arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

Compare commits

base: arch:0d3dda6646db38b501866eef0b6faed66af8dfa6
Branches Tags
arch:trunk
arch:woodpecker-ci
...
compare: arch:6a02df9e1f31ce3819dc1953c33cf1eec427f5d5
Branches Tags
arch:trunk
arch:woodpecker-ci

9 commits
0d3dda6646 ... 6a02df9e1f

Author SHA1 Message Date
Gabriel Simmer 6a02df9e1f
update flake.lock
All checks were successful
Lint / lint (push) Successful in 22s
Details
2023-12-08 23:44:49 +00:00
Gabriel Simmer d9d9da4bf7
homepage formatting 2023-12-08 23:44:26 +00:00
Gabriel Simmer 42dc3dafad
Add overseerr to kubernetes.nix 2023-12-08 23:44:09 +00:00
Gabriel Simmer c0dddf0cb9
Proper backing up for postgres cluster 2023-12-08 23:43:56 +00:00
Gabriel Simmer 7dfc818b6c
London update 
New hardware, use systemd-boot, remove vfio bits, xfs fs
 2023-12-08 23:43:18 +00:00
Gabriel Simmer cd5536c15a
Monitoring for proxmox 2023-12-08 23:42:59 +00:00
Gabriel Simmer fdde3dbbbb
various nas updates 
correct backup paths, update flood ip, remove libvirtd
 2023-12-08 23:42:33 +00:00
Gabriel Simmer a3780cae33
Remove coder from gitea runner, ssh keys 2023-12-08 23:41:29 +00:00
Gabriel Simmer 91ae8b665f
Move overseerr to pi cluster 2023-12-08 23:41:16 +00:00
13 changed files with 227 additions and 189 deletions
Show stats Expand all files Collapse all files

76
flake.lock
View file

@ -134,11 +134,11 @@
]
},
"locked": {
"lastModified": 1698882062,
"narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=",
"lastModified": 1701473968,
"narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8c9fa2545007b49a5db5f650ae91f227672c3877",
"rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
"type": "github"
},
"original": {
@ -167,11 +167,11 @@
"systems": "systems_2"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"lastModified": 1701680307,
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github"
},
"original": {
@ -223,11 +223,11 @@
]
},
"locked": {
"lastModified": 1699663185,
"narHash": "sha256-hI3CZPINBWstkMN+ptyzWibw5eRtFCiEvO7zR61bGBs=",
"lastModified": 1701728041,
"narHash": "sha256-x0pyrI1vC8evVDxCxyO6olOyr4wlFg9+VS3C3p4xFYQ=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "691cbcc03af6ad1b5384c0e0e0b5f2298f58c5ce",
"rev": "ac7216918cd65f3824ba7817dea8f22e61221eaf",
"type": "github"
},
"original": {
@ -244,11 +244,11 @@
"treefmt": "treefmt"
},
"locked": {
"lastModified": 1699581775,
"lastModified": 1700116223,
"narHash": "sha256-Pld/UXlBcIDnQMY0JkDzChJkbof/zEcRkaiXtzvArEE=",
"owner": "hall",
"repo": "kubenix",
"rev": "fceda8451461ee5e623815414f76885df77b7217",
"rev": "e4d036576436b9983216584a89388af3da995043",
"type": "github"
},
"original": {
@ -263,11 +263,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1699186103,
"narHash": "sha256-B13wpM9/sLYBO2TjxFYLhPUD9v3LVFVOmH12pGB3E0w=",
"lastModified": 1701901779,
"narHash": "sha256-niromWK2vW1p/pzbsMjpBq2wi/yR1UgYXplvIG2EoI4=",
"owner": "nix-community",
"repo": "lib-aggregate",
"rev": "99ff947f29d9c89fe26072b1927e594ee45ccda0",
"rev": "967acb55282cb9fa9c3c91d4ca91c92b7befc7bb",
"type": "github"
},
"original": {
@ -284,11 +284,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1699261003,
"narHash": "sha256-wkOVJ2wkPpTYqipDF693bEAUQ838xjloUcs6WNsTMlw=",
"lastModified": 1701852992,
"narHash": "sha256-9k+nGxwpxuyocsvitsx1Y2SGI/FScVzXjLyGsVjE/wo=",
"owner": "nix-community",
"repo": "nix-eval-jobs",
"rev": "2b55f473c960d38a40678d9831fc1dcb87615a98",
"rev": "0f8e80f29287a7c01144603fb0030fdd7216dd98",
"type": "github"
},
"original": {
@ -306,11 +306,11 @@
]
},
"locked": {
"lastModified": 1698974481,
"narHash": "sha256-yPncV9Ohdz1zPZxYHQf47S8S0VrnhV7nNhCawY46hDA=",
"lastModified": 1701208414,
"narHash": "sha256-xrQ0FyhwTZK6BwKhahIkUVZhMNk21IEI1nUcWSONtpo=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "4bb5e752616262457bc7ca5882192a564c0472d2",
"rev": "93e39cc1a087d65bcf7a132e75a650c44dd2b734",
"type": "github"
},
"original": {
@ -360,11 +360,11 @@
]
},
"locked": {
"lastModified": 1696058303,
"narHash": "sha256-eNqKWpF5zG0SrgbbtljFOrRgFgRzCc4++TMFADBMLnc=",
"lastModified": 1701689616,
"narHash": "sha256-ewnfgvRy73HoP5KnYmy1Rcr4m4yShvsb6TCCaKoW8pc=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "150f38bd1e09e20987feacb1b0d5991357532fb5",
"rev": "246219bc21b943c6f6812bb7744218ba0df08600",
"type": "github"
},
"original": {
@ -391,11 +391,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1699145078,
"narHash": "sha256-OO1b3jiMUGjafD2ErkbTPVgUlhmyWo2Z5i0k2kD1ViU=",
"lastModified": 1701564385,
"narHash": "sha256-um5ce7hnsQ8Do+oKf90zGKVmEqufr4Q6T8zfY9Hon38=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "174d7dc67189bc4a53f1bffb4fb9d0f13b79cd3c",
"rev": "152c00fc19bc45af5dd65bd41d1d020c2ba0b4ca",
"type": "github"
},
"original": {
@ -414,11 +414,11 @@
]
},
"locked": {
"lastModified": 1699629370,
"narHash": "sha256-HwoRInCXXdEUcfXEnlWb7v4nuQLUo5dT9ZWTb2C1Vik=",
"lastModified": 1701902161,
"narHash": "sha256-xi5JKgNaNl5XG/tstZ+bA3KpgB+qSGasJinSJP37PBg=",
"owner": "nix-community",
"repo": "nixpkgs-wayland",
"rev": "62a9b65dfb8c182530887d567a7c796fe2bb514e",
"rev": "916f946eb68f5ee3528c628752bd2e85366d8886",
"type": "github"
},
"original": {
@ -477,11 +477,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1699343069,
"narHash": "sha256-s7BBhyLA6MI6FuJgs4F/SgpntHBzz40/qV0xLPW6A1Q=",
"lastModified": 1701693815,
"narHash": "sha256-7BkrXykVWfkn6+c1EhFA3ko4MLi3gVG0p9G96PNnKTM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ec750fd01963ab6b20ee1f0cb488754e8036d89d",
"rev": "09ec6a0881e1a36c29d67497693a67a16f4da573",
"type": "github"
},
"original": {
@ -493,11 +493,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1699236715,
"narHash": "sha256-oel+a6B5mBO7vA1A/I9A9VTK2jW5shnYAuu08RYhmxQ=",
"lastModified": 1701847270,
"narHash": "sha256-ttPWHy1NZwJzSzY7OmofFNyrm9kWc+RFFHpJGeQ4kWw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0d93ec62e06faec6c52331a8a87bd5721b38ce14",
"rev": "9ed8ade77aef706a03d8cc3a5ad4f60848ac59a7",
"type": "github"
},
"original": {
@ -631,11 +631,11 @@
]
},
"locked": {
"lastModified": 1698438538,
"narHash": "sha256-AWxaKTDL3MtxaVTVU5lYBvSnlspOS0Fjt8GxBgnU0Do=",
"lastModified": 1701682826,
"narHash": "sha256-2lxeTUGs8Jzz/wjLgWYmZoXn60BYNRMzwHFtxNFUDLU=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "5deb8dc125a9f83b65ca86cf0c8167c46593e0b1",
"rev": "affe7fc3f5790e1d0b5ba51bcff0f7ebe465e92d",
"type": "github"
},
"original": {

84
homelab/homepage.nix
View file

@ -77,33 +77,7 @@
}
];
}
{
Reading = [
{ FreshRSS = {
icon = "freshrss.png";
href = "https://freshrss.gmem.ca";
description = "FreshRSS RSS Reader";
widget = {
type = "freshrss";
url = "https://freshrss.gmem.ca";
username = "arch";
password = "{{HOMEPAGE_VAR_FRESHRSS_PASSWORD}}";
};
};
}
{ "Lobste.rs" = {
href = "https://lobste.rs";
description = "News aggregator";
};
}
{ "Hacker News" = {
href = "https://news.ycombinator.com";
description = "VC news aggregator";
};
}
];
}
{
{
"Personal Infrastructure" = [
{ authentik = {
icon = "authentik.png";
@ -111,6 +85,30 @@
description = "OIDC SSO";
};
}
{ Tailscale = {
icon = "tailscale.png";
href = "https://login.tailscale.com";
description = "VPN provider";
};
}
{ Git = {
icon = "forgejo.png";
href = "https://git.gmem.ca";
description = "Git forge";
};
}
{ Grafana = {
icon = "grafana.png";
href = "https://grafana.gmem.ca";
description = "Monitoring & metrics";
widget = {
type = "grafana";
url = "https://grafana.gmem.ca";
username = "api@localhost";
password = "{{HOMEPAGE_VAR_GRAFANA_PASSWORD}}";
};
};
}
{ NextDNS = {
icon = "nextdns.png";
href = "https://my.nextdns.io";
@ -134,16 +132,30 @@
};
};
}
{ Tailscale = {
icon = "tailscale.png";
href = "https://login.tailscale.com";
description = "VPN provider";
];
}
{
Reading = [
{ FreshRSS = {
icon = "freshrss.png";
href = "https://freshrss.gmem.ca";
description = "FreshRSS RSS Reader";
widget = {
type = "freshrss";
url = "https://freshrss.gmem.ca";
username = "arch";
password = "{{HOMEPAGE_VAR_FRESHRSS_PASSWORD}}";
};
};
}
{ Git = {
icon = "forgejo.png";
href = "https://git.gmem.ca";
description = "Git forge";
{ "Lobste.rs" = {
href = "https://lobste.rs";
description = "News aggregator";
};
}
{ "Hacker News" = {
href = "https://news.ycombinator.com";
description = "VC news aggregator";
};
}
];
@ -248,6 +260,8 @@
base = "https://home.gmem.ca";
layout.Media.style = "row";
layout.Media.columns = "3";
layout."Personal Infrastructure".style = "row";
layout."Personal Infrastructure".columns = "3";
layout."Backup Status".style = "row";
layout."Backup Status".columns = "3";
};

1
homelab/kubernetes.nix
View file

@ -4,5 +4,6 @@
(import ./nginx.nix)
(import ./tclip.nix)
(import ./vrchat-prometheus-exporter.nix)
(import ./overseerr.nix)
(import ./homepage.nix) ];
}

78
homelab/overseerr.nix Normal file
View file

@ -0,0 +1,78 @@
let
appName = "overseerr";
appImage = "sctx/overseerr";
in
{
kubernetes.resources.services.overseerr = {
spec = {
selector.app = appName;
ports.http = {
port = 5055;
targetPort = 5055;
};
};
};
kubernetes.resources.statefulSets.overseerr.spec = {
selector.matchLabels.app = appName;
serviceName = appName;
template = {
metadata.labels.app = appName;
spec = {
volumes = {
config.configMap.name = "overseerr";
};
containers = {
overseerr = {
image = appImage;
volumeMounts = [
{ name = "data"; mountPath = "/app/config"; }
];
ports.metrics.containerPort = 5055;
resources = {
requests = {
cpu = "50m";
memory = "32Mi";
};
limits = {
cpu = "500m";
memory = "256Mi";
};
};
};
};
};
};
volumeClaimTemplates = [
{ metadata.name = "data";
spec = {
storageClassName = "nfs-client";
accessModes = [ "ReadWriteOnce" ];
resources.requests.storage = "1Gi";
};
}
];
};
kubernetes.resources.ingresses.overseerr = {
metadata = {
name = appName;
annotations = {
"cert-manager.io/issuer" = "le-issuer";
};
};
spec = {
tls = [ { hosts = [ "request-media.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
rules = [
{
host = "request-media.gmem.ca";
http.paths = [
{ path = "/"; pathType = "Prefix";
backend.service = {
name = appName;
port.name = "http"; };
}
];
}
];
};
};
}

10
homelab/postgres-cluster.yml
View file

@ -19,7 +19,14 @@ spec:
storage: 1Gi
backups:
pgbackrest:
manual:
repoName: repo1
options:
- --type=full
image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.47-1
global:
repo1-retention-full: "14"
repo1-retention-full-type: time
repos:
- name: repo1
volume:
@ -29,6 +36,9 @@ spec:
resources:
requests:
storage: 1Gi
schedules:
full: "0 1 * * 0"
differential: "0 1 * * 1-6"
monitoring:
pgmonitor:
exporter:

10
nix/london/config.nu
View file

@ -236,14 +236,20 @@ $env.config = {
use_kitty_protocol: true # enables keyboard enhancement protocol implemented by kitty console, only if your terminal support this
hooks: {
pre_prompt: [{ null }] # run before the prompt is shown
pre_execution: [{ null }] # run before the repl input is run
env_change: {
PWD: [{|before, after| null }] # run if the PWD environment is different since the last repl input
}
display_output: "if (term size).columns >= 100 { table -e } else { table }" # run to display the output of a pipeline
command_not_found: { null } # return an error message when a command is not found
}
pre_prompt: [{ ||
if (which direnv | is-empty) {
return
}
direnv export json | from json | default {} | load-env
}]
}
menus: [
# Configuration for default nushell menus

37
nix/london/configuration.nix
View file

@ -9,32 +9,18 @@
# Bootloader
boot = {
loader = {
grub = {
enable = true;
device = "nodev";
useOSProber = true;
efiSupport = true;
enableCryptodisk = true;
};
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
};
};
tmp.cleanOnBoot = true;
binfmt.emulatedSystems = [ "aarch64-linux" ];
extraModulePackages = [
config.boot.kernelPackages.v4l2loopback
];
kernelPackages = pkgs.linuxPackages_zen;
kernelModules = [ "amdgpu" "coretemp" "kvm-amd" "v4l2loopback" ];
initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
initrd.luks.devices."luks-63100442-37df-4579-a787-cb2f2c67b3d1" = {
device = "/dev/disk/by-uuid/63100442-37df-4579-a787-cb2f2c67b3d1";
keyFile = "/crypto_keyfile.bin";
};
};
time.hardwareClockInLocalTime = true;
@ -54,15 +40,16 @@
nixpkgs.config.allowUnfree = true;
systemd.services.NetworkManager-wait-online.enable = false;
networking = {
hostId = "3c26267f";
hostName = "LONDON";
networkmanager.enable = true;
firewall = {
enable = true;
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
allowedTCPPorts = [ 7000 7100 22000 8000 ];
allowedTCPPorts = [ 7000 7100 22000 8000 3000 ];
allowedUDPPorts = [ 6000 6001 7011 41641 3478 22000 21027 ];
trustedInterfaces = [ "tailscale0" ];
trustedInterfaces = [ "enp4s0" "tailscale0" "docker0" ];
checkReversePath = "loose";
};
nftables.enable = true;
@ -108,12 +95,12 @@
overrideFolders = false;
user = "gsimmer";
dataDir = "/home/gsimmer";
guiAddress = "100.93.188.51:8384";
guiAddress = "100.98.191.127:8384";
};
usbmuxd.enable = true;
prometheus.exporters.node = {
enable = true;
listenAddress = "100.93.188.51";
listenAddress = "100.98.191.127";
enabledCollectors = [
"systemd" "processes"
];
@ -176,6 +163,7 @@
xdg.portal.enable = true;
programs = {
sway.enable = true;
gamemode.enable = true;
zsh.enable = true;
fish.enable = true;
@ -218,10 +206,10 @@
fonts = {
packages = with pkgs; [
ibm-plex
jetbrains-mono
emojione
font-awesome
ibm-plex
jetbrains-mono
emojione
font-awesome
];
enableDefaultPackages = true;
};
@ -248,6 +236,7 @@
glmark2
libnotify
emojione
swtpm
];
};

6
nix/london/gsimmer.nix
View file

@ -16,14 +16,14 @@
[
(import (builtins.fetchTarball {
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
sha256 = "156jbn5s9rv7qjy5q6d9yq56zmxv07i5viqs0ryvhazdg1lzw311";
sha256 = "03nrh6axxckjsdy8jykqpdsvq7dik0x04pybvwxxy9sd04b8kdh2";
})) discordOverlay];
};
home = {
username = "gsimmer";
homeDirectory = "/home/gsimmer";
};
services.pueue = {
enable = true;
settings = {
@ -86,7 +86,6 @@
eza = {
enable = true;
enableAliases = true;
};
bat = {
@ -124,6 +123,7 @@
discord
mangohud
comma
looking-glass-client
];
# This value determines the Home Manager release that your

25
nix/london/hardware-configuration.nix
View file

@ -8,30 +8,23 @@
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
boot.initrd.availableKernelModules = [ "nvme" "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/cd6f3e34-65ce-4be5-b4d4-6818e70dcff3";
fsType = "ext4";
{ device = "/dev/disk/by-uuid/736c20e1-f11a-4af7-88f2-bba7b0f09939";
fsType = "xfs";
};
boot.initrd.luks.devices."luks-0cd5d85e-e232-4f75-a8b3-087737657fef".device = "/dev/disk/by-uuid/0cd5d85e-e232-4f75-a8b3-087737657fef";
fileSystems."/boot/efi" =
{ device = "/dev/disk/by-uuid/AB23-FA19";
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/2A2C-A8CE";
fsType = "vfat";
};
fileSystems."/home/gsimmer/FHG" = {
device = "/dev/disk/by-label/FHG";
fsType = "ext4";
};
swapDevices =
[ { device = "/dev/disk/by-uuid/c50f2d93-2f31-4afc-ad26-4730a8f4b7f0"; }
[ { device = "/dev/disk/by-uuid/41c7d0e1-e015-4d78-a0fb-f039a7f648ef"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@ -39,9 +32,9 @@
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
# networking.interfaces.enp14s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp15s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# high-resolution display
# hardware.video.hidpi.enable = lib.mkDefault true;
}

37
nix/london/vfio.nix
View file

@ -1,37 +0,0 @@
let
# RTX 3070 Ti
gpuIDs = [
"10de:1b81" # Graphics
"10de:10f0" # Audio
];
in { pkgs, lib, config, ... }: {
options.vfio.enable = with lib;
mkEnableOption "Configure the machine for VFIO";
config = let cfg = config.vfio;
in {
boot = {
initrd.kernelModules = [
"vfio_pci"
"vfio"
"vfio_iommu_type1"
"nvidia"
"nvidia_modeset"
"nvidia_uvm"
"nvidia_drm"
];
kernelParams = [
# enable IOMMU
"amd_iommu=on"
"pcie_acs_override=downstream,multifunction"
] ++ lib.optional cfg.enable
# isolate the GPU
("vfio-pci.ids=" + lib.concatStringsSep "," gpuIDs);
};
hardware.opengl.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
};
}

6
nix/monitoring/configuration.nix
View file

@ -286,6 +286,12 @@
port = 9001;
extraFlags = [ "--web.enable-remote-write-receiver" ];
scrapeConfigs = [
{
job_name = "proxmox";
metrics_path = "/pve";
params = { "target" = [ "localhost" ]; };
static_configs = [ { targets = [ "proxmox:9221" ]; } ];
}
{
job_name = "personal_hardware";
static_configs = [ { targets = [ "london:9100" "vancouver:9100" "localhost:9100" ]; } ];

27
nix/nas/configuration.nix
View file

@ -84,8 +84,8 @@
environmentFile = config.age.secrets.restic-b2-credentials.path;
repository = "s3:s3.us-west-000.backblazeb2.com/gsimmer-backup";
paths = [
"/tank/gabriel/projects"
"/tank/gabriel/org"
"/tank/gsimmer/projects"
"/tank/gsimmer/org"
"/tank/gsimmer/Backup/Pictures"
"/tank/gsimmer/Photos"
"/tank/shared"
@ -313,23 +313,6 @@
proxyPass = "http://127.0.0.1:8973/";
};
};
virtualHosts."request-media.gmem.ca" = {
enableACME = true;
addSSL = true;
acmeRoot = null;
locations."/" = {
extraConfig =
''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 100M;
'';
proxyPass = "http://127.0.0.1:5055/";
};
};
virtualHosts."flood.gmem.ca" = {
enableACME = true;
addSSL = true;
@ -344,7 +327,7 @@
client_max_body_size 100M;
'';
proxyPass = "http://192.168.122.185:3000/";
proxyPass = "http://192.168.50.205:3000/";
};
};
};
@ -433,7 +416,7 @@
daily = 2;
monthly = 2;
};
"Primary/gitea" = {
"Primary/forgejo" = {
autoprune = true;
autosnap = true;
daily = 2;
@ -483,7 +466,6 @@
cifs-utils
cloudflared
bat
virtiofsd
gnupg
pinentry
];
@ -548,7 +530,6 @@
setSocketVariable = true;
};
};
libvirtd.enable = true;
};
virtualisation.oci-containers.containers = {

19
nix/oracle-gitea-runner/configuration.nix
View file

@ -18,13 +18,6 @@
tailscale
];
services.coder = {
enable = true;
group = "docker";
listenAddress = "0.0.0.0:3000";
package = (pkgs.callPackage ./coder.nix {});
};
services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances = {
@ -35,7 +28,7 @@
"debian-latest-arm:docker://node:18-bullseye"
];
url = "https://git.gmem.ca";
token = "rclEuf0ZKhWKe7IhvWZqgJpb1y84iYBJsJi7Wslh";
token = "dcSqNPRfeAFjAA2NUzZRbO4Q2k1L2WOOCAEAhPR4";
settings = {
cache.port = 4328;
};
@ -62,9 +55,13 @@
};
users.users = {
root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr"
];
root.openssh.authorizedKeys.keys = let
authorizedKeys = pkgs.fetchurl {
url = "https://gmem.ca/ssh";
hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
};
in pkgs.lib.splitString "\n" (builtins.readFile
authorizedKeys);
};
virtualisation = {
docker = {