Move krops to nix
This commit is contained in:
parent
cb5bd7bb4a
commit
e9a99b886b
|
@ -48,10 +48,10 @@
|
|||
trustedInterfaces = ["tailscale0"];
|
||||
checkReversePath = "loose";
|
||||
allowedUDPPorts = [ 41641 ];
|
||||
allowedTCPPorts = [ 22 53 80 443 ];
|
||||
enable = true;
|
||||
allowedTCPPorts = [ 22 80 443 6443 10250 ];
|
||||
enable = false;
|
||||
};
|
||||
nftables.enable = true;
|
||||
nftables.enable = false;
|
||||
};
|
||||
|
||||
time.timeZone = "Europe/London";
|
||||
|
@ -89,7 +89,7 @@
|
|||
enable = true;
|
||||
role = "agent";
|
||||
serverAddr = "https://100.77.43.133:6443";
|
||||
token = "";
|
||||
token = "K101619438e86a6ea51229321ca58dfb868582ef353adc5512480c185f5797dcf0b::server:bdc3beb6af99d94395d8464384ec60e2";
|
||||
};
|
||||
};
|
||||
|
|
@ -47,23 +47,13 @@ let
|
|||
"dns.db".file = toString ./nas/dns.db;
|
||||
}
|
||||
];
|
||||
|
||||
nas-k3s-source = lib.evalSource [
|
||||
{
|
||||
nixpkgs.git = {
|
||||
ref = "origin/nixos-23.05";
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
};
|
||||
nixos-config.file = toString ./nas/k3s/configuration.nix;
|
||||
"hardware.nix".file = toString ./nas/k3s/hardware.nix;
|
||||
}
|
||||
];
|
||||
|
||||
seattle-source = lib.evalSource [
|
||||
{
|
||||
nixpkgs.git = {
|
||||
ref = "origin/nixos-unstable";
|
||||
ref = "6e287913f7b1ef537c97aa301b67c34ea46b640f";
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
shallow = true;
|
||||
};
|
||||
nixos-config.file = toString ./seattle/configuration.nix;
|
||||
"hardware.nix".file = toString ./seattle/hardware.nix;
|
||||
|
@ -73,8 +63,9 @@ let
|
|||
glasgow-source = lib.evalSource [
|
||||
{
|
||||
nixpkgs.git = {
|
||||
ref = "origin/nixos-unstable";
|
||||
ref = "6e287913f7b1ef537c97aa301b67c34ea46b640f";
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
shallow = true;
|
||||
};
|
||||
nixos-config.file = toString ./glasgow/configuration.nix;
|
||||
"hardware.nix".file = toString ./glasgow/hardware.nix;
|
||||
|
@ -84,23 +75,19 @@ let
|
|||
in {
|
||||
oracle-gitea-runner = pkgs.krops.writeDeploy "oracle-gitea-runner" {
|
||||
source = oracle-gitea-runner-source;
|
||||
target = "root@130.162.169.74";
|
||||
target = "root@143.47.229.209";
|
||||
};
|
||||
oracle-nix-cache = pkgs.krops.writeDeploy "oracle-nix-cache" {
|
||||
oracle-nginx-funnel = pkgs.krops.writeDeploy "oracle-nginx-funnel" {
|
||||
source = oracle-nix-cache-source;
|
||||
target = "root@141.147.94.210";
|
||||
target = "root@141.147.109.157";
|
||||
};
|
||||
nas = pkgs.krops.writeDeploy "nas" {
|
||||
source = nas-source;
|
||||
target = "root@192.168.50.229";
|
||||
};
|
||||
nas-k3s = pkgs.krops.writeDeploy "nas-k3s" {
|
||||
source = nas-k3s-source;
|
||||
target = "root@192.168.50.229:22001";
|
||||
};
|
||||
seattle = pkgs.krops.writeDeploy "seattle" {
|
||||
source = seattle-source;
|
||||
target = "root@192.168.50.146";
|
||||
target = "root@seattle";
|
||||
};
|
||||
glasgow = pkgs.krops.writeDeploy "glasgow" {
|
||||
source = glasgow-source;
|
|
@ -1,4 +1,3 @@
|
|||
|
||||
# WARN: this file will get overwritten by $ cachix use <name>
|
||||
{ pkgs, lib, ... }:
|
||||
|
|
@ -17,7 +17,7 @@
|
|||
];
|
||||
|
||||
services.gitea-actions-runner = {
|
||||
# package = pkgs.forgejo-actions-runner;
|
||||
package = pkgs.forgejo-actions-runner;
|
||||
instances = {
|
||||
oracle-arm = {
|
||||
name = "oracle-arm";
|
||||
|
@ -39,8 +39,8 @@
|
|||
nix
|
||||
zstd
|
||||
];
|
||||
url = "https://vancouver.scorpion-ghost.ts.net/git";
|
||||
token = "";
|
||||
url = "https://git.gmem.ca";
|
||||
token = "rclEuf0ZKhWKe7IhvWZqgJpb1y84iYBJsJi7Wslh";
|
||||
settings = {
|
||||
cache.port = 4328;
|
||||
};
|
||||
|
@ -53,7 +53,7 @@
|
|||
environment.shells = with pkgs; [ zsh fish ];
|
||||
|
||||
networking = {
|
||||
hostName = "gitea-arm-runner";
|
||||
hostName = "forgejo-action-runner";
|
||||
domain = "gmem.ca";
|
||||
nameservers = [ "1.1.1.1" "1.0.0.1" ];
|
||||
firewall = {
|
||||
|
@ -79,5 +79,5 @@
|
|||
|
||||
services.openssh.enable = true;
|
||||
services.tailscale.enable = true;
|
||||
system.stateVersion = "23.05";
|
||||
system.stateVersion = "23.11";
|
||||
}
|
|
@ -47,11 +47,11 @@
|
|||
firewall = {
|
||||
trustedInterfaces = ["tailscale0"];
|
||||
checkReversePath = "loose";
|
||||
allowedTCPPorts = [ 22 53 80 443 ];
|
||||
allowedUDPPorts = [ 41641 ];
|
||||
enable = true;
|
||||
allowedTCPPorts = [ 22 80 443 6443 10250 ];
|
||||
allowedUDPPorts = [ 41641 80 443 ];
|
||||
enable = false;
|
||||
};
|
||||
nftables.enable = true;
|
||||
nftables.enable = false;
|
||||
};
|
||||
|
||||
time.timeZone = "Europe/London";
|
||||
|
@ -89,7 +89,7 @@
|
|||
enable = true;
|
||||
role = "server";
|
||||
extraFlags = toString [
|
||||
"--secrets-encryption"
|
||||
"--secrets-encryption --disable=traefik"
|
||||
];
|
||||
};
|
||||
};
|
Loading…
Reference in a new issue