mirror of
https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git
synced 2026-02-19 16:37:52 +01:00
Compare commits
8 Commits
main
...
skrot-new-
| Author | SHA1 | Date | |
|---|---|---|---|
|
26d68fba3e | ||
|
|
3b15d1c2c4 | ||
|
|
036f0e1701 | ||
|
|
c1ada2f94d | ||
|
|
9d7cadbcbe | ||
|
|
9048261756 | ||
|
|
7ba8b47d7d | ||
|
|
f88b81672a |
@@ -43,7 +43,7 @@ revert the changes on the next nightly rebuild (tends to happen when everybody i
|
||||
| [kommode][kom] | Virtual | Gitea + Gitea pages |
|
||||
| [lupine][lup] | Physical | Gitea CI/CD runners |
|
||||
| shark | Virtual | Test host for authentication, absolutely horrendous |
|
||||
| [skrot/skrott][skr] | Physical | Kiosk, snacks and soda |
|
||||
| [skrott/skrot][skr] | Physical | Kiosk, snacks and soda |
|
||||
| [wenche][wen] | Virtual | Nix-builders, general purpose compute |
|
||||
|
||||
## Documentation
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
{
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
defaults.email = "acme-drift@pvv.ntnu.no";
|
||||
defaults.email = "drift@pvv.ntnu.no";
|
||||
};
|
||||
|
||||
# Let's not spam LetsEncrypt in `nixos-rebuild build-vm` mode:
|
||||
|
||||
8
flake.lock
generated
8
flake.lock
generated
@@ -195,11 +195,11 @@
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1770960722,
|
||||
"narHash": "sha256-IdhPsWFZUKSJh/nLjGLJvGM5d5Uta+k1FlVYPxTZi0E=",
|
||||
"lastModified": 1767906352,
|
||||
"narHash": "sha256-wYsH9MMAPFG3XTL+3DwI39XMG0F2fTmn/5lt265a3Es=",
|
||||
"ref": "main",
|
||||
"rev": "c2e4aca7e1ba27cd09eeaeab47010d32a11841b2",
|
||||
"revCount": 15,
|
||||
"rev": "d054c5d064b8ed6d53a0adb0cf6c0a72febe212e",
|
||||
"revCount": 13,
|
||||
"type": "git",
|
||||
"url": "https://git.pvv.ntnu.no/Drift/nix-gitea-themes.git"
|
||||
},
|
||||
|
||||
@@ -43,7 +43,7 @@ in
|
||||
keyFile = config.sops.templates."matrix-livekit-keyfile".path;
|
||||
};
|
||||
|
||||
systemd.services.lk-jwt-service.environment.LIVEKIT_FULL_ACCESS_HOMESERVERS = lib.mkIf cfg.enable (builtins.concatStringsSep "," [ "pvv.ntnu.no" "dodsorf.as" ]);
|
||||
systemd.services.lk-jwt-service.environment.LIVEKIT_FULL_ACCESS_HOMESERVERS = lib.mkIf cfg.enable matrixDomain;
|
||||
|
||||
services.nginx.virtualHosts.${matrixDomain} = lib.mkIf cfg.enable {
|
||||
locations."^~ /livekit/jwt/" = {
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
{ config, pkgs, lib, values, fp, ... }:
|
||||
{ config, pkgs, fp, ... }:
|
||||
let
|
||||
cfg = config.services.matrix-ooye;
|
||||
in
|
||||
@@ -28,23 +28,6 @@ in
|
||||
};
|
||||
};
|
||||
|
||||
services.rsync-pull-targets = lib.mkIf cfg.enable {
|
||||
enable = true;
|
||||
locations."/var/lib/private/matrix-ooye" = {
|
||||
user = "root";
|
||||
rrsyncArgs.ro = true;
|
||||
authorizedKeysAttrs = [
|
||||
"restrict"
|
||||
"from=\"principal.pvv.ntnu.no,${values.hosts.principal.ipv6},${values.hosts.principal.ipv4}\""
|
||||
"no-agent-forwarding"
|
||||
"no-port-forwarding"
|
||||
"no-pty"
|
||||
"no-X11-forwarding"
|
||||
];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5koYfor5+kKB30Dugj3dAWvmj8h/akQQ2XYDvLobFL matrix_ooye rsync backup";
|
||||
};
|
||||
};
|
||||
|
||||
services.matrix-ooye = {
|
||||
enable = true;
|
||||
homeserver = "https://matrix.pvv.ntnu.no";
|
||||
|
||||
@@ -10,59 +10,6 @@ in
|
||||
catppuccin = pkgs.gitea-theme-catppuccin;
|
||||
};
|
||||
|
||||
services.gitea.settings = {
|
||||
ui = {
|
||||
DEFAULT_THEME = "gitea-auto";
|
||||
REACTIONS = lib.concatStringsSep "," [
|
||||
"+1"
|
||||
"-1"
|
||||
"laugh"
|
||||
"confused"
|
||||
"heart"
|
||||
"hooray"
|
||||
"rocket"
|
||||
"eyes"
|
||||
"100"
|
||||
"anger"
|
||||
"astonished"
|
||||
"no_good"
|
||||
"ok_hand"
|
||||
"pensive"
|
||||
"pizza"
|
||||
"point_up"
|
||||
"sob"
|
||||
"skull"
|
||||
"upside_down_face"
|
||||
"shrug"
|
||||
"huh"
|
||||
"bruh"
|
||||
"okiedokie"
|
||||
"grr"
|
||||
];
|
||||
|
||||
CUSTOM_EMOJIS = lib.concatStringsSep "," [
|
||||
"bruh"
|
||||
"grr"
|
||||
"huh"
|
||||
"ohyeah"
|
||||
];
|
||||
};
|
||||
"ui.meta" = {
|
||||
AUTHOR = "Programvareverkstedet";
|
||||
DESCRIPTION = "Bokstavelig talt programvareverkstedet";
|
||||
KEYWORDS = lib.concatStringsSep "," [
|
||||
"git"
|
||||
"hackerspace"
|
||||
"nix"
|
||||
"open source"
|
||||
"foss"
|
||||
"organization"
|
||||
"software"
|
||||
"student"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services.gitea-customization = lib.mkIf cfg.enable {
|
||||
description = "Install extra customization in gitea's CUSTOM_DIR";
|
||||
wantedBy = [ "gitea.service" ];
|
||||
@@ -110,11 +57,6 @@ in
|
||||
install -Dm444 ${extraLinksFooter} ${cfg.customDir}/templates/custom/extra_links_footer.tmpl
|
||||
install -Dm444 ${project-labels} ${cfg.customDir}/options/label/project-labels.yaml
|
||||
|
||||
install -Dm644 ${./emotes/bruh.png} ${cfg.customDir}/public/assets/img/emoji/bruh.png
|
||||
install -Dm644 ${./emotes/huh.gif} ${cfg.customDir}/public/assets/img/emoji/huh.png
|
||||
install -Dm644 ${./emotes/grr.png} ${cfg.customDir}/public/assets/img/emoji/grr.png
|
||||
install -Dm644 ${./emotes/okiedokie.jpg} ${cfg.customDir}/public/assets/img/emoji/okiedokie.png
|
||||
|
||||
"${lib.getExe pkgs.rsync}" -a "${customTemplates}/" ${cfg.customDir}/templates/
|
||||
'';
|
||||
};
|
||||
|
||||
Binary file not shown.
|
Before Width: | Height: | Size: 7.3 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 28 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 206 KiB |
Binary file not shown.
|
Before Width: | Height: | Size: 145 KiB |
@@ -83,24 +83,11 @@ in {
|
||||
AUTO_WATCH_NEW_REPOS = false;
|
||||
};
|
||||
admin.DEFAULT_EMAIL_NOTIFICATIONS = "onmention";
|
||||
session.COOKIE_SECURE = true;
|
||||
security = {
|
||||
SECRET_KEY = lib.mkForce "";
|
||||
SECRET_KEY_URI = "file:${config.sops.secrets."gitea/secret-key".path}";
|
||||
};
|
||||
cache = {
|
||||
ADAPTER = "redis";
|
||||
HOST = "redis+socket://${config.services.redis.servers.gitea.unixSocket}?db=0";
|
||||
ITEM_TTL = "72h";
|
||||
};
|
||||
session = {
|
||||
COOKIE_SECURE = true;
|
||||
PROVIDER = "redis";
|
||||
PROVIDER_CONFIG = "redis+socket://${config.services.redis.servers.gitea.unixSocket}?db=1";
|
||||
};
|
||||
queue = {
|
||||
TYPE = "redis";
|
||||
CONN_STR = "redis+socket://${config.services.redis.servers.gitea.unixSocket}?db=2";
|
||||
};
|
||||
database.LOG_SQL = false;
|
||||
repository = {
|
||||
PREFERRED_LICENSES = lib.concatStringsSep "," [
|
||||
@@ -141,6 +128,31 @@ in {
|
||||
AVATAR_MAX_ORIGIN_SIZE = 1024 * 1024 * 2;
|
||||
};
|
||||
actions.ENABLED = true;
|
||||
ui = {
|
||||
REACTIONS = lib.concatStringsSep "," [
|
||||
"+1"
|
||||
"-1"
|
||||
"laugh"
|
||||
"confused"
|
||||
"heart"
|
||||
"hooray"
|
||||
"rocket"
|
||||
"eyes"
|
||||
"100"
|
||||
"anger"
|
||||
"astonished"
|
||||
"no_good"
|
||||
"ok_hand"
|
||||
"pensive"
|
||||
"pizza"
|
||||
"point_up"
|
||||
"sob"
|
||||
"skull"
|
||||
"upside_down_face"
|
||||
"shrug"
|
||||
];
|
||||
};
|
||||
"ui.meta".DESCRIPTION = "Bokstavelig talt programvareverkstedet";
|
||||
};
|
||||
|
||||
dump = {
|
||||
@@ -152,26 +164,12 @@ in {
|
||||
|
||||
environment.systemPackages = [ cfg.package ];
|
||||
|
||||
systemd.services.gitea = lib.mkIf cfg.enable {
|
||||
wants = [ "redis-gitea.service" ];
|
||||
after = [ "redis-gitea.service" ];
|
||||
systemd.services.gitea.serviceConfig.CPUSchedulingPolicy = "batch";
|
||||
|
||||
serviceConfig = {
|
||||
CPUSchedulingPolicy = "batch";
|
||||
CacheDirectory = "gitea/repo-archive";
|
||||
BindPaths = [
|
||||
"%C/gitea/repo-archive:${cfg.stateDir}/data/repo-archive"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.redis.servers.gitea = lib.mkIf cfg.enable {
|
||||
enable = true;
|
||||
user = config.services.gitea.user;
|
||||
save = [ ];
|
||||
openFirewall = false;
|
||||
port = 5698;
|
||||
};
|
||||
systemd.services.gitea.serviceConfig.CacheDirectory = "gitea/repo-archive";
|
||||
systemd.services.gitea.serviceConfig.BindPaths = [
|
||||
"%C/gitea/repo-archive:${cfg.stateDir}/data/repo-archive"
|
||||
];
|
||||
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
forceSSL = true;
|
||||
|
||||
Reference in New Issue
Block a user