DGNum/infrastructure
12
6
Fork 2
Code Issues 17 Pull requests 30 Projects 1 Releases Packages Wiki Activity Actions

chore(nixfmt): Format all files since nixfmt version changed
Some checks failed
Run pre-commit on all files / pre-commit (push) Waiting to run
Details
Check meta / check_dns (pull_request) Successful in 18s
Details
Check meta / check_meta (pull_request) Successful in 18s
Details
Check workflows / check_workflows (pull_request) Successful in 25s
Details
Build all the nodes / ap01 (pull_request) Successful in 1m11s
Details
Build all the nodes / bridge01 (pull_request) Successful in 1m55s
Details
Build all the nodes / geo01 (pull_request) Successful in 2m16s
Details
Build all the nodes / geo02 (pull_request) Successful in 1m52s
Details
Build all the nodes / netcore02 (pull_request) Successful in 34s
Details
Build all the nodes / compute01 (pull_request) Failing after 3m10s
Details
Build all the nodes / hypervisor02 (pull_request) Successful in 1m54s
Details
Build all the nodes / hypervisor01 (pull_request) Successful in 2m5s
Details
Build all the nodes / hypervisor03 (pull_request) Successful in 2m3s
Details
Build all the nodes / rescue01 (pull_request) Successful in 1m58s
Details
Build all the nodes / storage01 (pull_request) Successful in 2m0s
Details
Build all the nodes / tower01 (pull_request) Successful in 2m0s
Details
Build the shell / build-shell (pull_request) Successful in 33s
Details
Build all the nodes / web02 (pull_request) Successful in 1m54s
Details
Run pre-commit on all files / pre-commit (pull_request) Successful in 37s
Details
Build all the nodes / vault01 (pull_request) Successful in 2m6s
Details
Build all the nodes / web01 (pull_request) Successful in 2m32s
Details
Build all the nodes / web03 (pull_request) Successful in 1m37s
Details

Browse source
This commit is contained in:
sinavir 2025-01-07 11:35:06 +01:00
parent 599709baf1
commit 4fe4118009
No known key found for this signature in database
26 changed files with 212 additions and 174 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
default.nix
View file

@ -177,7 +177,8 @@ in
devShell = pkgs.mkShell { devShell = pkgs.mkShell {
name = "dgnum-infra"; name = "dgnum-infra";
packages = [ packages =
[
(pkgs.nixos-generators.overrideAttrs (_: { (pkgs.nixos-generators.overrideAttrs (_: {
version = "1.8.0-unstable"; version = "1.8.0-unstable";
src = sources.nixos-generators; src = sources.nixos-generators;
@ -194,7 +195,9 @@ in
}) })
(pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" { }) (pkgs.callPackage "${sources.agenix}/pkgs/agenix.nix" { })
(pkgs.callPackage "${sources.lon}/nix/packages/lon.nix" { }) (pkgs.callPackage "${sources.lon}/nix/packages/lon.nix" { })
] ++ git-checks.enabledPackages ++ (builtins.attrValues scripts); ]
++ git-checks.enabledPackages
++ (builtins.attrValues scripts);
shellHook = builtins.concatStringsSep "\n" [ shellHook = builtins.concatStringsSep "\n" [
git-checks.shellHook git-checks.shellHook

5
hive.nix
View file

@ -8,8 +8,9 @@ let
sources' = import ./npins; sources' = import ./npins;
# Patch sources directly # Patch sources directly
sources = builtins.mapAttrs (patch.base { pkgs = import sources'.nixos-unstable { }; }) sources =
.applyPatches' sources'; builtins.mapAttrs (patch.base { pkgs = import sources'.nixos-unstable { }; }).applyPatches'
sources';
nix-lib = import ./lib/nix-lib; nix-lib = import ./lib/nix-lib;
inherit (nix-lib) mapSingleFuse; inherit (nix-lib) mapSingleFuse;

6
lib/netconf-junos/protocols.nix
View file

@ -28,9 +28,9 @@ in
config.netconf.xmls.protocols = '' config.netconf.xmls.protocols = ''
<protocols> <protocols>
<rstp operation="replace"> <rstp operation="replace">
${ ${concatMapStringsSep "" (
concatMapStringsSep "" (intf: "<interface><name>${intf}</name></interface>") config.protocols.rstp intf: "<interface><name>${intf}</name></interface>"
} ) config.protocols.rstp}
</rstp> </rstp>
</protocols> </protocols>
''; '';

4
lib/nix-lib/nixpkgs.nix
View file

@ -79,7 +79,9 @@ rec {
f here values f here values
); );
in in
f [ ] [ f
[ ]
[
rhs rhs
lhs lhs
]; ];

4
machines/nixos/bridge01/secrets/secrets.nix
View file

@ -2,6 +2,8 @@
# #
# SPDX-License-Identifier: EUPL-1.2 # SPDX-License-Identifier: EUPL-1.2
(import ../../../../keys).mkSecrets [ "bridge01" ] [ (import ../../../../keys).mkSecrets
[ "bridge01" ]
[
# List of secrets for bridge01 # List of secrets for bridge01
] ]

4
machines/nixos/compute01/kanidm/secrets/secrets.nix
View file

@ -2,7 +2,9 @@
# #
# SPDX-License-Identifier: EUPL-1.2 # SPDX-License-Identifier: EUPL-1.2
(import ../../../../../keys).mkSecrets [ "compute01" ] [ (import ../../../../../keys).mkSecrets
[ "compute01" ]
[
"kanidm-password_admin" "kanidm-password_admin"
"kanidm-password_idm_admin" "kanidm-password_idm_admin"
] ]

3
machines/nixos/compute01/librenms/module.nix
View file

@ -401,7 +401,8 @@ in
"distributed_billing" = cfg.distributedPoller.distributedBilling; "distributed_billing" = cfg.distributedPoller.distributedBilling;
"distributed_poller_memcached_host" = cfg.distributedPoller.memcachedHost; "distributed_poller_memcached_host" = cfg.distributedPoller.memcachedHost;
"distributed_poller_memcached_port" = cfg.distributedPoller.memcachedPort; "distributed_poller_memcached_port" = cfg.distributedPoller.memcachedPort;
"rrdcached" = "${cfg.distributedPoller.rrdcachedHost}:${toString cfg.distributedPoller.rrdcachedPort}"; "rrdcached" =
"${cfg.distributedPoller.rrdcachedHost}:${toString cfg.distributedPoller.rrdcachedPort}";
}) })
// (lib.optionalAttrs cfg.useDistributedPollers { // (lib.optionalAttrs cfg.useDistributedPollers {
"distributed_poller" = true; "distributed_poller" = true;

3
machines/nixos/compute01/outline.nix
View file

@ -45,7 +45,8 @@ in
dgn-web.simpleProxies.outline = { dgn-web.simpleProxies.outline = {
inherit host port; inherit host port;
vhostConfig.locations."/robots.txt".return = ''200 "User-agent: *\nDisallow: /s/demarches-normaliennes/\n"''; vhostConfig.locations."/robots.txt".return =
''200 "User-agent: *\nDisallow: /s/demarches-normaliennes/\n"'';
}; };
age-secrets.autoMatch = [ "outline" ]; age-secrets.autoMatch = [ "outline" ];

4
machines/nixos/compute01/secrets/secrets.nix
View file

@ -2,7 +2,9 @@
# #
# SPDX-License-Identifier: EUPL-1.2 # SPDX-License-Identifier: EUPL-1.2
(import ../../../../keys).mkSecrets [ "compute01" ] [ (import ../../../../keys).mkSecrets
[ "compute01" ]
[
# List of secrets for compute01 # List of secrets for compute01
"arkheon-env_file" "arkheon-env_file"
"bupstash-put_key" "bupstash-put_key"

4
machines/nixos/geo01/secrets/secrets.nix
View file

@ -2,6 +2,8 @@
# #
# SPDX-License-Identifier: EUPL-1.2 # SPDX-License-Identifier: EUPL-1.2
(import ../../../../keys).mkSecrets [ "geo01" ] [ (import ../../../../keys).mkSecrets
[ "geo01" ]
[
# List of secrets for geo01 # List of secrets for geo01
] ]

4
machines/nixos/geo02/secrets/secrets.nix
View file

@ -2,6 +2,8 @@
# #
# SPDX-License-Identifier: EUPL-1.2 # SPDX-License-Identifier: EUPL-1.2
(import ../../../../keys).mkSecrets [ "geo02" ] [ (import ../../../../keys).mkSecrets
[ "geo02" ]
[
# List of secrets for geo02 # List of secrets for geo02
] ]

4
machines/nixos/hypervisor01/secrets/secrets.nix
View file

@ -2,6 +2,8 @@
# #
# SPDX-License-Identifer: EUPL-1.2 # SPDX-License-Identifer: EUPL-1.2
(import ../../../../keys).mkSecrets [ "hypervisor01" ] [ (import ../../../../keys).mkSecrets
[ "hypervisor01" ]
[
] ]

4
machines/nixos/hypervisor02/secrets/secrets.nix
View file

@ -2,6 +2,8 @@
# #
# SPDX-License-Identifer: EUPL-1.2 # SPDX-License-Identifer: EUPL-1.2
(import ../../../../keys).mkSecrets [ "hypervisor02" ] [ (import ../../../../keys).mkSecrets
[ "hypervisor02" ]
[
] ]

4
machines/nixos/hypervisor03/secrets/secrets.nix
View file

@ -2,6 +2,8 @@
# #
# SPDX-License-Identifer: EUPL-1.2 # SPDX-License-Identifer: EUPL-1.2
(import ../../../../keys).mkSecrets [ "hypervisor03" ] [ (import ../../../../keys).mkSecrets
[ "hypervisor03" ]
[
] ]

4
machines/nixos/rescue01/secrets/secrets.nix
View file

@ -2,7 +2,9 @@
# #
# SPDX-License-Identifier: EUPL-1.2 # SPDX-License-Identifier: EUPL-1.2
(import ../../../../keys).mkSecrets [ "rescue01" ] [ (import ../../../../keys).mkSecrets
[ "rescue01" ]
[
# List of secrets for rescue01 # List of secrets for rescue01
"stateless-uptime-kuma-password" "stateless-uptime-kuma-password"
] ]

4
machines/nixos/storage01/secrets/secrets.nix
View file

@ -2,7 +2,9 @@
# #
# SPDX-License-Identifier: EUPL-1.2 # SPDX-License-Identifier: EUPL-1.2
(import ../../../../keys).mkSecrets [ "storage01" ] [ (import ../../../../keys).mkSecrets
[ "storage01" ]
[
# List of secrets for storage01 # List of secrets for storage01
"bupstash-put_key" "bupstash-put_key"
"forgejo-mailer_password_file" "forgejo-mailer_password_file"

4
machines/nixos/tower01/secrets/secrets.nix
View file

@ -2,6 +2,8 @@
# #
# SPDX-License-Identifer: EUPL-1.2 # SPDX-License-Identifer: EUPL-1.2
(import ../../../../keys).mkSecrets [ "tower01" ] [ (import ../../../../keys).mkSecrets
[ "tower01" ]
[
] ]

12
machines/nixos/vault01/networking.nix
View file

@ -277,15 +277,13 @@ in
]; ];
script = '' script = ''
if ping -c 1 8.8.8.8 > /dev/null || ping -c 1 1.1.1.1 > /dev/null; then if ping -c 1 8.8.8.8 > /dev/null || ping -c 1 1.1.1.1 > /dev/null; then
${ ${lib.concatMapStringsSep "\n " (
lib.concatMapStringsSep "\n " ({ interfaceName, ... }: "networkctl up ${interfaceName}") userVlans { interfaceName, ... }: "networkctl up ${interfaceName}"
} ) userVlans}
else else
${ ${lib.concatMapStringsSep "\n " (
lib.concatMapStringsSep "\n " (
{ interfaceName, ... }: "networkctl down ${interfaceName}" { interfaceName, ... }: "networkctl down ${interfaceName}"
) userVlans ) userVlans}
}
fi fi
''; '';
}; };

4
machines/nixos/vault01/secrets/secrets.nix
View file

@ -2,7 +2,9 @@
# #
# SPDX-License-Identifier: EUPL-1.2 # SPDX-License-Identifier: EUPL-1.2
(import ../../../../keys).mkSecrets [ "vault01" ] [ (import ../../../../keys).mkSecrets
[ "vault01" ]
[
# List of secrets for vault01 # List of secrets for vault01
"radius-auth_token_file" "radius-auth_token_file"
"radius-ca_pem_file" "radius-ca_pem_file"

3
machines/nixos/web01/redirections.nix
View file

@ -35,8 +35,7 @@ in
"www.interq.ens.fr" = "interq.ens.fr"; "www.interq.ens.fr" = "interq.ens.fr";
}; };
temporary = temporary = {
{
}; };
retired = mkSubs { retired = mkSubs {

4
machines/nixos/web01/secrets/secrets.nix
View file

@ -2,7 +2,9 @@
# #
# SPDX-License-Identifier: EUPL-1.2 # SPDX-License-Identifier: EUPL-1.2
(import ../../../../keys).mkSecrets [ "web01" ] [ (import ../../../../keys).mkSecrets
[ "web01" ]
[
# List of secrets for web01 # List of secrets for web01
"acme-certs_secret" "acme-certs_secret"
"bupstash-put_key" "bupstash-put_key"

3
machines/nixos/web01/wordpress/default.nix
View file

@ -66,5 +66,6 @@ in
dgn-backups.jobs.containers.settings.paths = [ "/var/lib/nixos-containers" ]; dgn-backups.jobs.containers.settings.paths = [ "/var/lib/nixos-containers" ];
services.nginx.virtualHosts."bds.ens.fr".locations."/gestion2".return = "301 https://gestion.bds.ens.fr"; services.nginx.virtualHosts."bds.ens.fr".locations."/gestion2".return =
"301 https://gestion.bds.ens.fr";
} }

4
machines/nixos/web02/secrets/secrets.nix
View file

@ -2,7 +2,9 @@
# #
# SPDX-License-Identifier: EUPL-1.2 # SPDX-License-Identifier: EUPL-1.2
(import ../../../../keys).mkSecrets [ "web02" ] [ (import ../../../../keys).mkSecrets
[ "web02" ]
[
# List of secrets for web02 # List of secrets for web02
"cas_eleves-secret_key_file" "cas_eleves-secret_key_file"
"kadenios-secret_key_file" "kadenios-secret_key_file"

4
machines/nixos/web03/secrets/secrets.nix
View file

@ -2,7 +2,9 @@
# #
# SPDX-License-Identifier: EUPL-1.2 # SPDX-License-Identifier: EUPL-1.2
(import ../../../../keys).mkSecrets [ "web03" ] [ (import ../../../../keys).mkSecrets
[ "web03" ]
[
# List of secrets for web03 # List of secrets for web03
"bupstash-put_key" "bupstash-put_key"
"dj_annuaire-secret_key_file" "dj_annuaire-secret_key_file"

4
modules/nixos/dgn-backups/keys/secrets.nix
View file

@ -2,7 +2,9 @@
# #
# SPDX-License-Identifier: EUPL-1.2 # SPDX-License-Identifier: EUPL-1.2
(import ../../../../keys).mkSecrets [ ] [ (import ../../../../keys).mkSecrets
[ ]
[
"compute01.key" "compute01.key"
"storage01.key" "storage01.key"
"web01.key" "web01.key"