Compare commits
7 Commits
5a3be3e3b4
...
daf9a4d539
Author | SHA1 | Date |
---|---|---|
Egor Savkin | daf9a4d539 | |
Egor Savkin | 6b28001c4e | |
Egor Savkin | 18194be5c3 | |
Sébastien Bourdeauducq | 7781d6236e | |
Sébastien Bourdeauducq | 93e19c74e9 | |
Sébastien Bourdeauducq | 4ccab3cf2b | |
Sebastien Bourdeauducq | 69fe8c9866 |
|
@ -620,6 +620,13 @@ in
|
|||
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBDXMbJEPn0mM2Bgt6eMAd+c0J5oPSvquZG+BxKdUf0qbeQldRaoB26NHMZnLte/fS00U/cqStLWDiwtEvH5WlbbawsMBymm65zbWMByebXhBDjdr6a1kkOFcKJvAL9qVBQ=="
|
||||
];
|
||||
};
|
||||
users.extraUsers.flo = {
|
||||
isNormalUser = true;
|
||||
extraGroups = ["afws"];
|
||||
openssh.authorizedKeys.keys = [
|
||||
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBF4ZYNBYqJPQCKBYjMatFj5eGMyzh/X2TSraJEG6XBdg3jnJ3WcsOd7sm+vx+o9Y1EJ2kvwW/Vy9c3OYVU2U45njox//sKtt8Eyzszws3EYJqHQ6KAwXtW9ao4aamRtK3Q=="
|
||||
];
|
||||
};
|
||||
users.extraUsers.derppening = {
|
||||
isNormalUser = true;
|
||||
openssh.authorizedKeys.keys = [
|
||||
|
@ -651,6 +658,10 @@ in
|
|||
job = web:web:web
|
||||
command = [ $(jq '.buildStatus' < $HYDRA_JSON) = 0 ] && ln -sfn $(jq -r '.outputs[0].path' < $HYDRA_JSON) ${hydraWwwOutputs}/web
|
||||
</runcommand>
|
||||
<runcommand>
|
||||
job = web:web:web-intl
|
||||
command = [ $(jq '.buildStatus' < $HYDRA_JSON) = 0 ] && ${pkgs.rsync}/bin/rsync -r -c $(jq -r '.outputs[0].path' < $HYDRA_JSON)/ zolaupd@5.78.86.156:/var/www/m-labs-intl.com/html/
|
||||
</runcommand>
|
||||
<runcommand>
|
||||
job = web:web:nmigen-docs
|
||||
command = [ $(jq '.buildStatus' < $HYDRA_JSON) = 0 ] && ln -sfn $(jq -r '.outputs[0].path' < $HYDRA_JSON) ${hydraWwwOutputs}/nmigen-docs
|
||||
|
@ -809,12 +820,20 @@ in
|
|||
siteUrl = "https://chat.m-labs.hk/";
|
||||
mutableConfig = true;
|
||||
};
|
||||
services.postgresql.package = pkgs.postgresql_12;
|
||||
services.matterbridge = {
|
||||
enable = true;
|
||||
configPath = "/etc/nixos/secret/matterbridge.toml";
|
||||
};
|
||||
|
||||
|
||||
services.postgresql = {
|
||||
package = pkgs.postgresql_12;
|
||||
settings.listen_addresses = pkgs.lib.mkForce "";
|
||||
identMap =
|
||||
''
|
||||
rt rt rt_user
|
||||
'';
|
||||
};
|
||||
|
||||
nixpkgs.config.packageOverrides = super: let self = super.pkgs; in {
|
||||
nix = super.nix.overrideAttrs(oa: {
|
||||
patches = oa.patches or [] ++ [ ./nix-networked-derivations.patch ];
|
||||
|
|
|
@ -14,7 +14,16 @@ $TTL 7200
|
|||
A 5.78.86.156
|
||||
AAAA 2a01:4ff:1f0:83de::1
|
||||
|
||||
MX 10 mail.m-labs-intl.com.
|
||||
TXT "v=spf1 mx -all"
|
||||
|
||||
mail A 5.78.86.156
|
||||
mail AAAA 2a01:4ff:1f0:83de::1
|
||||
mail._domainkey TXT "v=DKIM1; h=sha256; k=rsa; t=y; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2TBwMZv41/zbxAifWeT+JLrhJmJpZYjfV5YXb74nocDf+A8GiKmqu6C4fvh9hCozdLKeSzqxxwyEe/MmedX9ToIpGpXjHlW6qraCeknc4jSjvljVjj2HgOAHWeQSWy9MdUzxKmK9CTB0INXsm34WbyY+fSRDHAUQj60eCwlXAOxqhp9KsndI9kQW+CtkN7xjmyqzU1hLFCtZAleq+zTLCPbAFG7nigxfjM7qBBP8FodTkDv6Wz5hW4wqlIKJygBXoq5yYLQ/UyPhwLpTEAN6pxRVWmwXF4PROTmZ4Cd+RTLvm2CB5N6J9dVVjeVbAaYI/6cNPdB84tZZKYHGhE9nvwIDAQAB"
|
||||
_dmarc TXT "v=DMARC1; p=none"
|
||||
|
||||
ns A 94.190.212.123
|
||||
ns AAAA 2001:470:18:390::2
|
||||
|
||||
www CNAME @
|
||||
hooks CNAME @
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
$TTL 7200
|
||||
|
||||
@ SOA NS.XN--WBTZ5WPQAJ35CFXC.XN--J6W193G. sb.m-labs.hk. (
|
||||
2024060201
|
||||
2024080501
|
||||
7200
|
||||
3600
|
||||
86400
|
||||
|
@ -43,17 +43,7 @@ files CNAME @
|
|||
docs CNAME @
|
||||
|
||||
rpi-1 AAAA 2001:470:f891:1:dea6:32ff:fe8a:6a93
|
||||
rpi-2 AAAA 2001:470:f891:1:ba27:ebff:fef0:e9e6
|
||||
rpi-4 AAAA 2001:470:f891:1:dea6:32ff:fe14:fce9
|
||||
chiron AAAA 2001:470:f891:1:7f02:9ebf:bee9:3dc7
|
||||
old-nixbld AAAA 2001:470:f891:1:a07b:f49a:a4ef:aad9
|
||||
zeus AAAA 2001:470:f891:1:4fd7:e70a:68bf:e9c1
|
||||
franz AAAA 2001:470:f891:1:1b65:a743:2335:f5c6
|
||||
hera AAAA 2001:470:f891:1:8b5e:404d:ef4e:9d92
|
||||
hestia AAAA 2001:470:f891:1:881c:f409:a090:8401
|
||||
vulcan AAAA 2001:470:f891:1:105d:3f15:bd53:c5ac
|
||||
|
||||
aux A 42.200.147.171
|
||||
|
||||
router.alt A 103.206.98.200
|
||||
stewardship1.alt A 103.206.98.201
|
||||
|
|
|
@ -19,14 +19,9 @@ let
|
|||
Set($Timezone, '${cfg.timeZone}');
|
||||
|
||||
Set($DatabaseType, 'Pg');
|
||||
Set($DatabaseHost, 'localhost');
|
||||
Set($DatabaseUser, 'rt_user');
|
||||
Set($DatabaseHost, '/run/postgresql');
|
||||
Set($DatabaseUser, 'rt');
|
||||
Set($DatabaseName, 'rt5');
|
||||
# Read database password from file
|
||||
open my $fh, '<', '${cfg.dbPasswordFile}' or die 'Can\'t open file $!';
|
||||
my $dbpw = do { local $/; <$fh> };
|
||||
$dbpw =~ s/^\s+|\s+$//g;
|
||||
Set($DatabasePassword, $dbpw);
|
||||
|
||||
# System (Logging)
|
||||
Set($LogToSTDERR, undef); # Don't log twice
|
||||
|
@ -154,13 +149,6 @@ in {
|
|||
type = str;
|
||||
};
|
||||
|
||||
dbPasswordFile = mkOption {
|
||||
description = "File containing the database password";
|
||||
type = str;
|
||||
default = "/etc/nixos/secret/rtpasswd";
|
||||
internal = true;
|
||||
};
|
||||
|
||||
domain = mkOption {
|
||||
description = "Which domain RT is running on";
|
||||
type = str;
|
||||
|
@ -245,8 +233,6 @@ in {
|
|||
|
||||
PrivateNetwork = false;
|
||||
MemoryDenyWriteExecute = false;
|
||||
|
||||
ReadOnlyPaths = [ cfg.dbPasswordFile ];
|
||||
};
|
||||
|
||||
environment = {
|
||||
|
|
Loading…
Reference in New Issue