esavkin/it-infra
1
0
Fork 0
forked from M-Labs/it-infra
Code Pull Requests Activity

Compare commits

base: esavkin:64beca85af69e926f0a201c696b9181a1402f0dc
Branches Tags
esavkin:master
esavkin:uvolilsja
esavkin:34-network-addr-service-fix
esavkin:161-web-ph
esavkin:canonical-urls
esavkin:34-network-cycle-dependency-fix
esavkin:intl-upload-fix
M-Labs:master
...
compare: esavkin:5c53a69351795d2ada537ac62c238d7d8a852be5
Branches Tags
esavkin:uvolilsja
esavkin:master
esavkin:34-network-addr-service-fix
esavkin:161-web-ph
esavkin:canonical-urls
esavkin:34-network-cycle-dependency-fix
esavkin:intl-upload-fix
M-Labs:master

6 Commits
64beca85af ... 5c53a69351

Author SHA1 Message Date
Egor Savkin
5c53a69351 Resigned :) 
Signed-off-by: Egor Savkin <es@m-labs.hk>
 2025-03-28 11:41:52 +08:00
Sebastien Bourdeauducq
186ab7aef7 nixops: add GPU virtualization option on vulcan 2025-03-20 15:23:32 +08:00
Sébastien Bourdeauducq
a9a026d3d0 nixbld: switch nextcloud to psql 2025-03-19 16:20:39 +08:00
Sebastien Bourdeauducq
410c9487bb nixops: remove avscan module 2025-03-14 12:56:28 +08:00
Sebastien Bourdeauducq
209c7a838a nixbld: block blexbot 2025-03-14 12:26:37 +08:00
Florian Agbuya
4bc00bfce3 flarum: update core (1.8.10) and packages 2025-03-13 16:41:15 +08:00
7 changed files with 581 additions and 636 deletions
Show Stats Expand all files Collapse all files

4
nixbld-etc-nixos/configuration.nix
View File

@ -1161,7 +1161,7 @@ in
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://127.0.0.1:3001";
locations."/".extraConfig = "if ($http_user_agent ~* (ClaudeBot|GPTBot|AwarioBot|meta-externalagent|Amazonbot|DataForSeoBot|bingbot|Bytespider|AhrefsBot|SemrushBot)) { return 403; }";
locations."/".extraConfig = "if ($http_user_agent ~* (ClaudeBot|GPTBot|AwarioBot|meta-externalagent|Amazonbot|DataForSeoBot|bingbot|Bytespider|AhrefsBot|SemrushBot|BLEXBot)) { return 403; }";
extraConfig = ''
client_max_body_size 300M;
'';
@ -1355,6 +1355,8 @@ in
https = true;
maxUploadSize = "2G";
config.adminpassFile = "/etc/nixos/secret/nextcloud_pass.txt";
config.dbtype = "pgsql";
config.dbhost = "/run/postgresql";
settings.default_phone_region = "HK";
settings.log_type = "file";
phpOptions."opcache.interned_strings_buffer" = "12";

1145
nixbld-etc-nixos/flarum/composer.lock generated
View File

File diff suppressed because it is too large Load Diff

2
nixbld-etc-nixos/flarum/default.nix
View File

@ -23,7 +23,7 @@ php.buildComposerProject (finalAttrs: {
composerLock = ./composer.lock;
composerStrictValidation = false;
vendorHash = "sha256-rWvIKiQVyfvUprYfm/+Jdq+DO5qymyWp+Xh0c0nY2Cw=";
vendorHash = "sha256-S79nFpbLA1vJp8mKRVmQbdvO1LcUZThmgzQjVQDzmRM=";
meta = with lib; {
changelog = "https://github.com/flarum/framework/blob/main/CHANGELOG.md";

45
nixops/avscan-module.nix
View File

@ -1,45 +0,0 @@
{ config, pkgs, lib, ... }:
with lib;
let
avscan = pkgs.writeScript "avscan" ''
#!${pkgs.bash}/bin/bash
for user in $(cut -d":" -f1 /etc/passwd); do
if [ -d "/home/$user" ]; then
nice -15 ${pkgs.sudo}/bin/sudo -u $user ${pkgs.clamav}/bin/clamscan --recursive --quiet --infected /home/$user
fi
done
'';
cfg = config.services.avscan;
in
{
options.services.avscan = {
enable = mkOption {
type = types.bool;
default = false;
description = "Enable antivirus scan";
};
};
config = mkIf cfg.enable {
services.clamav.updater.enable = true;
services.clamav.updater.interval = "daily";
services.clamav.updater.frequency = 1;
systemd.services.avscan = {
description = "Antivirus scan";
serviceConfig = {
Type = "oneshot";
User = "root";
Group = "root";
ExecStart = "${avscan}";
};
};
systemd.timers.avscan = {
description = "Antivirus scan";
wantedBy = [ "timers.target" ];
timerConfig.OnCalendar = "Mon *-*-* 13:00:00";
};
};
}

7
nixops/common-users.nix
View File

@ -55,13 +55,6 @@
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBMoGOV9HoFkm6S6zMfOc8ivUcGzKFxuqpmOXKQtg2nn5Kh6ByMuuAHFlvKISILBaWgXN8lPQN9VjLuXV93oG4Pe7u8EVw20IGbA6RZ4Pnnr1xQBESPbye+72taLvyQlxGA=="
];
};
esavkin = {
isNormalUser = true;
extraGroups = ["plugdev" "dialout" "libvirtd" "wireshark"];
openssh.authorizedKeys.keys = [
"ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBLDJI4GFLBmScbeR8Jh4Gi8A/2nuGlYtFTJVT+Es/bzdiPRk8DLG62T0hyRR+8LfHjbrCsDuYFNztT8hHGXd7h3xp3y2X7ArkJo8xUK5QxGd5D2Zn4ANfZTTVkoGlEHbFA=="
];
};
flo = {
isNormalUser = true;
extraGroups = ["plugdev" "dialout"];

3
nixops/desktop.nix
View File

@ -17,7 +17,6 @@ in
imports =
[
(./. + "/${host}-hardware-configuration.nix")
./avscan-module.nix
];
nixpkgs.config.packageOverrides = super: let self = super.pkgs; in {
libp11 = super.libp11.override({ openssl = super.openssl_1_1; });
@ -91,8 +90,6 @@ in
setuid = true;
};
services.avscan.enable = true;
services.openssh.enable = true;
services.openssh.authorizedKeysInHomedir = false;
services.openssh.settings.PasswordAuthentication = false;

11
nixops/vulcan-hardware-configuration.nix
View File

@ -38,4 +38,15 @@
hardware.cpu.intel.updateMicrocode = true;
system.stateVersion = "23.05";
specialisation.virtualgpu = {
configuration = {
boot.kernelModules = [ "vfio_pci" "vfio" ];
boot.kernelParams = [ "intel_iommu=on" ];
boot.extraModprobeConfig =
''
options vfio-pci ids=1002:67df,1002:aaf0
'';
};
};
}