arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

Move krops to nix

Browse source
This commit is contained in:
Gabriel Simmer 2023-09-05 21:44:01 +01:00
parent cb5bd7bb4a
commit e9a99b886b
Signed by: arch
SSH key fingerprint: SHA256:m3OEcdtrnBpMX+2BDGh/byv3hrCekCLzDYMdvGEKPPQ
21 changed files with 22 additions and 36 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
krops/glasgow/configuration.nix → nix/glasgow/configuration.nix
View file

@ -48,10 +48,10 @@
trustedInterfaces = ["tailscale0"]; trustedInterfaces = ["tailscale0"];
checkReversePath = "loose"; checkReversePath = "loose";
allowedUDPPorts = [ 41641 ]; allowedUDPPorts = [ 41641 ];
allowedTCPPorts = [ 22 53 80 443 ]; allowedTCPPorts = [ 22 80 443 6443 10250 ];
enable = true; enable = false;
}; };
nftables.enable = true; nftables.enable = false;
}; };
time.timeZone = "Europe/London"; time.timeZone = "Europe/London";
@ -89,7 +89,7 @@
enable = true; enable = true;
role = "agent"; role = "agent";
serverAddr = "https://100.77.43.133:6443"; serverAddr = "https://100.77.43.133:6443";
token = ""; token = "K101619438e86a6ea51229321ca58dfb868582ef353adc5512480c185f5797dcf0b::server:bdc3beb6af99d94395d8464384ec60e2";
}; };
}; };

0
krops/glasgow/hardware.nix → nix/glasgow/hardware.nix
View file

29
krops/krops.nix → nix/krops.nix
View file

@ -47,23 +47,13 @@ let
"dns.db".file = toString ./nas/dns.db; "dns.db".file = toString ./nas/dns.db;
} }
]; ];
nas-k3s-source = lib.evalSource [
{
nixpkgs.git = {
ref = "origin/nixos-23.05";
url = https://github.com/NixOS/nixpkgs;
};
nixos-config.file = toString ./nas/k3s/configuration.nix;
"hardware.nix".file = toString ./nas/k3s/hardware.nix;
}
];
seattle-source = lib.evalSource [ seattle-source = lib.evalSource [
{ {
nixpkgs.git = { nixpkgs.git = {
ref = "origin/nixos-unstable"; ref = "6e287913f7b1ef537c97aa301b67c34ea46b640f";
url = https://github.com/NixOS/nixpkgs; url = https://github.com/NixOS/nixpkgs;
shallow = true;
}; };
nixos-config.file = toString ./seattle/configuration.nix; nixos-config.file = toString ./seattle/configuration.nix;
"hardware.nix".file = toString ./seattle/hardware.nix; "hardware.nix".file = toString ./seattle/hardware.nix;
@ -73,8 +63,9 @@ let
glasgow-source = lib.evalSource [ glasgow-source = lib.evalSource [
{ {
nixpkgs.git = { nixpkgs.git = {
ref = "origin/nixos-unstable"; ref = "6e287913f7b1ef537c97aa301b67c34ea46b640f";
url = https://github.com/NixOS/nixpkgs; url = https://github.com/NixOS/nixpkgs;
shallow = true;
}; };
nixos-config.file = toString ./glasgow/configuration.nix; nixos-config.file = toString ./glasgow/configuration.nix;
"hardware.nix".file = toString ./glasgow/hardware.nix; "hardware.nix".file = toString ./glasgow/hardware.nix;
@ -84,23 +75,19 @@ let
in { in {
oracle-gitea-runner = pkgs.krops.writeDeploy "oracle-gitea-runner" { oracle-gitea-runner = pkgs.krops.writeDeploy "oracle-gitea-runner" {
source = oracle-gitea-runner-source; source = oracle-gitea-runner-source;
target = "root@130.162.169.74"; target = "root@143.47.229.209";
}; };
oracle-nix-cache = pkgs.krops.writeDeploy "oracle-nix-cache" { oracle-nginx-funnel = pkgs.krops.writeDeploy "oracle-nginx-funnel" {
source = oracle-nix-cache-source; source = oracle-nix-cache-source;
target = "root@141.147.94.210"; target = "root@141.147.109.157";
}; };
nas = pkgs.krops.writeDeploy "nas" { nas = pkgs.krops.writeDeploy "nas" {
source = nas-source; source = nas-source;
target = "root@192.168.50.229"; target = "root@192.168.50.229";
}; };
nas-k3s = pkgs.krops.writeDeploy "nas-k3s" {
source = nas-k3s-source;
target = "root@192.168.50.229:22001";
};
seattle = pkgs.krops.writeDeploy "seattle" { seattle = pkgs.krops.writeDeploy "seattle" {
source = seattle-source; source = seattle-source;
target = "root@192.168.50.146"; target = "root@seattle";
}; };
glasgow = pkgs.krops.writeDeploy "glasgow" { glasgow = pkgs.krops.writeDeploy "glasgow" {
source = glasgow-source; source = glasgow-source;

1
krops/london/cachix.nix → nix/london/cachix.nix
View file

@ -1,4 +1,3 @@
# WARN: this file will get overwritten by $ cachix use <name> # WARN: this file will get overwritten by $ cachix use <name>
{ pkgs, lib, ... }: { pkgs, lib, ... }:

0
krops/london/configuration.nix → nix/london/configuration.nix
View file

0
krops/london/gsimmer.nix → nix/london/gsimmer.nix
View file

0
krops/london/hardware-configuration.nix → nix/london/hardware-configuration.nix
View file

0
krops/london/wayland.nix → nix/london/wayland.nix
View file

0
krops/monitoring/configuration.nix → nix/monitoring/configuration.nix
View file

0
krops/monitoring/hardware.nix → nix/monitoring/hardware.nix
View file

0
krops/monitoring/networking.nix → nix/monitoring/networking.nix
View file

0
krops/nas/configuration.nix → nix/nas/configuration.nix
View file

0
krops/nas/dns.db → nix/nas/dns.db
View file

0
krops/nas/hardware.nix → nix/nas/hardware.nix
View file

0
krops/nas/home.nix → nix/nas/home.nix
View file

10
krops/oracle-gitea-runner/configuration.nix → nix/oracle-gitea-runner/configuration.nix
View file

@ -17,7 +17,7 @@
]; ];
services.gitea-actions-runner = { services.gitea-actions-runner = {
# package = pkgs.forgejo-actions-runner; package = pkgs.forgejo-actions-runner;
instances = { instances = {
oracle-arm = { oracle-arm = {
name = "oracle-arm"; name = "oracle-arm";
@ -39,8 +39,8 @@
nix nix
zstd zstd
]; ];
url = "https://vancouver.scorpion-ghost.ts.net/git"; url = "https://git.gmem.ca";
token = ""; token = "rclEuf0ZKhWKe7IhvWZqgJpb1y84iYBJsJi7Wslh";
settings = { settings = {
cache.port = 4328; cache.port = 4328;
}; };
@ -53,7 +53,7 @@
environment.shells = with pkgs; [ zsh fish ]; environment.shells = with pkgs; [ zsh fish ];
networking = { networking = {
hostName = "gitea-arm-runner"; hostName = "forgejo-action-runner";
domain = "gmem.ca"; domain = "gmem.ca";
nameservers = [ "1.1.1.1" "1.0.0.1" ]; nameservers = [ "1.1.1.1" "1.0.0.1" ];
firewall = { firewall = {
@ -79,5 +79,5 @@
services.openssh.enable = true; services.openssh.enable = true;
services.tailscale.enable = true; services.tailscale.enable = true;
system.stateVersion = "23.05"; system.stateVersion = "23.11";
} }

0
krops/oracle-gitea-runner/hardware.nix → nix/oracle-gitea-runner/hardware.nix
View file

0
krops/oracle-nix-cache/configuration.nix → nix/oracle-nix-cache/configuration.nix
View file

0
krops/oracle-nix-cache/hardware.nix → nix/oracle-nix-cache/hardware.nix
View file

10
krops/seattle/configuration.nix → nix/seattle/configuration.nix
View file

@ -47,11 +47,11 @@
firewall = { firewall = {
trustedInterfaces = ["tailscale0"]; trustedInterfaces = ["tailscale0"];
checkReversePath = "loose"; checkReversePath = "loose";
allowedTCPPorts = [ 22 53 80 443 ]; allowedTCPPorts = [ 22 80 443 6443 10250 ];
allowedUDPPorts = [ 41641 ]; allowedUDPPorts = [ 41641 80 443 ];
enable = true; enable = false;
}; };
nftables.enable = true; nftables.enable = false;
}; };
time.timeZone = "Europe/London"; time.timeZone = "Europe/London";
@ -89,7 +89,7 @@
enable = true; enable = true;
role = "server"; role = "server";
extraFlags = toString [ extraFlags = toString [
"--secrets-encryption" "--secrets-encryption --disable=traefik"
]; ];
}; };
}; };

0
krops/seattle/hardware.nix → nix/seattle/hardware.nix
View file