arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

Compare commits

base: arch:99ff6f1f96d315afafb290c404b978c58eeac053
Branches Tags
arch:trunk
arch:woodpecker-ci
...
compare: arch:a8372897206d97ef82bed710f9be8c8cf1ea25a2
Branches Tags
arch:trunk
arch:woodpecker-ci

12 commits
99ff6f1f96 ... a837289720

Author SHA1 Message Date
Gabriel Simmer a837289720
Update disko for dnsmasq caches
All checks were successful
Lint / lint (push) Successful in 28s
Details
2024-05-19 01:13:30 +01:00
Gabriel Simmer 6ba16ff7ef
Swap to Lix 2024-05-19 01:13:19 +01:00
Gabriel Simmer ae84da378a
tclip cloudflared entry 2024-05-19 01:12:46 +01:00
Gabriel Simmer cd841d1c90
Overseerr -> Jellyseerr 2024-05-19 01:12:36 +01:00
Gabriel Simmer cea9cc7244
Update immich 2024-05-19 01:12:28 +01:00
Gabriel Simmer d1ed41e39e
metube, searxng deloyments 2024-05-19 01:12:16 +01:00
Gabriel Simmer 1242670600
Increase piped refresh interval, healthchecks request 2024-05-19 01:11:44 +01:00
Gabriel Simmer bb280f58dd
Add secondary postgresql instance to prom scraping 2024-05-19 01:11:17 +01:00
Gabriel Simmer a367b5cb3d
tclip fork updates 2024-05-19 01:10:42 +01:00
Gabriel Simmer b4166d5b50
Attempting to enable WoL on London 2024-05-19 01:10:18 +01:00
Gabriel Simmer 9dcefde423
Paperless oauth 2024-05-19 01:09:56 +01:00
Gabriel Simmer bc220b3b4b
Port all gmem.ca records to octodns 2024-05-19 01:09:41 +01:00
20 changed files with 559 additions and 104 deletions
Show stats Expand all files Collapse all files

146
dns/dns.nix
View file

@ -3,36 +3,25 @@
zones = {
"gmem.ca" =
{
"test" = {
aaaa = {
ttl = 0;
data = ["100::"];
};
};
"uptime" = {
a = {
data = ["91.107.206.145"];
};
aaaa = {
data = ["2a01:4f8:c012:5ec6::"];
};
"grafana" = {
a.data = ["91.107.206.145"];
aaaa.data = ["2a01:4f8:c012:5ec6::"];
};
"uptime".cname.data = "grafana.gmem.ca";
"healthchecks".cname.data = "grafana.gmem.ca";
"truenas".a.data = ["192.168.50.229"];
"docs" = {
a = {
data = ["100.116.48.47"];
};
aaaa = {
data = ["fd7a:115c:a1e0:ab12:4843:cd96:6274:302f"];
};
a.data = ["100.116.48.47"];
aaaa.data = ["fd7a:115c:a1e0:ab12:4843:cd96:6274:302f"];
};
"cluster" = {
a = {
data = ["100.77.43.133"];
ttl = 3600;
data = ["100.87.208.14"];
};
aaaa = {
data = [
"fd7a:115c:a1e0:ab12:4843:cd96:624d:2b85"
];
ttl = 3600;
data = ["fd7a:115c:a1e0::2001:d00e"];
};
};
"newcluster" = {
@ -42,25 +31,106 @@
};
aaaa = {
ttl = 3600;
data = [ "fd7a:115c:a1e0::2001:d00e" ];
data = ["fd7a:115c:a1e0::2001:d00e"];
};
};
"homelab" = {
"homelab".a.data = ["192.168.50.45"];
"_acme-challenge.router".txt.data = ["CJKnxKczldLEAy6zPkST0xeJ5Cy-xdT_ElzqMxhNh5E"];
"osc-triggers" = {
a.data = ["46.23.81.157"];
aaaa.data = ["2a03:6000:1813:1337::157"];
};
"mitu.camera".a.data = ["192.168.50.121"];
"ns1" = {
a = {
data = ["192.168.50.45"];
ttl = 300;
data = ["162.159.1.247"];
};
aaaa = {
ttl = 300;
data = ["2400:cb00:2049:1::a29f:1f7"];
};
};
"_acme-challenge.router" = {
txt = {
data = ["CJKnxKczldLEAy6zPkST0xeJ5Cy-xdT_ElzqMxhNh5E"];
"ns2" = {
a = {
ttl = 300;
data = ["162.159.2.232"];
};
aaaa = {
ttl = 300;
data = ["2400:cb00:2049:1::a29f:2e8"];
};
};
"ns3" = {
a = {
ttl = 300;
data = ["162.159.3.252"];
};
aaaa = {
ttl = 300;
data = ["2400:cb00:2049:1::a29f:3fc"];
};
};
"ns4" = {
a = {
ttl = 300;
data = ["162.159.5.243"];
};
aaaa = {
ttl = 300;
data = ["2400:cb00:2049:1::a29f:5f3"];
};
};
"vancouver" = {
a.data = ["100.116.48.47"];
aaaa.data = ["fd7a:115c:a1e0:ab12:4843:cd96:6274:302f"];
};
"" = {
aaaa.data = ["100::"];
aaaa.ttl = 0;
mx.data = [
{
exchange = "in1-smtp.messagingengine.com";
preference = 10;
}
{
exchange = "in2-smtp.messagingengine.com";
preference = 20;
}
];
txt.data = [
"v=spf1 include:spf.messagingengine.com include:spf.mushu.services.floofy.tech -all"
"google-site-verification=NrdjjQmhVjOj2s_CV8IdLkhAYCZ1tC3zrkIjn_-ny2o"
];
};
"postal-d6u33j._domainkey".txt.data = ["v=DKIM1; t=s; h=sha256; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCoSvi65zRk8yn0IySfXWyNzeQpz8DEg8ZnmR/Kqq+Ga890KoINkQHB0toQu/iURjmLo+2mYKMxkAMWZPEsKaNsBCLBB55NCvq3/jeJdjOKYLplc51KSdxSb3AGokGqwCDhQ8u+MJty/R3QOHbzndddQTnSG0ApDkJNiPdFVnXnewIDAQAB;"];
"_discord".txt.data = ["dh=28112e71a152f2126fb224a14d80d5816ea5916e"];
"_dmarc".txt.data = ["v=DMARC1; p=reject; rua=mailto:f2c1db0a7b6041e593961a3057be4d49@dmarc-reports.cloudflare.net"];
"fm1._domainkey".cname.data = "fm1.gmem.ca.dkim.fmhosted.com";
"fm2._domainkey".cname.data = "fm2.gmem.ca.dkim.fmhosted.com";
"fm3._domainkey".cname.data = "fm3.gmem.ca.dkim.fmhosted.com";
"cdn".cname = {
ttl = 0;
data = "public.r2.dev";
};
"fursona".cname = {
ttl = 0;
data = "well-known-fursona.pages.dev";
};
"bgnet0".cname = {
ttl = 0;
data = "bgnet0.pages.dev";
};
"stream".a.data = ["141.147.109.157"];
}
// lib.attrsets.genAttrs [
# Internally hosted applications
"netboot"
"changedetect"
] (name: {cname.data = "cluster";})
// lib.attrsets.genAttrs [
# Internally hosted applications
"atuin"
@ -75,7 +145,9 @@
"rss"
"request-media"
"ntfy"
] (name: {cname.data = "newcluster";})
"metube"
"search"
] (name: {cname.data = "cluster.gmem.ca";})
// lib.attrsets.genAttrs [
# Externally hosted applications with Tunnels
"authentik"
@ -87,10 +159,12 @@
"photos"
"proxmox"
"tokyo"
"ci"
"paste"
] (name: {
cname = {
ttl = 0;
data = "a1544154-d851-44ee-8d3a-9fa245867745.cfargotunnel.com.";
data = "a1544154-d851-44ee-8d3a-9fa245867745.cfargotunnel.com";
};
});
};

5
dns/nextdns.nix
View file

@ -9,6 +9,7 @@
"pw"
"tokyo"
"nitter"
"paste"
] (name: {
name = name + ".gmem.ca";
content = "newcluster.gmem.ca";
@ -37,7 +38,9 @@
"request-media"
"tools"
"ytproxy"
"changedetect"
"metube"
"search"
"paste"
] (name: {
name = name + ".gmem.ca";
content = "homelab.gmem.ca";

168
flake.lock
View file

@ -180,7 +180,7 @@
},
"flake-utils_2": {
"inputs": {
"systems": "systems_3"
"systems": "systems_2"
},
"locked": {
"lastModified": 1710146030,
@ -197,6 +197,24 @@
}
},
"flake-utils_3": {
"inputs": {
"systems": "systems_4"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_4": {
"locked": {
"lastModified": 1634851050,
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
@ -211,6 +229,21 @@
"type": "github"
}
},
"flakey-profile": {
"locked": {
"lastModified": 1712898590,
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
"owner": "lf-",
"repo": "flakey-profile",
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
"type": "github"
},
"original": {
"owner": "lf-",
"repo": "flakey-profile",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -239,11 +272,11 @@
]
},
"locked": {
"lastModified": 1714515075,
"narHash": "sha256-azMK7aWH0eUc3IqU4Fg5rwZdB9WZBvimOGG3piqvtsY=",
"lastModified": 1715930644,
"narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "6d3b6dc9222c12b951169becdf4b0592ee9576ef",
"rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
"type": "github"
},
"original": {
@ -260,11 +293,11 @@
"treefmt": "treefmt"
},
"locked": {
"lastModified": 1711480255,
"narHash": "sha256-CPF0+ZW3biHoWHE88bZt6a7G65X5Bxtgvw7xwLGrDJ4=",
"lastModified": 1715211269,
"narHash": "sha256-bO1n41QjfdFNoEih0csMe/MUB42DdOuwlT+6LGpUCSc=",
"owner": "hall",
"repo": "kubenix",
"rev": "5692af23e0835e7b21ec4e2f362b5ef9ff96d893",
"rev": "060f4757292e1e7172cc9ebcb16f38d89cb707ab",
"type": "github"
},
"original": {
@ -275,15 +308,15 @@
},
"lib-aggregate": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils_3",
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1714306226,
"narHash": "sha256-CA7bfnDt9TcFc7I8eKHf72DodYUEETDPgmBFXBRP9/E=",
"lastModified": 1715515815,
"narHash": "sha256-yaLScMHNFCH6SbB0HSA/8DWDgK0PyOhCXoFTdHlWkhk=",
"owner": "nix-community",
"repo": "lib-aggregate",
"rev": "49d9b510614b9bd137e067eb31445a8feca83313",
"rev": "09883ca828e8cfaacdb09e29190a7b84ad1d9925",
"type": "github"
},
"original": {
@ -292,6 +325,48 @@
"type": "github"
}
},
"lix": {
"flake": false,
"locked": {
"lastModified": 1714955862,
"narHash": "sha256-REWlo2RYHfJkxnmZTEJu3Cd/2VM+wjjpPy7Xi4BdDTQ=",
"ref": "refs/tags/2.90-beta.1",
"rev": "b6799ab0374a8e1907a48915d3187e07da41d88c",
"revCount": 15501,
"type": "git",
"url": "https://git@git.lix.systems/lix-project/lix"
},
"original": {
"ref": "refs/tags/2.90-beta.1",
"type": "git",
"url": "https://git@git.lix.systems/lix-project/lix"
}
},
"lix-module": {
"inputs": {
"flake-utils": "flake-utils_2",
"flakey-profile": "flakey-profile",
"lix": [
"lix"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1715885250,
"narHash": "sha256-IUFYAl3158Ig5vySnRBHoPReb2/S97bjodCo6FhzJv4=",
"ref": "refs/heads/main",
"rev": "53d713eb486f21d653af3ef3528e9a19ecfc45e5",
"revCount": 81,
"type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module"
},
"original": {
"type": "git",
"url": "https://git.lix.systems/lix-project/nixos-module"
}
},
"nix-eval-jobs": {
"inputs": {
"flake-parts": "flake-parts",
@ -300,11 +375,11 @@
"treefmt-nix": "treefmt-nix_2"
},
"locked": {
"lastModified": 1713858845,
"narHash": "sha256-StJq7Zy+/iVBUAKFzhHWlsirFucZ3gNtzXhAYXAsNnw=",
"lastModified": 1715804156,
"narHash": "sha256-GtIHP86Cz1kD9xZO/cKbNQACHKdoT9WFbLJAq6W2EDY=",
"owner": "nix-community",
"repo": "nix-eval-jobs",
"rev": "7b6640f2a10701bf0db16aff048070f400e8ea7c",
"rev": "bb95091f6c6f38f6cfc215a1797a2dd466312c8b",
"type": "github"
},
"original": {
@ -374,15 +449,15 @@
"nixpkgs": [
"nixpkgs"
],
"systems": "systems_2",
"systems": "systems_3",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1713393417,
"narHash": "sha256-YriEUgA8u37V859nbSpqeYlL/GiezzeBIyBAAzhxZaI=",
"lastModified": 1715321534,
"narHash": "sha256-cDTRRrLj08k867/lajKXkCg9HTNWuoYGfgr8wyAVaTY=",
"owner": "Janik-Haag",
"repo": "nixos-dns",
"rev": "1cf30ea07873b291fc39265d4c6dc63bfdf67ad7",
"rev": "c4f734d771038db15700a61a8703d0da5f993b3a",
"type": "github"
},
"original": {
@ -414,11 +489,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1714465198,
"narHash": "sha256-ySkEJvS0gPz2UhXm0H3P181T8fUxvDVcoUyGn0Kc5AI=",
"lastModified": 1716034089,
"narHash": "sha256-QBfab6V4TeQ6Y4NiXVrEATdQuhCNFNaXt/L1K/Zw+zc=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "68d680c1b7c0e67a9b2144d6776583ee83664ef4",
"rev": "b55712de78725c8fcde422ee0a0fe682046e73c3",
"type": "github"
},
"original": {
@ -446,11 +521,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1714265296,
"narHash": "sha256-jVnKiCOoFulPT1zDdA4jfG/lnEnngdth5CT6rVDXEJ4=",
"lastModified": 1715474941,
"narHash": "sha256-CNCqCGOHdxuiVnVkhTpp2WcqSSmSfeQjubhDOcgwGjU=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "ade4fb7bbf04cd52bc1705734d5dc67755d77ec9",
"rev": "58e03b95f65dfdca21979a081aa62db0eed6b1d8",
"type": "github"
},
"original": {
@ -469,11 +544,11 @@
]
},
"locked": {
"lastModified": 1714525911,
"narHash": "sha256-XYARtyCpKeL0IosMSzeHl6YFblV3n4y7plM+K9fg4N4=",
"lastModified": 1716052422,
"narHash": "sha256-9zObaIzZ3OnW4nMdNzMmrjUrGhqhAZhn1VQnxWUlKts=",
"owner": "nix-community",
"repo": "nixpkgs-wayland",
"rev": "4cbf82124f2c03fa5b1b669771c48f9927264684",
"rev": "0c6afa4c3c068730a90ce20762bf0fdfac23e64b",
"type": "github"
},
"original": {
@ -532,11 +607,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1714314149,
"narHash": "sha256-yNAevSKF4krRWacmLUsLK7D7PlfuY3zF0lYnGYNi9vQ=",
"lastModified": 1715996989,
"narHash": "sha256-ObD9YSelkwCAylEXJHcNjrn3hLOfIVScB1tPz9zeDN8=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "cf8cc1201be8bc71b7cbbbdaf349b22f4f99c7ae",
"rev": "63d3e5d82edf5a138e7d0872231cc23ed4e740fd",
"type": "github"
},
"original": {
@ -548,11 +623,11 @@
},
"nixpkgs_6": {
"locked": {
"lastModified": 1713805509,
"narHash": "sha256-YgSEan4CcrjivCNO5ZNzhg7/8ViLkZ4CB/GrGBVSudo=",
"lastModified": 1715037484,
"narHash": "sha256-OUt8xQFmBU96Hmm4T9tOWTu4oCswCzoVl+pxSq/kiFc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "1e1dc66fe68972a76679644a5577828b6a7e8be4",
"rev": "ad7efee13e0d216bf29992311536fce1d3eefbef",
"type": "github"
},
"original": {
@ -583,6 +658,8 @@
"alertmanager-ntfy": "alertmanager-ntfy",
"home-manager": "home-manager_2",
"kubenix": "kubenix",
"lix": "lix",
"lix-module": "lix-module",
"nixinate": "nixinate",
"nixos-dns": "nixos-dns",
"nixos-generators": "nixos-generators",
@ -607,6 +684,21 @@
}
},
"systems_2": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"systems_3": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -620,7 +712,7 @@
"type": "indirect"
}
},
"systems_3": {
"systems_4": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
@ -639,7 +731,7 @@
"inputs": {
"bats-assert": "bats-assert",
"bats-support": "bats-support",
"flake-utils": "flake-utils_3",
"flake-utils": "flake-utils_4",
"nixpkgs": "nixpkgs_7",
"terranix-examples": "terranix-examples"
},
@ -701,11 +793,11 @@
]
},
"locked": {
"lastModified": 1711963903,
"narHash": "sha256-N3QDhoaX+paWXHbEXZapqd1r95mdshxToGowtjtYkGI=",
"lastModified": 1714058656,
"narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "49dc4a92b02b8e68798abd99184f228243b6e3ac",
"rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f",
"type": "github"
},
"original": {

24
flake.nix
View file

@ -22,11 +22,21 @@
alertmanager-ntfy.url = "github:alexbakker/alertmanager-ntfy";
kubenix.url = "github:hall/kubenix";
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
lix = {
url = "git+https://git@git.lix.systems/lix-project/lix?ref=refs/tags/2.90-beta.1";
flake = false;
};
lix-module = {
url = "git+https://git.lix.systems/lix-project/nixos-module";
inputs.lix.follows = "lix";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
self,
nixpkgs,
lix-module,
nixos-generators,
nixinate,
home-manager,
@ -37,6 +47,7 @@
kubenix,
nixos-dns,
nixos-hardware,
...
} @ inputs: let
pkgs = nixpkgs.legacyPackages.x86_64-linux;
tf = terranix.lib.terranixConfiguration {
@ -84,6 +95,7 @@
terraform-ls
kubernetes-helm
nil
talosctl
(octodns.withProviders (ps: [
octodns-providers.bind
octodns-cloudflare
@ -125,9 +137,6 @@
inherit dnsConfig;
config = {
processors = {
ownership = {
class = "octodns.processor.ownership.OwnershipProcessor";
};
ttl-to-proxy = {
class = "octodns_cloudflare.processor.ttl.TtlToProxy";
ttl = 0;
@ -141,12 +150,15 @@
class = "octodns_cloudflare.CloudflareProvider";
token = "env/CLOUDFLARE_API_TOKEN";
min_ttl = 0;
update_pcent_threshold = 0.5;
delete_pcent_threshold = 0.5;
auto_ttl_target = 300;
};
};
};
zones = {
"gmem.ca." = {
processors = ["ownership" "ttl-to-proxy"];
processors = ["ttl-to-proxy"];
sources = ["config"];
targets = ["cloudflare"];
};
@ -177,12 +189,11 @@
for profile in rewrites:
for rewrite in rewrites[profile]:
print(json.dumps(rewrite))
req = requests.post(
f'https://api.nextdns.io/profiles/{profile}/rewrites', data=json.dumps(rewrite),
headers={'X-Api-Key': auth, 'Content-Type': 'application/json'}
)
print(req.text)
print(f'done {rewrite["name"]} -> {rewrite["content"]}')
'');
};
@ -251,6 +262,7 @@
london = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
lix-module.nixosModules.default
(import ./nix/london/configuration.nix)
(import ./modules/cloudflare-warp.nix)
(import ./modules/vfio.nix)

2
homelab/cloudflared.yml
View file

@ -112,4 +112,6 @@ data:
service: http://ibiza.endpoints.svc.cluster.local:8000
- hostname: chat.gmem.ca
service: tcp://192.168.50.45:443
- hostname: paste.gmem.ca
service: http://tclip.tclip.svc.cluster.local:8080
- service: http_status:404

8
homelab/homepage.nix
View file

@ -22,14 +22,14 @@
};
}
{
Overseerr = {
icon = "overseerr.png";
Jellyseerr = {
icon = "jellyseerr.png";
href = "https://request-media.gmem.ca";
description = "Request movies and TV shows";
widget = {
type = "overseerr";
type = "jellyseerr";
url = "https://request-media.gmem.ca";
key = "{{HOMEPAGE_VAR_OVERSEERR_KEY}}";
key = "{{HOMEPAGE_VAR_JELLYSEERR_KEY}}";
};
};
}

2
homelab/immich.nix
View file

@ -14,7 +14,7 @@
};
# arbitrary attrset passed as values to the helm release
values = {
image.tag = "v1.102.3";
image.tag = "v1.105.1";
machine-learning.enabled = false;
immich.persistence.library.existingClaim = "immich";
redis = {

2
homelab/kubernetes.nix
View file

@ -26,5 +26,7 @@
(import ./nitter-bot.nix)
(import ./miniflux.nix)
# (import ./snikket.nix)
(import ./metube.nix)
(import ./searxng.nix)
];
}

64
homelab/metube.nix Normal file
View file

@ -0,0 +1,64 @@
let
appName = "metube";
appImage = "ghcr.io/alexta69/metube";
in {
kubernetes.resources.services.metube = {
metadata.namespace = "metube";
spec = {
selector.app = "metube";
ports.http = {
port = 8081;
targetPort = 8081;
};
};
};
kubernetes.resources.deployments.metube = {
metadata.namespace = "metube";
spec = {
selector.matchLabels.app = "metube";
template = {
metadata.labels.app = "metube";
spec = {
containers = {
metube = {
image = appImage;
imagePullPolicy = "Always";
ports.http.containerPort = 8081;
};
};
};
};
};
};
kubernetes.resources.ingresses.metube = {
metadata.namespace = "metube";
metadata.annotations = {
"cert-manager.io/cluster-issuer" = "le-issuer";
};
spec = {
tls = [
{
hosts = ["metube.gmem.ca"];
}
];
rules = [
{
host = "metube.gmem.ca";
http.paths = [
{
path = "/";
pathType = "Prefix";
backend.service = {
name = "metube";
port.number = 8081;
};
}
];
}
];
};
};
}

4
homelab/piped.nix
View file

@ -73,7 +73,7 @@
kubernetes.resources.cronJobs.piped-refresh = {
metadata.namespace = "piped";
spec = {
schedule = "*/10 * * * *";
schedule = "*/30 * * * *";
jobTemplate.spec.template.spec = {
restartPolicy = "Never";
containers.refresh-subscriptions = {
@ -84,12 +84,14 @@
"-c"
''
apt update && apt install -y postgresql-client curl
curl -o /dev/null "https://healthchecks.gmem.ca/ping/$HEALTHCHECKS_UUID/start"
export PGPASSWORD=$password &&
export subs=$(psql -U piped -h 192.168.50.236 -qtAX -c 'select id from public.pubsub;') &&
while IFS= read -r line; do
echo "refreshing $line"
curl -k -o /dev/null "http://piped-backend:8080/channel/$line"
done < <(printf '%s' "$subs")
curl -o /dev/null "https://healthchecks.gmem.ca/ping/$HEALTHCHECKS_UUID"
''
];
};

1
homelab/prometheus-agent.yml
View file

@ -21,6 +21,7 @@ prometheus:
static_configs:
- targets:
- 192.168.50.236:9187
- 192.168.50.62:9187
grafana:
enabled: false
alertmanager:

140
homelab/searxng.nix Normal file
View file

@ -0,0 +1,140 @@
let
appName = "searxng";
appImage = "docker.io/searxng/searxng:latest";
in
{
lib,
config,
kubenix,
...
}: {
kubernetes.resources.services.searxng = {
metadata.namespace = "searxng";
metadata.labels.app = appName;
spec = {
selector.app = appName;
ports.http = {
port = 8080;
targetPort = 8080;
};
};
};
kubernetes.resources.deployments.searxng = {
metadata.namespace = "searxng";
spec = {
selector.matchLabels.app = appName;
template = {
metadata.labels.app = appName;
spec = {
volumes = {
config.configMap.name = "searxng";
};
containers = {
searxng = {
image = appImage;
imagePullPolicy = "Always";
volumeMounts = [
{
name = "config";
mountPath = "/etc/searxng/settings.yml";
subPath = "settings.yml";
}
{
name = "config";
mountPath = "/etc/searxng/limiter.toml";
subPath = "limiter.toml";
}
];
envFrom = [{secretRef.name = "searxng";}];
ports.http.containerPort = 8080;
resources = {
requests = {
cpu = "100m";
memory = "512Mi";
};
limits = {
memory = "1Gi";
};
};
};
};
};
};
};
};
kubernetes.resources.configMaps.searxng = {
metadata.namespace = "searxng";
data."settings.yml" = ''
use_default_settings: true
server:
image_proxy: true
http_protocol_version: "1.1"
method: "GET"
ui:
static_use_hash: true
redis:
url: redis://searxng-redis-master:6379/0
general:
instance_name: search.gmem.ca
hostname_replace:
'(.*\.)?youtube\.com$': 'piped.gmem.ca'
'(.*\.)?youtu\.be$': 'piped.gmem.ca'
'(.*\.)?youtube-noocookie\.com$': 'piped.gmem.ca'
'(www\.)?twitter\.com$': 'nitter.gmem.ca'
'(www\.)?x\.com$': 'nitter.gmem.ca'
'';
data."limiter.toml" = ''
# This configuration file updates the default configuration file
# See https://github.com/searxng/searxng/blob/master/searx/botdetection/limiter.toml
[botdetection.ip_limit]
# activate link_token method in the ip_limit method
link_token = true
'';
};
kubernetes.helm.releases.searxng-redis = {
namespace = "searxng";
chart = kubenix.lib.helm.fetch {
repo = "https://charts.bitnami.com/bitnami";
chart = "redis";
version = "18.6.1";
sha256 = "CyvGHc1v1BtbzDx6hbbPah2uWpUhlNIUQowephT6hmM=";
};
values = {
auth.enabled = false;
architecture = "standalone";
};
};
kubernetes.resources.ingresses.searxng = {
metadata = {
name = appName;
namespace = "searxng";
annotations = {
"cert-manager.io/cluster-issuer" = "le-issuer";
};
};
spec = {
tls = [
{
hosts = ["search.gmem.ca"];
}
];
rules = [
{
host = "search.gmem.ca";
http.paths = [
{
path = "/";
pathType = "Prefix";
backend.service = {
name = appName;
port.name = "http";
};
}
];
}
];
};
};
}

50
homelab/tclip.nix
View file

@ -23,7 +23,16 @@ in {
name = "USE_FUNNEL";
value = "true";
}
{
name = "HTTP_PORT";
value = "8080";
}
{
name = "ENABLE_METRICS";
value = "true";
}
];
ports.http.containerPort = 8080;
envFrom = [{secretRef.name = "tclip";}];
volumeMounts = [
{
@ -47,4 +56,45 @@ in {
];
};
};
kubernetes.resources.services.tclip = {
metadata.namespace = "tclip";
spec = {
selector.app = appName;
ports.http = {
port = 8080;
targetPort = 8080;
};
};
};
kubernetes.resources.ingresses.tclip = {
metadata = {
name = appName;
namespace = "tclip";
annotations = {
"cert-manager.io/cluster-issuer" = "le-issuer";
};
};
spec = {
tls = [
{
hosts = ["paste.gmem.ca"];
}
];
rules = [
{
host = "paste.gmem.ca";
http.paths = [
{
path = "/";
pathType = "Prefix";
backend.service = {
name = appName;
port.name = "http";
};
}
];
}
];
};
};
}

2
nix/dnsmasq-floof/hardware-configuration.nix
View file

@ -12,7 +12,7 @@
(modulesPath + "/profiles/qemu-guest.nix")
''${builtins.fetchTarball {
url = "https://github.com/nix-community/disko/archive/master.tar.gz";
sha256 = "1dk4xi79lvm8hv1raf2snm3j8y4q23csm6d3siljg4cpf2y4wyl7";
sha256 = "1wg3nnh8lrc8q8q4qyk9yynsa24qqj9126h3cy0ijq93mz46i1k7";
}}/module.nix''
./disk-config.nix
];

2
nix/dnsmasq/hardware-configuration.nix
View file

@ -12,7 +12,7 @@
(modulesPath + "/profiles/qemu-guest.nix")
''${builtins.fetchTarball {
url = "https://github.com/nix-community/disko/archive/master.tar.gz";
sha256 = "1dk4xi79lvm8hv1raf2snm3j8y4q23csm6d3siljg4cpf2y4wyl7";
sha256 = "1wg3nnh8lrc8q8q4qyk9yynsa24qqj9126h3cy0ijq93mz46i1k7";
}}/module.nix''
./disk-config.nix
];

4
nix/london/configuration.nix
View file

@ -28,7 +28,7 @@
theme = "breeze";
};
};
powerManagement.enable = true;
time.hardwareClockInLocalTime = true;
hardware = {
cpu.amd.updateMicrocode = true;
@ -53,7 +53,9 @@
hostName = "LONDON";
networkmanager.enable = true;
interfaces.enp14s0.useDHCP = true;
interfaces.enp14s0.wakeOnLan.enable = true;
interfaces.br0.useDHCP = true;
interfaces.br0.wakeOnLan.enable = true;
bridges = {
"br0" = {
interfaces = ["enp14s0"];

2
nix/london/gsimmer.nix
View file

@ -22,7 +22,7 @@
in [
(import (builtins.fetchTarball {
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
sha256 = "0yy91pryh8pbq2sz07nzjb11s5ghrn9773v0vsh475an4g4p9933";
sha256 = "09rsdkn16al5qsyrl5fjrljw7ff0z5yb9ihskbipcdiffcn11kax";
}))
discordOverlay
];

5
nix/monitoring/configuration.nix
View file

@ -414,6 +414,11 @@
scrape_interval = "10s";
static_configs = [{targets = ["100.87.208.14:8404"];}];
}
{
job_name = "tclip";
scrape_interval = "15s";
static_configs = [{targets = ["paste"];}];
}
];
exporters.node = {
enable = true;

6
nix/nas/configuration.nix
View file

@ -31,6 +31,10 @@
file = ../../secrets/cloudflare-dns.age;
owner = "acme";
};
age.secrets.paperless-oauth = {
file = ../../secrets/paperless-oauth.age;
owner = "paperless";
};
nix = {
settings = {
auto-optimise-store = true;
@ -47,7 +51,7 @@
kernelModules = ["coretemp" "kvm-amd" "it87"];
zfs.extraPools = ["tank"];
};
systemd.services.paperless-web.serviceConfig.EnvironmentFile = config.age.secrets.paperless-oauth.path;
services = {
paperless = {
enable = true;

2
secrets.nix
View file

@ -30,5 +30,7 @@ in {
"secrets/monitoring-grafana-client-secret.age".publicKeys = [monitoring gsimmer];
"secrets/k3s-token.age".publicKeys = k3s ++ users;
"secrets/paperless-oauth.age".publicKeys = [vancouver] ++ users;
"secrets/dnsmasq-nextdns-profile.age".publicKeys = dnsmasq ++ users;
}