arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

Compare commits

base: arch:5f60e6a0d746201fd5cf34e65facb59c8c5c46c3
Branches Tags
arch:trunk
arch:woodpecker-ci
..
compare: arch:a351b391bea88447c596463e2c855e30fa6cc9ea
Branches Tags
arch:trunk
arch:woodpecker-ci

6 commits
5f60e6a0d7 ... a351b391be

Author SHA1 Message Date
Gabriel Simmer a351b391be
Grimblast for London
All checks were successful
Lint / lint (push) Successful in 22s
Details
2023-10-19 12:48:01 +01:00
Gabriel Simmer 86cfde1fce
Experimenting with kubenix 2023-10-19 12:47:18 +01:00
Gabriel Simmer a73d60c4be
Disable alertmanager in k3s homelab cluster 2023-10-18 15:48:59 +01:00
Gabriel Simmer f3f186cc43
Update flake.lock 2023-10-18 15:48:51 +01:00
Gabriel Simmer d6077f19a9
Enable public dashboards in Grafana 2023-10-18 15:48:42 +01:00
Gabriel Simmer 6bab85de40
Remove scripts directory 2023-10-18 15:47:49 +01:00
11 changed files with 208 additions and 63 deletions
Show stats Expand all files Collapse all files

155
flake.lock
View file

@ -95,6 +95,22 @@
} }
}, },
"flake-compat": { "flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"locked": { "locked": {
"lastModified": 1688025799, "lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=", "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
@ -148,7 +164,7 @@
}, },
"flake-utils_2": { "flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1694529238, "lastModified": 1694529238,
@ -207,11 +223,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1696737557, "lastModified": 1697611555,
"narHash": "sha256-YD/pjDjj/BNmisEvRdM/vspkCU3xyyeGVAUWhvVSi5Y=", "narHash": "sha256-8nYMduRQfGSQJr2cDMyodsuGlRcJAy0Ko8K4KkjurP8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "3c1d8758ac3f55ab96dcaf4d271c39da4b6e836d", "rev": "05649393ac1f34980a5cf6a6e89de77626c9182b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -220,17 +236,38 @@
"type": "github" "type": "github"
} }
}, },
"kubenix": {
"inputs": {
"flake-compat": "flake-compat",
"nixpkgs": "nixpkgs_3",
"systems": "systems",
"treefmt": "treefmt"
},
"locked": {
"lastModified": 1697643920,
"narHash": "sha256-Ti/v3lWKNF2/5u3ARTDhhdr7ijUo/ZpefKAfr8OgsK4=",
"owner": "hall",
"repo": "kubenix",
"rev": "ea469ff77a49f6f3df420bfc6040c39e1b861d87",
"type": "github"
},
"original": {
"owner": "hall",
"repo": "kubenix",
"type": "github"
}
},
"lib-aggregate": { "lib-aggregate": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_2",
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1696766909, "lastModified": 1697371715,
"narHash": "sha256-lU1BmCWpQ9cx64YnJKc89lMg9cx4pCokXIbh5J//2t0=", "narHash": "sha256-1ZV4qoL1B35DsciS/inC+z6vAwjxjWHL3+4G4QQhT0A=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lib-aggregate", "repo": "lib-aggregate",
"rev": "9f495e4feea66426589cbb59ac8b972993b5d872", "rev": "af42578368ca0c97d5836ba55b146745911aaecc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -242,15 +279,15 @@
"nix-eval-jobs": { "nix-eval-jobs": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_6",
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1696712215, "lastModified": 1697418520,
"narHash": "sha256-znUR51gbpoqm79FKVyVl9V4va6P5bTr7tohPPW+iydU=", "narHash": "sha256-UIwdw9Lw36GFgm7TFjOBdPHFKhbTSfLLT+4XxB39rh8=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-eval-jobs", "repo": "nix-eval-jobs",
"rev": "26af7cabdb7ee637dc9b63f1ce609a467534713c", "rev": "bdf17c44b19325b5476703400cbafe64f7553fa6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -261,7 +298,7 @@
}, },
"nixinate": { "nixinate": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_4"
}, },
"locked": { "locked": {
"lastModified": 1688141737, "lastModified": 1688141737,
@ -331,11 +368,11 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1696726172, "lastModified": 1697331025,
"narHash": "sha256-89yxFXzTA7JRyWo6hg7SD4DlS/ejYt8Y8IvGZHbSWsg=", "narHash": "sha256-a5LJWWHfEvnq9tBd9UyNVdtzLXc2ehu5MCp//Bex/0E=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "59da6ac0c02c48aa92dee37057f978412797db2a", "rev": "05c07c73de74725ec7efa6609011687035a92c0f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -346,7 +383,7 @@
}, },
"nixpkgs-wayland": { "nixpkgs-wayland": {
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat_2",
"lib-aggregate": "lib-aggregate", "lib-aggregate": "lib-aggregate",
"nix-eval-jobs": "nix-eval-jobs", "nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": [ "nixpkgs": [
@ -354,11 +391,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1696768017, "lastModified": 1697624213,
"narHash": "sha256-a3/jmm6ppT8Jtz4qq6urVCSNpcbKGsv18RMB3wXWk5w=", "narHash": "sha256-EmIp5EbuUlEgGxo0WMBIhzroNrKbnBSXshAcnfpOD2c=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs-wayland", "repo": "nixpkgs-wayland",
"rev": "20c7e3550485ed6be55c2ce9b6c8c05bbb9a6e1b", "rev": "e3b66242214443547b55727617c8fdb9ca68214c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -384,6 +421,22 @@
} }
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": {
"lastModified": 1686488075,
"narHash": "sha256-2otSBt2hbeD+5yY25NF3RhWx7l5SDt1aeU3cJ/9My4M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "9401a0c780b49faf6c28adf55764f230301d0dce",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1653060744, "lastModified": 1653060744,
"narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=", "narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=",
@ -399,13 +452,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1696693680, "lastModified": 1697379843,
"narHash": "sha256-PH0HQTkqyj7DmdPKPwrrXwVURLBqzZs4nqnDw9q8mhg=", "narHash": "sha256-RcnGuJgC2K/UpTy+d32piEoBXq2M+nVFzM3ah/ZdJzg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "945559664c1dc5836173ee12896ba421d9b37181", "rev": "12bdeb01ff9e2d3917e6a44037ed7df6e6c3df9d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -415,13 +468,13 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_5": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1696466515, "lastModified": 1697417052,
"narHash": "sha256-SQJyUBoLXmPGueYTLj1yDVHolg2pnB+rUR4Z6p5AKpA=", "narHash": "sha256-QyFpNZ28H0IoWhbGxD4j2h3aYwap2l2rSWyoFue95sM=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "c52af267ad0c11b55f89cf6c70adb10694ad938e", "rev": "21f56f3209c0272852be7a704d9b21f2601c72e3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -431,7 +484,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_6": { "nixpkgs_7": {
"locked": { "locked": {
"lastModified": 1636823747, "lastModified": 1636823747,
"narHash": "sha256-oWo1nElRAOZqEf90Yek2ixdHyjD+gqtS/pAgwaQ9UhQ=", "narHash": "sha256-oWo1nElRAOZqEf90Yek2ixdHyjD+gqtS/pAgwaQ9UhQ=",
@ -451,14 +504,29 @@
"agenix": "agenix", "agenix": "agenix",
"alertmanager-ntfy": "alertmanager-ntfy", "alertmanager-ntfy": "alertmanager-ntfy",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"kubenix": "kubenix",
"nixinate": "nixinate", "nixinate": "nixinate",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_5",
"nixpkgs-wayland": "nixpkgs-wayland", "nixpkgs-wayland": "nixpkgs-wayland",
"terranix": "terranix" "terranix": "terranix"
} }
}, },
"systems": { "systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"id": "systems",
"type": "indirect"
}
},
"systems_2": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -478,7 +546,7 @@
"bats-assert": "bats-assert", "bats-assert": "bats-assert",
"bats-support": "bats-support", "bats-support": "bats-support",
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_6", "nixpkgs": "nixpkgs_7",
"terranix-examples": "terranix-examples" "terranix-examples": "terranix-examples"
}, },
"locked": { "locked": {
@ -510,6 +578,27 @@
"type": "github" "type": "github"
} }
}, },
"treefmt": {
"inputs": {
"nixpkgs": [
"kubenix",
"nixpkgs"
]
},
"locked": {
"lastModified": 1688026376,
"narHash": "sha256-qJmkr9BWDpqblk4E9/rCsAEl39y2n4Ycw6KRopvpUcY=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "df3f32b0cc253dfc7009b7317e8f0e7ccd70b1cf",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
},
"treefmt-nix": { "treefmt-nix": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -519,11 +608,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1695822946, "lastModified": 1697388351,
"narHash": "sha256-IQU3fYo0H+oGlqX5YrgZU3VRhbt2Oqe6KmslQKUO4II=", "narHash": "sha256-63N2eBpKaziIy4R44vjpUu8Nz5fCJY7okKrkixvDQmY=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "720bd006d855b08e60664e4683ccddb7a9ff614a", "rev": "aae39f64f5ecbe89792d05eacea5cb241891292a",
"type": "github" "type": "github"
}, },
"original": { "original": {

11
flake.nix
View file

@ -18,9 +18,10 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
alertmanager-ntfy.url = "github:alexbakker/alertmanager-ntfy"; alertmanager-ntfy.url = "github:alexbakker/alertmanager-ntfy";
kubenix.url = "github:hall/kubenix";
}; };
outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix, alertmanager-ntfy, nixpkgs-wayland}: outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix, alertmanager-ntfy, nixpkgs-wayland, kubenix }@inputs:
let let
pkgs = nixpkgs.legacyPackages.x86_64-linux; pkgs = nixpkgs.legacyPackages.x86_64-linux;
tf = terranix.lib.terranixConfiguration { tf = terranix.lib.terranixConfiguration {
@ -52,7 +53,13 @@
format = "sd-aarch64-installer"; format = "sd-aarch64-installer";
}; };
}; };
packages.x86_64-linux = {
kubernetes = (kubenix.evalModules.x86_64-linux {
module = { kubenix, ... }: {
imports = [ kubenix.modules.k8s ./homelab/kubernetes.nix ];
};
}).config.kubernetes.result;
};
apps = nixinate.nixinate.x86_64-linux self // { apps = nixinate.nixinate.x86_64-linux self // {
x86_64-linux = { x86_64-linux = {
tf-plan = { tf-plan = {

4
homelab/kubernetes.nix Normal file
View file

@ -0,0 +1,4 @@
{ config, kubenix, ... }: {
imports = [ kubenix.modules.k8s
(import ./tclip.nix) ];
}

2
homelab/prometheus-agent.yml
View file

@ -61,3 +61,5 @@ prometheus:
key: password key: password
grafana: grafana:
enabled: false enabled: false
alertmanager:
enabled: false

59
homelab/tclip.nix Normal file
View file

@ -0,0 +1,59 @@
let
appName = "tclip";
litestreamImage = "litestream/litestream:sha-749bc0d";
tclipImage = "git.gmem.ca/arch/tclip:arm";
in
{
kubernetes.resources.statefulSets.tclip.spec = {
selector.matchLabels.app = appName;
serviceName = appName;
template = {
metadata.labels.app = appName;
spec = {
volumes = {
litestream.configMap.name = "tclip-litestream";
config.configMap.name = "tclip";
};
initContainers.init-litestream = {
image = litestreamImage;
args = ["restore" "-if-db-not-exists" "-if-replica-exists" "-v" "/data/data.db" ];
volumeMounts = [
{ name = "data"; mountPath = "/data"; }
{ name = "litestream"; mountPath = "/etc/litestream.yml"; subPath = "tclip.yml"; }
];
envFrom = [ { secretRef.name = "tclip-litestream-s3"; } ];
};
containers = {
tclip = {
image = tclipImage;
imagePullPolicy = "Always";
volumeMounts = [ { name = "data"; mountPath = "/data"; } ];
env = [
{ name = "DATA_DIR"; value = "/data"; }
{ name = "USE_FUNNEL"; value = "true"; }
];
};
litestream = {
image = litestreamImage;
args = [ "replicate" ];
volumeMounts = [
{ name = "data"; mountPath = "/data"; }
{ name = "litestream"; mountPath = "/etc/litestream.yml"; subPath = "tclip.yml"; }
];
envFrom = [ { secretRef.name = "tclip-litestream-s3"; } ];
ports.metrics.containerPort = 9090;
};
};
};
};
volumeClaimTemplates = [
{ metadata.name = "data";
spec = {
storageClassName = "nfs-client";
accessModes = [ "ReadWriteOnce" ];
resources.requests.storage = "1Gi";
};
}
];
};
}

1
nix/london/configuration.nix
View file

@ -8,6 +8,7 @@
# Bootloader # Bootloader
boot = { boot = {
# supportedFilesystems = [ "bcachefs" ];
loader = { loader = {
grub = { grub = {
enable = true; enable = true;

4
nix/london/gsimmer.nix
View file

@ -16,7 +16,7 @@
[ [
(import (builtins.fetchTarball { (import (builtins.fetchTarball {
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz"; url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
sha256 = "0sf0xnv5mbkrp1gkvy00rkf1jw0zzhj4h6l0qs14arqpg0ncby7x"; sha256 = "0vhw5cl26p64j660nwil1dgs3js4pzdjh29ch2gl1yn8gbacz5xd";
})) discordOverlay]; })) discordOverlay];
}; };
home = { home = {
@ -565,7 +565,7 @@ $env.config = {
discord discord
mangohud mangohud
comma comma
gamescope grimblast
]; ];
# This value determines the Home Manager release that your # This value determines the Home Manager release that your

13
nix/monitoring/configuration.nix
View file

@ -44,10 +44,15 @@
services.grafana = { services.grafana = {
enable = true; enable = true;
settings.server = { settings = {
domain = "grafana.gmem.ca"; feature_toggles = {
http_port = 2342; publicDashboards = true;
http_addr = "127.0.0.1"; };
server = {
domain = "grafana.gmem.ca";
http_port = 2342;
http_addr = "127.0.0.1";
};
}; };
}; };
services.loki = { services.loki = {

5
scripts/add-ssh-keys.sh
View file

@ -1,5 +0,0 @@
# simply pull keys down from sourcehut.
# i would use github, but my keys are a bit of a mess there, and it doesn't
# really matter.
mkdir -p $HOME/.ssh
curl https://meta.sr.ht/~gmem.keys >> $HOME/.ssh/authorized_keys

8
scripts/backup-mc-server.sh
View file

@ -1,8 +0,0 @@
# backs up minecraft server, assuming it's using a systemd socket.
# see /systemd
echo "Backing up server world"
echo "say Backing up world, please wait..." > /home/ubuntu/mc/minecraft.control
echo "save-off" > /home/ubuntu/mc/minecraft.control
rclone sync /home/ubuntu/mc hetzner: -P
echo "save-on" > /home/ubuntu/mc/minecraft.control
echo "say World backed up, saving re-enabled" > /home/ubuntu/mc/minecraft.control

9
scripts/start-mc-server.sh
View file

@ -1,9 +0,0 @@
# start minecraft server with optimised jvm flags from https://mcflags.emc.gs
java -Xms6G -Xmx6G -XX:+UseG1GC -XX:+ParallelRefProcEnabled -XX:MaxGCPauseMillis=200 \
-XX:+UnlockExperimentalVMOptions -XX:+DisableExplicitGC -XX:+AlwaysPreTouch \
-XX:G1NewSizePercent=30 -XX:G1MaxNewSizePercent=40 -XX:G1HeapRegionSize=8M \
-XX:G1ReservePercent=20 -XX:G1HeapWastePercent=5 -XX:G1MixedGCCountTarget=4 \
-XX:InitiatingHeapOccupancyPercent=15 -XX:G1MixedGCLiveThresholdPercent=90 \
-XX:G1RSetUpdatingPauseTimePercent=5 -XX:SurvivorRatio=32 -XX:+PerfDisableSharedMem \
-XX:MaxTenuringThreshold=1 -Dusing.aikars.flags=https://mcflags.emc.gs -Daikars.new.flags=true \
-jar paper.jar --nogui