName}.service"
      ];
      content = ''
-        TOKEN=${config.sops.placeholder."gitea/runners/token"}
+        TOKEN="${config.sops.placeholder."gitea/runners/token"}"
      '';
    };
  };
@@ -39,5 +41,5 @@

  networking.dhcpcd.IPv6rs = false;

-  networking.firewall.interfaces."podman+".allowedUDPPorts = [ 53 5353 ];
+  networking.firewall.interfaces."podman+".allowedUDPPorts = [53 5353];
 }
--- a/modules/grzegorz.nix
+++ b/modules/grzegorz.nix
@@ -1,4 +1,4 @@
-{config, lib, pkgs, ...}:
+{ config, lib, pkgs, unstablePkgs, ... }:
 let
  grg = config.services.greg-ng;
  grgw = config.services.grzegorz-webui;
@@ -11,6 +11,8 @@ in {
    settings.port = 31337;
    enableSway = true;
    enablePipewire = true;
+
+    mpvPackage = unstablePkgs.mpv;
  };

  systemd.user.services.restart-greg-ng = {
--- a/secrets/lupine/lupine.yaml
+++ b/secrets/lupine/lupine.yaml
@@ -1,6 +1,10 @@
 gitea:
    runners:
-        token: ENC[AES256_GCM,data:Y27trzUHuA1k9fVs/3PM/L8aIlI+37nAPTVDgWjBX+K4q23saa5XUA==,iv:J4litvX0ip/a340E7S+XHZQG+BGh+K/RzFxdS1VLwA0=,tag:H4oK4vn27U+yXqa/YQJOxA==,type:str]
+        lupine-1: ENC[AES256_GCM,data:UcZB2p/dInvcl0yNBEohzbmcVxg/QQPXlIsaVB3M3hyxFg1gtGfUGA==,iv:OigyPfPoRIjvyiId7hiiWdNrZqyZqI3OonvJC+zYEzI=,tag:SjBsvo/IJKhFQs+PiI596g==,type:str]
+        lupine-2: null
+        lupine-3: null
+        lupine-4: null
+        lupine-5: null
 sops:
    age:
        - recipient: age1fkrypl6fu4ldsa7te4g3v4qsegnk7sd6qhkquuwzh04vguy96qus08902e
@@ -93,8 +97,8 @@ sops:
            YU5mMDlRckJCMDAzcHYyMWN1clRJRVEK77PiAQP+2+WblGYEgAf6bx6RTh0JHiSZ
            /jPIN/rbAKNv36wpZDbuLV8tcMuvhleNMRSSqbIloLSzww+Z5nOU4A==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-08-03T01:13:50Z"
-    mac: ENC[AES256_GCM,data:oFbwmbLk3z6oYQMCEcFAGstf6DUT7hh9OUa5HVyeIR15YVgJ9/0hwZPG1m00w1HpKjt7/iVnQQYdPvt00snwn7g0M822MquMbwavozOrWWuhpxlzjM1kn/zTHAPFMmDihAciuQSSk43Dc5FRS5Gc6gwonEsJ5EUqcq2nM/cnAUY=,iv:H1CEaaypKUMCd2zJOXhIUQQqTfOwknG+iBOpgYlirmY=,tag:gKX+OTZ+BrHvcwoyO6YFdA==,type:str]
+    lastmodified: "2025-07-30T18:29:08Z"
+    mac: ENC[AES256_GCM,data:47cki5ucPTVd4JuEyK0QkDCCEqj1pW6SA5I6ihC/MEja6TIuHTcEPFpje8+LvpGjpP9uobKX4g3UcyvkJ63j/k3hU0xPYQX3Z1ee00KIMKB0GHNjUR8ENtnwd3TU7kp5ohtXeCtcyzCjdFFuXp8AINGv3vpbU2MzauctUxn5B1Y=,iv:1mpk/f1QlRtHfA9dqyNLBrvfVPgtLnZ7ibj8qNrEGD8=,tag:drEK1+qeJy97rgeQJyqucA==,type:str]
    pgp:
        - created_at: "2025-07-30T18:27:50Z"
          enc: |-
--- a/users/albertba.nix
+++ b/users/albertba.nix
@@ -0,0 +1,23 @@
+{ pkgs, ... }:
+{
+  users.users.albertba = {
+    isNormalUser = true;
+    extraGroups = [ "wheel" "drift" "nix-builder-users" ];
+
+    packages = with pkgs; [
+      htop
+      neovim
+      ripgrep
+      fd
+      tmux
+    ];
+
+    shell = pkgs.zsh;
+
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICheSCAxsYc/6g8hq2lXXHoUWPjWvntzzTA7OhG8waMN albert@Arch"
+    ];
+  };
+
+}
+
--- a/users/vegardbm.nix
+++ b/users/vegardbm.nix
@@ -0,0 +1,22 @@
+{ pkgs, ... }:
+{
+  users.users.vegardbm = {
+    isNormalUser = true;
+    description = "noe";
+    extraGroups = [
+      "wheel"
+      "drift"
+      "nix-builder-users"
+    ];
+    packages = with pkgs; [
+      btop
+      eza
+      neovim
+      ripgrep
+      tmux
+    ];
+    openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDVA3HqEx3je6L1AC+bP8sTxu3ZTKvTCR0npCyOVAYK5 vbm@arch-xeon"
+    ];
+  };
+}
Author	SHA1	Message	Date
h7x4	0b7fbcac32	modules/grzegorz: use unstable mpv for greg-ng	2025-08-23 14:04:48 +02:00
Vegard Bieker Matthey	f3c60d0551	add vegardbm Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/114	2025-08-21 14:21:39 +02:00
Vegard Bieker Matthey	f0d2d989d1	Merge pull request 'remove duplicated button at /hendelser' (!113 ) from vegardbm/pvv-nixos-config:main into main Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/113	2025-08-18 02:08:05 +02:00
Vegard Matthey	57d0c6247b	remove duplicated button at /hendelser	2025-08-18 02:05:57 +02:00
Vegard Bieker Matthey	95840bfa3c	Merge pull request 'fix dead link at /tjenester' (!112 ) from vegardbm/pvv-nixos-config:main into main Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/112	2025-08-17 20:59:45 +02:00
Vegard Matthey	72da80f93f	fix dead link at /tjenester	2025-08-17 20:58:31 +02:00
Vegard Bieker Matthey	8ffc2acea7	Merge pull request 'fix dead links for VMs at /tjenester' (!111 ) from vegardbm/pvv-nixos-config:main into main Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/111	2025-08-17 20:48:40 +02:00
Vegard Matthey	0d1423ab22	fix dead links for VMs at /tjenester	2025-08-17 20:47:30 +02:00
Adrian Gunnar Lauterer	809fcefbcf	Merge pull request 'fix dead minecraft map link at /tjenester' (!110 ) from vegardbm/pvv-nixos-config:main into main Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/110	2025-08-17 19:52:37 +02:00
Vegard Matthey	203358a207	fix dead minecraft map link at /tjenester	2025-08-17 19:48:56 +02:00
Albert Bayazidi	d11b189f95	Merge pull request 'forgot to write my whole name LAMO' (!109 ) from new-user-part-two into main Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/109	2025-08-16 10:45:57 +02:00
Albert	b439ddd6f6	forgot to write my whole name LAMO	2025-08-15 19:57:23 +02:00
h7x4	a22747bb66	flake.lock: bump pvv-nettsiden	2025-08-14 22:49:05 +02:00
h7x4	efc79ee189	fix import-gitea-users script	2025-08-14 20:48:23 +02:00
Albert Bayazidi	8715fb220f	Merge pull request 'added user alb' (!108 ) from new_user into main Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/108 Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>	2025-08-14 19:07:30 +02:00
Albert	649c21de01	added user alb	2025-08-14 18:08:43 +02:00
h7x4	2010556643	kommode/gitea: fix declarative secrets	2025-08-03 04:44:37 +02:00