arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

Compare commits

base: arch:02a87f02944b903359e6ef7f78f8fd9c913778af
Branches Tags
arch:trunk
arch:woodpecker-ci
..
compare: arch:799d726f0d2f30c347a371698ec3412553504e49
Branches Tags
arch:trunk
arch:woodpecker-ci

No commits in common. "02a87f02944b903359e6ef7f78f8fd9c913778af" and "799d726f0d2f30c347a371698ec3412553504e49" have entirely different histories.
02a87f0294 ... 799d726f0d

17 changed files with 89 additions and 699 deletions
Show stats Expand all files Collapse all files

240
flake.lock
View file

@ -95,22 +95,6 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@ -126,7 +110,7 @@
"type": "github"
}
},
"flake-compat_3": {
"flake-compat_2": {
"locked": {
"lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
@ -180,14 +164,14 @@
},
"flake-utils_2": {
"inputs": {
"systems": "systems"
"systems": "systems_2"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
@ -197,24 +181,6 @@
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"locked": {
"lastModified": 1634851050,
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
@ -229,28 +195,6 @@
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"kde2nix",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703887061,
"narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -279,11 +223,11 @@
]
},
"locked": {
"lastModified": 1706798041,
"narHash": "sha256-BbvuF4CsVRBGRP8P+R+JUilojk0M60D7hzqE0bEvJBQ=",
"lastModified": 1704498488,
"narHash": "sha256-yINKdShHrtjdiJhov+q0s3Y3B830ujRoSbHduUNyKag=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "4d53427bce7bf3d17e699252fd84dc7468afc46e",
"rev": "51e44a13acea71b36245e8bd8c7db53e0a3e61ee",
"type": "github"
},
"original": {
@ -292,39 +236,19 @@
"type": "github"
}
},
"kde2nix": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_3",
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1706910972,
"narHash": "sha256-yGYNqVceiHl6OdK56EsjSXQua5zrF04/2vNhmJ9cruY=",
"owner": "nix-community",
"repo": "kde2nix",
"rev": "44fb0b182e694579b53d7fed27a81fc98ccbe66f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "kde2nix",
"type": "github"
}
},
"kubenix": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": "nixpkgs_4",
"systems": "systems_2",
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_3",
"systems": "systems",
"treefmt": "treefmt"
},
"locked": {
"lastModified": 1705801181,
"narHash": "sha256-vH+n5qMnwFCx3LMON2hQMi9PjMpmTraGYXe1czJTfAg=",
"lastModified": 1700116223,
"narHash": "sha256-Pld/UXlBcIDnQMY0JkDzChJkbof/zEcRkaiXtzvArEE=",
"owner": "hall",
"repo": "kubenix",
"rev": "76b8053b27b062b11f0c9b495050cc55606ac9dc",
"rev": "e4d036576436b9983216584a89388af3da995043",
"type": "github"
},
"original": {
@ -335,15 +259,15 @@
},
"lib-aggregate": {
"inputs": {
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_2",
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1706443704,
"narHash": "sha256-ipRgFuoSFFRUJ/9NL9r0hTwtNpaAvKxDmAUCoyF6kU0=",
"lastModified": 1704629345,
"narHash": "sha256-cWrno5kSY2cCaWIl97Ae4/iZ9rnMLlm0VrwRqdzIESk=",
"owner": "nix-community",
"repo": "lib-aggregate",
"rev": "9842effaf0eb61c8bca645a5da7230392d76fe1d",
"rev": "3e408e7391e9d778f48861bb9da08ac54e01441a",
"type": "github"
},
"original": {
@ -356,15 +280,15 @@
"inputs": {
"flake-parts": "flake-parts",
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_7",
"nixpkgs": "nixpkgs_6",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1705242886,
"narHash": "sha256-TLj334vRwFtSym3m+NnKcNCnKKPNoTC/TDZL40vmOso=",
"lastModified": 1703466376,
"narHash": "sha256-Wy8iF8u5KSzrTxg1hStTBmUjzzKdKyCyMOg8b/eTvVQ=",
"owner": "nix-community",
"repo": "nix-eval-jobs",
"rev": "6b03a93296faf174b97546fd573c8b379f523a8d",
"rev": "64104a3c55593c903af78af86a4c9d2e5487a2d7",
"type": "github"
},
"original": {
@ -397,7 +321,7 @@
},
"nixinate": {
"inputs": {
"nixpkgs": "nixpkgs_5"
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1688141737,
@ -436,11 +360,11 @@
]
},
"locked": {
"lastModified": 1706085261,
"narHash": "sha256-7PgpHRHyShINcqgevPP1fJ6N8kM5ZSOJnk3QZBrOCQ0=",
"lastModified": 1701689616,
"narHash": "sha256-ewnfgvRy73HoP5KnYmy1Rcr4m4yShvsb6TCCaKoW8pc=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "896f6589db5b25023b812bbb6c1f5d3a499b1132",
"rev": "246219bc21b943c6f6812bb7744218ba0df08600",
"type": "github"
},
"original": {
@ -467,11 +391,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1706402708,
"narHash": "sha256-v6z1V+BwolqR9w0sbRkZ9DnnviMcZdZzPJe+4K4h+d4=",
"lastModified": 1704588527,
"narHash": "sha256-YECXW8P0bqFM5e65Mu2fL4wZlonNWCuNEk7UQPsuJZ0=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "4833b4eb30dfe3abad5a21775bc5460322c8d337",
"rev": "be8e58791dcfa2b98b512c2a1bdf3bd94a38790b",
"type": "github"
},
"original": {
@ -480,25 +404,9 @@
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1704874635,
"narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3dc440faeee9e889fe2d1b4d25ad0f430d449356",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-wayland": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_2",
"lib-aggregate": "lib-aggregate",
"nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": [
@ -506,11 +414,11 @@
]
},
"locked": {
"lastModified": 1706891763,
"narHash": "sha256-BncZdo3M4YW5rI4oZGUT6PHuKnRVfV4NKIB3ZOczOIc=",
"lastModified": 1704684968,
"narHash": "sha256-h+lSV/cfnfE5//dHefL154mgvaEmTz13ehI7eb/Hph0=",
"owner": "nix-community",
"repo": "nixpkgs-wayland",
"rev": "ea9f83f5046fb53bff93a81e0a98f6ee50ab21ee",
"rev": "17d7827cd61e7e6bdc732c4817ea4da26ab0b47b",
"type": "github"
},
"original": {
@ -536,22 +444,6 @@
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1706812040,
"narHash": "sha256-pxgWZApBfqHi4I6Hz7nL/rSt0vGE62HvBwvuVXFXeOk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5c5bca5a97c0982ea37a2fcf6d3860349b9f9a35",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1686488075,
"narHash": "sha256-2otSBt2hbeD+5yY25NF3RhWx7l5SDt1aeU3cJ/9My4M=",
@ -567,7 +459,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_4": {
"locked": {
"lastModified": 1653060744,
"narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=",
@ -583,13 +475,13 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_5": {
"locked": {
"lastModified": 1706683685,
"narHash": "sha256-FtPPshEpxH/ewBOsdKBNhlsL2MLEFv1hEnQ19f/bFsQ=",
"lastModified": 1704626572,
"narHash": "sha256-VwRTEKzK4wSSv64G+g3RLF3t6yBHrhR2VK3kZ5UWisU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5ad9903c16126a7d949101687af0aa589b1d7d3d",
"rev": "24fe8bb4f552ad3926274d29e083b79d84707da6",
"type": "github"
},
"original": {
@ -599,7 +491,7 @@
"type": "github"
}
},
"nixpkgs_7": {
"nixpkgs_6": {
"locked": {
"lastModified": 1703134684,
"narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=",
@ -615,7 +507,7 @@
"type": "github"
}
},
"nixpkgs_8": {
"nixpkgs_7": {
"locked": {
"lastModified": 1636823747,
"narHash": "sha256-oWo1nElRAOZqEf90Yek2ixdHyjD+gqtS/pAgwaQ9UhQ=",
@ -630,64 +522,20 @@
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": [
"kde2nix",
"flake-utils"
],
"gitignore": "gitignore",
"nixpkgs": [
"kde2nix",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1706424699,
"narHash": "sha256-Q3RBuOpZNH2eFA1e+IHgZLAOqDD9SKhJ/sszrL8bQD4=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "7c54e08a689b53c8a1e5d70169f2ec9e2a68ffaf",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"alertmanager-ntfy": "alertmanager-ntfy",
"home-manager": "home-manager_2",
"kde2nix": "kde2nix",
"kubenix": "kubenix",
"nixinate": "nixinate",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_5",
"nixpkgs-wayland": "nixpkgs-wayland",
"terranix": "terranix"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -701,7 +549,7 @@
"type": "indirect"
}
},
"systems_3": {
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -720,8 +568,8 @@
"inputs": {
"bats-assert": "bats-assert",
"bats-support": "bats-support",
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_8",
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_7",
"terranix-examples": "terranix-examples"
},
"locked": {

6
flake.nix
View file

@ -5,7 +5,6 @@
terranix.url = "github:terranix/terranix";
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixinate.url = "github:matthewcroughan/nixinate";
kde2nix.url = "github:nix-community/kde2nix";
nixpkgs-wayland = {
url = "github:nix-community/nixpkgs-wayland";
inputs.nixpkgs.follows = "nixpkgs";
@ -22,7 +21,7 @@
kubenix.url = "github:hall/kubenix";
};
outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix, alertmanager-ntfy, nixpkgs-wayland, kubenix, kde2nix }@inputs:
outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix, alertmanager-ntfy, nixpkgs-wayland, kubenix }@inputs:
let
pkgs = nixpkgs.legacyPackages.x86_64-linux;
tf = terranix.lib.terranixConfiguration {
@ -106,7 +105,6 @@
london = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
kde2nix.nixosModules.plasma6
(import ./nix/london/configuration.nix)
home-manager.nixosModules.home-manager
{
@ -121,12 +119,10 @@
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
];
substituters = [
"https://cache.nixos.org"
"https://nixpkgs-wayland.cachix.org"
"https://nix-community.cachix.org"
];
};

2
homelab/authentik.yml
View file

@ -1,5 +1,5 @@
image:
tag: 2023.10.6
tag: 2023.10.5
authentik:
error_reporting:

97
homelab/conduit.nix
View file

@ -1,97 +0,0 @@
let
appName = "conduwuit";
conduwuit-Image = "git.gmem.ca/arch/conduwuit:latest";
in
{ ... }: {
kubernetes.resources.services.conduwuit = {
spec = {
selector.app = appName;
ports.http = {
port = 6167;
targetPort = 6167;
};
};
};
kubernetes.resources.statefulSets.conduwuit.spec = {
selector.matchLabels.app = appName;
serviceName = appName;
template = {
metadata.labels.app = appName;
spec = {
volumes = {
config.configMap.name = appName;
};
containers = {
conduwuit = {
image = conduwuit-Image;
imagePullPolicy = "Always";
ports.http.containerPort = 6167;
volumeMounts = [
{ name = "data"; mountPath = "/var/lib/matrix-conduit"; }
{ name = "config"; mountPath = "/etc/matrix-conduit/conduit.toml";
subPath = "conduit.toml"; }
];
env.CONDUIT_CONFIG.value = "/etc/matrix-conduit/conduit.toml";
};
};
};
};
volumeClaimTemplates = [
{ metadata.name = "data";
spec = {
storageClassName = "nfs-client";
accessModes = [ "ReadWriteOnce" ];
resources.requests.storage = "5Gi";
};
}
];
};
kubernetes.resources.ingresses.conduwuit = {
metadata = {
name = appName;
annotations = {
"cert-manager.io/issuer" = "le-issuer";
};
};
spec = {
tls = [ { hosts = [ "chat.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
rules = [
{
host = "chat.gmem.ca";
http.paths = [
{ path = "/"; pathType = "Prefix";
backend.service = {
name = appName;
port.name = "http"; };
}
];
}
];
};
};
kubernetes.resources.configMaps.conduwuit = {
metadata = {
name = appName;
annotations = {
"cert-manager.io/issuer" = "le-issuer";
};
};
data."conduit.toml" =
''
[global]
# The Conduit server needs all /_matrix/ requests to be reachable at
# https://your.server.name/ on port 443 (client-server) and 8448 (federation).
server_name = "gmem.ca"
# This is the only directory where Conduit will save its data
database_path = "/var/lib/matrix-conduit/"
database_backend = "rocksdb"
port = 6167
max_request_size = 20_000_000 # in bytes
allow_federation = true
allow_check_for_updates = false
trusted_servers = ["matrix.org"]
address = "0.0.0.0"
'';
};
}

13
homelab/endpoints.nix
View file

@ -12,18 +12,6 @@ let
port = 8080;
protocol = "HTTP";
};
"tokyo" = {
location = "192.168.50.124";
host = "tokyo.gmem.ca";
port = 8000;
protocol = "HTTP";
};
"ibiza" = {
location = "192.168.50.182";
host = "ibiza.gmem.ca";
port = 8000;
protocol = "HTTP";
};
};
in {
kubernetes.resources.services = builtins.mapAttrs (name: endpoint: {
@ -42,7 +30,6 @@ in {
}) endpoints;
kubernetes.resources.ingresses = builtins.mapAttrs (name: endpoint: {
metadata = { name = name; annotations = {
"nginx.ingress.kubernetes.io/proxy-body-size" = "10g";
"cert-manager.io/issuer" = "le-issuer";
"nginx.ingress.kubernetes.io/backend-protocol" = endpoint.protocol;
}; };

123
homelab/irc.nix
View file

@ -1,123 +0,0 @@
let
appName = "soju";
sojuImage = "git.gmem.ca/arch/soju:latest";
gamjaImage = "git.gmem.ca/arch/gamja:latest";
in
{
kubernetes.resources.services.soju = {
spec = {
type = "NodePort";
selector.app = appName;
ports.tls = {
port = 6697;
targetPort = 6697;
};
};
};
kubernetes.resources.services.soju-ws = {
spec = {
selector.app = appName;
ports.ws = {
port = 80;
targetPort = 80;
};
};
};
kubernetes.resources.services.gamja = {
spec = {
selector.app = "gamja";
ports.http = {
port = 80;
targetPort = 80;
};
};
};
kubernetes.resources.deployments.soju.spec = {
selector.matchLabels.app = appName;
template = {
metadata.labels.app = appName;
spec = {
volumes = {
config.configMap.name = "soju";
ssl.secret.secretName = "gmem-ca-wildcard";
};
containers = {
soju = {
image = sojuImage;
imagePullPolicy = "Always";
volumeMounts = [ { name = "config"; mountPath = "/etc/soju/config"; subPath = "config"; }
{ name = "ssl"; mountPath = "/ssl"; } ];
ports.tls.containerPort = 6697;
ports.ws.containerPort = 80;
env.PGHOST.valueFrom.secretKeyRef = {
name = "hippo-pguser-soju";
key = "host";
};
env.PGPASSWORD.valueFrom.secretKeyRef = {
name = "hippo-pguser-soju";
key = "password";
};
env.PGUSER.valueFrom.secretKeyRef = {
name = "hippo-pguser-soju";
key = "user";
};
env.PGDATABASE.valueFrom.secretKeyRef = {
name = "hippo-pguser-soju";
key = "dbname";
};
};
};
};
};
};
kubernetes.resources.deployments.gamja.spec = {
selector.matchLabels.app = "gamja";
template = {
metadata.labels.app = "gamja";
spec = {
containers = {
gamja = {
image = gamjaImage;
imagePullPolicy = "Always";
ports.http.containerPort = 80;
};
};
};
};
};
kubernetes.resources.ingresses.irc = {
metadata.annotations = {
"cert-manager.io/issuer" = "le-issuer";
};
spec = {
tls = [ { hosts = [ "irc.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
rules = [ { host = "irc.gmem.ca"; http.paths = [
{ path = "/"; pathType = "Prefix";
backend.service = {
name = "gamja";
port.number = 80;
};
}
{ path = "/socket"; pathType = "Prefix";
backend.service = {
name = "soju-ws";
port.number = 80;
};
}
];}];
};
};
kubernetes.resources.configMaps.soju.data.config = ''
listen ircs://
listen unix+admin:///app/admin
listen ws+insecure://
hostname irc.gmem.ca
title irc.gmem.ca
db postgres "dbname=soju"
message-store db
tls /ssl/tls.crt /ssl/tls.key
'';
}

4
homelab/kubernetes.nix
View file

@ -10,9 +10,5 @@
(import ./homepage.nix)
(import ./pterodactyl.nix)
(import ./cloudflare-exporter.nix)
(import ./piped.nix)
(import ./conduit.nix)
(import ./irc.nix)
(import ./netboot.nix)
];
}

97
homelab/netboot.nix
View file

@ -1,97 +0,0 @@
let
appName = "netbootxyz";
netbootxyzImage = "ghcr.io/netbootxyz/netbootxyz";
in
{
kubernetes.resources.services.netbootxyz = {
spec = {
selector.app = appName;
ports.http = {
port = 80;
targetPort = 80;
};
ports.interface = {
port = 3000;
targetPort = 3000;
};
};
};
kubernetes.resources.services.netbootxyz-tftp = {
spec = {
externalTrafficPolicy = "Local";
sessionAffinity = "None";
type = "NodePort";
selector.app = appName;
ports.tftp = {
port = 69;
protocol = "UDP";
targetPort = 69;
};
};
};
kubernetes.resources.deployments.netbootxyz.spec = {
selector.matchLabels.app = appName;
template = {
metadata.labels.app = appName;
spec = {
volumes = [
{ name = "config"; persistentVolumeClaim.claimName = "netbootxyz-config"; }
{ name = "assets"; persistentVolumeClaim.claimName = "netbootxyz-assets"; }
];
containers = {
netbootxyz = {
image = netbootxyzImage;
imagePullPolicy = "Always";
volumeMounts = [
{ mountPath = "/config"; name = "config"; }
{ mountPath = "/assets"; name = "assets"; }
];
env.SUBFOLDER.value = "/ui/";
ports.http.containerPort = 80;
ports.interface.containerPort = 3000;
ports.tftp = {
containerPort = 69;
protocol = "UDP";
};
};
};
};
};
};
kubernetes.resources.persistentVolumeClaims.netbootxyz-config.spec = {
resources.requests.storage = "1Gi";
volumeMode = "Filesystem";
accessModes = [ "ReadWriteMany" ];
};
kubernetes.resources.persistentVolumeClaims.netbootxyz-assets.spec = {
resources.requests.storage = "10Gi";
volumeMode = "Filesystem";
accessModes = [ "ReadWriteMany" ];
};
kubernetes.resources.ingresses.netbootxyz = {
metadata.annotations = {
"cert-manager.io/issuer" = "le-issuer";
"nginx.ingress.kubernetes.io/ssl-redirect" = "false";
};
spec = {
tls = [ { hosts = [ "netboot.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
rules = [ { host = "netboot.gmem.ca"; http.paths = [
{ path = "/ui"; pathType = "Prefix";
backend.service = {
name = "netbootxyz";
port.number = 3000;
};
}
{ path = "/"; pathType = "Prefix";
backend.service = {
name = "netbootxyz";
port.number = 80;
};
}
];}];
};
};
}

69
homelab/piped.nix
View file

@ -1,69 +0,0 @@
{ lib, config, kubenix, ... }: {
kubernetes.helm.releases.piped = {
namespace = "default";
chart = kubenix.lib.helm.fetch {
repo = "https://helm.piped.video";
chart = "piped";
version = "5.0.0";
sha256 = "wfw0e37q52VW+bUMBmXILwUM0F1O1cH7Jk+6tmLAcS8=";
};
values = {
postgresql.enabled = false;
backend.config = {
FRONTEND_URL = "https://piped.gmem.ca";
API_URL = "https://pipedapi.gmem.ca";
PROXY_PART = "https://ytproxy.gmem.ca";
database.connection_url = "jdbc:postgresql://hippo-primary.default.svc:5432/piped";
database.secret = {
name = "hippo-pguser-piped";
username = "user";
password = "password";
};
};
fontend.env.BACKEND_HOSTNAME= "pipedapi.gmem.ca";
ingress = {
main = {
tls = [ { hosts = [ "piped.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
hosts = [
{ host = "piped.gmem.ca"; paths = [ { path = "/"; } ]; }
];
};
backend = {
tls = [ { hosts = [ "pipedapi.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
hosts = [
{ host = "pipedapi.gmem.ca"; paths = [ { path = "/"; } ]; }
];
};
ytproxy = {
tls = [ { hosts = [ "ytproxy.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
hosts = [
{ host = "ytproxy.gmem.ca"; paths = [ { path = "/"; } ]; }
];
};
};
};
};
kubernetes.resources.cronJobs.piped-refresh.spec = {
schedule = "*/5 * * * *";
jobTemplate.spec.template.spec = {
restartPolicy = "Never";
containers.refresh-subscriptions = {
image = "alpine:3.15";
envFrom = [ { secretRef.name = "hippo-pguser-piped"; } ];
command = [
"/bin/ash"
"-c"
''
apk --no-cache add postgresql-client curl &&
export PGPASSWORD=$password &&
export subs=$(psql -U piped -h hippo-primary.default.svc -qtAX -c 'select id from public.pubsub;') &&
while IFS= read -r line; do
curl -k "https://pipedapi.gmem.ca/channel/$line" > /dev/null
done < <(printf '%s' "$subs")
''
];
};
};
};
}

18
homelab/postgres-cluster.yml
View file

@ -3,7 +3,7 @@ kind: PostgresCluster
metadata:
name: hippo
spec:
image: git.gmem.ca/arch/custom-postgres@sha256:539194fc6c290445477b229bb7b792785b67619894bcfd7483e5bdb62eaa0658
image: git.gmem.ca/arch/custom-postgres@sha256:e8e4b522b6912cb56924695bf6cf233d6162b3eafecf4d7abd050ebbfe83b0ac
postgresVersion: 15
databaseInitSQL:
key: init.sql
@ -24,6 +24,12 @@ spec:
shared_preload_libraries: vectors
backups:
pgbackrest:
restore:
enabled: true
repoName: repo1
options:
- --type=time
- --target="2023-12-16 00:00:00-00"
manual:
repoName: repo1
options:
@ -59,12 +65,6 @@ spec:
- name: pterodactyl
databases:
- pterodactyl
- name: piped
databases:
- piped
- name: soju
databases:
- soju
---
apiVersion: v1
kind: ConfigMap
@ -79,10 +79,6 @@ data:
CREATE EXTENSION vectors;
\c pterodactyl
GRANT CREATE ON SCHEMA public TO "pterodactyl";
\c piped
GRANT CREATE ON SCHEMA public TO "piped";
\c soju
GRANT CREATE ON SCHEMA public TO "soju";
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor

21
homelab/postgres/Dockerfile
View file

@ -4,26 +4,13 @@ ARG TARGETARCH
USER root
RUN microdnf install wget binutils
RUN /bin/sh -c 'set -ex && \
ARCH=`uname -m` && \
if [ "$ARCH" == "x86_64" ]; then \
echo "x86_64" && \
wget -O vectors.deb https://github.com/tensorchord/pgvecto.rs/releases/download/v0.1.13/vectors-pg15_0.1.13_amd64.deb; \
elif [ "$ARCH" == "aarch64" ]; then \
echo "arm64" && \
wget -O vectors.deb https://github.com/tensorchord/pgvecto.rs/releases/download/v0.1.13/vectors-pg15_0.1.13_arm64.deb; \
else \
echo "unknown arch" && \
exit 1; \
fi'
RUN ar x vectors.deb && \
RUN microdnf install wget binutils && \
wget https://github.com/tensorchord/pgvecto.rs/releases/download/v0.1.11/vectors-pg15-v0.1.11-aarch64-unknown-linux-gnu.deb && \
ar x vectors-pg15-v0.1.11-aarch64-unknown-linux-gnu.deb && \
tar xvf data.tar.gz && \
mv ./usr/lib/postgresql/15/lib/* /usr/pgsql-15/lib/ && \
mv ./usr/share/postgresql/15/extension/* /usr/pgsql-15/share/extension && \
microdnf clean all && \
rm vectors.deb control.tar.gz data.tar.gz
rm vectors-pg15-v0.1.11-aarch64-unknown-linux-gnu.deb control.tar.gz data.tar.gz
USER 26

9
homelab/pterodactyl.nix
View file

@ -18,15 +18,22 @@ in
template = {
metadata.labels.app = appName;
spec = {
volumes = {
secret.secret.secretName = "pterodactyl";
};
containers = {
pterodactyl-panel = {
image = pterodactyl-panel-Image;
imagePullPolicy = "Always";
ports.http.containerPort = 8080;
lifecycle.postStart.exec.command = [
"/bin/sh" "-c"
"cp /var/secret/pterodactyl.env /var/www/pterodactyl/.env"
];
volumeMounts = [
{ name = "secret"; mountPath = "/var/secret"; }
{ name = "data"; mountPath = "/var/www/pterodactyl/storage/app"; }
];
envFrom = [ { secretRef.name = "pterodactyl"; } ];
};
};
};

47
nix/london/configuration.nix
View file

@ -24,11 +24,8 @@
};
time.hardwareClockInLocalTime = true;
hardware = {
cpu.amd.updateMicrocode = true;
bluetooth.enable = true;
bluetooth.powerOnBoot = true;
};
hardware.cpu.amd.updateMicrocode = true;
nix = {
settings = {
experimental-features = [ "nix-command" "flakes" ];
@ -50,8 +47,8 @@
enable = true;
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
allowedTCPPorts = [ 7000 7100 7001 22000 8000 3000 9943 9944 ];
allowedUDPPorts = [ 69 6000 6001 7011 41641 3478 22000 21027 9943 9944 ];
allowedTCPPorts = [ 7000 7100 22000 8000 3000 ];
allowedUDPPorts = [ 6000 6001 7011 41641 3478 22000 21027 ];
trustedInterfaces = [ "enp4s0" "tailscale0" "docker0" ];
checkReversePath = "loose";
};
@ -115,13 +112,10 @@
pcscd.enable = true;
mullvad-vpn.enable = true;
xserver = {
xkb.layout = "us";
xkb.variant = "";
layout = "us";
xkbVariant = "";
enable = true;
desktopManager = {
# plasma5.enable = true;
plasma6.enable = true;
};
desktopManager.plasma5.enable = true;
displayManager.sddm.enable = true;
};
pipewire = {
@ -136,14 +130,12 @@
drivers = [ pkgs.gutenprint pkgs.gutenprintBin ];
};
avahi = {
nssmdns4 = true;
nssmdns = true;
enable = true;
publish = {
enable = true;
userServices = true;
domain = true;
workstation = true;
hinfo = true;
};
};
};
@ -177,7 +169,6 @@
fish.enable = true;
nix-ld.enable = true;
dconf.enable = true;
kdeconnect.enable = true;
steam = {
enable = true;
remotePlay.openFirewall = true;
@ -185,13 +176,13 @@
};
gnupg.agent = {
enable = true;
pinentryFlavor = "qt";
pinentryFlavor = "gnome3";
enableSSHSupport = false;
};
};
# Define a user account. Don't forget to set a password with passwd.
users.users.gsimmer = {
shell = pkgs.fish;
shell = pkgs.nushell;
isNormalUser = true;
description = "Gabriel Simmer";
extraGroups = [ "networkmanager" "wheel" "libvirtd" "qemu-libvirtd" "docker" ];
@ -223,7 +214,6 @@
enableDefaultPackages = true;
};
systemd.packages = with pkgs; [ cloudflare-warp ];
environment = {
shells = with pkgs; [ zsh fish ];
systemPackages = with pkgs; [
@ -247,32 +237,21 @@
libnotify
emojione
swtpm
cloudflare-warp
pcscliteWithPolkit.out
];
};
environment.plasma5.excludePackages = with pkgs.libsForQt5; [
elisa
okular
oxygen
khelpcenter
konsole
plasma-browser-integration
print-manager
];
security = {
polkit = {
enable = true;
extraConfig = ''
polkit.addRule(function(action, subject) {
if (action.id == "org.debian.pcsc-lite.access_pcsc" &&
subject.isInGroup("wheel")) {
return polkit.Result.YES;
}
});
'';
};
polkit.enable = true;
rtkit.enable = true;
};
system.stateVersion = "23.05"; # Did you read the comment?

11
nix/london/gsimmer.nix
View file

@ -16,7 +16,7 @@
[
(import (builtins.fetchTarball {
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
sha256 = "1nglxrfynyjmqfzz81y4idc40c6rbsaa4jb4ishiwibdkh85nyf6";
sha256 = "0nr8bpglvhjjkyh6xf091gb8nwqn66spycmhhzvkh5smahxpjw0n";
})) discordOverlay];
};
home = {
@ -39,12 +39,17 @@
programs = {
bash.enable = false;
fish = {
enable = true;
enable = false;
interactiveShellInit = ''
set fish_greeting
atuin init fish | source
'';
};
nushell = {
enable = true;
extraConfig = (builtins.readFile ./config.nu);
};
direnv = {
enable = true;
@ -118,7 +123,7 @@
discord
mangohud
comma
transmission_4-qt
looking-glass-client
];
# This value determines the Home Manager release that your

1
nix/nas/configuration.nix
View file

@ -348,7 +348,6 @@
tokenFile = config.age.secrets.action-token.path;
settings = {
cache.port = 4328;
container.network = "podman3";
};
};
};

28
nix/oracle-stream/configuration.nix
View file

@ -34,12 +34,12 @@
firewall = {
trustedInterfaces = ["tailscale0"];
checkReversePath = "loose";
allowedTCPPorts = [ 80 443 1935 ];
allowedTCPPorts = [ 80 443 ];
allowedUDPPortRanges = [
{ from = 4000; to = 4007; }
{ from = 8000; to = 8010; }
];
allowedUDPPorts = [ 41641 1935 ];
allowedUDPPorts = [ 41641 ];
enable = true;
};
nftables.enable = true;
@ -77,7 +77,6 @@
openFirewall = false;
};
nginx = {
additionalModules = [ pkgs.nginxModules.rtmp ];
enable = true;
recommendedProxySettings = true;
recommendedGzipSettings = true;
@ -101,29 +100,6 @@
};
};
};
appendConfig = ''
rtmp {
server {
listen 1936;
chunk_size 4096;
application live {
live on;
allow publish 127.0.0.1;
allow publish 100.110.180.123;
allow publish fd7a:115c:a1e0::246e:b47b;
deny publish all;
allow play all;
record off;
hls on;
hls_path /tmp/hls;
dash on;
dash_path /tmp/dash;
}
}
}
'';
};
};

2
nix/seattle/configuration.nix
View file

@ -90,7 +90,7 @@
enable = true;
role = "server";
extraFlags = toString [
"--secrets-encryption --disable=traefik,servicelb --kube-apiserver-arg service-node-port-range=69-32767"
"--secrets-encryption --disable=traefik,servicelb"
];
};
};