felixalb/pvv-nixos-config
1
0
Fork 0
mirror of https://git.pvv.ntnu.no/Drift/pvv-nixos-config.git synced 2026-05-02 04:33:15 +02:00
Code Issues Projects Releases Wiki Activity

Compare commits

base: felixalb:shellcheck
Branches Tags
felixalb:main felixalb:friendship-with-bakke-ended felixalb:bicep-garage-test-deployment felixalb:shellcheck felixalb:bicep-revival felixalb:drumknotty felixalb:fmt felixalb:errorpages felixalb:PVVtheme2026 felixalb:dagali-heimdal-openldap-sasl-stack felixalb:skrot-new-thing felixalb:loginpage felixalb:temmie-userweb felixalb:gitea-robots-txt felixalb:kommode-disko felixalb:skrott-cross-compile felixalb:nettsiden-postgresql felixalb:gitea-vaskepersonalet felixalb:create-flake-input-exporter felixalb:gitea-runners-secrets felixalb:nom felixalb:add-skrott felixalb:pvvvvv felixalb:gitea-show-license-in-list-view felixalb:backup-databases felixalb:openwebui felixalb:setup-openvpn-tunnel felixalb:gitea-gpg-signing felixalb:sleipner-authorised-keys felixalb:openstack-image-builder felixalb:elysium felixalb:smartd-notifs felixalb:systemd-journald-remote felixalb:skrot felixalb:deploy-doorbell felixalb:misc-gitea-fixes felixalb:spotifyd felixalb:remote felixalb:setup-bikkje-login felixalb:ozai-prod felixalb:add-bluemap felixalb:ozai felixalb:setup-postfix-for-service-machines felixalb:fix-gitea-ci-runner-network-issues felixalb:heimdal-openldap-sasl-testing-on-salsa-on-buskerud felixalb:gitea-metrics felixalb:misc1 felixalb:add-simple-saml-theme felixalb:misc-extra-gitea-setup felixalb:setup-kerberos felixalb:setup-home-areas felixalb:shark-kanidm felixalb:prometheusexim
..
compare: felixalb:bb20f32df8c1aa692712aeb68183d938c3583cae
Branches Tags
felixalb:friendship-with-bakke-ended felixalb:bicep-garage-test-deployment felixalb:main felixalb:shellcheck felixalb:bicep-revival felixalb:drumknotty felixalb:fmt felixalb:errorpages felixalb:PVVtheme2026 felixalb:dagali-heimdal-openldap-sasl-stack felixalb:skrot-new-thing felixalb:loginpage felixalb:temmie-userweb felixalb:gitea-robots-txt felixalb:kommode-disko felixalb:skrott-cross-compile felixalb:nettsiden-postgresql felixalb:gitea-vaskepersonalet felixalb:create-flake-input-exporter felixalb:gitea-runners-secrets felixalb:nom felixalb:add-skrott felixalb:pvvvvv felixalb:gitea-show-license-in-list-view felixalb:backup-databases felixalb:openwebui felixalb:setup-openvpn-tunnel felixalb:gitea-gpg-signing felixalb:sleipner-authorised-keys felixalb:openstack-image-builder felixalb:elysium felixalb:smartd-notifs felixalb:systemd-journald-remote felixalb:skrot felixalb:deploy-doorbell felixalb:misc-gitea-fixes felixalb:spotifyd felixalb:remote felixalb:setup-bikkje-login felixalb:ozai-prod felixalb:add-bluemap felixalb:ozai felixalb:setup-postfix-for-service-machines felixalb:fix-gitea-ci-runner-network-issues felixalb:heimdal-openldap-sasl-testing-on-salsa-on-buskerud felixalb:gitea-metrics felixalb:misc1 felixalb:add-simple-saml-theme felixalb:misc-extra-gitea-setup felixalb:setup-kerberos felixalb:setup-home-areas felixalb:shark-kanidm felixalb:prometheusexim

4 Commits
shellcheck ... bb20f32df8

Author SHA1 Message Date
h7x4
bb20f32df8 .gitea/workflows: simplify some steps 2026-04-29 08:34:38 +09:00
h7x4
f83ae6de37 flake.lock: bump roowho2 2026-04-29 08:29:02 +09:00
h7x4
f490e64516 flake.nix: bump greg-ng and gergle 
Also follow unstable nixpkgs in order to use bleeding edge flutter
 2026-04-25 07:09:41 +09:00
Vegard Bieker Matthey
61c6639d3a remove inactive users 2026-04-23 14:18:52 +02:00
12 changed files with 95 additions and 105 deletions
Expand all files Collapse all files

16
.gitea/workflows/build-topology-graph.yml
View File

@@ -7,15 +7,19 @@ jobs:
evals: evals:
runs-on: debian-latest runs-on: debian-latest
steps: steps:
- name: Install sudo
run: apt-get install --update --assume-yes sudo
- uses: actions/checkout@v6 - uses: actions/checkout@v6
- name: Install sudo
run: apt-get update && apt-get -y install sudo
- uses: https://github.com/cachix/install-nix-action@v31 - uses: https://github.com/cachix/install-nix-action@v31
with:
- name: Configure Nix extra_nix_config: |
run: echo -e "show-trace = true\nmax-jobs = auto\ntrusted-users = root\nexperimental-features = nix-command flakes\nbuild-users-group =" > /etc/nix/nix.conf show-trace = true
max-jobs = auto
trusted-users = root
experimental-features = nix-command flakes
build-users-group =
- name: Build topology graph - name: Build topology graph
run: nix build .#topology -L run: nix build .#topology -L

14
.gitea/workflows/eval.yml
View File

@@ -6,8 +6,18 @@ jobs:
evals: evals:
runs-on: debian-latest runs-on: debian-latest
steps: steps:
- name: Install sudo
run: apt-get install --update --assume-yes sudo
- uses: actions/checkout@v6 - uses: actions/checkout@v6
- run: apt-get update && apt-get -y install sudo
- uses: https://github.com/cachix/install-nix-action@v31 - uses: https://github.com/cachix/install-nix-action@v31
- run: echo -e "show-trace = true\nmax-jobs = auto\ntrusted-users = root\nexperimental-features = nix-command flakes\nbuild-users-group =" > /etc/nix/nix.conf with:
extra_nix_config: |
show-trace = true
max-jobs = auto
trusted-users = root
experimental-features = nix-command flakes
build-users-group =
- run: nix flake check - run: nix flake check

54
flake.lock generated
View File

@@ -2,11 +2,11 @@
"nodes": { "nodes": {
"crane": { "crane": {
"locked": { "locked": {
"lastModified": 1770419512, "lastModified": 1776635034,
"narHash": "sha256-o8Vcdz6B6bkiGUYkZqFwH3Pv1JwZyXht3dMtS7RchIo=", "narHash": "sha256-OEOJrT3ZfwbChzODfIH4GzlNTtOFuZFWPtW7jIeR8xU=",
"owner": "ipetkov", "owner": "ipetkov",
"repo": "crane", "repo": "crane",
"rev": "2510f2cbc3ccd237f700bb213756a8f35c32d8d7", "rev": "dc7496d8ea6e526b1254b55d09b966e94673750f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -78,15 +78,15 @@
"gergle": { "gergle": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs-unstable"
] ]
}, },
"locked": { "locked": {
"lastModified": 1770617355, "lastModified": 1777067150,
"narHash": "sha256-lauV1yKA67WxnlbiJiwhOT9xI8nTiUqqrrRlgA+rMis=", "narHash": "sha256-vqPz8jCS1zTQlvmgctUFpvnr6f9ISR5h7CPG/HgQvf0=",
"ref": "main", "ref": "main",
"rev": "36af0316a7370d19db05ef7c0a87e826f4a222d5", "rev": "b452a854fb78d6df9fe062b45e23a968657d115d",
"revCount": 24, "revCount": 35,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git" "url": "https://git.pvv.ntnu.no/Grzegorz/gergle.git"
}, },
@@ -99,16 +99,16 @@
"greg-ng": { "greg-ng": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs-unstable"
], ],
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
"lastModified": 1770617867, "lastModified": 1777019032,
"narHash": "sha256-xPLm4C13KUl0zmm1OA+A8UwDSixwtNQ/caRx/WjN+WY=", "narHash": "sha256-29lw7THThWb5DW01rVRj1b816Apwz/P4m2wVWaSIadU=",
"ref": "main", "ref": "main",
"rev": "155752914d81a3a3c02fcfc5d840cfdfda07216d", "rev": "55262afca46c96f75a834d4e00e30d5fb20affb6",
"revCount": 62, "revCount": 61,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git" "url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git"
}, },
@@ -276,11 +276,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1775064351, "lastModified": 1777014002,
"narHash": "sha256-KHkwW/A1+H23YBMQGDmPb8cw5LwZFnszVKg5eZ4JWhg=", "narHash": "sha256-urhq48kYlNYbkGXQ/f3NjzJTGfMdG8GmJQbgFLcrcV0=",
"rev": "1e6f1bb5bb05d14aea16063ab587c599a68241c2", "rev": "15ebe06759175c2e98dba23c0b125913589094e7",
"type": "tarball", "type": "tarball",
"url": "https://releases.nixos.org/nixos/unstable-small/nixos-26.05pre973082.1e6f1bb5bb05/nixexprs.tar.xz" "url": "https://releases.nixos.org/nixos/unstable-small/nixos-26.05pre986338.15ebe0675917/nixexprs.tar.xz"
}, },
"original": { "original": {
"type": "tarball", "type": "tarball",
@@ -380,11 +380,11 @@
"rust-overlay": "rust-overlay_3" "rust-overlay": "rust-overlay_3"
}, },
"locked": { "locked": {
"lastModified": 1770912859, "lastModified": 1777418851,
"narHash": "sha256-wtf7YgthGVDY7dhWe8cO42+CD7Y2Pkngvzirwjwvfzg=", "narHash": "sha256-M6LntO3jkxwgcKkaa9de1Vqu+LsV12Yz8Bv3/9/k018=",
"ref": "main", "ref": "main",
"rev": "9361dcf941fabb14e94f472754b0e0a26cc56e13", "rev": "16b2bc5c2759e20ecb952374509f1e1f9d6c06e7",
"revCount": 59, "revCount": 83,
"type": "git", "type": "git",
"url": "https://git.pvv.ntnu.no/Projects/roowho2.git" "url": "https://git.pvv.ntnu.no/Projects/roowho2.git"
}, },
@@ -402,11 +402,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1770606655, "lastModified": 1777000482,
"narHash": "sha256-rpJf+kxvLWv32ivcgu8d+JeJooog3boJCT8J3joJvvM=", "narHash": "sha256-CZ5FKUSA8FCJf0h9GWdPJXoVVDL9H5yC74GkVc5ubIM=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "11a396520bf911e4ed01e78e11633d3fc63b350e", "rev": "403c09094a877e6c4816462d00b1a56ff8198e06",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -444,11 +444,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1769309768, "lastModified": 1776914043,
"narHash": "sha256-AbOIlNO+JoqRJkK1VrnDXhxuX6CrdtIu2hSuy4pxi3g=", "narHash": "sha256-qug5r56yW1qOsjSI99l3Jm15JNT9CvS2otkXNRNtrPI=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "140c9dc582cb73ada2d63a2180524fcaa744fad5", "rev": "2d35c4358d7de3a0e606a6e8b27925d981c01cc3",
"type": "github" "type": "github"
}, },
"original": { "original": {

4
flake.nix
View File

@@ -36,9 +36,9 @@
roowho2.inputs.nixpkgs.follows = "nixpkgs"; roowho2.inputs.nixpkgs.follows = "nixpkgs";
greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git?ref=main"; greg-ng.url = "git+https://git.pvv.ntnu.no/Grzegorz/greg-ng.git?ref=main";
greg-ng.inputs.nixpkgs.follows = "nixpkgs"; greg-ng.inputs.nixpkgs.follows = "nixpkgs-unstable";
gergle.url = "git+https://git.pvv.ntnu.no/Grzegorz/gergle.git?ref=main"; gergle.url = "git+https://git.pvv.ntnu.no/Grzegorz/gergle.git?ref=main";
gergle.inputs.nixpkgs.follows = "nixpkgs"; gergle.inputs.nixpkgs.follows = "nixpkgs-unstable";
grzegorz-clients.url = "git+https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git?ref=master"; grzegorz-clients.url = "git+https://git.pvv.ntnu.no/Grzegorz/grzegorz-clients.git?ref=master";
grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs"; grzegorz-clients.inputs.nixpkgs.follows = "nixpkgs";

10
hosts/bekkalokk/services/website/fetch-gallery.nix
View File

@@ -47,8 +47,8 @@ in {
}} }}
# Delete files and directories that exists in the gallery that don't exist in the tarball # Delete files and directories that exists in the gallery that don't exist in the tarball
filesToRemove=$(uniq -u <(sort <(find . -not -path './.thumbnails*') <(tar -tf '${transferDir}/gallery.tar.gz' | sed 's|/$||'))) filesToRemove=$(uniq -u <(sort <(find . -not -path "./.thumbnails*") <(tar -tf ${transferDir}/gallery.tar.gz | sed 's|/$||')))
while IFS= read -r fname; do while IFS= read fname; do
rm -f "$fname" ||: rm -f "$fname" ||:
rm -f ".thumbnails/$fname.png" ||: rm -f ".thumbnails/$fname.png" ||:
done <<< "$filesToRemove" done <<< "$filesToRemove"
@@ -56,9 +56,9 @@ in {
find . -type d -empty -delete find . -type d -empty -delete
mkdir -p .thumbnails mkdir -p .thumbnails
images=$(find . -type f -not -path './.thumbnails*') images=$(find . -type f -not -path "./.thumbnails*")
while IFS= read -r fname; do while IFS= read fname; do
# Skip this file if an up-to-date thumbnail already exists # Skip this file if an up-to-date thumbnail already exists
if [ -f ".thumbnails/$fname.png" ] && \ if [ -f ".thumbnails/$fname.png" ] && \
[ "$(date -R -r "$fname")" == "$(date -R -r ".thumbnails/$fname.png")" ] [ "$(date -R -r "$fname")" == "$(date -R -r ".thumbnails/$fname.png")" ]
@@ -67,7 +67,7 @@ in {
fi fi
echo "Creating thumbnail for $fname" echo "Creating thumbnail for $fname"
mkdir -p "$(dirname ".thumbnails/$fname")" mkdir -p $(dirname ".thumbnails/$fname")
magick -define jpeg:size=200x200 "$fname" -thumbnail 300 -auto-orient ".thumbnails/$fname.png" ||: magick -define jpeg:size=200x200 "$fname" -thumbnail 300 -auto-orient ".thumbnails/$fname.png" ||:
touch -m -d "$(date -R -r "$fname")" ".thumbnails/$fname.png" touch -m -d "$(date -R -r "$fname")" ".thumbnails/$fname.png"
done <<< "$images" done <<< "$images"

2
hosts/bicep/services/mysql/backup.nix
View File

@@ -57,7 +57,7 @@ in
rm "$STATE_DIRECTORY/mysql-dump-latest.sql.zst" ||: rm "$STATE_DIRECTORY/mysql-dump-latest.sql.zst" ||:
ln -T "$OUT_FILE" "$STATE_DIRECTORY/mysql-dump-latest.sql.zst" ln -T "$OUT_FILE" "$STATE_DIRECTORY/mysql-dump-latest.sql.zst"
while [ "$(find "$STATE_DIRECTORY" -type f -printf '.' | wc -c)" -gt '${toString (rotations + 1)}' ]; do while [ "$(find "$STATE_DIRECTORY" -type f -printf '.' | wc -c)" -gt ${toString (rotations + 1)} ]; do
rm "$(find "$STATE_DIRECTORY" -type f -printf '%T+ %p\n' | sort | head -n 1 | cut -d' ' -f2)" rm "$(find "$STATE_DIRECTORY" -type f -printf '%T+ %p\n' | sort | head -n 1 | cut -d' ' -f2)"
done done
''; '';

2
hosts/bicep/services/postgresql/backup.nix
View File

@@ -58,7 +58,7 @@ in
rm "$STATE_DIRECTORY/postgresql-dump-latest.sql.zst" ||: rm "$STATE_DIRECTORY/postgresql-dump-latest.sql.zst" ||:
ln -T "$OUT_FILE" "$STATE_DIRECTORY/postgresql-dump-latest.sql.zst" ln -T "$OUT_FILE" "$STATE_DIRECTORY/postgresql-dump-latest.sql.zst"
while [ "$(find "$STATE_DIRECTORY" -type f -printf '.' | wc -c)" -gt '${toString (rotations + 1)}' ]; do while [ "$(find "$STATE_DIRECTORY" -type f -printf '.' | wc -c)" -gt ${toString (rotations + 1)} ]; do
rm "$(find "$STATE_DIRECTORY" -type f -printf '%T+ %p\n' | sort | head -n 1 | cut -d' ' -f2)" rm "$(find "$STATE_DIRECTORY" -type f -printf '%T+ %p\n' | sort | head -n 1 | cut -d' ' -f2)"
done done
''; '';

24
hosts/kommode/services/gitea/customization/default.nix
View File

@@ -99,23 +99,23 @@ in
]; ];
} '' } ''
# Bigger icons # Bigger icons
install -Dm444 '${cfg.package.src}/templates/repo/icon.tmpl' "$out/repo/icon.tmpl" install -Dm444 "${cfg.package.src}/templates/repo/icon.tmpl" "$out/repo/icon.tmpl"
sed -i -e 's/24/60/g' "$out/repo/icon.tmpl" sed -i -e 's/24/60/g' "$out/repo/icon.tmpl"
''; '';
in '' in ''
install -Dm444 '${logo-svg}' '${cfg.customDir}/public/assets/img/logo.svg' install -Dm444 ${logo-svg} ${cfg.customDir}/public/assets/img/logo.svg
install -Dm444 '${logo-png}' '${cfg.customDir}/public/assets/img/logo.png' install -Dm444 ${logo-png} ${cfg.customDir}/public/assets/img/logo.png
install -Dm444 '${./loading.apng}' '${cfg.customDir}/public/assets/img/loading.png' install -Dm444 ${./loading.apng} ${cfg.customDir}/public/assets/img/loading.png
install -Dm444 '${extraLinks}' '${cfg.customDir}/templates/custom/extra_links.tmpl' install -Dm444 ${extraLinks} ${cfg.customDir}/templates/custom/extra_links.tmpl
install -Dm444 '${extraLinksFooter}' '${cfg.customDir}/templates/custom/extra_links_footer.tmpl' install -Dm444 ${extraLinksFooter} ${cfg.customDir}/templates/custom/extra_links_footer.tmpl
install -Dm444 '${project-labels}' '${cfg.customDir}/options/label/project-labels.yaml' install -Dm444 ${project-labels} ${cfg.customDir}/options/label/project-labels.yaml
install -Dm644 '${./emotes/bruh.png}' '${cfg.customDir}/public/assets/img/emoji/bruh.png' install -Dm644 ${./emotes/bruh.png} ${cfg.customDir}/public/assets/img/emoji/bruh.png
install -Dm644 '${./emotes/huh.gif}' '${cfg.customDir}/public/assets/img/emoji/huh.png' install -Dm644 ${./emotes/huh.gif} ${cfg.customDir}/public/assets/img/emoji/huh.png
install -Dm644 '${./emotes/grr.png}' '${cfg.customDir}/public/assets/img/emoji/grr.png' install -Dm644 ${./emotes/grr.png} ${cfg.customDir}/public/assets/img/emoji/grr.png
install -Dm644 '${./emotes/okiedokie.jpg}' '${cfg.customDir}/public/assets/img/emoji/okiedokie.png' install -Dm644 ${./emotes/okiedokie.jpg} ${cfg.customDir}/public/assets/img/emoji/okiedokie.png
'${lib.getExe pkgs.rsync}' -a '${customTemplates}/' '${cfg.customDir}/templates/' "${lib.getExe pkgs.rsync}" -a "${customTemplates}/" ${cfg.customDir}/templates/
''; '';
}; };
} }

30
modules/matrix-ooye.nix
View File

@@ -77,29 +77,29 @@ in
id id
echo "Before if statement" echo "Before if statement"
stat "''${REGISTRATION_FILE}" stat ''${REGISTRATION_FILE}
if [[ ! -f "''${REGISTRATION_FILE}" ]]; then if [[ ! -f ''${REGISTRATION_FILE} ]]; then
echo "No registration file found at '$REGISTRATION_FILE'" echo "No registration file found at '$REGISTRATION_FILE'"
cp --no-preserve=mode,ownership "${baseConfig}" "''${REGISTRATION_FILE}" cp --no-preserve=mode,ownership ${baseConfig} ''${REGISTRATION_FILE}
fi fi
echo "After if statement" echo "After if statement"
stat "''${REGISTRATION_FILE}" stat ''${REGISTRATION_FILE}
AS_TOKEN="$('${lib.getExe pkgs.jq}' -r .as_token "''${REGISTRATION_FILE}")" AS_TOKEN=$(${lib.getExe pkgs.jq} -r .as_token ''${REGISTRATION_FILE})
HS_TOKEN="$('${lib.getExe pkgs.jq}' -r .hs_token "''${REGISTRATION_FILE}")" HS_TOKEN=$(${lib.getExe pkgs.jq} -r .hs_token ''${REGISTRATION_FILE})
DISCORD_TOKEN="$(cat /run/credentials/matrix-ooye-pre-start.service/discord_token)" DISCORD_TOKEN=$(cat /run/credentials/matrix-ooye-pre-start.service/discord_token)
DISCORD_CLIENT_SECRET="$(cat /run/credentials/matrix-ooye-pre-start.service/discord_client_secret)" DISCORD_CLIENT_SECRET=$(cat /run/credentials/matrix-ooye-pre-start.service/discord_client_secret)
# Check if we have all required tokens # Check if we have all required tokens
if [[ -z "$AS_TOKEN" || "$AS_TOKEN" == "null" ]]; then if [[ -z "$AS_TOKEN" || "$AS_TOKEN" == "null" ]]; then
AS_TOKEN="$('${lib.getExe pkgs.openssl}' rand -hex 64)" AS_TOKEN=$(${lib.getExe pkgs.openssl} rand -hex 64)
echo "Generated new AS token: ''${AS_TOKEN}" echo "Generated new AS token: ''${AS_TOKEN}"
fi fi
if [[ -z "$HS_TOKEN" || "$HS_TOKEN" == "null" ]]; then if [[ -z "$HS_TOKEN" || "$HS_TOKEN" == "null" ]]; then
HS_TOKEN="$('${lib.getExe pkgs.openssl}' rand -hex 64)" HS_TOKEN=$(${lib.getExe pkgs.openssl} rand -hex 64)
echo "Generated new HS token: ''${HS_TOKEN}" echo "Generated new HS token: ''${HS_TOKEN}"
fi fi
@@ -115,13 +115,13 @@ in
exit 1 exit 1
fi fi
shred -u "''${REGISTRATION_FILE}" shred -u ''${REGISTRATION_FILE}
cp --no-preserve=mode,ownership "${baseConfig}" "''${REGISTRATION_FILE}" cp --no-preserve=mode,ownership ${baseConfig} ''${REGISTRATION_FILE}
'${lib.getExe pkgs.jq}' '.as_token = "'$AS_TOKEN'" | .hs_token = "'$HS_TOKEN'" | .ooye.discord_token = "'$DISCORD_TOKEN'" | .ooye.discord_client_secret = "'$DISCORD_CLIENT_SECRET'"' "''${REGISTRATION_FILE}" > "''${REGISTRATION_FILE}.tmp" ${lib.getExe pkgs.jq} '.as_token = "'$AS_TOKEN'" | .hs_token = "'$HS_TOKEN'" | .ooye.discord_token = "'$DISCORD_TOKEN'" | .ooye.discord_client_secret = "'$DISCORD_CLIENT_SECRET'"' ''${REGISTRATION_FILE} > ''${REGISTRATION_FILE}.tmp
shred -u "''${REGISTRATION_FILE}" shred -u ''${REGISTRATION_FILE}
mv "''${REGISTRATION_FILE}.tmp" "''${REGISTRATION_FILE}" mv ''${REGISTRATION_FILE}.tmp ''${REGISTRATION_FILE}
''; '';
in in

20
modules/snakeoil-certs.nix
View File

@@ -51,24 +51,24 @@ in
script = let script = let
openssl = lib.getExe pkgs.openssl; openssl = lib.getExe pkgs.openssl;
in lib.concatMapStringsSep "\n" ({ name, value }: '' in lib.concatMapStringsSep "\n" ({ name, value }: ''
mkdir -p "$(dirname '${value.certificate}')" "$(dirname '${value.certificateKey}')" mkdir -p $(dirname "${value.certificate}") $(dirname "${value.certificateKey}")
if ! ${openssl} x509 -checkend 86400 -noout -in '${value.certificate}' if ! ${openssl} x509 -checkend 86400 -noout -in ${value.certificate}
then then
echo "Regenerating '${value.certificate}'" echo "Regenerating '${value.certificate}'"
${openssl} req \ ${openssl} req \
-newkey rsa:4096 \ -newkey rsa:4096 \
-new -x509 \ -new -x509 \
-days '${toString value.daysValid}' \ -days "${toString value.daysValid}" \
-nodes \ -nodes \
-subj '${value.subject}' \ -subj "${value.subject}" \
-out '${value.certificate}' \ -out "${value.certificate}" \
-keyout '${value.certificateKey}' \ -keyout "${value.certificateKey}" \
${lib.escapeShellArgs value.extraOpenSSLArgs} ${lib.escapeShellArgs value.extraOpenSSLArgs}
fi fi
chown '${value.owner}:${value.group}' '${value.certificate}' chown "${value.owner}:${value.group}" "${value.certificate}"
chown '${value.owner}:${value.group}' '${value.certificateKey}' chown "${value.owner}:${value.group}" "${value.certificateKey}"
chmod '${value.mode}' '${value.certificate}' chmod "${value.mode}" "${value.certificate}"
chmod '${value.mode}' '${value.certificateKey}' chmod "${value.mode}" "${value.certificateKey}"
echo "\n-----------------\n" echo "\n-----------------\n"
'') (lib.attrsToList cfg); '') (lib.attrsToList cfg);

12
users/alfhj.nix
View File

@@ -1,12 +0,0 @@
{ config, pkgs, ... }:
{
users.users.alfhj = {
isNormalUser = true;
extraGroups = [ "wheel" ];
shell = if config.programs.zsh.enable then pkgs.zsh else pkgs.bash;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMCAYE0U3sFizm/NSbKCs0jEhZ1mpAWPcijFevejiFL1 alfhj"
];
};
}

12
users/amalieem.nix
View File

@@ -1,12 +0,0 @@
{ config, pkgs, ... }:
{
users.users.amalieem = {
isNormalUser = true;
extraGroups = [ "wheel" ];
shell = if config.programs.zsh.enable then pkgs.zsh else pkgs.bash;
openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPsMtFIj4Dem/onwMoWYbosOcU4y7A5nTjVwqWaU33E1 amalieem@matey-aug22"
];
};
}