arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

format with alejandra style
All checks were successful
Lint / lint (push) Successful in 18s
Details
Build Pi NixOS Image / sync (push) Successful in 26m51s
Details

Browse source
This commit is contained in:
Gabriel Simmer 2024-02-05 13:13:44 +00:00
parent 02a87f0294
commit 9439acf4d1
Signed by: arch
SSH key fingerprint: SHA256:m3OEcdtrnBpMX+2BDGh/byv3hrCekCLzDYMdvGEKPPQ
41 changed files with 1765 additions and 1355 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
flake.nix
View file

@ -22,24 +22,39 @@
kubenix.url = "github:hall/kubenix"; kubenix.url = "github:hall/kubenix";
}; };
outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix, alertmanager-ntfy, nixpkgs-wayland, kubenix, kde2nix }@inputs: outputs = {
let self,
nixpkgs,
nixos-generators,
nixinate,
home-manager,
agenix,
terranix,
alertmanager-ntfy,
nixpkgs-wayland,
kubenix,
kde2nix,
} @ inputs: let
pkgs = nixpkgs.legacyPackages.x86_64-linux; pkgs = nixpkgs.legacyPackages.x86_64-linux;
tf = terranix.lib.terranixConfiguration { tf = terranix.lib.terranixConfiguration {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [./terraform/main.nix]; modules = [./terraform/main.nix];
}; };
in { in {
devShells.x86_64-linux.default = with pkgs; mkShell { devShells.x86_64-linux.default = with pkgs;
shellHook = mkShell {
'' shellHook = ''
set -o allexport set -o allexport
source .env set source .env set
set +o allexport set +o allexport
''; '';
nativeBuildInputs = [ nativeBuildInputs = [
jq opentofu kubectl jq
k9s terraform-ls kubernetes-helm opentofu
kubectl
k9s
terraform-ls
kubernetes-helm
nil nil
]; ];
buildInputs = []; buildInputs = [];
@ -55,15 +70,22 @@
}; };
}; };
packages.x86_64-linux = { packages.x86_64-linux = {
kubernetes = (kubenix.evalModules.x86_64-linux { kubernetes =
(kubenix.evalModules.x86_64-linux {
module = {kubenix, ...}: { module = {kubenix, ...}: {
imports = [ imports = [
kubenix.modules.k8s ./homelab/kubernetes.nix kubenix.modules.k8s
./homelab/kubernetes.nix
]; ];
}; };
}).config.kubernetes.result; })
.config
.kubernetes
.result;
}; };
apps = nixinate.nixinate.x86_64-linux self // { apps =
nixinate.nixinate.x86_64-linux self
// {
x86_64-linux = { x86_64-linux = {
kube-apply = { kube-apply = {
type = "app"; type = "app";
@ -113,8 +135,12 @@
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.users.gsimmer = import ./nix/london/gsimmer.nix; home-manager.users.gsimmer = import ./nix/london/gsimmer.nix;
} }
({pkgs, config, ... }: (
{ {
pkgs,
config,
...
}: {
config = { config = {
nix.settings = { nix.settings = {
# add binary caches # add binary caches

7
homelab/cloudflare-exporter.nix
View file

@ -1,4 +1,9 @@
{ lib, config, kubenix, ... }: { {
lib,
config,
kubenix,
...
}: {
kubernetes.helm.releases.cloudflare-exporter = { kubernetes.helm.releases.cloudflare-exporter = {
namespace = "default"; namespace = "default";
chart = kubenix.lib.helm.fetch { chart = kubenix.lib.helm.fetch {

32
homelab/conduit.nix
View file

@ -27,9 +27,15 @@ in
imagePullPolicy = "Always"; imagePullPolicy = "Always";
ports.http.containerPort = 6167; ports.http.containerPort = 6167;
volumeMounts = [ volumeMounts = [
{ name = "data"; mountPath = "/var/lib/matrix-conduit"; } {
{ name = "config"; mountPath = "/etc/matrix-conduit/conduit.toml"; name = "data";
subPath = "conduit.toml"; } mountPath = "/var/lib/matrix-conduit";
}
{
name = "config";
mountPath = "/etc/matrix-conduit/conduit.toml";
subPath = "conduit.toml";
}
]; ];
env.CONDUIT_CONFIG.value = "/etc/matrix-conduit/conduit.toml"; env.CONDUIT_CONFIG.value = "/etc/matrix-conduit/conduit.toml";
}; };
@ -37,7 +43,8 @@ in
}; };
}; };
volumeClaimTemplates = [ volumeClaimTemplates = [
{ metadata.name = "data"; {
metadata.name = "data";
spec = { spec = {
storageClassName = "nfs-client"; storageClassName = "nfs-client";
accessModes = ["ReadWriteOnce"]; accessModes = ["ReadWriteOnce"];
@ -54,15 +61,23 @@ in
}; };
}; };
spec = { spec = {
tls = [ { hosts = [ "chat.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ]; tls = [
{
hosts = ["chat.gmem.ca"];
secretName = "gmem-ca-wildcard";
}
];
rules = [ rules = [
{ {
host = "chat.gmem.ca"; host = "chat.gmem.ca";
http.paths = [ http.paths = [
{ path = "/"; pathType = "Prefix"; {
path = "/";
pathType = "Prefix";
backend.service = { backend.service = {
name = appName; name = appName;
port.name = "http"; }; port.name = "http";
};
} }
]; ];
} }
@ -76,8 +91,7 @@ in
"cert-manager.io/issuer" = "le-issuer"; "cert-manager.io/issuer" = "le-issuer";
}; };
}; };
data."conduit.toml" = data."conduit.toml" = ''
''
[global] [global]
# The Conduit server needs all /_matrix/ requests to be reachable at # The Conduit server needs all /_matrix/ requests to be reachable at
# https://your.server.name/ on port 443 (client-server) and 8448 (federation). # https://your.server.name/ on port 443 (client-server) and 8448 (federation).

4
homelab/custom.nix
View file

@ -1,6 +1,6 @@
{lib, ...}: { {lib, ...}: {
kubernetes.resourceOrder = kubernetes.resourceOrder = [
[ "CustomResourceDefinition" "CustomResourceDefinition"
"Namespace" "Namespace"
"ConfigMap" "ConfigMap"
]; ];

61
homelab/endpoints.nix
View file

@ -26,36 +26,65 @@ let
}; };
}; };
in { in {
kubernetes.resources.services = builtins.mapAttrs (name: endpoint: { kubernetes.resources.services =
builtins.mapAttrs (name: endpoint: {
spec = { spec = {
ports.${name} = { ports.${name} = {
port = endpoint.port; port = endpoint.port;
targetPort = endpoint.port; targetPort = endpoint.port;
}; };
}; };
}) endpoints; })
kubernetes.resources.endpoints = builtins.mapAttrs (name: endpoint: { endpoints;
subsets = [ { kubernetes.resources.endpoints =
builtins.mapAttrs (name: endpoint: {
subsets = [
{
addresses = [{ip = endpoint.location;}]; addresses = [{ip = endpoint.location;}];
ports = [ { name = name; port = endpoint.port; protocol = "TCP"; } ]; ports = [
} ]; {
}) endpoints; name = name;
kubernetes.resources.ingresses = builtins.mapAttrs (name: endpoint: { port = endpoint.port;
metadata = { name = name; annotations = { protocol = "TCP";
}
];
}
];
})
endpoints;
kubernetes.resources.ingresses =
builtins.mapAttrs (name: endpoint: {
metadata = {
name = name;
annotations = {
"nginx.ingress.kubernetes.io/proxy-body-size" = "10g"; "nginx.ingress.kubernetes.io/proxy-body-size" = "10g";
"cert-manager.io/issuer" = "le-issuer"; "cert-manager.io/issuer" = "le-issuer";
"nginx.ingress.kubernetes.io/backend-protocol" = endpoint.protocol; "nginx.ingress.kubernetes.io/backend-protocol" = endpoint.protocol;
}; }; };
};
spec = { spec = {
tls = [ { hosts = [ endpoint.host ]; secretName = "gmem-ca-wildcard"; } ]; tls = [
rules = [ { host = endpoint.host; http.paths = [ {
{ path = "/"; pathType = "Prefix"; hosts = [endpoint.host];
secretName = "gmem-ca-wildcard";
}
];
rules = [
{
host = endpoint.host;
http.paths = [
{
path = "/";
pathType = "Prefix";
backend.service = { backend.service = {
name = name; name = name;
port.number = endpoint.port; port.number = endpoint.port;
}; };
} }
];}]; ];
}; }
}) endpoints; ];
};
})
endpoints;
} }

83
homelab/homepage.nix
View file

@ -1,10 +1,16 @@
{ lib, config, kubenix, ... }: {
let homepage-config = { lib,
config,
kubenix,
...
}: let
homepage-config = {
bookmarks = []; bookmarks = [];
services = [ services = [
{ {
Media = [ Media = [
{ Plex = { {
Plex = {
icon = "plex.png"; icon = "plex.png";
href = "https://app.plex.tv"; href = "https://app.plex.tv";
description = "Plex"; description = "Plex";
@ -15,7 +21,8 @@ let homepage-config = {
}; };
}; };
} }
{ Overseerr = { {
Overseerr = {
icon = "overseerr.png"; icon = "overseerr.png";
href = "https://request-media.gmem.ca"; href = "https://request-media.gmem.ca";
description = "Request movies and TV shows"; description = "Request movies and TV shows";
@ -26,7 +33,8 @@ let homepage-config = {
}; };
}; };
} }
{ Transmission = { {
Transmission = {
icon = "transmission.png"; icon = "transmission.png";
description = "Download progress for torrents"; description = "Download progress for torrents";
widget = { widget = {
@ -39,25 +47,29 @@ let homepage-config = {
} }
{ {
"Personal Infrastructure" = [ "Personal Infrastructure" = [
{ authentik = { {
authentik = {
icon = "authentik.png"; icon = "authentik.png";
href = "https://authentik.gmem.ca"; href = "https://authentik.gmem.ca";
description = "OIDC SSO"; description = "OIDC SSO";
}; };
} }
{ Tailscale = { {
Tailscale = {
icon = "tailscale.png"; icon = "tailscale.png";
href = "https://login.tailscale.com"; href = "https://login.tailscale.com";
description = "VPN provider"; description = "VPN provider";
}; };
} }
{ Git = { {
Git = {
icon = "forgejo.png"; icon = "forgejo.png";
href = "https://git.gmem.ca"; href = "https://git.gmem.ca";
description = "Git forge"; description = "Git forge";
}; };
} }
{ Grafana = { {
Grafana = {
icon = "grafana.png"; icon = "grafana.png";
href = "https://grafana.gmem.ca"; href = "https://grafana.gmem.ca";
description = "Monitoring & metrics"; description = "Monitoring & metrics";
@ -69,7 +81,8 @@ let homepage-config = {
}; };
}; };
} }
{ NextDNS = { {
NextDNS = {
icon = "nextdns.png"; icon = "nextdns.png";
href = "https://my.nextdns.io/bcee89/setup"; href = "https://my.nextdns.io/bcee89/setup";
description = "DNS provider"; description = "DNS provider";
@ -80,7 +93,8 @@ let homepage-config = {
}; };
}; };
} }
{ "Proxmox" = { {
"Proxmox" = {
icon = "proxmox.png"; icon = "proxmox.png";
href = "https://proxmox.gmem.ca"; href = "https://proxmox.gmem.ca";
description = "Homelab proxmox"; description = "Homelab proxmox";
@ -92,7 +106,8 @@ let homepage-config = {
}; };
}; };
} }
{ "Immich" = { {
"Immich" = {
icon = "immich.png"; icon = "immich.png";
href = "https://photos.gmem.ca"; href = "https://photos.gmem.ca";
description = "Image hosting"; description = "Image hosting";
@ -103,7 +118,8 @@ let homepage-config = {
}; };
}; };
} }
{ "NextDNS Tailscale" = { {
"NextDNS Tailscale" = {
icon = "nextdns.png"; icon = "nextdns.png";
href = "https://my.nextdns.io/74c6db/setup"; href = "https://my.nextdns.io/74c6db/setup";
description = "Tailnet DNS provider"; description = "Tailnet DNS provider";
@ -118,7 +134,8 @@ let homepage-config = {
} }
{ {
Reading = [ Reading = [
{ FreshRSS = { {
FreshRSS = {
icon = "freshrss.png"; icon = "freshrss.png";
href = "https://freshrss.gmem.ca"; href = "https://freshrss.gmem.ca";
description = "FreshRSS RSS Reader"; description = "FreshRSS RSS Reader";
@ -130,12 +147,14 @@ let homepage-config = {
}; };
}; };
} }
{ "Lobste.rs" = { {
"Lobste.rs" = {
href = "https://lobste.rs"; href = "https://lobste.rs";
description = "News aggregator"; description = "News aggregator";
}; };
} }
{ "Hacker News" = { {
"Hacker News" = {
href = "https://news.ycombinator.com"; href = "https://news.ycombinator.com";
description = "VC news aggregator"; description = "VC news aggregator";
}; };
@ -144,7 +163,8 @@ let homepage-config = {
} }
{ {
"Floofy.tech Infrastructure" = [ "Floofy.tech Infrastructure" = [
{ Mastodon = { {
Mastodon = {
icon = "mastodon.png"; icon = "mastodon.png";
href = "https://floofy.tech"; href = "https://floofy.tech";
description = "Primary Mastodon instance"; description = "Primary Mastodon instance";
@ -154,19 +174,22 @@ let homepage-config = {
}; };
}; };
} }
{ Grafana = { {
Grafana = {
icon = "grafana.png"; icon = "grafana.png";
href = "https://grafana.services.floofy.tech"; href = "https://grafana.services.floofy.tech";
description = "Metrics and Monitoring"; description = "Metrics and Monitoring";
}; };
} }
{ vSphere = { {
vSphere = {
icon = "vmware-esxi.png"; icon = "vmware-esxi.png";
href = "https://vcenter.services.floofy.tech"; href = "https://vcenter.services.floofy.tech";
description = "Hypervisor Manager"; description = "Hypervisor Manager";
}; };
} }
{ "vrclub.social" = { {
"vrclub.social" = {
icon = "calckey.png"; icon = "calckey.png";
href = "https://vrclub.social"; href = "https://vrclub.social";
description = "Firefish instance for VR clubs"; description = "Firefish instance for VR clubs";
@ -176,13 +199,15 @@ let homepage-config = {
} }
{ {
"Tools" = [ "Tools" = [
{ "IT Tools" = { {
"IT Tools" = {
icon = "it-tools.png"; icon = "it-tools.png";
href = "https://tools.gmem.ca"; href = "https://tools.gmem.ca";
description = "Various useful tools"; description = "Various useful tools";
}; };
} }
{ Cyberchef = { {
Cyberchef = {
icon = "cyberchef.png"; icon = "cyberchef.png";
href = "https://gchq.github.io/CyberChef/"; href = "https://gchq.github.io/CyberChef/";
description = "More useful tools, mostly text manipulation"; description = "More useful tools, mostly text manipulation";
@ -192,7 +217,8 @@ let homepage-config = {
} }
{ {
"Backup Status" = [ "Backup Status" = [
{ "gsimmer backups" = { {
"gsimmer backups" = {
icon = "healthchecks.png"; icon = "healthchecks.png";
href = "https://healthchecks.gmem.ca"; href = "https://healthchecks.gmem.ca";
description = "Uptime monitor for recurring tasks"; description = "Uptime monitor for recurring tasks";
@ -204,7 +230,8 @@ let homepage-config = {
}; };
}; };
} }
{ "becki backups" = { {
"becki backups" = {
icon = "healthchecks.png"; icon = "healthchecks.png";
href = "https://healthchecks.gmem.ca"; href = "https://healthchecks.gmem.ca";
description = "Uptime monitor for recurring tasks"; description = "Uptime monitor for recurring tasks";
@ -216,7 +243,8 @@ let homepage-config = {
}; };
}; };
} }
{ "apps backups" = { {
"apps backups" = {
icon = "healthchecks.png"; icon = "healthchecks.png";
href = "https://healthchecks.gmem.ca"; href = "https://healthchecks.gmem.ca";
description = "Uptime monitor for recurring tasks"; description = "Uptime monitor for recurring tasks";
@ -272,8 +300,7 @@ let homepage-config = {
} }
]; ];
}; };
in in {
{
kubernetes.helm.releases.homepage = { kubernetes.helm.releases.homepage = {
chart = kubenix.lib.helm.fetch { chart = kubenix.lib.helm.fetch {
repo = "https://jameswynn.github.io/helm-charts"; repo = "https://jameswynn.github.io/helm-charts";
@ -319,7 +346,7 @@ in
metadata.namespace = "default"; metadata.namespace = "default";
spec.template = { spec.template = {
metadata.annotations."gmem.ca/homepage-config-hash" = (builtins.hashString "md5" (builtins.toJSON homepage-config)); metadata.annotations."gmem.ca/homepage-config-hash" = builtins.hashString "md5" (builtins.toJSON homepage-config);
spec.containers.homepage.envFrom = [{secretRef.name = "homepage-config";}]; spec.containers.homepage.envFrom = [{secretRef.name = "homepage-config";}];
}; };
}; };

14
homelab/immich.nix
View file

@ -1,4 +1,9 @@
{ lib, config, kubenix, ... }: { {
lib,
config,
kubenix,
...
}: {
kubernetes.helm.releases.immich = { kubernetes.helm.releases.immich = {
chart = kubenix.lib.helm.fetch { chart = kubenix.lib.helm.fetch {
repo = "https://immich-app.github.io/immich-charts"; repo = "https://immich-app.github.io/immich-charts";
@ -24,7 +29,12 @@
annotations = { annotations = {
"cert-manager.io/issuer" = "le-issuer"; "cert-manager.io/issuer" = "le-issuer";
}; };
tls = [ { hosts = [ "photos.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ]; tls = [
{
hosts = ["photos.gmem.ca"];
secretName = "gmem-ca-wildcard";
}
];
hosts = [ hosts = [
{ {
host = "photos.gmem.ca"; host = "photos.gmem.ca";

40
homelab/irc.nix
View file

@ -2,8 +2,7 @@ let
appName = "soju"; appName = "soju";
sojuImage = "git.gmem.ca/arch/soju:latest"; sojuImage = "git.gmem.ca/arch/soju:latest";
gamjaImage = "git.gmem.ca/arch/gamja:latest"; gamjaImage = "git.gmem.ca/arch/gamja:latest";
in in {
{
kubernetes.resources.services.soju = { kubernetes.resources.services.soju = {
spec = { spec = {
type = "NodePort"; type = "NodePort";
@ -45,8 +44,17 @@ in
soju = { soju = {
image = sojuImage; image = sojuImage;
imagePullPolicy = "Always"; imagePullPolicy = "Always";
volumeMounts = [ { name = "config"; mountPath = "/etc/soju/config"; subPath = "config"; } volumeMounts = [
{ name = "ssl"; mountPath = "/ssl"; } ]; {
name = "config";
mountPath = "/etc/soju/config";
subPath = "config";
}
{
name = "ssl";
mountPath = "/ssl";
}
];
ports.tls.containerPort = 6697; ports.tls.containerPort = 6697;
ports.ws.containerPort = 80; ports.ws.containerPort = 80;
@ -92,21 +100,35 @@ in
"cert-manager.io/issuer" = "le-issuer"; "cert-manager.io/issuer" = "le-issuer";
}; };
spec = { spec = {
tls = [ { hosts = [ "irc.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ]; tls = [
rules = [ { host = "irc.gmem.ca"; http.paths = [ {
{ path = "/"; pathType = "Prefix"; hosts = ["irc.gmem.ca"];
secretName = "gmem-ca-wildcard";
}
];
rules = [
{
host = "irc.gmem.ca";
http.paths = [
{
path = "/";
pathType = "Prefix";
backend.service = { backend.service = {
name = "gamja"; name = "gamja";
port.number = 80; port.number = 80;
}; };
} }
{ path = "/socket"; pathType = "Prefix"; {
path = "/socket";
pathType = "Prefix";
backend.service = { backend.service = {
name = "soju-ws"; name = "soju-ws";
port.number = 80; port.number = 80;
}; };
} }
];}]; ];
}
];
}; };
}; };

11
homelab/kubernetes.nix
View file

@ -1,5 +1,12 @@
{ lib, config, kubenix, ... }: { {
imports = [ kubenix.modules.k8s kubenix.modules.helm lib,
config,
kubenix,
...
}: {
imports = [
kubenix.modules.k8s
kubenix.modules.helm
(import ./custom.nix) (import ./custom.nix)
(import ./nginx.nix) (import ./nginx.nix)
(import ./tclip.nix) (import ./tclip.nix)

52
homelab/netboot.nix
View file

@ -1,8 +1,7 @@
let let
appName = "netbootxyz"; appName = "netbootxyz";
netbootxyzImage = "ghcr.io/netbootxyz/netbootxyz"; netbootxyzImage = "ghcr.io/netbootxyz/netbootxyz";
in in {
{
kubernetes.resources.services.netbootxyz = { kubernetes.resources.services.netbootxyz = {
spec = { spec = {
selector.app = appName; selector.app = appName;
@ -35,16 +34,28 @@ in
metadata.labels.app = appName; metadata.labels.app = appName;
spec = { spec = {
volumes = [ volumes = [
{ name = "config"; persistentVolumeClaim.claimName = "netbootxyz-config"; } {
{ name = "assets"; persistentVolumeClaim.claimName = "netbootxyz-assets"; } name = "config";
persistentVolumeClaim.claimName = "netbootxyz-config";
}
{
name = "assets";
persistentVolumeClaim.claimName = "netbootxyz-assets";
}
]; ];
containers = { containers = {
netbootxyz = { netbootxyz = {
image = netbootxyzImage; image = netbootxyzImage;
imagePullPolicy = "Always"; imagePullPolicy = "Always";
volumeMounts = [ volumeMounts = [
{ mountPath = "/config"; name = "config"; } {
{ mountPath = "/assets"; name = "assets"; } mountPath = "/config";
name = "config";
}
{
mountPath = "/assets";
name = "assets";
}
]; ];
env.SUBFOLDER.value = "/ui/"; env.SUBFOLDER.value = "/ui/";
ports.http.containerPort = 80; ports.http.containerPort = 80;
@ -76,22 +87,35 @@ in
"nginx.ingress.kubernetes.io/ssl-redirect" = "false"; "nginx.ingress.kubernetes.io/ssl-redirect" = "false";
}; };
spec = { spec = {
tls = [ { hosts = [ "netboot.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ]; tls = [
rules = [ { host = "netboot.gmem.ca"; http.paths = [ {
{ path = "/ui"; pathType = "Prefix"; hosts = ["netboot.gmem.ca"];
secretName = "gmem-ca-wildcard";
}
];
rules = [
{
host = "netboot.gmem.ca";
http.paths = [
{
path = "/ui";
pathType = "Prefix";
backend.service = { backend.service = {
name = "netbootxyz"; name = "netbootxyz";
port.number = 3000; port.number = 3000;
}; };
} }
{ path = "/"; pathType = "Prefix"; {
path = "/";
pathType = "Prefix";
backend.service = { backend.service = {
name = "netbootxyz"; name = "netbootxyz";
port.number = 80; port.number = 80;
}; };
} }
];}]; ];
}; }
}; ];
};
};
} }

7
homelab/nginx.nix
View file

@ -1,4 +1,9 @@
{ lib, config, kubenix, ... }: { {
lib,
config,
kubenix,
...
}: {
kubernetes.helm.releases.ingress-nginx = { kubernetes.helm.releases.ingress-nginx = {
namespace = "ingress-nginx"; namespace = "ingress-nginx";
chart = kubenix.lib.helm.fetch { chart = kubenix.lib.helm.fetch {

25
homelab/overseerr.nix
View file

@ -1,8 +1,7 @@
let let
appName = "overseerr"; appName = "overseerr";
appImage = "sctx/overseerr"; appImage = "sctx/overseerr";
in in {
{
kubernetes.resources.services.overseerr = { kubernetes.resources.services.overseerr = {
spec = { spec = {
selector.app = appName; selector.app = appName;
@ -25,7 +24,10 @@ in
overseerr = { overseerr = {
image = appImage; image = appImage;
volumeMounts = [ volumeMounts = [
{ name = "data"; mountPath = "/app/config"; } {
name = "data";
mountPath = "/app/config";
}
]; ];
ports.metrics.containerPort = 5055; ports.metrics.containerPort = 5055;
resources = { resources = {
@ -43,7 +45,8 @@ in
}; };
}; };
volumeClaimTemplates = [ volumeClaimTemplates = [
{ metadata.name = "data"; {
metadata.name = "data";
spec = { spec = {
storageClassName = "nfs-client"; storageClassName = "nfs-client";
accessModes = ["ReadWriteOnce"]; accessModes = ["ReadWriteOnce"];
@ -60,15 +63,23 @@ in
}; };
}; };
spec = { spec = {
tls = [ { hosts = [ "request-media.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ]; tls = [
{
hosts = ["request-media.gmem.ca"];
secretName = "gmem-ca-wildcard";
}
];
rules = [ rules = [
{ {
host = "request-media.gmem.ca"; host = "request-media.gmem.ca";
http.paths = [ http.paths = [
{ path = "/"; pathType = "Prefix"; {
path = "/";
pathType = "Prefix";
backend.service = { backend.service = {
name = appName; name = appName;
port.name = "http"; }; port.name = "http";
};
} }
]; ];
} }

43
homelab/piped.nix
View file

@ -1,4 +1,9 @@
{ lib, config, kubenix, ... }: { {
lib,
config,
kubenix,
...
}: {
kubernetes.helm.releases.piped = { kubernetes.helm.releases.piped = {
namespace = "default"; namespace = "default";
chart = kubenix.lib.helm.fetch { chart = kubenix.lib.helm.fetch {
@ -23,21 +28,45 @@
fontend.env.BACKEND_HOSTNAME = "pipedapi.gmem.ca"; fontend.env.BACKEND_HOSTNAME = "pipedapi.gmem.ca";
ingress = { ingress = {
main = { main = {
tls = [ { hosts = [ "piped.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ]; tls = [
{
hosts = ["piped.gmem.ca"];
secretName = "gmem-ca-wildcard";
}
];
hosts = [ hosts = [
{ host = "piped.gmem.ca"; paths = [ { path = "/"; } ]; } {
host = "piped.gmem.ca";
paths = [{path = "/";}];
}
]; ];
}; };
backend = { backend = {
tls = [ { hosts = [ "pipedapi.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ]; tls = [
{
hosts = ["pipedapi.gmem.ca"];
secretName = "gmem-ca-wildcard";
}
];
hosts = [ hosts = [
{ host = "pipedapi.gmem.ca"; paths = [ { path = "/"; } ]; } {
host = "pipedapi.gmem.ca";
paths = [{path = "/";}];
}
]; ];
}; };
ytproxy = { ytproxy = {
tls = [ { hosts = [ "ytproxy.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ]; tls = [
{
hosts = ["ytproxy.gmem.ca"];
secretName = "gmem-ca-wildcard";
}
];
hosts = [ hosts = [
{ host = "ytproxy.gmem.ca"; paths = [ { path = "/"; } ]; } {
host = "ytproxy.gmem.ca";
paths = [{path = "/";}];
}
]; ];
}; };
}; };

29
homelab/pterodactyl.nix
View file

@ -2,7 +2,12 @@ let
appName = "pterodactyl-panel"; appName = "pterodactyl-panel";
pterodactyl-panel-Image = "git.gmem.ca/arch/pterodactyl-panel:latest"; pterodactyl-panel-Image = "git.gmem.ca/arch/pterodactyl-panel:latest";
in in
{ lib, config, kubenix, ... }: { {
lib,
config,
kubenix,
...
}: {
kubernetes.resources.services.pterodactyl-panel = { kubernetes.resources.services.pterodactyl-panel = {
spec = { spec = {
selector.app = appName; selector.app = appName;
@ -24,7 +29,10 @@ in
imagePullPolicy = "Always"; imagePullPolicy = "Always";
ports.http.containerPort = 8080; ports.http.containerPort = 8080;
volumeMounts = [ volumeMounts = [
{ name = "data"; mountPath = "/var/www/pterodactyl/storage/app"; } {
name = "data";
mountPath = "/var/www/pterodactyl/storage/app";
}
]; ];
envFrom = [{secretRef.name = "pterodactyl";}]; envFrom = [{secretRef.name = "pterodactyl";}];
}; };
@ -32,7 +40,8 @@ in
}; };
}; };
volumeClaimTemplates = [ volumeClaimTemplates = [
{ metadata.name = "data"; {
metadata.name = "data";
spec = { spec = {
storageClassName = "nfs-client"; storageClassName = "nfs-client";
accessModes = ["ReadWriteOnce"]; accessModes = ["ReadWriteOnce"];
@ -61,15 +70,23 @@ in
}; };
}; };
spec = { spec = {
tls = [ { hosts = [ "games.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ]; tls = [
{
hosts = ["games.gmem.ca"];
secretName = "gmem-ca-wildcard";
}
];
rules = [ rules = [
{ {
host = "games.gmem.ca"; host = "games.gmem.ca";
http.paths = [ http.paths = [
{ path = "/"; pathType = "Prefix"; {
path = "/";
pathType = "Prefix";
backend.service = { backend.service = {
name = appName; name = appName;
port.name = "http"; }; port.name = "http";
};
} }
]; ];
} }

52
homelab/tclip.nix
View file

@ -2,12 +2,16 @@ let
appName = "tclip"; appName = "tclip";
litestreamImage = "litestream/litestream:sha-749bc0d"; litestreamImage = "litestream/litestream:sha-749bc0d";
tclipImage = "git.gmem.ca/arch/tclip:arm"; tclipImage = "git.gmem.ca/arch/tclip:arm";
in in {
{
kubernetes.resources."monitoring.coreos.com"."v1".ServiceMonitor.tclip = { kubernetes.resources."monitoring.coreos.com"."v1".ServiceMonitor.tclip = {
spec = { spec = {
selector.matchLabels.app = appName; selector.matchLabels.app = appName;
endpoints = [ { port = "metrics"; interval = "30s"; } ]; endpoints = [
{
port = "metrics";
interval = "30s";
}
];
}; };
}; };
kubernetes.resources.services.tclip = { kubernetes.resources.services.tclip = {
@ -38,8 +42,15 @@ in
image = litestreamImage; image = litestreamImage;
args = ["restore" "-if-db-not-exists" "-if-replica-exists" "-v" "/data/data.db"]; args = ["restore" "-if-db-not-exists" "-if-replica-exists" "-v" "/data/data.db"];
volumeMounts = [ volumeMounts = [
{ name = "data"; mountPath = "/data"; } {
{ name = "litestream"; mountPath = "/etc/litestream.yml"; subPath = "tclip.yml"; } name = "data";
mountPath = "/data";
}
{
name = "litestream";
mountPath = "/etc/litestream.yml";
subPath = "tclip.yml";
}
]; ];
envFrom = [{secretRef.name = "tclip-litestream-s3";}]; envFrom = [{secretRef.name = "tclip-litestream-s3";}];
}; };
@ -47,18 +58,36 @@ in
tclip = { tclip = {
image = tclipImage; image = tclipImage;
imagePullPolicy = "Always"; imagePullPolicy = "Always";
volumeMounts = [ { name = "data"; mountPath = "/data"; } ]; volumeMounts = [
{
name = "data";
mountPath = "/data";
}
];
env = [ env = [
{ name = "DATA_DIR"; value = "/data"; } {
{ name = "USE_FUNNEL"; value = "true"; } name = "DATA_DIR";
value = "/data";
}
{
name = "USE_FUNNEL";
value = "true";
}
]; ];
}; };
litestream = { litestream = {
image = litestreamImage; image = litestreamImage;
args = ["replicate"]; args = ["replicate"];
volumeMounts = [ volumeMounts = [
{ name = "data"; mountPath = "/data"; } {
{ name = "litestream"; mountPath = "/etc/litestream.yml"; subPath = "tclip.yml"; } name = "data";
mountPath = "/data";
}
{
name = "litestream";
mountPath = "/etc/litestream.yml";
subPath = "tclip.yml";
}
]; ];
envFrom = [{secretRef.name = "tclip-litestream-s3";}]; envFrom = [{secretRef.name = "tclip-litestream-s3";}];
ports.metrics.containerPort = 9090; ports.metrics.containerPort = 9090;
@ -67,7 +96,8 @@ in
}; };
}; };
volumeClaimTemplates = [ volumeClaimTemplates = [
{ metadata.name = "data"; {
metadata.name = "data";
spec = { spec = {
storageClassName = "nfs-client"; storageClassName = "nfs-client";
accessModes = ["ReadWriteOnce"]; accessModes = ["ReadWriteOnce"];

18
homelab/vrchat-prometheus-exporter.nix
View file

@ -1,12 +1,16 @@
let let
appName = "vrchat-prometheus-exporter"; appName = "vrchat-prometheus-exporter";
appImage = "git.gmem.ca/arch/vrchat-prometheus-adapter:arm"; appImage = "git.gmem.ca/arch/vrchat-prometheus-adapter:arm";
in in {
{
kubernetes.resources."monitoring.coreos.com"."v1".ServiceMonitor.vrchat-prometheus-adapter = { kubernetes.resources."monitoring.coreos.com"."v1".ServiceMonitor.vrchat-prometheus-adapter = {
spec = { spec = {
selector.matchLabels.app = appName; selector.matchLabels.app = appName;
endpoints = [ { port = "metrics"; interval = "60s"; } ]; endpoints = [
{
port = "metrics";
interval = "60s";
}
];
}; };
}; };
kubernetes.resources.services.vrchat-prometheus-adapter = { kubernetes.resources.services.vrchat-prometheus-adapter = {
@ -35,7 +39,13 @@ in
vrchat-prometheus-adapter = { vrchat-prometheus-adapter = {
image = appImage; image = appImage;
imagePullPolicy = "Always"; imagePullPolicy = "Always";
volumeMounts = [ { name = "config"; mountPath = "/config.toml"; subPath = "config.toml"; } ]; volumeMounts = [
{
name = "config";
mountPath = "/config.toml";
subPath = "config.toml";
}
];
envFrom = [{secretRef.name = "vrchat-prometheus-adapter";}]; envFrom = [{secretRef.name = "vrchat-prometheus-adapter";}];
ports.metrics.containerPort = 6534; ports.metrics.containerPort = 6534;
resources = { resources = {

15
nix/glasgow/configuration.nix
View file

@ -1,8 +1,10 @@
{ config, pkgs, ... }:
{ {
imports = config,
[ # Include the results of the hardware scan. pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware.nix ./hardware.nix
]; ];
@ -21,7 +23,6 @@
}; };
}; };
swapDevices = [ swapDevices = [
{ {
device = "/var/lib/swapfile"; device = "/var/lib/swapfile";
@ -72,7 +73,8 @@
url = "https://gmem.ca/ssh"; url = "https://gmem.ca/ssh";
hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4="; hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
}; };
in pkgs.lib.splitString "\n" (builtins.readFile in
pkgs.lib.splitString "\n" (builtins.readFile
authorizedKeys); authorizedKeys);
}; };
@ -108,5 +110,4 @@
}; };
system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT? system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT?
} }

16
nix/glasgow/hardware.nix
View file

@ -1,11 +1,15 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = ["xhci_pci" "uas"]; boot.initrd.availableKernelModules = ["xhci_pci" "uas"];
@ -13,8 +17,8 @@
boot.kernelModules = []; boot.kernelModules = [];
boot.extraModulePackages = []; boot.extraModulePackages = [];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4"; fsType = "ext4";
}; };

8
nix/london/cachix.nix
View file

@ -1,7 +1,9 @@
# WARN: this file will get overwritten by $ cachix use <name> # WARN: this file will get overwritten by $ cachix use <name>
{ pkgs, lib, ... }: {
pkgs,
let lib,
...
}: let
folder = ./cachix; folder = ./cachix;
toImport = name: value: folder + ("/" + name); toImport = name: value: folder + ("/" + name);
filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key; filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key;

45
nix/london/configuration.nix
View file

@ -1,8 +1,9 @@
{ config, pkgs, ... }:
{ {
imports = config,
[ pkgs,
...
}: {
imports = [
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
@ -48,8 +49,18 @@
networkmanager.enable = true; networkmanager.enable = true;
firewall = { firewall = {
enable = true; enable = true;
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ]; allowedUDPPortRanges = [
allowedTCPPortRanges = [ { from = 27036; to = 27037; } ]; {
from = 27031;
to = 27036;
}
];
allowedTCPPortRanges = [
{
from = 27036;
to = 27037;
}
];
allowedTCPPorts = [7000 7100 7001 22000 8000 3000 9943 9944]; allowedTCPPorts = [7000 7100 7001 22000 8000 3000 9943 9944];
allowedUDPPorts = [69 6000 6001 7011 41641 3478 22000 21027 9943 9944]; allowedUDPPorts = [69 6000 6001 7011 41641 3478 22000 21027 9943 9944];
trustedInterfaces = ["enp4s0" "tailscale0" "docker0"]; trustedInterfaces = ["enp4s0" "tailscale0" "docker0"];
@ -72,10 +83,13 @@
positions = { positions = {
filename = "/tmp/positions.yaml"; filename = "/tmp/positions.yaml";
}; };
clients = [{ clients = [
{
url = "http://monitoring:3030/loki/api/v1/push"; url = "http://monitoring:3030/loki/api/v1/push";
}]; }
scrape_configs = [{ ];
scrape_configs = [
{
job_name = "journal"; job_name = "journal";
journal = { journal = {
max_age = "12h"; max_age = "12h";
@ -84,11 +98,14 @@
host = "london"; host = "london";
}; };
}; };
relabel_configs = [{ relabel_configs = [
{
source_labels = ["__journal__systemd_unit"]; source_labels = ["__journal__systemd_unit"];
target_label = "unit"; target_label = "unit";
}]; }
}]; ];
}
];
}; };
}; };
fwupd.enable = true; fwupd.enable = true;
@ -105,7 +122,8 @@
enable = true; enable = true;
listenAddress = "100.110.180.123"; listenAddress = "100.110.180.123";
enabledCollectors = [ enabledCollectors = [
"systemd" "processes" "systemd"
"processes"
]; ];
}; };
dbus.enable = true; dbus.enable = true;
@ -276,5 +294,4 @@
rtkit.enable = true; rtkit.enable = true;
}; };
system.stateVersion = "23.05"; # Did you read the comment? system.stateVersion = "23.05"; # Did you read the comment?
} }

26
nix/london/gsimmer.nix
View file

@ -1,23 +1,31 @@
{ config, pkgs, callPackage, lib, ... }:
{ {
config,
pkgs,
callPackage,
lib,
...
}: {
nixpkgs = { nixpkgs = {
config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [ config.allowUnfreePredicate = pkg:
builtins.elem (lib.getName pkg) [
"parsec-bin" "parsec-bin"
"discord" "discord"
]; ];
config.allowUnfree = true; config.allowUnfree = true;
overlays = overlays = let
let
discordOverlay = self: super: { discordOverlay = self: super: {
discord = super.discord.override { withVencord = true; withOpenASAR = true; }; discord = super.discord.override {
withVencord = true;
withOpenASAR = true;
}; };
in };
[ in [
(import (builtins.fetchTarball { (import (builtins.fetchTarball {
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz"; url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
sha256 = "1nglxrfynyjmqfzz81y4idc40c6rbsaa4jb4ishiwibdkh85nyf6"; sha256 = "1nglxrfynyjmqfzz81y4idc40c6rbsaa4jb4ishiwibdkh85nyf6";
})) discordOverlay]; }))
discordOverlay
];
}; };
home = { home = {
username = "gsimmer"; username = "gsimmer";

24
nix/london/hardware-configuration.nix
View file

@ -1,11 +1,15 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = ["nvme" "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod"]; boot.initrd.availableKernelModules = ["nvme" "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
@ -13,18 +17,18 @@
boot.kernelModules = ["kvm-amd"]; boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = []; boot.extraModulePackages = [];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/736c20e1-f11a-4af7-88f2-bba7b0f09939"; device = "/dev/disk/by-uuid/736c20e1-f11a-4af7-88f2-bba7b0f09939";
fsType = "xfs"; fsType = "xfs";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/2A2C-A8CE"; device = "/dev/disk/by-uuid/2A2C-A8CE";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = swapDevices = [
[ { device = "/dev/disk/by-uuid/41c7d0e1-e015-4d78-a0fb-f039a7f648ef"; } {device = "/dev/disk/by-uuid/41c7d0e1-e015-4d78-a0fb-f039a7f648ef";}
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

13
nix/london/wayland.nix
View file

@ -1,9 +1,12 @@
{ config, lib, pkgs, ... }: {
let config,
lib,
pkgs,
...
}: let
rev = "master"; # 'rev' could be a git rev, to pin the overlay. rev = "master"; # 'rev' could be a git rev, to pin the overlay.
url = "https://github.com/nix-community/nixpkgs-wayland/archive/${rev}.tar.gz"; url = "https://github.com/nix-community/nixpkgs-wayland/archive/${rev}.tar.gz";
waylandOverlay = (import "${builtins.fetchTarball url}/overlay.nix"); waylandOverlay = import "${builtins.fetchTarball url}/overlay.nix";
in in {
{
nixpkgs.overlays = [waylandOverlay]; nixpkgs.overlays = [waylandOverlay];
} }

71
nix/monitoring/configuration.nix
View file

@ -1,6 +1,8 @@
{ config, pkgs, ... }:
{ {
config,
pkgs,
...
}: {
imports = [ imports = [
./hardware.nix ./hardware.nix
./networking.nix # generated at runtime by nixos-infect ./networking.nix # generated at runtime by nixos-infect
@ -104,7 +106,8 @@
}; };
schema_config = { schema_config = {
configs = [{ configs = [
{
from = "2022-06-06"; from = "2022-06-06";
store = "boltdb-shipper"; store = "boltdb-shipper";
object_store = "filesystem"; object_store = "filesystem";
@ -113,7 +116,8 @@
prefix = "index_"; prefix = "index_";
period = "24h"; period = "24h";
}; };
}]; }
];
}; };
storage_config = { storage_config = {
@ -164,10 +168,13 @@
positions = { positions = {
filename = "/tmp/positions.yaml"; filename = "/tmp/positions.yaml";
}; };
clients = [{ clients = [
{
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push"; url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
}]; }
scrape_configs = [{ ];
scrape_configs = [
{
job_name = "journal"; job_name = "journal";
journal = { journal = {
max_age = "12h"; max_age = "12h";
@ -176,11 +183,14 @@
host = "monitoring"; host = "monitoring";
}; };
}; };
relabel_configs = [{ relabel_configs = [
{
source_labels = ["__journal__systemd_unit"]; source_labels = ["__journal__systemd_unit"];
target_label = "unit"; target_label = "unit";
}]; }
}]; ];
}
];
}; };
}; };
services.alertmanager-ntfy = { services.alertmanager-ntfy = {
@ -211,18 +221,23 @@
globalConfig = { globalConfig = {
scrape_interval = "15s"; scrape_interval = "15s";
}; };
alertmanagers = [ { alertmanagers = [
{
basic_auth = { basic_auth = {
username = "homelab"; username = "homelab";
password_file = config.age.secrets.prometheus-password-secret.path; password_file = config.age.secrets.prometheus-password-secret.path;
}; };
static_configs = [ { static_configs = [
{
targets = [ targets = [
"localhost:9093" "localhost:9093"
]; ];
} ]; }
} ]; ];
rules = [(builtins.toJSON { }
];
rules = [
(builtins.toJSON {
groups = [ groups = [
{ {
name = "internet_connection"; name = "internet_connection";
@ -255,8 +270,10 @@
}; };
} }
]; ];
}]; }
})]; ];
})
];
alertmanager = { alertmanager = {
enable = true; enable = true;
extraFlags = ["--web.config.file=${config.age.secrets.prometheus-webconfig-secret.path}"]; extraFlags = ["--web.config.file=${config.age.secrets.prometheus-webconfig-secret.path}"];
@ -331,16 +348,28 @@
params = {"modules" = ["http_2xx"];}; params = {"modules" = ["http_2xx"];};
static_configs = [{targets = ["google.com" "gabrielsimmer.com" "artbybecki.com"];}]; static_configs = [{targets = ["google.com" "gabrielsimmer.com" "artbybecki.com"];}];
relabel_configs = [ relabel_configs = [
{ source_labels = ["__address__"]; target_label = "__param_target"; } {
{ source_labels = ["__param_target"]; target_label = "instance"; } source_labels = ["__address__"];
{ source_labels = []; target_label = "__address__"; replacement = "vancouver:9115"; } ]; target_label = "__param_target";
}
{
source_labels = ["__param_target"];
target_label = "instance";
}
{
source_labels = [];
target_label = "__address__";
replacement = "vancouver:9115";
}
];
} }
]; ];
exporters.node = { exporters.node = {
enable = true; enable = true;
listenAddress = "127.0.0.1"; listenAddress = "127.0.0.1";
enabledCollectors = [ enabledCollectors = [
"systemd" "processes" "systemd"
"processes"
]; ];
}; };
}; };

14
nix/monitoring/hardware.nix
View file

@ -1,14 +1,18 @@
{ modulesPath, ... }: {modulesPath, ...}: {
{
imports = [(modulesPath + "/profiles/qemu-guest.nix")]; imports = [(modulesPath + "/profiles/qemu-guest.nix")];
boot.loader.grub = { boot.loader.grub = {
efiSupport = true; efiSupport = true;
efiInstallAsRemovable = true; efiInstallAsRemovable = true;
device = "nodev"; device = "nodev";
}; };
fileSystems."/boot" = { device = "/dev/disk/by-uuid/77CF-345D"; fsType = "vfat"; }; fileSystems."/boot" = {
device = "/dev/disk/by-uuid/77CF-345D";
fsType = "vfat";
};
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"]; boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
boot.initrd.kernelModules = ["nvme"]; boot.initrd.kernelModules = ["nvme"];
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; }; fileSystems."/" = {
device = "/dev/sda1";
fsType = "ext4";
};
} }

33
nix/monitoring/networking.nix
View file

@ -2,7 +2,8 @@
# This file was populated at runtime with the networking # This file was populated at runtime with the networking
# details gathered from the active system. # details gathered from the active system.
networking = { networking = {
nameservers = [ "8.8.8.8" nameservers = [
"8.8.8.8"
]; ];
defaultGateway = "172.31.1.1"; defaultGateway = "172.31.1.1";
defaultGateway6 = { defaultGateway6 = {
@ -14,16 +15,34 @@
interfaces = { interfaces = {
eth0 = { eth0 = {
ipv4.addresses = [ ipv4.addresses = [
{ address="91.107.206.145"; prefixLength=32; } {
address = "91.107.206.145";
prefixLength = 32;
}
]; ];
ipv6.addresses = [ ipv6.addresses = [
{ address="2a01:4f8:c012:5ec6::1"; prefixLength=64; } {
{ address="fe80::9400:2ff:fe83:3979"; prefixLength=64; } address = "2a01:4f8:c012:5ec6::1";
prefixLength = 64;
}
{
address = "fe80::9400:2ff:fe83:3979";
prefixLength = 64;
}
];
ipv4.routes = [
{
address = "172.31.1.1";
prefixLength = 32;
}
];
ipv6.routes = [
{
address = "fe80::1";
prefixLength = 128;
}
]; ];
ipv4.routes = [ { address = "172.31.1.1"; prefixLength = 32; } ];
ipv6.routes = [ { address = "fe80::1"; prefixLength = 128; } ];
}; };
}; };
}; };
services.udev.extraRules = '' services.udev.extraRules = ''

41
nix/nas/configuration.nix
View file

@ -1,8 +1,10 @@
{ config, pkgs, ... }:
{ {
imports = config,
[ # Include the results of the hardware scan. pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware.nix ./hardware.nix
]; ];
@ -58,10 +60,13 @@
positions = { positions = {
filename = "/tmp/positions.yaml"; filename = "/tmp/positions.yaml";
}; };
clients = [{ clients = [
{
url = "http://monitoring:3030/loki/api/v1/push"; url = "http://monitoring:3030/loki/api/v1/push";
}]; }
scrape_configs = [{ ];
scrape_configs = [
{
job_name = "journal"; job_name = "journal";
journal = { journal = {
max_age = "12h"; max_age = "12h";
@ -70,11 +75,14 @@
host = "vancouver"; host = "vancouver";
}; };
}; };
relabel_configs = [{ relabel_configs = [
{
source_labels = ["__journal__systemd_unit"]; source_labels = ["__journal__systemd_unit"];
target_label = "unit"; target_label = "unit";
}]; }
}]; ];
}
];
}; };
}; };
restic = { restic = {
@ -187,7 +195,9 @@
enable = true; enable = true;
listenAddress = "100.116.48.47"; listenAddress = "100.116.48.47";
enabledCollectors = [ enabledCollectors = [
"systemd" "zfs" "processes" "systemd"
"zfs"
"processes"
]; ];
}; };
}; };
@ -282,8 +292,7 @@
addSSL = true; addSSL = true;
acmeRoot = null; acmeRoot = null;
locations."/" = { locations."/" = {
extraConfig = extraConfig = ''
''
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
@ -447,7 +456,8 @@
url = "https://gmem.ca/ssh"; url = "https://gmem.ca/ssh";
hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4="; hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
}; };
in pkgs.lib.splitString "\n" (builtins.readFile in
pkgs.lib.splitString "\n" (builtins.readFile
authorizedKeys); authorizedKeys);
}; };
becki = { becki = {
@ -460,7 +470,8 @@
url = "https://gmem.ca/ssh"; url = "https://gmem.ca/ssh";
hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4="; hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
}; };
in pkgs.lib.splitString "\n" (builtins.readFile in
pkgs.lib.splitString "\n" (builtins.readFile
authorizedKeys); authorizedKeys);
}; };

24
nix/nas/hardware.nix
View file

@ -1,11 +1,15 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"]; boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
@ -13,18 +17,18 @@
boot.kernelModules = ["kvm-amd"]; boot.kernelModules = ["kvm-amd"];
boot.extraModulePackages = []; boot.extraModulePackages = [];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/c099cd1d-75a0-42ee-bffa-1e92cd241064"; device = "/dev/disk/by-uuid/c099cd1d-75a0-42ee-bffa-1e92cd241064";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/77EB-F216"; device = "/dev/disk/by-uuid/77EB-F216";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = swapDevices = [
[ { device = "/dev/disk/by-uuid/6e19c559-000a-4ba4-b68c-7ec0794f45e4"; } {device = "/dev/disk/by-uuid/6e19c559-000a-4ba4-b68c-7ec0794f45e4";}
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

7
nix/nas/home.nix
View file

@ -1,6 +1,9 @@
{ config, pkgs, callPackage, ... }:
{ {
config,
pkgs,
callPackage,
...
}: {
home.username = "gsimmer"; home.username = "gsimmer";
home.homeDirectory = "/tank/gsimmer"; home.homeDirectory = "/tank/gsimmer";

43
nix/oracle-gitea-runner/coder.nix
View file

@ -1,44 +1,47 @@
{ lib {
, fetchurl lib,
, installShellFiles fetchurl,
, makeWrapper installShellFiles,
, terraform makeWrapper,
, stdenvNoCC terraform,
, unzip stdenvNoCC,
}: unzip,
let }: let
inherit (stdenvNoCC.hostPlatform) system; inherit (stdenvNoCC.hostPlatform) system;
in in
stdenvNoCC.mkDerivation rec { stdenvNoCC.mkDerivation rec {
pname = "coder"; pname = "coder";
version = "2.3.3"; version = "2.3.3";
src = fetchurl { src = fetchurl {
sha256 = { sha256 =
{
x86_64-linux = "sha256-3gO71Eii3KBjn/oQ1Q3OCJ7S6H12iDYjOfqf43ph1nQ="; x86_64-linux = "sha256-3gO71Eii3KBjn/oQ1Q3OCJ7S6H12iDYjOfqf43ph1nQ=";
x86_64-darwin = lib.fakeHash; x86_64-darwin = lib.fakeHash;
aarch64-linux = "sha256-v7S22I62EKPcHO9yZGciKKftRlzIowfAeVgnccOdlSs="; aarch64-linux = "sha256-v7S22I62EKPcHO9yZGciKKftRlzIowfAeVgnccOdlSs=";
aarch64-darwin = ""; aarch64-darwin = "";
}.${system}; }
.${system};
url = url = let
let systemName =
systemName = { {
x86_64-linux = "linux_amd64"; x86_64-linux = "linux_amd64";
aarch64-linux = "linux_arm64"; aarch64-linux = "linux_arm64";
x86_64-darwin = "darwin_amd64"; x86_64-darwin = "darwin_amd64";
aarch64-darwin = "darwin_arm64"; aarch64-darwin = "darwin_arm64";
}.${system}; }
.${system};
ext = { ext =
{
x86_64-linux = "tar.gz"; x86_64-linux = "tar.gz";
aarch64-linux = "tar.gz"; aarch64-linux = "tar.gz";
x86_64-darwin = "zip"; x86_64-darwin = "zip";
aarch64-darwin = "zip"; aarch64-darwin = "zip";
}.${system}; }
in .${system};
"https://github.com/coder/coder/releases/download/v${version}/coder_${version}_${systemName}.${ext}"; in "https://github.com/coder/coder/releases/download/v${version}/coder_${version}_${systemName}.${ext}";
}; };
nativeBuildInputs = [ nativeBuildInputs = [

13
nix/oracle-gitea-runner/configuration.nix
View file

@ -1,8 +1,10 @@
{ config, pkgs, ... }:
{ {
imports = config,
[ # Include the results of the hardware scan. pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware.nix ./hardware.nix
]; ];
@ -60,7 +62,8 @@
url = "https://gmem.ca/ssh"; url = "https://gmem.ca/ssh";
hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4="; hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
}; };
in pkgs.lib.splitString "\n" (builtins.readFile in
pkgs.lib.splitString "\n" (builtins.readFile
authorizedKeys); authorizedKeys);
}; };
virtualisation = { virtualisation = {

14
nix/oracle-gitea-runner/hardware.nix
View file

@ -1,5 +1,4 @@
{ modulesPath, ... }: {modulesPath, ...}: {
{
imports = [(modulesPath + "/profiles/qemu-guest.nix")]; imports = [(modulesPath + "/profiles/qemu-guest.nix")];
boot.loader.efi.efiSysMountPoint = "/boot/efi"; boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.grub = { boot.loader.grub = {
@ -7,9 +6,14 @@
efiInstallAsRemovable = true; efiInstallAsRemovable = true;
device = "nodev"; device = "nodev";
}; };
fileSystems."/boot/efi" = { device = "/dev/disk/by-uuid/CC2E-AEC0"; fsType = "vfat"; }; fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/CC2E-AEC0";
fsType = "vfat";
};
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"]; boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
boot.initrd.kernelModules = ["nvme"]; boot.initrd.kernelModules = ["nvme"];
fileSystems."/" = { device = "/dev/mapper/ocivolume-root"; fsType = "xfs"; }; fileSystems."/" = {
device = "/dev/mapper/ocivolume-root";
fsType = "xfs";
};
} }

27
nix/oracle-stream/configuration.nix
View file

@ -1,8 +1,10 @@
{ config, pkgs, ... }:
{ {
imports = config,
[ # Include the results of the hardware scan. pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware.nix ./hardware.nix
]; ];
@ -36,8 +38,14 @@
checkReversePath = "loose"; checkReversePath = "loose";
allowedTCPPorts = [80 443 1935]; allowedTCPPorts = [80 443 1935];
allowedUDPPortRanges = [ allowedUDPPortRanges = [
{ from = 4000; to = 4007; } {
{ from = 8000; to = 8010; } from = 4000;
to = 4007;
}
{
from = 8000;
to = 8010;
}
]; ];
allowedUDPPorts = [41641 1935]; allowedUDPPorts = [41641 1935];
enable = true; enable = true;
@ -53,7 +61,8 @@
url = "https://gmem.ca/ssh"; url = "https://gmem.ca/ssh";
sha256 = "0vm0q5fzx55mmgw7md430c20rvywmknmpvnkffx9szlm0l74bypc"; sha256 = "0vm0q5fzx55mmgw7md430c20rvywmknmpvnkffx9szlm0l74bypc";
}; };
in pkgs.lib.splitString "\n" (builtins.readFile in
pkgs.lib.splitString "\n" (builtins.readFile
authorizedKeys); authorizedKeys);
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -93,8 +102,7 @@
proxyPass = "http://127.0.0.1:8080"; proxyPass = "http://127.0.0.1:8080";
proxyWebsockets = true; proxyWebsockets = true;
extraConfig = extraConfig = ''
''
client_max_body_size 100M; client_max_body_size 100M;
proxy_pass_header Authorization; proxy_pass_header Authorization;
''; '';
@ -135,5 +143,4 @@
}; };
system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT? system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT?
} }

14
nix/oracle-stream/hardware.nix
View file

@ -1,5 +1,4 @@
{ modulesPath, ... }: {modulesPath, ...}: {
{
imports = [(modulesPath + "/profiles/qemu-guest.nix")]; imports = [(modulesPath + "/profiles/qemu-guest.nix")];
boot.loader.efi.efiSysMountPoint = "/boot/efi"; boot.loader.efi.efiSysMountPoint = "/boot/efi";
boot.loader.grub = { boot.loader.grub = {
@ -7,9 +6,14 @@
efiInstallAsRemovable = true; efiInstallAsRemovable = true;
device = "nodev"; device = "nodev";
}; };
fileSystems."/boot/efi" = { device = "/dev/disk/by-uuid/CC2E-AEC0"; fsType = "vfat"; }; fileSystems."/boot/efi" = {
device = "/dev/disk/by-uuid/CC2E-AEC0";
fsType = "vfat";
};
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"]; boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
boot.initrd.kernelModules = ["nvme"]; boot.initrd.kernelModules = ["nvme"];
fileSystems."/" = { device = "/dev/mapper/ocivolume-root"; fsType = "xfs"; }; fileSystems."/" = {
device = "/dev/mapper/ocivolume-root";
fsType = "xfs";
};
} }

15
nix/proxmox-k3s-node/configuration.nix
View file

@ -1,8 +1,10 @@
{ config, pkgs, ... }:
{ {
imports = config,
[ # Include the results of the hardware scan. pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware.nix ./hardware.nix
]; ];
@ -20,7 +22,6 @@
}; };
}; };
swapDevices = [ swapDevices = [
{ {
device = "/var/lib/swapfile"; device = "/var/lib/swapfile";
@ -71,7 +72,8 @@
url = "https://gmem.ca/ssh"; url = "https://gmem.ca/ssh";
hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4="; hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
}; };
in pkgs.lib.splitString "\n" (builtins.readFile in
pkgs.lib.splitString "\n" (builtins.readFile
authorizedKeys); authorizedKeys);
}; };
@ -99,5 +101,4 @@
}; };
system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT? system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT?
} }

24
nix/proxmox-k3s-node/hardware.nix
View file

@ -1,11 +1,15 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/profiles/qemu-guest.nix") lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
]; ];
boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "sr_mod" "virtio_blk"]; boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "sr_mod" "virtio_blk"];
@ -13,18 +17,18 @@
boot.kernelModules = []; boot.kernelModules = [];
boot.extraModulePackages = []; boot.extraModulePackages = [];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/b6eaa1d7-49dc-44a7-9494-6363939a36ee"; device = "/dev/disk/by-uuid/b6eaa1d7-49dc-44a7-9494-6363939a36ee";
fsType = "ext4"; fsType = "ext4";
}; };
fileSystems."/boot" = fileSystems."/boot" = {
{ device = "/dev/disk/by-uuid/92BB-B090"; device = "/dev/disk/by-uuid/92BB-B090";
fsType = "vfat"; fsType = "vfat";
}; };
swapDevices = swapDevices = [
[ { device = "/dev/disk/by-uuid/45b1b1cc-7a27-4abc-9903-16d293c8570c"; } {device = "/dev/disk/by-uuid/45b1b1cc-7a27-4abc-9903-16d293c8570c";}
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking

14
nix/seattle/configuration.nix
View file

@ -1,8 +1,10 @@
{ config, pkgs, ... }:
{ {
imports = config,
[ # Include the results of the hardware scan. pkgs,
...
}: {
imports = [
# Include the results of the hardware scan.
./hardware.nix ./hardware.nix
]; ];
@ -66,7 +68,8 @@
url = "https://gmem.ca/ssh"; url = "https://gmem.ca/ssh";
hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4="; hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
}; };
in pkgs.lib.splitString "\n" (builtins.readFile in
pkgs.lib.splitString "\n" (builtins.readFile
authorizedKeys); authorizedKeys);
}; };
@ -103,5 +106,4 @@
}; };
system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT? system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT?
} }

16
nix/seattle/hardware.nix
View file

@ -1,11 +1,15 @@
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ {
imports = config,
[ (modulesPath + "/installer/scan/not-detected.nix") lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = ["xhci_pci" "uas"]; boot.initrd.availableKernelModules = ["xhci_pci" "uas"];
@ -13,8 +17,8 @@
boot.kernelModules = []; boot.kernelModules = [];
boot.extraModulePackages = []; boot.extraModulePackages = [];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888"; device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
fsType = "ext4"; fsType = "ext4";
}; };

6
pi-imgs/pi-initial.nix
View file

@ -1,4 +1,8 @@
{ lib, pkgs, ... }: { {
lib,
pkgs,
...
}: {
users.users.root.openssh.authorizedKeys.keys = [ users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com"
]; ];

3
secrets.nix
View file

@ -10,8 +10,7 @@ let
gsimmer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com"; gsimmer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com";
users = [gsimmer]; users = [gsimmer];
in in {
{
"secrets/vancouver-action-runner.age".publicKeys = [vancouver gsimmer]; "secrets/vancouver-action-runner.age".publicKeys = [vancouver gsimmer];
"secrets/vancouver-restic-b2.age".publicKeys = [vancouver gsimmer]; "secrets/vancouver-restic-b2.age".publicKeys = [vancouver gsimmer];
"secrets/vancouver-restic-password.age".publicKeys = [vancouver gsimmer]; "secrets/vancouver-restic-password.age".publicKeys = [vancouver gsimmer];