Move krops to nix
This commit is contained in:
parent
cb5bd7bb4a
commit
e9a99b886b
|
@ -48,10 +48,10 @@
|
||||||
trustedInterfaces = ["tailscale0"];
|
trustedInterfaces = ["tailscale0"];
|
||||||
checkReversePath = "loose";
|
checkReversePath = "loose";
|
||||||
allowedUDPPorts = [ 41641 ];
|
allowedUDPPorts = [ 41641 ];
|
||||||
allowedTCPPorts = [ 22 53 80 443 ];
|
allowedTCPPorts = [ 22 80 443 6443 10250 ];
|
||||||
enable = true;
|
enable = false;
|
||||||
};
|
};
|
||||||
nftables.enable = true;
|
nftables.enable = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
time.timeZone = "Europe/London";
|
time.timeZone = "Europe/London";
|
||||||
|
@ -89,7 +89,7 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
role = "agent";
|
role = "agent";
|
||||||
serverAddr = "https://100.77.43.133:6443";
|
serverAddr = "https://100.77.43.133:6443";
|
||||||
token = "";
|
token = "K101619438e86a6ea51229321ca58dfb868582ef353adc5512480c185f5797dcf0b::server:bdc3beb6af99d94395d8464384ec60e2";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -47,23 +47,13 @@ let
|
||||||
"dns.db".file = toString ./nas/dns.db;
|
"dns.db".file = toString ./nas/dns.db;
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
nas-k3s-source = lib.evalSource [
|
|
||||||
{
|
|
||||||
nixpkgs.git = {
|
|
||||||
ref = "origin/nixos-23.05";
|
|
||||||
url = https://github.com/NixOS/nixpkgs;
|
|
||||||
};
|
|
||||||
nixos-config.file = toString ./nas/k3s/configuration.nix;
|
|
||||||
"hardware.nix".file = toString ./nas/k3s/hardware.nix;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
seattle-source = lib.evalSource [
|
seattle-source = lib.evalSource [
|
||||||
{
|
{
|
||||||
nixpkgs.git = {
|
nixpkgs.git = {
|
||||||
ref = "origin/nixos-unstable";
|
ref = "6e287913f7b1ef537c97aa301b67c34ea46b640f";
|
||||||
url = https://github.com/NixOS/nixpkgs;
|
url = https://github.com/NixOS/nixpkgs;
|
||||||
|
shallow = true;
|
||||||
};
|
};
|
||||||
nixos-config.file = toString ./seattle/configuration.nix;
|
nixos-config.file = toString ./seattle/configuration.nix;
|
||||||
"hardware.nix".file = toString ./seattle/hardware.nix;
|
"hardware.nix".file = toString ./seattle/hardware.nix;
|
||||||
|
@ -73,8 +63,9 @@ let
|
||||||
glasgow-source = lib.evalSource [
|
glasgow-source = lib.evalSource [
|
||||||
{
|
{
|
||||||
nixpkgs.git = {
|
nixpkgs.git = {
|
||||||
ref = "origin/nixos-unstable";
|
ref = "6e287913f7b1ef537c97aa301b67c34ea46b640f";
|
||||||
url = https://github.com/NixOS/nixpkgs;
|
url = https://github.com/NixOS/nixpkgs;
|
||||||
|
shallow = true;
|
||||||
};
|
};
|
||||||
nixos-config.file = toString ./glasgow/configuration.nix;
|
nixos-config.file = toString ./glasgow/configuration.nix;
|
||||||
"hardware.nix".file = toString ./glasgow/hardware.nix;
|
"hardware.nix".file = toString ./glasgow/hardware.nix;
|
||||||
|
@ -84,23 +75,19 @@ let
|
||||||
in {
|
in {
|
||||||
oracle-gitea-runner = pkgs.krops.writeDeploy "oracle-gitea-runner" {
|
oracle-gitea-runner = pkgs.krops.writeDeploy "oracle-gitea-runner" {
|
||||||
source = oracle-gitea-runner-source;
|
source = oracle-gitea-runner-source;
|
||||||
target = "root@130.162.169.74";
|
target = "root@143.47.229.209";
|
||||||
};
|
};
|
||||||
oracle-nix-cache = pkgs.krops.writeDeploy "oracle-nix-cache" {
|
oracle-nginx-funnel = pkgs.krops.writeDeploy "oracle-nginx-funnel" {
|
||||||
source = oracle-nix-cache-source;
|
source = oracle-nix-cache-source;
|
||||||
target = "root@141.147.94.210";
|
target = "root@141.147.109.157";
|
||||||
};
|
};
|
||||||
nas = pkgs.krops.writeDeploy "nas" {
|
nas = pkgs.krops.writeDeploy "nas" {
|
||||||
source = nas-source;
|
source = nas-source;
|
||||||
target = "root@192.168.50.229";
|
target = "root@192.168.50.229";
|
||||||
};
|
};
|
||||||
nas-k3s = pkgs.krops.writeDeploy "nas-k3s" {
|
|
||||||
source = nas-k3s-source;
|
|
||||||
target = "root@192.168.50.229:22001";
|
|
||||||
};
|
|
||||||
seattle = pkgs.krops.writeDeploy "seattle" {
|
seattle = pkgs.krops.writeDeploy "seattle" {
|
||||||
source = seattle-source;
|
source = seattle-source;
|
||||||
target = "root@192.168.50.146";
|
target = "root@seattle";
|
||||||
};
|
};
|
||||||
glasgow = pkgs.krops.writeDeploy "glasgow" {
|
glasgow = pkgs.krops.writeDeploy "glasgow" {
|
||||||
source = glasgow-source;
|
source = glasgow-source;
|
|
@ -1,4 +1,3 @@
|
||||||
|
|
||||||
# WARN: this file will get overwritten by $ cachix use <name>
|
# WARN: this file will get overwritten by $ cachix use <name>
|
||||||
{ pkgs, lib, ... }:
|
{ pkgs, lib, ... }:
|
||||||
|
|
|
@ -17,7 +17,7 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
services.gitea-actions-runner = {
|
services.gitea-actions-runner = {
|
||||||
# package = pkgs.forgejo-actions-runner;
|
package = pkgs.forgejo-actions-runner;
|
||||||
instances = {
|
instances = {
|
||||||
oracle-arm = {
|
oracle-arm = {
|
||||||
name = "oracle-arm";
|
name = "oracle-arm";
|
||||||
|
@ -39,8 +39,8 @@
|
||||||
nix
|
nix
|
||||||
zstd
|
zstd
|
||||||
];
|
];
|
||||||
url = "https://vancouver.scorpion-ghost.ts.net/git";
|
url = "https://git.gmem.ca";
|
||||||
token = "";
|
token = "rclEuf0ZKhWKe7IhvWZqgJpb1y84iYBJsJi7Wslh";
|
||||||
settings = {
|
settings = {
|
||||||
cache.port = 4328;
|
cache.port = 4328;
|
||||||
};
|
};
|
||||||
|
@ -53,7 +53,7 @@
|
||||||
environment.shells = with pkgs; [ zsh fish ];
|
environment.shells = with pkgs; [ zsh fish ];
|
||||||
|
|
||||||
networking = {
|
networking = {
|
||||||
hostName = "gitea-arm-runner";
|
hostName = "forgejo-action-runner";
|
||||||
domain = "gmem.ca";
|
domain = "gmem.ca";
|
||||||
nameservers = [ "1.1.1.1" "1.0.0.1" ];
|
nameservers = [ "1.1.1.1" "1.0.0.1" ];
|
||||||
firewall = {
|
firewall = {
|
||||||
|
@ -79,5 +79,5 @@
|
||||||
|
|
||||||
services.openssh.enable = true;
|
services.openssh.enable = true;
|
||||||
services.tailscale.enable = true;
|
services.tailscale.enable = true;
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.11";
|
||||||
}
|
}
|
|
@ -47,11 +47,11 @@
|
||||||
firewall = {
|
firewall = {
|
||||||
trustedInterfaces = ["tailscale0"];
|
trustedInterfaces = ["tailscale0"];
|
||||||
checkReversePath = "loose";
|
checkReversePath = "loose";
|
||||||
allowedTCPPorts = [ 22 53 80 443 ];
|
allowedTCPPorts = [ 22 80 443 6443 10250 ];
|
||||||
allowedUDPPorts = [ 41641 ];
|
allowedUDPPorts = [ 41641 80 443 ];
|
||||||
enable = true;
|
enable = false;
|
||||||
};
|
};
|
||||||
nftables.enable = true;
|
nftables.enable = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
time.timeZone = "Europe/London";
|
time.timeZone = "Europe/London";
|
||||||
|
@ -89,7 +89,7 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
role = "server";
|
role = "server";
|
||||||
extraFlags = toString [
|
extraFlags = toString [
|
||||||
"--secrets-encryption"
|
"--secrets-encryption --disable=traefik"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
Loading…
Reference in a new issue