format with alejandra style
This commit is contained in:
parent
02a87f0294
commit
9439acf4d1
50
flake.nix
50
flake.nix
|
@ -22,24 +22,39 @@
|
|||
kubenix.url = "github:hall/kubenix";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix, alertmanager-ntfy, nixpkgs-wayland, kubenix, kde2nix }@inputs:
|
||||
let
|
||||
outputs = {
|
||||
self,
|
||||
nixpkgs,
|
||||
nixos-generators,
|
||||
nixinate,
|
||||
home-manager,
|
||||
agenix,
|
||||
terranix,
|
||||
alertmanager-ntfy,
|
||||
nixpkgs-wayland,
|
||||
kubenix,
|
||||
kde2nix,
|
||||
} @ inputs: let
|
||||
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||||
tf = terranix.lib.terranixConfiguration {
|
||||
system = "x86_64-linux";
|
||||
modules = [./terraform/main.nix];
|
||||
};
|
||||
in {
|
||||
devShells.x86_64-linux.default = with pkgs; mkShell {
|
||||
shellHook =
|
||||
''
|
||||
devShells.x86_64-linux.default = with pkgs;
|
||||
mkShell {
|
||||
shellHook = ''
|
||||
set -o allexport
|
||||
source .env set
|
||||
set +o allexport
|
||||
'';
|
||||
nativeBuildInputs = [
|
||||
jq opentofu kubectl
|
||||
k9s terraform-ls kubernetes-helm
|
||||
jq
|
||||
opentofu
|
||||
kubectl
|
||||
k9s
|
||||
terraform-ls
|
||||
kubernetes-helm
|
||||
nil
|
||||
];
|
||||
buildInputs = [];
|
||||
|
@ -55,15 +70,22 @@
|
|||
};
|
||||
};
|
||||
packages.x86_64-linux = {
|
||||
kubernetes = (kubenix.evalModules.x86_64-linux {
|
||||
kubernetes =
|
||||
(kubenix.evalModules.x86_64-linux {
|
||||
module = {kubenix, ...}: {
|
||||
imports = [
|
||||
kubenix.modules.k8s ./homelab/kubernetes.nix
|
||||
kubenix.modules.k8s
|
||||
./homelab/kubernetes.nix
|
||||
];
|
||||
};
|
||||
}).config.kubernetes.result;
|
||||
})
|
||||
.config
|
||||
.kubernetes
|
||||
.result;
|
||||
};
|
||||
apps = nixinate.nixinate.x86_64-linux self // {
|
||||
apps =
|
||||
nixinate.nixinate.x86_64-linux self
|
||||
// {
|
||||
x86_64-linux = {
|
||||
kube-apply = {
|
||||
type = "app";
|
||||
|
@ -113,8 +135,12 @@
|
|||
home-manager.useUserPackages = true;
|
||||
home-manager.users.gsimmer = import ./nix/london/gsimmer.nix;
|
||||
}
|
||||
({pkgs, config, ... }:
|
||||
(
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
config = {
|
||||
nix.settings = {
|
||||
# add binary caches
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ lib, config, kubenix, ... }: {
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
kubenix,
|
||||
...
|
||||
}: {
|
||||
kubernetes.helm.releases.cloudflare-exporter = {
|
||||
namespace = "default";
|
||||
chart = kubenix.lib.helm.fetch {
|
||||
|
|
|
@ -27,9 +27,15 @@ in
|
|||
imagePullPolicy = "Always";
|
||||
ports.http.containerPort = 6167;
|
||||
volumeMounts = [
|
||||
{ name = "data"; mountPath = "/var/lib/matrix-conduit"; }
|
||||
{ name = "config"; mountPath = "/etc/matrix-conduit/conduit.toml";
|
||||
subPath = "conduit.toml"; }
|
||||
{
|
||||
name = "data";
|
||||
mountPath = "/var/lib/matrix-conduit";
|
||||
}
|
||||
{
|
||||
name = "config";
|
||||
mountPath = "/etc/matrix-conduit/conduit.toml";
|
||||
subPath = "conduit.toml";
|
||||
}
|
||||
];
|
||||
env.CONDUIT_CONFIG.value = "/etc/matrix-conduit/conduit.toml";
|
||||
};
|
||||
|
@ -37,7 +43,8 @@ in
|
|||
};
|
||||
};
|
||||
volumeClaimTemplates = [
|
||||
{ metadata.name = "data";
|
||||
{
|
||||
metadata.name = "data";
|
||||
spec = {
|
||||
storageClassName = "nfs-client";
|
||||
accessModes = ["ReadWriteOnce"];
|
||||
|
@ -54,15 +61,23 @@ in
|
|||
};
|
||||
};
|
||||
spec = {
|
||||
tls = [ { hosts = [ "chat.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
|
||||
tls = [
|
||||
{
|
||||
hosts = ["chat.gmem.ca"];
|
||||
secretName = "gmem-ca-wildcard";
|
||||
}
|
||||
];
|
||||
rules = [
|
||||
{
|
||||
host = "chat.gmem.ca";
|
||||
http.paths = [
|
||||
{ path = "/"; pathType = "Prefix";
|
||||
{
|
||||
path = "/";
|
||||
pathType = "Prefix";
|
||||
backend.service = {
|
||||
name = appName;
|
||||
port.name = "http"; };
|
||||
port.name = "http";
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
||||
|
@ -76,8 +91,7 @@ in
|
|||
"cert-manager.io/issuer" = "le-issuer";
|
||||
};
|
||||
};
|
||||
data."conduit.toml" =
|
||||
''
|
||||
data."conduit.toml" = ''
|
||||
[global]
|
||||
# The Conduit server needs all /_matrix/ requests to be reachable at
|
||||
# https://your.server.name/ on port 443 (client-server) and 8448 (federation).
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{lib, ...}: {
|
||||
kubernetes.resourceOrder =
|
||||
[ "CustomResourceDefinition"
|
||||
kubernetes.resourceOrder = [
|
||||
"CustomResourceDefinition"
|
||||
"Namespace"
|
||||
"ConfigMap"
|
||||
];
|
||||
|
|
|
@ -26,36 +26,65 @@ let
|
|||
};
|
||||
};
|
||||
in {
|
||||
kubernetes.resources.services = builtins.mapAttrs (name: endpoint: {
|
||||
kubernetes.resources.services =
|
||||
builtins.mapAttrs (name: endpoint: {
|
||||
spec = {
|
||||
ports.${name} = {
|
||||
port = endpoint.port;
|
||||
targetPort = endpoint.port;
|
||||
};
|
||||
};
|
||||
}) endpoints;
|
||||
kubernetes.resources.endpoints = builtins.mapAttrs (name: endpoint: {
|
||||
subsets = [ {
|
||||
})
|
||||
endpoints;
|
||||
kubernetes.resources.endpoints =
|
||||
builtins.mapAttrs (name: endpoint: {
|
||||
subsets = [
|
||||
{
|
||||
addresses = [{ip = endpoint.location;}];
|
||||
ports = [ { name = name; port = endpoint.port; protocol = "TCP"; } ];
|
||||
} ];
|
||||
}) endpoints;
|
||||
kubernetes.resources.ingresses = builtins.mapAttrs (name: endpoint: {
|
||||
metadata = { name = name; annotations = {
|
||||
ports = [
|
||||
{
|
||||
name = name;
|
||||
port = endpoint.port;
|
||||
protocol = "TCP";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
})
|
||||
endpoints;
|
||||
kubernetes.resources.ingresses =
|
||||
builtins.mapAttrs (name: endpoint: {
|
||||
metadata = {
|
||||
name = name;
|
||||
annotations = {
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size" = "10g";
|
||||
"cert-manager.io/issuer" = "le-issuer";
|
||||
"nginx.ingress.kubernetes.io/backend-protocol" = endpoint.protocol;
|
||||
}; };
|
||||
};
|
||||
};
|
||||
spec = {
|
||||
tls = [ { hosts = [ endpoint.host ]; secretName = "gmem-ca-wildcard"; } ];
|
||||
rules = [ { host = endpoint.host; http.paths = [
|
||||
{ path = "/"; pathType = "Prefix";
|
||||
tls = [
|
||||
{
|
||||
hosts = [endpoint.host];
|
||||
secretName = "gmem-ca-wildcard";
|
||||
}
|
||||
];
|
||||
rules = [
|
||||
{
|
||||
host = endpoint.host;
|
||||
http.paths = [
|
||||
{
|
||||
path = "/";
|
||||
pathType = "Prefix";
|
||||
backend.service = {
|
||||
name = name;
|
||||
port.number = endpoint.port;
|
||||
};
|
||||
}
|
||||
];}];
|
||||
};
|
||||
}) endpoints;
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
})
|
||||
endpoints;
|
||||
}
|
||||
|
|
|
@ -1,10 +1,16 @@
|
|||
{ lib, config, kubenix, ... }:
|
||||
let homepage-config = {
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
kubenix,
|
||||
...
|
||||
}: let
|
||||
homepage-config = {
|
||||
bookmarks = [];
|
||||
services = [
|
||||
{
|
||||
Media = [
|
||||
{ Plex = {
|
||||
{
|
||||
Plex = {
|
||||
icon = "plex.png";
|
||||
href = "https://app.plex.tv";
|
||||
description = "Plex";
|
||||
|
@ -15,7 +21,8 @@ let homepage-config = {
|
|||
};
|
||||
};
|
||||
}
|
||||
{ Overseerr = {
|
||||
{
|
||||
Overseerr = {
|
||||
icon = "overseerr.png";
|
||||
href = "https://request-media.gmem.ca";
|
||||
description = "Request movies and TV shows";
|
||||
|
@ -26,7 +33,8 @@ let homepage-config = {
|
|||
};
|
||||
};
|
||||
}
|
||||
{ Transmission = {
|
||||
{
|
||||
Transmission = {
|
||||
icon = "transmission.png";
|
||||
description = "Download progress for torrents";
|
||||
widget = {
|
||||
|
@ -39,25 +47,29 @@ let homepage-config = {
|
|||
}
|
||||
{
|
||||
"Personal Infrastructure" = [
|
||||
{ authentik = {
|
||||
{
|
||||
authentik = {
|
||||
icon = "authentik.png";
|
||||
href = "https://authentik.gmem.ca";
|
||||
description = "OIDC SSO";
|
||||
};
|
||||
}
|
||||
{ Tailscale = {
|
||||
{
|
||||
Tailscale = {
|
||||
icon = "tailscale.png";
|
||||
href = "https://login.tailscale.com";
|
||||
description = "VPN provider";
|
||||
};
|
||||
}
|
||||
{ Git = {
|
||||
{
|
||||
Git = {
|
||||
icon = "forgejo.png";
|
||||
href = "https://git.gmem.ca";
|
||||
description = "Git forge";
|
||||
};
|
||||
}
|
||||
{ Grafana = {
|
||||
{
|
||||
Grafana = {
|
||||
icon = "grafana.png";
|
||||
href = "https://grafana.gmem.ca";
|
||||
description = "Monitoring & metrics";
|
||||
|
@ -69,7 +81,8 @@ let homepage-config = {
|
|||
};
|
||||
};
|
||||
}
|
||||
{ NextDNS = {
|
||||
{
|
||||
NextDNS = {
|
||||
icon = "nextdns.png";
|
||||
href = "https://my.nextdns.io/bcee89/setup";
|
||||
description = "DNS provider";
|
||||
|
@ -80,7 +93,8 @@ let homepage-config = {
|
|||
};
|
||||
};
|
||||
}
|
||||
{ "Proxmox" = {
|
||||
{
|
||||
"Proxmox" = {
|
||||
icon = "proxmox.png";
|
||||
href = "https://proxmox.gmem.ca";
|
||||
description = "Homelab proxmox";
|
||||
|
@ -92,7 +106,8 @@ let homepage-config = {
|
|||
};
|
||||
};
|
||||
}
|
||||
{ "Immich" = {
|
||||
{
|
||||
"Immich" = {
|
||||
icon = "immich.png";
|
||||
href = "https://photos.gmem.ca";
|
||||
description = "Image hosting";
|
||||
|
@ -103,7 +118,8 @@ let homepage-config = {
|
|||
};
|
||||
};
|
||||
}
|
||||
{ "NextDNS Tailscale" = {
|
||||
{
|
||||
"NextDNS Tailscale" = {
|
||||
icon = "nextdns.png";
|
||||
href = "https://my.nextdns.io/74c6db/setup";
|
||||
description = "Tailnet DNS provider";
|
||||
|
@ -118,7 +134,8 @@ let homepage-config = {
|
|||
}
|
||||
{
|
||||
Reading = [
|
||||
{ FreshRSS = {
|
||||
{
|
||||
FreshRSS = {
|
||||
icon = "freshrss.png";
|
||||
href = "https://freshrss.gmem.ca";
|
||||
description = "FreshRSS RSS Reader";
|
||||
|
@ -130,12 +147,14 @@ let homepage-config = {
|
|||
};
|
||||
};
|
||||
}
|
||||
{ "Lobste.rs" = {
|
||||
{
|
||||
"Lobste.rs" = {
|
||||
href = "https://lobste.rs";
|
||||
description = "News aggregator";
|
||||
};
|
||||
}
|
||||
{ "Hacker News" = {
|
||||
{
|
||||
"Hacker News" = {
|
||||
href = "https://news.ycombinator.com";
|
||||
description = "VC news aggregator";
|
||||
};
|
||||
|
@ -144,7 +163,8 @@ let homepage-config = {
|
|||
}
|
||||
{
|
||||
"Floofy.tech Infrastructure" = [
|
||||
{ Mastodon = {
|
||||
{
|
||||
Mastodon = {
|
||||
icon = "mastodon.png";
|
||||
href = "https://floofy.tech";
|
||||
description = "Primary Mastodon instance";
|
||||
|
@ -154,19 +174,22 @@ let homepage-config = {
|
|||
};
|
||||
};
|
||||
}
|
||||
{ Grafana = {
|
||||
{
|
||||
Grafana = {
|
||||
icon = "grafana.png";
|
||||
href = "https://grafana.services.floofy.tech";
|
||||
description = "Metrics and Monitoring";
|
||||
};
|
||||
}
|
||||
{ vSphere = {
|
||||
{
|
||||
vSphere = {
|
||||
icon = "vmware-esxi.png";
|
||||
href = "https://vcenter.services.floofy.tech";
|
||||
description = "Hypervisor Manager";
|
||||
};
|
||||
}
|
||||
{ "vrclub.social" = {
|
||||
{
|
||||
"vrclub.social" = {
|
||||
icon = "calckey.png";
|
||||
href = "https://vrclub.social";
|
||||
description = "Firefish instance for VR clubs";
|
||||
|
@ -176,13 +199,15 @@ let homepage-config = {
|
|||
}
|
||||
{
|
||||
"Tools" = [
|
||||
{ "IT Tools" = {
|
||||
{
|
||||
"IT Tools" = {
|
||||
icon = "it-tools.png";
|
||||
href = "https://tools.gmem.ca";
|
||||
description = "Various useful tools";
|
||||
};
|
||||
}
|
||||
{ Cyberchef = {
|
||||
{
|
||||
Cyberchef = {
|
||||
icon = "cyberchef.png";
|
||||
href = "https://gchq.github.io/CyberChef/";
|
||||
description = "More useful tools, mostly text manipulation";
|
||||
|
@ -192,7 +217,8 @@ let homepage-config = {
|
|||
}
|
||||
{
|
||||
"Backup Status" = [
|
||||
{ "gsimmer backups" = {
|
||||
{
|
||||
"gsimmer backups" = {
|
||||
icon = "healthchecks.png";
|
||||
href = "https://healthchecks.gmem.ca";
|
||||
description = "Uptime monitor for recurring tasks";
|
||||
|
@ -204,7 +230,8 @@ let homepage-config = {
|
|||
};
|
||||
};
|
||||
}
|
||||
{ "becki backups" = {
|
||||
{
|
||||
"becki backups" = {
|
||||
icon = "healthchecks.png";
|
||||
href = "https://healthchecks.gmem.ca";
|
||||
description = "Uptime monitor for recurring tasks";
|
||||
|
@ -216,7 +243,8 @@ let homepage-config = {
|
|||
};
|
||||
};
|
||||
}
|
||||
{ "apps backups" = {
|
||||
{
|
||||
"apps backups" = {
|
||||
icon = "healthchecks.png";
|
||||
href = "https://healthchecks.gmem.ca";
|
||||
description = "Uptime monitor for recurring tasks";
|
||||
|
@ -272,8 +300,7 @@ let homepage-config = {
|
|||
}
|
||||
];
|
||||
};
|
||||
in
|
||||
{
|
||||
in {
|
||||
kubernetes.helm.releases.homepage = {
|
||||
chart = kubenix.lib.helm.fetch {
|
||||
repo = "https://jameswynn.github.io/helm-charts";
|
||||
|
@ -319,7 +346,7 @@ in
|
|||
metadata.namespace = "default";
|
||||
|
||||
spec.template = {
|
||||
metadata.annotations."gmem.ca/homepage-config-hash" = (builtins.hashString "md5" (builtins.toJSON homepage-config));
|
||||
metadata.annotations."gmem.ca/homepage-config-hash" = builtins.hashString "md5" (builtins.toJSON homepage-config);
|
||||
spec.containers.homepage.envFrom = [{secretRef.name = "homepage-config";}];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ lib, config, kubenix, ... }: {
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
kubenix,
|
||||
...
|
||||
}: {
|
||||
kubernetes.helm.releases.immich = {
|
||||
chart = kubenix.lib.helm.fetch {
|
||||
repo = "https://immich-app.github.io/immich-charts";
|
||||
|
@ -24,7 +29,12 @@
|
|||
annotations = {
|
||||
"cert-manager.io/issuer" = "le-issuer";
|
||||
};
|
||||
tls = [ { hosts = [ "photos.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
|
||||
tls = [
|
||||
{
|
||||
hosts = ["photos.gmem.ca"];
|
||||
secretName = "gmem-ca-wildcard";
|
||||
}
|
||||
];
|
||||
hosts = [
|
||||
{
|
||||
host = "photos.gmem.ca";
|
||||
|
|
|
@ -2,8 +2,7 @@ let
|
|||
appName = "soju";
|
||||
sojuImage = "git.gmem.ca/arch/soju:latest";
|
||||
gamjaImage = "git.gmem.ca/arch/gamja:latest";
|
||||
in
|
||||
{
|
||||
in {
|
||||
kubernetes.resources.services.soju = {
|
||||
spec = {
|
||||
type = "NodePort";
|
||||
|
@ -45,8 +44,17 @@ in
|
|||
soju = {
|
||||
image = sojuImage;
|
||||
imagePullPolicy = "Always";
|
||||
volumeMounts = [ { name = "config"; mountPath = "/etc/soju/config"; subPath = "config"; }
|
||||
{ name = "ssl"; mountPath = "/ssl"; } ];
|
||||
volumeMounts = [
|
||||
{
|
||||
name = "config";
|
||||
mountPath = "/etc/soju/config";
|
||||
subPath = "config";
|
||||
}
|
||||
{
|
||||
name = "ssl";
|
||||
mountPath = "/ssl";
|
||||
}
|
||||
];
|
||||
ports.tls.containerPort = 6697;
|
||||
ports.ws.containerPort = 80;
|
||||
|
||||
|
@ -92,21 +100,35 @@ in
|
|||
"cert-manager.io/issuer" = "le-issuer";
|
||||
};
|
||||
spec = {
|
||||
tls = [ { hosts = [ "irc.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
|
||||
rules = [ { host = "irc.gmem.ca"; http.paths = [
|
||||
{ path = "/"; pathType = "Prefix";
|
||||
tls = [
|
||||
{
|
||||
hosts = ["irc.gmem.ca"];
|
||||
secretName = "gmem-ca-wildcard";
|
||||
}
|
||||
];
|
||||
rules = [
|
||||
{
|
||||
host = "irc.gmem.ca";
|
||||
http.paths = [
|
||||
{
|
||||
path = "/";
|
||||
pathType = "Prefix";
|
||||
backend.service = {
|
||||
name = "gamja";
|
||||
port.number = 80;
|
||||
};
|
||||
}
|
||||
{ path = "/socket"; pathType = "Prefix";
|
||||
{
|
||||
path = "/socket";
|
||||
pathType = "Prefix";
|
||||
backend.service = {
|
||||
name = "soju-ws";
|
||||
port.number = 80;
|
||||
};
|
||||
}
|
||||
];}];
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -1,5 +1,12 @@
|
|||
{ lib, config, kubenix, ... }: {
|
||||
imports = [ kubenix.modules.k8s kubenix.modules.helm
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
kubenix,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
kubenix.modules.k8s
|
||||
kubenix.modules.helm
|
||||
(import ./custom.nix)
|
||||
(import ./nginx.nix)
|
||||
(import ./tclip.nix)
|
||||
|
|
|
@ -1,8 +1,7 @@
|
|||
let
|
||||
appName = "netbootxyz";
|
||||
netbootxyzImage = "ghcr.io/netbootxyz/netbootxyz";
|
||||
in
|
||||
{
|
||||
in {
|
||||
kubernetes.resources.services.netbootxyz = {
|
||||
spec = {
|
||||
selector.app = appName;
|
||||
|
@ -35,16 +34,28 @@ in
|
|||
metadata.labels.app = appName;
|
||||
spec = {
|
||||
volumes = [
|
||||
{ name = "config"; persistentVolumeClaim.claimName = "netbootxyz-config"; }
|
||||
{ name = "assets"; persistentVolumeClaim.claimName = "netbootxyz-assets"; }
|
||||
{
|
||||
name = "config";
|
||||
persistentVolumeClaim.claimName = "netbootxyz-config";
|
||||
}
|
||||
{
|
||||
name = "assets";
|
||||
persistentVolumeClaim.claimName = "netbootxyz-assets";
|
||||
}
|
||||
];
|
||||
containers = {
|
||||
netbootxyz = {
|
||||
image = netbootxyzImage;
|
||||
imagePullPolicy = "Always";
|
||||
volumeMounts = [
|
||||
{ mountPath = "/config"; name = "config"; }
|
||||
{ mountPath = "/assets"; name = "assets"; }
|
||||
{
|
||||
mountPath = "/config";
|
||||
name = "config";
|
||||
}
|
||||
{
|
||||
mountPath = "/assets";
|
||||
name = "assets";
|
||||
}
|
||||
];
|
||||
env.SUBFOLDER.value = "/ui/";
|
||||
ports.http.containerPort = 80;
|
||||
|
@ -76,22 +87,35 @@ in
|
|||
"nginx.ingress.kubernetes.io/ssl-redirect" = "false";
|
||||
};
|
||||
spec = {
|
||||
tls = [ { hosts = [ "netboot.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
|
||||
rules = [ { host = "netboot.gmem.ca"; http.paths = [
|
||||
{ path = "/ui"; pathType = "Prefix";
|
||||
tls = [
|
||||
{
|
||||
hosts = ["netboot.gmem.ca"];
|
||||
secretName = "gmem-ca-wildcard";
|
||||
}
|
||||
];
|
||||
rules = [
|
||||
{
|
||||
host = "netboot.gmem.ca";
|
||||
http.paths = [
|
||||
{
|
||||
path = "/ui";
|
||||
pathType = "Prefix";
|
||||
backend.service = {
|
||||
name = "netbootxyz";
|
||||
port.number = 3000;
|
||||
};
|
||||
}
|
||||
{ path = "/"; pathType = "Prefix";
|
||||
{
|
||||
path = "/";
|
||||
pathType = "Prefix";
|
||||
backend.service = {
|
||||
name = "netbootxyz";
|
||||
port.number = 80;
|
||||
};
|
||||
}
|
||||
];}];
|
||||
};
|
||||
};
|
||||
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ lib, config, kubenix, ... }: {
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
kubenix,
|
||||
...
|
||||
}: {
|
||||
kubernetes.helm.releases.ingress-nginx = {
|
||||
namespace = "ingress-nginx";
|
||||
chart = kubenix.lib.helm.fetch {
|
||||
|
|
|
@ -1,8 +1,7 @@
|
|||
let
|
||||
appName = "overseerr";
|
||||
appImage = "sctx/overseerr";
|
||||
in
|
||||
{
|
||||
in {
|
||||
kubernetes.resources.services.overseerr = {
|
||||
spec = {
|
||||
selector.app = appName;
|
||||
|
@ -25,7 +24,10 @@ in
|
|||
overseerr = {
|
||||
image = appImage;
|
||||
volumeMounts = [
|
||||
{ name = "data"; mountPath = "/app/config"; }
|
||||
{
|
||||
name = "data";
|
||||
mountPath = "/app/config";
|
||||
}
|
||||
];
|
||||
ports.metrics.containerPort = 5055;
|
||||
resources = {
|
||||
|
@ -43,7 +45,8 @@ in
|
|||
};
|
||||
};
|
||||
volumeClaimTemplates = [
|
||||
{ metadata.name = "data";
|
||||
{
|
||||
metadata.name = "data";
|
||||
spec = {
|
||||
storageClassName = "nfs-client";
|
||||
accessModes = ["ReadWriteOnce"];
|
||||
|
@ -60,15 +63,23 @@ in
|
|||
};
|
||||
};
|
||||
spec = {
|
||||
tls = [ { hosts = [ "request-media.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
|
||||
tls = [
|
||||
{
|
||||
hosts = ["request-media.gmem.ca"];
|
||||
secretName = "gmem-ca-wildcard";
|
||||
}
|
||||
];
|
||||
rules = [
|
||||
{
|
||||
host = "request-media.gmem.ca";
|
||||
http.paths = [
|
||||
{ path = "/"; pathType = "Prefix";
|
||||
{
|
||||
path = "/";
|
||||
pathType = "Prefix";
|
||||
backend.service = {
|
||||
name = appName;
|
||||
port.name = "http"; };
|
||||
port.name = "http";
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ lib, config, kubenix, ... }: {
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
kubenix,
|
||||
...
|
||||
}: {
|
||||
kubernetes.helm.releases.piped = {
|
||||
namespace = "default";
|
||||
chart = kubenix.lib.helm.fetch {
|
||||
|
@ -23,21 +28,45 @@
|
|||
fontend.env.BACKEND_HOSTNAME = "pipedapi.gmem.ca";
|
||||
ingress = {
|
||||
main = {
|
||||
tls = [ { hosts = [ "piped.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
|
||||
tls = [
|
||||
{
|
||||
hosts = ["piped.gmem.ca"];
|
||||
secretName = "gmem-ca-wildcard";
|
||||
}
|
||||
];
|
||||
hosts = [
|
||||
{ host = "piped.gmem.ca"; paths = [ { path = "/"; } ]; }
|
||||
{
|
||||
host = "piped.gmem.ca";
|
||||
paths = [{path = "/";}];
|
||||
}
|
||||
];
|
||||
};
|
||||
backend = {
|
||||
tls = [ { hosts = [ "pipedapi.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
|
||||
tls = [
|
||||
{
|
||||
hosts = ["pipedapi.gmem.ca"];
|
||||
secretName = "gmem-ca-wildcard";
|
||||
}
|
||||
];
|
||||
hosts = [
|
||||
{ host = "pipedapi.gmem.ca"; paths = [ { path = "/"; } ]; }
|
||||
{
|
||||
host = "pipedapi.gmem.ca";
|
||||
paths = [{path = "/";}];
|
||||
}
|
||||
];
|
||||
};
|
||||
ytproxy = {
|
||||
tls = [ { hosts = [ "ytproxy.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
|
||||
tls = [
|
||||
{
|
||||
hosts = ["ytproxy.gmem.ca"];
|
||||
secretName = "gmem-ca-wildcard";
|
||||
}
|
||||
];
|
||||
hosts = [
|
||||
{ host = "ytproxy.gmem.ca"; paths = [ { path = "/"; } ]; }
|
||||
{
|
||||
host = "ytproxy.gmem.ca";
|
||||
paths = [{path = "/";}];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -2,7 +2,12 @@ let
|
|||
appName = "pterodactyl-panel";
|
||||
pterodactyl-panel-Image = "git.gmem.ca/arch/pterodactyl-panel:latest";
|
||||
in
|
||||
{ lib, config, kubenix, ... }: {
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
kubenix,
|
||||
...
|
||||
}: {
|
||||
kubernetes.resources.services.pterodactyl-panel = {
|
||||
spec = {
|
||||
selector.app = appName;
|
||||
|
@ -24,7 +29,10 @@ in
|
|||
imagePullPolicy = "Always";
|
||||
ports.http.containerPort = 8080;
|
||||
volumeMounts = [
|
||||
{ name = "data"; mountPath = "/var/www/pterodactyl/storage/app"; }
|
||||
{
|
||||
name = "data";
|
||||
mountPath = "/var/www/pterodactyl/storage/app";
|
||||
}
|
||||
];
|
||||
envFrom = [{secretRef.name = "pterodactyl";}];
|
||||
};
|
||||
|
@ -32,7 +40,8 @@ in
|
|||
};
|
||||
};
|
||||
volumeClaimTemplates = [
|
||||
{ metadata.name = "data";
|
||||
{
|
||||
metadata.name = "data";
|
||||
spec = {
|
||||
storageClassName = "nfs-client";
|
||||
accessModes = ["ReadWriteOnce"];
|
||||
|
@ -61,15 +70,23 @@ in
|
|||
};
|
||||
};
|
||||
spec = {
|
||||
tls = [ { hosts = [ "games.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
|
||||
tls = [
|
||||
{
|
||||
hosts = ["games.gmem.ca"];
|
||||
secretName = "gmem-ca-wildcard";
|
||||
}
|
||||
];
|
||||
rules = [
|
||||
{
|
||||
host = "games.gmem.ca";
|
||||
http.paths = [
|
||||
{ path = "/"; pathType = "Prefix";
|
||||
{
|
||||
path = "/";
|
||||
pathType = "Prefix";
|
||||
backend.service = {
|
||||
name = appName;
|
||||
port.name = "http"; };
|
||||
port.name = "http";
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
||||
|
|
|
@ -2,12 +2,16 @@ let
|
|||
appName = "tclip";
|
||||
litestreamImage = "litestream/litestream:sha-749bc0d";
|
||||
tclipImage = "git.gmem.ca/arch/tclip:arm";
|
||||
in
|
||||
{
|
||||
in {
|
||||
kubernetes.resources."monitoring.coreos.com"."v1".ServiceMonitor.tclip = {
|
||||
spec = {
|
||||
selector.matchLabels.app = appName;
|
||||
endpoints = [ { port = "metrics"; interval = "30s"; } ];
|
||||
endpoints = [
|
||||
{
|
||||
port = "metrics";
|
||||
interval = "30s";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
kubernetes.resources.services.tclip = {
|
||||
|
@ -38,8 +42,15 @@ in
|
|||
image = litestreamImage;
|
||||
args = ["restore" "-if-db-not-exists" "-if-replica-exists" "-v" "/data/data.db"];
|
||||
volumeMounts = [
|
||||
{ name = "data"; mountPath = "/data"; }
|
||||
{ name = "litestream"; mountPath = "/etc/litestream.yml"; subPath = "tclip.yml"; }
|
||||
{
|
||||
name = "data";
|
||||
mountPath = "/data";
|
||||
}
|
||||
{
|
||||
name = "litestream";
|
||||
mountPath = "/etc/litestream.yml";
|
||||
subPath = "tclip.yml";
|
||||
}
|
||||
];
|
||||
envFrom = [{secretRef.name = "tclip-litestream-s3";}];
|
||||
};
|
||||
|
@ -47,18 +58,36 @@ in
|
|||
tclip = {
|
||||
image = tclipImage;
|
||||
imagePullPolicy = "Always";
|
||||
volumeMounts = [ { name = "data"; mountPath = "/data"; } ];
|
||||
volumeMounts = [
|
||||
{
|
||||
name = "data";
|
||||
mountPath = "/data";
|
||||
}
|
||||
];
|
||||
env = [
|
||||
{ name = "DATA_DIR"; value = "/data"; }
|
||||
{ name = "USE_FUNNEL"; value = "true"; }
|
||||
{
|
||||
name = "DATA_DIR";
|
||||
value = "/data";
|
||||
}
|
||||
{
|
||||
name = "USE_FUNNEL";
|
||||
value = "true";
|
||||
}
|
||||
];
|
||||
};
|
||||
litestream = {
|
||||
image = litestreamImage;
|
||||
args = ["replicate"];
|
||||
volumeMounts = [
|
||||
{ name = "data"; mountPath = "/data"; }
|
||||
{ name = "litestream"; mountPath = "/etc/litestream.yml"; subPath = "tclip.yml"; }
|
||||
{
|
||||
name = "data";
|
||||
mountPath = "/data";
|
||||
}
|
||||
{
|
||||
name = "litestream";
|
||||
mountPath = "/etc/litestream.yml";
|
||||
subPath = "tclip.yml";
|
||||
}
|
||||
];
|
||||
envFrom = [{secretRef.name = "tclip-litestream-s3";}];
|
||||
ports.metrics.containerPort = 9090;
|
||||
|
@ -67,7 +96,8 @@ in
|
|||
};
|
||||
};
|
||||
volumeClaimTemplates = [
|
||||
{ metadata.name = "data";
|
||||
{
|
||||
metadata.name = "data";
|
||||
spec = {
|
||||
storageClassName = "nfs-client";
|
||||
accessModes = ["ReadWriteOnce"];
|
||||
|
|
|
@ -1,12 +1,16 @@
|
|||
let
|
||||
appName = "vrchat-prometheus-exporter";
|
||||
appImage = "git.gmem.ca/arch/vrchat-prometheus-adapter:arm";
|
||||
in
|
||||
{
|
||||
in {
|
||||
kubernetes.resources."monitoring.coreos.com"."v1".ServiceMonitor.vrchat-prometheus-adapter = {
|
||||
spec = {
|
||||
selector.matchLabels.app = appName;
|
||||
endpoints = [ { port = "metrics"; interval = "60s"; } ];
|
||||
endpoints = [
|
||||
{
|
||||
port = "metrics";
|
||||
interval = "60s";
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
kubernetes.resources.services.vrchat-prometheus-adapter = {
|
||||
|
@ -35,7 +39,13 @@ in
|
|||
vrchat-prometheus-adapter = {
|
||||
image = appImage;
|
||||
imagePullPolicy = "Always";
|
||||
volumeMounts = [ { name = "config"; mountPath = "/config.toml"; subPath = "config.toml"; } ];
|
||||
volumeMounts = [
|
||||
{
|
||||
name = "config";
|
||||
mountPath = "/config.toml";
|
||||
subPath = "config.toml";
|
||||
}
|
||||
];
|
||||
envFrom = [{secretRef.name = "vrchat-prometheus-adapter";}];
|
||||
ports.metrics.containerPort = 6534;
|
||||
resources = {
|
||||
|
|
|
@ -1,8 +1,10 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware.nix
|
||||
];
|
||||
|
||||
|
@ -21,7 +23,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
|
||||
swapDevices = [
|
||||
{
|
||||
device = "/var/lib/swapfile";
|
||||
|
@ -72,7 +73,8 @@
|
|||
url = "https://gmem.ca/ssh";
|
||||
hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
|
||||
};
|
||||
in pkgs.lib.splitString "\n" (builtins.readFile
|
||||
in
|
||||
pkgs.lib.splitString "\n" (builtins.readFile
|
||||
authorizedKeys);
|
||||
};
|
||||
|
||||
|
@ -108,5 +110,4 @@
|
|||
};
|
||||
|
||||
system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT?
|
||||
|
||||
}
|
||||
|
|
|
@ -1,11 +1,15 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
modulesPath,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = ["xhci_pci" "uas"];
|
||||
|
@ -13,8 +17,8 @@
|
|||
boot.kernelModules = [];
|
||||
boot.extraModulePackages = [];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
# WARN: this file will get overwritten by $ cachix use <name>
|
||||
{ pkgs, lib, ... }:
|
||||
|
||||
let
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}: let
|
||||
folder = ./cachix;
|
||||
toImport = name: value: folder + ("/" + name);
|
||||
filterCaches = key: value: value == "regular" && lib.hasSuffix ".nix" key;
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
|
||||
|
@ -48,8 +49,18 @@
|
|||
networkmanager.enable = true;
|
||||
firewall = {
|
||||
enable = true;
|
||||
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
|
||||
allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
|
||||
allowedUDPPortRanges = [
|
||||
{
|
||||
from = 27031;
|
||||
to = 27036;
|
||||
}
|
||||
];
|
||||
allowedTCPPortRanges = [
|
||||
{
|
||||
from = 27036;
|
||||
to = 27037;
|
||||
}
|
||||
];
|
||||
allowedTCPPorts = [7000 7100 7001 22000 8000 3000 9943 9944];
|
||||
allowedUDPPorts = [69 6000 6001 7011 41641 3478 22000 21027 9943 9944];
|
||||
trustedInterfaces = ["enp4s0" "tailscale0" "docker0"];
|
||||
|
@ -72,10 +83,13 @@
|
|||
positions = {
|
||||
filename = "/tmp/positions.yaml";
|
||||
};
|
||||
clients = [{
|
||||
clients = [
|
||||
{
|
||||
url = "http://monitoring:3030/loki/api/v1/push";
|
||||
}];
|
||||
scrape_configs = [{
|
||||
}
|
||||
];
|
||||
scrape_configs = [
|
||||
{
|
||||
job_name = "journal";
|
||||
journal = {
|
||||
max_age = "12h";
|
||||
|
@ -84,11 +98,14 @@
|
|||
host = "london";
|
||||
};
|
||||
};
|
||||
relabel_configs = [{
|
||||
relabel_configs = [
|
||||
{
|
||||
source_labels = ["__journal__systemd_unit"];
|
||||
target_label = "unit";
|
||||
}];
|
||||
}];
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
fwupd.enable = true;
|
||||
|
@ -105,7 +122,8 @@
|
|||
enable = true;
|
||||
listenAddress = "100.110.180.123";
|
||||
enabledCollectors = [
|
||||
"systemd" "processes"
|
||||
"systemd"
|
||||
"processes"
|
||||
];
|
||||
};
|
||||
dbus.enable = true;
|
||||
|
@ -276,5 +294,4 @@
|
|||
rtkit.enable = true;
|
||||
};
|
||||
system.stateVersion = "23.05"; # Did you read the comment?
|
||||
|
||||
}
|
||||
|
|
|
@ -1,23 +1,31 @@
|
|||
{ config, pkgs, callPackage, lib, ... }:
|
||||
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
callPackage,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
nixpkgs = {
|
||||
config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
|
||||
config.allowUnfreePredicate = pkg:
|
||||
builtins.elem (lib.getName pkg) [
|
||||
"parsec-bin"
|
||||
"discord"
|
||||
];
|
||||
config.allowUnfree = true;
|
||||
overlays =
|
||||
let
|
||||
overlays = let
|
||||
discordOverlay = self: super: {
|
||||
discord = super.discord.override { withVencord = true; withOpenASAR = true; };
|
||||
discord = super.discord.override {
|
||||
withVencord = true;
|
||||
withOpenASAR = true;
|
||||
};
|
||||
in
|
||||
[
|
||||
};
|
||||
in [
|
||||
(import (builtins.fetchTarball {
|
||||
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
|
||||
sha256 = "1nglxrfynyjmqfzz81y4idc40c6rbsaa4jb4ishiwibdkh85nyf6";
|
||||
})) discordOverlay];
|
||||
}))
|
||||
discordOverlay
|
||||
];
|
||||
};
|
||||
home = {
|
||||
username = "gsimmer";
|
||||
|
|
|
@ -1,11 +1,15 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
modulesPath,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = ["nvme" "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod"];
|
||||
|
@ -13,18 +17,18 @@
|
|||
boot.kernelModules = ["kvm-amd"];
|
||||
boot.extraModulePackages = [];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/736c20e1-f11a-4af7-88f2-bba7b0f09939";
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/736c20e1-f11a-4af7-88f2-bba7b0f09939";
|
||||
fsType = "xfs";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/2A2C-A8CE";
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/2A2C-A8CE";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/41c7d0e1-e015-4d78-a0fb-f039a7f648ef"; }
|
||||
swapDevices = [
|
||||
{device = "/dev/disk/by-uuid/41c7d0e1-e015-4d78-a0fb-f039a7f648ef";}
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
|
|
|
@ -1,9 +1,12 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
rev = "master"; # 'rev' could be a git rev, to pin the overlay.
|
||||
url = "https://github.com/nix-community/nixpkgs-wayland/archive/${rev}.tar.gz";
|
||||
waylandOverlay = (import "${builtins.fetchTarball url}/overlay.nix");
|
||||
in
|
||||
{
|
||||
waylandOverlay = import "${builtins.fetchTarball url}/overlay.nix";
|
||||
in {
|
||||
nixpkgs.overlays = [waylandOverlay];
|
||||
}
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
./hardware.nix
|
||||
./networking.nix # generated at runtime by nixos-infect
|
||||
|
@ -104,7 +106,8 @@
|
|||
};
|
||||
|
||||
schema_config = {
|
||||
configs = [{
|
||||
configs = [
|
||||
{
|
||||
from = "2022-06-06";
|
||||
store = "boltdb-shipper";
|
||||
object_store = "filesystem";
|
||||
|
@ -113,7 +116,8 @@
|
|||
prefix = "index_";
|
||||
period = "24h";
|
||||
};
|
||||
}];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
storage_config = {
|
||||
|
@ -164,10 +168,13 @@
|
|||
positions = {
|
||||
filename = "/tmp/positions.yaml";
|
||||
};
|
||||
clients = [{
|
||||
clients = [
|
||||
{
|
||||
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
|
||||
}];
|
||||
scrape_configs = [{
|
||||
}
|
||||
];
|
||||
scrape_configs = [
|
||||
{
|
||||
job_name = "journal";
|
||||
journal = {
|
||||
max_age = "12h";
|
||||
|
@ -176,11 +183,14 @@
|
|||
host = "monitoring";
|
||||
};
|
||||
};
|
||||
relabel_configs = [{
|
||||
relabel_configs = [
|
||||
{
|
||||
source_labels = ["__journal__systemd_unit"];
|
||||
target_label = "unit";
|
||||
}];
|
||||
}];
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
services.alertmanager-ntfy = {
|
||||
|
@ -211,18 +221,23 @@
|
|||
globalConfig = {
|
||||
scrape_interval = "15s";
|
||||
};
|
||||
alertmanagers = [ {
|
||||
alertmanagers = [
|
||||
{
|
||||
basic_auth = {
|
||||
username = "homelab";
|
||||
password_file = config.age.secrets.prometheus-password-secret.path;
|
||||
};
|
||||
static_configs = [ {
|
||||
static_configs = [
|
||||
{
|
||||
targets = [
|
||||
"localhost:9093"
|
||||
];
|
||||
} ];
|
||||
} ];
|
||||
rules = [(builtins.toJSON {
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
rules = [
|
||||
(builtins.toJSON {
|
||||
groups = [
|
||||
{
|
||||
name = "internet_connection";
|
||||
|
@ -255,8 +270,10 @@
|
|||
};
|
||||
}
|
||||
];
|
||||
}];
|
||||
})];
|
||||
}
|
||||
];
|
||||
})
|
||||
];
|
||||
alertmanager = {
|
||||
enable = true;
|
||||
extraFlags = ["--web.config.file=${config.age.secrets.prometheus-webconfig-secret.path}"];
|
||||
|
@ -331,16 +348,28 @@
|
|||
params = {"modules" = ["http_2xx"];};
|
||||
static_configs = [{targets = ["google.com" "gabrielsimmer.com" "artbybecki.com"];}];
|
||||
relabel_configs = [
|
||||
{ source_labels = ["__address__"]; target_label = "__param_target"; }
|
||||
{ source_labels = ["__param_target"]; target_label = "instance"; }
|
||||
{ source_labels = []; target_label = "__address__"; replacement = "vancouver:9115"; } ];
|
||||
{
|
||||
source_labels = ["__address__"];
|
||||
target_label = "__param_target";
|
||||
}
|
||||
{
|
||||
source_labels = ["__param_target"];
|
||||
target_label = "instance";
|
||||
}
|
||||
{
|
||||
source_labels = [];
|
||||
target_label = "__address__";
|
||||
replacement = "vancouver:9115";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
exporters.node = {
|
||||
enable = true;
|
||||
listenAddress = "127.0.0.1";
|
||||
enabledCollectors = [
|
||||
"systemd" "processes"
|
||||
"systemd"
|
||||
"processes"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,14 +1,18 @@
|
|||
{ modulesPath, ... }:
|
||||
{
|
||||
{modulesPath, ...}: {
|
||||
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
|
||||
boot.loader.grub = {
|
||||
efiSupport = true;
|
||||
efiInstallAsRemovable = true;
|
||||
device = "nodev";
|
||||
};
|
||||
fileSystems."/boot" = { device = "/dev/disk/by-uuid/77CF-345D"; fsType = "vfat"; };
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/77CF-345D";
|
||||
fsType = "vfat";
|
||||
};
|
||||
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
|
||||
boot.initrd.kernelModules = ["nvme"];
|
||||
fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/sda1";
|
||||
fsType = "ext4";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -2,7 +2,8 @@
|
|||
# This file was populated at runtime with the networking
|
||||
# details gathered from the active system.
|
||||
networking = {
|
||||
nameservers = [ "8.8.8.8"
|
||||
nameservers = [
|
||||
"8.8.8.8"
|
||||
];
|
||||
defaultGateway = "172.31.1.1";
|
||||
defaultGateway6 = {
|
||||
|
@ -14,16 +15,34 @@
|
|||
interfaces = {
|
||||
eth0 = {
|
||||
ipv4.addresses = [
|
||||
{ address="91.107.206.145"; prefixLength=32; }
|
||||
{
|
||||
address = "91.107.206.145";
|
||||
prefixLength = 32;
|
||||
}
|
||||
];
|
||||
ipv6.addresses = [
|
||||
{ address="2a01:4f8:c012:5ec6::1"; prefixLength=64; }
|
||||
{ address="fe80::9400:2ff:fe83:3979"; prefixLength=64; }
|
||||
{
|
||||
address = "2a01:4f8:c012:5ec6::1";
|
||||
prefixLength = 64;
|
||||
}
|
||||
{
|
||||
address = "fe80::9400:2ff:fe83:3979";
|
||||
prefixLength = 64;
|
||||
}
|
||||
];
|
||||
ipv4.routes = [
|
||||
{
|
||||
address = "172.31.1.1";
|
||||
prefixLength = 32;
|
||||
}
|
||||
];
|
||||
ipv6.routes = [
|
||||
{
|
||||
address = "fe80::1";
|
||||
prefixLength = 128;
|
||||
}
|
||||
];
|
||||
ipv4.routes = [ { address = "172.31.1.1"; prefixLength = 32; } ];
|
||||
ipv6.routes = [ { address = "fe80::1"; prefixLength = 128; } ];
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
services.udev.extraRules = ''
|
||||
|
|
|
@ -1,8 +1,10 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware.nix
|
||||
];
|
||||
|
||||
|
@ -58,10 +60,13 @@
|
|||
positions = {
|
||||
filename = "/tmp/positions.yaml";
|
||||
};
|
||||
clients = [{
|
||||
clients = [
|
||||
{
|
||||
url = "http://monitoring:3030/loki/api/v1/push";
|
||||
}];
|
||||
scrape_configs = [{
|
||||
}
|
||||
];
|
||||
scrape_configs = [
|
||||
{
|
||||
job_name = "journal";
|
||||
journal = {
|
||||
max_age = "12h";
|
||||
|
@ -70,11 +75,14 @@
|
|||
host = "vancouver";
|
||||
};
|
||||
};
|
||||
relabel_configs = [{
|
||||
relabel_configs = [
|
||||
{
|
||||
source_labels = ["__journal__systemd_unit"];
|
||||
target_label = "unit";
|
||||
}];
|
||||
}];
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
restic = {
|
||||
|
@ -187,7 +195,9 @@
|
|||
enable = true;
|
||||
listenAddress = "100.116.48.47";
|
||||
enabledCollectors = [
|
||||
"systemd" "zfs" "processes"
|
||||
"systemd"
|
||||
"zfs"
|
||||
"processes"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
@ -282,8 +292,7 @@
|
|||
addSSL = true;
|
||||
acmeRoot = null;
|
||||
locations."/" = {
|
||||
extraConfig =
|
||||
''
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
|
@ -447,7 +456,8 @@
|
|||
url = "https://gmem.ca/ssh";
|
||||
hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
|
||||
};
|
||||
in pkgs.lib.splitString "\n" (builtins.readFile
|
||||
in
|
||||
pkgs.lib.splitString "\n" (builtins.readFile
|
||||
authorizedKeys);
|
||||
};
|
||||
becki = {
|
||||
|
@ -460,7 +470,8 @@
|
|||
url = "https://gmem.ca/ssh";
|
||||
hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
|
||||
};
|
||||
in pkgs.lib.splitString "\n" (builtins.readFile
|
||||
in
|
||||
pkgs.lib.splitString "\n" (builtins.readFile
|
||||
authorizedKeys);
|
||||
};
|
||||
|
||||
|
|
|
@ -1,11 +1,15 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
modulesPath,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = ["nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod"];
|
||||
|
@ -13,18 +17,18 @@
|
|||
boot.kernelModules = ["kvm-amd"];
|
||||
boot.extraModulePackages = [];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/c099cd1d-75a0-42ee-bffa-1e92cd241064";
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/c099cd1d-75a0-42ee-bffa-1e92cd241064";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/77EB-F216";
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/77EB-F216";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/6e19c559-000a-4ba4-b68c-7ec0794f45e4"; }
|
||||
swapDevices = [
|
||||
{device = "/dev/disk/by-uuid/6e19c559-000a-4ba4-b68c-7ec0794f45e4";}
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
|
|
|
@ -1,6 +1,9 @@
|
|||
{ config, pkgs, callPackage, ... }:
|
||||
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
callPackage,
|
||||
...
|
||||
}: {
|
||||
home.username = "gsimmer";
|
||||
home.homeDirectory = "/tank/gsimmer";
|
||||
|
||||
|
|
|
@ -1,44 +1,47 @@
|
|||
{ lib
|
||||
, fetchurl
|
||||
, installShellFiles
|
||||
, makeWrapper
|
||||
, terraform
|
||||
, stdenvNoCC
|
||||
, unzip
|
||||
}:
|
||||
let
|
||||
{
|
||||
lib,
|
||||
fetchurl,
|
||||
installShellFiles,
|
||||
makeWrapper,
|
||||
terraform,
|
||||
stdenvNoCC,
|
||||
unzip,
|
||||
}: let
|
||||
inherit (stdenvNoCC.hostPlatform) system;
|
||||
in
|
||||
|
||||
stdenvNoCC.mkDerivation rec {
|
||||
pname = "coder";
|
||||
version = "2.3.3";
|
||||
|
||||
src = fetchurl {
|
||||
sha256 = {
|
||||
sha256 =
|
||||
{
|
||||
x86_64-linux = "sha256-3gO71Eii3KBjn/oQ1Q3OCJ7S6H12iDYjOfqf43ph1nQ=";
|
||||
x86_64-darwin = lib.fakeHash;
|
||||
aarch64-linux = "sha256-v7S22I62EKPcHO9yZGciKKftRlzIowfAeVgnccOdlSs=";
|
||||
aarch64-darwin = "";
|
||||
}.${system};
|
||||
}
|
||||
.${system};
|
||||
|
||||
url =
|
||||
let
|
||||
systemName = {
|
||||
url = let
|
||||
systemName =
|
||||
{
|
||||
x86_64-linux = "linux_amd64";
|
||||
aarch64-linux = "linux_arm64";
|
||||
x86_64-darwin = "darwin_amd64";
|
||||
aarch64-darwin = "darwin_arm64";
|
||||
}.${system};
|
||||
}
|
||||
.${system};
|
||||
|
||||
ext = {
|
||||
ext =
|
||||
{
|
||||
x86_64-linux = "tar.gz";
|
||||
aarch64-linux = "tar.gz";
|
||||
x86_64-darwin = "zip";
|
||||
aarch64-darwin = "zip";
|
||||
}.${system};
|
||||
in
|
||||
"https://github.com/coder/coder/releases/download/v${version}/coder_${version}_${systemName}.${ext}";
|
||||
}
|
||||
.${system};
|
||||
in "https://github.com/coder/coder/releases/download/v${version}/coder_${version}_${systemName}.${ext}";
|
||||
};
|
||||
|
||||
nativeBuildInputs = [
|
||||
|
|
|
@ -1,8 +1,10 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware.nix
|
||||
];
|
||||
|
||||
|
@ -60,7 +62,8 @@
|
|||
url = "https://gmem.ca/ssh";
|
||||
hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
|
||||
};
|
||||
in pkgs.lib.splitString "\n" (builtins.readFile
|
||||
in
|
||||
pkgs.lib.splitString "\n" (builtins.readFile
|
||||
authorizedKeys);
|
||||
};
|
||||
virtualisation = {
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ modulesPath, ... }:
|
||||
{
|
||||
{modulesPath, ...}: {
|
||||
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
|
||||
boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
||||
boot.loader.grub = {
|
||||
|
@ -7,9 +6,14 @@
|
|||
efiInstallAsRemovable = true;
|
||||
device = "nodev";
|
||||
};
|
||||
fileSystems."/boot/efi" = { device = "/dev/disk/by-uuid/CC2E-AEC0"; fsType = "vfat"; };
|
||||
fileSystems."/boot/efi" = {
|
||||
device = "/dev/disk/by-uuid/CC2E-AEC0";
|
||||
fsType = "vfat";
|
||||
};
|
||||
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
|
||||
boot.initrd.kernelModules = ["nvme"];
|
||||
fileSystems."/" = { device = "/dev/mapper/ocivolume-root"; fsType = "xfs"; };
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/mapper/ocivolume-root";
|
||||
fsType = "xfs";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,8 +1,10 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware.nix
|
||||
];
|
||||
|
||||
|
@ -36,8 +38,14 @@
|
|||
checkReversePath = "loose";
|
||||
allowedTCPPorts = [80 443 1935];
|
||||
allowedUDPPortRanges = [
|
||||
{ from = 4000; to = 4007; }
|
||||
{ from = 8000; to = 8010; }
|
||||
{
|
||||
from = 4000;
|
||||
to = 4007;
|
||||
}
|
||||
{
|
||||
from = 8000;
|
||||
to = 8010;
|
||||
}
|
||||
];
|
||||
allowedUDPPorts = [41641 1935];
|
||||
enable = true;
|
||||
|
@ -53,7 +61,8 @@
|
|||
url = "https://gmem.ca/ssh";
|
||||
sha256 = "0vm0q5fzx55mmgw7md430c20rvywmknmpvnkffx9szlm0l74bypc";
|
||||
};
|
||||
in pkgs.lib.splitString "\n" (builtins.readFile
|
||||
in
|
||||
pkgs.lib.splitString "\n" (builtins.readFile
|
||||
authorizedKeys);
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
@ -93,8 +102,7 @@
|
|||
proxyPass = "http://127.0.0.1:8080";
|
||||
proxyWebsockets = true;
|
||||
|
||||
extraConfig =
|
||||
''
|
||||
extraConfig = ''
|
||||
client_max_body_size 100M;
|
||||
proxy_pass_header Authorization;
|
||||
'';
|
||||
|
@ -135,5 +143,4 @@
|
|||
};
|
||||
|
||||
system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT?
|
||||
|
||||
}
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
{ modulesPath, ... }:
|
||||
{
|
||||
{modulesPath, ...}: {
|
||||
imports = [(modulesPath + "/profiles/qemu-guest.nix")];
|
||||
boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
||||
boot.loader.grub = {
|
||||
|
@ -7,9 +6,14 @@
|
|||
efiInstallAsRemovable = true;
|
||||
device = "nodev";
|
||||
};
|
||||
fileSystems."/boot/efi" = { device = "/dev/disk/by-uuid/CC2E-AEC0"; fsType = "vfat"; };
|
||||
fileSystems."/boot/efi" = {
|
||||
device = "/dev/disk/by-uuid/CC2E-AEC0";
|
||||
fsType = "vfat";
|
||||
};
|
||||
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "xen_blkfront"];
|
||||
boot.initrd.kernelModules = ["nvme"];
|
||||
fileSystems."/" = { device = "/dev/mapper/ocivolume-root"; fsType = "xfs"; };
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "/dev/mapper/ocivolume-root";
|
||||
fsType = "xfs";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,8 +1,10 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware.nix
|
||||
];
|
||||
|
||||
|
@ -20,7 +22,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
|
||||
swapDevices = [
|
||||
{
|
||||
device = "/var/lib/swapfile";
|
||||
|
@ -71,7 +72,8 @@
|
|||
url = "https://gmem.ca/ssh";
|
||||
hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
|
||||
};
|
||||
in pkgs.lib.splitString "\n" (builtins.readFile
|
||||
in
|
||||
pkgs.lib.splitString "\n" (builtins.readFile
|
||||
authorizedKeys);
|
||||
};
|
||||
|
||||
|
@ -99,5 +101,4 @@
|
|||
};
|
||||
|
||||
system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT?
|
||||
|
||||
}
|
||||
|
|
|
@ -1,11 +1,15 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/profiles/qemu-guest.nix")
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
modulesPath,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "sr_mod" "virtio_blk"];
|
||||
|
@ -13,18 +17,18 @@
|
|||
boot.kernelModules = [];
|
||||
boot.extraModulePackages = [];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/b6eaa1d7-49dc-44a7-9494-6363939a36ee";
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/b6eaa1d7-49dc-44a7-9494-6363939a36ee";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/92BB-B090";
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/92BB-B090";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/45b1b1cc-7a27-4abc-9903-16d293c8570c"; }
|
||||
swapDevices = [
|
||||
{device = "/dev/disk/by-uuid/45b1b1cc-7a27-4abc-9903-16d293c8570c";}
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
|
|
|
@ -1,8 +1,10 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
# Include the results of the hardware scan.
|
||||
./hardware.nix
|
||||
];
|
||||
|
||||
|
@ -66,7 +68,8 @@
|
|||
url = "https://gmem.ca/ssh";
|
||||
hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
|
||||
};
|
||||
in pkgs.lib.splitString "\n" (builtins.readFile
|
||||
in
|
||||
pkgs.lib.splitString "\n" (builtins.readFile
|
||||
authorizedKeys);
|
||||
};
|
||||
|
||||
|
@ -103,5 +106,4 @@
|
|||
};
|
||||
|
||||
system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT?
|
||||
|
||||
}
|
||||
|
|
|
@ -1,11 +1,15 @@
|
|||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
modulesPath,
|
||||
...
|
||||
}: {
|
||||
imports = [
|
||||
(modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = ["xhci_pci" "uas"];
|
||||
|
@ -13,8 +17,8 @@
|
|||
boot.kernelModules = [];
|
||||
boot.extraModulePackages = [];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
|
||||
fileSystems."/" = {
|
||||
device = "/dev/disk/by-uuid/44444444-4444-4444-8888-888888888888";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
|
|
|
@ -1,4 +1,8 @@
|
|||
{ lib, pkgs, ... }: {
|
||||
{
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}: {
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com"
|
||||
];
|
||||
|
|
|
@ -10,8 +10,7 @@ let
|
|||
|
||||
gsimmer = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr gabriel@gitgalaxy.com";
|
||||
users = [gsimmer];
|
||||
in
|
||||
{
|
||||
in {
|
||||
"secrets/vancouver-action-runner.age".publicKeys = [vancouver gsimmer];
|
||||
"secrets/vancouver-restic-b2.age".publicKeys = [vancouver gsimmer];
|
||||
"secrets/vancouver-restic-password.age".publicKeys = [vancouver gsimmer];
|
||||
|
|
Loading…
Reference in a new issue