arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

Compare commits

base: arch:4f05052bd5691c8b51cfcb3aafd5a68446696d4b
Branches Tags
arch:trunk
arch:woodpecker-ci
...
compare: arch:f27638bc30abc14cc7406689a1f978ac243045f9
Branches Tags
arch:trunk
arch:woodpecker-ci

11 commits
4f05052bd5 ... f27638bc30

Author SHA1 Message Date
Gabriel Simmer f27638bc30
NAS NTFS
All checks were successful
Lint / lint (push) Successful in 23s
Details
2024-03-10 12:19:09 +00:00
Gabriel Simmer 13f1d5c460
Migrate to upstream atuin server 2024-03-10 12:18:57 +00:00
Gabriel Simmer 7843762156
Upgrade nginx 2024-03-10 12:18:50 +00:00
Gabriel Simmer f81ea13744
Fully upgrade to plasma 6 on London 2024-03-10 12:18:39 +00:00
Gabriel Simmer 493d9dd339
Upgrade immich 2024-03-10 12:18:23 +00:00
Gabriel Simmer e438ac411f
Upgrade authentik 2024-03-10 12:17:54 +00:00
Gabriel Simmer 1681d75889
Nitter DNS 2024-03-10 12:17:39 +00:00
Gabriel Simmer a5d243efbe
Use upstream octodns 2024-03-10 12:17:04 +00:00
Gabriel Simmer 6993756337
Cloudflare-Warp module 2024-03-10 12:14:35 +00:00
Gabriel Simmer 25ea049789
Remove kde2nix overlay 2024-03-10 12:14:06 +00:00
Gabriel Simmer b420e41a85
Nitter deployment 2024-03-10 12:13:41 +00:00
15 changed files with 269 additions and 252 deletions
Show stats Expand all files Collapse all files

1
dns/dns.nix
View file

@ -36,6 +36,7 @@
"request-media"
"tools"
"ytproxy"
"nitter"
] (name: {cname.data = "cluster";})
// lib.attrsets.genAttrs [
# Externally hosted applications with Tunnels

250
flake.lock
View file

@ -95,22 +95,6 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@ -126,7 +110,7 @@
"type": "github"
}
},
"flake-compat_3": {
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1696426674,
@ -142,7 +126,7 @@
"type": "github"
}
},
"flake-compat_4": {
"flake-compat_3": {
"locked": {
"lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
@ -196,14 +180,14 @@
},
"flake-utils_2": {
"inputs": {
"systems": "systems"
"systems": "systems_2"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"type": "github"
},
"original": {
@ -213,24 +197,6 @@
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
"locked": {
"lastModified": 1705309234,
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"locked": {
"lastModified": 1634851050,
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
@ -245,28 +211,6 @@
"type": "github"
}
},
"gitignore": {
"inputs": {
"nixpkgs": [
"kde2nix",
"pre-commit-hooks",
"nixpkgs"
]
},
"locked": {
"lastModified": 1703887061,
"narHash": "sha256-gGPa9qWNc6eCXT/+Z5/zMkyYOuRZqeFZBDbopNZQkuY=",
"owner": "hercules-ci",
"repo": "gitignore.nix",
"rev": "43e1aa1308018f37118e34d3a9cb4f5e75dc11d5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "gitignore.nix",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -295,11 +239,11 @@
]
},
"locked": {
"lastModified": 1706798041,
"narHash": "sha256-BbvuF4CsVRBGRP8P+R+JUilojk0M60D7hzqE0bEvJBQ=",
"lastModified": 1709938482,
"narHash": "sha256-2Vw2WOFmEXWQH8ziFNOr0U48Guh5FacuD6BOEIcE99s=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "4d53427bce7bf3d17e699252fd84dc7468afc46e",
"rev": "17431970b4ebc75a92657101ccffcfc9e1f9d8f0",
"type": "github"
},
"original": {
@ -308,31 +252,11 @@
"type": "github"
}
},
"kde2nix": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs": "nixpkgs_3",
"pre-commit-hooks": "pre-commit-hooks"
},
"locked": {
"lastModified": 1706910972,
"narHash": "sha256-yGYNqVceiHl6OdK56EsjSXQua5zrF04/2vNhmJ9cruY=",
"owner": "nix-community",
"repo": "kde2nix",
"rev": "44fb0b182e694579b53d7fed27a81fc98ccbe66f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "kde2nix",
"type": "github"
}
},
"kubenix": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": "nixpkgs_4",
"systems": "systems_2",
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_3",
"systems": "systems",
"treefmt": "treefmt"
},
"locked": {
@ -351,15 +275,15 @@
},
"lib-aggregate": {
"inputs": {
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_2",
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1706443704,
"narHash": "sha256-ipRgFuoSFFRUJ/9NL9r0hTwtNpaAvKxDmAUCoyF6kU0=",
"lastModified": 1709467759,
"narHash": "sha256-ojIpNROGKk56wyvpMAlBVor3CvPez3pFMORrocxW4io=",
"owner": "nix-community",
"repo": "lib-aggregate",
"rev": "9842effaf0eb61c8bca645a5da7230392d76fe1d",
"rev": "206e40afdc468d0658e30e1644e2473dc6285cf2",
"type": "github"
},
"original": {
@ -372,7 +296,7 @@
"inputs": {
"flake-parts": "flake-parts",
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_7",
"nixpkgs": "nixpkgs_6",
"treefmt-nix": "treefmt-nix"
},
"locked": {
@ -413,14 +337,14 @@
},
"nixinate": {
"inputs": {
"nixpkgs": "nixpkgs_5"
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1688141737,
"narHash": "sha256-qHrNMYWukOKmKVf6wXOGKj1xxUnOGjvTRbt/PLLXuBE=",
"lastModified": 1708891350,
"narHash": "sha256-VOQrKK7Df/IVuNki+NshVuGkTa/Tw0GigPjWcZff6kk=",
"owner": "matthewcroughan",
"repo": "nixinate",
"rev": "7902ae845e6cc5bd450e510cdf5e009a6e4a44d9",
"rev": "452f33c60df5b72ad0858f5f2cf224bdf1f17746",
"type": "github"
},
"original": {
@ -431,11 +355,11 @@
},
"nixlib": {
"locked": {
"lastModified": 1693701915,
"narHash": "sha256-waHPLdDYUOHSEtMKKabcKIMhlUOHPOOPQ9UyFeEoovs=",
"lastModified": 1709426687,
"narHash": "sha256-jLBZmwXf0WYHzLkmEMq33bqhX55YtT5edvluFr0RcSA=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "f5af57d3ef9947a70ac86e42695231ac1ad00c25",
"rev": "7873d84a89ae6e4841528ff7f5697ddcb5bdfe6c",
"type": "github"
},
"original": {
@ -446,17 +370,17 @@
},
"nixos-dns": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1702487346,
"narHash": "sha256-JmHXcmosac70d9LGYQ7/RNGru2idWC669StnFlxLpdU=",
"lastModified": 1708022692,
"narHash": "sha256-T2o3XwFWK5bYNnVqEYdW9JqmOtgpn26/GCgbrVJ47ls=",
"owner": "Janik-Haag",
"repo": "nixos-dns",
"rev": "9f311873475479497e33709be826dc47917d3ee3",
"rev": "0205c8cc6b4f7f75689a922b0bf20730c64a51f4",
"type": "github"
},
"original": {
@ -473,11 +397,11 @@
]
},
"locked": {
"lastModified": 1706085261,
"narHash": "sha256-7PgpHRHyShINcqgevPP1fJ6N8kM5ZSOJnk3QZBrOCQ0=",
"lastModified": 1709887845,
"narHash": "sha256-803UIoB8+vGkm/VK/g55aBAAOf/ncTGvxXyjTF4ydm0=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "896f6589db5b25023b812bbb6c1f5d3a499b1132",
"rev": "bef32a05496d9480b02be586fa7827748b9e597b",
"type": "github"
},
"original": {
@ -504,11 +428,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1706402708,
"narHash": "sha256-v6z1V+BwolqR9w0sbRkZ9DnnviMcZdZzPJe+4K4h+d4=",
"lastModified": 1709426687,
"narHash": "sha256-jLBZmwXf0WYHzLkmEMq33bqhX55YtT5edvluFr0RcSA=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "4833b4eb30dfe3abad5a21775bc5460322c8d337",
"rev": "7873d84a89ae6e4841528ff7f5697ddcb5bdfe6c",
"type": "github"
},
"original": {
@ -517,25 +441,9 @@
"type": "github"
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1704874635,
"narHash": "sha256-YWuCrtsty5vVZvu+7BchAxmcYzTMfolSPP5io8+WYCg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3dc440faeee9e889fe2d1b4d25ad0f430d449356",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-wayland": {
"inputs": {
"flake-compat": "flake-compat_4",
"flake-compat": "flake-compat_3",
"lib-aggregate": "lib-aggregate",
"nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": [
@ -543,11 +451,11 @@
]
},
"locked": {
"lastModified": 1706891763,
"narHash": "sha256-BncZdo3M4YW5rI4oZGUT6PHuKnRVfV4NKIB3ZOczOIc=",
"lastModified": 1709975798,
"narHash": "sha256-LdHYxpw7N7inGInX3i6Z6Rm3hl0ai7YXkbzJn+WV0l4=",
"owner": "nix-community",
"repo": "nixpkgs-wayland",
"rev": "ea9f83f5046fb53bff93a81e0a98f6ee50ab21ee",
"rev": "639141e297f4fe7c1bbf0662e1fde05fa964efa9",
"type": "github"
},
"original": {
@ -573,22 +481,6 @@
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1706812040,
"narHash": "sha256-pxgWZApBfqHi4I6Hz7nL/rSt0vGE62HvBwvuVXFXeOk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5c5bca5a97c0982ea37a2fcf6d3860349b9f9a35",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-unstable-small",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1686488075,
"narHash": "sha256-2otSBt2hbeD+5yY25NF3RhWx7l5SDt1aeU3cJ/9My4M=",
@ -604,7 +496,7 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_4": {
"locked": {
"lastModified": 1653060744,
"narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=",
@ -620,13 +512,13 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_5": {
"locked": {
"lastModified": 1706683685,
"narHash": "sha256-FtPPshEpxH/ewBOsdKBNhlsL2MLEFv1hEnQ19f/bFsQ=",
"lastModified": 1709780214,
"narHash": "sha256-p4iDKdveHMhfGAlpxmkCtfQO3WRzmlD11aIcThwPqhk=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "5ad9903c16126a7d949101687af0aa589b1d7d3d",
"rev": "f945939fd679284d736112d3d5410eb867f3b31c",
"type": "github"
},
"original": {
@ -636,7 +528,7 @@
"type": "github"
}
},
"nixpkgs_7": {
"nixpkgs_6": {
"locked": {
"lastModified": 1703134684,
"narHash": "sha256-SQmng1EnBFLzS7WSRyPM9HgmZP2kLJcPAz+Ug/nug6o=",
@ -652,7 +544,7 @@
"type": "github"
}
},
"nixpkgs_8": {
"nixpkgs_7": {
"locked": {
"lastModified": 1636823747,
"narHash": "sha256-oWo1nElRAOZqEf90Yek2ixdHyjD+gqtS/pAgwaQ9UhQ=",
@ -667,65 +559,21 @@
"type": "github"
}
},
"pre-commit-hooks": {
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": [
"kde2nix",
"flake-utils"
],
"gitignore": "gitignore",
"nixpkgs": [
"kde2nix",
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1706424699,
"narHash": "sha256-Q3RBuOpZNH2eFA1e+IHgZLAOqDD9SKhJ/sszrL8bQD4=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "7c54e08a689b53c8a1e5d70169f2ec9e2a68ffaf",
"type": "github"
},
"original": {
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
"alertmanager-ntfy": "alertmanager-ntfy",
"home-manager": "home-manager_2",
"kde2nix": "kde2nix",
"kubenix": "kubenix",
"nixinate": "nixinate",
"nixos-dns": "nixos-dns",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_5",
"nixpkgs-wayland": "nixpkgs-wayland",
"terranix": "terranix"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -739,7 +587,7 @@
"type": "indirect"
}
},
"systems_3": {
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -758,8 +606,8 @@
"inputs": {
"bats-assert": "bats-assert",
"bats-support": "bats-support",
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_8",
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_7",
"terranix-examples": "terranix-examples"
},
"locked": {

10
flake.nix
View file

@ -5,7 +5,6 @@
terranix.url = "github:terranix/terranix";
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixinate.url = "github:matthewcroughan/nixinate";
kde2nix.url = "github:nix-community/kde2nix";
nixos-dns.url = "github:Janik-Haag/nixos-dns";
nixos-dns.inputs.nixpkgs.follows = "nixpkgs";
nixpkgs-wayland = {
@ -35,7 +34,6 @@
alertmanager-ntfy,
nixpkgs-wayland,
kubenix,
kde2nix,
nixos-dns,
} @ inputs: let
pkgs = nixpkgs.legacyPackages.x86_64-linux;
@ -51,10 +49,10 @@
pname = "octodns-cloudflare";
version = "0.0.4";
src = pkgs.fetchFromGitHub {
owner = "gmemstr";
owner = "octodns";
repo = pname;
rev = "processor";
sha256 = "sha256-fxJGozeSMXuF9o4JZtGLODE8Di6V4P21wKi7O0i9NDk=";
rev = "main";
sha256 = "sha256-IIF9cRk+Y59C4sGIKzBJ2Du6Fx2pAJFbKuxxh1JCDHc=";
};
doCheck = false;
propagatedBuildInputs = with pkgs.python3Packages; [
@ -216,8 +214,8 @@
london = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
kde2nix.nixosModules.plasma6
(import ./nix/london/configuration.nix)
(import ./modules/cloudflare-warp.nix)
home-manager.nixosModules.home-manager
{
home-manager.useUserPackages = true;

70
homelab/atuin.yaml
View file

@ -1,39 +1,62 @@
---
apiVersion: apps/v1
kind: StatefulSet
kind: Deployment
metadata:
name: atuin
spec:
replicas: 1
selector:
matchLabels:
app: atuin
serviceName: atuin
replicas: 1
template:
metadata:
labels:
app: atuin
spec:
containers:
- name: atuin
image: icr.gmem.ca/atuin-server-sqlite:latest
- args:
- server
- start
env:
- name: RUST_LOG
value: debug,atuin_server=debug
- name: ATUIN_DB_URI
valueFrom:
secretKeyRef:
name: hippo-pguser-atuin
key: uri
optional: false
- name: ATUIN_HOST
value: 0.0.0.0
- name: ATUIN_PORT
value: "8888"
- name: ATUIN_OPEN_REGISTRATION
value: "true"
image: ghcr.io/atuinsh/atuin:v18.0.0
name: atuin
ports:
- containerPort: 8888
name: web
envFrom:
- configMapRef:
name: atuin
volumeMounts:
- name: config
mountPath: /config
volumeClaimTemplates:
- metadata:
name: config
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
limits:
cpu: 500m
memory: 256Mi
requests:
storage: 1Gi
cpu: 250m
memory: 128Mi
livenessProbe:
httpGet:
path: /
port: 8888
failureThreshold: 1
initialDelaySeconds: 10
periodSeconds: 10
readinessProbe:
httpGet:
path: /
port: 8888
failureThreshold: 1
initialDelaySeconds: 10
periodSeconds: 10
---
apiVersion: v1
kind: Service
@ -47,22 +70,13 @@ spec:
port: 8888
targetPort: 8888
---
apiVersion: v1
kind: ConfigMap
metadata:
name: atuin
data:
ATUIN_OPEN_REGISTRATION: "false"
ATUIN_DB_URI: "sqlite:///config/database.sqlite"
ATUIN_HOST: "0.0.0.0"
ATUIN_PORT: "8888"
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: atuin
annotations:
cert-manager.io/issuer: "le-issuer"
nginx.ingress.kubernetes.io/proxy-body-size: 1024m
namespace: default
spec:
tls:

2
homelab/authentik.yml
View file

@ -1,5 +1,5 @@
image:
tag: 2023.10.6
tag: 2024.2.1
authentik:
error_reporting:

6
homelab/immich.nix
View file

@ -8,12 +8,12 @@
chart = kubenix.lib.helm.fetch {
repo = "https://immich-app.github.io/immich-charts";
chart = "immich";
version = "0.3.0";
sha256 = "ZYt6d6Gxa0g0HNruuJzC077h/aLG5dlbSogNzfVfNP8=";
version = "0.4.0";
sha256 = "qekwsAke6NBwhlbt7nIkuwTSIydcWOq/kETooYb64oY=";
};
# arbitrary attrset passed as values to the helm release
values = {
image.tag = "v1.91.0";
image.tag = "v1.95.1";
machine-learning.enabled = false;
immich.persistence.library.existingClaim = "immich";
redis.enabled = true;

1
homelab/kubernetes.nix
View file

@ -21,5 +21,6 @@
(import ./conduit.nix)
(import ./irc.nix)
(import ./netboot.nix)
(import ./nitter.nix)
];
}

4
homelab/nginx.nix
View file

@ -9,8 +9,8 @@
chart = kubenix.lib.helm.fetch {
repo = "https://kubernetes.github.io/ingress-nginx";
chart = "ingress-nginx";
version = "4.8.3";
sha256 = "sha256-zahjdtb4zYtGcft0YYpT5DS+KHhZgpRWg5q+3n8zVsk=";
version = "4.9.1";
sha256 = "sha256-EJjNTC7nQUbGnS0xgF/eWyKs3vBpRPbbZmwl/pd9/44=";
};
values = {
controller = {

94
homelab/nitter.nix Normal file
View file

@ -0,0 +1,94 @@
let
appName = "nitter";
nitterImage = "git.gmem.ca/arch/nitter:latest";
in
{
lib,
config,
kubenix,
...
}: {
kubernetes.resources.services.nitter = {
spec = {
selector.app = appName;
ports.http = {
port = 8080;
targetPort = 8080;
};
};
};
kubernetes.resources.deployments.nitter.spec = {
selector.matchLabels.app = appName;
template = {
metadata.labels.app = appName;
spec = {
volumes = {
config.configMap.name = "nitter";
accounts.secret.secretName = "nitter";
};
containers = {
nitter = {
image = nitterImage;
imagePullPolicy = "Always";
volumeMounts = [
{
name = "config";
mountPath = "/src/nitter.conf";
subPath = "nitter.conf";
}
{
name = "accounts";
mountPath = "/src/guest_accounts.json";
subPath = "guest_accounts.json";
}
];
ports.tlshttp.containerPort = 8080;
};
};
};
};
};
kubernetes.helm.releases.nitter-redis = {
chart = kubenix.lib.helm.fetch {
repo = "https://charts.bitnami.com/bitnami";
chart = "redis";
version = "18.6.1";
sha256 = "CyvGHc1v1BtbzDx6hbbPah2uWpUhlNIUQowephT6hmM=";
};
values = {
auth.enabled = false;
architecture = "standalone";
};
};
kubernetes.resources.ingresses.nitter = {
metadata = {
name = appName;
annotations = {
"cert-manager.io/issuer" = "le-issuer";
};
};
spec = {
tls = [
{
hosts = ["nitter.gmem.ca"];
secretName = "gmem-ca-wildcard";
}
];
rules = [
{
host = "nitter.gmem.ca";
http.paths = [
{
path = "/";
pathType = "Prefix";
backend.service = {
name = appName;
port.name = "http";
};
}
];
}
];
};
};
}

8
homelab/postgres-cluster.yml
View file

@ -3,7 +3,8 @@ kind: PostgresCluster
metadata:
name: hippo
spec:
image: git.gmem.ca/arch/custom-postgres@sha256:539194fc6c290445477b229bb7b792785b67619894bcfd7483e5bdb62eaa0658
image: git.gmem.ca/arch/custom-postgres:15
imagePullPolicy: Always
postgresVersion: 15
databaseInitSQL:
key: init.sql
@ -65,6 +66,9 @@ spec:
- name: soju
databases:
- soju
- name: atuin
databases:
- atuin
---
apiVersion: v1
kind: ConfigMap
@ -83,6 +87,8 @@ data:
GRANT CREATE ON SCHEMA public TO "piped";
\c soju
GRANT CREATE ON SCHEMA public TO "soju";
\c atuin
GRANT CREATE ON SCHEMA public TO "atuin";
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor

4
homelab/postgres/Dockerfile
View file

@ -10,10 +10,10 @@ RUN /bin/sh -c 'set -ex && \
ARCH=`uname -m` && \
if [ "$ARCH" == "x86_64" ]; then \
echo "x86_64" && \
wget -O vectors.deb https://github.com/tensorchord/pgvecto.rs/releases/download/v0.1.13/vectors-pg15_0.1.13_amd64.deb; \
wget -O vectors.deb https://github.com/tensorchord/pgvecto.rs/releases/download/v0.2.0/vectors-pg15_0.2.0_amd64.deb; \
elif [ "$ARCH" == "aarch64" ]; then \
echo "arm64" && \
wget -O vectors.deb https://github.com/tensorchord/pgvecto.rs/releases/download/v0.1.13/vectors-pg15_0.1.13_arm64.deb; \
wget -O vectors.deb https://github.com/tensorchord/pgvecto.rs/releases/download/v0.2.0/vectors-pg15_0.2.0_arm64.deb; \
else \
echo "unknown arch" && \
exit 1; \

52
modules/cloudflare-warp.nix Normal file
View file

@ -0,0 +1,52 @@
# From https://codeberg.org/ollijh/nixos-modules/src/branch/main/modules/cloudflare-warp.nix
{pkgs, ...}: {
config = {
environment.systemPackages = with pkgs; [cloudflare-warp];
users.users.warp = {
isSystemUser = true;
group = "warp";
description = "Cloudflare Warp user";
home = "/var/lib/cloudflare-warp";
};
users.groups.warp = {};
services.resolved.extraConfig = ''
ResolveUnicastSingleLabel=yes
'';
systemd = {
packages = [
(pkgs.cloudflare-warp.overrideAttrs (old: {
postInstall = ''
wrapProgram $out/bin/warp-svc --prefix PATH : ${pkgs.lib.makeBinPath [pkgs.nftables pkgs.lsof pkgs.iproute2]}
'';
}))
];
services.warp-svc = {
after = ["network-online.target" "systemd-resolved.service"];
wants = ["network-online.target"];
wantedBy = ["multi-user.target"];
serviceConfig = {
StateDirectory = "cloudflare-warp";
#User = "warp";
#Umask = "0077";
# Hardening
LockPersonality = true;
PrivateMounts = true;
PrivateTmp = true;
ProtectControlGroups = true;
ProtectHostname = true;
ProtectKernelLogs = true;
ProtectKernelModules = true;
ProtectKernelTunables = true;
ProtectProc = "invisible";
# Leaving on strict activates warp on plus
ProtectSystem = true;
RestrictNamespaces = true;
RestrictRealtime = true;
};
};
};
};
}

7
nix/london/configuration.nix
View file

@ -22,6 +22,10 @@
];
kernelPackages = pkgs.linuxPackages_zen;
kernelModules = ["amdgpu" "coretemp" "kvm-amd" "v4l2loopback"];
plymouth = {
enable = true;
theme = "breeze";
};
};
time.hardwareClockInLocalTime = true;
@ -241,7 +245,6 @@
enableDefaultPackages = true;
};
systemd.packages = with pkgs; [cloudflare-warp];
environment = {
shells = with pkgs; [zsh fish];
systemPackages = with pkgs; [
@ -270,7 +273,7 @@
];
};
environment.plasma5.excludePackages = with pkgs.libsForQt5; [
environment.plasma6.excludePackages = with pkgs.libsForQt5; [
elisa
okular
oxygen

2
nix/london/gsimmer.nix
View file

@ -22,7 +22,7 @@
in [
(import (builtins.fetchTarball {
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
sha256 = "1nglxrfynyjmqfzz81y4idc40c6rbsaa4jb4ishiwibdkh85nyf6";
sha256 = "0i972nkqhjfpy8g7dmryw2fvkfda43624zfhsh35k795zbx38jc7";
}))
discordOverlay
];

2
nix/nas/configuration.nix
View file

@ -43,7 +43,7 @@
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
};
supportedFilesystems = ["zfs"];
supportedFilesystems = ["zfs" "ntfs"];
kernelModules = ["coretemp" "kvm-amd" "it87"];
zfs.extraPools = ["tank"];
};