arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

Compare commits

base: arch:5f60e6a0d746201fd5cf34e65facb59c8c5c46c3
Branches Tags
arch:trunk
arch:woodpecker-ci
...
compare: arch:a351b391bea88447c596463e2c855e30fa6cc9ea
Branches Tags
arch:trunk
arch:woodpecker-ci

6 commits
5f60e6a0d7 ... a351b391be

Author SHA1 Message Date
Gabriel Simmer a351b391be
Grimblast for London
All checks were successful
Lint / lint (push) Successful in 22s
Details
2023-10-19 12:48:01 +01:00
Gabriel Simmer 86cfde1fce
Experimenting with kubenix 2023-10-19 12:47:18 +01:00
Gabriel Simmer a73d60c4be
Disable alertmanager in k3s homelab cluster 2023-10-18 15:48:59 +01:00
Gabriel Simmer f3f186cc43
Update flake.lock 2023-10-18 15:48:51 +01:00
Gabriel Simmer d6077f19a9
Enable public dashboards in Grafana 2023-10-18 15:48:42 +01:00
Gabriel Simmer 6bab85de40
Remove scripts directory 2023-10-18 15:47:49 +01:00
11 changed files with 208 additions and 63 deletions
Show stats Expand all files Collapse all files

155
flake.lock
View file

@ -95,6 +95,22 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"locked": {
"lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
@ -148,7 +164,7 @@
},
"flake-utils_2": {
"inputs": {
"systems": "systems"
"systems": "systems_2"
},
"locked": {
"lastModified": 1694529238,
@ -207,11 +223,11 @@
]
},
"locked": {
"lastModified": 1696737557,
"narHash": "sha256-YD/pjDjj/BNmisEvRdM/vspkCU3xyyeGVAUWhvVSi5Y=",
"lastModified": 1697611555,
"narHash": "sha256-8nYMduRQfGSQJr2cDMyodsuGlRcJAy0Ko8K4KkjurP8=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "3c1d8758ac3f55ab96dcaf4d271c39da4b6e836d",
"rev": "05649393ac1f34980a5cf6a6e89de77626c9182b",
"type": "github"
},
"original": {
@ -220,17 +236,38 @@
"type": "github"
}
},
"kubenix": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_3",
"systems": "systems",
"treefmt": "treefmt"
},
"locked": {
"lastModified": 1697643920,
"narHash": "sha256-Ti/v3lWKNF2/5u3ARTDhhdr7ijUo/ZpefKAfr8OgsK4=",
"owner": "hall",
"repo": "kubenix",
"rev": "ea469ff77a49f6f3df420bfc6040c39e1b861d87",
"type": "github"
},
"original": {
"owner": "hall",
"repo": "kubenix",
"type": "github"
}
},
"lib-aggregate": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1696766909,
"narHash": "sha256-lU1BmCWpQ9cx64YnJKc89lMg9cx4pCokXIbh5J//2t0=",
"lastModified": 1697371715,
"narHash": "sha256-1ZV4qoL1B35DsciS/inC+z6vAwjxjWHL3+4G4QQhT0A=",
"owner": "nix-community",
"repo": "lib-aggregate",
"rev": "9f495e4feea66426589cbb59ac8b972993b5d872",
"rev": "af42578368ca0c97d5836ba55b146745911aaecc",
"type": "github"
},
"original": {
@ -242,15 +279,15 @@
"nix-eval-jobs": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_5",
"nixpkgs": "nixpkgs_6",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1696712215,
"narHash": "sha256-znUR51gbpoqm79FKVyVl9V4va6P5bTr7tohPPW+iydU=",
"lastModified": 1697418520,
"narHash": "sha256-UIwdw9Lw36GFgm7TFjOBdPHFKhbTSfLLT+4XxB39rh8=",
"owner": "nix-community",
"repo": "nix-eval-jobs",
"rev": "26af7cabdb7ee637dc9b63f1ce609a467534713c",
"rev": "bdf17c44b19325b5476703400cbafe64f7553fa6",
"type": "github"
},
"original": {
@ -261,7 +298,7 @@
},
"nixinate": {
"inputs": {
"nixpkgs": "nixpkgs_3"
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1688141737,
@ -331,11 +368,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1696726172,
"narHash": "sha256-89yxFXzTA7JRyWo6hg7SD4DlS/ejYt8Y8IvGZHbSWsg=",
"lastModified": 1697331025,
"narHash": "sha256-a5LJWWHfEvnq9tBd9UyNVdtzLXc2ehu5MCp//Bex/0E=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "59da6ac0c02c48aa92dee37057f978412797db2a",
"rev": "05c07c73de74725ec7efa6609011687035a92c0f",
"type": "github"
},
"original": {
@ -346,7 +383,7 @@
},
"nixpkgs-wayland": {
"inputs": {
"flake-compat": "flake-compat",
"flake-compat": "flake-compat_2",
"lib-aggregate": "lib-aggregate",
"nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": [
@ -354,11 +391,11 @@
]
},
"locked": {
"lastModified": 1696768017,
"narHash": "sha256-a3/jmm6ppT8Jtz4qq6urVCSNpcbKGsv18RMB3wXWk5w=",
"lastModified": 1697624213,
"narHash": "sha256-EmIp5EbuUlEgGxo0WMBIhzroNrKbnBSXshAcnfpOD2c=",
"owner": "nix-community",
"repo": "nixpkgs-wayland",
"rev": "20c7e3550485ed6be55c2ce9b6c8c05bbb9a6e1b",
"rev": "e3b66242214443547b55727617c8fdb9ca68214c",
"type": "github"
},
"original": {
@ -384,6 +421,22 @@
}
},
"nixpkgs_3": {
"locked": {
"lastModified": 1686488075,
"narHash": "sha256-2otSBt2hbeD+5yY25NF3RhWx7l5SDt1aeU3cJ/9My4M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9401a0c780b49faf6c28adf55764f230301d0dce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1653060744,
"narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=",
@ -399,13 +452,13 @@
"type": "github"
}
},
"nixpkgs_4": {
"nixpkgs_5": {
"locked": {
"lastModified": 1696693680,
"narHash": "sha256-PH0HQTkqyj7DmdPKPwrrXwVURLBqzZs4nqnDw9q8mhg=",
"lastModified": 1697379843,
"narHash": "sha256-RcnGuJgC2K/UpTy+d32piEoBXq2M+nVFzM3ah/ZdJzg=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "945559664c1dc5836173ee12896ba421d9b37181",
"rev": "12bdeb01ff9e2d3917e6a44037ed7df6e6c3df9d",
"type": "github"
},
"original": {
@ -415,13 +468,13 @@
"type": "github"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1696466515,
"narHash": "sha256-SQJyUBoLXmPGueYTLj1yDVHolg2pnB+rUR4Z6p5AKpA=",
"lastModified": 1697417052,
"narHash": "sha256-QyFpNZ28H0IoWhbGxD4j2h3aYwap2l2rSWyoFue95sM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c52af267ad0c11b55f89cf6c70adb10694ad938e",
"rev": "21f56f3209c0272852be7a704d9b21f2601c72e3",
"type": "github"
},
"original": {
@ -431,7 +484,7 @@
"type": "github"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1636823747,
"narHash": "sha256-oWo1nElRAOZqEf90Yek2ixdHyjD+gqtS/pAgwaQ9UhQ=",
@ -451,14 +504,29 @@
"agenix": "agenix",
"alertmanager-ntfy": "alertmanager-ntfy",
"home-manager": "home-manager_2",
"kubenix": "kubenix",
"nixinate": "nixinate",
"nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_4",
"nixpkgs": "nixpkgs_5",
"nixpkgs-wayland": "nixpkgs-wayland",
"terranix": "terranix"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -478,7 +546,7 @@
"bats-assert": "bats-assert",
"bats-support": "bats-support",
"flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_6",
"nixpkgs": "nixpkgs_7",
"terranix-examples": "terranix-examples"
},
"locked": {
@ -510,6 +578,27 @@
"type": "github"
}
},
"treefmt": {
"inputs": {
"nixpkgs": [
"kubenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1688026376,
"narHash": "sha256-qJmkr9BWDpqblk4E9/rCsAEl39y2n4Ycw6KRopvpUcY=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "df3f32b0cc253dfc7009b7317e8f0e7ccd70b1cf",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
@ -519,11 +608,11 @@
]
},
"locked": {
"lastModified": 1695822946,
"narHash": "sha256-IQU3fYo0H+oGlqX5YrgZU3VRhbt2Oqe6KmslQKUO4II=",
"lastModified": 1697388351,
"narHash": "sha256-63N2eBpKaziIy4R44vjpUu8Nz5fCJY7okKrkixvDQmY=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "720bd006d855b08e60664e4683ccddb7a9ff614a",
"rev": "aae39f64f5ecbe89792d05eacea5cb241891292a",
"type": "github"
},
"original": {

11
flake.nix
View file

@ -18,9 +18,10 @@
inputs.nixpkgs.follows = "nixpkgs";
};
alertmanager-ntfy.url = "github:alexbakker/alertmanager-ntfy";
kubenix.url = "github:hall/kubenix";
};
outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix, alertmanager-ntfy, nixpkgs-wayland}:
outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix, alertmanager-ntfy, nixpkgs-wayland, kubenix }@inputs:
let
pkgs = nixpkgs.legacyPackages.x86_64-linux;
tf = terranix.lib.terranixConfiguration {
@ -52,7 +53,13 @@
format = "sd-aarch64-installer";
};
};
packages.x86_64-linux = {
kubernetes = (kubenix.evalModules.x86_64-linux {
module = { kubenix, ... }: {
imports = [ kubenix.modules.k8s ./homelab/kubernetes.nix ];
};
}).config.kubernetes.result;
};
apps = nixinate.nixinate.x86_64-linux self // {
x86_64-linux = {
tf-plan = {

4
homelab/kubernetes.nix Normal file
View file

@ -0,0 +1,4 @@
{ config, kubenix, ... }: {
imports = [ kubenix.modules.k8s
(import ./tclip.nix) ];
}

2
homelab/prometheus-agent.yml
View file

@ -61,3 +61,5 @@ prometheus:
key: password
grafana:
enabled: false
alertmanager:
enabled: false

59
homelab/tclip.nix Normal file
View file

@ -0,0 +1,59 @@
let
appName = "tclip";
litestreamImage = "litestream/litestream:sha-749bc0d";
tclipImage = "git.gmem.ca/arch/tclip:arm";
in
{
kubernetes.resources.statefulSets.tclip.spec = {
selector.matchLabels.app = appName;
serviceName = appName;
template = {
metadata.labels.app = appName;
spec = {
volumes = {
litestream.configMap.name = "tclip-litestream";
config.configMap.name = "tclip";
};
initContainers.init-litestream = {
image = litestreamImage;
args = ["restore" "-if-db-not-exists" "-if-replica-exists" "-v" "/data/data.db" ];
volumeMounts = [
{ name = "data"; mountPath = "/data"; }
{ name = "litestream"; mountPath = "/etc/litestream.yml"; subPath = "tclip.yml"; }
];
envFrom = [ { secretRef.name = "tclip-litestream-s3"; } ];
};
containers = {
tclip = {
image = tclipImage;
imagePullPolicy = "Always";
volumeMounts = [ { name = "data"; mountPath = "/data"; } ];
env = [
{ name = "DATA_DIR"; value = "/data"; }
{ name = "USE_FUNNEL"; value = "true"; }
];
};
litestream = {
image = litestreamImage;
args = [ "replicate" ];
volumeMounts = [
{ name = "data"; mountPath = "/data"; }
{ name = "litestream"; mountPath = "/etc/litestream.yml"; subPath = "tclip.yml"; }
];
envFrom = [ { secretRef.name = "tclip-litestream-s3"; } ];
ports.metrics.containerPort = 9090;
};
};
};
};
volumeClaimTemplates = [
{ metadata.name = "data";
spec = {
storageClassName = "nfs-client";
accessModes = [ "ReadWriteOnce" ];
resources.requests.storage = "1Gi";
};
}
];
};
}

1
nix/london/configuration.nix
View file

@ -8,6 +8,7 @@
# Bootloader
boot = {
# supportedFilesystems = [ "bcachefs" ];
loader = {
grub = {
enable = true;

4
nix/london/gsimmer.nix
View file

@ -16,7 +16,7 @@
[
(import (builtins.fetchTarball {
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
sha256 = "0sf0xnv5mbkrp1gkvy00rkf1jw0zzhj4h6l0qs14arqpg0ncby7x";
sha256 = "0vhw5cl26p64j660nwil1dgs3js4pzdjh29ch2gl1yn8gbacz5xd";
})) discordOverlay];
};
home = {
@ -565,7 +565,7 @@ $env.config = {
discord
mangohud
comma
gamescope
grimblast
];
# This value determines the Home Manager release that your

13
nix/monitoring/configuration.nix
View file

@ -44,10 +44,15 @@
services.grafana = {
enable = true;
settings.server = {
domain = "grafana.gmem.ca";
http_port = 2342;
http_addr = "127.0.0.1";
settings = {
feature_toggles = {
publicDashboards = true;
};
server = {
domain = "grafana.gmem.ca";
http_port = 2342;
http_addr = "127.0.0.1";
};
};
};
services.loki = {

5
scripts/add-ssh-keys.sh
View file

@ -1,5 +0,0 @@
# simply pull keys down from sourcehut.
# i would use github, but my keys are a bit of a mess there, and it doesn't
# really matter.
mkdir -p $HOME/.ssh
curl https://meta.sr.ht/~gmem.keys >> $HOME/.ssh/authorized_keys

8
scripts/backup-mc-server.sh
View file

@ -1,8 +0,0 @@
# backs up minecraft server, assuming it's using a systemd socket.
# see /systemd
echo "Backing up server world"
echo "say Backing up world, please wait..." > /home/ubuntu/mc/minecraft.control
echo "save-off" > /home/ubuntu/mc/minecraft.control
rclone sync /home/ubuntu/mc hetzner: -P
echo "save-on" > /home/ubuntu/mc/minecraft.control
echo "say World backed up, saving re-enabled" > /home/ubuntu/mc/minecraft.control

9
scripts/start-mc-server.sh
View file

@ -1,9 +0,0 @@
# start minecraft server with optimised jvm flags from https://mcflags.emc.gs
java -Xms6G -Xmx6G -XX:+UseG1GC -XX:+ParallelRefProcEnabled -XX:MaxGCPauseMillis=200 \
-XX:+UnlockExperimentalVMOptions -XX:+DisableExplicitGC -XX:+AlwaysPreTouch \
-XX:G1NewSizePercent=30 -XX:G1MaxNewSizePercent=40 -XX:G1HeapRegionSize=8M \
-XX:G1ReservePercent=20 -XX:G1HeapWastePercent=5 -XX:G1MixedGCCountTarget=4 \
-XX:InitiatingHeapOccupancyPercent=15 -XX:G1MixedGCLiveThresholdPercent=90 \
-XX:G1RSetUpdatingPauseTimePercent=5 -XX:SurvivorRatio=32 -XX:+PerfDisableSharedMem \
-XX:MaxTenuringThreshold=1 -Dusing.aikars.flags=https://mcflags.emc.gs -Daikars.new.flags=true \
-jar paper.jar --nogui