bicep/matrix/coturn: coturn is actually fixed

gergle: big if true
bekkalokk: Update nettsiden (re-enable events)
2026-01-12 10:28:25 +01:00 · 2025-02-16 02:01:29 +01:00 · 2025-01-25 19:59:43 +01:00 · 2025-01-17 23:11:19 +01:00 · 2025-01-11 15:02:00 +01:00 · 2025-01-10 18:51:41 +01:00
11 changed files with 248 additions and 53 deletions
--- a/base/services/auto-upgrade.nix
+++ b/base/services/auto-upgrade.nix
@@ -2,7 +2,7 @@
 {
  system.autoUpgrade = {
    enable = true;
-    flake = "git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git?ref=24.11";
+    flake = "git+https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git";
    flags = [
      # --update-input is deprecated since nix 2.22, and removed in lix 2.90
      # https://git.lix.systems/lix-project/lix/issues/400
--- a/flake.lock
+++ b/flake.lock
@@ -20,6 +20,26 @@
        "type": "github"
      }
    },
+    "gergle": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1736621371,
+        "narHash": "sha256-45UIQSQA7R5iU4YWvilo7mQbhY1Liql9bHBvYa3qRI0=",
+        "ref": "refs/heads/main",
+        "rev": "3729796c1213fe76e568ac28f1df8de4e596950b",
+        "revCount": 20,
+        "type": "git",
+        "url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git"
+      }
+    },
    "greg-ng": {
      "inputs": {
        "nixpkgs": [
@@ -28,17 +48,17 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1730249639,
-        "narHash": "sha256-G3URSlqCcb+GIvGyki+HHrDM5ZanX/dP9BtppD/SdfI=",
+        "lastModified": 1736545379,
+        "narHash": "sha256-PeTTmGumdOX3rd6OKI7QMCrZovCDkrckZbcHr+znxWA=",
        "ref": "refs/heads/main",
-        "rev": "80e0447bcb79adad4f459ada5610f3eae987b4e3",
-        "revCount": 34,
+        "rev": "74f5316121776db2769385927ec0d0c2cc2b23e4",
+        "revCount": 42,
        "type": "git",
-        "url": "https://git.pvv.ntnu.no/Projects/greg-ng.git"
+        "url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git"
      },
      "original": {
        "type": "git",
-        "url": "https://git.pvv.ntnu.no/Projects/greg-ng.git"
+        "url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git"
      }
    },
    "grzegorz-clients": {
@@ -54,11 +74,11 @@
        "rev": "546d921ec46735dbf876e36f4af8df1064d09432",
        "revCount": 78,
        "type": "git",
-        "url": "https://git.pvv.ntnu.no/Projects/grzegorz-clients.git"
+        "url": "https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git"
      },
      "original": {
        "type": "git",
-        "url": "https://git.pvv.ntnu.no/Projects/grzegorz-clients.git"
+        "url": "https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git"
      }
    },
    "matrix-next": {
@@ -104,11 +124,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1714416973,
-        "narHash": "sha256-aZUcvXjdETUC6wVQpWDVjLUzwpDAEca8yR0ITDeK39o=",
+        "lastModified": 1736531400,
+        "narHash": "sha256-+X/HVI1AwoPcud28wI35XRrc1kDgkYdDUGABJBAkxDI=",
        "ref": "refs/heads/main",
-        "rev": "2b23c0ba8aae68d3cb6789f0f6e4891cef26cc6d",
-        "revCount": 6,
+        "rev": "e4dafd06b3d7e9e6e07617766e9c3743134571b7",
+        "revCount": 7,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git"
      },
@@ -176,11 +196,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1725212759,
+        "lastModified": 1737151758,
        "narHash": "sha256-yZBsefIarFUEhFRj+rCGMp9Zvag3MCafqV/JfGVRVwc=",
        "ref": "refs/heads/master",
-        "rev": "e7b66b4bc6a89bab74bac45b87e9434f5165355f",
-        "revCount": 473,
+        "rev": "a4ebe6ded0c8c124561a41cb329ff30891914b5e",
+        "revCount": 475,
        "type": "git",
        "url": "https://git.pvv.ntnu.no/Projects/nettsiden.git"
      },
@@ -192,6 +212,7 @@
    "root": {
      "inputs": {
        "disko": "disko",
+        "gergle": "gergle",
        "greg-ng": "greg-ng",
        "grzegorz-clients": "grzegorz-clients",
        "matrix-next": "matrix-next",
--- a/flake.nix
+++ b/flake.nix
@@ -23,9 +23,11 @@
    nix-gitea-themes.url = "git+https://git.pvv.ntnu.no/oysteikt/nix-gitea-themes.git";
    nix-gitea-themes.inputs.nixpkgs.follows = "nixpkgs";

-    greg-ng.url = "git+https://git.pvv.ntnu.no/Projects/greg-ng.git";
+    greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git";
    greg-ng.inputs.nixpkgs.follows = "nixpkgs";
-    grzegorz-clients.url = "git+https://git.pvv.ntnu.no/Projects/grzegorz-clients.git";
+    gergle.url = "git+https://git.pvv.ntnu.no/Grzegorz/gergle.git";
+    gergle.inputs.nixpkgs.follows = "nixpkgs";
+    grzegorz-clients.url = "git+https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git";
    grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";

    minecraft-data.url = "git+https://git.pvv.ntnu.no/Drift/minecraft-data.git";
@@ -124,19 +126,23 @@
      brzeczyszczykiewicz = stableNixosConfig "brzeczyszczykiewicz" {
        modules = [
          inputs.grzegorz-clients.nixosModules.grzegorz-webui
+          inputs.gergle.nixosModules.default
          inputs.greg-ng.nixosModules.default
        ];
        overlays = [
          inputs.greg-ng.overlays.default
+          inputs.gergle.overlays.default
        ];
      };
      georg = stableNixosConfig "georg" {
        modules = [
          inputs.grzegorz-clients.nixosModules.grzegorz-webui
+          inputs.gergle.nixosModules.default
          inputs.greg-ng.nixosModules.default
        ];
        overlays = [
          inputs.greg-ng.overlays.default
+          inputs.gergle.overlays.default
        ];
      };
    };
--- a/hosts/bekkalokk/services/gitea/default.nix
+++ b/hosts/bekkalokk/services/gitea/default.nix
@@ -180,11 +180,16 @@ in {
        <a class="item" href="https://wiki.pvv.ntnu.no/">Wiki</a>
        <a class="item" href="https://git.pvv.ntnu.no/Drift/-/projects/4">Tokyo Drift Issues</a>
      '';
+
+      project-labels = (pkgs.formats.yaml { }).generate "gitea-project-labels.yaml" {
+        labels = lib.importJSON ./labels/projects.json;
+      };
    in ''
      install -Dm444 ${logo-svg} ${cfg.customDir}/public/assets/img/logo.svg
      install -Dm444 ${logo-png} ${cfg.customDir}/public/assets/img/logo.png
      install -Dm444 ${./loading.apng} ${cfg.customDir}/public/assets/img/loading.png
      install -Dm444 ${extraLinks} ${cfg.customDir}/templates/custom/extra_links.tmpl
+      install -Dm444 ${project-labels} ${cfg.customDir}/options/label/project-labels.yaml
    '';
  };
 }
--- a/hosts/bekkalokk/services/gitea/import-users/gitea-import-users.py
+++ b/hosts/bekkalokk/services/gitea/import-users/gitea-import-users.py
@@ -177,6 +177,7 @@ def ensure_gitea_user_is_part_of_team(
 # List of teams that all users should be part of by default
 COMMON_USER_TEAMS = [
    ("Projects", "Members"),
+    ("Grzegorz", "Members"),
    ("Kurs", "Members"),
 ]

--- a/hosts/bekkalokk/services/gitea/labels/projects.json
+++ b/hosts/bekkalokk/services/gitea/labels/projects.json
@@ -0,0 +1,116 @@
+[
+  {
+    "name": "art",
+    "exclusive": false,
+    "color": "#006b75",
+    "description": "Requires some creativity"
+  },
+  {
+    "name": "big",
+    "exclusive": false,
+    "color": "#754bc4",
+    "description": "This is gonna take a while"
+  },
+  {
+    "name": "blocked",
+    "exclusive": false,
+    "color": "#850021",
+    "description": "This issue/PR depends on one or more other issues/PRs"
+  },
+  {
+    "name": "bug",
+    "exclusive": false,
+    "color": "#f05048",
+    "description": "Something brokey"
+  },
+  {
+    "name": "ci-cd",
+    "exclusive": false,
+    "color": "#d1ff78",
+    "description": "Continuous integrals and continuous derivation"
+  },
+  {
+    "name": "crash report",
+    "exclusive": false,
+    "color": "#ed1111",
+    "description": "Report an oopsie"
+  },
+  {
+    "name": "disputed",
+    "exclusive": false,
+    "color": "#5319e7",
+    "description": "Kranglefanter"
+  },
+  {
+    "name": "documentation",
+    "exclusive": false,
+    "color": "#fbca04",
+    "description": "Documentation changes required"
+  },
+  {
+    "name": "duplicate",
+    "exclusive": false,
+    "color": "#cccccc",
+    "description": "This issue or pull request already exists"
+  },
+  {
+    "name": "feature request",
+    "exclusive": false,
+    "color": "#0052cc",
+    "description": ""
+  },
+  {
+    "name": "good first issue",
+    "exclusive": false,
+    "color": "#009800",
+    "description": "Get your hands dirty with a new project here"
+  },
+  {
+    "name": "me gusta",
+    "exclusive": false,
+    "color": "#30ff36",
+    "description": "( ͡° ͜ʖ ͡°)"
+  },
+  {
+    "name": "packaging",
+    "exclusive": false,
+    "color": "#bf642b",
+    "description": ""
+  },
+  {
+    "name": "question",
+    "exclusive": false,
+    "color": "#cc317c",
+    "description": ""
+  },
+  {
+    "name": "security",
+    "exclusive": false,
+    "color": "#ed1111",
+    "description": "Skommel"
+  },
+  {
+    "name": "techdebt spring cleaning",
+    "exclusive": false,
+    "color": "#8c6217",
+    "description": "The code is smelly 👃"
+  },
+  {
+    "name": "testing",
+    "exclusive": false,
+    "color": "#52b373",
+    "description": "Poke it and see if it explodes"
+  },
+  {
+    "name": "ui/ux",
+    "exclusive": false,
+    "color": "#f28852",
+    "description": "User complaints about ergonomics and economics and whatever"
+  },
+  {
+    "name": "wontfix",
+    "exclusive": false,
+    "color": "#ffffff",
+    "description": "Nei, vil ikke"
+  }
+]
--- a/hosts/bekkalokk/services/gitea/web-secret-provider/default.nix
+++ b/hosts/bekkalokk/services/gitea/web-secret-provider/default.nix
@@ -3,6 +3,7 @@ let
  organizations = [
    "Drift"
    "Projects"
+    "Grzegorz"
    "Kurs"
  ];

--- a/hosts/bicep/services/matrix/coturn.nix
+++ b/hosts/bicep/services/matrix/coturn.nix
@@ -48,6 +48,9 @@

  users.users.turnserver.extraGroups = [ "acme" ];

+  # It needs this to be allowed to access the files with the acme group
+  systemd.services.coturn.serviceConfig.PrivateUsers = lib.mkForce false;
+
  systemd.services."acme-${config.services.coturn.realm}".serviceConfig = {
    AmbientCapabilities = [ "CAP_NET_BIND_SERVICE" ];
  };
@@ -66,7 +69,7 @@

    listening-ips = [
      values.services.turn.ipv4
-      # values.services.turn.ipv6
+      values.services.turn.ipv6
    ];

    tls-listening-port = 443;
--- a/hosts/ustetind/services/gitea-runners.nix
+++ b/hosts/ustetind/services/gitea-runners.nix
@@ -15,8 +15,8 @@ let
        enable = true;
        name = "git-runner-${name}"; url = "https://git.pvv.ntnu.no";
        labels = [
-          "debian-latest:docker://node:18-bullseye"
-          "ubuntu-latest:docker://node:18-bullseye"
+          "debian-latest:docker://node:current-bookworm"
+          "ubuntu-latest:docker://node:current-bookworm"
        ];
        tokenFile = config.sops.secrets."gitea/runners/${name}".path;
      };
--- a/modules/grzegorz.nix
+++ b/modules/grzegorz.nix
@@ -2,6 +2,8 @@
 let
  grg = config.services.greg-ng;
  grgw = config.services.grzegorz-webui;
+
+  machine = config.networking.hostName;
 in {
  services.greg-ng = {
    enable = true;
@@ -16,37 +18,77 @@ in {
    listenAddr = "localhost";
    listenPort = 42069;
    listenWebsocketPort = 42042;
-    hostName = "${config.networking.fqdn}";
-    apiBase = "http://${grg.settings.host}:${toString grg.settings.port}/api";
+    hostName = "${machine}-old.pvv.ntnu.no";
+    apiBase = "https://${machine}-backend.pvv.ntnu.no/api";
+  };
+
+  services.gergle = {
+    enable = true;
+    virtualHost = config.networking.fqdn;
  };

  services.nginx.enable = true;
-  services.nginx.virtualHosts."${config.networking.fqdn}" = {
-    forceSSL = true;
-    enableACME = true;
-    kTLS = true;
-    serverAliases = [
-      "${config.networking.hostName}.pvv.org"
-    ];
-    extraConfig = ''
-      allow 129.241.210.128/25;
-      allow 2001:700:300:1900::/64;
-      deny all;
-    '';
+  services.nginx.virtualHosts = {
+    ${config.networking.fqdn} = {
+      forceSSL = true;
+      enableACME = true;
+      kTLS = true;
+      serverAliases = [
+        "${machine}.pvv.org"
+      ];
+      extraConfig = ''
+        allow 129.241.210.128/25;
+        allow 2001:700:300:1900::/64;
+        deny all;
+      '';
+    };

-    locations."/" = {
-      proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenPort}";
+    "${machine}-backend.pvv.ntnu.no" = {
+      forceSSL = true;
+      enableACME = true;
+      kTLS = true;
+      serverAliases = [
+        "${machine}-backend.pvv.org"
+      ];
+      extraConfig = ''
+        allow 129.241.210.128/25;
+        allow 2001:700:300:1900::/64;
+        deny all;
+      '';
+
+      locations."/" = {
+        proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
+        proxyWebsockets = true;
+      };
    };
-    # https://github.com/rawpython/remi/issues/216
-    locations."/websocket" = {
-      proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenWebsocketPort}";
-      proxyWebsockets = true;
-    };
-    locations."/api" = {
-      proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
-    };
-    locations."/docs" = {
-      proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
+
+    "${machine}-old.pvv.ntnu.no" = {
+      forceSSL = true;
+      enableACME = true;
+      kTLS = true;
+      serverAliases = [
+        "${machine}-old.pvv.org"
+      ];
+      extraConfig = ''
+        allow 129.241.210.128/25;
+        allow 2001:700:300:1900::/64;
+        deny all;
+      '';
+
+      locations."/" = {
+        proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenPort}";
+      };
+      # https://github.com/rawpython/remi/issues/216
+      locations."/websocket" = {
+        proxyPass = "http://${grgw.listenAddr}:${toString grgw.listenWebsocketPort}";
+        proxyWebsockets = true;
+      };
+      locations."/api" = {
+        proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
+      };
+      locations."/docs" = {
+        proxyPass = "http://${grg.settings.host}:${toString grg.settings.port}";
+      };
    };
  };
 }
--- a/secrets/ustetind/ustetind.yaml
+++ b/secrets/ustetind/ustetind.yaml
@@ -1,8 +1,8 @@
 gitea:
    runners:
-        alpha: ENC[AES256_GCM,data:aAFv+/ygC7oxGT3qnoEf+AZL3Nk1yOq3HupL9l0j8P913GefPKqlBt/mbuRVug==,iv:usXElENwbOHxUdoqHScK7PjeZavXUwoxpQWEMjxU2u4=,tag:E8OzZ9pmxIru7Glgh7v0lg==,type:str]
-        beta: ENC[AES256_GCM,data:riRSBDzX9DAxKl2UCds1ANddl3ij+byAgigOafJ5RjWl8cNVlowK21klBiKTxw==,iv:clijEUKX9o52p5A94eEW0f8qGGhFpy/LFe+uQG/iQLg=,tag:PchXbsZMnW//O7brEAEeWw==,type:str]
-        epsilon: ENC[AES256_GCM,data:lUt8uaqh9eC1IdIUfiw3dzxcDErSWaiT9lzg4ONf/QZeXj7Do7Es0GXBFd41Hw==,iv:hPm5Lez5ISHIlw1+i4z/oBsh4H5ZXPVYnXXSGq1eal0=,tag:/KcmPw30622tN9ruMUwfUw==,type:str]
+        alpha: ENC[AES256_GCM,data:Hnq2guka4oERPIFCv1/ggrLjaePA7907VHXMStDQ7ll3hntTioT76qGOUJgfIw==,iv:wDPYuuL6VAWJakrz6asVRrzwRxqw0JDRes13MgJIT6E=,tag:ogFUeUirHVkCLN63nctxOw==,type:str]
+        beta: ENC[AES256_GCM,data:HmdjBvW8eO5MkzXf7KEzSNQAptF/RKN8Bh03Ru7Ru/Ky+eJJtk91aqSSIjFa+Q==,iv:Hz9HE3U6CFfZFcPmYMd6wSzZkSvszt92L2gV+pUlMis=,tag:LG3NfsS7B1EdRFvnP3XESQ==,type:str]
+        epsilon: ENC[AES256_GCM,data:wfGxwWwDzb6AJaFnxe/93WNZGtuTpCkLci/Cc5MTCTKJz6XlNuy3m/1Xsnw0hA==,iv:I6Zl+4BBAUTXym2qUlFfdnoLTHShu+VyxPMjRlFzMis=,tag:jjTyZs1Nzqlhjd8rAldxDw==,type:str]
 sops:
    kms: []
    gcp_kms: []
@@ -63,8 +63,8 @@ sops:
            aU4xWjVYYlNvSmYxajVGdzk5dTQ4WG8Klq12bSegsW29xp4qteuCB5Tzis6EhVCk
            53jqtYe5UG9MjFVQYiSi2jJz5/dxfqSINMZ/Y/EB5LxbwgbFws8Yuw==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-09T21:17:40Z"
-    mac: ENC[AES256_GCM,data:HensJbPU1Kx9aQNUhdtFkX/6qdxj7yby6GeSruOT+HYEtoq0py/zvMtdCqmfjc4AOptYlXdgK7w30P976dG1esjlYwF07qtVvAbUqvExkksuV4zp81VKHMXUOAyiQK79kLe3rx6cvEdUDbOjZOsxN02eRrcanN+7rJS6f7vNN88=,iv:PlePCik6JcOtVBQhhOj9khhp2LwwfXBwAGpzu4ywhTA=,tag:Clz+xX1Cffs8Zpv2LdsGVA==,type:str]
+    lastmodified: "2024-12-12T12:20:19Z"
+    mac: ENC[AES256_GCM,data:D9/NAd/zrF6pHFdZjTUqI+u4WiwJqt0w5Y+SYCS1o/dAXJE/ajHzse/vCSGXZIjP0yqe+S/NyTvhf+stw2B4dk6Njtabjd+PhG0hR4L0X07FtFqzB3u5pLHCb0bH9QLG5zWcyMkwNiNTCvhRUZzbcqLEGqqJ7ZjZAEUfYSR+Jls=,iv:5xPfODPxtQjgbl8delUHsmhD0TI2gHjrxpHV+qiFE00=,tag:HHLo5G8jhy/sKB3R+sKmwQ==,type:str]
    pgp:
        - created_at: "2024-12-09T21:17:27Z"
          enc: |-
@@ -87,4 +87,4 @@ sops:
            -----END PGP MESSAGE-----
          fp: F7D37890228A907440E1FD4846B9228E814A2AAC
    unencrypted_suffix: _unencrypted
-    version: 3.8.1
+    version: 3.9.2
Author	SHA1	Message	Date
Daniel Olsen	a009b05977	bicep/matrix/coturn: coturn is actually fixed	2025-02-16 02:01:29 +01:00
Øystein Tveit	8a8f5659fb	gergle: big if true	2025-01-25 19:59:43 +01:00
Felix Albrigtsen	13c921c47b	bekkalokk: Update nettsiden (re-enable events)	2025-01-17 23:11:19 +01:00
h7x4	819fcef4c2	flake.lock: bump greg-ng	2025-01-11 15:02:00 +01:00
h7x4	102a6f9011	flake.lock: bump nix-gitea-themes	2025-01-10 18:51:41 +01:00
h7x4	86e68f496e	bekkalokk/gitea: add declarative label set 'projects'	2025-01-10 18:51:40 +01:00
h7x4	394ff94033	flake.nix: move grz projects from `Projects` to `Grzegorz`	2025-01-06 16:34:22 +01:00
h7x4	6cb7f576a5	bekkalokk/gitea-scripts: add `Grzegorz` organization	2025-01-06 16:34:22 +01:00
Øystein Tveit	edb448f7a0	ustetind/gitea-runners: update docker image, update registration keys	2024-12-22 23:17:41 +01:00
h7x4	4507ffe2ab	base/auto-upgrade: switch ref back to main	2024-12-22 23:04:08 +01:00
Felix Albrigtsen	882a8f2e88	bekkalokk: Update nettsiden	2024-12-21 23:50:53 +01:00