diff --git a/krops/glasgow/configuration.nix b/nix/glasgow/configuration.nix similarity index 91% rename from krops/glasgow/configuration.nix rename to nix/glasgow/configuration.nix index e82bada..9e7be20 100644 --- a/krops/glasgow/configuration.nix +++ b/nix/glasgow/configuration.nix @@ -48,10 +48,10 @@ trustedInterfaces = ["tailscale0"]; checkReversePath = "loose"; allowedUDPPorts = [ 41641 ]; - allowedTCPPorts = [ 22 53 80 443 ]; - enable = true; + allowedTCPPorts = [ 22 80 443 6443 10250 ]; + enable = false; }; - nftables.enable = true; + nftables.enable = false; }; time.timeZone = "Europe/London"; @@ -89,7 +89,7 @@ enable = true; role = "agent"; serverAddr = "https://100.77.43.133:6443"; - token = ""; + token = "K101619438e86a6ea51229321ca58dfb868582ef353adc5512480c185f5797dcf0b::server:bdc3beb6af99d94395d8464384ec60e2"; }; }; diff --git a/krops/glasgow/hardware.nix b/nix/glasgow/hardware.nix similarity index 100% rename from krops/glasgow/hardware.nix rename to nix/glasgow/hardware.nix diff --git a/krops/krops.nix b/nix/krops.nix similarity index 78% rename from krops/krops.nix rename to nix/krops.nix index f9cb3ae..2d15599 100644 --- a/krops/krops.nix +++ b/nix/krops.nix @@ -47,23 +47,13 @@ let "dns.db".file = toString ./nas/dns.db; } ]; - - nas-k3s-source = lib.evalSource [ - { - nixpkgs.git = { - ref = "origin/nixos-23.05"; - url = https://github.com/NixOS/nixpkgs; - }; - nixos-config.file = toString ./nas/k3s/configuration.nix; - "hardware.nix".file = toString ./nas/k3s/hardware.nix; - } - ]; seattle-source = lib.evalSource [ { nixpkgs.git = { - ref = "origin/nixos-unstable"; + ref = "6e287913f7b1ef537c97aa301b67c34ea46b640f"; url = https://github.com/NixOS/nixpkgs; + shallow = true; }; nixos-config.file = toString ./seattle/configuration.nix; "hardware.nix".file = toString ./seattle/hardware.nix; @@ -73,8 +63,9 @@ let glasgow-source = lib.evalSource [ { nixpkgs.git = { - ref = "origin/nixos-unstable"; + ref = "6e287913f7b1ef537c97aa301b67c34ea46b640f"; url = https://github.com/NixOS/nixpkgs; + shallow = true; }; nixos-config.file = toString ./glasgow/configuration.nix; "hardware.nix".file = toString ./glasgow/hardware.nix; @@ -84,23 +75,19 @@ let in { oracle-gitea-runner = pkgs.krops.writeDeploy "oracle-gitea-runner" { source = oracle-gitea-runner-source; - target = "root@130.162.169.74"; + target = "root@143.47.229.209"; }; - oracle-nix-cache = pkgs.krops.writeDeploy "oracle-nix-cache" { + oracle-nginx-funnel = pkgs.krops.writeDeploy "oracle-nginx-funnel" { source = oracle-nix-cache-source; - target = "root@141.147.94.210"; + target = "root@141.147.109.157"; }; nas = pkgs.krops.writeDeploy "nas" { source = nas-source; target = "root@192.168.50.229"; }; - nas-k3s = pkgs.krops.writeDeploy "nas-k3s" { - source = nas-k3s-source; - target = "root@192.168.50.229:22001"; - }; seattle = pkgs.krops.writeDeploy "seattle" { source = seattle-source; - target = "root@192.168.50.146"; + target = "root@seattle"; }; glasgow = pkgs.krops.writeDeploy "glasgow" { source = glasgow-source; diff --git a/krops/london/cachix.nix b/nix/london/cachix.nix similarity index 99% rename from krops/london/cachix.nix rename to nix/london/cachix.nix index ecd2d39..75b11a8 100644 --- a/krops/london/cachix.nix +++ b/nix/london/cachix.nix @@ -1,4 +1,3 @@ - # WARN: this file will get overwritten by $ cachix use { pkgs, lib, ... }: diff --git a/krops/london/configuration.nix b/nix/london/configuration.nix similarity index 100% rename from krops/london/configuration.nix rename to nix/london/configuration.nix diff --git a/krops/london/gsimmer.nix b/nix/london/gsimmer.nix similarity index 100% rename from krops/london/gsimmer.nix rename to nix/london/gsimmer.nix diff --git a/krops/london/hardware-configuration.nix b/nix/london/hardware-configuration.nix similarity index 100% rename from krops/london/hardware-configuration.nix rename to nix/london/hardware-configuration.nix diff --git a/krops/london/wayland.nix b/nix/london/wayland.nix similarity index 100% rename from krops/london/wayland.nix rename to nix/london/wayland.nix diff --git a/krops/monitoring/configuration.nix b/nix/monitoring/configuration.nix similarity index 100% rename from krops/monitoring/configuration.nix rename to nix/monitoring/configuration.nix diff --git a/krops/monitoring/hardware.nix b/nix/monitoring/hardware.nix similarity index 100% rename from krops/monitoring/hardware.nix rename to nix/monitoring/hardware.nix diff --git a/krops/monitoring/networking.nix b/nix/monitoring/networking.nix similarity index 100% rename from krops/monitoring/networking.nix rename to nix/monitoring/networking.nix diff --git a/krops/nas/configuration.nix b/nix/nas/configuration.nix similarity index 100% rename from krops/nas/configuration.nix rename to nix/nas/configuration.nix diff --git a/krops/nas/dns.db b/nix/nas/dns.db similarity index 100% rename from krops/nas/dns.db rename to nix/nas/dns.db diff --git a/krops/nas/hardware.nix b/nix/nas/hardware.nix similarity index 100% rename from krops/nas/hardware.nix rename to nix/nas/hardware.nix diff --git a/krops/nas/home.nix b/nix/nas/home.nix similarity index 100% rename from krops/nas/home.nix rename to nix/nas/home.nix diff --git a/krops/oracle-gitea-runner/configuration.nix b/nix/oracle-gitea-runner/configuration.nix similarity index 88% rename from krops/oracle-gitea-runner/configuration.nix rename to nix/oracle-gitea-runner/configuration.nix index 5a1284d..37e91b4 100644 --- a/krops/oracle-gitea-runner/configuration.nix +++ b/nix/oracle-gitea-runner/configuration.nix @@ -17,7 +17,7 @@ ]; services.gitea-actions-runner = { - # package = pkgs.forgejo-actions-runner; + package = pkgs.forgejo-actions-runner; instances = { oracle-arm = { name = "oracle-arm"; @@ -39,8 +39,8 @@ nix zstd ]; - url = "https://vancouver.scorpion-ghost.ts.net/git"; - token = ""; + url = "https://git.gmem.ca"; + token = "rclEuf0ZKhWKe7IhvWZqgJpb1y84iYBJsJi7Wslh"; settings = { cache.port = 4328; }; @@ -53,7 +53,7 @@ environment.shells = with pkgs; [ zsh fish ]; networking = { - hostName = "gitea-arm-runner"; + hostName = "forgejo-action-runner"; domain = "gmem.ca"; nameservers = [ "1.1.1.1" "1.0.0.1" ]; firewall = { @@ -79,5 +79,5 @@ services.openssh.enable = true; services.tailscale.enable = true; - system.stateVersion = "23.05"; + system.stateVersion = "23.11"; } diff --git a/krops/oracle-gitea-runner/hardware.nix b/nix/oracle-gitea-runner/hardware.nix similarity index 100% rename from krops/oracle-gitea-runner/hardware.nix rename to nix/oracle-gitea-runner/hardware.nix diff --git a/krops/oracle-nix-cache/configuration.nix b/nix/oracle-nix-cache/configuration.nix similarity index 100% rename from krops/oracle-nix-cache/configuration.nix rename to nix/oracle-nix-cache/configuration.nix diff --git a/krops/oracle-nix-cache/hardware.nix b/nix/oracle-nix-cache/hardware.nix similarity index 100% rename from krops/oracle-nix-cache/hardware.nix rename to nix/oracle-nix-cache/hardware.nix diff --git a/krops/seattle/configuration.nix b/nix/seattle/configuration.nix similarity index 92% rename from krops/seattle/configuration.nix rename to nix/seattle/configuration.nix index aa9e622..0c508a0 100644 --- a/krops/seattle/configuration.nix +++ b/nix/seattle/configuration.nix @@ -47,11 +47,11 @@ firewall = { trustedInterfaces = ["tailscale0"]; checkReversePath = "loose"; - allowedTCPPorts = [ 22 53 80 443 ]; - allowedUDPPorts = [ 41641 ]; - enable = true; + allowedTCPPorts = [ 22 80 443 6443 10250 ]; + allowedUDPPorts = [ 41641 80 443 ]; + enable = false; }; - nftables.enable = true; + nftables.enable = false; }; time.timeZone = "Europe/London"; @@ -89,7 +89,7 @@ enable = true; role = "server"; extraFlags = toString [ - "--secrets-encryption" + "--secrets-encryption --disable=traefik" ]; }; }; diff --git a/krops/seattle/hardware.nix b/nix/seattle/hardware.nix similarity index 100% rename from krops/seattle/hardware.nix rename to nix/seattle/hardware.nix