Compare commits
No commits in common. "6a02df9e1f31ce3819dc1953c33cf1eec427f5d5" and "0d3dda6646db38b501866eef0b6faed66af8dfa6" have entirely different histories.
6a02df9e1f
...
0d3dda6646
76
flake.lock
76
flake.lock
|
@ -134,11 +134,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1701473968,
|
||||
"narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
|
||||
"lastModified": 1698882062,
|
||||
"narHash": "sha256-HkhafUayIqxXyHH1X8d9RDl1M2CkFgZLjKD3MzabiEo=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
|
||||
"rev": "8c9fa2545007b49a5db5f650ae91f227672c3877",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -167,11 +167,11 @@
|
|||
"systems": "systems_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1701680307,
|
||||
"narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=",
|
||||
"lastModified": 1694529238,
|
||||
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "4022d587cbbfd70fe950c1e2083a02621806a725",
|
||||
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -223,11 +223,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1701728041,
|
||||
"narHash": "sha256-x0pyrI1vC8evVDxCxyO6olOyr4wlFg9+VS3C3p4xFYQ=",
|
||||
"lastModified": 1699663185,
|
||||
"narHash": "sha256-hI3CZPINBWstkMN+ptyzWibw5eRtFCiEvO7zR61bGBs=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "ac7216918cd65f3824ba7817dea8f22e61221eaf",
|
||||
"rev": "691cbcc03af6ad1b5384c0e0e0b5f2298f58c5ce",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -244,11 +244,11 @@
|
|||
"treefmt": "treefmt"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1700116223,
|
||||
"lastModified": 1699581775,
|
||||
"narHash": "sha256-Pld/UXlBcIDnQMY0JkDzChJkbof/zEcRkaiXtzvArEE=",
|
||||
"owner": "hall",
|
||||
"repo": "kubenix",
|
||||
"rev": "e4d036576436b9983216584a89388af3da995043",
|
||||
"rev": "fceda8451461ee5e623815414f76885df77b7217",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -263,11 +263,11 @@
|
|||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1701901779,
|
||||
"narHash": "sha256-niromWK2vW1p/pzbsMjpBq2wi/yR1UgYXplvIG2EoI4=",
|
||||
"lastModified": 1699186103,
|
||||
"narHash": "sha256-B13wpM9/sLYBO2TjxFYLhPUD9v3LVFVOmH12pGB3E0w=",
|
||||
"owner": "nix-community",
|
||||
"repo": "lib-aggregate",
|
||||
"rev": "967acb55282cb9fa9c3c91d4ca91c92b7befc7bb",
|
||||
"rev": "99ff947f29d9c89fe26072b1927e594ee45ccda0",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -284,11 +284,11 @@
|
|||
"treefmt-nix": "treefmt-nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1701852992,
|
||||
"narHash": "sha256-9k+nGxwpxuyocsvitsx1Y2SGI/FScVzXjLyGsVjE/wo=",
|
||||
"lastModified": 1699261003,
|
||||
"narHash": "sha256-wkOVJ2wkPpTYqipDF693bEAUQ838xjloUcs6WNsTMlw=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-eval-jobs",
|
||||
"rev": "0f8e80f29287a7c01144603fb0030fdd7216dd98",
|
||||
"rev": "2b55f473c960d38a40678d9831fc1dcb87615a98",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -306,11 +306,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1701208414,
|
||||
"narHash": "sha256-xrQ0FyhwTZK6BwKhahIkUVZhMNk21IEI1nUcWSONtpo=",
|
||||
"lastModified": 1698974481,
|
||||
"narHash": "sha256-yPncV9Ohdz1zPZxYHQf47S8S0VrnhV7nNhCawY46hDA=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-github-actions",
|
||||
"rev": "93e39cc1a087d65bcf7a132e75a650c44dd2b734",
|
||||
"rev": "4bb5e752616262457bc7ca5882192a564c0472d2",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -360,11 +360,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1701689616,
|
||||
"narHash": "sha256-ewnfgvRy73HoP5KnYmy1Rcr4m4yShvsb6TCCaKoW8pc=",
|
||||
"lastModified": 1696058303,
|
||||
"narHash": "sha256-eNqKWpF5zG0SrgbbtljFOrRgFgRzCc4++TMFADBMLnc=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"rev": "246219bc21b943c6f6812bb7744218ba0df08600",
|
||||
"rev": "150f38bd1e09e20987feacb1b0d5991357532fb5",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -391,11 +391,11 @@
|
|||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"lastModified": 1701564385,
|
||||
"narHash": "sha256-um5ce7hnsQ8Do+oKf90zGKVmEqufr4Q6T8zfY9Hon38=",
|
||||
"lastModified": 1699145078,
|
||||
"narHash": "sha256-OO1b3jiMUGjafD2ErkbTPVgUlhmyWo2Z5i0k2kD1ViU=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "152c00fc19bc45af5dd65bd41d1d020c2ba0b4ca",
|
||||
"rev": "174d7dc67189bc4a53f1bffb4fb9d0f13b79cd3c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -414,11 +414,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1701902161,
|
||||
"narHash": "sha256-xi5JKgNaNl5XG/tstZ+bA3KpgB+qSGasJinSJP37PBg=",
|
||||
"lastModified": 1699629370,
|
||||
"narHash": "sha256-HwoRInCXXdEUcfXEnlWb7v4nuQLUo5dT9ZWTb2C1Vik=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs-wayland",
|
||||
"rev": "916f946eb68f5ee3528c628752bd2e85366d8886",
|
||||
"rev": "62a9b65dfb8c182530887d567a7c796fe2bb514e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -477,11 +477,11 @@
|
|||
},
|
||||
"nixpkgs_5": {
|
||||
"locked": {
|
||||
"lastModified": 1701693815,
|
||||
"narHash": "sha256-7BkrXykVWfkn6+c1EhFA3ko4MLi3gVG0p9G96PNnKTM=",
|
||||
"lastModified": 1699343069,
|
||||
"narHash": "sha256-s7BBhyLA6MI6FuJgs4F/SgpntHBzz40/qV0xLPW6A1Q=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "09ec6a0881e1a36c29d67497693a67a16f4da573",
|
||||
"rev": "ec750fd01963ab6b20ee1f0cb488754e8036d89d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -493,11 +493,11 @@
|
|||
},
|
||||
"nixpkgs_6": {
|
||||
"locked": {
|
||||
"lastModified": 1701847270,
|
||||
"narHash": "sha256-ttPWHy1NZwJzSzY7OmofFNyrm9kWc+RFFHpJGeQ4kWw=",
|
||||
"lastModified": 1699236715,
|
||||
"narHash": "sha256-oel+a6B5mBO7vA1A/I9A9VTK2jW5shnYAuu08RYhmxQ=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "9ed8ade77aef706a03d8cc3a5ad4f60848ac59a7",
|
||||
"rev": "0d93ec62e06faec6c52331a8a87bd5721b38ce14",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -631,11 +631,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1701682826,
|
||||
"narHash": "sha256-2lxeTUGs8Jzz/wjLgWYmZoXn60BYNRMzwHFtxNFUDLU=",
|
||||
"lastModified": 1698438538,
|
||||
"narHash": "sha256-AWxaKTDL3MtxaVTVU5lYBvSnlspOS0Fjt8GxBgnU0Do=",
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"rev": "affe7fc3f5790e1d0b5ba51bcff0f7ebe465e92d",
|
||||
"rev": "5deb8dc125a9f83b65ca86cf0c8167c46593e0b1",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -77,7 +77,33 @@
|
|||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
{
|
||||
Reading = [
|
||||
{ FreshRSS = {
|
||||
icon = "freshrss.png";
|
||||
href = "https://freshrss.gmem.ca";
|
||||
description = "FreshRSS RSS Reader";
|
||||
widget = {
|
||||
type = "freshrss";
|
||||
url = "https://freshrss.gmem.ca";
|
||||
username = "arch";
|
||||
password = "{{HOMEPAGE_VAR_FRESHRSS_PASSWORD}}";
|
||||
};
|
||||
};
|
||||
}
|
||||
{ "Lobste.rs" = {
|
||||
href = "https://lobste.rs";
|
||||
description = "News aggregator";
|
||||
};
|
||||
}
|
||||
{ "Hacker News" = {
|
||||
href = "https://news.ycombinator.com";
|
||||
description = "VC news aggregator";
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
"Personal Infrastructure" = [
|
||||
{ authentik = {
|
||||
icon = "authentik.png";
|
||||
|
@ -85,30 +111,6 @@
|
|||
description = "OIDC SSO";
|
||||
};
|
||||
}
|
||||
{ Tailscale = {
|
||||
icon = "tailscale.png";
|
||||
href = "https://login.tailscale.com";
|
||||
description = "VPN provider";
|
||||
};
|
||||
}
|
||||
{ Git = {
|
||||
icon = "forgejo.png";
|
||||
href = "https://git.gmem.ca";
|
||||
description = "Git forge";
|
||||
};
|
||||
}
|
||||
{ Grafana = {
|
||||
icon = "grafana.png";
|
||||
href = "https://grafana.gmem.ca";
|
||||
description = "Monitoring & metrics";
|
||||
widget = {
|
||||
type = "grafana";
|
||||
url = "https://grafana.gmem.ca";
|
||||
username = "api@localhost";
|
||||
password = "{{HOMEPAGE_VAR_GRAFANA_PASSWORD}}";
|
||||
};
|
||||
};
|
||||
}
|
||||
{ NextDNS = {
|
||||
icon = "nextdns.png";
|
||||
href = "https://my.nextdns.io";
|
||||
|
@ -132,30 +134,16 @@
|
|||
};
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
Reading = [
|
||||
{ FreshRSS = {
|
||||
icon = "freshrss.png";
|
||||
href = "https://freshrss.gmem.ca";
|
||||
description = "FreshRSS RSS Reader";
|
||||
widget = {
|
||||
type = "freshrss";
|
||||
url = "https://freshrss.gmem.ca";
|
||||
username = "arch";
|
||||
password = "{{HOMEPAGE_VAR_FRESHRSS_PASSWORD}}";
|
||||
};
|
||||
{ Tailscale = {
|
||||
icon = "tailscale.png";
|
||||
href = "https://login.tailscale.com";
|
||||
description = "VPN provider";
|
||||
};
|
||||
}
|
||||
{ "Lobste.rs" = {
|
||||
href = "https://lobste.rs";
|
||||
description = "News aggregator";
|
||||
};
|
||||
}
|
||||
{ "Hacker News" = {
|
||||
href = "https://news.ycombinator.com";
|
||||
description = "VC news aggregator";
|
||||
{ Git = {
|
||||
icon = "forgejo.png";
|
||||
href = "https://git.gmem.ca";
|
||||
description = "Git forge";
|
||||
};
|
||||
}
|
||||
];
|
||||
|
@ -260,8 +248,6 @@
|
|||
base = "https://home.gmem.ca";
|
||||
layout.Media.style = "row";
|
||||
layout.Media.columns = "3";
|
||||
layout."Personal Infrastructure".style = "row";
|
||||
layout."Personal Infrastructure".columns = "3";
|
||||
layout."Backup Status".style = "row";
|
||||
layout."Backup Status".columns = "3";
|
||||
};
|
||||
|
|
|
@ -4,6 +4,5 @@
|
|||
(import ./nginx.nix)
|
||||
(import ./tclip.nix)
|
||||
(import ./vrchat-prometheus-exporter.nix)
|
||||
(import ./overseerr.nix)
|
||||
(import ./homepage.nix) ];
|
||||
}
|
||||
|
|
|
@ -1,78 +0,0 @@
|
|||
let
|
||||
appName = "overseerr";
|
||||
appImage = "sctx/overseerr";
|
||||
in
|
||||
{
|
||||
kubernetes.resources.services.overseerr = {
|
||||
spec = {
|
||||
selector.app = appName;
|
||||
ports.http = {
|
||||
port = 5055;
|
||||
targetPort = 5055;
|
||||
};
|
||||
};
|
||||
};
|
||||
kubernetes.resources.statefulSets.overseerr.spec = {
|
||||
selector.matchLabels.app = appName;
|
||||
serviceName = appName;
|
||||
template = {
|
||||
metadata.labels.app = appName;
|
||||
spec = {
|
||||
volumes = {
|
||||
config.configMap.name = "overseerr";
|
||||
};
|
||||
containers = {
|
||||
overseerr = {
|
||||
image = appImage;
|
||||
volumeMounts = [
|
||||
{ name = "data"; mountPath = "/app/config"; }
|
||||
];
|
||||
ports.metrics.containerPort = 5055;
|
||||
resources = {
|
||||
requests = {
|
||||
cpu = "50m";
|
||||
memory = "32Mi";
|
||||
};
|
||||
limits = {
|
||||
cpu = "500m";
|
||||
memory = "256Mi";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
volumeClaimTemplates = [
|
||||
{ metadata.name = "data";
|
||||
spec = {
|
||||
storageClassName = "nfs-client";
|
||||
accessModes = [ "ReadWriteOnce" ];
|
||||
resources.requests.storage = "1Gi";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
kubernetes.resources.ingresses.overseerr = {
|
||||
metadata = {
|
||||
name = appName;
|
||||
annotations = {
|
||||
"cert-manager.io/issuer" = "le-issuer";
|
||||
};
|
||||
};
|
||||
spec = {
|
||||
tls = [ { hosts = [ "request-media.gmem.ca" ]; secretName = "gmem-ca-wildcard"; } ];
|
||||
rules = [
|
||||
{
|
||||
host = "request-media.gmem.ca";
|
||||
http.paths = [
|
||||
{ path = "/"; pathType = "Prefix";
|
||||
backend.service = {
|
||||
name = appName;
|
||||
port.name = "http"; };
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -19,14 +19,7 @@ spec:
|
|||
storage: 1Gi
|
||||
backups:
|
||||
pgbackrest:
|
||||
manual:
|
||||
repoName: repo1
|
||||
options:
|
||||
- --type=full
|
||||
image: registry.developers.crunchydata.com/crunchydata/crunchy-pgbackrest:ubi8-2.47-1
|
||||
global:
|
||||
repo1-retention-full: "14"
|
||||
repo1-retention-full-type: time
|
||||
repos:
|
||||
- name: repo1
|
||||
volume:
|
||||
|
@ -36,9 +29,6 @@ spec:
|
|||
resources:
|
||||
requests:
|
||||
storage: 1Gi
|
||||
schedules:
|
||||
full: "0 1 * * 0"
|
||||
differential: "0 1 * * 1-6"
|
||||
monitoring:
|
||||
pgmonitor:
|
||||
exporter:
|
||||
|
|
|
@ -236,20 +236,14 @@ $env.config = {
|
|||
use_kitty_protocol: true # enables keyboard enhancement protocol implemented by kitty console, only if your terminal support this
|
||||
|
||||
hooks: {
|
||||
pre_prompt: [{ null }] # run before the prompt is shown
|
||||
pre_execution: [{ null }] # run before the repl input is run
|
||||
env_change: {
|
||||
PWD: [{|before, after| null }] # run if the PWD environment is different since the last repl input
|
||||
}
|
||||
display_output: "if (term size).columns >= 100 { table -e } else { table }" # run to display the output of a pipeline
|
||||
command_not_found: { null } # return an error message when a command is not found
|
||||
pre_prompt: [{ ||
|
||||
if (which direnv | is-empty) {
|
||||
return
|
||||
}
|
||||
|
||||
direnv export json | from json | default {} | load-env
|
||||
}]
|
||||
}
|
||||
}
|
||||
|
||||
menus: [
|
||||
# Configuration for default nushell menus
|
||||
|
|
|
@ -9,18 +9,32 @@
|
|||
# Bootloader
|
||||
boot = {
|
||||
loader = {
|
||||
systemd-boot.enable = true;
|
||||
grub = {
|
||||
enable = true;
|
||||
device = "nodev";
|
||||
useOSProber = true;
|
||||
efiSupport = true;
|
||||
enableCryptodisk = true;
|
||||
};
|
||||
efi = {
|
||||
canTouchEfiVariables = true;
|
||||
efiSysMountPoint = "/boot/efi";
|
||||
};
|
||||
};
|
||||
tmp.cleanOnBoot = true;
|
||||
binfmt.emulatedSystems = [ "aarch64-linux" ];
|
||||
extraModulePackages = [
|
||||
config.boot.kernelPackages.v4l2loopback
|
||||
];
|
||||
kernelPackages = pkgs.linuxPackages_zen;
|
||||
kernelModules = [ "amdgpu" "coretemp" "kvm-amd" "v4l2loopback" ];
|
||||
|
||||
initrd.secrets = {
|
||||
"/crypto_keyfile.bin" = null;
|
||||
};
|
||||
initrd.luks.devices."luks-63100442-37df-4579-a787-cb2f2c67b3d1" = {
|
||||
device = "/dev/disk/by-uuid/63100442-37df-4579-a787-cb2f2c67b3d1";
|
||||
keyFile = "/crypto_keyfile.bin";
|
||||
};
|
||||
};
|
||||
|
||||
time.hardwareClockInLocalTime = true;
|
||||
|
@ -40,16 +54,15 @@
|
|||
nixpkgs.config.allowUnfree = true;
|
||||
systemd.services.NetworkManager-wait-online.enable = false;
|
||||
networking = {
|
||||
hostId = "3c26267f";
|
||||
hostName = "LONDON";
|
||||
networkmanager.enable = true;
|
||||
firewall = {
|
||||
enable = true;
|
||||
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
|
||||
allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
|
||||
allowedTCPPorts = [ 7000 7100 22000 8000 3000 ];
|
||||
allowedTCPPorts = [ 7000 7100 22000 8000 ];
|
||||
allowedUDPPorts = [ 6000 6001 7011 41641 3478 22000 21027 ];
|
||||
trustedInterfaces = [ "enp4s0" "tailscale0" "docker0" ];
|
||||
trustedInterfaces = [ "tailscale0" ];
|
||||
checkReversePath = "loose";
|
||||
};
|
||||
nftables.enable = true;
|
||||
|
@ -95,12 +108,12 @@
|
|||
overrideFolders = false;
|
||||
user = "gsimmer";
|
||||
dataDir = "/home/gsimmer";
|
||||
guiAddress = "100.98.191.127:8384";
|
||||
guiAddress = "100.93.188.51:8384";
|
||||
};
|
||||
usbmuxd.enable = true;
|
||||
prometheus.exporters.node = {
|
||||
enable = true;
|
||||
listenAddress = "100.98.191.127";
|
||||
listenAddress = "100.93.188.51";
|
||||
enabledCollectors = [
|
||||
"systemd" "processes"
|
||||
];
|
||||
|
@ -163,7 +176,6 @@
|
|||
xdg.portal.enable = true;
|
||||
|
||||
programs = {
|
||||
sway.enable = true;
|
||||
gamemode.enable = true;
|
||||
zsh.enable = true;
|
||||
fish.enable = true;
|
||||
|
@ -206,10 +218,10 @@
|
|||
|
||||
fonts = {
|
||||
packages = with pkgs; [
|
||||
ibm-plex
|
||||
jetbrains-mono
|
||||
emojione
|
||||
font-awesome
|
||||
ibm-plex
|
||||
jetbrains-mono
|
||||
emojione
|
||||
font-awesome
|
||||
];
|
||||
enableDefaultPackages = true;
|
||||
};
|
||||
|
@ -236,7 +248,6 @@
|
|||
glmark2
|
||||
libnotify
|
||||
emojione
|
||||
swtpm
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
@ -16,14 +16,14 @@
|
|||
[
|
||||
(import (builtins.fetchTarball {
|
||||
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
|
||||
sha256 = "03nrh6axxckjsdy8jykqpdsvq7dik0x04pybvwxxy9sd04b8kdh2";
|
||||
sha256 = "156jbn5s9rv7qjy5q6d9yq56zmxv07i5viqs0ryvhazdg1lzw311";
|
||||
})) discordOverlay];
|
||||
};
|
||||
home = {
|
||||
username = "gsimmer";
|
||||
homeDirectory = "/home/gsimmer";
|
||||
};
|
||||
|
||||
|
||||
services.pueue = {
|
||||
enable = true;
|
||||
settings = {
|
||||
|
@ -86,6 +86,7 @@
|
|||
|
||||
eza = {
|
||||
enable = true;
|
||||
enableAliases = true;
|
||||
};
|
||||
|
||||
bat = {
|
||||
|
@ -123,7 +124,6 @@
|
|||
discord
|
||||
mangohud
|
||||
comma
|
||||
looking-glass-client
|
||||
];
|
||||
|
||||
# This value determines the Home Manager release that your
|
||||
|
|
|
@ -8,23 +8,30 @@
|
|||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "nvme" "ahci" "xhci_pci" "usbhid" "usb_storage" "sd_mod" ];
|
||||
boot.initrd.availableKernelModules = [ "nvme" "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-amd" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/736c20e1-f11a-4af7-88f2-bba7b0f09939";
|
||||
fsType = "xfs";
|
||||
{ device = "/dev/disk/by-uuid/cd6f3e34-65ce-4be5-b4d4-6818e70dcff3";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/2A2C-A8CE";
|
||||
boot.initrd.luks.devices."luks-0cd5d85e-e232-4f75-a8b3-087737657fef".device = "/dev/disk/by-uuid/0cd5d85e-e232-4f75-a8b3-087737657fef";
|
||||
|
||||
fileSystems."/boot/efi" =
|
||||
{ device = "/dev/disk/by-uuid/AB23-FA19";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/home/gsimmer/FHG" = {
|
||||
device = "/dev/disk/by-label/FHG";
|
||||
fsType = "ext4";
|
||||
};
|
||||
|
||||
swapDevices =
|
||||
[ { device = "/dev/disk/by-uuid/41c7d0e1-e015-4d78-a0fb-f039a7f648ef"; }
|
||||
[ { device = "/dev/disk/by-uuid/c50f2d93-2f31-4afc-ad26-4730a8f4b7f0"; }
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
|
@ -32,9 +39,9 @@
|
|||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp14s0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.wlp15s0.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp4s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
# high-resolution display
|
||||
# hardware.video.hidpi.enable = lib.mkDefault true;
|
||||
}
|
||||
|
|
37
nix/london/vfio.nix
Normal file
37
nix/london/vfio.nix
Normal file
|
@ -0,0 +1,37 @@
|
|||
let
|
||||
# RTX 3070 Ti
|
||||
gpuIDs = [
|
||||
"10de:1b81" # Graphics
|
||||
"10de:10f0" # Audio
|
||||
];
|
||||
in { pkgs, lib, config, ... }: {
|
||||
options.vfio.enable = with lib;
|
||||
mkEnableOption "Configure the machine for VFIO";
|
||||
|
||||
config = let cfg = config.vfio;
|
||||
in {
|
||||
boot = {
|
||||
initrd.kernelModules = [
|
||||
"vfio_pci"
|
||||
"vfio"
|
||||
"vfio_iommu_type1"
|
||||
|
||||
"nvidia"
|
||||
"nvidia_modeset"
|
||||
"nvidia_uvm"
|
||||
"nvidia_drm"
|
||||
];
|
||||
|
||||
kernelParams = [
|
||||
# enable IOMMU
|
||||
"amd_iommu=on"
|
||||
"pcie_acs_override=downstream,multifunction"
|
||||
] ++ lib.optional cfg.enable
|
||||
# isolate the GPU
|
||||
("vfio-pci.ids=" + lib.concatStringsSep "," gpuIDs);
|
||||
};
|
||||
|
||||
hardware.opengl.enable = true;
|
||||
virtualisation.spiceUSBRedirection.enable = true;
|
||||
};
|
||||
}
|
|
@ -286,12 +286,6 @@
|
|||
port = 9001;
|
||||
extraFlags = [ "--web.enable-remote-write-receiver" ];
|
||||
scrapeConfigs = [
|
||||
{
|
||||
job_name = "proxmox";
|
||||
metrics_path = "/pve";
|
||||
params = { "target" = [ "localhost" ]; };
|
||||
static_configs = [ { targets = [ "proxmox:9221" ]; } ];
|
||||
}
|
||||
{
|
||||
job_name = "personal_hardware";
|
||||
static_configs = [ { targets = [ "london:9100" "vancouver:9100" "localhost:9100" ]; } ];
|
||||
|
|
|
@ -84,8 +84,8 @@
|
|||
environmentFile = config.age.secrets.restic-b2-credentials.path;
|
||||
repository = "s3:s3.us-west-000.backblazeb2.com/gsimmer-backup";
|
||||
paths = [
|
||||
"/tank/gsimmer/projects"
|
||||
"/tank/gsimmer/org"
|
||||
"/tank/gabriel/projects"
|
||||
"/tank/gabriel/org"
|
||||
"/tank/gsimmer/Backup/Pictures"
|
||||
"/tank/gsimmer/Photos"
|
||||
"/tank/shared"
|
||||
|
@ -313,6 +313,23 @@
|
|||
proxyPass = "http://127.0.0.1:8973/";
|
||||
};
|
||||
};
|
||||
virtualHosts."request-media.gmem.ca" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
acmeRoot = null;
|
||||
locations."/" = {
|
||||
extraConfig =
|
||||
''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
client_max_body_size 100M;
|
||||
'';
|
||||
proxyPass = "http://127.0.0.1:5055/";
|
||||
};
|
||||
};
|
||||
virtualHosts."flood.gmem.ca" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
|
@ -327,7 +344,7 @@
|
|||
|
||||
client_max_body_size 100M;
|
||||
'';
|
||||
proxyPass = "http://192.168.50.205:3000/";
|
||||
proxyPass = "http://192.168.122.185:3000/";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -416,7 +433,7 @@
|
|||
daily = 2;
|
||||
monthly = 2;
|
||||
};
|
||||
"Primary/forgejo" = {
|
||||
"Primary/gitea" = {
|
||||
autoprune = true;
|
||||
autosnap = true;
|
||||
daily = 2;
|
||||
|
@ -466,6 +483,7 @@
|
|||
cifs-utils
|
||||
cloudflared
|
||||
bat
|
||||
virtiofsd
|
||||
gnupg
|
||||
pinentry
|
||||
];
|
||||
|
@ -530,6 +548,7 @@
|
|||
setSocketVariable = true;
|
||||
};
|
||||
};
|
||||
libvirtd.enable = true;
|
||||
};
|
||||
|
||||
virtualisation.oci-containers.containers = {
|
||||
|
|
|
@ -18,6 +18,13 @@
|
|||
tailscale
|
||||
];
|
||||
|
||||
services.coder = {
|
||||
enable = true;
|
||||
group = "docker";
|
||||
listenAddress = "0.0.0.0:3000";
|
||||
package = (pkgs.callPackage ./coder.nix {});
|
||||
};
|
||||
|
||||
services.gitea-actions-runner = {
|
||||
package = pkgs.forgejo-actions-runner;
|
||||
instances = {
|
||||
|
@ -28,7 +35,7 @@
|
|||
"debian-latest-arm:docker://node:18-bullseye"
|
||||
];
|
||||
url = "https://git.gmem.ca";
|
||||
token = "dcSqNPRfeAFjAA2NUzZRbO4Q2k1L2WOOCAEAhPR4";
|
||||
token = "rclEuf0ZKhWKe7IhvWZqgJpb1y84iYBJsJi7Wslh";
|
||||
settings = {
|
||||
cache.port = 4328;
|
||||
};
|
||||
|
@ -55,13 +62,9 @@
|
|||
};
|
||||
|
||||
users.users = {
|
||||
root.openssh.authorizedKeys.keys = let
|
||||
authorizedKeys = pkgs.fetchurl {
|
||||
url = "https://gmem.ca/ssh";
|
||||
hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
|
||||
};
|
||||
in pkgs.lib.splitString "\n" (builtins.readFile
|
||||
authorizedKeys);
|
||||
root.openssh.authorizedKeys.keys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr"
|
||||
];
|
||||
};
|
||||
virtualisation = {
|
||||
docker = {
|
||||
|
|
Loading…
Reference in a new issue