arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

Compare commits

base: arch:0d3dda6646db38b501866eef0b6faed66af8dfa6
Branches Tags
arch:trunk
arch:woodpecker-ci
..
compare: arch:6a02df9e1f31ce3819dc1953c33cf1eec427f5d5
Branches Tags
arch:trunk
arch:woodpecker-ci

9 commits
0d3dda6646 ... 6a02df9e1f

Author SHA1 Message Date
Gabriel Simmer 6a02df9e1f
update flake.lock
All checks were successful
Lint / lint (push) Successful in 22s
Details
2023-12-08 23:44:49 +00:00
Gabriel Simmer d9d9da4bf7
homepage formatting 2023-12-08 23:44:26 +00:00
Gabriel Simmer 42dc3dafad
Add overseerr to kubernetes.nix 2023-12-08 23:44:09 +00:00
Gabriel Simmer c0dddf0cb9
Proper backing up for postgres cluster 2023-12-08 23:43:56 +00:00
Gabriel Simmer 7dfc818b6c
London update 
New hardware, use systemd-boot, remove vfio bits, xfs fs
 2023-12-08 23:43:18 +00:00
Gabriel Simmer cd5536c15a
Monitoring for proxmox 2023-12-08 23:42:59 +00:00
Gabriel Simmer fdde3dbbbb
various nas updates 
correct backup paths, update flood ip, remove libvirtd
 2023-12-08 23:42:33 +00:00
Gabriel Simmer a3780cae33
Remove coder from gitea runner, ssh keys 2023-12-08 23:41:29 +00:00
Gabriel Simmer 91ae8b665f
Move overseerr to pi cluster 2023-12-08 23:41:16 +00:00
13 changed files with 227 additions and 189 deletions
Show stats Expand all files Collapse all files

76
flake.lock
View file

@ -134,11 +134,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1698882062, "lastModified": 1701473968,
"narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=", "narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "8c9fa2545007b49a5db5f650ae91f227672c3877", "rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -167,11 +167,11 @@
"systems": "systems_2" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1694529238, "lastModified": 1701680307,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=", "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384", "rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -223,11 +223,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1699663185, "lastModified": 1701728041,
"narHash": "sha256-hI3CZPINBWstkMN+ptyzWibw5eRtFCiEvO7zR61bGBs=", "narHash": "sha256-x0pyrI1vC8evVDxCxyO6olOyr4wlFg9+VS3C3p4xFYQ=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "691cbcc03af6ad1b5384c0e0e0b5f2298f58c5ce", "rev": "ac7216918cd65f3824ba7817dea8f22e61221eaf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -244,11 +244,11 @@
"treefmt": "treefmt" "treefmt": "treefmt"
}, },
"locked": { "locked": {
"lastModified": 1699581775, "lastModified": 1700116223,
"narHash": "sha256-Pld/UXlBcIDnQMY0JkDzChJkbof/zEcRkaiXtzvArEE=", "narHash": "sha256-Pld/UXlBcIDnQMY0JkDzChJkbof/zEcRkaiXtzvArEE=",
"owner": "hall", "owner": "hall",
"repo": "kubenix", "repo": "kubenix",
"rev": "fceda8451461ee5e623815414f76885df77b7217", "rev": "e4d036576436b9983216584a89388af3da995043",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -263,11 +263,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1699186103, "lastModified": 1701901779,
"narHash": "sha256-B13wpM9/sLYBO2TjxFYLhPUD9v3LVFVOmH12pGB3E0w=", "narHash": "sha256-niromWK2vW1p/pzbsMjpBq2wi/yR1UgYXplvIG2EoI4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lib-aggregate", "repo": "lib-aggregate",
"rev": "99ff947f29d9c89fe26072b1927e594ee45ccda0", "rev": "967acb55282cb9fa9c3c91d4ca91c92b7befc7bb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -284,11 +284,11 @@
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1699261003, "lastModified": 1701852992,
"narHash": "sha256-wkOVJ2wkPpTYqipDF693bEAUQ838xjloUcs6WNsTMlw=", "narHash": "sha256-9k+nGxwpxuyocsvitsx1Y2SGI/FScVzXjLyGsVjE/wo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-eval-jobs", "repo": "nix-eval-jobs",
"rev": "2b55f473c960d38a40678d9831fc1dcb87615a98", "rev": "0f8e80f29287a7c01144603fb0030fdd7216dd98",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -306,11 +306,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1698974481, "lastModified": 1701208414,
"narHash": "sha256-yPncV9Ohdz1zPZxYHQf47S8S0VrnhV7nNhCawY46hDA=", "narHash": "sha256-xrQ0FyhwTZK6BwKhahIkUVZhMNk21IEI1nUcWSONtpo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-github-actions", "repo": "nix-github-actions",
"rev": "4bb5e752616262457bc7ca5882192a564c0472d2", "rev": "93e39cc1a087d65bcf7a132e75a650c44dd2b734",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -360,11 +360,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1696058303, "lastModified": 1701689616,
"narHash": "sha256-eNqKWpF5zG0SrgbbtljFOrRgFgRzCc4++TMFADBMLnc=", "narHash": "sha256-ewnfgvRy73HoP5KnYmy1Rcr4m4yShvsb6TCCaKoW8pc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "150f38bd1e09e20987feacb1b0d5991357532fb5", "rev": "246219bc21b943c6f6812bb7744218ba0df08600",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -391,11 +391,11 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1699145078, "lastModified": 1701564385,
"narHash": "sha256-OO1b3jiMUGjafD2ErkbTPVgUlhmyWo2Z5i0k2kD1ViU=", "narHash": "sha256-um5ce7hnsQ8Do+oKf90zGKVmEqufr4Q6T8zfY9Hon38=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "174d7dc67189bc4a53f1bffb4fb9d0f13b79cd3c", "rev": "152c00fc19bc45af5dd65bd41d1d020c2ba0b4ca",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -414,11 +414,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1699629370, "lastModified": 1701902161,
"narHash": "sha256-HwoRInCXXdEUcfXEnlWb7v4nuQLUo5dT9ZWTb2C1Vik=", "narHash": "sha256-xi5JKgNaNl5XG/tstZ+bA3KpgB+qSGasJinSJP37PBg=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs-wayland", "repo": "nixpkgs-wayland",
"rev": "62a9b65dfb8c182530887d567a7c796fe2bb514e", "rev": "916f946eb68f5ee3528c628752bd2e85366d8886",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -477,11 +477,11 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1699343069, "lastModified": 1701693815,
"narHash": "sha256-s7BBhyLA6MI6FuJgs4F/SgpntHBzz40/qV0xLPW6A1Q=", "narHash": "sha256-7BkrXykVWfkn6+c1EhFA3ko4MLi3gVG0p9G96PNnKTM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ec750fd01963ab6b20ee1f0cb488754e8036d89d", "rev": "09ec6a0881e1a36c29d67497693a67a16f4da573",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -493,11 +493,11 @@
}, },
"nixpkgs_6": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1699236715, "lastModified": 1701847270,
"narHash": "sha256-oel+a6B5mBO7vA1A/I9A9VTK2jW5shnYAuu08RYhmxQ=", "narHash": "sha256-ttPWHy1NZwJzSzY7OmofFNyrm9kWc+RFFHpJGeQ4kWw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "0d93ec62e06faec6c52331a8a87bd5721b38ce14", "rev": "9ed8ade77aef706a03d8cc3a5ad4f60848ac59a7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -631,11 +631,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1698438538, "lastModified": 1701682826,
"narHash": "sha256-AWxaKTDL3MtxaVTVU5lYBvSnlspOS0Fjt8GxBgnU0Do=", "narHash": "sha256-2lxeTUGs8Jzz/wjLgWYmZoXn60BYNRMzwHFtxNFUDLU=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "5deb8dc125a9f83b65ca86cf0c8167c46593e0b1", "rev": "affe7fc3f5790e1d0b5ba51bcff0f7ebe465e92d",
"type": "github" "type": "github"
}, },
"original": { "original": {

82
homelab/homepage.nix
View file

@ -77,32 +77,6 @@
} }
]; ];
} }
{
Reading = [
{ FreshRSS = {
icon = "freshrss.png";
href = "https://freshrss.gmem.ca";
description = "FreshRSS RSS Reader";
widget = {
type = "freshrss";
url = "https://freshrss.gmem.ca";
username = "arch";
password = "{{HOMEPAGE_VAR_FRESHRSS_PASSWORD}}";
};
};
}
{ "Lobste.rs" = {
href = "https://lobste.rs";
description = "News aggregator";
};
}
{ "Hacker News" = {
href = "https://news.ycombinator.com";
description = "VC news aggregator";
};
}
];
}
{ {
"Personal Infrastructure" = [ "Personal Infrastructure" = [
{ authentik = { { authentik = {
@ -111,6 +85,30 @@
description = "OIDC SSO"; description = "OIDC SSO";
}; };
} }
{ Tailscale = {
icon = "tailscale.png";
href = "https://login.tailscale.com";
description = "VPN provider";
};
}
{ Git = {
icon = "forgejo.png";
href = "https://git.gmem.ca";
description = "Git forge";
};
}
{ Grafana = {
icon = "grafana.png";
href = "https://grafana.gmem.ca";
description = "Monitoring & metrics";
widget = {
type = "grafana";
url = "https://grafana.gmem.ca";
username = "api@localhost";
password = "{{HOMEPAGE_VAR_GRAFANA_PASSWORD}}";
};
};
}
{ NextDNS = { { NextDNS = {
icon = "nextdns.png"; icon = "nextdns.png";
href = "https://my.nextdns.io"; href = "https://my.nextdns.io";
@ -134,16 +132,30 @@
}; };
}; };
} }
{ Tailscale = { ];
icon = "tailscale.png"; }
href = "https://login.tailscale.com"; {
description = "VPN provider"; Reading = [
{ FreshRSS = {
icon = "freshrss.png";
href = "https://freshrss.gmem.ca";
description = "FreshRSS RSS Reader";
widget = {
type = "freshrss";
url = "https://freshrss.gmem.ca";
username = "arch";
password = "{{HOMEPAGE_VAR_FRESHRSS_PASSWORD}}";
};
}; };
} }
{ Git = { { "Lobste.rs" = {
icon = "forgejo.png"; href = "https://lobste.rs";
href = "https://git.gmem.ca"; description = "News aggregator";
description = "Git forge"; };
}
{ "Hacker News" = {
href = "https://news.ycombinator.com";
description = "VC news aggregator";
}; };
} }
]; ];
@ -248,6 +260,8 @@
base = "https://home.gmem.ca"; base = "https://home.gmem.ca";
layout.Media.style = "row"; layout.Media.style = "row";
layout.Media.columns = "3"; layout.Media.columns = "3";
layout."Personal Infrastructure".style = "row";
layout."Personal Infrastructure".columns = "3";
layout."Backup Status".style = "row"; layout."Backup Status".style = "row";
layout."Backup Status".columns = "3"; layout."Backup Status".columns = "3";
}; };

1
homelab/kubernetes.nix
View file

@ -4,5 +4,6 @@
(import ./nginx.nix) (import ./nginx.nix)
(import ./tclip.nix) (import ./tclip.nix)
(import ./vrchat-prometheus-exporter.nix) (import ./vrchat-prometheus-exporter.nix)
(import ./overseerr.nix)
(import ./homepage.nix) ]; (import ./homepage.nix) ];
} }

78
homelab/overseerr.nix Normal file
View file

@ -0,0 +1,78 @@
let
appName = "overseerr";
appImage = "sctx/overseerr";
in
{
kubernetes.resources.services.overseerr = {
spec = {
selector.app = appName;
ports.http = {
port = 5055;
targetPort = 5055;
};
};
};
kubernetes.resources.statefulSets.overseerr.spec = {
selector.matchLabels.app = appName;
serviceName = appName;
template = {
metadata.labels.app = appName;
spec = {
volumes = {
config.configMap.name = "overseerr";
};
containers = {
overseerr = {
image = appImage;
volumeMounts = [
{ name = "data"; mountPath = "/app/config"; }
];
ports.metrics.containerPort = 5055;
resources = {
requests = {
cpu = "50m";
memory = "32Mi";
};
limits = {
cpu = "500m";
memory = "256Mi";
};
};
};
};
};
};
volumeClaimTemplates = [
{ metadata.name = "data";
spec = {
storageClassName = "nfs-client";
accessModes = [ "ReadWriteOnce" ];
resources.requests.storage = "1Gi";
};
}
];
};
kubernetes.resources.ingresses.overseerr = {
metadata = {
name = appName;
annotations = {
"cert-manager.io/issuer" = "le-issuer";
};
};
spec = {
tls = [ { hosts = [ "request-media.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
rules = [
{
host = "request-media.gmem.ca";
http.paths = [
{ path = "/"; pathType = "Prefix";
backend.service = {
name = appName;
port.name = "http"; };
}
];
}
];
};
};
}

10
homelab/postgres-cluster.yml
View file

@ -19,7 +19,14 @@ spec:
storage: 1Gi storage: 1Gi
backups: backups:
pgbackrest: pgbackrest:
manual:
repoName: repo1
options:
- --type=full
image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.47-1 image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.47-1
global:
repo1-retention-full: "14"
repo1-retention-full-type: time
repos: repos:
- name: repo1 - name: repo1
volume: volume:
@ -29,6 +36,9 @@ spec:
resources: resources:
requests: requests:
storage: 1Gi storage: 1Gi
schedules:
full: "0 1 * * 0"
differential: "0 1 * * 1-6"
monitoring: monitoring:
pgmonitor: pgmonitor:
exporter: exporter:

8
nix/london/config.nu
View file

@ -236,13 +236,19 @@ $env.config = {
use_kitty_protocol: true # enables keyboard enhancement protocol implemented by kitty console, only if your terminal support this use_kitty_protocol: true # enables keyboard enhancement protocol implemented by kitty console, only if your terminal support this
hooks: { hooks: {
pre_prompt: [{ null }] # run before the prompt is shown
pre_execution: [{ null }] # run before the repl input is run pre_execution: [{ null }] # run before the repl input is run
env_change: { env_change: {
PWD: [{|before, after| null }] # run if the PWD environment is different since the last repl input PWD: [{|before, after| null }] # run if the PWD environment is different since the last repl input
} }
display_output: "if (term size).columns >= 100 { table -e } else { table }" # run to display the output of a pipeline display_output: "if (term size).columns >= 100 { table -e } else { table }" # run to display the output of a pipeline
command_not_found: { null } # return an error message when a command is not found command_not_found: { null } # return an error message when a command is not found
pre_prompt: [{ ||
if (which direnv | is-empty) {
return
}
direnv export json | from json | default {} | load-env
}]
} }
menus: [ menus: [

29
nix/london/configuration.nix
View file

@ -9,32 +9,18 @@
# Bootloader # Bootloader
boot = { boot = {
loader = { loader = {
grub = { systemd-boot.enable = true;
enable = true;
device = "nodev";
useOSProber = true;
efiSupport = true;
enableCryptodisk = true;
};
efi = { efi = {
canTouchEfiVariables = true; canTouchEfiVariables = true;
efiSysMountPoint = "/boot/efi";
}; };
}; };
tmp.cleanOnBoot = true;
binfmt.emulatedSystems = [ "aarch64-linux" ]; binfmt.emulatedSystems = [ "aarch64-linux" ];
extraModulePackages = [ extraModulePackages = [
config.boot.kernelPackages.v4l2loopback config.boot.kernelPackages.v4l2loopback
]; ];
kernelPackages = pkgs.linuxPackages_zen; kernelPackages = pkgs.linuxPackages_zen;
kernelModules = [ "amdgpu" "coretemp" "kvm-amd" "v4l2loopback" ]; kernelModules = [ "amdgpu" "coretemp" "kvm-amd" "v4l2loopback" ];
initrd.secrets = {
"/crypto_keyfile.bin" = null;
};
initrd.luks.devices."luks-63100442-37df-4579-a787-cb2f2c67b3d1" = {
device = "/dev/disk/by-uuid/63100442-37df-4579-a787-cb2f2c67b3d1";
keyFile = "/crypto_keyfile.bin";
};
}; };
time.hardwareClockInLocalTime = true; time.hardwareClockInLocalTime = true;
@ -54,15 +40,16 @@
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
systemd.services.NetworkManager-wait-online.enable = false; systemd.services.NetworkManager-wait-online.enable = false;
networking = { networking = {
hostId = "3c26267f";
hostName = "LONDON"; hostName = "LONDON";
networkmanager.enable = true; networkmanager.enable = true;
firewall = { firewall = {
enable = true; enable = true;
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ]; allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
allowedTCPPortRanges = [ { from = 27036; to = 27037; } ]; allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
allowedTCPPorts = [ 7000 7100 22000 8000 ]; allowedTCPPorts = [ 7000 7100 22000 8000 3000 ];
allowedUDPPorts = [ 6000 6001 7011 41641 3478 22000 21027 ]; allowedUDPPorts = [ 6000 6001 7011 41641 3478 22000 21027 ];
trustedInterfaces = [ "tailscale0" ]; trustedInterfaces = [ "enp4s0" "tailscale0" "docker0" ];
checkReversePath = "loose"; checkReversePath = "loose";
}; };
nftables.enable = true; nftables.enable = true;
@ -108,12 +95,12 @@
overrideFolders = false; overrideFolders = false;
user = "gsimmer"; user = "gsimmer";
dataDir = "/home/gsimmer"; dataDir = "/home/gsimmer";
guiAddress = "100.93.188.51:8384"; guiAddress = "100.98.191.127:8384";
}; };
usbmuxd.enable = true; usbmuxd.enable = true;
prometheus.exporters.node = { prometheus.exporters.node = {
enable = true; enable = true;
listenAddress = "100.93.188.51"; listenAddress = "100.98.191.127";
enabledCollectors = [ enabledCollectors = [
"systemd" "processes" "systemd" "processes"
]; ];
@ -176,6 +163,7 @@
xdg.portal.enable = true; xdg.portal.enable = true;
programs = { programs = {
sway.enable = true;
gamemode.enable = true; gamemode.enable = true;
zsh.enable = true; zsh.enable = true;
fish.enable = true; fish.enable = true;
@ -248,6 +236,7 @@
glmark2 glmark2
libnotify libnotify
emojione emojione
swtpm
]; ];
}; };

4
nix/london/gsimmer.nix
View file

@ -16,7 +16,7 @@
[ [
(import (builtins.fetchTarball { (import (builtins.fetchTarball {
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz"; url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
sha256 = "156jbn5s9rv7qjy5q6d9yq56zmxv07i5viqs0ryvhazdg1lzw311"; sha256 = "03nrh6axxckjsdy8jykqpdsvq7dik0x04pybvwxxy9sd04b8kdh2";
})) discordOverlay]; })) discordOverlay];
}; };
home = { home = {
@ -86,7 +86,6 @@
eza = { eza = {
enable = true; enable = true;
enableAliases = true;
}; };
bat = { bat = {
@ -124,6 +123,7 @@
discord discord
mangohud mangohud
comma comma
looking-glass-client
]; ];
# This value determines the Home Manager release that your # This value determines the Home Manager release that your

25
nix/london/hardware-configuration.nix
View file

@ -8,30 +8,23 @@
[ (modulesPath + "/installer/scan/not-detected.nix") [ (modulesPath + "/installer/scan/not-detected.nix")
]; ];
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; boot.initrd.availableKernelModules = [ "nvme" "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ]; boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" =
{ device = "/dev/disk/by-uuid/cd6f3e34-65ce-4be5-b4d4-6818e70dcff3"; { device = "/dev/disk/by-uuid/736c20e1-f11a-4af7-88f2-bba7b0f09939";
fsType = "ext4"; fsType = "xfs";
}; };
boot.initrd.luks.devices."luks-0cd5d85e-e232-4f75-a8b3-087737657fef".device = "/dev/disk/by-uuid/0cd5d85e-e232-4f75-a8b3-087737657fef"; fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/2A2C-A8CE";
fileSystems."/boot/efi" =
{ device = "/dev/disk/by-uuid/AB23-FA19";
fsType = "vfat"; fsType = "vfat";
}; };
fileSystems."/home/gsimmer/FHG" = {
device = "/dev/disk/by-label/FHG";
fsType = "ext4";
};
swapDevices = swapDevices =
[ { device = "/dev/disk/by-uuid/c50f2d93-2f31-4afc-ad26-4730a8f4b7f0"; } [ { device = "/dev/disk/by-uuid/41c7d0e1-e015-4d78-a0fb-f039a7f648ef"; }
]; ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
@ -39,9 +32,9 @@
# still possible to use this option, but it's recommended to use it in conjunction # still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`. # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true; networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true; # networking.interfaces.enp14s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp15s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
# high-resolution display
# hardware.video.hidpi.enable = lib.mkDefault true;
} }

37
nix/london/vfio.nix
View file

@ -1,37 +0,0 @@
let
# RTX 3070 Ti
gpuIDs = [
"10de:1b81" # Graphics
"10de:10f0" # Audio
];
in { pkgs, lib, config, ... }: {
options.vfio.enable = with lib;
mkEnableOption "Configure the machine for VFIO";
config = let cfg = config.vfio;
in {
boot = {
initrd.kernelModules = [
"vfio_pci"
"vfio"
"vfio_iommu_type1"
"nvidia"
"nvidia_modeset"
"nvidia_uvm"
"nvidia_drm"
];
kernelParams = [
# enable IOMMU
"amd_iommu=on"
"pcie_acs_override=downstream,multifunction"
] ++ lib.optional cfg.enable
# isolate the GPU
("vfio-pci.ids=" + lib.concatStringsSep "," gpuIDs);
};
hardware.opengl.enable = true;
virtualisation.spiceUSBRedirection.enable = true;
};
}

6
nix/monitoring/configuration.nix
View file

@ -286,6 +286,12 @@
port = 9001; port = 9001;
extraFlags = [ "--web.enable-remote-write-receiver" ]; extraFlags = [ "--web.enable-remote-write-receiver" ];
scrapeConfigs = [ scrapeConfigs = [
{
job_name = "proxmox";
metrics_path = "/pve";
params = { "target" = [ "localhost" ]; };
static_configs = [ { targets = [ "proxmox:9221" ]; } ];
}
{ {
job_name = "personal_hardware"; job_name = "personal_hardware";
static_configs = [ { targets = [ "london:9100" "vancouver:9100" "localhost:9100" ]; } ]; static_configs = [ { targets = [ "london:9100" "vancouver:9100" "localhost:9100" ]; } ];

27
nix/nas/configuration.nix
View file

@ -84,8 +84,8 @@
environmentFile = config.age.secrets.restic-b2-credentials.path; environmentFile = config.age.secrets.restic-b2-credentials.path;
repository = "s3:s3.us-west-000.backblazeb2.com/gsimmer-backup"; repository = "s3:s3.us-west-000.backblazeb2.com/gsimmer-backup";
paths = [ paths = [
"/tank/gabriel/projects" "/tank/gsimmer/projects"
"/tank/gabriel/org" "/tank/gsimmer/org"
"/tank/gsimmer/Backup/Pictures" "/tank/gsimmer/Backup/Pictures"
"/tank/gsimmer/Photos" "/tank/gsimmer/Photos"
"/tank/shared" "/tank/shared"
@ -313,23 +313,6 @@
proxyPass = "http://127.0.0.1:8973/"; proxyPass = "http://127.0.0.1:8973/";
}; };
}; };
virtualHosts."request-media.gmem.ca" = {
enableACME = true;
addSSL = true;
acmeRoot = null;
locations."/" = {
extraConfig =
''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
client_max_body_size 100M;
'';
proxyPass = "http://127.0.0.1:5055/";
};
};
virtualHosts."flood.gmem.ca" = { virtualHosts."flood.gmem.ca" = {
enableACME = true; enableACME = true;
addSSL = true; addSSL = true;
@ -344,7 +327,7 @@
client_max_body_size 100M; client_max_body_size 100M;
''; '';
proxyPass = "http://192.168.122.185:3000/"; proxyPass = "http://192.168.50.205:3000/";
}; };
}; };
}; };
@ -433,7 +416,7 @@
daily = 2; daily = 2;
monthly = 2; monthly = 2;
}; };
"Primary/gitea" = { "Primary/forgejo" = {
autoprune = true; autoprune = true;
autosnap = true; autosnap = true;
daily = 2; daily = 2;
@ -483,7 +466,6 @@
cifs-utils cifs-utils
cloudflared cloudflared
bat bat
virtiofsd
gnupg gnupg
pinentry pinentry
]; ];
@ -548,7 +530,6 @@
setSocketVariable = true; setSocketVariable = true;
}; };
}; };
libvirtd.enable = true;
}; };
virtualisation.oci-containers.containers = { virtualisation.oci-containers.containers = {

19
nix/oracle-gitea-runner/configuration.nix
View file

@ -18,13 +18,6 @@
tailscale tailscale
]; ];
services.coder = {
enable = true;
group = "docker";
listenAddress = "0.0.0.0:3000";
package = (pkgs.callPackage ./coder.nix {});
};
services.gitea-actions-runner = { services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner; package = pkgs.forgejo-actions-runner;
instances = { instances = {
@ -35,7 +28,7 @@
"debian-latest-arm:docker://node:18-bullseye" "debian-latest-arm:docker://node:18-bullseye"
]; ];
url = "https://git.gmem.ca"; url = "https://git.gmem.ca";
token = "rclEuf0ZKhWKe7IhvWZqgJpb1y84iYBJsJi7Wslh"; token = "dcSqNPRfeAFjAA2NUzZRbO4Q2k1L2WOOCAEAhPR4";
settings = { settings = {
cache.port = 4328; cache.port = 4328;
}; };
@ -62,9 +55,13 @@
}; };
users.users = { users.users = {
root.openssh.authorizedKeys.keys = [ root.openssh.authorizedKeys.keys = let
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr" authorizedKeys = pkgs.fetchurl {
]; url = "https://gmem.ca/ssh";
hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
};
in pkgs.lib.splitString "\n" (builtins.readFile
authorizedKeys);
}; };
virtualisation = { virtualisation = {
docker = { docker = {