kommode/gitea: take a dump weekly

Reviewed-on: https://git.pvv.ntnu.no/Drift/pvv-nixos-config/pulls/100
Reviewed-by: Oystein Kristoffer Tveit <oysteikt@pvv.ntnu.no>

base/default.nix

@@ -50,6 +50,18 @@
     kitty.terminfo
   ];
 
+  # .bash_profile already works, but lets also use .bashrc like literally every other distro
+  # https://man.archlinux.org/man/core/bash/bash.1.en#INVOCATION
+  # home-manager usually handles this for you: https://github.com/nix-community/home-manager/blob/22a36aa709de7dd42b562a433b9cefecf104a6ee/modules/programs/bash.nix#L203-L209
+  # btw, programs.bash.shellInit just goes into environment.shellInit which in turn goes into /etc/profile, spooky shit
+  programs.bash.shellInit = ''
+   if [ -n "''${BASH_VERSION:-}" ]; then
+     if [[ ! -f ~/.bash_profile && ! -f ~/.bash_login ]]; then
+      [[ -f ~/.bashrc ]] && . ~/.bashrc
+     fi
+   fi
+  '';
+
   programs.zsh.enable = true;
 
   security.lockKernelModules = true;

hosts/bekkalokk/services/website/default.nix

@@ -67,7 +67,12 @@ in {
         ADMIN_NAME = "PVV Drift";
         ADMIN_EMAIL = "drift@pvv.ntnu.no";
         ADMIN_PASSWORD = includeFromSops "simplesamlphp/admin_password";
-        TRUSTED_DOMAINS = [ cfg.domainName ];
+        TRUSTED_DOMAINS = [
+          "www.pvv.ntnu.no"
+          "pvv.ntnu.no"
+          "www.pvv.org"
+          "pvv.org"
+        ];
       };
     };
   };

hosts/kommode/services/gitea/default.nix

@@ -49,6 +49,10 @@ in {
         START_LFS_SERVER = true;
         LANDING_PAGE = "explore";
       };
+      "git.timeout" = {
+        MIGRATE = 3600;
+        MIRROR = 1800;
+      };
       mailer = {
         ENABLED = true;
         FROM = "gitea@pvv.ntnu.no";
@@ -136,6 +140,7 @@ in {
 
     dump = {
       enable = true;
+      interval = "weekly";
       type = "tar.gz";
     };
   };

modules/grzegorz.nix

@@ -1,4 +1,4 @@
-{config, lib, pkgs, values, ...}:
+{config, lib, pkgs, ...}:
 let
   grg = config.services.greg-ng;
   grgw = config.services.grzegorz-webui;
@@ -37,12 +37,8 @@ in {
         "${machine}.pvv.org"
       ];
       extraConfig = ''
-        # pvv
+        allow 129.241.210.128/25;
-        allow ${values.ipv4-space}
+        allow 2001:700:300:1900::/64;
-        allow ${values.ipv6-space}
-        # ntnu
-        allow ${values.ntnu.ipv4-space}
-        allow ${values.ntnu.ipv6-space}
         deny all;
       '';
     };
@@ -55,12 +51,8 @@ in {
         "${machine}-backend.pvv.org"
       ];
       extraConfig = ''
-        # pvv
+        allow 129.241.210.128/25;
-        allow ${values.ipv4-space}
+        allow 2001:700:300:1900::/64;
-        allow ${values.ipv6-space}
-        # ntnu
-        allow ${values.ntnu.ipv4-space}
-        allow ${values.ntnu.ipv6-space}
         deny all;
       '';
 
@@ -78,12 +70,8 @@ in {
         "${machine}-old.pvv.org"
       ];
       extraConfig = ''
-        # pvv
+        allow 129.241.210.128/25;
-        allow ${values.ipv4-space}
+        allow 2001:700:300:1900::/64;
-        allow ${values.ipv6-space}
-        # ntnu
-        allow ${values.ntnu.ipv4-space}
-        allow ${values.ntnu.ipv6-space}
         deny all;
       '';
 

values.nix

@@ -1,13 +1,8 @@
 # Feel free to change the structure of this file
 let
-  ntnu-ipv4 = suffix: "129.241.${toString suffix}";
+  pvv-ipv4 = suffix: "129.241.210.${toString suffix}";
-  ntnu-ipv6 = suffix: "2001:700:300:${toString suffix}";
+  pvv-ipv6 = suffix: "2001:700:300:1900::${toString suffix}";
-  pvv-ipv4 = suffix: ntnu-ipv4 "210.${toString suffix}";
-  pvv-ipv6 = suffix: ntnu-ipv6 "1900::${toString suffix}";
 in rec {
-  ntnu.ipv4-space = ntnu-ipv4 "0.0/16"; # https://ipinfo.io/ips/129.241.0.0/16
-  ntnu.ipv6-space = ntnu-ipv6 ":/48"; # https://ipinfo.io/2001:700:300::
-
   ipv4-space = pvv-ipv4 "128/25";
   ipv6-space = pvv-ipv6 "/64";