Compare commits
No commits in common. "02a87f02944b903359e6ef7f78f8fd9c913778af" and "799d726f0d2f30c347a371698ec3412553504e49" have entirely different histories.
02a87f0294
...
799d726f0d
240
flake.lock
240
flake.lock
|
@ -95,22 +95,6 @@
|
|||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1696426674,
|
||||
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "edolstra",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_2": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1673956053,
|
||||
|
@ -126,7 +110,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat_3": {
|
||||
"flake-compat_2": {
|
||||
"locked": {
|
||||
"lastModified": 1688025799,
|
||||
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
|
||||
|
@ -180,14 +164,14 @@
|
|||
},
|
||||
"flake-utils_2": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
"systems": "systems_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1705309234,
|
||||
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
|
||||
"lastModified": 1701680307,
|
||||
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
|
||||
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -197,24 +181,6 @@
|
|||
}
|
||||
},
|
||||
"flake-utils_3": {
|
||||
"inputs": {
|
||||
"systems": "systems_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1705309234,
|
||||
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_4": {
|
||||
"locked": {
|
||||
"lastModified": 1634851050,
|
||||
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
|
||||
|
@ -229,28 +195,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"gitignore": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"kde2nix",
|
||||
"pre-commit-hooks",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1703887061,
|
||||
"narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "gitignore.nix",
|
||||
"rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "gitignore.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
@ -279,11 +223,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1706798041,
|
||||
"narHash": "sha256-BbvuF4CsVRBGRP8P+R+JUilojk0M60D7hzqE0bEvJBQ=",
|
||||
"lastModified": 1704498488,
|
||||
"narHash": "sha256-yINKdShHrtjdiJhov+q0s3Y3B830ujRoSbHduUNyKag=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "4d53427bce7bf3d17e699252fd84dc7468afc46e",
|
||||
"rev": "51e44a13acea71b36245e8bd8c7db53e0a3e61ee",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -292,39 +236,19 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"kde2nix": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": "nixpkgs_3",
|
||||
"pre-commit-hooks": "pre-commit-hooks"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1706910972,
|
||||
"narHash": "sha256-yGYNqVceiHl6OdK56EsjSXQua5zrF04/2vNhmJ9cruY=",
|
||||
"owner": "nix-community",
|
||||
"repo": "kde2nix",
|
||||
"rev": "44fb0b182e694579b53d7fed27a81fc98ccbe66f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "kde2nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"kubenix": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_2",
|
||||
"nixpkgs": "nixpkgs_4",
|
||||
"systems": "systems_2",
|
||||
"flake-compat": "flake-compat",
|
||||
"nixpkgs": "nixpkgs_3",
|
||||
"systems": "systems",
|
||||
"treefmt": "treefmt"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1705801181,
|
||||
"narHash": "sha256-vH+n5qMnwFCx3LMON2hQMi9PjMpmTraGYXe1czJTfAg=",
|
||||
"lastModified": 1700116223,
|
||||
"narHash": "sha256-Pld/UXlBcIDnQMY0JkDzChJkbof/zEcRkaiXtzvArEE=",
|
||||
"owner": "hall",
|
||||
"repo": "kubenix",
|
||||
"rev": "76b8053b27b062b11f0c9b495050cc55606ac9dc",
|
||||
"rev": "e4d036576436b9983216584a89388af3da995043",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -335,15 +259,15 @@
|
|||
},
|
||||
"lib-aggregate": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_3",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1706443704,
|
||||
"narHash": "sha256-ipRgFuoSFFRUJ/9NL9r0hTwtNpaAvKxDmAUCoyF6kU0=",
|
||||
"lastModified": 1704629345,
|
||||
"narHash": "sha256-cWrno5kSY2cCaWIl97Ae4/iZ9rnMLlm0VrwRqdzIESk=",
|
||||
"owner": "nix-community",
|
||||
"repo": "lib-aggregate",
|
||||
"rev": "9842effaf0eb61c8bca645a5da7230392d76fe1d",
|
||||
"rev": "3e408e7391e9d778f48861bb9da08ac54e01441a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -356,15 +280,15 @@
|
|||
"inputs": {
|
||||
"flake-parts": "flake-parts",
|
||||
"nix-github-actions": "nix-github-actions",
|
||||
"nixpkgs": "nixpkgs_7",
|
||||
"nixpkgs": "nixpkgs_6",
|
||||
"treefmt-nix": "treefmt-nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1705242886,
|
||||
"narHash": "sha256-TLj334vRwFtSym3m+NnKcNCnKKPNoTC/TDZL40vmOso=",
|
||||
"lastModified": 1703466376,
|
||||
"narHash": "sha256-Wy8iF8u5KSzrTxg1hStTBmUjzzKdKyCyMOg8b/eTvVQ=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-eval-jobs",
|
||||
"rev": "6b03a93296faf174b97546fd573c8b379f523a8d",
|
||||
"rev": "64104a3c55593c903af78af86a4c9d2e5487a2d7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -397,7 +321,7 @@
|
|||
},
|
||||
"nixinate": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs_5"
|
||||
"nixpkgs": "nixpkgs_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1688141737,
|
||||
|
@ -436,11 +360,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1706085261,
|
||||
"narHash": "sha256-7PgpHRHyShINcqgevPP1fJ6N8kM5ZSOJnk3QZBrOCQ0=",
|
||||
"lastModified": 1701689616,
|
||||
"narHash": "sha256-ewnfgvRy73HoP5KnYmy1Rcr4m4yShvsb6TCCaKoW8pc=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"rev": "896f6589db5b25023b812bbb6c1f5d3a499b1132",
|
||||
"rev": "246219bc21b943c6f6812bb7744218ba0df08600",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -467,11 +391,11 @@
|
|||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"lastModified": 1706402708,
|
||||
"narHash": "sha256-v6z1V+BwolqR9w0sbRkZ9DnnviMcZdZzPJe+4K4h+d4=",
|
||||
"lastModified": 1704588527,
|
||||
"narHash": "sha256-YECXW8P0bqFM5e65Mu2fL4wZlonNWCuNEk7UQPsuJZ0=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "4833b4eb30dfe3abad5a21775bc5460322c8d337",
|
||||
"rev": "be8e58791dcfa2b98b512c2a1bdf3bd94a38790b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -480,25 +404,9 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1704874635,
|
||||
"narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "3dc440faeee9e889fe2d1b4d25ad0f430d449356",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-23.11",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-wayland": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat_3",
|
||||
"flake-compat": "flake-compat_2",
|
||||
"lib-aggregate": "lib-aggregate",
|
||||
"nix-eval-jobs": "nix-eval-jobs",
|
||||
"nixpkgs": [
|
||||
|
@ -506,11 +414,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1706891763,
|
||||
"narHash": "sha256-BncZdo3M4YW5rI4oZGUT6PHuKnRVfV4NKIB3ZOczOIc=",
|
||||
"lastModified": 1704684968,
|
||||
"narHash": "sha256-h+lSV/cfnfE5//dHefL154mgvaEmTz13ehI7eb/Hph0=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs-wayland",
|
||||
"rev": "ea9f83f5046fb53bff93a81e0a98f6ee50ab21ee",
|
||||
"rev": "17d7827cd61e7e6bdc732c4817ea4da26ab0b47b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -536,22 +444,6 @@
|
|||
}
|
||||
},
|
||||
"nixpkgs_3": {
|
||||
"locked": {
|
||||
"lastModified": 1706812040,
|
||||
"narHash": "sha256-pxgWZApBfqHi4I6Hz7nL/rSt0vGE62HvBwvuVXFXeOk=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "5c5bca5a97c0982ea37a2fcf6d3860349b9f9a35",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixos-unstable-small",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1686488075,
|
||||
"narHash": "sha256-2otSBt2hbeD+5yY25NF3RhWx7l5SDt1aeU3cJ/9My4M=",
|
||||
|
@ -567,7 +459,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_5": {
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1653060744,
|
||||
"narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=",
|
||||
|
@ -583,13 +475,13 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_6": {
|
||||
"nixpkgs_5": {
|
||||
"locked": {
|
||||
"lastModified": 1706683685,
|
||||
"narHash": "sha256-FtPPshEpxH/ewBOsdKBNhlsL2MLEFv1hEnQ19f/bFsQ=",
|
||||
"lastModified": 1704626572,
|
||||
"narHash": "sha256-VwRTEKzK4wSSv64G+g3RLF3t6yBHrhR2VK3kZ5UWisU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "5ad9903c16126a7d949101687af0aa589b1d7d3d",
|
||||
"rev": "24fe8bb4f552ad3926274d29e083b79d84707da6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -599,7 +491,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_7": {
|
||||
"nixpkgs_6": {
|
||||
"locked": {
|
||||
"lastModified": 1703134684,
|
||||
"narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=",
|
||||
|
@ -615,7 +507,7 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_8": {
|
||||
"nixpkgs_7": {
|
||||
"locked": {
|
||||
"lastModified": 1636823747,
|
||||
"narHash": "sha256-oWo1nElRAOZqEf90Yek2ixdHyjD+gqtS/pAgwaQ9UhQ=",
|
||||
|
@ -630,64 +522,20 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"pre-commit-hooks": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"flake-utils": [
|
||||
"kde2nix",
|
||||
"flake-utils"
|
||||
],
|
||||
"gitignore": "gitignore",
|
||||
"nixpkgs": [
|
||||
"kde2nix",
|
||||
"nixpkgs"
|
||||
],
|
||||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1706424699,
|
||||
"narHash": "sha256-Q3RBuOpZNH2eFA1e+IHgZLAOqDD9SKhJ/sszrL8bQD4=",
|
||||
"owner": "cachix",
|
||||
"repo": "pre-commit-hooks.nix",
|
||||
"rev": "7c54e08a689b53c8a1e5d70169f2ec9e2a68ffaf",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "cachix",
|
||||
"repo": "pre-commit-hooks.nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
"alertmanager-ntfy": "alertmanager-ntfy",
|
||||
"home-manager": "home-manager_2",
|
||||
"kde2nix": "kde2nix",
|
||||
"kubenix": "kubenix",
|
||||
"nixinate": "nixinate",
|
||||
"nixos-generators": "nixos-generators",
|
||||
"nixpkgs": "nixpkgs_6",
|
||||
"nixpkgs": "nixpkgs_5",
|
||||
"nixpkgs-wayland": "nixpkgs-wayland",
|
||||
"terranix": "terranix"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_2": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
|
@ -701,7 +549,7 @@
|
|||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"systems_3": {
|
||||
"systems_2": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
|
@ -720,8 +568,8 @@
|
|||
"inputs": {
|
||||
"bats-assert": "bats-assert",
|
||||
"bats-support": "bats-support",
|
||||
"flake-utils": "flake-utils_4",
|
||||
"nixpkgs": "nixpkgs_8",
|
||||
"flake-utils": "flake-utils_3",
|
||||
"nixpkgs": "nixpkgs_7",
|
||||
"terranix-examples": "terranix-examples"
|
||||
},
|
||||
"locked": {
|
||||
|
|
|
@ -5,7 +5,6 @@
|
|||
terranix.url = "github:terranix/terranix";
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||
nixinate.url = "github:matthewcroughan/nixinate";
|
||||
kde2nix.url = "github:nix-community/kde2nix";
|
||||
nixpkgs-wayland = {
|
||||
url = "github:nix-community/nixpkgs-wayland";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
@ -22,7 +21,7 @@
|
|||
kubenix.url = "github:hall/kubenix";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix, alertmanager-ntfy, nixpkgs-wayland, kubenix, kde2nix }@inputs:
|
||||
outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix, alertmanager-ntfy, nixpkgs-wayland, kubenix }@inputs:
|
||||
let
|
||||
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||||
tf = terranix.lib.terranixConfiguration {
|
||||
|
@ -106,7 +105,6 @@
|
|||
london = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
kde2nix.nixosModules.plasma6
|
||||
(import ./nix/london/configuration.nix)
|
||||
home-manager.nixosModules.home-manager
|
||||
{
|
||||
|
@ -121,12 +119,10 @@
|
|||
trusted-public-keys = [
|
||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||
"nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
|
||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||
];
|
||||
substituters = [
|
||||
"https://cache.nixos.org"
|
||||
"https://nixpkgs-wayland.cachix.org"
|
||||
"https://nix-community.cachix.org"
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
image:
|
||||
tag: 2023.10.6
|
||||
tag: 2023.10.5
|
||||
|
||||
authentik:
|
||||
error_reporting:
|
||||
|
|
|
@ -1,97 +0,0 @@
|
|||
let
|
||||
appName = "conduwuit";
|
||||
conduwuit-Image = "git.gmem.ca/arch/conduwuit:latest";
|
||||
in
|
||||
{ ... }: {
|
||||
kubernetes.resources.services.conduwuit = {
|
||||
spec = {
|
||||
selector.app = appName;
|
||||
ports.http = {
|
||||
port = 6167;
|
||||
targetPort = 6167;
|
||||
};
|
||||
};
|
||||
};
|
||||
kubernetes.resources.statefulSets.conduwuit.spec = {
|
||||
selector.matchLabels.app = appName;
|
||||
serviceName = appName;
|
||||
template = {
|
||||
metadata.labels.app = appName;
|
||||
spec = {
|
||||
volumes = {
|
||||
config.configMap.name = appName;
|
||||
};
|
||||
containers = {
|
||||
conduwuit = {
|
||||
image = conduwuit-Image;
|
||||
imagePullPolicy = "Always";
|
||||
ports.http.containerPort = 6167;
|
||||
volumeMounts = [
|
||||
{ name = "data"; mountPath = "/var/lib/matrix-conduit"; }
|
||||
{ name = "config"; mountPath = "/etc/matrix-conduit/conduit.toml";
|
||||
subPath = "conduit.toml"; }
|
||||
];
|
||||
env.CONDUIT_CONFIG.value = "/etc/matrix-conduit/conduit.toml";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
volumeClaimTemplates = [
|
||||
{ metadata.name = "data";
|
||||
spec = {
|
||||
storageClassName = "nfs-client";
|
||||
accessModes = [ "ReadWriteOnce" ];
|
||||
resources.requests.storage = "5Gi";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
kubernetes.resources.ingresses.conduwuit = {
|
||||
metadata = {
|
||||
name = appName;
|
||||
annotations = {
|
||||
"cert-manager.io/issuer" = "le-issuer";
|
||||
};
|
||||
};
|
||||
spec = {
|
||||
tls = [ { hosts = [ "chat.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
|
||||
rules = [
|
||||
{
|
||||
host = "chat.gmem.ca";
|
||||
http.paths = [
|
||||
{ path = "/"; pathType = "Prefix";
|
||||
backend.service = {
|
||||
name = appName;
|
||||
port.name = "http"; };
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
kubernetes.resources.configMaps.conduwuit = {
|
||||
metadata = {
|
||||
name = appName;
|
||||
annotations = {
|
||||
"cert-manager.io/issuer" = "le-issuer";
|
||||
};
|
||||
};
|
||||
data."conduit.toml" =
|
||||
''
|
||||
[global]
|
||||
# The Conduit server needs all /_matrix/ requests to be reachable at
|
||||
# https://your.server.name/ on port 443 (client-server) and 8448 (federation).
|
||||
server_name = "gmem.ca"
|
||||
|
||||
# This is the only directory where Conduit will save its data
|
||||
database_path = "/var/lib/matrix-conduit/"
|
||||
database_backend = "rocksdb"
|
||||
port = 6167
|
||||
max_request_size = 20_000_000 # in bytes
|
||||
allow_federation = true
|
||||
allow_check_for_updates = false
|
||||
trusted_servers = ["matrix.org"]
|
||||
address = "0.0.0.0"
|
||||
'';
|
||||
};
|
||||
}
|
|
@ -12,18 +12,6 @@ let
|
|||
port = 8080;
|
||||
protocol = "HTTP";
|
||||
};
|
||||
"tokyo" = {
|
||||
location = "192.168.50.124";
|
||||
host = "tokyo.gmem.ca";
|
||||
port = 8000;
|
||||
protocol = "HTTP";
|
||||
};
|
||||
"ibiza" = {
|
||||
location = "192.168.50.182";
|
||||
host = "ibiza.gmem.ca";
|
||||
port = 8000;
|
||||
protocol = "HTTP";
|
||||
};
|
||||
};
|
||||
in {
|
||||
kubernetes.resources.services = builtins.mapAttrs (name: endpoint: {
|
||||
|
@ -42,7 +30,6 @@ in {
|
|||
}) endpoints;
|
||||
kubernetes.resources.ingresses = builtins.mapAttrs (name: endpoint: {
|
||||
metadata = { name = name; annotations = {
|
||||
"nginx.ingress.kubernetes.io/proxy-body-size" = "10g";
|
||||
"cert-manager.io/issuer" = "le-issuer";
|
||||
"nginx.ingress.kubernetes.io/backend-protocol" = endpoint.protocol;
|
||||
}; };
|
||||
|
|
123
homelab/irc.nix
123
homelab/irc.nix
|
@ -1,123 +0,0 @@
|
|||
let
|
||||
appName = "soju";
|
||||
sojuImage = "git.gmem.ca/arch/soju:latest";
|
||||
gamjaImage = "git.gmem.ca/arch/gamja:latest";
|
||||
in
|
||||
{
|
||||
kubernetes.resources.services.soju = {
|
||||
spec = {
|
||||
type = "NodePort";
|
||||
selector.app = appName;
|
||||
ports.tls = {
|
||||
port = 6697;
|
||||
targetPort = 6697;
|
||||
};
|
||||
};
|
||||
};
|
||||
kubernetes.resources.services.soju-ws = {
|
||||
spec = {
|
||||
selector.app = appName;
|
||||
ports.ws = {
|
||||
port = 80;
|
||||
targetPort = 80;
|
||||
};
|
||||
};
|
||||
};
|
||||
kubernetes.resources.services.gamja = {
|
||||
spec = {
|
||||
selector.app = "gamja";
|
||||
ports.http = {
|
||||
port = 80;
|
||||
targetPort = 80;
|
||||
};
|
||||
};
|
||||
};
|
||||
kubernetes.resources.deployments.soju.spec = {
|
||||
selector.matchLabels.app = appName;
|
||||
template = {
|
||||
metadata.labels.app = appName;
|
||||
spec = {
|
||||
volumes = {
|
||||
config.configMap.name = "soju";
|
||||
ssl.secret.secretName = "gmem-ca-wildcard";
|
||||
};
|
||||
containers = {
|
||||
soju = {
|
||||
image = sojuImage;
|
||||
imagePullPolicy = "Always";
|
||||
volumeMounts = [ { name = "config"; mountPath = "/etc/soju/config"; subPath = "config"; }
|
||||
{ name = "ssl"; mountPath = "/ssl"; } ];
|
||||
ports.tls.containerPort = 6697;
|
||||
ports.ws.containerPort = 80;
|
||||
|
||||
env.PGHOST.valueFrom.secretKeyRef = {
|
||||
name = "hippo-pguser-soju";
|
||||
key = "host";
|
||||
};
|
||||
env.PGPASSWORD.valueFrom.secretKeyRef = {
|
||||
name = "hippo-pguser-soju";
|
||||
key = "password";
|
||||
};
|
||||
env.PGUSER.valueFrom.secretKeyRef = {
|
||||
name = "hippo-pguser-soju";
|
||||
key = "user";
|
||||
};
|
||||
env.PGDATABASE.valueFrom.secretKeyRef = {
|
||||
name = "hippo-pguser-soju";
|
||||
key = "dbname";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
kubernetes.resources.deployments.gamja.spec = {
|
||||
selector.matchLabels.app = "gamja";
|
||||
template = {
|
||||
metadata.labels.app = "gamja";
|
||||
spec = {
|
||||
containers = {
|
||||
gamja = {
|
||||
image = gamjaImage;
|
||||
imagePullPolicy = "Always";
|
||||
ports.http.containerPort = 80;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
kubernetes.resources.ingresses.irc = {
|
||||
metadata.annotations = {
|
||||
"cert-manager.io/issuer" = "le-issuer";
|
||||
};
|
||||
spec = {
|
||||
tls = [ { hosts = [ "irc.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
|
||||
rules = [ { host = "irc.gmem.ca"; http.paths = [
|
||||
{ path = "/"; pathType = "Prefix";
|
||||
backend.service = {
|
||||
name = "gamja";
|
||||
port.number = 80;
|
||||
};
|
||||
}
|
||||
{ path = "/socket"; pathType = "Prefix";
|
||||
backend.service = {
|
||||
name = "soju-ws";
|
||||
port.number = 80;
|
||||
};
|
||||
}
|
||||
];}];
|
||||
};
|
||||
};
|
||||
|
||||
kubernetes.resources.configMaps.soju.data.config = ''
|
||||
listen ircs://
|
||||
listen unix+admin:///app/admin
|
||||
listen ws+insecure://
|
||||
hostname irc.gmem.ca
|
||||
title irc.gmem.ca
|
||||
db postgres "dbname=soju"
|
||||
message-store db
|
||||
tls /ssl/tls.crt /ssl/tls.key
|
||||
'';
|
||||
}
|
|
@ -10,9 +10,5 @@
|
|||
(import ./homepage.nix)
|
||||
(import ./pterodactyl.nix)
|
||||
(import ./cloudflare-exporter.nix)
|
||||
(import ./piped.nix)
|
||||
(import ./conduit.nix)
|
||||
(import ./irc.nix)
|
||||
(import ./netboot.nix)
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,97 +0,0 @@
|
|||
let
|
||||
appName = "netbootxyz";
|
||||
netbootxyzImage = "ghcr.io/netbootxyz/netbootxyz";
|
||||
in
|
||||
{
|
||||
kubernetes.resources.services.netbootxyz = {
|
||||
spec = {
|
||||
selector.app = appName;
|
||||
ports.http = {
|
||||
port = 80;
|
||||
targetPort = 80;
|
||||
};
|
||||
ports.interface = {
|
||||
port = 3000;
|
||||
targetPort = 3000;
|
||||
};
|
||||
};
|
||||
};
|
||||
kubernetes.resources.services.netbootxyz-tftp = {
|
||||
spec = {
|
||||
externalTrafficPolicy = "Local";
|
||||
sessionAffinity = "None";
|
||||
type = "NodePort";
|
||||
selector.app = appName;
|
||||
ports.tftp = {
|
||||
port = 69;
|
||||
protocol = "UDP";
|
||||
targetPort = 69;
|
||||
};
|
||||
};
|
||||
};
|
||||
kubernetes.resources.deployments.netbootxyz.spec = {
|
||||
selector.matchLabels.app = appName;
|
||||
template = {
|
||||
metadata.labels.app = appName;
|
||||
spec = {
|
||||
volumes = [
|
||||
{ name = "config"; persistentVolumeClaim.claimName = "netbootxyz-config"; }
|
||||
{ name = "assets"; persistentVolumeClaim.claimName = "netbootxyz-assets"; }
|
||||
];
|
||||
containers = {
|
||||
netbootxyz = {
|
||||
image = netbootxyzImage;
|
||||
imagePullPolicy = "Always";
|
||||
volumeMounts = [
|
||||
{ mountPath = "/config"; name = "config"; }
|
||||
{ mountPath = "/assets"; name = "assets"; }
|
||||
];
|
||||
env.SUBFOLDER.value = "/ui/";
|
||||
ports.http.containerPort = 80;
|
||||
ports.interface.containerPort = 3000;
|
||||
ports.tftp = {
|
||||
containerPort = 69;
|
||||
protocol = "UDP";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
kubernetes.resources.persistentVolumeClaims.netbootxyz-config.spec = {
|
||||
resources.requests.storage = "1Gi";
|
||||
volumeMode = "Filesystem";
|
||||
accessModes = [ "ReadWriteMany" ];
|
||||
};
|
||||
kubernetes.resources.persistentVolumeClaims.netbootxyz-assets.spec = {
|
||||
resources.requests.storage = "10Gi";
|
||||
volumeMode = "Filesystem";
|
||||
accessModes = [ "ReadWriteMany" ];
|
||||
};
|
||||
|
||||
kubernetes.resources.ingresses.netbootxyz = {
|
||||
metadata.annotations = {
|
||||
"cert-manager.io/issuer" = "le-issuer";
|
||||
"nginx.ingress.kubernetes.io/ssl-redirect" = "false";
|
||||
};
|
||||
spec = {
|
||||
tls = [ { hosts = [ "netboot.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
|
||||
rules = [ { host = "netboot.gmem.ca"; http.paths = [
|
||||
{ path = "/ui"; pathType = "Prefix";
|
||||
backend.service = {
|
||||
name = "netbootxyz";
|
||||
port.number = 3000;
|
||||
};
|
||||
}
|
||||
{ path = "/"; pathType = "Prefix";
|
||||
backend.service = {
|
||||
name = "netbootxyz";
|
||||
port.number = 80;
|
||||
};
|
||||
}
|
||||
];}];
|
||||
};
|
||||
};
|
||||
|
||||
}
|
|
@ -1,69 +0,0 @@
|
|||
{ lib, config, kubenix, ... }: {
|
||||
kubernetes.helm.releases.piped = {
|
||||
namespace = "default";
|
||||
chart = kubenix.lib.helm.fetch {
|
||||
repo = "https://helm.piped.video";
|
||||
chart = "piped";
|
||||
version = "5.0.0";
|
||||
sha256 = "wfw0e37q52VW+bUMBmXILwUM0F1O1cH7Jk+6tmLAcS8=";
|
||||
};
|
||||
values = {
|
||||
postgresql.enabled = false;
|
||||
backend.config = {
|
||||
FRONTEND_URL = "https://piped.gmem.ca";
|
||||
API_URL = "https://pipedapi.gmem.ca";
|
||||
PROXY_PART = "https://ytproxy.gmem.ca";
|
||||
database.connection_url = "jdbc:postgresql://hippo-primary.default.svc:5432/piped";
|
||||
database.secret = {
|
||||
name = "hippo-pguser-piped";
|
||||
username = "user";
|
||||
password = "password";
|
||||
};
|
||||
};
|
||||
fontend.env.BACKEND_HOSTNAME= "pipedapi.gmem.ca";
|
||||
ingress = {
|
||||
main = {
|
||||
tls = [ { hosts = [ "piped.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
|
||||
hosts = [
|
||||
{ host = "piped.gmem.ca"; paths = [ { path = "/"; } ]; }
|
||||
];
|
||||
};
|
||||
backend = {
|
||||
tls = [ { hosts = [ "pipedapi.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
|
||||
hosts = [
|
||||
{ host = "pipedapi.gmem.ca"; paths = [ { path = "/"; } ]; }
|
||||
];
|
||||
};
|
||||
ytproxy = {
|
||||
tls = [ { hosts = [ "ytproxy.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
|
||||
hosts = [
|
||||
{ host = "ytproxy.gmem.ca"; paths = [ { path = "/"; } ]; }
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
kubernetes.resources.cronJobs.piped-refresh.spec = {
|
||||
schedule = "*/5 * * * *";
|
||||
jobTemplate.spec.template.spec = {
|
||||
restartPolicy = "Never";
|
||||
containers.refresh-subscriptions = {
|
||||
image = "alpine:3.15";
|
||||
envFrom = [ { secretRef.name = "hippo-pguser-piped"; } ];
|
||||
command = [
|
||||
"/bin/ash"
|
||||
"-c"
|
||||
''
|
||||
apk --no-cache add postgresql-client curl &&
|
||||
export PGPASSWORD=$password &&
|
||||
export subs=$(psql -U piped -h hippo-primary.default.svc -qtAX -c 'select id from public.pubsub;') &&
|
||||
while IFS= read -r line; do
|
||||
curl -k "https://pipedapi.gmem.ca/channel/$line" > /dev/null
|
||||
done < <(printf '%s' "$subs")
|
||||
''
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -3,7 +3,7 @@ kind: PostgresCluster
|
|||
metadata:
|
||||
name: hippo
|
||||
spec:
|
||||
image: git.gmem.ca/arch/custom-postgres@sha256:539194fc6c290445477b229bb7b792785b67619894bcfd7483e5bdb62eaa0658
|
||||
image: git.gmem.ca/arch/custom-postgres@sha256:e8e4b522b6912cb56924695bf6cf233d6162b3eafecf4d7abd050ebbfe83b0ac
|
||||
postgresVersion: 15
|
||||
databaseInitSQL:
|
||||
key: init.sql
|
||||
|
@ -24,6 +24,12 @@ spec:
|
|||
shared_preload_libraries: vectors
|
||||
backups:
|
||||
pgbackrest:
|
||||
restore:
|
||||
enabled: true
|
||||
repoName: repo1
|
||||
options:
|
||||
- --type=time
|
||||
- --target="2023-12-16 00:00:00-00"
|
||||
manual:
|
||||
repoName: repo1
|
||||
options:
|
||||
|
@ -59,12 +65,6 @@ spec:
|
|||
- name: pterodactyl
|
||||
databases:
|
||||
- pterodactyl
|
||||
- name: piped
|
||||
databases:
|
||||
- piped
|
||||
- name: soju
|
||||
databases:
|
||||
- soju
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
|
@ -79,10 +79,6 @@ data:
|
|||
CREATE EXTENSION vectors;
|
||||
\c pterodactyl
|
||||
GRANT CREATE ON SCHEMA public TO "pterodactyl";
|
||||
\c piped
|
||||
GRANT CREATE ON SCHEMA public TO "piped";
|
||||
\c soju
|
||||
GRANT CREATE ON SCHEMA public TO "soju";
|
||||
---
|
||||
apiVersion: monitoring.coreos.com/v1
|
||||
kind: PodMonitor
|
||||
|
|
|
@ -4,26 +4,13 @@ ARG TARGETARCH
|
|||
|
||||
USER root
|
||||
|
||||
RUN microdnf install wget binutils
|
||||
|
||||
RUN /bin/sh -c 'set -ex && \
|
||||
ARCH=`uname -m` && \
|
||||
if [ "$ARCH" == "x86_64" ]; then \
|
||||
echo "x86_64" && \
|
||||
wget -O vectors.deb https://github.com/tensorchord/pgvecto.rs/releases/download/v0.1.13/vectors-pg15_0.1.13_amd64.deb; \
|
||||
elif [ "$ARCH" == "aarch64" ]; then \
|
||||
echo "arm64" && \
|
||||
wget -O vectors.deb https://github.com/tensorchord/pgvecto.rs/releases/download/v0.1.13/vectors-pg15_0.1.13_arm64.deb; \
|
||||
else \
|
||||
echo "unknown arch" && \
|
||||
exit 1; \
|
||||
fi'
|
||||
|
||||
RUN ar x vectors.deb && \
|
||||
RUN microdnf install wget binutils && \
|
||||
wget https://github.com/tensorchord/pgvecto.rs/releases/download/v0.1.11/vectors-pg15-v0.1.11-aarch64-unknown-linux-gnu.deb && \
|
||||
ar x vectors-pg15-v0.1.11-aarch64-unknown-linux-gnu.deb && \
|
||||
tar xvf data.tar.gz && \
|
||||
mv ./usr/lib/postgresql/15/lib/* /usr/pgsql-15/lib/ && \
|
||||
mv ./usr/share/postgresql/15/extension/* /usr/pgsql-15/share/extension && \
|
||||
microdnf clean all && \
|
||||
rm vectors.deb control.tar.gz data.tar.gz
|
||||
rm vectors-pg15-v0.1.11-aarch64-unknown-linux-gnu.deb control.tar.gz data.tar.gz
|
||||
|
||||
USER 26
|
|
@ -18,15 +18,22 @@ in
|
|||
template = {
|
||||
metadata.labels.app = appName;
|
||||
spec = {
|
||||
volumes = {
|
||||
secret.secret.secretName = "pterodactyl";
|
||||
};
|
||||
containers = {
|
||||
pterodactyl-panel = {
|
||||
image = pterodactyl-panel-Image;
|
||||
imagePullPolicy = "Always";
|
||||
ports.http.containerPort = 8080;
|
||||
lifecycle.postStart.exec.command = [
|
||||
"/bin/sh" "-c"
|
||||
"cp /var/secret/pterodactyl.env /var/www/pterodactyl/.env"
|
||||
];
|
||||
volumeMounts = [
|
||||
{ name = "secret"; mountPath = "/var/secret"; }
|
||||
{ name = "data"; mountPath = "/var/www/pterodactyl/storage/app"; }
|
||||
];
|
||||
envFrom = [ { secretRef.name = "pterodactyl"; } ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -24,11 +24,8 @@
|
|||
};
|
||||
|
||||
time.hardwareClockInLocalTime = true;
|
||||
hardware = {
|
||||
cpu.amd.updateMicrocode = true;
|
||||
bluetooth.enable = true;
|
||||
bluetooth.powerOnBoot = true;
|
||||
};
|
||||
hardware.cpu.amd.updateMicrocode = true;
|
||||
|
||||
nix = {
|
||||
settings = {
|
||||
experimental-features = [ "nix-command" "flakes" ];
|
||||
|
@ -50,8 +47,8 @@
|
|||
enable = true;
|
||||
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
|
||||
allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
|
||||
allowedTCPPorts = [ 7000 7100 7001 22000 8000 3000 9943 9944 ];
|
||||
allowedUDPPorts = [ 69 6000 6001 7011 41641 3478 22000 21027 9943 9944 ];
|
||||
allowedTCPPorts = [ 7000 7100 22000 8000 3000 ];
|
||||
allowedUDPPorts = [ 6000 6001 7011 41641 3478 22000 21027 ];
|
||||
trustedInterfaces = [ "enp4s0" "tailscale0" "docker0" ];
|
||||
checkReversePath = "loose";
|
||||
};
|
||||
|
@ -115,13 +112,10 @@
|
|||
pcscd.enable = true;
|
||||
mullvad-vpn.enable = true;
|
||||
xserver = {
|
||||
xkb.layout = "us";
|
||||
xkb.variant = "";
|
||||
layout = "us";
|
||||
xkbVariant = "";
|
||||
enable = true;
|
||||
desktopManager = {
|
||||
# plasma5.enable = true;
|
||||
plasma6.enable = true;
|
||||
};
|
||||
desktopManager.plasma5.enable = true;
|
||||
displayManager.sddm.enable = true;
|
||||
};
|
||||
pipewire = {
|
||||
|
@ -136,14 +130,12 @@
|
|||
drivers = [ pkgs.gutenprint pkgs.gutenprintBin ];
|
||||
};
|
||||
avahi = {
|
||||
nssmdns4 = true;
|
||||
nssmdns = true;
|
||||
enable = true;
|
||||
publish = {
|
||||
enable = true;
|
||||
userServices = true;
|
||||
domain = true;
|
||||
workstation = true;
|
||||
hinfo = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -177,7 +169,6 @@
|
|||
fish.enable = true;
|
||||
nix-ld.enable = true;
|
||||
dconf.enable = true;
|
||||
kdeconnect.enable = true;
|
||||
steam = {
|
||||
enable = true;
|
||||
remotePlay.openFirewall = true;
|
||||
|
@ -185,13 +176,13 @@
|
|||
};
|
||||
gnupg.agent = {
|
||||
enable = true;
|
||||
pinentryFlavor = "qt";
|
||||
pinentryFlavor = "gnome3";
|
||||
enableSSHSupport = false;
|
||||
};
|
||||
};
|
||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||
users.users.gsimmer = {
|
||||
shell = pkgs.fish;
|
||||
shell = pkgs.nushell;
|
||||
isNormalUser = true;
|
||||
description = "Gabriel Simmer";
|
||||
extraGroups = [ "networkmanager" "wheel" "libvirtd" "qemu-libvirtd" "docker" ];
|
||||
|
@ -223,7 +214,6 @@
|
|||
enableDefaultPackages = true;
|
||||
};
|
||||
|
||||
systemd.packages = with pkgs; [ cloudflare-warp ];
|
||||
environment = {
|
||||
shells = with pkgs; [ zsh fish ];
|
||||
systemPackages = with pkgs; [
|
||||
|
@ -247,8 +237,6 @@
|
|||
libnotify
|
||||
emojione
|
||||
swtpm
|
||||
cloudflare-warp
|
||||
pcscliteWithPolkit.out
|
||||
];
|
||||
};
|
||||
|
||||
|
@ -258,21 +246,12 @@
|
|||
oxygen
|
||||
khelpcenter
|
||||
konsole
|
||||
plasma-browser-integration
|
||||
print-manager
|
||||
];
|
||||
|
||||
security = {
|
||||
polkit = {
|
||||
enable = true;
|
||||
extraConfig = ''
|
||||
polkit.addRule(function(action, subject) {
|
||||
if (action.id == "org.debian.pcsc-lite.access_pcsc" &&
|
||||
subject.isInGroup("wheel")) {
|
||||
return polkit.Result.YES;
|
||||
}
|
||||
});
|
||||
'';
|
||||
};
|
||||
polkit.enable = true;
|
||||
rtkit.enable = true;
|
||||
};
|
||||
system.stateVersion = "23.05"; # Did you read the comment?
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
[
|
||||
(import (builtins.fetchTarball {
|
||||
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
|
||||
sha256 = "1nglxrfynyjmqfzz81y4idc40c6rbsaa4jb4ishiwibdkh85nyf6";
|
||||
sha256 = "0nr8bpglvhjjkyh6xf091gb8nwqn66spycmhhzvkh5smahxpjw0n";
|
||||
})) discordOverlay];
|
||||
};
|
||||
home = {
|
||||
|
@ -39,13 +39,18 @@
|
|||
programs = {
|
||||
bash.enable = false;
|
||||
fish = {
|
||||
enable = true;
|
||||
enable = false;
|
||||
interactiveShellInit = ''
|
||||
set fish_greeting
|
||||
atuin init fish | source
|
||||
'';
|
||||
};
|
||||
|
||||
nushell = {
|
||||
enable = true;
|
||||
extraConfig = (builtins.readFile ./config.nu);
|
||||
};
|
||||
|
||||
direnv = {
|
||||
enable = true;
|
||||
nix-direnv.enable = true;
|
||||
|
@ -118,7 +123,7 @@
|
|||
discord
|
||||
mangohud
|
||||
comma
|
||||
transmission_4-qt
|
||||
looking-glass-client
|
||||
];
|
||||
|
||||
# This value determines the Home Manager release that your
|
||||
|
|
|
@ -348,7 +348,6 @@
|
|||
tokenFile = config.age.secrets.action-token.path;
|
||||
settings = {
|
||||
cache.port = 4328;
|
||||
container.network = "podman3";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -34,12 +34,12 @@
|
|||
firewall = {
|
||||
trustedInterfaces = ["tailscale0"];
|
||||
checkReversePath = "loose";
|
||||
allowedTCPPorts = [ 80 443 1935 ];
|
||||
allowedTCPPorts = [ 80 443 ];
|
||||
allowedUDPPortRanges = [
|
||||
{ from = 4000; to = 4007; }
|
||||
{ from = 8000; to = 8010; }
|
||||
];
|
||||
allowedUDPPorts = [ 41641 1935 ];
|
||||
allowedUDPPorts = [ 41641 ];
|
||||
enable = true;
|
||||
};
|
||||
nftables.enable = true;
|
||||
|
@ -77,7 +77,6 @@
|
|||
openFirewall = false;
|
||||
};
|
||||
nginx = {
|
||||
additionalModules = [ pkgs.nginxModules.rtmp ];
|
||||
enable = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedGzipSettings = true;
|
||||
|
@ -101,29 +100,6 @@
|
|||
};
|
||||
};
|
||||
};
|
||||
|
||||
appendConfig = ''
|
||||
rtmp {
|
||||
server {
|
||||
listen 1936;
|
||||
chunk_size 4096;
|
||||
application live {
|
||||
live on;
|
||||
allow publish 127.0.0.1;
|
||||
allow publish 100.110.180.123;
|
||||
allow publish fd7a:115c:a1e0::246e:b47b;
|
||||
deny publish all;
|
||||
allow play all;
|
||||
|
||||
record off;
|
||||
hls on;
|
||||
hls_path /tmp/hls;
|
||||
dash on;
|
||||
dash_path /tmp/dash;
|
||||
}
|
||||
}
|
||||
}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -90,7 +90,7 @@
|
|||
enable = true;
|
||||
role = "server";
|
||||
extraFlags = toString [
|
||||
"--secrets-encryption --disable=traefik,servicelb --kube-apiserver-arg service-node-port-range=69-32767"
|
||||
"--secrets-encryption --disable=traefik,servicelb"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue