arch/infra
arch
/
infra
1
0
Fork 0
Code Actions Packages

Formatting

This commit is contained in:
Gabriel Simmer 2024-04-24 13:55:10 +01:00
parent 8986d88304
commit 227ee9d92c
Signed by: arch
SSH Key Fingerprint: SHA256:m3OEcdtrnBpMX+2BDGh/byv3hrCekCLzDYMdvGEKPPQ
10 changed files with 199 additions and 194 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
flake.nix
View File

@ -163,26 +163,26 @@
libraries = [
pkgs.python3Packages.requests
];
flakeIgnore = [ "E501" ];
flakeIgnore = ["E501"];
}
''
import json
import requests
import os
import json
import requests
import os
auth = os.getenv("NEXTDNS_API_KEY")
g
with open('${self.packages.x86_64-linux.nextdns-rewrites}', 'r') as file:
rewrites = json.load(file)
auth = os.getenv("NEXTDNS_API_KEY")
for profile in rewrites:
for rewrite in rewrites[profile]:
print(json.dumps(rewrite))
req = requests.post(
f'https://api.nextdns.io/profiles/{profile}/rewrites', data=json.dumps(rewrite),
headers={'X-Api-Key': auth, 'Content-Type': 'application/json'}
)
print(req.text)
with open('${self.packages.x86_64-linux.nextdns-rewrites}', 'r') as file:
rewrites = json.load(file)
for profile in rewrites:
for rewrite in rewrites[profile]:
print(json.dumps(rewrite))
req = requests.post(
f'https://api.nextdns.io/profiles/{profile}/rewrites', data=json.dumps(rewrite),
headers={'X-Api-Key': auth, 'Content-Type': 'application/json'}
)
print(req.text)
'');
};

52
homelab/nitter-bot.nix
View File

@ -2,35 +2,35 @@ let
appName = "nitter-bot";
appImage = "git.gmem.ca/arch/nitter-bot:latest";
in
{
lib,
config,
kubenix,
...
}: {
kubernetes.resources.statefulSets.nitter-bot.spec = {
selector.matchLabels.app = appName;
serviceName = appName;
template = {
metadata.labels.app = appName;
spec = {
containers = {
nitter-bot = {
image = appImage;
envFrom = [{secretRef.name = "nitter-bot";}];
resources = {
requests = {
cpu = "1m";
memory = "32Mi";
};
limits = {
cpu = "1";
memory = "128Mi";
{
lib,
config,
kubenix,
...
}: {
kubernetes.resources.statefulSets.nitter-bot.spec = {
selector.matchLabels.app = appName;
serviceName = appName;
template = {
metadata.labels.app = appName;
spec = {
containers = {
nitter-bot = {
image = appImage;
envFrom = [{secretRef.name = "nitter-bot";}];
resources = {
requests = {
cpu = "1m";
memory = "32Mi";
};
limits = {
cpu = "1";
memory = "128Mi";
};
};
};
};
};
};
};
};
}
}

83
modules/vfio.nix
View File

@ -4,53 +4,52 @@ let
"1002:ab30" # Audio
];
in
{
pkgs,
lib,
config,
...
}: {
options.vfio.enable = with lib;
mkEnableOption "Configure the machine for VFIO";
{
pkgs,
lib,
config,
...
}: {
options.vfio.enable = with lib;
mkEnableOption "Configure the machine for VFIO";
config = let
cfg = config.vfio;
in {
boot = {
kernelModules = [ "kvm-amd" "vfio_pci" "vfio" "vfio_iommu_type1" "kvmfr" ];
extraModulePackages = with config.boot.kernelPackages; [
kvmfr
];
extraModprobeConfig = ''
# The memory size is calculates in the same way as VM's shmem.
options kvmfr static_size_mb=64
'';
config = let
cfg = config.vfio;
in {
boot = {
kernelModules = ["kvm-amd" "vfio_pci" "vfio" "vfio_iommu_type1" "kvmfr"];
extraModulePackages = with config.boot.kernelPackages; [
kvmfr
];
extraModprobeConfig = ''
# The memory size is calculates in the same way as VM's shmem.
options kvmfr static_size_mb=64
'';
kernelParams =
[
kernelParams = [
"amd_iommu=on"
"pcie_acs_override=downstream,multifunction"
"vfio-pci.ids=1002:744c,1002:ab30"
"pcie_aspm=off"
"pcie_aspm=off"
];
};
services.udev.extraRules = ''
SUBSYSTEM=="kvmfr", OWNER="gsimmer", GROUP="kvm", MODE="0660"
'';
hardware.opengl.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
virtualisation.libvirtd = {
qemu = {
verbatimConfig = ''
cgroup_device_acl = [
"/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
"/dev/rtc","/dev/hpet", "/dev/vfio/vfio",
"/dev/kvmfr0"
]
'';
};
services.udev.extraRules = ''
SUBSYSTEM=="kvmfr", OWNER="gsimmer", GROUP="kvm", MODE="0660"
'';
hardware.opengl.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
virtualisation.libvirtd = {
qemu = {
verbatimConfig = ''
cgroup_device_acl = [
"/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
"/dev/rtc","/dev/hpet", "/dev/vfio/vfio",
"/dev/kvmfr0"
]
'';
};
};
};
};
}
}

19
nix/dnsmasq-floof/configuration.nix
View File

@ -1,14 +1,16 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
config,
lib,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
age.secrets.dnsmasq-nextdns-profile = {
file = ../../secrets/dnsmasq-nextdns-profile.age;
@ -55,7 +57,7 @@
no-resolv = true;
bogus-priv = true;
strict-order = true;
server = ["2a07:a8c1::" "45.90.30.0" "2a07:a8c0::" "45.90.28.0" ];
server = ["2a07:a8c1::" "45.90.30.0" "2a07:a8c0::" "45.90.28.0"];
conf-file = "${config.age.secrets.dnsmasq-nextdns-profile.path}";
};
};
@ -75,5 +77,4 @@
};
system.stateVersion = "23.11"; # Did you read the comment?
}

54
nix/dnsmasq-floof/disk-config.nix
View File

@ -1,32 +1,32 @@
{
disko.devices = {
disk = {
my-disk = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
type = "EF00";
size = "500M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
disko.devices = {
disk = {
my-disk = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
type = "EF00";
size = "500M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

26
nix/dnsmasq-floof/hardware-configuration.nix
View File

@ -1,22 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
''${builtins.fetchTarball {
url = "https://github.com/nix-community/disko/archive/master.tar.gz";
sha256 = "0qyl65hs2j4f5ffj2lv5kb4hc1gradkqvv2j35hbdyiik155l4gn";
}}/module.nix''
./disk-config.nix
];
}}/module.nix''
./disk-config.nix
];
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

31
nix/dnsmasq/configuration.nix
View File

@ -1,14 +1,16 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... }:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
config,
lib,
pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
];
age.secrets.dnsmasq-nextdns-profile = {
file = ../../secrets/dnsmasq-nextdns-profile.age;
@ -29,11 +31,13 @@
hostName = "dnsmasq-cache"; # Define your hostname.
useDHCP = false;
interfaces.enp6s18.ipv4.addresses = [ {
address = "192.168.50.87";
prefixLength = 24;
} ];
nameservers = [ "1.1.1.1" "1.0.0.1" ];
interfaces.enp6s18.ipv4.addresses = [
{
address = "192.168.50.87";
prefixLength = 24;
}
];
nameservers = ["1.1.1.1" "1.0.0.1"];
firewall = {
enable = true;
allowedUDPPorts = [53];
@ -63,7 +67,7 @@
no-resolv = true;
bogus-priv = true;
strict-order = true;
server = ["2a07:a8c1::" "45.90.30.0" "2a07:a8c0::" "45.90.28.0" ];
server = ["2a07:a8c1::" "45.90.30.0" "2a07:a8c0::" "45.90.28.0"];
conf-file = "${config.age.secrets.dnsmasq-nextdns-profile.path}";
};
};
@ -83,5 +87,4 @@
};
system.stateVersion = "23.11"; # Did you read the comment?
}

54
nix/dnsmasq/disk-config.nix
View File

@ -1,32 +1,32 @@
{
disko.devices = {
disk = {
my-disk = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
type = "EF00";
size = "500M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
disko.devices = {
disk = {
my-disk = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
ESP = {
type = "EF00";
size = "500M";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
root = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
};
};
};
};
};
};
};
}

26
nix/dnsmasq/hardware-configuration.nix
View File

@ -1,22 +1,26 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
''${builtins.fetchTarball {
url = "https://github.com/nix-community/disko/archive/master.tar.gz";
sha256 = "0qyl65hs2j4f5ffj2lv5kb4hc1gradkqvv2j35hbdyiik155l4gn";
}}/module.nix''
./disk-config.nix
];
}}/module.nix''
./disk-config.nix
];
boot.initrd.availableKernelModules = [ "uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's

16
nix/monitoring/configuration.nix
View File

@ -104,7 +104,6 @@
max_chunk_age = "1h";
chunk_target_size = 999999;
chunk_retain_period = "30s";
max_transfer_retries = 0;
};
schema_config = {
@ -127,7 +126,6 @@
active_index_directory = "/var/lib/loki/boltdb-shipper-active";
cache_location = "/var/lib/loki/boltdb-shipper-cache";
cache_ttl = "24h";
shared_store = "filesystem";
};
filesystem = {
@ -140,10 +138,6 @@
reject_old_samples_max_age = "168h";
};
chunk_store_config = {
max_look_back_period = "0s";
};
table_manager = {
retention_deletes_enabled = false;
retention_period = "0s";
@ -151,7 +145,6 @@
compactor = {
working_directory = "/var/lib/loki";
shared_store = "filesystem";
compactor_ring = {
kvstore = {
store = "inmemory";
@ -329,10 +322,6 @@
job_name = "forgejo";
static_configs = [{targets = ["git.gmem.ca"];}];
}
{
job_name = "coredns";
static_configs = [{targets = ["vancouver:9253"];}];
}
{
job_name = "healthchecks";
scrape_interval = "60s";
@ -344,6 +333,11 @@
scrape_interval = "60s";
static_configs = [{targets = ["vancouver:6534"];}];
}
{
job_name = "dnsmasq";
scrape_interval = "10s";
static_configs = [{targets = ["100.102.19.124:9153" "100.92.113.87:9153"];}];
}
{
job_name = "blackbox_home";
metrics_path = "/probe";