arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

Compare commits

base: arch:6a02df9e1f31ce3819dc1953c33cf1eec427f5d5
Branches Tags
arch:trunk
arch:woodpecker-ci
...
compare: arch:1ab0900045d6646098d296f2d7005c5ebd97c9ee
Branches Tags
arch:trunk
arch:woodpecker-ci

5 commits
6a02df9e1f ... 1ab0900045

Author SHA1 Message Date
Gabriel Simmer 1ab0900045
Update flake
All checks were successful
Lint / lint (push) Successful in 20s
Details
2023-12-09 22:43:11 +00:00
Gabriel Simmer a646d7dd18
Bump overseerr resources 2023-12-09 22:42:57 +00:00
Gabriel Simmer 174568769d
immich database, podmonitor for postgres 2023-12-09 22:42:44 +00:00
Gabriel Simmer 2ab01e2244
Remove CoreDNS 
Moving to dedicated NextDNS profile
 2023-12-09 22:42:25 +00:00
Gabriel Simmer 8ac3809475
Deploy immich! 2023-12-09 22:42:14 +00:00
10 changed files with 95 additions and 34 deletions
Show stats Expand all files Collapse all files

6
flake.lock
View file

@ -223,11 +223,11 @@
]
},
"locked": {
"lastModified": 1701728041,
"narHash": "sha256-x0pyrI1vC8evVDxCxyO6olOyr4wlFg9+VS3C3p4xFYQ=",
"lastModified": 1702110869,
"narHash": "sha256-hgbzPjIMLYJf3Ekq9qZCpDcIZn1BZmOp7d6PMkIWknU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "ac7216918cd65f3824ba7817dea8f22e61221eaf",
"rev": "7db6291d95693374d408f4877c265ec7481f222b",
"type": "github"
},
"original": {

2
flake.nix
View file

@ -154,7 +154,7 @@
(import ./nix/oracle-nix-cache/configuration.nix)
{
_module.args.nixinate = {
host = "100.110.30.80";
host = "100.98.25.34";
sshUser = "root";
buildOn = "remote";
substituteOnTarget = true;

15
homelab/homepage.nix
View file

@ -120,10 +120,10 @@
};
};
}
{ "Proxmox Sandbox" = {
{ "Proxmox Homelab" = {
icon = "proxmox.png";
href = "https://proxmox.scorpion-ghost.ts.net";
description = "Sandbox proxmox instance on Hetzner";
description = "Homelabe proxmox";
widget = {
type = "proxmox";
url = "https://proxmox.scorpion-ghost.ts.net";
@ -132,6 +132,17 @@
};
};
}
{ "Immich" = {
icon = "immich.png";
href = "https://photos.gmem.ca";
description = "Image hosting";
widget = {
type = "immich";
url = "https://photos.gmem.ca";
key = "{{HOMEPAGE_VAR_IMMICH_KEY}}";
};
};
}
];
}
{

47
homelab/immich.nix Normal file
View file

@ -0,0 +1,47 @@
{ lib, config, kubenix, ... }: {
kubernetes.helm.releases.immich = {
chart = kubenix.lib.helm.fetch {
repo = "https://immich-app.github.io/immich-charts";
chart = "immich";
version = "0.2.0";
sha256 = "7G7xfJ+Ay4TQUBiOPYr9Zl/hDDhCpZQbuKDQWl3Hmrg=";
};
# arbitrary attrset passed as values to the helm release
values = {
image.tag = "v1.90.2";
machine-learning.enabled = false;
typesense.enabled = true;
typesense.persistence.tsdata.enabled = true;
immich.persistence.library.existingClaim = "immich";
redis.enabled = true;
env = {
PGSSLMODE = "no-verify";
DB_URL.valueFrom.secretKeyRef = {
name = "hippo-pguser-immich";
key = "uri";
};
};
server.ingress.main = {
enabled = true;
annotations = {
"cert-manager.io/issuer" = "le-issuer";
};
tls = [ { hosts = [ "photos.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
hosts = [
{
host = "photos.gmem.ca";
paths = [ { path = "/"; } ];
}
];
};
};
};
kubernetes.resources.persistentVolumeClaims.immich = {
metadata.name = "immich";
spec = {
accessModes = ["ReadWriteOnce"];
resources.requests.storage = "50Gi";
};
};
}

1
homelab/kubernetes.nix
View file

@ -5,5 +5,6 @@
(import ./tclip.nix)
(import ./vrchat-prometheus-exporter.nix)
(import ./overseerr.nix)
(import ./immich.nix)
(import ./homepage.nix) ];
}

8
homelab/overseerr.nix
View file

@ -30,12 +30,12 @@ in
ports.metrics.containerPort = 5055;
resources = {
requests = {
cpu = "50m";
memory = "32Mi";
cpu = "500m";
memory = "128Mi";
};
limits = {
cpu = "500m";
memory = "256Mi";
cpu = "1";
memory = "512Mi";
};
};
};

22
homelab/postgres-cluster.yml
View file

@ -48,6 +48,9 @@ spec:
- name: authentik
databases:
- authentik
- name: immich
databases:
- immich
---
apiVersion: v1
kind: ConfigMap
@ -57,3 +60,22 @@ data:
init.sql: |
\c authentik
GRANT CREATE ON SCHEMA public TO "authentik";
\c immich
GRANT CREATE ON SCHEMA public TO "immich";
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: hippo
spec:
selector:
matchLabels:
postgres-operator.crunchydata.com/cluster: hippo
postgres-operator.crunchydata.com/crunchy-postgres-exporter: "true"
podTargetLabels:
- postgres-operator.crunchydata.com/cluster
- postgres-operator.crunchydata.com/role
- postgres-operator.crunchydata.com/instance
podMetricsEndpoints:
- port: exporter
interval: 30s

14
nix/nas/configuration.nix
View file

@ -191,20 +191,6 @@
];
};
};
coredns = {
enable = true;
config =
''
.:53 {
prometheus 100.116.48.47:9253
health
file /var/src/dns.db git.gmem.ca food.gmem.ca
forward . 45.90.28.116 45.90.30.116
bind tailscale0
}
'';
};
pipewire = {
enable = true;
alsa.enable = true;

9
nix/nas/dns.db
View file

@ -1,9 +0,0 @@
git.gmem.ca. 3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
food.gmem.ca. 3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
git.gmem.ca. 3600 IN A 100.116.48.47
git.gmem.ca. 3600 IN AAAA fd7a:115c:a1e0:ab12:4843:cd96:6274:302f
food.gmem.ca. 3600 IN A 100.77.43.133
food.gmem.ca. 3600 IN AAAA fd7a:115c:a1e0:ab12:4843:cd96:624d:2b85
gmem.ca. 3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
gmem.ca. 3600 IN NS ruth.ns.cloudflare.com. seth.ns.cloudflare.com.

5
nix/oracle-nix-cache/configuration.nix
View file

@ -111,13 +111,16 @@
recommendedProxySettings = true;
};
};
"prometheus.gmem.ca" = {
"photos.gmem.ca" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyWebsockets = true;
proxyPass = "https://pi.gmem.ca";
recommendedProxySettings = true;
extraConfig = ''
client_max_body_size 50000M;
'';
};
};
};