Compare commits
No commits in common. "028a667d19e066fe010a6aae3c29edfc7fb4a440" and "a37f03d855d8fd5c23f115487bf7a15982ee8e53" have entirely different histories.
028a667d19
...
a37f03d855
|
@ -10,9 +10,10 @@ jobs:
|
|||
runs-on: debian-latest-arm
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3.5.4
|
||||
uses: https://github.com/RouxAntoine/checkout@v3.5.4
|
||||
with:
|
||||
ref: trunk
|
||||
github-server-url: 'https://vancouver.scorpion-ghost.ts.net/git/'
|
||||
- name: Install prerequisites
|
||||
run: apt update && apt install -y sudo
|
||||
- name: Install Nix
|
||||
|
|
|
@ -6,7 +6,7 @@ jobs:
|
|||
runs-on: debian-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3.5.3
|
||||
uses: https://github.com/RouxAntoine/checkout@v3.5.4
|
||||
with:
|
||||
ref: trunk
|
||||
- name: Lint Code Base
|
||||
|
|
|
@ -10,7 +10,7 @@ jobs:
|
|||
runs-on: debian-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: actions/checkout@v3.5.3
|
||||
uses: https://github.com/RouxAntoine/checkout@v3.5.4
|
||||
with:
|
||||
ref: trunk
|
||||
- name: Install AWS CLI
|
||||
|
|
42
flake.lock
42
flake.lock
|
@ -1,15 +1,12 @@
|
|||
{
|
||||
"nodes": {
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1689068808,
|
||||
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
|
||||
"lastModified": 1678901627,
|
||||
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
|
||||
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -20,11 +17,11 @@
|
|||
},
|
||||
"nixlib": {
|
||||
"locked": {
|
||||
"lastModified": 1689469483,
|
||||
"narHash": "sha256-2SBhY7rZQ/iNCxe04Eqxlz9YK9KgbaTMBssq3/BgdWY=",
|
||||
"lastModified": 1680397293,
|
||||
"narHash": "sha256-wBpJ73+tJ8fZSWb4tzNbAVahC4HSo2QG3nICDy4ExBQ=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "02fea408f27186f139153e1ae88f8ab2abd9c22c",
|
||||
"rev": "b18d328214ca3c627d3cc3f51fd9d1397fdbcd7a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -41,11 +38,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1690133435,
|
||||
"narHash": "sha256-YNZiefETggroaTLsLJG2M+wpF0pJPwiauKG4q48ddNU=",
|
||||
"lastModified": 1680764424,
|
||||
"narHash": "sha256-2tNAE9zWbAK3JvQnhlnB1uzHzhwbA9zF6A17CoTjnbk=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"rev": "b1171de4d362c022130c92d7c8adc4bf2b83d586",
|
||||
"rev": "15ae4065acbf414989a8677097804326fe7c0532",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -56,11 +53,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1691683125,
|
||||
"narHash": "sha256-FMU62G57HDbJwU+9V3q7I0mBaQYTYQdtPNlJt2t5/A4=",
|
||||
"lastModified": 1680668850,
|
||||
"narHash": "sha256-mQMg13yRsS0LXVzaeoSPwqgPO6yhkGzGewPgMSqXSv8=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "4d2389b927696ef8da4ef76b03f2d306faf87929",
|
||||
"rev": "4a65e9f64e53fdca6eed31adba836717a11247d2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -76,21 +73,6 @@
|
|||
"nixos-generators": "nixos-generators",
|
||||
"nixpkgs": "nixpkgs"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
|
|
|
@ -25,13 +25,11 @@
|
|||
pkgs.kubectl
|
||||
pkgs.awscli2
|
||||
pkgs.nodePackages.yaml-language-server
|
||||
pkgs.nodePackages_latest.typescript-language-server
|
||||
pkgs.python39Packages.python-lsp-server
|
||||
pkgs.k9s
|
||||
pkgs.terraform-ls
|
||||
pkgs.kubernetes-helm
|
||||
pkgs.k6
|
||||
pkgs.pulumi-bin
|
||||
pkgs.nodejs
|
||||
];
|
||||
buildInputs = [ ];
|
||||
};
|
||||
|
|
|
@ -8,7 +8,7 @@ let
|
|||
oracle-gitea-runner-source = lib.evalSource [
|
||||
{
|
||||
nixpkgs.git = {
|
||||
ref = "6e287913f7b1ef537c97aa301b67c34ea46b640f";
|
||||
ref = "66aedfd010204949cb225cf749be08cb13ce1813";
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
|
||||
shallow = true;
|
||||
|
@ -66,14 +66,14 @@ let
|
|||
url = https://github.com/NixOS/nixpkgs;
|
||||
};
|
||||
nixos-config.file = toString ./seattle/configuration.nix;
|
||||
"hardware.nix".file = toString ./seattle/hardware.nix;
|
||||
"hardware.nix".file = toString ./glasgow/hardware.nix;
|
||||
}
|
||||
];
|
||||
|
||||
glasgow-source = lib.evalSource [
|
||||
{
|
||||
nixpkgs.git = {
|
||||
ref = "origin/nixos-unstable";
|
||||
ref = "origin/nixos-23.05";
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
};
|
||||
nixos-config.file = toString ./glasgow/configuration.nix;
|
||||
|
|
|
@ -191,7 +191,7 @@ in
|
|||
};
|
||||
gnupg.agent = {
|
||||
enable = true;
|
||||
pinentryFlavor = "gnome3";
|
||||
pinentryFlavor = "qt";
|
||||
enableSSHSupport = false;
|
||||
};
|
||||
};
|
||||
|
|
|
@ -32,9 +32,12 @@
|
|||
config =
|
||||
''
|
||||
.:53 {
|
||||
errors
|
||||
log
|
||||
health
|
||||
file /var/src/dns.db git.gmem.ca
|
||||
forward . 45.90.28.116 45.90.30.116
|
||||
cache
|
||||
bind tailscale0
|
||||
}
|
||||
'';
|
||||
|
@ -63,7 +66,6 @@
|
|||
samba = {
|
||||
enable = true;
|
||||
securityType = "user";
|
||||
openFirewall = true;
|
||||
extraConfig = ''
|
||||
workgroup = WORKGROUP
|
||||
server string = smbnix
|
||||
|
@ -163,55 +165,16 @@
|
|||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
client_max_body_size 100M;
|
||||
'';
|
||||
proxyPass = "http://127.0.0.1:8973/";
|
||||
};
|
||||
};
|
||||
virtualHosts."request-media.gmem.ca" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
acmeRoot = null;
|
||||
locations."/" = {
|
||||
extraConfig =
|
||||
''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
client_max_body_size 100M;
|
||||
'';
|
||||
proxyPass = "http://127.0.0.1:5055/";
|
||||
};
|
||||
};
|
||||
virtualHosts."flood.gmem.ca" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
acmeRoot = null;
|
||||
locations."/" = {
|
||||
extraConfig =
|
||||
''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
client_max_body_size 100M;
|
||||
'';
|
||||
proxyPass = "http://192.168.50.187:3000/";
|
||||
};
|
||||
};
|
||||
};
|
||||
gitea = {
|
||||
enable = true;
|
||||
stateDir = "/Primary/gitea";
|
||||
package = pkgs.forgejo;
|
||||
settings = {
|
||||
DEFAULT = {
|
||||
APP_NAME = "Arch's Git Forge";
|
||||
};
|
||||
server = {
|
||||
ROOT_URL = "https://git.gmem.ca/";
|
||||
HTTP_PORT = 8973;
|
||||
|
@ -229,7 +192,7 @@
|
|||
};
|
||||
};
|
||||
gitea-actions-runner = {
|
||||
package = pkgs.gitea-actions-runner;
|
||||
package = pkgs.forgejo-actions-runner;
|
||||
instances = {
|
||||
vancouver = {
|
||||
name = "vancouver";
|
||||
|
@ -250,24 +213,12 @@
|
|||
hostName = "vancouver";
|
||||
domain = "gmem.ca";
|
||||
firewall = {
|
||||
trustedInterfaces = ["tailscale0" "virbr0"];
|
||||
trustedInterfaces = ["tailscale0"];
|
||||
checkReversePath = "loose";
|
||||
enable = true;
|
||||
allowedTCPPorts = [ 22 53 80 443 2049 ];
|
||||
allowedTCPPorts = [ 22 53 80 443 ];
|
||||
allowedUDPPorts = [ 53 41641 ];
|
||||
};
|
||||
useDHCP = false;
|
||||
bridges = {
|
||||
"br0" = {
|
||||
interfaces = [ "eno1" ];
|
||||
};
|
||||
};
|
||||
interfaces.br0.ipv4.addresses = [ {
|
||||
address = "192.168.50.229";
|
||||
prefixLength = 24;
|
||||
} ];
|
||||
defaultGateway = "192.168.50.1";
|
||||
nameservers = ["100.100.100.100" "45.90.28.116" "45.90.30.116"];
|
||||
nftables.enable = true;
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
@ -283,7 +234,7 @@
|
|||
cifs-utils
|
||||
cloudflared
|
||||
bat
|
||||
virtiofsd
|
||||
# atuin
|
||||
];
|
||||
|
||||
time.timeZone = "Europe/London";
|
||||
|
@ -364,16 +315,6 @@
|
|||
dnsProvider = "route53";
|
||||
credentialsFile = "/var/lib/secrets/credentials";
|
||||
};
|
||||
security.acme.certs."request-media.gmem.ca" = {
|
||||
domain = "request-media.gmem.ca";
|
||||
dnsProvider = "route53";
|
||||
credentialsFile = "/var/lib/secrets/credentials";
|
||||
};
|
||||
security.acme.certs."flood.gmem.ca" = {
|
||||
domain = "flood.gmem.ca";
|
||||
dnsProvider = "route53";
|
||||
credentialsFile = "/var/lib/secrets/credentials";
|
||||
};
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
}
|
||||
|
|
|
@ -20,7 +20,6 @@
|
|||
];
|
||||
|
||||
services.gitea-actions-runner = {
|
||||
# package = pkgs.forgejo-actions-runner;
|
||||
instances = {
|
||||
oracle-arm = {
|
||||
name = "oracle-arm";
|
||||
|
|
|
@ -94,10 +94,6 @@
|
|||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://100.116.48.47";
|
||||
extraConfig =
|
||||
''
|
||||
client_max_body_size 100M;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
2
pulumi/.gitignore
vendored
2
pulumi/.gitignore
vendored
|
@ -1,2 +0,0 @@
|
|||
/bin/
|
||||
/node_modules/
|
|
@ -1,6 +0,0 @@
|
|||
encryptionsalt: v1:v/2Egaf4eCE=:v1:2Vc2k1lWnahiE1Ce:83nVXz3moeXDWxGg/gjobA9cHw8zYg==
|
||||
config:
|
||||
aws:region: eu-west-2
|
||||
tailscale:apiKey:
|
||||
secure: v1:4IfYF+gWnunbS4mK:HyJkqNAOvflbV3SZYTh/0F/is4fVMYGJLaYPhOA3xqrFu1CCzy38k2ADhvvpYIbK0PxHdibN6iW9VtCKHeTXhE8rWpv97dEb
|
||||
tailscale:tailnet: gmem.ca
|
|
@ -1,3 +0,0 @@
|
|||
name: gmem-pulumi
|
||||
runtime: nodejs
|
||||
description: gmem's AWS Infra
|
|
@ -1,47 +0,0 @@
|
|||
import * as pulumi from "@pulumi/pulumi";
|
||||
import * as aws from "@pulumi/aws";
|
||||
import * as tailscale from "@pulumi/tailscale";
|
||||
|
||||
const r53_domains: { [key: string]: any } = {"gmem.ca": "", "gabrielsimmer.com": ""};
|
||||
|
||||
export = async () => {
|
||||
for (const domain in r53_domains) {
|
||||
r53_domains[domain] = new aws.route53.Zone(domain, {
|
||||
comment: "Managed by Pulumi",
|
||||
name: domain,
|
||||
}, {
|
||||
protect: true,
|
||||
}).id;
|
||||
}
|
||||
|
||||
const vancouver_ts = await tailscale.getDevice({ name: "vancouver.scorpion-ghost.ts.net" });
|
||||
new aws.route53.Record("vancouver", {
|
||||
zoneId: r53_domains["gmem.ca"],
|
||||
name: "vancouver.gmem.ca",
|
||||
type: "A",
|
||||
ttl: 300,
|
||||
records: [vancouver_ts.addresses[0]]
|
||||
});
|
||||
new aws.route53.Record("galleon", {
|
||||
zoneId: r53_domains["gmem.ca"],
|
||||
name: "galleon.gmem.ca",
|
||||
type: "A",
|
||||
ttl: 300,
|
||||
records: [vancouver_ts.addresses[0]]
|
||||
});
|
||||
new aws.route53.Record("gabrielsimmercom", {
|
||||
zoneId: r53_domains["gabrielsimmer.com"],
|
||||
name: "gabrielsimmer.com",
|
||||
type: "A",
|
||||
ttl: 3600,
|
||||
records: ["66.241.124.117"]
|
||||
});
|
||||
new aws.route53.Record("gabrielsimmercom-aaaa", {
|
||||
zoneId: r53_domains["gabrielsimmer.com"],
|
||||
name: "gabrielsimmer.com",
|
||||
type: "AAAA",
|
||||
ttl: 3600,
|
||||
records: ["2a09:8280:1::4e:42fd"]
|
||||
});
|
||||
return { "vancouver ts ip": vancouver_ts.addresses[0] };
|
||||
}
|
2404
pulumi/package-lock.json
generated
2404
pulumi/package-lock.json
generated
File diff suppressed because it is too large
Load diff
|
@ -1,13 +0,0 @@
|
|||
{
|
||||
"name": "gmem-pulumi",
|
||||
"main": "index.ts",
|
||||
"devDependencies": {
|
||||
"@types/node": "^16"
|
||||
},
|
||||
"dependencies": {
|
||||
"@pulumi/aws": "^5.0.0",
|
||||
"@pulumi/awsx": "^1.0.0",
|
||||
"@pulumi/pulumi": "^3.0.0",
|
||||
"@pulumi/tailscale": "^0.12.2"
|
||||
}
|
||||
}
|
|
@ -1,18 +0,0 @@
|
|||
{
|
||||
"compilerOptions": {
|
||||
"strict": true,
|
||||
"outDir": "bin",
|
||||
"target": "es2016",
|
||||
"module": "commonjs",
|
||||
"moduleResolution": "node",
|
||||
"sourceMap": true,
|
||||
"experimentalDecorators": true,
|
||||
"pretty": true,
|
||||
"noFallthroughCasesInSwitch": true,
|
||||
"noImplicitReturns": true,
|
||||
"forceConsistentCasingInFileNames": true
|
||||
},
|
||||
"files": [
|
||||
"index.ts"
|
||||
]
|
||||
}
|
|
@ -21,19 +21,12 @@ resource "aws_route53_record" "gabrielsimmercom-a" {
|
|||
zone_id = aws_route53_zone.gabrielsimmercom.zone_id
|
||||
name = "gabrielsimmer.com"
|
||||
type = "A"
|
||||
ttl = 3600
|
||||
ttl = 300
|
||||
records = [
|
||||
"66.241.124.117"
|
||||
]
|
||||
}
|
||||
|
||||
resource "aws_route53_record" "gabrielsimmercom-aaaa" {
|
||||
zone_id = aws_route53_zone.gabrielsimmercom.zone_id
|
||||
name = "gabrielsimmer.com"
|
||||
type = "AAAA"
|
||||
ttl = 3600
|
||||
records = [
|
||||
"2a09:8280:1::4e:42fd"
|
||||
"185.199.108.153",
|
||||
"185.199.109.153",
|
||||
"185.199.110.153",
|
||||
"185.199.111.153"
|
||||
]
|
||||
}
|
||||
|
||||
|
|
|
@ -2,22 +2,6 @@ resource "aws_route53_zone" "gmemca" {
|
|||
name = "gmem.ca"
|
||||
}
|
||||
|
||||
resource "aws_route53_record" "flood" {
|
||||
zone_id = aws_route53_zone.gmemca.zone_id
|
||||
name = "flood"
|
||||
type = "A"
|
||||
ttl = 3600
|
||||
records = ["100.116.48.47"]
|
||||
}
|
||||
|
||||
resource "aws_route53_record" "request-media" {
|
||||
zone_id = aws_route53_zone.gmemca.zone_id
|
||||
name = "request-media"
|
||||
type = "A"
|
||||
ttl = 3600
|
||||
records = ["100.116.48.47"]
|
||||
}
|
||||
|
||||
resource "aws_route53_record" "git" {
|
||||
zone_id = aws_route53_zone.gmemca.zone_id
|
||||
name = "git"
|
||||
|
|
Loading…
Reference in a new issue