Compare commits
9 commits
4c46c0b825
...
e687676b8f
Author | SHA1 | Date | |
---|---|---|---|
Gabriel Simmer | e687676b8f | ||
Gabriel Simmer | 430c650e2e | ||
Gabriel Simmer | 227ee9d92c | ||
Gabriel Simmer | 8986d88304 | ||
Gabriel Simmer | e91468a73b | ||
Gabriel Simmer | bb4e58dc60 | ||
Gabriel Simmer | 71d35e3bae | ||
Gabriel Simmer | b1d0996721 | ||
Gabriel Simmer | 6a7e47a9e8 |
85
flake.lock
85
flake.lock
|
@ -180,7 +180,7 @@
|
||||||
},
|
},
|
||||||
"flake-utils_2": {
|
"flake-utils_2": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems_2"
|
"systems": "systems_3"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1710146030,
|
"lastModified": 1710146030,
|
||||||
|
@ -239,11 +239,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1713294767,
|
"lastModified": 1713713092,
|
||||||
"narHash": "sha256-LmaabaQZdx52MPGKPRt9Opoc9Gd9RbwvCdysUUYQoXI=",
|
"narHash": "sha256-rvyr6BBtn3cq5B/48rhJlbIOpxprwlO/71663sd9Gik=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "fa8c16e2452bf092ac76f09ee1fb1e9f7d0796e7",
|
"rev": "2846d5230a3c3923618eabb367deaf8885df580f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -279,11 +279,11 @@
|
||||||
"nixpkgs-lib": "nixpkgs-lib"
|
"nixpkgs-lib": "nixpkgs-lib"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1713105314,
|
"lastModified": 1713701427,
|
||||||
"narHash": "sha256-X3URKbcgIy4UaQGrsy3DmY5x+fePQ5IYaa76YewoUE0=",
|
"narHash": "sha256-v6z8hz/UDaC/rbnkH+hxGFUxlNyseVntRetVpSxLU6c=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "lib-aggregate",
|
"repo": "lib-aggregate",
|
||||||
"rev": "f347ed9a1cab12c27541ed4d173e2f2d5c9bc0bb",
|
"rev": "3b32a98eb3053f8c8ca55497d1881443ef2996e6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -297,7 +297,7 @@
|
||||||
"flake-parts": "flake-parts",
|
"flake-parts": "flake-parts",
|
||||||
"nix-github-actions": "nix-github-actions",
|
"nix-github-actions": "nix-github-actions",
|
||||||
"nixpkgs": "nixpkgs_6",
|
"nixpkgs": "nixpkgs_6",
|
||||||
"treefmt-nix": "treefmt-nix"
|
"treefmt-nix": "treefmt-nix_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1705242886,
|
"lastModified": 1705242886,
|
||||||
|
@ -373,14 +373,16 @@
|
||||||
"flake-compat": "flake-compat_2",
|
"flake-compat": "flake-compat_2",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
]
|
],
|
||||||
|
"systems": "systems_2",
|
||||||
|
"treefmt-nix": "treefmt-nix"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1708022692,
|
"lastModified": 1713393417,
|
||||||
"narHash": "sha256-T2o3XwFWK5bYNnVqEYdW9JqmOtgpn26/GCgbrVJ47ls=",
|
"narHash": "sha256-YriEUgA8u37V859nbSpqeYlL/GiezzeBIyBAAzhxZaI=",
|
||||||
"owner": "Janik-Haag",
|
"owner": "Janik-Haag",
|
||||||
"repo": "nixos-dns",
|
"repo": "nixos-dns",
|
||||||
"rev": "0205c8cc6b4f7f75689a922b0bf20730c64a51f4",
|
"rev": "1cf30ea07873b291fc39265d4c6dc63bfdf67ad7",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -412,11 +414,11 @@
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1712909959,
|
"lastModified": 1713521961,
|
||||||
"narHash": "sha256-7/5ubuwdEbQ7Z+Vqd4u0mM5L2VMNDsBh54visp27CtQ=",
|
"narHash": "sha256-EwR8wW9AqJhSIY+0oxWRybUZ32BVKuZ9bjlRh8SJvQ8=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "f58b25254be441cd2a9b4b444ed83f1e51244f1f",
|
"rev": "5d48925b815fd202781bfae8fb6f45c07112fdb2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -444,11 +446,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-lib": {
|
"nixpkgs-lib": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1713055793,
|
"lastModified": 1713660444,
|
||||||
"narHash": "sha256-vIrZQykYW32RnlI2lT/gCcB59BOIqqrAmPirBdiirrc=",
|
"narHash": "sha256-2bVnrEGyWJhRNKspzfTJmVD/fsH9HQURD4cWpz79Ulw=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixpkgs.lib",
|
"repo": "nixpkgs.lib",
|
||||||
"rev": "361d8a4f443bbfab20bd6d222f9022b8c6665906",
|
"rev": "6882347415e352cfc9c277cc01f73e0f5cb7b93c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -467,11 +469,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1713349019,
|
"lastModified": 1713719682,
|
||||||
"narHash": "sha256-H8FjOiATw0/k2fq2VcCE7Vov5Ic+S1x0h4nDImM1cUQ=",
|
"narHash": "sha256-d6YzWLGoHF3si3fHZ5qv587gR16Bgk7EQgrvgtCaoRM=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixpkgs-wayland",
|
"repo": "nixpkgs-wayland",
|
||||||
"rev": "f8c128a08d5873682e8518af7c401512381cfd73",
|
"rev": "df1a94e03aaf5324dd2d9fe6d965422d26d1e6e1",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -530,11 +532,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_5": {
|
"nixpkgs_5": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1713254108,
|
"lastModified": 1713687659,
|
||||||
"narHash": "sha256-0TZIsfDbHG5zibtlw6x0yOp3jkInIGaJ35B7Y4G8Pec=",
|
"narHash": "sha256-Yd8KuOBpZ0Slau/NxFhMPJI0gBxeax0vq/FD0rqKwuQ=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "2fd19c8be2551a61c1ddc3d9f86d748f4db94f00",
|
"rev": "f2d7a289c5a5ece8521dd082b81ac7e4a57c2c5c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -605,6 +607,20 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"systems_2": {
|
"systems_2": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681028828,
|
||||||
|
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"id": "systems",
|
||||||
|
"type": "indirect"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"systems_3": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1681028828,
|
"lastModified": 1681028828,
|
||||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||||
|
@ -678,6 +694,27 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"treefmt-nix": {
|
"treefmt-nix": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"nixos-dns",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1711963903,
|
||||||
|
"narHash": "sha256-N3QDhoaX+paWXHbEXZapqd1r95mdshxToGowtjtYkGI=",
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "treefmt-nix",
|
||||||
|
"rev": "49dc4a92b02b8e68798abd99184f228243b6e3ac",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "numtide",
|
||||||
|
"repo": "treefmt-nix",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"treefmt-nix_2": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs-wayland",
|
"nixpkgs-wayland",
|
||||||
|
|
66
flake.nix
66
flake.nix
|
@ -54,7 +54,7 @@
|
||||||
owner = "octodns";
|
owner = "octodns";
|
||||||
repo = pname;
|
repo = pname;
|
||||||
rev = "main";
|
rev = "main";
|
||||||
sha256 = "sha256-KVdH55wkTk2n2t/Y+n9+/5SCk3ml8vXIlFbtmOL4DlA=";
|
sha256 = "sha256-cBdR6LCIivR4L9PePy5ZOOhV/JdanlujWgueCQma9fo=";
|
||||||
};
|
};
|
||||||
doCheck = false;
|
doCheck = false;
|
||||||
propagatedBuildInputs = with pkgs.python3Packages; [
|
propagatedBuildInputs = with pkgs.python3Packages; [
|
||||||
|
@ -163,26 +163,26 @@
|
||||||
libraries = [
|
libraries = [
|
||||||
pkgs.python3Packages.requests
|
pkgs.python3Packages.requests
|
||||||
];
|
];
|
||||||
flakeIgnore = [ "E501" ];
|
flakeIgnore = ["E501"];
|
||||||
}
|
}
|
||||||
''
|
''
|
||||||
import json
|
import json
|
||||||
import requests
|
import requests
|
||||||
import os
|
import os
|
||||||
|
|
||||||
auth = os.getenv("NEXTDNS_API_KEY")
|
auth = os.getenv("NEXTDNS_API_KEY")
|
||||||
g
|
|
||||||
with open('${self.packages.x86_64-linux.nextdns-rewrites}', 'r') as file:
|
|
||||||
rewrites = json.load(file)
|
|
||||||
|
|
||||||
for profile in rewrites:
|
with open('${self.packages.x86_64-linux.nextdns-rewrites}', 'r') as file:
|
||||||
for rewrite in rewrites[profile]:
|
rewrites = json.load(file)
|
||||||
print(json.dumps(rewrite))
|
|
||||||
req = requests.post(
|
for profile in rewrites:
|
||||||
f'https://api.nextdns.io/profiles/{profile}/rewrites', data=json.dumps(rewrite),
|
for rewrite in rewrites[profile]:
|
||||||
headers={'X-Api-Key': auth, 'Content-Type': 'application/json'}
|
print(json.dumps(rewrite))
|
||||||
)
|
req = requests.post(
|
||||||
print(req.text)
|
f'https://api.nextdns.io/profiles/{profile}/rewrites', data=json.dumps(rewrite),
|
||||||
|
headers={'X-Api-Key': auth, 'Content-Type': 'application/json'}
|
||||||
|
)
|
||||||
|
print(req.text)
|
||||||
'');
|
'');
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -402,6 +402,38 @@ g
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
dnsmasq = nixpkgs.lib.nixosSystem {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
modules = [
|
||||||
|
agenix.nixosModules.default
|
||||||
|
(import ./nix/dnsmasq/configuration.nix)
|
||||||
|
{
|
||||||
|
_module.args.nixinate = {
|
||||||
|
host = "192.168.50.87";
|
||||||
|
sshUser = "root";
|
||||||
|
buildOn = "remote";
|
||||||
|
substituteOnTarget = true;
|
||||||
|
hermetic = false;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
dnsmasq-floof = nixpkgs.lib.nixosSystem {
|
||||||
|
system = "x86_64-linux";
|
||||||
|
modules = [
|
||||||
|
agenix.nixosModules.default
|
||||||
|
(import ./nix/dnsmasq-floof/configuration.nix)
|
||||||
|
{
|
||||||
|
_module.args.nixinate = {
|
||||||
|
host = "10.230.101.104";
|
||||||
|
sshUser = "root";
|
||||||
|
buildOn = "remote";
|
||||||
|
substituteOnTarget = true;
|
||||||
|
hermetic = false;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,12 +0,0 @@
|
||||||
# http://editorconfig.org
|
|
||||||
root = true
|
|
||||||
|
|
||||||
[*]
|
|
||||||
indent_style = tab
|
|
||||||
end_of_line = lf
|
|
||||||
charset = utf-8
|
|
||||||
trim_trailing_whitespace = true
|
|
||||||
insert_final_newline = true
|
|
||||||
|
|
||||||
[*.yml]
|
|
||||||
indent_style = space
|
|
172
friends/.gitignore
vendored
172
friends/.gitignore
vendored
|
@ -1,172 +0,0 @@
|
||||||
# Logs
|
|
||||||
|
|
||||||
logs
|
|
||||||
_.log
|
|
||||||
npm-debug.log_
|
|
||||||
yarn-debug.log*
|
|
||||||
yarn-error.log*
|
|
||||||
lerna-debug.log*
|
|
||||||
.pnpm-debug.log*
|
|
||||||
|
|
||||||
# Diagnostic reports (https://nodejs.org/api/report.html)
|
|
||||||
|
|
||||||
report.[0-9]_.[0-9]_.[0-9]_.[0-9]_.json
|
|
||||||
|
|
||||||
# Runtime data
|
|
||||||
|
|
||||||
pids
|
|
||||||
_.pid
|
|
||||||
_.seed
|
|
||||||
\*.pid.lock
|
|
||||||
|
|
||||||
# Directory for instrumented libs generated by jscoverage/JSCover
|
|
||||||
|
|
||||||
lib-cov
|
|
||||||
|
|
||||||
# Coverage directory used by tools like istanbul
|
|
||||||
|
|
||||||
coverage
|
|
||||||
\*.lcov
|
|
||||||
|
|
||||||
# nyc test coverage
|
|
||||||
|
|
||||||
.nyc_output
|
|
||||||
|
|
||||||
# Grunt intermediate storage (https://gruntjs.com/creating-plugins#storing-task-files)
|
|
||||||
|
|
||||||
.grunt
|
|
||||||
|
|
||||||
# Bower dependency directory (https://bower.io/)
|
|
||||||
|
|
||||||
bower_components
|
|
||||||
|
|
||||||
# node-waf configuration
|
|
||||||
|
|
||||||
.lock-wscript
|
|
||||||
|
|
||||||
# Compiled binary addons (https://nodejs.org/api/addons.html)
|
|
||||||
|
|
||||||
build/Release
|
|
||||||
|
|
||||||
# Dependency directories
|
|
||||||
|
|
||||||
node_modules/
|
|
||||||
jspm_packages/
|
|
||||||
|
|
||||||
# Snowpack dependency directory (https://snowpack.dev/)
|
|
||||||
|
|
||||||
web_modules/
|
|
||||||
|
|
||||||
# TypeScript cache
|
|
||||||
|
|
||||||
\*.tsbuildinfo
|
|
||||||
|
|
||||||
# Optional npm cache directory
|
|
||||||
|
|
||||||
.npm
|
|
||||||
|
|
||||||
# Optional eslint cache
|
|
||||||
|
|
||||||
.eslintcache
|
|
||||||
|
|
||||||
# Optional stylelint cache
|
|
||||||
|
|
||||||
.stylelintcache
|
|
||||||
|
|
||||||
# Microbundle cache
|
|
||||||
|
|
||||||
.rpt2_cache/
|
|
||||||
.rts2_cache_cjs/
|
|
||||||
.rts2_cache_es/
|
|
||||||
.rts2_cache_umd/
|
|
||||||
|
|
||||||
# Optional REPL history
|
|
||||||
|
|
||||||
.node_repl_history
|
|
||||||
|
|
||||||
# Output of 'npm pack'
|
|
||||||
|
|
||||||
\*.tgz
|
|
||||||
|
|
||||||
# Yarn Integrity file
|
|
||||||
|
|
||||||
.yarn-integrity
|
|
||||||
|
|
||||||
# dotenv environment variable files
|
|
||||||
|
|
||||||
.env
|
|
||||||
.env.development.local
|
|
||||||
.env.test.local
|
|
||||||
.env.production.local
|
|
||||||
.env.local
|
|
||||||
|
|
||||||
# parcel-bundler cache (https://parceljs.org/)
|
|
||||||
|
|
||||||
.cache
|
|
||||||
.parcel-cache
|
|
||||||
|
|
||||||
# Next.js build output
|
|
||||||
|
|
||||||
.next
|
|
||||||
out
|
|
||||||
|
|
||||||
# Nuxt.js build / generate output
|
|
||||||
|
|
||||||
.nuxt
|
|
||||||
dist
|
|
||||||
|
|
||||||
# Gatsby files
|
|
||||||
|
|
||||||
.cache/
|
|
||||||
|
|
||||||
# Comment in the public line in if your project uses Gatsby and not Next.js
|
|
||||||
|
|
||||||
# https://nextjs.org/blog/next-9-1#public-directory-support
|
|
||||||
|
|
||||||
# public
|
|
||||||
|
|
||||||
# vuepress build output
|
|
||||||
|
|
||||||
.vuepress/dist
|
|
||||||
|
|
||||||
# vuepress v2.x temp and cache directory
|
|
||||||
|
|
||||||
.temp
|
|
||||||
.cache
|
|
||||||
|
|
||||||
# Docusaurus cache and generated files
|
|
||||||
|
|
||||||
.docusaurus
|
|
||||||
|
|
||||||
# Serverless directories
|
|
||||||
|
|
||||||
.serverless/
|
|
||||||
|
|
||||||
# FuseBox cache
|
|
||||||
|
|
||||||
.fusebox/
|
|
||||||
|
|
||||||
# DynamoDB Local files
|
|
||||||
|
|
||||||
.dynamodb/
|
|
||||||
|
|
||||||
# TernJS port file
|
|
||||||
|
|
||||||
.tern-port
|
|
||||||
|
|
||||||
# Stores VSCode versions used for testing VSCode extensions
|
|
||||||
|
|
||||||
.vscode-test
|
|
||||||
|
|
||||||
# yarn v2
|
|
||||||
|
|
||||||
.yarn/cache
|
|
||||||
.yarn/unplugged
|
|
||||||
.yarn/build-state.yml
|
|
||||||
.yarn/install-state.gz
|
|
||||||
.pnp.\*
|
|
||||||
|
|
||||||
# wrangler project
|
|
||||||
|
|
||||||
.dev.vars
|
|
||||||
.wrangler/
|
|
|
@ -1,6 +0,0 @@
|
||||||
{
|
|
||||||
"printWidth": 140,
|
|
||||||
"singleQuote": true,
|
|
||||||
"semi": true,
|
|
||||||
"useTabs": true
|
|
||||||
}
|
|
2930
friends/package-lock.json
generated
2930
friends/package-lock.json
generated
File diff suppressed because it is too large
Load diff
|
@ -1,16 +0,0 @@
|
||||||
{
|
|
||||||
"name": "friends",
|
|
||||||
"version": "0.0.0",
|
|
||||||
"private": true,
|
|
||||||
"scripts": {
|
|
||||||
"deploy": "wrangler deploy",
|
|
||||||
"dev": "wrangler dev",
|
|
||||||
"start": "wrangler dev",
|
|
||||||
"test": "vitest"
|
|
||||||
},
|
|
||||||
"devDependencies": {
|
|
||||||
"wrangler": "^3.0.0",
|
|
||||||
"vitest": "1.3.0",
|
|
||||||
"@cloudflare/vitest-pool-workers": "^0.1.0"
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,20 +0,0 @@
|
||||||
<!DOCTYPE html>
|
|
||||||
<html lang="en">
|
|
||||||
<head>
|
|
||||||
<meta charset="UTF-8">
|
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1" />
|
|
||||||
<meta name="description" content="I'm a silly dog">
|
|
||||||
<title>friends of the arch.dog</title>
|
|
||||||
<link rel="stylesheet" href="/styles.css">
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<main><div id="error"></div>
|
|
||||||
<header>
|
|
||||||
<img src="/avatar.png" alt="A cute golden retriever with a stylish blue hairstyle and glasses">
|
|
||||||
<h1>Friends of Arch</h1>
|
|
||||||
</header>
|
|
||||||
<p>A collection of wonderful beans across the internet.</p>
|
|
||||||
<div id="friends"></div>
|
|
||||||
</main>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
|
@ -1,54 +0,0 @@
|
||||||
import friendsPage from "./index.html";
|
|
||||||
|
|
||||||
export default {
|
|
||||||
async fetch(request, env, ctx) {
|
|
||||||
const renderFriends = async (error) => {
|
|
||||||
const friends = await env.FRIENDS.list();
|
|
||||||
const friendList = await Promise.all(friends.keys.map(async f => {
|
|
||||||
if (f.metadata && f.metadata.noImage) {
|
|
||||||
const value = await env.FRIENDS.get(f.name);
|
|
||||||
return `<a href="https://${f.name}"><p>${value}</p></a>`
|
|
||||||
}
|
|
||||||
return `<a href="https://${f.name}"><img src="./${f.name}" alt="${f.name}"></a>`
|
|
||||||
}));
|
|
||||||
|
|
||||||
return new HTMLRewriter()
|
|
||||||
.on("#friends", {
|
|
||||||
element(element) {
|
|
||||||
element.setInnerContent(friendList.join("\n"), { html: true });
|
|
||||||
},
|
|
||||||
})
|
|
||||||
.on("#error", {
|
|
||||||
element(element) {
|
|
||||||
if (error) {
|
|
||||||
element.setInnerContent(error);
|
|
||||||
} else {
|
|
||||||
element.remove();
|
|
||||||
}
|
|
||||||
},
|
|
||||||
})
|
|
||||||
.transform(
|
|
||||||
new Response(friendsPage, { headers: { "Content-Type": "text/html" } }),
|
|
||||||
);
|
|
||||||
};
|
|
||||||
|
|
||||||
|
|
||||||
const url = new URL(request.url);
|
|
||||||
|
|
||||||
const { pathname } = url;
|
|
||||||
const friend = pathname.replace("/friends", "", 1);
|
|
||||||
switch (friend) {
|
|
||||||
case "":
|
|
||||||
return Response.redirect("https://arch.dog/friends/", 301);
|
|
||||||
case "/":
|
|
||||||
return await renderFriends()
|
|
||||||
default:
|
|
||||||
const { value, metadata } = await env.FRIENDS.getWithMetadata(friend.replace("/", "", 1), { type: "stream" });
|
|
||||||
if (value === null) {
|
|
||||||
return new Response("not found", {status: 404});
|
|
||||||
}
|
|
||||||
|
|
||||||
return new Response(value, {});
|
|
||||||
}
|
|
||||||
},
|
|
||||||
};
|
|
|
@ -1,20 +0,0 @@
|
||||||
import { env, createExecutionContext, waitOnExecutionContext, SELF } from "cloudflare:test";
|
|
||||||
import { describe, it, expect } from "vitest";
|
|
||||||
import worker from "../src";
|
|
||||||
|
|
||||||
describe("Hello World worker", () => {
|
|
||||||
it("responds with Hello World! (unit style)", async () => {
|
|
||||||
const request = new Request("http://example.com");
|
|
||||||
// Create an empty context to pass to `worker.fetch()`.
|
|
||||||
const ctx = createExecutionContext();
|
|
||||||
const response = await worker.fetch(request, env, ctx);
|
|
||||||
// Wait for all `Promise`s passed to `ctx.waitUntil()` to settle before running test assertions
|
|
||||||
await waitOnExecutionContext(ctx);
|
|
||||||
expect(await response.text()).toMatchInlineSnapshot(`"Hello World!"`);
|
|
||||||
});
|
|
||||||
|
|
||||||
it("responds with Hello World! (integration style)", async () => {
|
|
||||||
const response = await SELF.fetch("http://example.com");
|
|
||||||
expect(await response.text()).toMatchInlineSnapshot(`"Hello World!"`);
|
|
||||||
});
|
|
||||||
});
|
|
|
@ -1,11 +0,0 @@
|
||||||
import { defineWorkersConfig } from "@cloudflare/vitest-pool-workers/config";
|
|
||||||
|
|
||||||
export default defineWorkersConfig({
|
|
||||||
test: {
|
|
||||||
poolOptions: {
|
|
||||||
workers: {
|
|
||||||
wrangler: { configPath: "./wrangler.toml" },
|
|
||||||
},
|
|
||||||
},
|
|
||||||
},
|
|
||||||
});
|
|
|
@ -1,20 +0,0 @@
|
||||||
#:schema node_modules/wrangler/config-schema.json
|
|
||||||
name = "friends"
|
|
||||||
main = "src/index.js"
|
|
||||||
compatibility_date = "2024-04-05"
|
|
||||||
compatibility_flags = ["nodejs_compat"]
|
|
||||||
|
|
||||||
workers_dev = false
|
|
||||||
|
|
||||||
[limits]
|
|
||||||
cpu_ms = 10
|
|
||||||
|
|
||||||
kv_namespaces = [
|
|
||||||
{ binding = "FRIENDS", id = "4c7b1469a4cb4050b0c8b8b41a7396aa", preview_id = "4c7b1469a4cb4050b0c8b8b41a7396aa" }
|
|
||||||
]
|
|
||||||
|
|
||||||
routes = [
|
|
||||||
{ pattern = "arch.dog/friends", zone_name = "arch.dog" },
|
|
||||||
{ pattern = "arch.dog/friends/*", zone_name = "arch.dog" }
|
|
||||||
]
|
|
||||||
|
|
|
@ -1,51 +1,49 @@
|
||||||
image:
|
|
||||||
tag: 2024.2.1
|
|
||||||
|
|
||||||
authentik:
|
authentik:
|
||||||
error_reporting:
|
error_reporting:
|
||||||
enabled: false
|
enabled: false
|
||||||
env:
|
global:
|
||||||
AUTHENTIK_WEB__THREADS: "2"
|
image:
|
||||||
envValueFrom:
|
tag: 2024.2.3
|
||||||
AUTHENTIK_SECRET_KEY:
|
env:
|
||||||
secretKeyRef:
|
- name: AUTHENTIK_WEB__THREADS
|
||||||
name: authentik-secrets
|
value: "2"
|
||||||
key: secret-key
|
- name: AUTHENTIK_SECRET_KEY
|
||||||
AUTHENTIK_POSTGRESQL__HOST:
|
valueFrom:
|
||||||
secretKeyRef:
|
secretKeyRef:
|
||||||
name: hippo-pguser-authentik
|
name: authentik-secrets
|
||||||
key: host
|
key: secret-key
|
||||||
AUTHENTIK_POSTGRESQL__PASSWORD:
|
- name: AUTHENTIK_POSTGRESQL__HOST
|
||||||
secretKeyRef:
|
valueFrom:
|
||||||
name: hippo-pguser-authentik
|
secretKeyRef:
|
||||||
key: password
|
name: hippo-pguser-authentik
|
||||||
AUTHENTIK_POSTGRESQL__USER:
|
key: host
|
||||||
secretKeyRef:
|
- name: AUTHENTIK_POSTGRESQL__PASSWORD
|
||||||
name: hippo-pguser-authentik
|
valueFrom:
|
||||||
key: user
|
secretKeyRef:
|
||||||
AUTHENTIK_POSTGRESQL__PORT:
|
name: hippo-pguser-authentik
|
||||||
secretKeyRef:
|
key: password
|
||||||
name: hippo-pguser-authentik
|
- name: AUTHENTIK_POSTGRESQL__USER
|
||||||
key: port
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: hippo-pguser-authentik
|
||||||
|
key: user
|
||||||
|
- name: AUTHENTIK_POSTGRESQL__PORT
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: hippo-pguser-authentik
|
||||||
|
key: port
|
||||||
|
|
||||||
prometheus:
|
server:
|
||||||
serviceMonitor:
|
metrics:
|
||||||
create: true
|
enabled: true
|
||||||
|
ingress:
|
||||||
ingress:
|
|
||||||
# Specify kubernetes ingress controller class name
|
# Specify kubernetes ingress controller class name
|
||||||
ingressClassName: nginx
|
ingressClassName: nginx
|
||||||
enabled: true
|
enabled: true
|
||||||
hosts:
|
hosts: [ authentik.gmem.ca ]
|
||||||
# Specify external host name
|
tls:
|
||||||
- host: authentik.gmem.ca
|
- hosts:
|
||||||
paths:
|
- authentik.gmem.ca
|
||||||
- path: "/"
|
secretName: gmem-ca-wildcard
|
||||||
pathType: Prefix
|
|
||||||
# Specify external host name
|
|
||||||
- host: prometheus.gmem.ca
|
|
||||||
paths:
|
|
||||||
- path: "/"
|
|
||||||
pathType: Prefix
|
|
||||||
redis:
|
redis:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
|
@ -130,6 +130,13 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
"Paperless-ngx" = {
|
||||||
|
icon = "paperless-ngx.png";
|
||||||
|
href = "https://docs.gmem.ca";
|
||||||
|
description = "Document storage and indexing";
|
||||||
|
};
|
||||||
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
|
|
|
@ -2,35 +2,35 @@ let
|
||||||
appName = "nitter-bot";
|
appName = "nitter-bot";
|
||||||
appImage = "git.gmem.ca/arch/nitter-bot:latest";
|
appImage = "git.gmem.ca/arch/nitter-bot:latest";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
lib,
|
lib,
|
||||||
config,
|
config,
|
||||||
kubenix,
|
kubenix,
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
kubernetes.resources.statefulSets.nitter-bot.spec = {
|
kubernetes.resources.statefulSets.nitter-bot.spec = {
|
||||||
selector.matchLabels.app = appName;
|
selector.matchLabels.app = appName;
|
||||||
serviceName = appName;
|
serviceName = appName;
|
||||||
template = {
|
template = {
|
||||||
metadata.labels.app = appName;
|
metadata.labels.app = appName;
|
||||||
spec = {
|
spec = {
|
||||||
containers = {
|
containers = {
|
||||||
nitter-bot = {
|
nitter-bot = {
|
||||||
image = appImage;
|
image = appImage;
|
||||||
envFrom = [{secretRef.name = "nitter-bot";}];
|
envFrom = [{secretRef.name = "nitter-bot";}];
|
||||||
resources = {
|
resources = {
|
||||||
requests = {
|
requests = {
|
||||||
cpu = "1m";
|
cpu = "1m";
|
||||||
memory = "32Mi";
|
memory = "32Mi";
|
||||||
};
|
};
|
||||||
limits = {
|
limits = {
|
||||||
cpu = "1";
|
cpu = "1";
|
||||||
memory = "128Mi";
|
memory = "128Mi";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
}
|
||||||
}
|
|
||||||
|
|
|
@ -74,7 +74,7 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
kubernetes.resources.cronJobs.piped-refresh.spec = {
|
kubernetes.resources.cronJobs.piped-refresh.spec = {
|
||||||
schedule = "*/5 * * * *";
|
schedule = "*/10 * * * *";
|
||||||
jobTemplate.spec.template.spec = {
|
jobTemplate.spec.template.spec = {
|
||||||
restartPolicy = "Never";
|
restartPolicy = "Never";
|
||||||
containers.refresh-subscriptions = {
|
containers.refresh-subscriptions = {
|
||||||
|
@ -88,7 +88,8 @@
|
||||||
export PGPASSWORD=$password &&
|
export PGPASSWORD=$password &&
|
||||||
export subs=$(psql -U piped -h hippo-primary.default.svc -qtAX -c 'select id from public.pubsub;') &&
|
export subs=$(psql -U piped -h hippo-primary.default.svc -qtAX -c 'select id from public.pubsub;') &&
|
||||||
while IFS= read -r line; do
|
while IFS= read -r line; do
|
||||||
curl -k "https://pipedapi.gmem.ca/channel/$line" > /dev/null
|
echo "refreshing $line"
|
||||||
|
curl -k -S -s -o /dev/null "https://pipedapi.gmem.ca/channel/$line"
|
||||||
done < <(printf '%s' "$subs")
|
done < <(printf '%s' "$subs")
|
||||||
''
|
''
|
||||||
];
|
];
|
||||||
|
|
|
@ -4,53 +4,52 @@ let
|
||||||
"1002:ab30" # Audio
|
"1002:ab30" # Audio
|
||||||
];
|
];
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
pkgs,
|
pkgs,
|
||||||
lib,
|
lib,
|
||||||
config,
|
config,
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
options.vfio.enable = with lib;
|
options.vfio.enable = with lib;
|
||||||
mkEnableOption "Configure the machine for VFIO";
|
mkEnableOption "Configure the machine for VFIO";
|
||||||
|
|
||||||
config = let
|
config = let
|
||||||
cfg = config.vfio;
|
cfg = config.vfio;
|
||||||
in {
|
in {
|
||||||
boot = {
|
boot = {
|
||||||
kernelModules = [ "kvm-amd" "vfio_pci" "vfio" "vfio_iommu_type1" "kvmfr" ];
|
kernelModules = ["kvm-amd" "vfio_pci" "vfio" "vfio_iommu_type1" "kvmfr"];
|
||||||
extraModulePackages = with config.boot.kernelPackages; [
|
extraModulePackages = with config.boot.kernelPackages; [
|
||||||
kvmfr
|
kvmfr
|
||||||
];
|
];
|
||||||
extraModprobeConfig = ''
|
extraModprobeConfig = ''
|
||||||
# The memory size is calculates in the same way as VM's shmem.
|
# The memory size is calculates in the same way as VM's shmem.
|
||||||
options kvmfr static_size_mb=64
|
options kvmfr static_size_mb=64
|
||||||
'';
|
'';
|
||||||
|
|
||||||
kernelParams =
|
kernelParams = [
|
||||||
[
|
|
||||||
"amd_iommu=on"
|
"amd_iommu=on"
|
||||||
"pcie_acs_override=downstream,multifunction"
|
"pcie_acs_override=downstream,multifunction"
|
||||||
"vfio-pci.ids=1002:744c,1002:ab30"
|
"vfio-pci.ids=1002:744c,1002:ab30"
|
||||||
"pcie_aspm=off"
|
"pcie_aspm=off"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
services.udev.extraRules = ''
|
services.udev.extraRules = ''
|
||||||
SUBSYSTEM=="kvmfr", OWNER="gsimmer", GROUP="kvm", MODE="0660"
|
SUBSYSTEM=="kvmfr", OWNER="gsimmer", GROUP="kvm", MODE="0660"
|
||||||
'';
|
'';
|
||||||
hardware.opengl.enable = true;
|
hardware.opengl.enable = true;
|
||||||
virtualisation.spiceUSBRedirection.enable = true;
|
virtualisation.spiceUSBRedirection.enable = true;
|
||||||
virtualisation.libvirtd = {
|
virtualisation.libvirtd = {
|
||||||
qemu = {
|
qemu = {
|
||||||
verbatimConfig = ''
|
verbatimConfig = ''
|
||||||
cgroup_device_acl = [
|
cgroup_device_acl = [
|
||||||
"/dev/null", "/dev/full", "/dev/zero",
|
"/dev/null", "/dev/full", "/dev/zero",
|
||||||
"/dev/random", "/dev/urandom",
|
"/dev/random", "/dev/urandom",
|
||||||
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
|
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
|
||||||
"/dev/rtc","/dev/hpet", "/dev/vfio/vfio",
|
"/dev/rtc","/dev/hpet", "/dev/vfio/vfio",
|
||||||
"/dev/kvmfr0"
|
"/dev/kvmfr0"
|
||||||
]
|
]
|
||||||
'';
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
}
|
||||||
}
|
|
||||||
|
|
80
nix/dnsmasq-floof/configuration.nix
Normal file
80
nix/dnsmasq-floof/configuration.nix
Normal file
|
@ -0,0 +1,80 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page, on
|
||||||
|
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
# Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
age.secrets.dnsmasq-nextdns-profile = {
|
||||||
|
file = ../../secrets/dnsmasq-nextdns-profile.age;
|
||||||
|
owner = "dnsmasq";
|
||||||
|
};
|
||||||
|
|
||||||
|
nix = {
|
||||||
|
settings = {
|
||||||
|
auto-optimise-store = true;
|
||||||
|
experimental-features = ["nix-command" "flakes"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
# Use the systemd-boot EFI boot loader.
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
hostName = "dnsmasq-cache"; # Define your hostname.
|
||||||
|
firewall = {
|
||||||
|
enable = true;
|
||||||
|
allowedUDPPorts = [53];
|
||||||
|
allowedTCPPorts = [22 53 9153];
|
||||||
|
trustedInterfaces = ["enp6s18" "tailscale0"];
|
||||||
|
checkReversePath = "loose";
|
||||||
|
allowedUDPPortRanges = [
|
||||||
|
{
|
||||||
|
from = 3000;
|
||||||
|
to = 22000;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
nftables.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services = {
|
||||||
|
openssh.enable = true;
|
||||||
|
tailscale.enable = true;
|
||||||
|
dnsmasq = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
interface = "tailscale0";
|
||||||
|
cache-size = "4000";
|
||||||
|
no-resolv = true;
|
||||||
|
bogus-priv = true;
|
||||||
|
strict-order = true;
|
||||||
|
server = ["2a07:a8c1::" "45.90.30.0" "2a07:a8c0::" "45.90.28.0"];
|
||||||
|
conf-file = "${config.age.secrets.dnsmasq-nextdns-profile.path}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
systemPackages = with pkgs; [
|
||||||
|
tailscale
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers = {
|
||||||
|
dnsmasq_exporter = {
|
||||||
|
image = "git.gmem.ca/arch/dnsmasq_exporter";
|
||||||
|
extraOptions = ["--network=host"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "23.11"; # Did you read the comment?
|
||||||
|
}
|
32
nix/dnsmasq-floof/disk-config.nix
Normal file
32
nix/dnsmasq-floof/disk-config.nix
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
{
|
||||||
|
disko.devices = {
|
||||||
|
disk = {
|
||||||
|
my-disk = {
|
||||||
|
device = "/dev/sda";
|
||||||
|
type = "disk";
|
||||||
|
content = {
|
||||||
|
type = "gpt";
|
||||||
|
partitions = {
|
||||||
|
ESP = {
|
||||||
|
type = "EF00";
|
||||||
|
size = "500M";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "vfat";
|
||||||
|
mountpoint = "/boot";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
root = {
|
||||||
|
size = "100%";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "ext4";
|
||||||
|
mountpoint = "/";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
33
nix/dnsmasq-floof/hardware-configuration.nix
Normal file
33
nix/dnsmasq-floof/hardware-configuration.nix
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
(modulesPath + "/profiles/qemu-guest.nix")
|
||||||
|
''${builtins.fetchTarball {
|
||||||
|
url = "https://github.com/nix-community/disko/archive/master.tar.gz";
|
||||||
|
sha256 = "0qyl65hs2j4f5ffj2lv5kb4hc1gradkqvv2j35hbdyiik155l4gn";
|
||||||
|
}}/module.nix''
|
||||||
|
./disk-config.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
|
||||||
|
boot.initrd.kernelModules = [];
|
||||||
|
boot.kernelModules = [];
|
||||||
|
boot.extraModulePackages = [];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.enp6s18.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
}
|
90
nix/dnsmasq/configuration.nix
Normal file
90
nix/dnsmasq/configuration.nix
Normal file
|
@ -0,0 +1,90 @@
|
||||||
|
# Edit this configuration file to define what should be installed on
|
||||||
|
# your system. Help is available in the configuration.nix(5) man page, on
|
||||||
|
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
# Include the results of the hardware scan.
|
||||||
|
./hardware-configuration.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
age.secrets.dnsmasq-nextdns-profile = {
|
||||||
|
file = ../../secrets/dnsmasq-nextdns-profile.age;
|
||||||
|
owner = "dnsmasq";
|
||||||
|
};
|
||||||
|
|
||||||
|
nix = {
|
||||||
|
settings = {
|
||||||
|
auto-optimise-store = true;
|
||||||
|
experimental-features = ["nix-command" "flakes"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
# Use the systemd-boot EFI boot loader.
|
||||||
|
boot.loader.systemd-boot.enable = true;
|
||||||
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
networking = {
|
||||||
|
hostName = "dnsmasq-cache"; # Define your hostname.
|
||||||
|
useDHCP = false;
|
||||||
|
|
||||||
|
interfaces.enp6s18.ipv4.addresses = [
|
||||||
|
{
|
||||||
|
address = "192.168.50.87";
|
||||||
|
prefixLength = 24;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
nameservers = ["1.1.1.1" "1.0.0.1"];
|
||||||
|
firewall = {
|
||||||
|
enable = true;
|
||||||
|
allowedUDPPorts = [53];
|
||||||
|
allowedTCPPorts = [22 53 9153];
|
||||||
|
trustedInterfaces = ["enp6s18" "tailscale0"];
|
||||||
|
checkReversePath = "loose";
|
||||||
|
allowedUDPPortRanges = [
|
||||||
|
{
|
||||||
|
from = 3000;
|
||||||
|
to = 22000;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
defaultGateway = "192.168.50.1";
|
||||||
|
defaultGateway6 = "2a02:1648:6709::1";
|
||||||
|
nftables.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
services = {
|
||||||
|
openssh.enable = true;
|
||||||
|
tailscale.enable = true;
|
||||||
|
dnsmasq = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
interface = "tailscale0";
|
||||||
|
cache-size = "4000";
|
||||||
|
no-resolv = true;
|
||||||
|
bogus-priv = true;
|
||||||
|
strict-order = true;
|
||||||
|
server = ["2a07:a8c1::" "45.90.30.0" "2a07:a8c0::" "45.90.28.0"];
|
||||||
|
conf-file = "${config.age.secrets.dnsmasq-nextdns-profile.path}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
environment = {
|
||||||
|
systemPackages = with pkgs; [
|
||||||
|
tailscale
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers = {
|
||||||
|
dnsmasq_exporter = {
|
||||||
|
image = "git.gmem.ca/arch/dnsmasq_exporter";
|
||||||
|
extraOptions = ["--network=host"];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
system.stateVersion = "23.11"; # Did you read the comment?
|
||||||
|
}
|
32
nix/dnsmasq/disk-config.nix
Normal file
32
nix/dnsmasq/disk-config.nix
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
{
|
||||||
|
disko.devices = {
|
||||||
|
disk = {
|
||||||
|
my-disk = {
|
||||||
|
device = "/dev/sda";
|
||||||
|
type = "disk";
|
||||||
|
content = {
|
||||||
|
type = "gpt";
|
||||||
|
partitions = {
|
||||||
|
ESP = {
|
||||||
|
type = "EF00";
|
||||||
|
size = "500M";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "vfat";
|
||||||
|
mountpoint = "/boot";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
root = {
|
||||||
|
size = "100%";
|
||||||
|
content = {
|
||||||
|
type = "filesystem";
|
||||||
|
format = "ext4";
|
||||||
|
mountpoint = "/";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
33
nix/dnsmasq/hardware-configuration.nix
Normal file
33
nix/dnsmasq/hardware-configuration.nix
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
modulesPath,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
imports = [
|
||||||
|
(modulesPath + "/profiles/qemu-guest.nix")
|
||||||
|
''${builtins.fetchTarball {
|
||||||
|
url = "https://github.com/nix-community/disko/archive/master.tar.gz";
|
||||||
|
sha256 = "0qyl65hs2j4f5ffj2lv5kb4hc1gradkqvv2j35hbdyiik155l4gn";
|
||||||
|
}}/module.nix''
|
||||||
|
./disk-config.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = ["uhci_hcd" "ehci_pci" "ahci" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
|
||||||
|
boot.initrd.kernelModules = [];
|
||||||
|
boot.kernelModules = [];
|
||||||
|
boot.extraModulePackages = [];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.enp6s18.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
}
|
|
@ -22,7 +22,7 @@
|
||||||
config.boot.kernelPackages.v4l2loopback
|
config.boot.kernelPackages.v4l2loopback
|
||||||
];
|
];
|
||||||
kernelPackages = pkgs.linuxPackages_latest;
|
kernelPackages = pkgs.linuxPackages_latest;
|
||||||
kernelModules = [ "coretemp" "kvm-amd" "v4l2loopback"];
|
kernelModules = ["coretemp" "kvm-amd" "v4l2loopback"];
|
||||||
plymouth = {
|
plymouth = {
|
||||||
enable = true;
|
enable = true;
|
||||||
theme = "breeze";
|
theme = "breeze";
|
||||||
|
@ -56,7 +56,7 @@
|
||||||
interfaces.br0.useDHCP = true;
|
interfaces.br0.useDHCP = true;
|
||||||
bridges = {
|
bridges = {
|
||||||
"br0" = {
|
"br0" = {
|
||||||
interfaces = [ "enp14s0" ];
|
interfaces = ["enp14s0"];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
firewall = {
|
firewall = {
|
||||||
|
|
|
@ -22,7 +22,7 @@
|
||||||
in [
|
in [
|
||||||
(import (builtins.fetchTarball {
|
(import (builtins.fetchTarball {
|
||||||
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
|
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
|
||||||
sha256 = "11x80s4jh06ibk390q8wgvvi614fapiswmbi6z9xy9d21pf7mw33";
|
sha256 = "1xa3vqw4kbrpqh6qkkkhrglgj6armrpdgc057kbsfcbaan5xc2pm";
|
||||||
}))
|
}))
|
||||||
discordOverlay
|
discordOverlay
|
||||||
];
|
];
|
||||||
|
@ -135,6 +135,7 @@
|
||||||
comma
|
comma
|
||||||
transmission_4-qt
|
transmission_4-qt
|
||||||
ungoogled-chromium
|
ungoogled-chromium
|
||||||
|
looking-glass-client
|
||||||
];
|
];
|
||||||
|
|
||||||
# This value determines the Home Manager release that your
|
# This value determines the Home Manager release that your
|
||||||
|
|
|
@ -104,7 +104,6 @@
|
||||||
max_chunk_age = "1h";
|
max_chunk_age = "1h";
|
||||||
chunk_target_size = 999999;
|
chunk_target_size = 999999;
|
||||||
chunk_retain_period = "30s";
|
chunk_retain_period = "30s";
|
||||||
max_transfer_retries = 0;
|
|
||||||
};
|
};
|
||||||
|
|
||||||
schema_config = {
|
schema_config = {
|
||||||
|
@ -127,7 +126,6 @@
|
||||||
active_index_directory = "/var/lib/loki/boltdb-shipper-active";
|
active_index_directory = "/var/lib/loki/boltdb-shipper-active";
|
||||||
cache_location = "/var/lib/loki/boltdb-shipper-cache";
|
cache_location = "/var/lib/loki/boltdb-shipper-cache";
|
||||||
cache_ttl = "24h";
|
cache_ttl = "24h";
|
||||||
shared_store = "filesystem";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
filesystem = {
|
filesystem = {
|
||||||
|
@ -140,10 +138,6 @@
|
||||||
reject_old_samples_max_age = "168h";
|
reject_old_samples_max_age = "168h";
|
||||||
};
|
};
|
||||||
|
|
||||||
chunk_store_config = {
|
|
||||||
max_look_back_period = "0s";
|
|
||||||
};
|
|
||||||
|
|
||||||
table_manager = {
|
table_manager = {
|
||||||
retention_deletes_enabled = false;
|
retention_deletes_enabled = false;
|
||||||
retention_period = "0s";
|
retention_period = "0s";
|
||||||
|
@ -151,7 +145,6 @@
|
||||||
|
|
||||||
compactor = {
|
compactor = {
|
||||||
working_directory = "/var/lib/loki";
|
working_directory = "/var/lib/loki";
|
||||||
shared_store = "filesystem";
|
|
||||||
compactor_ring = {
|
compactor_ring = {
|
||||||
kvstore = {
|
kvstore = {
|
||||||
store = "inmemory";
|
store = "inmemory";
|
||||||
|
@ -329,10 +322,6 @@
|
||||||
job_name = "forgejo";
|
job_name = "forgejo";
|
||||||
static_configs = [{targets = ["git.gmem.ca"];}];
|
static_configs = [{targets = ["git.gmem.ca"];}];
|
||||||
}
|
}
|
||||||
{
|
|
||||||
job_name = "coredns";
|
|
||||||
static_configs = [{targets = ["vancouver:9253"];}];
|
|
||||||
}
|
|
||||||
{
|
{
|
||||||
job_name = "healthchecks";
|
job_name = "healthchecks";
|
||||||
scrape_interval = "60s";
|
scrape_interval = "60s";
|
||||||
|
@ -344,6 +333,11 @@
|
||||||
scrape_interval = "60s";
|
scrape_interval = "60s";
|
||||||
static_configs = [{targets = ["vancouver:6534"];}];
|
static_configs = [{targets = ["vancouver:6534"];}];
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
job_name = "dnsmasq";
|
||||||
|
scrape_interval = "10s";
|
||||||
|
static_configs = [{targets = ["100.102.19.124:9153" "100.92.113.87:9153"];}];
|
||||||
|
}
|
||||||
{
|
{
|
||||||
job_name = "blackbox_home";
|
job_name = "blackbox_home";
|
||||||
metrics_path = "/probe";
|
metrics_path = "/probe";
|
||||||
|
|
|
@ -330,10 +330,12 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
gitea = {
|
|
||||||
|
forgejo = {
|
||||||
enable = true;
|
enable = true;
|
||||||
stateDir = "/tank/forgejo";
|
stateDir = "/tank/forgejo";
|
||||||
package = pkgs.forgejo;
|
user = "git";
|
||||||
|
group = "git";
|
||||||
settings = {
|
settings = {
|
||||||
DEFAULT = {
|
DEFAULT = {
|
||||||
APP_NAME = "Arch's Git Forge";
|
APP_NAME = "Arch's Git Forge";
|
||||||
|
@ -376,6 +378,7 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
labels = [
|
labels = [
|
||||||
"debian-latest:docker://node:18-bullseye"
|
"debian-latest:docker://node:18-bullseye"
|
||||||
|
"ubuntu-latest:docker://node:18-bullseye"
|
||||||
"docker:docker://gitea/act_runner:nightly-dind-rootless"
|
"docker:docker://gitea/act_runner:nightly-dind-rootless"
|
||||||
"nix:docker://nixos/nix"
|
"nix:docker://nixos/nix"
|
||||||
];
|
];
|
||||||
|
@ -471,13 +474,36 @@
|
||||||
};
|
};
|
||||||
environment.shells = with pkgs; [zsh fish];
|
environment.shells = with pkgs; [zsh fish];
|
||||||
|
|
||||||
users.users = {
|
users = {
|
||||||
gsimmer = {
|
groups.git = {};
|
||||||
shell = pkgs.fish;
|
users = {
|
||||||
isNormalUser = true;
|
git = {
|
||||||
home = "/tank/gsimmer";
|
home = "/tank/forgejo";
|
||||||
extraGroups = ["wheel" "libvirtd" "qemu-libvirtd"];
|
useDefaultShell = true;
|
||||||
openssh.authorizedKeys.keys = let
|
group = "git";
|
||||||
|
isSystemUser = true;
|
||||||
|
};
|
||||||
|
|
||||||
|
gsimmer = {
|
||||||
|
shell = pkgs.fish;
|
||||||
|
isNormalUser = true;
|
||||||
|
home = "/tank/gsimmer";
|
||||||
|
extraGroups = ["wheel" "libvirtd" "qemu-libvirtd"];
|
||||||
|
openssh.authorizedKeys.keys = let
|
||||||
|
authorizedKeys = pkgs.fetchurl {
|
||||||
|
url = "https://gmem.ca/ssh";
|
||||||
|
hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
pkgs.lib.splitString "\n" (builtins.readFile
|
||||||
|
authorizedKeys);
|
||||||
|
};
|
||||||
|
becki = {
|
||||||
|
shell = pkgs.fish;
|
||||||
|
isNormalUser = true;
|
||||||
|
home = "/tank/becki";
|
||||||
|
};
|
||||||
|
root.openssh.authorizedKeys.keys = let
|
||||||
authorizedKeys = pkgs.fetchurl {
|
authorizedKeys = pkgs.fetchurl {
|
||||||
url = "https://gmem.ca/ssh";
|
url = "https://gmem.ca/ssh";
|
||||||
hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
|
hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
|
||||||
|
@ -486,19 +512,6 @@
|
||||||
pkgs.lib.splitString "\n" (builtins.readFile
|
pkgs.lib.splitString "\n" (builtins.readFile
|
||||||
authorizedKeys);
|
authorizedKeys);
|
||||||
};
|
};
|
||||||
becki = {
|
|
||||||
shell = pkgs.fish;
|
|
||||||
isNormalUser = true;
|
|
||||||
home = "/tank/becki";
|
|
||||||
};
|
|
||||||
root.openssh.authorizedKeys.keys = let
|
|
||||||
authorizedKeys = pkgs.fetchurl {
|
|
||||||
url = "https://gmem.ca/ssh";
|
|
||||||
hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
|
|
||||||
};
|
|
||||||
in
|
|
||||||
pkgs.lib.splitString "\n" (builtins.readFile
|
|
||||||
authorizedKeys);
|
|
||||||
};
|
};
|
||||||
|
|
||||||
home-manager.users.gsimmer = {pkgs, ...}: {
|
home-manager.users.gsimmer = {pkgs, ...}: {
|
||||||
|
|
|
@ -3,6 +3,11 @@ let
|
||||||
monitoring = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDtzsbxKgZ/NBYlYO2EJQZhBy3nVBVERWebbsP9mLcy";
|
monitoring = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEDtzsbxKgZ/NBYlYO2EJQZhBy3nVBVERWebbsP9mLcy";
|
||||||
machines = [vancouver monitoring];
|
machines = [vancouver monitoring];
|
||||||
|
|
||||||
|
dnsmasq-cache = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKpZvxrLo8kbbCVODAES8xfPbzHN6fx3cRfhYC+me0R9";
|
||||||
|
dnsmasq-cache-floof = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAghUyhsM/pRXmKf6NjQGULxshwXP0l93yzFvqEdM9dC";
|
||||||
|
|
||||||
|
dnsmasq = [dnsmasq-cache dnsmasq-cache-floof];
|
||||||
|
|
||||||
proxmox-k3s-node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB1KEjdFl0UmuKfESJTMZdKR2H9a405z0SSlt75NKKht";
|
proxmox-k3s-node = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB1KEjdFl0UmuKfESJTMZdKR2H9a405z0SSlt75NKKht";
|
||||||
seattle = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9pTEqeVljLq0ctFgDn25Q76mCqpddkSNN9kd3IQXd1";
|
seattle = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF9pTEqeVljLq0ctFgDn25Q76mCqpddkSNN9kd3IQXd1";
|
||||||
glasgow = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMgZSpfnx/4kfE4P1tFpq047IZkF2Q0UYahputnWxtEJ";
|
glasgow = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMgZSpfnx/4kfE4P1tFpq047IZkF2Q0UYahputnWxtEJ";
|
||||||
|
@ -24,4 +29,6 @@ in {
|
||||||
"secrets/cloudflare-dns.age".publicKeys = machines ++ users;
|
"secrets/cloudflare-dns.age".publicKeys = machines ++ users;
|
||||||
"secrets/monitoring-grafana-client-secret.age".publicKeys = [monitoring gsimmer];
|
"secrets/monitoring-grafana-client-secret.age".publicKeys = [monitoring gsimmer];
|
||||||
"secrets/k3s-token.age".publicKeys = k3s ++ users;
|
"secrets/k3s-token.age".publicKeys = k3s ++ users;
|
||||||
|
|
||||||
|
"secrets/dnsmasq-nextdns-profile.age".publicKeys = dnsmasq ++ users;
|
||||||
}
|
}
|
||||||
|
|
9
secrets/dnsmasq-nextdns-profile.age
Normal file
9
secrets/dnsmasq-nextdns-profile.age
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 o0sdgw 9I44ptc/Dwhk2EcjCtJhl3kSu69BXMRCPHZAdt9kJgE
|
||||||
|
t8gc+3qVIkEuyNSWE3S3vEhV+q7uSMe/qIJccV6ln54
|
||||||
|
-> ssh-ed25519 C7Rp1Q G0PsVpG+bRptzUhAxYNkerKqhYRgnYatX2S4vEj0F2M
|
||||||
|
sivnnSL3QRKXPubK6Bk1ASdriuOx7uwoA89iWjsazi8
|
||||||
|
-> ssh-ed25519 qbziOw sZzOsi5z1YTAHY809dsew0rLRuSxLQLLbwF+zTXHLjo
|
||||||
|
j0uANQ6MrUdwCI+Qf9dimMnZheP2zUNsGzHGgrD4oO4
|
||||||
|
--- QJmFdG6wwF307+25uBp0E9aSGjH0eAmNEYI/RfZ5c7k
|
||||||
|
¦Æԧƾw5ÞôÚ7…ÿÐTÚ¼!É>ƒýÔZö½p]Ÿ<àÇO‰ï¿<C3AF>íÎÎX
|
|
@ -1,10 +1,7 @@
|
||||||
age-encryption.org/v1
|
age-encryption.org/v1
|
||||||
-> ssh-ed25519 oN6OTQ 290Jjq3X3EKWAJjbrxxNdLVYq7OOdTZAQBLnb0JlzEw
|
-> ssh-ed25519 oN6OTQ e6ldvoLxjS1vUBY2glP9UbAvOoDkgTF/Hsjy22C4E3E
|
||||||
Ci/Ngx0O5JbCbxNqkUdSz1zuHs2YMvi+st/Nf+BlhXk
|
qjdy/Zh7+0wSIJjNuov0/KQaiWJzVfzSLKzIYhK3tKE
|
||||||
-> ssh-ed25519 qbziOw pexX+lrzjrIvjD1BXDOwZ6jvHNwHvI8NN7t0g+WAHE4
|
-> ssh-ed25519 qbziOw 8daUrL9RuNfduBTXesLd1ndSFSRJwKj3+fqAWJlRrG8
|
||||||
8TlaRQnd/H/1nML+bJOL9J6rG1FOSFY7qTTiu11gqRo
|
kazcLzdfpBIVhyFJuDMEtCr1EXRDa0wNkGMxrGPXcFw
|
||||||
-> Q5TArB-grease
|
--- PW+ZaxdW9FYv129kt44jeeiY3GwrLkH5szOsr/ziJEQ
|
||||||
bYTE3nqG4aLFTuXCpjRNM7rnVFlL7BCJ2BlqJbMn0CImH3owoMnYwpBBEO2i5/O7
|
Û2ÄÐ)þ*“…Œmã<£>=²^¶ñTžc•¿¯Q—%ø7wF†<»+{&[Ø!0&Gùù+„ùô¶·œSЇ‹ýÍà˜ÉÎl~{
|
||||||
XdBin6lrZDYiFZMLzQ4DRd8B
|
|
||||||
--- GfQW76dgud6sOfFfB1VoRiiZZqDePubrWRTbvKcx3Z0
|
|
||||||
“n-‡ŽA3]Éró]YHp'`º…2óH^Î%Ï}= Nzútoöä:³5õ³ˆª‚éùê—R <52>§¾áýL瞶6‹©ÀÐÝ24¼ª"WË
|
|
Loading…
Reference in a new issue