arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

Compare commits

base: arch:434720d3f81b9caf72b125d9a986ec6800d86ec8
Branches Tags
arch:trunk
arch:woodpecker-ci
..
compare: arch:baa2417bfe4beffb3f79254652e69bbdd0b370f4
Branches Tags
arch:trunk
arch:woodpecker-ci

No commits in common. "434720d3f81b9caf72b125d9a986ec6800d86ec8" and "baa2417bfe4beffb3f79254652e69bbdd0b370f4" have entirely different histories.
434720d3f8 ... baa2417bfe

8 changed files with 112 additions and 336 deletions
Show stats Expand all files Collapse all files

36
flake.lock
View file

@ -223,11 +223,11 @@
]
},
"locked": {
"lastModified": 1699663185,
"narHash": "sha256-hI3CZPINBWstkMN+ptyzWibw5eRtFCiEvO7zR61bGBs=",
"lastModified": 1699025595,
"narHash": "sha256-e+o4PoSu2Z6Ww8y/AVUmMU200rNZoRK+p2opQ7Db8Rg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "691cbcc03af6ad1b5384c0e0e0b5f2298f58c5ce",
"rev": "8765d4e38aa0be53cdeee26f7386173e6c65618d",
"type": "github"
},
"original": {
@ -244,11 +244,11 @@
"treefmt": "treefmt"
},
"locked": {
"lastModified": 1699581775,
"narHash": "sha256-Pld/UXlBcIDnQMY0JkDzChJkbof/zEcRkaiXtzvArEE=",
"lastModified": 1697643920,
"narHash": "sha256-Ti/v3lWKNF2/5u3ARTDhhdr7ijUo/ZpefKAfr8OgsK4=",
"owner": "hall",
"repo": "kubenix",
"rev": "fceda8451461ee5e623815414f76885df77b7217",
"rev": "ea469ff77a49f6f3df420bfc6040c39e1b861d87",
"type": "github"
},
"original": {
@ -284,11 +284,11 @@
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1699261003,
"narHash": "sha256-wkOVJ2wkPpTYqipDF693bEAUQ838xjloUcs6WNsTMlw=",
"lastModified": 1699060277,
"narHash": "sha256-As0PilG8NEQzIMOFIzfI3zkBNH2CJHZJXRL5Rc36Ojc=",
"owner": "nix-community",
"repo": "nix-eval-jobs",
"rev": "2b55f473c960d38a40678d9831fc1dcb87615a98",
"rev": "20a24e8b1004d3293525334ccf3254c083d6fbaa",
"type": "github"
},
"original": {
@ -414,11 +414,11 @@
]
},
"locked": {
"lastModified": 1699629370,
"narHash": "sha256-HwoRInCXXdEUcfXEnlWb7v4nuQLUo5dT9ZWTb2C1Vik=",
"lastModified": 1699222410,
"narHash": "sha256-qGuDXk991Mlws0f8DXNua82G+22jMBwoFG80o1sF66M=",
"owner": "nix-community",
"repo": "nixpkgs-wayland",
"rev": "62a9b65dfb8c182530887d567a7c796fe2bb514e",
"rev": "74717cb06fc24dbf57002bb1cf6d36fc50293d34",
"type": "github"
},
"original": {
@ -477,11 +477,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1699343069,
"narHash": "sha256-s7BBhyLA6MI6FuJgs4F/SgpntHBzz40/qV0xLPW6A1Q=",
"lastModified": 1699186365,
"narHash": "sha256-Pxrw5U8mBsL3NlrJ6q1KK1crzvSUcdfwb9083sKDrcU=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "ec750fd01963ab6b20ee1f0cb488754e8036d89d",
"rev": "a0b3b06b7a82c965ae0bb1d59f6e386fe755001d",
"type": "github"
},
"original": {
@ -493,11 +493,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1699236715,
"narHash": "sha256-oel+a6B5mBO7vA1A/I9A9VTK2jW5shnYAuu08RYhmxQ=",
"lastModified": 1698977350,
"narHash": "sha256-OUDOHWrX3EjX/MlOoCHEb3JMONklbpu4Wa+Xf5s/U+s=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "0d93ec62e06faec6c52331a8a87bd5721b38ce14",
"rev": "4285a2a67daf39e63d9564a47773a1c2081c36a8",
"type": "github"
},
"original": {

74
homelab/home.yml Normal file
View file

@ -0,0 +1,74 @@
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: dashy
spec:
podManagementPolicy: OrderedReady
updateStrategy:
type: RollingUpdate
selector:
matchLabels:
app: dashy
serviceName: dashy
replicas: 1
template:
metadata:
labels:
app: dashy
spec:
containers:
- name: dashy
image: lissy93/dashy:latest
ports:
- containerPort: 80
name: web
volumeMounts:
- name: config
mountPath: /app/public
volumeClaimTemplates:
- metadata:
name: config
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 1Gi
---
apiVersion: v1
kind: Service
metadata:
name: dashy
spec:
selector:
app: dashy
ports:
- port: 80
targetPort: 80
name: web
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: home
annotations:
cert-manager.io/issuer: "le-issuer"
namespace: default
spec:
tls:
- hosts:
- home.gmem.ca
secretName: gmem-ca-wildcard
rules:
- host: home.gmem.ca
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: dashy
port:
number: 80

BIN
homelab/homepage-secrets.env.age
View file

Binary file not shown.

286
homelab/homepage.nix
View file

@ -1,286 +0,0 @@
{ lib, config, kubenix, ... }: {
kubernetes.helm.releases.homepage = {
chart = kubenix.lib.helm.fetch {
repo = "https://jameswynn.github.io/helm-charts";
chart = "homepage";
version = "1.2.3";
sha256 = "sha256-tZv/+ePFPifilp8wU4FjogSJhNEERx0PcdHUzsBxfRA=";
};
# arbitrary attrset passed as values to the helm release
values = {
replicaCount = 2;
image = {
repository = "ghcr.io/gethomepage/homepage";
tag = "latest";
};
serviceAccount.create = true;
enableRbac = true;
ingress.main = {
enabled = true;
ingressClassName = "nginx";
hosts = [
{
host = "home.gmem.ca";
paths = [
{
path = "/";
pathType = "Prefix";
}
];
}
];
tls = [
{
hosts = [ "home.gmem.ca" ];
secretName = "gmem-ca-wildcard";
}
];
};
config = {
bookmarks = [];
services = [
{
Media = [
{ Plex = {
icon = "plex.png";
href = "https://app.plex.tv";
description = "Plex";
widget = {
type = "plex";
url = "http://vancouver:32400";
key = "{{HOMEPAGE_VAR_PLEX_KEY}}";
};
};
}
{ Overseerr = {
icon = "overseerr.png";
href = "https://request-media.gmem.ca";
description = "Request movies and TV shows";
widget = {
type = "overseerr";
url = "https://request-media.gmem.ca";
key = "{{HOMEPAGE_VAR_OVERSEERR_KEY}}";
};
};
}
{ Flood = {
icon = "flood.png";
href = "https://flood.gmem.ca";
description = "Download progress for torrents";
widget = {
type = "flood";
url = "https://flood.gmem.ca";
username = "admin";
password = "{{HOMEPAGE_VAR_FLOOD_PASSWORD}}";
};
};
}
];
}
{
Reading = [
{ FreshRSS = {
icon = "freshrss.png";
href = "https://freshrss.gmem.ca";
description = "FreshRSS RSS Reader";
widget = {
type = "freshrss";
url = "https://freshrss.gmem.ca";
username = "arch";
password = "{{HOMEPAGE_VAR_FRESHRSS_PASSWORD}}";
};
};
}
{ "Lobste.rs" = {
href = "https://lobste.rs";
description = "News aggregator";
};
}
{ "Hacker News" = {
href = "https://news.ycombinator.com";
description = "VC news aggregator";
};
}
];
}
{
"Personal Infrastructure" = [
{ authentik = {
icon = "authentik.png";
href = "https://authentik.gmem.ca";
description = "OIDC SSO";
};
}
{ NextDNS = {
icon = "nextdns.png";
href = "https://my.nextdns.io";
description = "DNS provider";
widget = {
type = "nextdns";
profile = "bcee89";
key = "{{HOMEPAGE_VAR_NEXTDNS_KEY}}";
};
};
}
{ "Proxmox Sandbox" = {
icon = "proxmox.png";
href = "https://proxmox.scorpion-ghost.ts.net";
description = "Sandbox proxmox instance on Hetzner";
widget = {
type = "proxmox";
url = "https://proxmox.scorpion-ghost.ts.net";
username = "api@pam!homepage";
password = "{{HOMEPAGE_VAR_PROXMOX_PASSWORD}}";
};
};
}
{ Tailscale = {
icon = "tailscale.png";
href = "https://login.tailscale.com";
description = "VPN provider";
};
}
{ Git = {
icon = "forgejo.png";
href = "https://git.gmem.ca";
description = "Git forge";
};
}
];
}
{
"Floofy.tech Infrastructure" = [
{ Mastodon = {
icon = "mastodon.png";
href = "https://floofy.tech";
description = "Primary Mastodon instance";
widget = {
type = "mastodon";
url = "https://floofy.tech";
};
};
}
{ Grafana = {
icon = "grafana.png";
href = "https://grafana.services.floofy.tech";
description = "Metrics and Monitoring";
};
}
{ vSphere = {
icon = "vmware-esxi.png";
href = "https://vcenter.services.floofy.tech";
description = "Hypervisor Manager";
};
}
{ "vrclub.social" = {
icon = "calckey.png";
href = "https://vrclub.social";
description = "Firefish instance for VR clubs";
};
}
];
}
{
"Tools" = [
{ "IT Tools" = {
icon = "it-tools.png";
href = "https://tools.gmem.ca";
description = "Various useful tools";
};
}
{ Cyberchef = {
icon = "cyberchef.png";
href = "https://gchq.github.io/CyberChef/";
description = "More useful tools, mostly text manipulation";
};
}
];
}
{
"Backup Status" = [
{ "gsimmer backups" = {
icon = "healthchecks.png";
href = "https://healthchecks.gmem.ca";
description = "Uptime monitor for recurring tasks";
widget = {
type = "healthchecks";
url = "https://healthchecks.gmem.ca";
key = "{{HOMEPAGE_VAR_HEALTHCHECKS_KEY}}";
uuid = "617d460f-69f6-444f-852a-421861543327";
};
};
}
{ "becki backups" = {
icon = "healthchecks.png";
href = "https://healthchecks.gmem.ca";
description = "Uptime monitor for recurring tasks";
widget = {
type = "healthchecks";
url = "https://healthchecks.gmem.ca";
key = "{{HOMEPAGE_VAR_HEALTHCHECKS_KEY}}";
uuid = "9d01d3dd-2a56-4c70-9b5c-9cb99a1466db";
};
};
}
{ "apps backups" = {
icon = "healthchecks.png";
href = "https://healthchecks.gmem.ca";
description = "Uptime monitor for recurring tasks";
widget = {
type = "healthchecks";
url = "https://healthchecks.gmem.ca";
key = "{{HOMEPAGE_VAR_HEALTHCHECKS_KEY}}";
uuid = "37a854b0-9191-4452-aa30-df3969d59b09";
};
};
}
];
}
];
settings = {
title = "Arch's Homepage";
providers.openweathermap = "{{HOMEPAGE_VAR_WEATHER_KEY}}";
background = {
image = "https://images.unsplash.com/photo-1502790671504-542ad42d5189?auto=format&fit=crop&w=2560&q=80";
blur = "sm";
opacity = 50;
};
base = "https://home.gmem.ca";
layout.Media.style = "row";
layout.Media.columns = "3";
layout."Backup Status".style = "row";
layout."Backup Status".columns = "3";
};
kubernetes.mode = "cluster";
widgets = [
{
logo.icon = "https://gmem.ca/avatar.png";
}
{
kubernetes = {
cluster.show = true;
nodes.show = true;
};
}
{
search = {
provider = "duckduckgo";
};
}
{
openweathermap = {
provider = "openweathermap";
cache = 5;
units = "metric";
};
}
];
};
};
};
kubernetes.resources.deployments.homepage = {
metadata.namespace = "default";
spec.template.spec.containers.homepage.envFrom = [ { secretRef.name = "homepage-config"; } ];
};
}

0
homelab/ingress.yml Normal file
View file

6
homelab/kubernetes.nix
View file

@ -1,8 +1,6 @@
{ lib, config, kubenix, ... }: {
imports = [ kubenix.modules.k8s kubenix.modules.helm
imports = [ kubenix.modules.k8s
(import ./custom.nix)
(import ./nginx.nix)
(import ./tclip.nix)
(import ./vrchat-prometheus-exporter.nix)
(import ./homepage.nix) ];
(import ./vrchat-prometheus-exporter.nix) ];
}

18
homelab/nginx-ingress.yml Normal file
View file

@ -0,0 +1,18 @@
controller:
replicaCount: 2
metrics:
enabled: true
serviceMonitor:
enabled: true
additionalLabels:
release: "prometheus"
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "10254"
ingressClassResource:
default: true
publishService:
enabled: true
service:
externalTrafficPolicy: Local
hostNetwork: true

28
homelab/nginx.nix
View file

@ -1,28 +0,0 @@
{ lib, config, kubenix, ... }: {
kubernetes.helm.releases.ingress-nginx = {
namespace = "ingress-nginx";
chart = kubenix.lib.helm.fetch {
repo = "https://kubernetes.github.io/ingress-nginx";
chart = "ingress-nginx";
version = "4.8.3";
sha256 = "sha256-zahjdtb4zYtGcft0YYpT5DS+KHhZgpRWg5q+3n8zVsk=";
};
values = {
controller = {
kind = "DaemonSet";
metrics = {
enabled = true;
additionalLabels.release = "prometheus";
};
podAnnotations = {
"prometheus.io/scrape" = "true";
"prometheus.io/port" = "10254";
};
ingressClassResource.default = true;
publishService.enabled = true;
service.externalTrafficPolicy = "Local";
hostNetwork = true;
};
};
};
}