StuRa/stura-infra
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nixfmt

Browse source
This commit is contained in:
goeranh 2026-02-25 20:13:18 +01:00
parent 6add85a106
commit 3e82d5f015
No known key found for this signature in database
5 changed files with 173 additions and 166 deletions
Download patch file Download diff file Expand all files Collapse all files

32
flake.nix
View file

@ -52,8 +52,14 @@
# copy install image to testserver and deploy the specified configuration to it # copy install image to testserver and deploy the specified configuration to it
"${name}-deploy-test" = nixpkgs.legacyPackages.x86_64-linux.writeShellScriptBin "deploy" '' "${name}-deploy-test" = nixpkgs.legacyPackages.x86_64-linux.writeShellScriptBin "deploy" ''
FILENAME="$(ls ${self.packages.x86_64-linux."installer-iso".outPath}/iso)" FILENAME="$(ls ${self.packages.x86_64-linux."installer-iso".outPath}/iso)"
scp ${self.packages.x86_64-linux."installer-iso".outPath}/iso/$FILENAME root@10.1.0.17:/var/lib/vz/template/iso/$FILENAME scp ${
ssh 10.1.0.17 "qm create $1 --name ${nixosConfigurations.${name}.config.networking.fqdn} --cores 4 --memory 4096 --sata1 file=/var/lib/vz/template/iso/$FILENAME,media=cdrom --scsi1 pool1:32 --scsihw virtio-scsi-single --net0 virtio,bridge=vmbr1 --description \"von goeranh mailserver flake genierierte wegwerf-vm <br> ${nixosConfigurations.${name}.config.networking.fqdn}\"" self.packages.x86_64-linux."installer-iso".outPath
}/iso/$FILENAME root@10.1.0.17:/var/lib/vz/template/iso/$FILENAME
ssh 10.1.0.17 "qm create $1 --name ${
nixosConfigurations.${name}.config.networking.fqdn
} --cores 4 --memory 4096 --sata1 file=/var/lib/vz/template/iso/$FILENAME,media=cdrom --scsi1 pool1:32 --scsihw virtio-scsi-single --net0 virtio,bridge=vmbr1 --description \"von goeranh mailserver flake genierierte wegwerf-vm <br> ${
nixosConfigurations.${name}.config.networking.fqdn
}\""
ssh 10.1.0.17 "qm start $1" ssh 10.1.0.17 "qm start $1"
# hardcoded deployment ip # hardcoded deployment ip
@ -67,12 +73,12 @@
} }
) )
{ } { }
( # filter all nixos configs containing installer (
builtins.filter (item: !nixpkgs.lib.hasInfix "-" item) ( # filter all nixos configs containing installer
builtins.attrNames nixosConfigurations builtins.filter (item: !nixpkgs.lib.hasInfix "-" item) (builtins.attrNames nixosConfigurations)
) )
) // // (
(let let
iso-config = nixpkgs.lib.nixosSystem { iso-config = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
@ -83,10 +89,12 @@
isNormalUser = true; isNormalUser = true;
}; };
users.users.root.openssh.authorizedKeys.keys = sshkeys; users.users.root.openssh.authorizedKeys.keys = sshkeys;
networking.interfaces.ens18.ipv4.addresses = [{ networking.interfaces.ens18.ipv4.addresses = [
{
address = "141.56.51.98"; address = "141.56.51.98";
prefixLength = 24; prefixLength = 24;
}]; }
];
services.getty.autologinUser = "root"; services.getty.autologinUser = "root";
services.openssh.enable = true; services.openssh.enable = true;
system.stateVersion = "25.11"; system.stateVersion = "25.11";
@ -96,10 +104,12 @@
} }
]; ];
}; };
in { in
{
installer-iso = iso-config.config.system.build.isoImage; installer-iso = iso-config.config.system.build.isoImage;
installer-vm = iso-config.config.system.build.vm; installer-vm = iso-config.config.system.build.vm;
}); }
);
nixosConfigurations = builtins.foldl' ( nixosConfigurations = builtins.foldl' (
result: input: result: input:

5
hosts/auth/authentik.nix
View file

@ -44,7 +44,10 @@
systemd.services.authentik-secrets-generator = { systemd.services.authentik-secrets-generator = {
enable = true; enable = true;
requiredBy = [ "authentik-secrets-setup.service" "authentik-worker.service" ]; requiredBy = [
"authentik-secrets-setup.service"
"authentik-worker.service"
];
script = '' script = ''
echo "AUTHENTIK_SECRET_KEY=$(${pkgs.openssl}/bin/openssl rand -hex 32)" > /var/lib/authentik_secret echo "AUTHENTIK_SECRET_KEY=$(${pkgs.openssl}/bin/openssl rand -hex 32)" > /var/lib/authentik_secret
''; '';

33
hosts/git/default.nix
View file

@ -29,21 +29,14 @@ in
]; ];
networking.hostName = "git"; networking.hostName = "git";
networking.domain = "test.htw.stura-dresden.de";
networking.interfaces.ens18.ipv4.addresses = [ networking.interfaces.ens18.ipv4.addresses = [
{ {
address = "167.235.225.23"; address = "141.56.51.97";
prefixLength = 32; prefixLength = 24;
} }
]; ];
networking.interfaces.ens18.ipv6.addresses = [ networking.defaultGateway.address = "141.56.51.254";
{
address = "2a01:4f8:c012:6bd7::1";
prefixLength = 32;
}
];
networking.defaultGateway.address = "172.31.1.1";
networking.nameservers = [ networking.nameservers = [
"9.9.9.9" "9.9.9.9"
"1.1.1.1" "1.1.1.1"
@ -56,27 +49,33 @@ in
server = { server = {
PROTOCOL = "http+unix"; PROTOCOL = "http+unix";
HTTP_ADDR = "/var/run/forgejo.sock"; HTTP_ADDR = "/run/forgejo/forgejo.sock";
ROOT_URL = "https://${config.networking.fqdn}"; ROOT_URL = "https://${config.networking.fqdn}";
}; };
oauth2_client = {
ENABLE_AUTO_REGISTRATION = "true";
REGISTER_EMAIL_CONFIRM = "false";
username = "email";
};
service = {
SHOW_REGISTRATION_BUTTON = "false";
};
}; };
}; };
services.nginx = { services.nginx = {
enable = true; enable = true;
virtualHosts."git.htw.stura-dresden.de" = { virtualHosts."${config.networking.fqdn}" = {
forceSSL = true;
enableACME = true;
locations."/" = { locations."/" = {
recommendedProxySettings = true; recommendedProxySettings = true;
proxyWebsockets = true; proxyWebsockets = true;
proxyPass = "http://unix:/var/run/forgejo.sock"; proxyPass = "http://unix:/run/forgejo/forgejo.sock";
}; };
}; };
}; };
# virtualisation.docker.enable = true;
security.acme.acceptTerms = true;
security.acme.defaults.email = "cert@stura.htw-dresden.de";
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [
25 25
80 80

42
hosts/proxy/default.nix
View file

@ -98,7 +98,8 @@ services = {
httpsPort = 443; httpsPort = 443;
}; };
}; };
in{ in
{
enable = true; enable = true;
config = '' config = ''
global global
@ -129,17 +130,15 @@ services = {
frontend http-in frontend http-in
bind *:80 bind *:80
${ ${lib.foldlAttrs (
lib.foldlAttrs(prev: name: value: prev + prev: name: value:
"acl is_${name} hdr(host) -i ${value.domain}\n" prev + "acl is_${name} hdr(host) -i ${value.domain}\n"
) "" forwards ) "" forwards}
}
${ ${lib.foldlAttrs (
lib.foldlAttrs(prev: name: value: prev + prev: name: value:
"use_backend ${name}_80 if is_${name}\n" prev + "use_backend ${name}_80 if is_${name}\n"
) "" forwards ) "" forwards}
}
default_backend plone_80 default_backend plone_80
@ -159,11 +158,10 @@ services = {
tcp-request content accept if { req_ssl_hello_type 1 } tcp-request content accept if { req_ssl_hello_type 1 }
# terminated here # terminated here
${ ${lib.foldlAttrs (
lib.foldlAttrs(prev: name: value: prev + prev: name: value:
"use_backend ${name}_443 if { req_ssl_sni -i ${value.domain} }\n" prev + "use_backend ${name}_443 if { req_ssl_sni -i ${value.domain} }\n"
) "" forwards ) "" forwards}
}
backend ssh_srs2 backend ssh_srs2
mode tcp mode tcp
@ -172,9 +170,10 @@ services = {
option tcpka option tcpka
server srs2 141.56.51.2:80 check server srs2 141.56.51.2:80 check
${ ${lib.foldlAttrs (
lib.foldlAttrs(prev: name: value: prev + prev: name: value:
'' prev
+ ''
backend ${name}_80 backend ${name}_80
mode http mode http
@ -184,14 +183,11 @@ services = {
server ${name} ${value.dest}:${builtins.toString value.httpsPort} check server ${name} ${value.dest}:${builtins.toString value.httpsPort} check
'' ''
) "" forwards ) "" forwards}
}
''; '';
}; };
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
openvpn openvpn
tcpdump tcpdump

1
hosts/redmine/default.nix
View file

@ -19,7 +19,6 @@
]; ];
networking.defaultGateway.address = "141.56.51.254"; networking.defaultGateway.address = "141.56.51.254";
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
security.acme.defaults.email = "cert@stura.htw-dresden.de"; security.acme.defaults.email = "cert@stura.htw-dresden.de";