Compare commits
3 commits
61f316b8e4
...
12dd979483
Author | SHA1 | Date | |
---|---|---|---|
Gabriel Simmer | 12dd979483 | ||
Gabriel Simmer | 541a1f9721 | ||
Gabriel Simmer | 92380a3b4b |
154
flake.lock
154
flake.lock
|
@ -1,21 +1,5 @@
|
|||
{
|
||||
"nodes": {
|
||||
"advisory-db": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1697318478,
|
||||
"narHash": "sha256-ZEDgHfurZiv9lBGTmHnQ0YECoi6H2NYs3pTo1VU1koQ=",
|
||||
"owner": "rustsec",
|
||||
"repo": "advisory-db",
|
||||
"rev": "71d80e811f2e29a4b82d3e545ad6591e35227e03",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "rustsec",
|
||||
"repo": "advisory-db",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"agenix": {
|
||||
"inputs": {
|
||||
"darwin": "darwin",
|
||||
|
@ -88,27 +72,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"crane": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"vrchat-prometheus-adapter",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1697811061,
|
||||
"narHash": "sha256-NhSq9+Ya8vTqsKzHpSWNGYxto71VZ4THAx3hn6maoTs=",
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"rev": "6b229eec8adc685e2cb95f27ad59c22e82992f70",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ipetkov",
|
||||
"repo": "crane",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"darwin": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
@ -131,30 +94,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"fenix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"vrchat-prometheus-adapter",
|
||||
"nixpkgs"
|
||||
],
|
||||
"rust-analyzer-src": [
|
||||
"vrchat-prometheus-adapter"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1697782927,
|
||||
"narHash": "sha256-OikLtn3e0kR5ztHJbLzS/5mUMadXfgRGKA1BDgcTa60=",
|
||||
"owner": "nix-community",
|
||||
"repo": "fenix",
|
||||
"rev": "e5f13bd304140705f6aba0f121cee7775d861897",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "fenix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
|
@ -256,24 +195,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_4": {
|
||||
"inputs": {
|
||||
"systems": "systems_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694529238,
|
||||
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
@ -302,11 +223,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1698392685,
|
||||
"narHash": "sha256-yx/sbRneR2AfSAeAMqUu0hoVJdjh+qhl/7dkirp8yo8=",
|
||||
"lastModified": 1698479159,
|
||||
"narHash": "sha256-rJHBDwW4LbADEfhkgGHjKGfL2dF44NrlyXdXeZrQahs=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "1369d2cefb6f128c30e42fabcdebbacc07e18b3f",
|
||||
"rev": "f92a54fef4eacdbe86b0a2054054dd58b0e2a2a4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -470,11 +391,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1698354843,
|
||||
"narHash": "sha256-eTsga6QxX9gVwC6zsUNs0UPyQX9hToVi5jSE0XUH42Y=",
|
||||
"lastModified": 1698459598,
|
||||
"narHash": "sha256-2etAvtTLoPsvEJ4P6rKnHE8Ipp6MVNMGlik1JqHdqL0=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs-wayland",
|
||||
"rev": "50c2725465ab035b232ef8ae9b976f4ac25c772b",
|
||||
"rev": "bcadcb13f0248fa7e6355a35c3c263fc76edc632",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -533,11 +454,11 @@
|
|||
},
|
||||
"nixpkgs_5": {
|
||||
"locked": {
|
||||
"lastModified": 1698266953,
|
||||
"narHash": "sha256-jf72t7pC8+8h8fUslUYbWTX5rKsRwOzRMX8jJsGqDXA=",
|
||||
"lastModified": 1698336494,
|
||||
"narHash": "sha256-sO72WDBKyijYD1GcKPlGsycKbMBiTJMBCnmOxLAs880=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "75a52265bda7fd25e06e3a67dee3f0354e73243c",
|
||||
"rev": "808c0d8c53c7ae50f82aca8e7df263225cf235bf",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -578,22 +499,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_8": {
|
||||
"locked": {
|
||||
"lastModified": 1697730408,
|
||||
"narHash": "sha256-Ww//zzukdTrwTrCUkaJA/NsaLEfUfQpWZXBdXBYfhak=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ff0a5a776b56e0ca32d47a4a47695452ec7f7d80",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "nixpkgs-unstable",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"root": {
|
||||
"inputs": {
|
||||
"agenix": "agenix",
|
||||
|
@ -604,8 +509,7 @@
|
|||
"nixos-generators": "nixos-generators",
|
||||
"nixpkgs": "nixpkgs_5",
|
||||
"nixpkgs-wayland": "nixpkgs-wayland",
|
||||
"terranix": "terranix",
|
||||
"vrchat-prometheus-adapter": "vrchat-prometheus-adapter"
|
||||
"terranix": "terranix"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
|
@ -637,21 +541,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_3": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"terranix": {
|
||||
"inputs": {
|
||||
"bats-assert": "bats-assert",
|
||||
|
@ -731,29 +620,6 @@
|
|||
"repo": "treefmt-nix",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"vrchat-prometheus-adapter": {
|
||||
"inputs": {
|
||||
"advisory-db": "advisory-db",
|
||||
"crane": "crane",
|
||||
"fenix": "fenix",
|
||||
"flake-utils": "flake-utils_4",
|
||||
"nixpkgs": "nixpkgs_8"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1698265247,
|
||||
"narHash": "sha256-e8MyvjIUt8Yatqt93rlmQIuMSTJcsqFdfXZ/AwF7lCg=",
|
||||
"ref": "master",
|
||||
"rev": "012771f2fbb026dffac8b60a54d28a68ea82b83a",
|
||||
"revCount": 13,
|
||||
"type": "git",
|
||||
"url": "https://git.gmem.ca/arch/vrchat-prometheus-adapter"
|
||||
},
|
||||
"original": {
|
||||
"ref": "master",
|
||||
"type": "git",
|
||||
"url": "https://git.gmem.ca/arch/vrchat-prometheus-adapter"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
|
|
15
flake.nix
15
flake.nix
|
@ -147,6 +147,21 @@
|
|||
}
|
||||
];
|
||||
};
|
||||
oracle-tunnel = nixpkgs.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
modules = [
|
||||
(import ./nix/oracle-nix-cache/configuration.nix)
|
||||
{
|
||||
_module.args.nixinate = {
|
||||
host = "100.110.30.80";
|
||||
sshUser = "root";
|
||||
buildOn = "remote";
|
||||
substituteOnTarget = true;
|
||||
hermetic = false;
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
monitoring = nixpkgs.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
modules = [
|
||||
|
|
48
homelab/authentik.yml
Normal file
48
homelab/authentik.yml
Normal file
|
@ -0,0 +1,48 @@
|
|||
authentik:
|
||||
# This sends anonymous usage-data, stack traces on errors and
|
||||
# performance data to sentry.io, and is fully opt-in
|
||||
error_reporting:
|
||||
enabled: false
|
||||
envValueFrom:
|
||||
AUTHENTIK_SECRET_KEY:
|
||||
secretKeyRef:
|
||||
name: authentik-secrets
|
||||
key: secret-key
|
||||
AUTHENTIK_POSTGRESQL__HOST:
|
||||
secretKeyRef:
|
||||
name: hippo-pguser-authentik
|
||||
key: host
|
||||
AUTHENTIK_POSTGRESQL__PASSWORD:
|
||||
secretKeyRef:
|
||||
name: hippo-pguser-authentik
|
||||
key: password
|
||||
AUTHENTIK_POSTGRESQL__USER:
|
||||
secretKeyRef:
|
||||
name: hippo-pguser-authentik
|
||||
key: user
|
||||
AUTHENTIK_POSTGRESQL__PORT:
|
||||
secretKeyRef:
|
||||
name: hippo-pguser-authentik
|
||||
key: port
|
||||
|
||||
prometheus:
|
||||
serviceMonitor:
|
||||
create: true
|
||||
|
||||
ingress:
|
||||
# Specify kubernetes ingress controller class name
|
||||
ingressClassName: nginx
|
||||
enabled: true
|
||||
hosts:
|
||||
# Specify external host name
|
||||
- host: authentik.gmem.ca
|
||||
paths:
|
||||
- path: "/"
|
||||
pathType: Prefix
|
||||
# Specify external host name
|
||||
- host: prometheus.gmem.ca
|
||||
paths:
|
||||
- path: "/"
|
||||
pathType: Prefix
|
||||
redis:
|
||||
enabled: true
|
49
homelab/postgres-cluster.yml
Normal file
49
homelab/postgres-cluster.yml
Normal file
|
@ -0,0 +1,49 @@
|
|||
apiVersion: postgres-operator.crunchydata.com/v1beta1
|
||||
kind: PostgresCluster
|
||||
metadata:
|
||||
name: hippo
|
||||
spec:
|
||||
image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres:ubi8-15.4-1
|
||||
postgresVersion: 15
|
||||
databaseInitSQL:
|
||||
key: init.sql
|
||||
name: init-sql
|
||||
instances:
|
||||
- name: instance1
|
||||
replicas: 3
|
||||
dataVolumeClaimSpec:
|
||||
accessModes:
|
||||
- "ReadWriteOnce"
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
backups:
|
||||
pgbackrest:
|
||||
image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.47-1
|
||||
repos:
|
||||
- name: repo1
|
||||
volume:
|
||||
volumeClaimSpec:
|
||||
accessModes:
|
||||
- "ReadWriteOnce"
|
||||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
monitoring:
|
||||
pgmonitor:
|
||||
exporter:
|
||||
image: registry.developers.crunchydata.com/crunchydata/crunchy-postgres-exporter:ubi8-5.4.3-0
|
||||
|
||||
users:
|
||||
- name: authentik
|
||||
databases:
|
||||
- authentik
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: init-sql
|
||||
data:
|
||||
init.sql: |
|
||||
\c authentik
|
||||
GRANT CREATE ON SCHEMA public TO "authentik";
|
|
@ -32,6 +32,11 @@
|
|||
owner = "prometheus";
|
||||
};
|
||||
|
||||
age.secrets.grafana-client-secret = {
|
||||
file = ../../secrets/monitoring-grafana-client-secret.age;
|
||||
owner = "grafana";
|
||||
};
|
||||
|
||||
boot.tmp.cleanOnBoot = true;
|
||||
zramSwap.enable = true;
|
||||
networking.hostName = "monitoring";
|
||||
|
@ -48,10 +53,30 @@
|
|||
feature_toggles = {
|
||||
publicDashboards = true;
|
||||
};
|
||||
log = {
|
||||
filters = "oauth.generic_oauth:debug";
|
||||
};
|
||||
server = {
|
||||
domain = "grafana.gmem.ca";
|
||||
http_port = 2342;
|
||||
http_addr = "127.0.0.1";
|
||||
root_url = "https://grafana.gmem.ca";
|
||||
};
|
||||
auth = {
|
||||
signout_redirect_url = "https://authentik.gmem.ca/application/o/grafana/end-session/";
|
||||
oauth_auto_login = true;
|
||||
};
|
||||
"auth.generic_oauth" = {
|
||||
name = "authentik";
|
||||
client_id = "VbOQzwuf0UK9AUGrWvaVaWWHvX2fJsZChxJNGt61";
|
||||
client_secret = "$__file{${config.age.secrets.grafana-client-secret.path}}";
|
||||
auth_url = "https://authentik.gmem.ca/application/o/authorize/";
|
||||
api_url = "https://authentik.gmem.ca/application/o/userinfo/";
|
||||
token_url = "https://authentik.gmem.ca/application/o/token/";
|
||||
enabled = true;
|
||||
scopes = "openid email grafana-user";
|
||||
role_attribute_path = "contains(info.groups[*], 'Grafana Admins') && 'Admin' || contains(info.groups[*], 'Grafana Editors') && 'Editor' || 'Viewer'";
|
||||
role_attribute_strict = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
[ # Include the results of the hardware scan.
|
||||
./hardware.nix
|
||||
];
|
||||
|
||||
|
||||
boot = {
|
||||
tmp.cleanOnBoot = true;
|
||||
};
|
||||
|
@ -102,6 +102,24 @@
|
|||
'';
|
||||
};
|
||||
};
|
||||
"authentik.gmem.ca" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyWebsockets = true;
|
||||
proxyPass = "https://pi.gmem.ca";
|
||||
recommendedProxySettings = true;
|
||||
};
|
||||
};
|
||||
"prometheus.gmem.ca" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyWebsockets = true;
|
||||
proxyPass = "https://pi.gmem.ca";
|
||||
recommendedProxySettings = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -113,8 +131,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
system.copySystemConfiguration = true;
|
||||
|
||||
system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT?
|
||||
|
||||
}
|
||||
|
|
|
@ -18,4 +18,6 @@ in
|
|||
"secrets/fastmail-smtp.age".publicKeys = machines ++ users;
|
||||
"secrets/healthchecks-telegram.age".publicKeys = [ monitoring gsimmer ];
|
||||
"secrets/cloudflare-dns.age".publicKeys = machines ++ users;
|
||||
"secrets/monitoring-grafana-client-secret.age".publicKeys = [monitoring gsimmer ];
|
||||
|
||||
}
|
||||
|
|
12
secrets/monitoring-grafana-client-secret.age
Normal file
12
secrets/monitoring-grafana-client-secret.age
Normal file
|
@ -0,0 +1,12 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 J+a91w MspB+ESDy17zh+NaXVVvkDzJwmd6xvDZRLKLknI0HD0
|
||||
lbDHx++2KiLriLPS7xen9gUBio3qhvTTjmRfsneY3jw
|
||||
-> ssh-ed25519 qbziOw IYugyWtXbgT+Vog5LxA1uIBDuiUt9sHhl0y3raBbMjU
|
||||
eXdKqKoNyvySpdwWz5iN1wMQQFS8ywsw0ewxZ0uPLIk
|
||||
-> *k0)-grease
|
||||
zR3oS3o1GDM0/uiHjtSfaxUemA+d8W3NITQqLIo74pxWnGcTNrBj9dfRVWrf6oBp
|
||||
0p/FspjSLfruaATq9bU/REl+zLICKAy1oIpeq8gMA5yWsqh3lfiHntNF1lO3iGFn
|
||||
|
||||
--- 6FsNkLYmYMYsJ8Ao4fUoJ9lJqm2k+mXM6lLepEzO/h0
|
||||
³<EFBFBD>”?@p«2~øCŠ˜
|
||||
óÎ1ôÂÆxâfiÏLÚ@õž}®ÃËJ¨V×ÖËòk¯ÜÎà´m`V€'˜œÜéÂzÔ.Ïþ”ëú n&g²Ó
ΛïG1îUz©èLâ¸qÇæ >÷<>#ø¨´*°ê<C2B0>•ïrYèyú|Ñ–RYP£%ônÛç!œzÇòºBË£Q#Ôüõv¾ëÌ<C3AB><C38C>yË‚
|
Loading…
Reference in a new issue