Use nixinate for nas and oracle forgejo runner
All checks were successful
Lint / lint (push) Successful in 20s
All checks were successful
Lint / lint (push) Successful in 20s
This commit is contained in:
parent
b5c9676ceb
commit
95008c4d35
94
flake.lock
94
flake.lock
|
@ -1,20 +1,38 @@
|
|||
{
|
||||
"nodes": {
|
||||
"flake-utils": {
|
||||
"home-manager": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1689068808,
|
||||
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
|
||||
"lastModified": 1693399033,
|
||||
"narHash": "sha256-yXhiMo8MnE86sGtPIHAKaLHhmhe8v9tqGGotlUgKJvY=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "f5c15668f9842dd4d5430787d6aa8a28a07f7c10",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixinate": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1688141737,
|
||||
"narHash": "sha256-qHrNMYWukOKmKVf6wXOGKj1xxUnOGjvTRbt/PLLXuBE=",
|
||||
"owner": "matthewcroughan",
|
||||
"repo": "nixinate",
|
||||
"rev": "7902ae845e6cc5bd450e510cdf5e009a6e4a44d9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "matthewcroughan",
|
||||
"repo": "nixinate",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
|
@ -56,11 +74,43 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1691683125,
|
||||
"narHash": "sha256-FMU62G57HDbJwU+9V3q7I0mBaQYTYQdtPNlJt2t5/A4=",
|
||||
"lastModified": 1693003285,
|
||||
"narHash": "sha256-5nm4yrEHKupjn62MibENtfqlP6pWcRTuSKrMiH9bLkc=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "4d2389b927696ef8da4ef76b03f2d306faf87929",
|
||||
"rev": "5690c4271f2998c304a45c91a0aeb8fb69feaea7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1653060744,
|
||||
"narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "dfd82985c273aac6eced03625f454b334daae2e8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nixos",
|
||||
"ref": "nixos-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1693500674,
|
||||
"narHash": "sha256-HDlg/j0Et+D8NWayNOsdvZrJ+nA4h3muXQxIMUlpDXo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "da938d190e2335209df6806ddcb982634e51918c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -72,24 +122,10 @@
|
|||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils",
|
||||
"home-manager": "home-manager",
|
||||
"nixinate": "nixinate",
|
||||
"nixos-generators": "nixos-generators",
|
||||
"nixpkgs": "nixpkgs"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
}
|
||||
}
|
||||
},
|
||||
|
|
93
flake.nix
93
flake.nix
|
@ -1,37 +1,40 @@
|
|||
{
|
||||
description = "A basic flake with a shell";
|
||||
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||
inputs.flake-utils.url = "github:numtide/flake-utils";
|
||||
inputs.nixos-generators = {
|
||||
url = "github:nix-community/nixos-generators";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
description = "Nix flake for my infrastructure";
|
||||
inputs = {
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||
nixinate.url = "github:matthewcroughan/nixinate";
|
||||
home-manager.url = "github:nix-community/home-manager";
|
||||
nixos-generators = {
|
||||
url = "github:nix-community/nixos-generators";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, flake-utils, nixos-generators }:
|
||||
flake-utils.lib.eachDefaultSystem (system: let
|
||||
pkgs = nixpkgs.legacyPackages.${system};
|
||||
outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager }:
|
||||
let
|
||||
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||||
in {
|
||||
devShells.default = pkgs.mkShell {
|
||||
devShells.x86_64-linux.default = with pkgs; mkShell {
|
||||
shellHook =
|
||||
''
|
||||
set -o allexport
|
||||
source .env set
|
||||
+o allexport
|
||||
source .env set
|
||||
set +o allexport
|
||||
'';
|
||||
nativeBuildInputs = [
|
||||
pkgs.jq
|
||||
pkgs.terraform
|
||||
pkgs.ansible
|
||||
pkgs.kubectl
|
||||
pkgs.awscli2
|
||||
pkgs.nodePackages.yaml-language-server
|
||||
pkgs.nodePackages_latest.typescript-language-server
|
||||
pkgs.k9s
|
||||
pkgs.terraform-ls
|
||||
pkgs.kubernetes-helm
|
||||
pkgs.k6
|
||||
pkgs.pulumi-bin
|
||||
pkgs.nodejs
|
||||
jq
|
||||
terraform
|
||||
ansible
|
||||
kubectl
|
||||
awscli2
|
||||
nodePackages.yaml-language-server
|
||||
nodePackages_latest.typescript-language-server
|
||||
k9s
|
||||
terraform-ls
|
||||
kubernetes-helm
|
||||
k6
|
||||
pulumi-bin
|
||||
nodejs
|
||||
];
|
||||
buildInputs = [ ];
|
||||
};
|
||||
|
@ -39,10 +42,46 @@
|
|||
k3s-server = nixos-generators.nixosGenerate {
|
||||
system = "aarch64-linux";
|
||||
modules = [
|
||||
./pi-imgs/k3s-server.nix
|
||||
(nixpkgs + "/nixos/modules/installer/sd-card/sd-image-aarch64-installer.nix")
|
||||
./pi-imgs/pi-initial.nix
|
||||
];
|
||||
format = "sd-aarch64-installer";
|
||||
};
|
||||
};
|
||||
});
|
||||
apps = nixinate.nixinate.x86_64-linux self;
|
||||
nixosConfigurations = {
|
||||
oracle-gitea-runner = nixpkgs.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
modules = [
|
||||
(import ./krops/oracle-gitea-runner/configuration.nix)
|
||||
{
|
||||
_module.args.nixinate = {
|
||||
host = "143.47.229.209";
|
||||
sshUser = "root";
|
||||
buildOn = "remote";
|
||||
substituteOnTarget = true;
|
||||
hermetic = false;
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
nas = nixpkgs.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
modules = [
|
||||
(import ./krops/nas/configuration.nix)
|
||||
home-manager.nixosModules.home-manager
|
||||
{
|
||||
home-manager.users.gsimmer = import ./krops/nas/home.nix;
|
||||
_module.args.nixinate = {
|
||||
host = "vancouver";
|
||||
sshUser = "gsimmer";
|
||||
buildOn = "remote";
|
||||
substituteOnTarget = true;
|
||||
hermetic = false;
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,12 +1,9 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
disabledModules = [ "services/misc/n8n.nix" ];
|
||||
imports =
|
||||
[ # Include the results of the hardware scan.
|
||||
./hardware.nix
|
||||
<home-manager/nixos>
|
||||
<n8n.nix>
|
||||
];
|
||||
|
||||
nix = {
|
||||
|
@ -50,14 +47,6 @@
|
|||
tailscale.enable = true;
|
||||
openssh.enable = true;
|
||||
xserver.videoDrivers = [ "nvidia" ];
|
||||
n8n = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
webhookUrl = "https://vancouver.scorpion-ghost.ts.net/n8n/";
|
||||
settings = {
|
||||
editorBaseUrl = "https://vancouver.scorpion-ghost.ts.net/n8n/";
|
||||
};
|
||||
};
|
||||
nfs.server.enable = true;
|
||||
samba-wsdd.enable = true;
|
||||
samba = {
|
||||
|
@ -137,20 +126,6 @@
|
|||
error_page 404 /404.html;
|
||||
'';
|
||||
};
|
||||
locations."/git" = {
|
||||
extraConfig =
|
||||
''
|
||||
return 301 $scheme://git.gmem.ca;
|
||||
'';
|
||||
};
|
||||
locations."/n8n/" = {
|
||||
proxyPass = "http://127.0.0.1:5678/";
|
||||
proxyWebsockets = true; # needed if you need to use WebSocket
|
||||
extraConfig =
|
||||
''
|
||||
proxy_pass_header Authorization;
|
||||
'';
|
||||
};
|
||||
};
|
||||
virtualHosts."git.gmem.ca" = {
|
||||
enableACME = true;
|
||||
|
@ -229,7 +204,7 @@
|
|||
};
|
||||
};
|
||||
gitea-actions-runner = {
|
||||
# package = pkgs.forgejo-actions-runner;
|
||||
package = pkgs.forgejo-actions-runner;
|
||||
instances = {
|
||||
vancouver = {
|
||||
name = "vancouver";
|
||||
|
@ -285,7 +260,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
|
||||
networking = {
|
||||
hostId = "e1e29bf4";
|
||||
hostName = "vancouver";
|
||||
|
@ -303,12 +277,14 @@
|
|||
interfaces = [ "eno1" ];
|
||||
};
|
||||
};
|
||||
interfaces.br0.ipv4.addresses = [ {
|
||||
address = "192.168.50.229";
|
||||
prefixLength = 24;
|
||||
} ];
|
||||
interfaces.br0.ipv4.addresses = [
|
||||
{
|
||||
address = "192.168.50.229";
|
||||
prefixLength = 24;
|
||||
}
|
||||
];
|
||||
defaultGateway = "192.168.50.1";
|
||||
nameservers = ["100.100.100.100" "45.90.28.116" "45.90.30.116"];
|
||||
nameservers = ["45.90.28.116" "45.90.30.116"];
|
||||
nftables.enable = true;
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
|
94
krops/nas/home.nix
Normal file
94
krops/nas/home.nix
Normal file
|
@ -0,0 +1,94 @@
|
|||
{ config, pkgs, callPackage, ... }:
|
||||
|
||||
{
|
||||
nixpkgs.overlays = [
|
||||
(import (builtins.fetchTarball {
|
||||
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
|
||||
sha256 = "11knjfj2gnj8y6jy4xali11g86clq7jmy5ndzy1gg0yy1y72xrhm";
|
||||
}))
|
||||
];
|
||||
|
||||
home.username = "gsimmer";
|
||||
home.homeDirectory = "/Primary/gabriel";
|
||||
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
programs.bash.enable = false;
|
||||
programs.fish = {
|
||||
enable = true;
|
||||
interactiveShellInit = ''
|
||||
set fish_greeting
|
||||
if test "$TERM" = "dumb"
|
||||
function fish_prompt
|
||||
echo "\$ "
|
||||
end
|
||||
|
||||
function fish_right_prompt; end
|
||||
function fish_greeting; end
|
||||
function fish_title; end
|
||||
end
|
||||
atuin init fish | source
|
||||
'';
|
||||
loginShellInit = ''
|
||||
if test "$TERM" = "dumb"
|
||||
function fish_prompt
|
||||
echo "\$ "
|
||||
end
|
||||
|
||||
function fish_right_prompt; end
|
||||
function fish_greeting; end
|
||||
function fish_title; end
|
||||
end
|
||||
'';
|
||||
plugins = [
|
||||
{
|
||||
name = "z";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "jethrokuan";
|
||||
repo = "z";
|
||||
rev = "e0e1b9dfdba362f8ab1ae8c1afc7ccf62b89f7eb";
|
||||
sha256 = "0dbnir6jbwjpjalz14snzd3cgdysgcs3raznsijd6savad3qhijc";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
programs.direnv = {
|
||||
enable = true;
|
||||
nix-direnv.enable = true;
|
||||
};
|
||||
|
||||
# services.lorri.enable = true;
|
||||
|
||||
programs.emacs = {
|
||||
enable = false;
|
||||
package = pkgs.emacs-unstable-pgtk;
|
||||
extraPackages = epkgs: [
|
||||
epkgs.vterm
|
||||
];
|
||||
};
|
||||
|
||||
programs.exa = {
|
||||
enable = true;
|
||||
enableAliases = true;
|
||||
};
|
||||
|
||||
programs.bat = {
|
||||
enable = true;
|
||||
};
|
||||
|
||||
home.packages = with pkgs; [ ];
|
||||
|
||||
# This value determines the Home Manager release that your
|
||||
# configuration is compatible with. This helps avoid breakage
|
||||
# when a new Home Manager release introduces backwards
|
||||
# incompatible changes.
|
||||
#
|
||||
# You can update Home Manager without changing this value. See
|
||||
# the Home Manager release notes for a list of state version
|
||||
# changes in each release.
|
||||
home.stateVersion = "23.05";
|
||||
|
||||
# Let Home Manager install and manage itself.
|
||||
programs.home-manager.enable = true;
|
||||
}
|
Loading…
Reference in a new issue