temmie/nfs-mounts: generate systemd units ourselves

README.md

@@ -43,7 +43,6 @@ revert the changes on the next nightly rebuild (tends to happen when everybody i
 | [kommode][kom]             | Virtual  | Gitea + Gitea pages                                       |
 | [lupine][lup]              | Physical | Gitea CI/CD runners                                       |
 |  shark                     | Virtual  | Test host for authentication, absolutely horrendous       |
-| [skrott][skr]              | Physical | Kiosk, snacks and soda                                    |
 | [wenche][wen]              | Virtual  | Nix-builders, general purpose compute                     |
 
 ## Documentation
@@ -60,5 +59,4 @@ revert the changes on the next nightly rebuild (tends to happen when everybody i
 [ild]: https://wiki.pvv.ntnu.no/wiki/Maskiner/ildkule
 [kom]: https://wiki.pvv.ntnu.no/wiki/Maskiner/kommode
 [lup]: https://wiki.pvv.ntnu.no/wiki/Maskiner/lupine
-[skr]: https://wiki.pvv.ntnu.no/wiki/Maskiner/Skrott
 [wen]: https://wiki.pvv.ntnu.no/wiki/Maskiner/wenche

base/default.nix

@@ -81,7 +81,7 @@
     AllowHibernation=no
   '';
 
-  # users.mutableUsers = lib.mkDefault false;
+  users.mutableUsers = lib.mkDefault false;
 
   users.groups."drift".name = "drift";
 

flake.lock

@@ -8,11 +8,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1769362210,
-        "narHash": "sha256-QCQD7Ofin5UYL0i5Sv34gfJ0p5pv1hwZspE/Ufe84L8=",
+        "lastModified": 1768138611,
+        "narHash": "sha256-KfZX6wpuwE2IRKLjh0DrEviE4f6kqLJWwKIE5QJSqa4=",
         "ref": "main",
-        "rev": "1d01e1b2cb8fb2adee96c0b4f065c43c45eae290",
-        "revCount": 229,
+        "rev": "cb385097dcda5fb9772f903688d078b30a66ccd4",
+        "revCount": 221,
         "type": "git",
         "url": "https://git.pvv.ntnu.no/Projects/dibbler.git"
       },

flake.nix

@@ -69,7 +69,8 @@
   in {
     inputs = lib.mapAttrs (_: src: src.outPath) inputs;
 
-    pkgs = forAllSystems (system: import nixpkgs {
+    pkgs = forAllSystems (system:
+      import nixpkgs {
         inherit system;
         config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg)
           [
@@ -79,44 +80,26 @@
       });
 
     nixosConfigurations = let
+      unstablePkgs = nixpkgs-unstable.legacyPackages.x86_64-linux;
+
       nixosConfig =
         nixpkgs:
         name:
         configurationPath:
         extraArgs@{
-          localSystem ? "x86_64-linux", # buildPlatform
-          crossSystem ? "x86_64-linux", # hostPlatform
+          system ? "x86_64-linux",
           specialArgs ? { },
           modules ? [ ],
           overlays ? [ ],
           enableDefaults ? true,
           ...
         }:
-        let
-          commonPkgsConfig = {
-            inherit localSystem crossSystem;
-            config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg)
-              [
-                "nvidia-x11"
-                "nvidia-settings"
-              ];
-            overlays = (lib.optionals enableDefaults [
-              # Global overlays go here
-              inputs.roowho2.overlays.default
-            ]) ++ overlays;
-          };
-
-          pkgs = import nixpkgs commonPkgsConfig;
-          unstablePkgs = import nixpkgs-unstable commonPkgsConfig;
-        in
         lib.nixosSystem (lib.recursiveUpdate
         {
-          system = crossSystem;
-
-          inherit pkgs;
+          inherit system;
 
           specialArgs = {
-            inherit inputs unstablePkgs;
+            inherit unstablePkgs inputs;
             values = import ./values.nix;
             fp = path: ./${path};
           } // specialArgs;
@@ -130,10 +113,22 @@
             sops-nix.nixosModules.sops
             inputs.roowho2.nixosModules.default
           ]) ++ modules;
+
+          pkgs = import nixpkgs {
+            inherit system;
+            config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg)
+              [
+                "nvidia-x11"
+                "nvidia-settings"
+              ];
+            overlays = (lib.optionals enableDefaults [
+              # Global overlays go here
+              inputs.roowho2.overlays.default
+            ]) ++ overlays;
+          };
         }
         (builtins.removeAttrs extraArgs [
-          "localSystem"
-          "crossSystem"
+          "system"
           "modules"
           "overlays"
           "specialArgs"
@@ -168,6 +163,7 @@
       bekkalokk = stableNixosConfig "bekkalokk" {
         overlays = [
           (final: prev: {
+            heimdal = unstablePkgs.heimdal;
             mediawiki-extensions = final.callPackage ./packages/mediawiki-extensions { };
             simplesamlphp = final.callPackage ./packages/simplesamlphp { };
             bluemap = final.callPackage ./packages/bluemap.nix { };
@@ -226,7 +222,7 @@
         ];
       };
       skrott = stableNixosConfig "skrott" {
-        crossSystem = "aarch64-linux";
+        system = "aarch64-linux";
         modules = [
           (nixpkgs + "/nixos/modules/installer/sd-card/sd-image-aarch64.nix")
           inputs.dibbler.nixosModules.default

hosts/gluttony/configuration.nix

@@ -10,16 +10,9 @@
     (fp /base)
   ];
 
+  boot.loader.systemd-boot.enable = false;
+
   systemd.network.enable = lib.mkForce false;
-  boot.binfmt.emulatedSystems = [ "aarch64-linux" ];
-
-  boot.loader = {
-    systemd-boot.enable = false; # no uefi support on this device
-    grub.device = "/dev/sda";
-    grub.enable = true;
-  };
-  boot.tmp.cleanOnBoot = true;
-
   networking =
     let
       hostConf = values.hosts.gluttony;

hosts/skrott/configuration.nix

@@ -1,12 +1,10 @@
-{ config, pkgs, lib, fp, values, ... }: {
+{ config, pkgs, lib, fp, ... }: {
   imports = [
     # ./hardware-configuration.nix
 
     (fp /base)
   ];
 
-  sops.defaultSopsFile = fp /secrets/skrott/skrott.yaml;
-
   boot = {
     consoleLogLevel = 0;
     enableContainers = false;
@@ -21,17 +19,11 @@
   services.logrotate.enable = lib.mkForce false;
   services.nginx.enable = lib.mkForce false;
   services.postfix.enable = lib.mkForce false;
-  services.smartd.enable = lib.mkForce false;
-  services.udisks2.enable = lib.mkForce false;
-  services.thermald.enable = lib.mkForce false;
-  services.promtail.enable = lib.mkForce false;
-  boot.supportedFilesystems.zfs = lib.mkForce false;
-  documentation.enable = lib.mkForce false;
 
   # TODO: can we reduce further?
 
   sops.secrets = {
-    "dibbler/postgresql/password" = {
+    "dibbler/postgresql/url" = {
       owner = "dibbler";
       group = "dibbler";
     };
@@ -41,16 +33,10 @@
 
   networking = {
     hostName = "skrot";
-    defaultGateway = values.hosts.gateway;
-    defaultGateway6 = values.hosts.gateway6;
     interfaces.eth0 = {
       useDHCP = false;
       ipv4.addresses = [{
-        address = values.hosts.skrott.ipv4;
-        prefixLength = 25;
-      }];
-      ipv6.addresses = [{
-        address = values.hosts.skrott.ipv6;
+        address = "129.241.210.235";
         prefixLength = 25;
       }];
     };
@@ -64,15 +50,7 @@
 
     settings = {
       general.quit_allowed = false;
-      database = {
-        type = "postgresql";
-        postgresql = {
-          username = "pvv_vv";
-          dbname = "pvv_vv";
-          host = "postgres.pvv.ntnu.no";
-          password_file = config.sops.secrets."dibbler/postgresql/password".path;
-        };
-      };
+      database.url = config.sops.secrets."dibbler/postgresql/url".path;
     };
   };
 
@@ -89,5 +67,5 @@
 
   # Don't change (even during upgrades) unless you know what you are doing.
   # See https://search.nixos.org/options?show=system.stateVersion
-  system.stateVersion = "25.11";
+  system.stateVersion = "25.05";
 }

hosts/temmie/configuration.nix

@@ -6,7 +6,6 @@
       (fp /base)
 
       ./services/nfs-mounts.nix
-    ./services/userweb.nix
     ];
 
   systemd.network.networks."30-ens18" = values.defaultNetworkConfig // {
@@ -14,8 +13,6 @@
     address = with values.hosts.temmie; [ (ipv4 + "/25") (ipv6 + "/64") ];
   };
 
-  services.nginx.enable = false;
-
   services.qemuGuest.enable = true;
 
   # Don't change (even during upgrades) unless you know what you are doing.

hosts/temmie/services/nfs-mounts.nix

@@ -1,19 +1,14 @@
-{ lib, values, ... }:
+{ lib, ... }:
 let
   # See microbel:/etc/exports
   letters = [ "a" "b" "c" "d"  "h" "i" "j" "k" "l" "m" "z" ];
 in
 {
-  systemd.targets."pvv-homedirs" = {
-    description = "PVV Homedir Partitions";
-  };
-
   systemd.mounts = map (l: {
-    description = "PVV Homedir Partition ${l}";
+    description = "PVV Homedirs Partition ${l}";
 
     before = [ "remote-fs.target" ];
     wantedBy = [ "multi-user.target" ];
-    requiredBy = [ "pvv-homedirs.target" ];
 
     type = "nfs";
     what = "homepvv${l}.pvv.ntnu.no:/export/home/pvv/${l}";
@@ -21,27 +16,10 @@ in
 
     options = lib.concatStringsSep "," [
       "nfsvers=3"
-
-      # NOTE: this is a bit unfortunate. The address above seems to resolve to IPv6 sometimes,
-      #       and it doesn't seem possible to specify proto=tcp,tcp6, meaning we have to tell
-      #       NFS which exact address to use here, despite it being specified in the `what` attr :\
       "proto=tcp"
-      "addr=${values.hosts.microbel.ipv4}"
-      "mountproto=tcp"
-      "mounthost=${values.hosts.microbel.ipv4}"
-      "port=2049"
-
-      # NOTE: this is yet more unfortunate. When enabling locking, it will sometimes complain about connection failed.
-      #       dmesg(1) reveals that it has something to do with registering the lockdv1 RPC service (errno: 111), not
-      #       quite sure how to fix it. Living life on dangerous mode for now.
-      "nolock"
-
-      # Don't wait on every read/write
+      "auto"
       "async"
 
-      # Always keep mounted
-      "noauto"
-
       # We don't want to update access time constantly
       "noatime"
 
@@ -57,4 +35,17 @@ in
       # "noexec"
     ];
   }) letters;
+
+  systemd.automounts = map (l: {
+    description = "PVV Homedirs Partition ${l}";
+
+    wantedBy = [ "multi-user.target" ];
+
+    where = "/run/pvv-home-mounts/${l}";
+
+    automountConfig = {
+      # Unmount if not accessed in 5 mins
+      TimeoutIdleSec = "5min";
+    };
+  }) letters;
 }

hosts/temmie/services/userweb.nix

@@ -1,29 +0,0 @@
-{ ... }:
-{
-  services.httpd = {
-    enable = true;
-
-    # extraModules = [];
-
-    # virtualHosts."userweb.pvv.ntnu.no" = {
-    virtualHosts."temmie.pvv.ntnu.no" = {
-
-      forceSSL = true;
-      enableACME = true;
-    };
-  };
-
-  systemd.services.httpd = {
-    after = [ "pvv-homedirs.target" ];
-    requires = [ "pvv-homedirs.target" ];
-
-    serviceConfig = {
-      ProtectHome = "tmpfs";
-      BindPaths = let
-        letters = [ "a" "b" "c" "d"  "h" "i" "j" "k" "l" "m" "z" ];
-      in map (l: "/run/pvv-home-mounts/${l}:/home/pvv/${l}") letters;
-    };
-  };
-
-  # TODO: create phpfpm pools with php environments that contain packages similar to those present on tom
-}

secrets/skrott/skrott.yaml

@@ -1,6 +1,6 @@
 dibbler:
     postgresql:
-        password: ENC[AES256_GCM,data:2n85TO709GJc7/qoYp2RXO8Ttfo=,iv:5ZCZPEQQXPGYfDd1qPhDwDfm1Gds1M8PEX9IiCsHcrw=,tag:PAseyFBAe56pLj5Uv8Jd7A==,type:str]
+        url: ENC[AES256_GCM,data:rHmeviBKp5b33gZ+nRweJ9YSobG4OSOxypMcyGb3/Za5DyVjydEgWBkcugrLuy1fUYIu1UV93JizCRLqOOsNkg7ON2AGhw==,iv:mWgLeAmnVaRNuKI4jIKRtW5ZPjnt2tGqjfDbZkuAIXk=,tag:iHSkFcMmTWEFlIH7lVmN1Q==,type:str]
 sops:
     age:
         - recipient: age1ug30gg4y7ftuya0wdv7q0vh4egn00wlv2th7mt7cgc2ze46wmvyq9lq6ge
@@ -48,8 +48,8 @@ sops:
             ZE5tMXJOYlFMOVNJU3FEZFB4TlZ1U00KHnunzKMy91oc92ptcaKCE1sfkhFGvf0S
             vRX/nyQnBGqD3X3yfvkt+aQnoLxcjoanpJVM9VeigyPu1mRg0OOxXg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2026-01-25T14:03:57Z"
-    mac: ENC[AES256_GCM,data:RBf3LjVNSclsPN7I4QPaDUjWbKlaccjk3rzsRNdRe3+OvJSd7MsS9RfpUFCqUtO7ZkkocXHmkHA8z8LNxs6vejT9czMsLLQD14qHZS6fFdTnToOx3Kt5UuviPO/2UryVI+6HWORkH1aqFJhzkSMop2TO5mzuOTfbCEBLYUUuS6s=,iv:NQs8O1hIbjzGBTZo+gCuisj3edraFGk/Y146HmfPmQY=,tag:4g9IXw2UFC5V9EIHuWJqdA==,type:str]
+    lastmodified: "2026-01-11T17:28:43Z"
+    mac: ENC[AES256_GCM,data:l43vquKg33LndSXOm0hsPcalQRXjqbb30QvptXuBsmQrcEVVh20Aqp92l+rwgv60P03ZtK4SKxm/udVVoqViFTwCLYtCC5GEn4OqbD94LQKzl+XLe7yLWwv2WF8ueu170YpZ97uFxUrhOoaOaKUgnAV+4CocixG5hfadpqA3yYE=,iv:a6RRILzz4gDUuiSZPVoqjlIMu4NZG+D5Q+brusfh9PU=,tag:Y8nKbnctjka44eH15x8oCA==,type:str]
     pgp:
         - created_at: "2026-01-11T17:12:49Z"
           enc: |-

topology/default.nix

@@ -53,7 +53,7 @@ in {
   nodes.ntnu-pvv-router = mkRouter "NTNU PVV Gateway" {
     interfaceGroups = [ ["wan1"] ["eth1"] ];
     connections.eth1 = mkConnection "knutsen" "em1";
-    interfaces.eth1.network = "ntnu";
+    interfaces.eth1.network = "pvv";
   };
 
   nodes.knutsen = mkRouter "knutsen" {
@@ -82,8 +82,6 @@ in {
         (mkConnection "buskerud" "eth1")
         # (mkConnection "knutsen" "eth1")
         (mkConnection "powerpuff-cluster" "eth1")
-        (mkConnection "powerpuff-cluster" "eth2")
-        (mkConnection "powerpuff-cluster" "eth3")
         (mkConnection "lupine-1" "enp0s31f6")
         (mkConnection "lupine-2" "enp0s31f6")
         (mkConnection "lupine-3" "enp0s31f6")
@@ -141,7 +139,7 @@ in {
 
     hardware.info = "Dell PowerEdge R730 x 3";
 
-    interfaceGroups = [ [ "eth1" "eth2" "eth3" ] ];
+    interfaceGroups = [ [ "eth1" ] ];
 
     services = {
       proxmox = {
@@ -169,13 +167,6 @@ in {
     interfaces.ens18.network = "pvv";
   };
 
-  nodes.temmie = {
-    guestType = "proxmox";
-    parent = config.nodes.powerpuff-cluster.id;
-
-    interfaces.ens18.network = "pvv";
-  };
-
   nodes.ustetind = {
     guestType = "proxmox LXC";
     parent = config.nodes.powerpuff-cluster.id;
@@ -228,7 +219,7 @@ in {
         (mkConnection "demiurgen" "eno1")
         (mkConnection "sanctuary" "ethernet_0")
         (mkConnection "torskas" "eth0")
-        (mkConnection "skrot" "eth0")
+        (mkConnection "skrott" "eth0")
         (mkConnection "homeassistant" "eth0")
         (mkConnection "orchid" "eth0")
         (mkConnection "principal" "em0")
@@ -258,12 +249,6 @@ in {
 
     interfaces.ens4.network = "ntnu";
   };
-  nodes.gluttony = {
-    guestType = "openstack";
-    parent = config.nodes.stackit.id;
-
-    interfaces.ens3.network = "ntnu";
-  };
   nodes.wenche = {
     guestType = "openstack";
     parent = config.nodes.stackit.id;

topology/non-nixos-machines.nix

@@ -290,6 +290,21 @@ in {
     };
   };
 
+  nodes.skrott = mkDevice "skrott" {
+    # TODO: the interface name is likely wrong
+    interfaceGroups = [ [ "eth0" ] ];
+    interfaces.eth0 = {
+      # mac = "";
+      addresses = [
+        "129.241.210.235"
+      ];
+      gateways = [
+        values.hosts.gateway
+        values.hosts.gateway6
+      ];
+    };
+  };
+
   nodes.torskas = mkDevice "torskas" {
     deviceIcon = "${pkgs.super-tiny-icons}/share/icons/SuperTinyIcons/svg/arch_linux.svg";
 

users/felixalb.nix

@@ -9,9 +9,8 @@
     ];
     shell = pkgs.zsh;
     openssh.authorizedKeys.keys = [
+      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalbrigtsen@gmail.com"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTXSL0w7OUcz1LzEt1T3I3K5RgyNV+MYz0x/1RbpDHQ felixalb@worf"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalb@pvv.ntnu.no"
-      "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJky33ynjqyWP+hh24gFCMFIEqe3CjIIowGM9jiPbT79 felixalb@sisko.home.feal.no"
     ];
   };
 }

values.nix

@@ -69,18 +69,10 @@ in rec {
       ipv4 = pvv-ipv4 223;
       ipv6 = pvv-ipv6 223;
     };
-    microbel = {
-      ipv4 = pvv-ipv4 179;
-      ipv6 = pvv-ipv6 "1:2";
-    };
     ustetind = {
       ipv4 = pvv-ipv4 234;
       ipv6 = pvv-ipv6 234;
     };
-    skrott = {
-      ipv4 = pvv-ipv4 235;
-      ipv6 = pvv-ipv6 235;
-    };
     temmie = {
       ipv4 = pvv-ipv4 167;
       ipv6 = pvv-ipv6 167;