arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

Compare commits

base: arch:99ff6f1f96d315afafb290c404b978c58eeac053
Branches Tags
arch:trunk
arch:woodpecker-ci
...
compare: arch:a8372897206d97ef82bed710f9be8c8cf1ea25a2
Branches Tags
arch:trunk
arch:woodpecker-ci

12 commits
99ff6f1f96 ... a837289720

Author SHA1 Message Date
Gabriel Simmer a837289720
Update disko for dnsmasq caches
All checks were successful
Lint / lint (push) Successful in 28s
Details
2024-05-19 01:13:30 +01:00
Gabriel Simmer 6ba16ff7ef
Swap to Lix 2024-05-19 01:13:19 +01:00
Gabriel Simmer ae84da378a
tclip cloudflared entry 2024-05-19 01:12:46 +01:00
Gabriel Simmer cd841d1c90
Overseerr -> Jellyseerr 2024-05-19 01:12:36 +01:00
Gabriel Simmer cea9cc7244
Update immich 2024-05-19 01:12:28 +01:00
Gabriel Simmer d1ed41e39e
metube, searxng deloyments 2024-05-19 01:12:16 +01:00
Gabriel Simmer 1242670600
Increase piped refresh interval, healthchecks request 2024-05-19 01:11:44 +01:00
Gabriel Simmer bb280f58dd
Add secondary postgresql instance to prom scraping 2024-05-19 01:11:17 +01:00
Gabriel Simmer a367b5cb3d
tclip fork updates 2024-05-19 01:10:42 +01:00
Gabriel Simmer b4166d5b50
Attempting to enable WoL on London 2024-05-19 01:10:18 +01:00
Gabriel Simmer 9dcefde423
Paperless oauth 2024-05-19 01:09:56 +01:00
Gabriel Simmer bc220b3b4b
Port all gmem.ca records to octodns 2024-05-19 01:09:41 +01:00
20 changed files with 559 additions and 104 deletions
Show stats Expand all files Collapse all files

146
dns/dns.nix
View file

@ -3,36 +3,25 @@
zones = { zones = {
"gmem.ca" = "gmem.ca" =
{ {
"test" = { "grafana" = {
aaaa = { a.data = ["91.107.206.145"];
ttl = 0; aaaa.data = ["2a01:4f8:c012:5ec6::"];
data = ["100::"];
};
};
"uptime" = {
a = {
data = ["91.107.206.145"];
};
aaaa = {
data = ["2a01:4f8:c012:5ec6::"];
};
}; };
"uptime".cname.data = "grafana.gmem.ca";
"healthchecks".cname.data = "grafana.gmem.ca";
"truenas".a.data = ["192.168.50.229"];
"docs" = { "docs" = {
a = { a.data = ["100.116.48.47"];
data = ["100.116.48.47"]; aaaa.data = ["fd7a:115c:a1e0:ab12:4843:cd96:6274:302f"];
};
aaaa = {
data = ["fd7a:115c:a1e0:ab12:4843:cd96:6274:302f"];
};
}; };
"cluster" = { "cluster" = {
a = { a = {
data = ["100.77.43.133"]; ttl = 3600;
data = ["100.87.208.14"];
}; };
aaaa = { aaaa = {
data = [ ttl = 3600;
"fd7a:115c:a1e0:ab12:4843:cd96:624d:2b85" data = ["fd7a:115c:a1e0::2001:d00e"];
];
}; };
}; };
"newcluster" = { "newcluster" = {
@ -42,25 +31,106 @@
}; };
aaaa = { aaaa = {
ttl = 3600; ttl = 3600;
data = [ "fd7a:115c:a1e0::2001:d00e" ]; data = ["fd7a:115c:a1e0::2001:d00e"];
}; };
}; };
"homelab" = { "homelab".a.data = ["192.168.50.45"];
"_acme-challenge.router".txt.data = ["CJKnxKczldLEAy6zPkST0xeJ5Cy-xdT_ElzqMxhNh5E"];
"osc-triggers" = {
a.data = ["46.23.81.157"];
aaaa.data = ["2a03:6000:1813:1337::157"];
};
"mitu.camera".a.data = ["192.168.50.121"];
"ns1" = {
a = { a = {
data = ["192.168.50.45"]; ttl = 300;
data = ["162.159.1.247"];
};
aaaa = {
ttl = 300;
data = ["2400:cb00:2049:1::a29f:1f7"];
}; };
}; };
"_acme-challenge.router" = { "ns2" = {
txt = { a = {
data = ["CJKnxKczldLEAy6zPkST0xeJ5Cy-xdT_ElzqMxhNh5E"]; ttl = 300;
data = ["162.159.2.232"];
};
aaaa = {
ttl = 300;
data = ["2400:cb00:2049:1::a29f:2e8"];
}; };
}; };
"ns3" = {
a = {
ttl = 300;
data = ["162.159.3.252"];
};
aaaa = {
ttl = 300;
data = ["2400:cb00:2049:1::a29f:3fc"];
};
};
"ns4" = {
a = {
ttl = 300;
data = ["162.159.5.243"];
};
aaaa = {
ttl = 300;
data = ["2400:cb00:2049:1::a29f:5f3"];
};
};
"vancouver" = {
a.data = ["100.116.48.47"];
aaaa.data = ["fd7a:115c:a1e0:ab12:4843:cd96:6274:302f"];
};
"" = {
aaaa.data = ["100::"];
aaaa.ttl = 0;
mx.data = [
{
exchange = "in1-smtp.messagingengine.com";
preference = 10;
}
{
exchange = "in2-smtp.messagingengine.com";
preference = 20;
}
];
txt.data = [
"v=spf1 include:spf.messagingengine.com include:spf.mushu.services.floofy.tech -all"
"google-site-verification=NrdjjQmhVjOj2s_CV8IdLkhAYCZ1tC3zrkIjn_-ny2o"
];
};
"postal-d6u33j._domainkey".txt.data = ["v=DKIM1; t=s; h=sha256; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCoSvi65zRk8yn0IySfXWyNzeQpz8DEg8ZnmR/Kqq+Ga890KoINkQHB0toQu/iURjmLo+2mYKMxkAMWZPEsKaNsBCLBB55NCvq3/jeJdjOKYLplc51KSdxSb3AGokGqwCDhQ8u+MJty/R3QOHbzndddQTnSG0ApDkJNiPdFVnXnewIDAQAB;"];
"_discord".txt.data = ["dh=28112e71a152f2126fb224a14d80d5816ea5916e"];
"_dmarc".txt.data = ["v=DMARC1; p=reject; rua=mailto:f2c1db0a7b6041e593961a3057be4d49@dmarc-reports.cloudflare.net"];
"fm1._domainkey".cname.data = "fm1.gmem.ca.dkim.fmhosted.com";
"fm2._domainkey".cname.data = "fm2.gmem.ca.dkim.fmhosted.com";
"fm3._domainkey".cname.data = "fm3.gmem.ca.dkim.fmhosted.com";
"cdn".cname = {
ttl = 0;
data = "public.r2.dev";
};
"fursona".cname = {
ttl = 0;
data = "well-known-fursona.pages.dev";
};
"bgnet0".cname = {
ttl = 0;
data = "bgnet0.pages.dev";
};
"stream".a.data = ["141.147.109.157"];
} }
// lib.attrsets.genAttrs [
# Internally hosted applications
"netboot"
"changedetect"
] (name: {cname.data = "cluster";})
// lib.attrsets.genAttrs [ // lib.attrsets.genAttrs [
# Internally hosted applications # Internally hosted applications
"atuin" "atuin"
@ -75,7 +145,9 @@
"rss" "rss"
"request-media" "request-media"
"ntfy" "ntfy"
] (name: {cname.data = "newcluster";}) "metube"
"search"
] (name: {cname.data = "cluster.gmem.ca";})
// lib.attrsets.genAttrs [ // lib.attrsets.genAttrs [
# Externally hosted applications with Tunnels # Externally hosted applications with Tunnels
"authentik" "authentik"
@ -87,10 +159,12 @@
"photos" "photos"
"proxmox" "proxmox"
"tokyo" "tokyo"
"ci"
"paste"
] (name: { ] (name: {
cname = { cname = {
ttl = 0; ttl = 0;
data = "a1544154-d851-44ee-8d3a-9fa245867745.cfargotunnel.com."; data = "a1544154-d851-44ee-8d3a-9fa245867745.cfargotunnel.com";
}; };
}); });
}; };

5
dns/nextdns.nix
View file

@ -9,6 +9,7 @@
"pw" "pw"
"tokyo" "tokyo"
"nitter" "nitter"
"paste"
] (name: { ] (name: {
name = name + ".gmem.ca"; name = name + ".gmem.ca";
content = "newcluster.gmem.ca"; content = "newcluster.gmem.ca";
@ -37,7 +38,9 @@
"request-media" "request-media"
"tools" "tools"
"ytproxy" "ytproxy"
"changedetect" "metube"
"search"
"paste"
] (name: { ] (name: {
name = name + ".gmem.ca"; name = name + ".gmem.ca";
content = "homelab.gmem.ca"; content = "homelab.gmem.ca";

168
flake.lock
View file

@ -180,7 +180,7 @@
}, },
"flake-utils_2": { "flake-utils_2": {
"inputs": { "inputs": {
"systems": "systems_3" "systems": "systems_2"
}, },
"locked": { "locked": {
"lastModified": 1710146030, "lastModified": 1710146030,
@ -197,6 +197,24 @@
} }
}, },
"flake-utils_3": { "flake-utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"locked": { "locked": {
"lastModified": 1634851050, "lastModified": 1634851050,
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=", "narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
@ -211,6 +229,21 @@
"type": "github" "type": "github"
} }
}, },
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"home-manager": { "home-manager": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -239,11 +272,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1714515075, "lastModified": 1715930644,
"narHash": "sha256-azMK7aWH0eUc3IqU4Fg5rwZdB9WZBvimOGG3piqvtsY=", "narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "6d3b6dc9222c12b951169becdf4b0592ee9576ef", "rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -260,11 +293,11 @@
"treefmt": "treefmt" "treefmt": "treefmt"
}, },
"locked": { "locked": {
"lastModified": 1711480255, "lastModified": 1715211269,
"narHash": "sha256-CPF0+ZW3biHoWHE88bZt6a7G65X5Bxtgvw7xwLGrDJ4=", "narHash": "sha256-bO1n41QjfdFNoEih0csMe/MUB42DdOuwlT+6LGpUCSc=",
"owner": "hall", "owner": "hall",
"repo": "kubenix", "repo": "kubenix",
"rev": "5692af23e0835e7b21ec4e2f362b5ef9ff96d893", "rev": "060f4757292e1e7172cc9ebcb16f38d89cb707ab",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -275,15 +308,15 @@
}, },
"lib-aggregate": { "lib-aggregate": {
"inputs": { "inputs": {
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_3",
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1714306226, "lastModified": 1715515815,
"narHash": "sha256-CA7bfnDt9TcFc7I8eKHf72DodYUEETDPgmBFXBRP9/E=", "narHash": "sha256-yaLScMHNFCH6SbB0HSA/8DWDgK0PyOhCXoFTdHlWkhk=",
"owner": "nix-community", "owner": "nix-community",
"repo": "lib-aggregate", "repo": "lib-aggregate",
"rev": "49d9b510614b9bd137e067eb31445a8feca83313", "rev": "09883ca828e8cfaacdb09e29190a7b84ad1d9925",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -292,6 +325,48 @@
"type": "github" "type": "github"
} }
}, },
"lix": {
"flake": false,
"locked": {
"lastModified": 1714955862,
"narHash": "sha256-REWlo2RYHfJkxnmZTEJu3Cd/2VM+wjjpPy7Xi4BdDTQ=",
"ref": "refs/tags/2.90-beta.1",
"rev": "b6799ab0374a8e1907a48915d3187e07da41d88c",
"revCount": 15501,
"type": "git",
"url": "https://git@git.lix.systems/lix-project/lix"
},
"original": {
"ref": "refs/tags/2.90-beta.1",
"type": "git",
"url": "https://git@git.lix.systems/lix-project/lix"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils_2",
"flakey-profile": "flakey-profile",
"lix": [
"lix"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1715885250,
"narHash": "sha256-IUFYAl3158Ig5vySnRBHoPReb2/S97bjodCo6FhzJv4=",
"ref": "refs/heads/main",
"rev": "53d713eb486f21d653af3ef3528e9a19ecfc45e5",
"revCount": 81,
"type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module"
},
"original": {
"type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module"
}
},
"nix-eval-jobs": { "nix-eval-jobs": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
@ -300,11 +375,11 @@
"treefmt-nix": "treefmt-nix_2" "treefmt-nix": "treefmt-nix_2"
}, },
"locked": { "locked": {
"lastModified": 1713858845, "lastModified": 1715804156,
"narHash": "sha256-StJq7Zy+/iVBUAKFzhHWlsirFucZ3gNtzXhAYXAsNnw=", "narHash": "sha256-GtIHP86Cz1kD9xZO/cKbNQACHKdoT9WFbLJAq6W2EDY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-eval-jobs", "repo": "nix-eval-jobs",
"rev": "7b6640f2a10701bf0db16aff048070f400e8ea7c", "rev": "bb95091f6c6f38f6cfc215a1797a2dd466312c8b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -374,15 +449,15 @@
"nixpkgs": [ "nixpkgs": [
"nixpkgs" "nixpkgs"
], ],
"systems": "systems_2", "systems": "systems_3",
"treefmt-nix": "treefmt-nix" "treefmt-nix": "treefmt-nix"
}, },
"locked": { "locked": {
"lastModified": 1713393417, "lastModified": 1715321534,
"narHash": "sha256-YriEUgA8u37V859nbSpqeYlL/GiezzeBIyBAAzhxZaI=", "narHash": "sha256-cDTRRrLj08k867/lajKXkCg9HTNWuoYGfgr8wyAVaTY=",
"owner": "Janik-Haag", "owner": "Janik-Haag",
"repo": "nixos-dns", "repo": "nixos-dns",
"rev": "1cf30ea07873b291fc39265d4c6dc63bfdf67ad7", "rev": "c4f734d771038db15700a61a8703d0da5f993b3a",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -414,11 +489,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1714465198, "lastModified": 1716034089,
"narHash": "sha256-ySkEJvS0gPz2UhXm0H3P181T8fUxvDVcoUyGn0Kc5AI=", "narHash": "sha256-QBfab6V4TeQ6Y4NiXVrEATdQuhCNFNaXt/L1K/Zw+zc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "68d680c1b7c0e67a9b2144d6776583ee83664ef4", "rev": "b55712de78725c8fcde422ee0a0fe682046e73c3",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -446,11 +521,11 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1714265296, "lastModified": 1715474941,
"narHash": "sha256-jVnKiCOoFulPT1zDdA4jfG/lnEnngdth5CT6rVDXEJ4=", "narHash": "sha256-CNCqCGOHdxuiVnVkhTpp2WcqSSmSfeQjubhDOcgwGjU=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "ade4fb7bbf04cd52bc1705734d5dc67755d77ec9", "rev": "58e03b95f65dfdca21979a081aa62db0eed6b1d8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -469,11 +544,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1714525911, "lastModified": 1716052422,
"narHash": "sha256-XYARtyCpKeL0IosMSzeHl6YFblV3n4y7plM+K9fg4N4=", "narHash": "sha256-9zObaIzZ3OnW4nMdNzMmrjUrGhqhAZhn1VQnxWUlKts=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs-wayland", "repo": "nixpkgs-wayland",
"rev": "4cbf82124f2c03fa5b1b669771c48f9927264684", "rev": "0c6afa4c3c068730a90ce20762bf0fdfac23e64b",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -532,11 +607,11 @@
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": { "locked": {
"lastModified": 1714314149, "lastModified": 1715996989,
"narHash": "sha256-yNAevSKF4krRWacmLUsLK7D7PlfuY3zF0lYnGYNi9vQ=", "narHash": "sha256-ObD9YSelkwCAylEXJHcNjrn3hLOfIVScB1tPz9zeDN8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "cf8cc1201be8bc71b7cbbbdaf349b22f4f99c7ae", "rev": "63d3e5d82edf5a138e7d0872231cc23ed4e740fd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -548,11 +623,11 @@
}, },
"nixpkgs_6": { "nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1713805509, "lastModified": 1715037484,
"narHash": "sha256-YgSEan4CcrjivCNO5ZNzhg7/8ViLkZ4CB/GrGBVSudo=", "narHash": "sha256-OUt8xQFmBU96Hmm4T9tOWTu4oCswCzoVl+pxSq/kiFc=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "1e1dc66fe68972a76679644a5577828b6a7e8be4", "rev": "ad7efee13e0d216bf29992311536fce1d3eefbef",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -583,6 +658,8 @@
"alertmanager-ntfy": "alertmanager-ntfy", "alertmanager-ntfy": "alertmanager-ntfy",
"home-manager": "home-manager_2", "home-manager": "home-manager_2",
"kubenix": "kubenix", "kubenix": "kubenix",
"lix": "lix",
"lix-module": "lix-module",
"nixinate": "nixinate", "nixinate": "nixinate",
"nixos-dns": "nixos-dns", "nixos-dns": "nixos-dns",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
@ -607,6 +684,21 @@
} }
}, },
"systems_2": { "systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -620,7 +712,7 @@
"type": "indirect" "type": "indirect"
} }
}, },
"systems_3": { "systems_4": {
"locked": { "locked": {
"lastModified": 1681028828, "lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -639,7 +731,7 @@
"inputs": { "inputs": {
"bats-assert": "bats-assert", "bats-assert": "bats-assert",
"bats-support": "bats-support", "bats-support": "bats-support",
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_7", "nixpkgs": "nixpkgs_7",
"terranix-examples": "terranix-examples" "terranix-examples": "terranix-examples"
}, },
@ -701,11 +793,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1711963903, "lastModified": 1714058656,
"narHash": "sha256-N3QDhoaX+paWXHbEXZapqd1r95mdshxToGowtjtYkGI=", "narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "49dc4a92b02b8e68798abd99184f228243b6e3ac", "rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f",
"type": "github" "type": "github"
}, },
"original": { "original": {

48
flake.nix
View file

@ -22,11 +22,21 @@
alertmanager-ntfy.url = "github:alexbakker/alertmanager-ntfy"; alertmanager-ntfy.url = "github:alexbakker/alertmanager-ntfy";
kubenix.url = "github:hall/kubenix"; kubenix.url = "github:hall/kubenix";
nixos-hardware.url = "github:NixOS/nixos-hardware/master"; nixos-hardware.url = "github:NixOS/nixos-hardware/master";
lix = {
url = "git+https://git@git.lix.systems/lix-project/lix?ref=refs/tags/2.90-beta.1";
flake = false;
};
lix-module = {
url = "git+https://git.lix.systems/lix-project/nixos-module";
inputs.lix.follows = "lix";
inputs.nixpkgs.follows = "nixpkgs";
};
}; };
outputs = { outputs = {
self, self,
nixpkgs, nixpkgs,
lix-module,
nixos-generators, nixos-generators,
nixinate, nixinate,
home-manager, home-manager,
@ -37,6 +47,7 @@
kubenix, kubenix,
nixos-dns, nixos-dns,
nixos-hardware, nixos-hardware,
...
} @ inputs: let } @ inputs: let
pkgs = nixpkgs.legacyPackages.x86_64-linux; pkgs = nixpkgs.legacyPackages.x86_64-linux;
tf = terranix.lib.terranixConfiguration { tf = terranix.lib.terranixConfiguration {
@ -84,6 +95,7 @@
terraform-ls terraform-ls
kubernetes-helm kubernetes-helm
nil nil
talosctl
(octodns.withProviders (ps: [ (octodns.withProviders (ps: [
octodns-providers.bind octodns-providers.bind
octodns-cloudflare octodns-cloudflare
@ -125,9 +137,6 @@
inherit dnsConfig; inherit dnsConfig;
config = { config = {
processors = { processors = {
ownership = {
class = "octodns.processor.ownership.OwnershipProcessor";
};
ttl-to-proxy = { ttl-to-proxy = {
class = "octodns_cloudflare.processor.ttl.TtlToProxy"; class = "octodns_cloudflare.processor.ttl.TtlToProxy";
ttl = 0; ttl = 0;
@ -141,12 +150,15 @@
class = "octodns_cloudflare.CloudflareProvider"; class = "octodns_cloudflare.CloudflareProvider";
token = "env/CLOUDFLARE_API_TOKEN"; token = "env/CLOUDFLARE_API_TOKEN";
min_ttl = 0; min_ttl = 0;
update_pcent_threshold = 0.5;
delete_pcent_threshold = 0.5;
auto_ttl_target = 300;
}; };
}; };
}; };
zones = { zones = {
"gmem.ca." = { "gmem.ca." = {
processors = ["ownership" "ttl-to-proxy"]; processors = ["ttl-to-proxy"];
sources = ["config"]; sources = ["config"];
targets = ["cloudflare"]; targets = ["cloudflare"];
}; };
@ -166,23 +178,22 @@
flakeIgnore = ["E501"]; flakeIgnore = ["E501"];
} }
'' ''
import json import json
import requests import requests
import os import os
auth = os.getenv("NEXTDNS_API_KEY") auth = os.getenv("NEXTDNS_API_KEY")
with open('${self.packages.x86_64-linux.nextdns-rewrites}', 'r') as file: with open('${self.packages.x86_64-linux.nextdns-rewrites}', 'r') as file:
rewrites = json.load(file) rewrites = json.load(file)
for profile in rewrites: for profile in rewrites:
for rewrite in rewrites[profile]: for rewrite in rewrites[profile]:
print(json.dumps(rewrite)) req = requests.post(
req = requests.post( f'https://api.nextdns.io/profiles/{profile}/rewrites', data=json.dumps(rewrite),
f'https://api.nextdns.io/profiles/{profile}/rewrites', data=json.dumps(rewrite), headers={'X-Api-Key': auth, 'Content-Type': 'application/json'}
headers={'X-Api-Key': auth, 'Content-Type': 'application/json'} )
) print(f'done {rewrite["name"]} -> {rewrite["content"]}')
print(req.text)
''); '');
}; };
@ -251,6 +262,7 @@
london = nixpkgs.lib.nixosSystem { london = nixpkgs.lib.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
lix-module.nixosModules.default
(import ./nix/london/configuration.nix) (import ./nix/london/configuration.nix)
(import ./modules/cloudflare-warp.nix) (import ./modules/cloudflare-warp.nix)
(import ./modules/vfio.nix) (import ./modules/vfio.nix)

2
homelab/cloudflared.yml
View file

@ -112,4 +112,6 @@ data:
service: http://ibiza.endpoints.svc.cluster.local:8000 service: http://ibiza.endpoints.svc.cluster.local:8000
- hostname: chat.gmem.ca - hostname: chat.gmem.ca
service: tcp://192.168.50.45:443 service: tcp://192.168.50.45:443
- hostname: paste.gmem.ca
service: http://tclip.tclip.svc.cluster.local:8080
- service: http_status:404 - service: http_status:404

8
homelab/homepage.nix
View file

@ -22,14 +22,14 @@
}; };
} }
{ {
Overseerr = { Jellyseerr = {
icon = "overseerr.png"; icon = "jellyseerr.png";
href = "https://request-media.gmem.ca"; href = "https://request-media.gmem.ca";
description = "Request movies and TV shows"; description = "Request movies and TV shows";
widget = { widget = {
type = "overseerr"; type = "jellyseerr";
url = "https://request-media.gmem.ca"; url = "https://request-media.gmem.ca";
key = "{{HOMEPAGE_VAR_OVERSEERR_KEY}}"; key = "{{HOMEPAGE_VAR_JELLYSEERR_KEY}}";
}; };
}; };
} }

2
homelab/immich.nix
View file

@ -14,7 +14,7 @@
}; };
# arbitrary attrset passed as values to the helm release # arbitrary attrset passed as values to the helm release
values = { values = {
image.tag = "v1.102.3"; image.tag = "v1.105.1";
machine-learning.enabled = false; machine-learning.enabled = false;
immich.persistence.library.existingClaim = "immich"; immich.persistence.library.existingClaim = "immich";
redis = { redis = {

2
homelab/kubernetes.nix
View file

@ -26,5 +26,7 @@
(import ./nitter-bot.nix) (import ./nitter-bot.nix)
(import ./miniflux.nix) (import ./miniflux.nix)
# (import ./snikket.nix) # (import ./snikket.nix)
(import ./metube.nix)
(import ./searxng.nix)
]; ];
} }

64
homelab/metube.nix Normal file
View file

@ -0,0 +1,64 @@
let
appName = "metube";
appImage = "ghcr.io/alexta69/metube";
in {
kubernetes.resources.services.metube = {
metadata.namespace = "metube";
spec = {
selector.app = "metube";
ports.http = {
port = 8081;
targetPort = 8081;
};
};
};
kubernetes.resources.deployments.metube = {
metadata.namespace = "metube";
spec = {
selector.matchLabels.app = "metube";
template = {
metadata.labels.app = "metube";
spec = {
containers = {
metube = {
image = appImage;
imagePullPolicy = "Always";
ports.http.containerPort = 8081;
};
};
};
};
};
};
kubernetes.resources.ingresses.metube = {
metadata.namespace = "metube";
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "le-issuer";
};
spec = {
tls = [
{
hosts = ["metube.gmem.ca"];
}
];
rules = [
{
host = "metube.gmem.ca";
http.paths = [
{
path = "/";
pathType = "Prefix";
backend.service = {
name = "metube";
port.number = 8081;
};
}
];
}
];
};
};
}

4
homelab/piped.nix
View file

@ -73,7 +73,7 @@
kubernetes.resources.cronJobs.piped-refresh = { kubernetes.resources.cronJobs.piped-refresh = {
metadata.namespace = "piped"; metadata.namespace = "piped";
spec = { spec = {
schedule = "*/10 * * * *"; schedule = "*/30 * * * *";
jobTemplate.spec.template.spec = { jobTemplate.spec.template.spec = {
restartPolicy = "Never"; restartPolicy = "Never";
containers.refresh-subscriptions = { containers.refresh-subscriptions = {
@ -84,12 +84,14 @@
"-c" "-c"
'' ''
apt update && apt install -y postgresql-client curl apt update && apt install -y postgresql-client curl
curl -o /dev/null "https://healthchecks.gmem.ca/ping/$HEALTHCHECKS_UUID/start"
export PGPASSWORD=$password && export PGPASSWORD=$password &&
export subs=$(psql -U piped -h 192.168.50.236 -qtAX -c 'select id from public.pubsub;') && export subs=$(psql -U piped -h 192.168.50.236 -qtAX -c 'select id from public.pubsub;') &&
while IFS= read -r line; do while IFS= read -r line; do
echo "refreshing $line" echo "refreshing $line"
curl -k -o /dev/null "http://piped-backend:8080/channel/$line" curl -k -o /dev/null "http://piped-backend:8080/channel/$line"
done < <(printf '%s' "$subs") done < <(printf '%s' "$subs")
curl -o /dev/null "https://healthchecks.gmem.ca/ping/$HEALTHCHECKS_UUID"
'' ''
]; ];
}; };

1
homelab/prometheus-agent.yml
View file

@ -21,6 +21,7 @@ prometheus:
static_configs: static_configs:
- targets: - targets:
- 192.168.50.236:9187 - 192.168.50.236:9187
- 192.168.50.62:9187
grafana: grafana:
enabled: false enabled: false
alertmanager: alertmanager:

140
homelab/searxng.nix Normal file
View file

@ -0,0 +1,140 @@
let
appName = "searxng";
appImage = "docker.io/searxng/searxng:latest";
in
{
lib,
config,
kubenix,
...
}: {
kubernetes.resources.services.searxng = {
metadata.namespace = "searxng";
metadata.labels.app = appName;
spec = {
selector.app = appName;
ports.http = {
port = 8080;
targetPort = 8080;
};
};
};
kubernetes.resources.deployments.searxng = {
metadata.namespace = "searxng";
spec = {
selector.matchLabels.app = appName;
template = {
metadata.labels.app = appName;
spec = {
volumes = {
config.configMap.name = "searxng";
};
containers = {
searxng = {
image = appImage;
imagePullPolicy = "Always";
volumeMounts = [
{
name = "config";
mountPath = "/etc/searxng/settings.yml";
subPath = "settings.yml";
}
{
name = "config";
mountPath = "/etc/searxng/limiter.toml";
subPath = "limiter.toml";
}
];
envFrom = [{secretRef.name = "searxng";}];
ports.http.containerPort = 8080;
resources = {
requests = {
cpu = "100m";
memory = "512Mi";
};
limits = {
memory = "1Gi";
};
};
};
};
};
};
};
};
kubernetes.resources.configMaps.searxng = {
metadata.namespace = "searxng";
data."settings.yml" = ''
use_default_settings: true
server:
image_proxy: true
http_protocol_version: "1.1"
method: "GET"
ui:
static_use_hash: true
redis:
url: redis://searxng-redis-master:6379/0
general:
instance_name: search.gmem.ca
hostname_replace:
'(.*\.)?youtube\.com$': 'piped.gmem.ca'
'(.*\.)?youtu\.be$': 'piped.gmem.ca'
'(.*\.)?youtube-noocookie\.com$': 'piped.gmem.ca'
'(www\.)?twitter\.com$': 'nitter.gmem.ca'
'(www\.)?x\.com$': 'nitter.gmem.ca'
'';
data."limiter.toml" = ''
# This configuration file updates the default configuration file
# See https://github.com/searxng/searxng/blob/master/searx/botdetection/limiter.toml
[botdetection.ip_limit]
# activate link_token method in the ip_limit method
link_token = true
'';
};
kubernetes.helm.releases.searxng-redis = {
namespace = "searxng";
chart = kubenix.lib.helm.fetch {
repo = "https://charts.bitnami.com/bitnami";
chart = "redis";
version = "18.6.1";
sha256 = "CyvGHc1v1BtbzDx6hbbPah2uWpUhlNIUQowephT6hmM=";
};
values = {
auth.enabled = false;
architecture = "standalone";
};
};
kubernetes.resources.ingresses.searxng = {
metadata = {
name = appName;
namespace = "searxng";
annotations = {
"cert-manager.io/cluster-issuer" = "le-issuer";
};
};
spec = {
tls = [
{
hosts = ["search.gmem.ca"];
}
];
rules = [
{
host = "search.gmem.ca";
http.paths = [
{
path = "/";
pathType = "Prefix";
backend.service = {
name = appName;
port.name = "http";
};
}
];
}
];
};
};
}

50
homelab/tclip.nix
View file

@ -23,7 +23,16 @@ in {
name = "USE_FUNNEL"; name = "USE_FUNNEL";
value = "true"; value = "true";
} }
{
name = "HTTP_PORT";
value = "8080";
}
{
name = "ENABLE_METRICS";
value = "true";
}
]; ];
ports.http.containerPort = 8080;
envFrom = [{secretRef.name = "tclip";}]; envFrom = [{secretRef.name = "tclip";}];
volumeMounts = [ volumeMounts = [
{ {
@ -47,4 +56,45 @@ in {
]; ];
}; };
}; };
kubernetes.resources.services.tclip = {
metadata.namespace = "tclip";
spec = {
selector.app = appName;
ports.http = {
port = 8080;
targetPort = 8080;
};
};
};
kubernetes.resources.ingresses.tclip = {
metadata = {
name = appName;
namespace = "tclip";
annotations = {
"cert-manager.io/cluster-issuer" = "le-issuer";
};
};
spec = {
tls = [
{
hosts = ["paste.gmem.ca"];
}
];
rules = [
{
host = "paste.gmem.ca";
http.paths = [
{
path = "/";
pathType = "Prefix";
backend.service = {
name = appName;
port.name = "http";
};
}
];
}
];
};
};
} }

2
nix/dnsmasq-floof/hardware-configuration.nix
View file

@ -12,7 +12,7 @@
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
''${builtins.fetchTarball { ''${builtins.fetchTarball {
url = "https://github.com/nix-community/disko/archive/master.tar.gz"; url = "https://github.com/nix-community/disko/archive/master.tar.gz";
sha256 = "1dk4xi79lvm8hv1raf2snm3j8y4q23csm6d3siljg4cpf2y4wyl7"; sha256 = "1wg3nnh8lrc8q8q4qyk9yynsa24qqj9126h3cy0ijq93mz46i1k7";
}}/module.nix'' }}/module.nix''
./disk-config.nix ./disk-config.nix
]; ];

2
nix/dnsmasq/hardware-configuration.nix
View file

@ -12,7 +12,7 @@
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
''${builtins.fetchTarball { ''${builtins.fetchTarball {
url = "https://github.com/nix-community/disko/archive/master.tar.gz"; url = "https://github.com/nix-community/disko/archive/master.tar.gz";
sha256 = "1dk4xi79lvm8hv1raf2snm3j8y4q23csm6d3siljg4cpf2y4wyl7"; sha256 = "1wg3nnh8lrc8q8q4qyk9yynsa24qqj9126h3cy0ijq93mz46i1k7";
}}/module.nix'' }}/module.nix''
./disk-config.nix ./disk-config.nix
]; ];

4
nix/london/configuration.nix
View file

@ -28,7 +28,7 @@
theme = "breeze"; theme = "breeze";
}; };
}; };
powerManagement.enable = true;
time.hardwareClockInLocalTime = true; time.hardwareClockInLocalTime = true;
hardware = { hardware = {
cpu.amd.updateMicrocode = true; cpu.amd.updateMicrocode = true;
@ -53,7 +53,9 @@
hostName = "LONDON"; hostName = "LONDON";
networkmanager.enable = true; networkmanager.enable = true;
interfaces.enp14s0.useDHCP = true; interfaces.enp14s0.useDHCP = true;
interfaces.enp14s0.wakeOnLan.enable = true;
interfaces.br0.useDHCP = true; interfaces.br0.useDHCP = true;
interfaces.br0.wakeOnLan.enable = true;
bridges = { bridges = {
"br0" = { "br0" = {
interfaces = ["enp14s0"]; interfaces = ["enp14s0"];

2
nix/london/gsimmer.nix
View file

@ -22,7 +22,7 @@
in [ in [
(import (builtins.fetchTarball { (import (builtins.fetchTarball {
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz"; url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
sha256 = "0yy91pryh8pbq2sz07nzjb11s5ghrn9773v0vsh475an4g4p9933"; sha256 = "09rsdkn16al5qsyrl5fjrljw7ff0z5yb9ihskbipcdiffcn11kax";
})) }))
discordOverlay discordOverlay
]; ];

5
nix/monitoring/configuration.nix
View file

@ -414,6 +414,11 @@
scrape_interval = "10s"; scrape_interval = "10s";
static_configs = [{targets = ["100.87.208.14:8404"];}]; static_configs = [{targets = ["100.87.208.14:8404"];}];
} }
{
job_name = "tclip";
scrape_interval = "15s";
static_configs = [{targets = ["paste"];}];
}
]; ];
exporters.node = { exporters.node = {
enable = true; enable = true;

6
nix/nas/configuration.nix
View file

@ -31,6 +31,10 @@
file = ../../secrets/cloudflare-dns.age; file = ../../secrets/cloudflare-dns.age;
owner = "acme"; owner = "acme";
}; };
age.secrets.paperless-oauth = {
file = ../../secrets/paperless-oauth.age;
owner = "paperless";
};
nix = { nix = {
settings = { settings = {
auto-optimise-store = true; auto-optimise-store = true;
@ -47,7 +51,7 @@
kernelModules = ["coretemp" "kvm-amd" "it87"]; kernelModules = ["coretemp" "kvm-amd" "it87"];
zfs.extraPools = ["tank"]; zfs.extraPools = ["tank"];
}; };
systemd.services.paperless-web.serviceConfig.EnvironmentFile = config.age.secrets.paperless-oauth.path;
services = { services = {
paperless = { paperless = {
enable = true; enable = true;

2
secrets.nix
View file

@ -30,5 +30,7 @@ in {
"secrets/monitoring-grafana-client-secret.age".publicKeys = [monitoring gsimmer]; "secrets/monitoring-grafana-client-secret.age".publicKeys = [monitoring gsimmer];
"secrets/k3s-token.age".publicKeys = k3s ++ users; "secrets/k3s-token.age".publicKeys = k3s ++ users;
"secrets/paperless-oauth.age".publicKeys = [vancouver] ++ users;
"secrets/dnsmasq-nextdns-profile.age".publicKeys = dnsmasq ++ users; "secrets/dnsmasq-nextdns-profile.age".publicKeys = dnsmasq ++ users;
} }