arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

Move krops to nix

Browse source
This commit is contained in:
Gabriel Simmer 2023-09-05 21:44:01 +01:00
parent cb5bd7bb4a
commit e9a99b886b
Signed by: arch
SSH key fingerprint: SHA256:m3OEcdtrnBpMX+2BDGh/byv3hrCekCLzDYMdvGEKPPQ
21 changed files with 22 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
krops/glasgow/configuration.nix → nix/glasgow/configuration.nix
View file

@ -48,10 +48,10 @@
trustedInterfaces = ["tailscale0"];
checkReversePath = "loose";
allowedUDPPorts = [ 41641 ];
allowedTCPPorts = [ 22 53 80 443 ];
enable = true;
allowedTCPPorts = [ 22 80 443 6443 10250 ];
enable = false;
};
nftables.enable = true;
nftables.enable = false;
};
time.timeZone = "Europe/London";
@ -89,7 +89,7 @@
enable = true;
role = "agent";
serverAddr = "https://100.77.43.133:6443";
token = "";
token = "K101619438e86a6ea51229321ca58dfb868582ef353adc5512480c185f5797dcf0b::server:bdc3beb6af99d94395d8464384ec60e2";
};
};

0
krops/glasgow/hardware.nix → nix/glasgow/hardware.nix
View file

29
krops/krops.nix → nix/krops.nix
View file

@ -47,23 +47,13 @@ let
"dns.db".file = toString ./nas/dns.db;
}
];
nas-k3s-source = lib.evalSource [
{
nixpkgs.git = {
ref = "origin/nixos-23.05";
url = https://github.com/NixOS/nixpkgs;
};
nixos-config.file = toString ./nas/k3s/configuration.nix;
"hardware.nix".file = toString ./nas/k3s/hardware.nix;
}
];
seattle-source = lib.evalSource [
{
nixpkgs.git = {
ref = "origin/nixos-unstable";
ref = "6e287913f7b1ef537c97aa301b67c34ea46b640f";
url = https://github.com/NixOS/nixpkgs;
shallow = true;
};
nixos-config.file = toString ./seattle/configuration.nix;
"hardware.nix".file = toString ./seattle/hardware.nix;
@ -73,8 +63,9 @@ let
glasgow-source = lib.evalSource [
{
nixpkgs.git = {
ref = "origin/nixos-unstable";
ref = "6e287913f7b1ef537c97aa301b67c34ea46b640f";
url = https://github.com/NixOS/nixpkgs;
shallow = true;
};
nixos-config.file = toString ./glasgow/configuration.nix;
"hardware.nix".file = toString ./glasgow/hardware.nix;
@ -84,23 +75,19 @@ let
in {
oracle-gitea-runner = pkgs.krops.writeDeploy "oracle-gitea-runner" {
source = oracle-gitea-runner-source;
target = "root@130.162.169.74";
target = "root@143.47.229.209";
};
oracle-nix-cache = pkgs.krops.writeDeploy "oracle-nix-cache" {
oracle-nginx-funnel = pkgs.krops.writeDeploy "oracle-nginx-funnel" {
source = oracle-nix-cache-source;
target = "root@141.147.94.210";
target = "root@141.147.109.157";
};
nas = pkgs.krops.writeDeploy "nas" {
source = nas-source;
target = "root@192.168.50.229";
};
nas-k3s = pkgs.krops.writeDeploy "nas-k3s" {
source = nas-k3s-source;
target = "root@192.168.50.229:22001";
};
seattle = pkgs.krops.writeDeploy "seattle" {
source = seattle-source;
target = "root@192.168.50.146";
target = "root@seattle";
};
glasgow = pkgs.krops.writeDeploy "glasgow" {
source = glasgow-source;

1
krops/london/cachix.nix → nix/london/cachix.nix
View file

@ -1,4 +1,3 @@
# WARN: this file will get overwritten by $ cachix use <name>
{ pkgs, lib, ... }:

0
krops/london/configuration.nix → nix/london/configuration.nix
View file

0
krops/london/gsimmer.nix → nix/london/gsimmer.nix
View file

0
krops/london/hardware-configuration.nix → nix/london/hardware-configuration.nix
View file

0
krops/london/wayland.nix → nix/london/wayland.nix
View file

0
krops/monitoring/configuration.nix → nix/monitoring/configuration.nix
View file

0
krops/monitoring/hardware.nix → nix/monitoring/hardware.nix
View file

0
krops/monitoring/networking.nix → nix/monitoring/networking.nix
View file

0
krops/nas/configuration.nix → nix/nas/configuration.nix
View file

0
krops/nas/dns.db → nix/nas/dns.db
View file

0
krops/nas/hardware.nix → nix/nas/hardware.nix
View file

0
krops/nas/home.nix → nix/nas/home.nix
View file

10
krops/oracle-gitea-runner/configuration.nix → nix/oracle-gitea-runner/configuration.nix
View file

@ -17,7 +17,7 @@
];
services.gitea-actions-runner = {
# package = pkgs.forgejo-actions-runner;
package = pkgs.forgejo-actions-runner;
instances = {
oracle-arm = {
name = "oracle-arm";
@ -39,8 +39,8 @@
nix
zstd
];
url = "https://vancouver.scorpion-ghost.ts.net/git";
token = "";
url = "https://git.gmem.ca";
token = "rclEuf0ZKhWKe7IhvWZqgJpb1y84iYBJsJi7Wslh";
settings = {
cache.port = 4328;
};
@ -53,7 +53,7 @@
environment.shells = with pkgs; [ zsh fish ];
networking = {
hostName = "gitea-arm-runner";
hostName = "forgejo-action-runner";
domain = "gmem.ca";
nameservers = [ "1.1.1.1" "1.0.0.1" ];
firewall = {
@ -79,5 +79,5 @@
services.openssh.enable = true;
services.tailscale.enable = true;
system.stateVersion = "23.05";
system.stateVersion = "23.11";
}

0
krops/oracle-gitea-runner/hardware.nix → nix/oracle-gitea-runner/hardware.nix
View file

0
krops/oracle-nix-cache/configuration.nix → nix/oracle-nix-cache/configuration.nix
View file

0
krops/oracle-nix-cache/hardware.nix → nix/oracle-nix-cache/hardware.nix
View file

10
krops/seattle/configuration.nix → nix/seattle/configuration.nix
View file

@ -47,11 +47,11 @@
firewall = {
trustedInterfaces = ["tailscale0"];
checkReversePath = "loose";
allowedTCPPorts = [ 22 53 80 443 ];
allowedUDPPorts = [ 41641 ];
enable = true;
allowedTCPPorts = [ 22 80 443 6443 10250 ];
allowedUDPPorts = [ 41641 80 443 ];
enable = false;
};
nftables.enable = true;
nftables.enable = false;
};
time.timeZone = "Europe/London";
@ -89,7 +89,7 @@
enable = true;
role = "server";
extraFlags = toString [
"--secrets-encryption"
"--secrets-encryption --disable=traefik"
];
};
};

0
krops/seattle/hardware.nix → nix/seattle/hardware.nix
View file