From 541a1f9721855d64cc856502575c47bdcb602837 Mon Sep 17 00:00:00 2001 From: Gabriel Simmer Date: Mon, 30 Oct 2023 12:26:56 +0000 Subject: [PATCH] add tunnel to nixinate --- flake.lock | 154 ++----------------------- flake.nix | 15 +++ nix/oracle-nix-cache/configuration.nix | 22 +++- 3 files changed, 44 insertions(+), 147 deletions(-) diff --git a/flake.lock b/flake.lock index ece13cc..6505215 100644 --- a/flake.lock +++ b/flake.lock @@ -1,21 +1,5 @@ { "nodes": { - "advisory-db": { - "flake": false, - "locked": { - "lastModified": 1697318478, - "narHash": "sha256-ZEDgHfurZiv9lBGTmHnQ0YECoi6H2NYs3pTo1VU1koQ=", - "owner": "rustsec", - "repo": "advisory-db", - "rev": "71d80e811f2e29a4b82d3e545ad6591e35227e03", - "type": "github" - }, - "original": { - "owner": "rustsec", - "repo": "advisory-db", - "type": "github" - } - }, "agenix": { "inputs": { "darwin": "darwin", @@ -88,27 +72,6 @@ "type": "github" } }, - "crane": { - "inputs": { - "nixpkgs": [ - "vrchat-prometheus-adapter", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1697811061, - "narHash": "sha256-NhSq9+Ya8vTqsKzHpSWNGYxto71VZ4THAx3hn6maoTs=", - "owner": "ipetkov", - "repo": "crane", - "rev": "6b229eec8adc685e2cb95f27ad59c22e82992f70", - "type": "github" - }, - "original": { - "owner": "ipetkov", - "repo": "crane", - "type": "github" - } - }, "darwin": { "inputs": { "nixpkgs": [ @@ -131,30 +94,6 @@ "type": "github" } }, - "fenix": { - "inputs": { - "nixpkgs": [ - "vrchat-prometheus-adapter", - "nixpkgs" - ], - "rust-analyzer-src": [ - "vrchat-prometheus-adapter" - ] - }, - "locked": { - "lastModified": 1697782927, - "narHash": "sha256-OikLtn3e0kR5ztHJbLzS/5mUMadXfgRGKA1BDgcTa60=", - "owner": "nix-community", - "repo": "fenix", - "rev": "e5f13bd304140705f6aba0f121cee7775d861897", - "type": "github" - }, - "original": { - "owner": "nix-community", - "repo": "fenix", - "type": "github" - } - }, "flake-compat": { "flake": false, "locked": { @@ -256,24 +195,6 @@ "type": "github" } }, - "flake-utils_4": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1694529238, - "narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "ff7b65b44d01cf9ba6a71320833626af21126384", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, "home-manager": { "inputs": { "nixpkgs": [ @@ -302,11 +223,11 @@ ] }, "locked": { - "lastModified": 1698392685, - "narHash": "sha256-yx/sbRneR2AfSAeAMqUu0hoVJdjh+qhl/7dkirp8yo8=", + "lastModified": 1698479159, + "narHash": "sha256-rJHBDwW4LbADEfhkgGHjKGfL2dF44NrlyXdXeZrQahs=", "owner": "nix-community", "repo": "home-manager", - "rev": "1369d2cefb6f128c30e42fabcdebbacc07e18b3f", + "rev": "f92a54fef4eacdbe86b0a2054054dd58b0e2a2a4", "type": "github" }, "original": { @@ -470,11 +391,11 @@ ] }, "locked": { - "lastModified": 1698354843, - "narHash": "sha256-eTsga6QxX9gVwC6zsUNs0UPyQX9hToVi5jSE0XUH42Y=", + "lastModified": 1698459598, + "narHash": "sha256-2etAvtTLoPsvEJ4P6rKnHE8Ipp6MVNMGlik1JqHdqL0=", "owner": "nix-community", "repo": "nixpkgs-wayland", - "rev": "50c2725465ab035b232ef8ae9b976f4ac25c772b", + "rev": "bcadcb13f0248fa7e6355a35c3c263fc76edc632", "type": "github" }, "original": { @@ -533,11 +454,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1698266953, - "narHash": "sha256-jf72t7pC8+8h8fUslUYbWTX5rKsRwOzRMX8jJsGqDXA=", + "lastModified": 1698336494, + "narHash": "sha256-sO72WDBKyijYD1GcKPlGsycKbMBiTJMBCnmOxLAs880=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "75a52265bda7fd25e06e3a67dee3f0354e73243c", + "rev": "808c0d8c53c7ae50f82aca8e7df263225cf235bf", "type": "github" }, "original": { @@ -578,22 +499,6 @@ "type": "github" } }, - "nixpkgs_8": { - "locked": { - "lastModified": 1697730408, - "narHash": "sha256-Ww//zzukdTrwTrCUkaJA/NsaLEfUfQpWZXBdXBYfhak=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "ff0a5a776b56e0ca32d47a4a47695452ec7f7d80", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixpkgs-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, "root": { "inputs": { "agenix": "agenix", @@ -604,8 +509,7 @@ "nixos-generators": "nixos-generators", "nixpkgs": "nixpkgs_5", "nixpkgs-wayland": "nixpkgs-wayland", - "terranix": "terranix", - "vrchat-prometheus-adapter": "vrchat-prometheus-adapter" + "terranix": "terranix" } }, "systems": { @@ -637,21 +541,6 @@ "type": "github" } }, - "systems_3": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "terranix": { "inputs": { "bats-assert": "bats-assert", @@ -731,29 +620,6 @@ "repo": "treefmt-nix", "type": "github" } - }, - "vrchat-prometheus-adapter": { - "inputs": { - "advisory-db": "advisory-db", - "crane": "crane", - "fenix": "fenix", - "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_8" - }, - "locked": { - "lastModified": 1698265247, - "narHash": "sha256-e8MyvjIUt8Yatqt93rlmQIuMSTJcsqFdfXZ/AwF7lCg=", - "ref": "master", - "rev": "012771f2fbb026dffac8b60a54d28a68ea82b83a", - "revCount": 13, - "type": "git", - "url": "https://git.gmem.ca/arch/vrchat-prometheus-adapter" - }, - "original": { - "ref": "master", - "type": "git", - "url": "https://git.gmem.ca/arch/vrchat-prometheus-adapter" - } } }, "root": "root", diff --git a/flake.nix b/flake.nix index f8e8385..ebe1992 100644 --- a/flake.nix +++ b/flake.nix @@ -147,6 +147,21 @@ } ]; }; + oracle-tunnel = nixpkgs.lib.nixosSystem { + system = "aarch64-linux"; + modules = [ + (import ./nix/oracle-nix-cache/configuration.nix) + { + _module.args.nixinate = { + host = "100.110.30.80"; + sshUser = "root"; + buildOn = "remote"; + substituteOnTarget = true; + hermetic = false; + }; + } + ]; + }; monitoring = nixpkgs.lib.nixosSystem { system = "aarch64-linux"; modules = [ diff --git a/nix/oracle-nix-cache/configuration.nix b/nix/oracle-nix-cache/configuration.nix index cfa203a..4464299 100644 --- a/nix/oracle-nix-cache/configuration.nix +++ b/nix/oracle-nix-cache/configuration.nix @@ -5,7 +5,7 @@ [ # Include the results of the hardware scan. ./hardware.nix ]; - + boot = { tmp.cleanOnBoot = true; }; @@ -102,6 +102,24 @@ ''; }; }; + "authentik.gmem.ca" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyWebsockets = true; + proxyPass = "https://pi.gmem.ca"; + recommendedProxySettings = true; + }; + }; + "prometheus.gmem.ca" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyWebsockets = true; + proxyPass = "https://pi.gmem.ca"; + recommendedProxySettings = true; + }; + }; }; }; }; @@ -113,8 +131,6 @@ }; }; - system.copySystemConfiguration = true; - system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT? }