Compare commits
11 commits
a37f03d855
...
028a667d19
Author | SHA1 | Date | |
---|---|---|---|
Gabriel Simmer | 028a667d19 | ||
Gabriel Simmer | 5aa4ebe3e6 | ||
Gabriel Simmer | 5f88e8e15b | ||
Gabriel Simmer | 641b329d55 | ||
Gabriel Simmer | d636c4edb7 | ||
Gabriel Simmer | 6e05d95bde | ||
Gabriel Simmer | 28ef0cb0c1 | ||
Gabriel Simmer | 2c7f392e7f | ||
Gabriel Simmer | c4f131b8e4 | ||
Gabriel Simmer | cc99932cc5 | ||
Gabriel Simmer | 19b9aad07e |
|
@ -10,10 +10,9 @@ jobs:
|
|||
runs-on: debian-latest-arm
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: https://github.com/RouxAntoine/checkout@v3.5.4
|
||||
uses: actions/checkout@v3.5.4
|
||||
with:
|
||||
ref: trunk
|
||||
github-server-url: 'https://vancouver.scorpion-ghost.ts.net/git/'
|
||||
- name: Install prerequisites
|
||||
run: apt update && apt install -y sudo
|
||||
- name: Install Nix
|
||||
|
|
|
@ -6,7 +6,7 @@ jobs:
|
|||
runs-on: debian-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: https://github.com/RouxAntoine/checkout@v3.5.4
|
||||
uses: actions/checkout@v3.5.3
|
||||
with:
|
||||
ref: trunk
|
||||
- name: Lint Code Base
|
||||
|
|
|
@ -10,7 +10,7 @@ jobs:
|
|||
runs-on: debian-latest
|
||||
steps:
|
||||
- name: Checkout code
|
||||
uses: https://github.com/RouxAntoine/checkout@v3.5.4
|
||||
uses: actions/checkout@v3.5.3
|
||||
with:
|
||||
ref: trunk
|
||||
- name: Install AWS CLI
|
||||
|
|
42
flake.lock
42
flake.lock
|
@ -1,12 +1,15 @@
|
|||
{
|
||||
"nodes": {
|
||||
"flake-utils": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1678901627,
|
||||
"narHash": "sha256-U02riOqrKKzwjsxc/400XnElV+UtPUQWpANPlyazjH0=",
|
||||
"lastModified": 1689068808,
|
||||
"narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "93a2b84fc4b70d9e089d029deacc3583435c2ed6",
|
||||
"rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -17,11 +20,11 @@
|
|||
},
|
||||
"nixlib": {
|
||||
"locked": {
|
||||
"lastModified": 1680397293,
|
||||
"narHash": "sha256-wBpJ73+tJ8fZSWb4tzNbAVahC4HSo2QG3nICDy4ExBQ=",
|
||||
"lastModified": 1689469483,
|
||||
"narHash": "sha256-2SBhY7rZQ/iNCxe04Eqxlz9YK9KgbaTMBssq3/BgdWY=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "b18d328214ca3c627d3cc3f51fd9d1397fdbcd7a",
|
||||
"rev": "02fea408f27186f139153e1ae88f8ab2abd9c22c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -38,11 +41,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1680764424,
|
||||
"narHash": "sha256-2tNAE9zWbAK3JvQnhlnB1uzHzhwbA9zF6A17CoTjnbk=",
|
||||
"lastModified": 1690133435,
|
||||
"narHash": "sha256-YNZiefETggroaTLsLJG2M+wpF0pJPwiauKG4q48ddNU=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"rev": "15ae4065acbf414989a8677097804326fe7c0532",
|
||||
"rev": "b1171de4d362c022130c92d7c8adc4bf2b83d586",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -53,11 +56,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1680668850,
|
||||
"narHash": "sha256-mQMg13yRsS0LXVzaeoSPwqgPO6yhkGzGewPgMSqXSv8=",
|
||||
"lastModified": 1691683125,
|
||||
"narHash": "sha256-FMU62G57HDbJwU+9V3q7I0mBaQYTYQdtPNlJt2t5/A4=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "4a65e9f64e53fdca6eed31adba836717a11247d2",
|
||||
"rev": "4d2389b927696ef8da4ef76b03f2d306faf87929",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -73,6 +76,21 @@
|
|||
"nixos-generators": "nixos-generators",
|
||||
"nixpkgs": "nixpkgs"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
|
|
|
@ -25,11 +25,13 @@
|
|||
pkgs.kubectl
|
||||
pkgs.awscli2
|
||||
pkgs.nodePackages.yaml-language-server
|
||||
pkgs.python39Packages.python-lsp-server
|
||||
pkgs.nodePackages_latest.typescript-language-server
|
||||
pkgs.k9s
|
||||
pkgs.terraform-ls
|
||||
pkgs.kubernetes-helm
|
||||
pkgs.k6
|
||||
pkgs.pulumi-bin
|
||||
pkgs.nodejs
|
||||
];
|
||||
buildInputs = [ ];
|
||||
};
|
||||
|
|
|
@ -8,7 +8,7 @@ let
|
|||
oracle-gitea-runner-source = lib.evalSource [
|
||||
{
|
||||
nixpkgs.git = {
|
||||
ref = "66aedfd010204949cb225cf749be08cb13ce1813";
|
||||
ref = "6e287913f7b1ef537c97aa301b67c34ea46b640f";
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
|
||||
shallow = true;
|
||||
|
@ -66,14 +66,14 @@ let
|
|||
url = https://github.com/NixOS/nixpkgs;
|
||||
};
|
||||
nixos-config.file = toString ./seattle/configuration.nix;
|
||||
"hardware.nix".file = toString ./glasgow/hardware.nix;
|
||||
"hardware.nix".file = toString ./seattle/hardware.nix;
|
||||
}
|
||||
];
|
||||
|
||||
glasgow-source = lib.evalSource [
|
||||
{
|
||||
nixpkgs.git = {
|
||||
ref = "origin/nixos-23.05";
|
||||
ref = "origin/nixos-unstable";
|
||||
url = https://github.com/NixOS/nixpkgs;
|
||||
};
|
||||
nixos-config.file = toString ./glasgow/configuration.nix;
|
||||
|
|
|
@ -191,7 +191,7 @@ in
|
|||
};
|
||||
gnupg.agent = {
|
||||
enable = true;
|
||||
pinentryFlavor = "qt";
|
||||
pinentryFlavor = "gnome3";
|
||||
enableSSHSupport = false;
|
||||
};
|
||||
};
|
||||
|
|
|
@ -32,12 +32,9 @@
|
|||
config =
|
||||
''
|
||||
.:53 {
|
||||
errors
|
||||
log
|
||||
health
|
||||
file /var/src/dns.db git.gmem.ca
|
||||
forward . 45.90.28.116 45.90.30.116
|
||||
cache
|
||||
bind tailscale0
|
||||
}
|
||||
'';
|
||||
|
@ -66,6 +63,7 @@
|
|||
samba = {
|
||||
enable = true;
|
||||
securityType = "user";
|
||||
openFirewall = true;
|
||||
extraConfig = ''
|
||||
workgroup = WORKGROUP
|
||||
server string = smbnix
|
||||
|
@ -165,16 +163,55 @@
|
|||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
client_max_body_size 100M;
|
||||
'';
|
||||
proxyPass = "http://127.0.0.1:8973/";
|
||||
};
|
||||
};
|
||||
virtualHosts."request-media.gmem.ca" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
acmeRoot = null;
|
||||
locations."/" = {
|
||||
extraConfig =
|
||||
''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
client_max_body_size 100M;
|
||||
'';
|
||||
proxyPass = "http://127.0.0.1:5055/";
|
||||
};
|
||||
};
|
||||
virtualHosts."flood.gmem.ca" = {
|
||||
enableACME = true;
|
||||
addSSL = true;
|
||||
acmeRoot = null;
|
||||
locations."/" = {
|
||||
extraConfig =
|
||||
''
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
|
||||
client_max_body_size 100M;
|
||||
'';
|
||||
proxyPass = "http://192.168.50.187:3000/";
|
||||
};
|
||||
};
|
||||
};
|
||||
gitea = {
|
||||
enable = true;
|
||||
stateDir = "/Primary/gitea";
|
||||
package = pkgs.forgejo;
|
||||
settings = {
|
||||
DEFAULT = {
|
||||
APP_NAME = "Arch's Git Forge";
|
||||
};
|
||||
server = {
|
||||
ROOT_URL = "https://git.gmem.ca/";
|
||||
HTTP_PORT = 8973;
|
||||
|
@ -192,7 +229,7 @@
|
|||
};
|
||||
};
|
||||
gitea-actions-runner = {
|
||||
package = pkgs.forgejo-actions-runner;
|
||||
package = pkgs.gitea-actions-runner;
|
||||
instances = {
|
||||
vancouver = {
|
||||
name = "vancouver";
|
||||
|
@ -213,12 +250,24 @@
|
|||
hostName = "vancouver";
|
||||
domain = "gmem.ca";
|
||||
firewall = {
|
||||
trustedInterfaces = ["tailscale0"];
|
||||
trustedInterfaces = ["tailscale0" "virbr0"];
|
||||
checkReversePath = "loose";
|
||||
enable = true;
|
||||
allowedTCPPorts = [ 22 53 80 443 ];
|
||||
allowedTCPPorts = [ 22 53 80 443 2049 ];
|
||||
allowedUDPPorts = [ 53 41641 ];
|
||||
};
|
||||
useDHCP = false;
|
||||
bridges = {
|
||||
"br0" = {
|
||||
interfaces = [ "eno1" ];
|
||||
};
|
||||
};
|
||||
interfaces.br0.ipv4.addresses = [ {
|
||||
address = "192.168.50.229";
|
||||
prefixLength = 24;
|
||||
} ];
|
||||
defaultGateway = "192.168.50.1";
|
||||
nameservers = ["100.100.100.100" "45.90.28.116" "45.90.30.116"];
|
||||
nftables.enable = true;
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
@ -234,7 +283,7 @@
|
|||
cifs-utils
|
||||
cloudflared
|
||||
bat
|
||||
# atuin
|
||||
virtiofsd
|
||||
];
|
||||
|
||||
time.timeZone = "Europe/London";
|
||||
|
@ -315,6 +364,16 @@
|
|||
dnsProvider = "route53";
|
||||
credentialsFile = "/var/lib/secrets/credentials";
|
||||
};
|
||||
security.acme.certs."request-media.gmem.ca" = {
|
||||
domain = "request-media.gmem.ca";
|
||||
dnsProvider = "route53";
|
||||
credentialsFile = "/var/lib/secrets/credentials";
|
||||
};
|
||||
security.acme.certs."flood.gmem.ca" = {
|
||||
domain = "flood.gmem.ca";
|
||||
dnsProvider = "route53";
|
||||
credentialsFile = "/var/lib/secrets/credentials";
|
||||
};
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
}
|
||||
|
|
|
@ -20,6 +20,7 @@
|
|||
];
|
||||
|
||||
services.gitea-actions-runner = {
|
||||
# package = pkgs.forgejo-actions-runner;
|
||||
instances = {
|
||||
oracle-arm = {
|
||||
name = "oracle-arm";
|
||||
|
|
|
@ -94,6 +94,10 @@
|
|||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://100.116.48.47";
|
||||
extraConfig =
|
||||
''
|
||||
client_max_body_size 100M;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
2
pulumi/.gitignore
vendored
Normal file
2
pulumi/.gitignore
vendored
Normal file
|
@ -0,0 +1,2 @@
|
|||
/bin/
|
||||
/node_modules/
|
6
pulumi/Pulumi.infra.yaml
Normal file
6
pulumi/Pulumi.infra.yaml
Normal file
|
@ -0,0 +1,6 @@
|
|||
encryptionsalt: v1:v/2Egaf4eCE=:v1:2Vc2k1lWnahiE1Ce:83nVXz3moeXDWxGg/gjobA9cHw8zYg==
|
||||
config:
|
||||
aws:region: eu-west-2
|
||||
tailscale:apiKey:
|
||||
secure: v1:4IfYF+gWnunbS4mK:HyJkqNAOvflbV3SZYTh/0F/is4fVMYGJLaYPhOA3xqrFu1CCzy38k2ADhvvpYIbK0PxHdibN6iW9VtCKHeTXhE8rWpv97dEb
|
||||
tailscale:tailnet: gmem.ca
|
3
pulumi/Pulumi.yaml
Normal file
3
pulumi/Pulumi.yaml
Normal file
|
@ -0,0 +1,3 @@
|
|||
name: gmem-pulumi
|
||||
runtime: nodejs
|
||||
description: gmem's AWS Infra
|
47
pulumi/index.ts
Normal file
47
pulumi/index.ts
Normal file
|
@ -0,0 +1,47 @@
|
|||
import * as pulumi from "@pulumi/pulumi";
|
||||
import * as aws from "@pulumi/aws";
|
||||
import * as tailscale from "@pulumi/tailscale";
|
||||
|
||||
const r53_domains: { [key: string]: any } = {"gmem.ca": "", "gabrielsimmer.com": ""};
|
||||
|
||||
export = async () => {
|
||||
for (const domain in r53_domains) {
|
||||
r53_domains[domain] = new aws.route53.Zone(domain, {
|
||||
comment: "Managed by Pulumi",
|
||||
name: domain,
|
||||
}, {
|
||||
protect: true,
|
||||
}).id;
|
||||
}
|
||||
|
||||
const vancouver_ts = await tailscale.getDevice({ name: "vancouver.scorpion-ghost.ts.net" });
|
||||
new aws.route53.Record("vancouver", {
|
||||
zoneId: r53_domains["gmem.ca"],
|
||||
name: "vancouver.gmem.ca",
|
||||
type: "A",
|
||||
ttl: 300,
|
||||
records: [vancouver_ts.addresses[0]]
|
||||
});
|
||||
new aws.route53.Record("galleon", {
|
||||
zoneId: r53_domains["gmem.ca"],
|
||||
name: "galleon.gmem.ca",
|
||||
type: "A",
|
||||
ttl: 300,
|
||||
records: [vancouver_ts.addresses[0]]
|
||||
});
|
||||
new aws.route53.Record("gabrielsimmercom", {
|
||||
zoneId: r53_domains["gabrielsimmer.com"],
|
||||
name: "gabrielsimmer.com",
|
||||
type: "A",
|
||||
ttl: 3600,
|
||||
records: ["66.241.124.117"]
|
||||
});
|
||||
new aws.route53.Record("gabrielsimmercom-aaaa", {
|
||||
zoneId: r53_domains["gabrielsimmer.com"],
|
||||
name: "gabrielsimmer.com",
|
||||
type: "AAAA",
|
||||
ttl: 3600,
|
||||
records: ["2a09:8280:1::4e:42fd"]
|
||||
});
|
||||
return { "vancouver ts ip": vancouver_ts.addresses[0] };
|
||||
}
|
2404
pulumi/package-lock.json
generated
Normal file
2404
pulumi/package-lock.json
generated
Normal file
File diff suppressed because it is too large
Load diff
13
pulumi/package.json
Normal file
13
pulumi/package.json
Normal file
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
"name": "gmem-pulumi",
|
||||
"main": "index.ts",
|
||||
"devDependencies": {
|
||||
"@types/node": "^16"
|
||||
},
|
||||
"dependencies": {
|
||||
"@pulumi/aws": "^5.0.0",
|
||||
"@pulumi/awsx": "^1.0.0",
|
||||
"@pulumi/pulumi": "^3.0.0",
|
||||
"@pulumi/tailscale": "^0.12.2"
|
||||
}
|
||||
}
|
18
pulumi/tsconfig.json
Normal file
18
pulumi/tsconfig.json
Normal file
|
@ -0,0 +1,18 @@
|
|||
{
|
||||
"compilerOptions": {
|
||||
"strict": true,
|
||||
"outDir": "bin",
|
||||
"target": "es2016",
|
||||
"module": "commonjs",
|
||||
"moduleResolution": "node",
|
||||
"sourceMap": true,
|
||||
"experimentalDecorators": true,
|
||||
"pretty": true,
|
||||
"noFallthroughCasesInSwitch": true,
|
||||
"noImplicitReturns": true,
|
||||
"forceConsistentCasingInFileNames": true
|
||||
},
|
||||
"files": [
|
||||
"index.ts"
|
||||
]
|
||||
}
|
|
@ -21,12 +21,19 @@ resource "aws_route53_record" "gabrielsimmercom-a" {
|
|||
zone_id = aws_route53_zone.gabrielsimmercom.zone_id
|
||||
name = "gabrielsimmer.com"
|
||||
type = "A"
|
||||
ttl = 300
|
||||
ttl = 3600
|
||||
records = [
|
||||
"185.199.108.153",
|
||||
"185.199.109.153",
|
||||
"185.199.110.153",
|
||||
"185.199.111.153"
|
||||
"66.241.124.117"
|
||||
]
|
||||
}
|
||||
|
||||
resource "aws_route53_record" "gabrielsimmercom-aaaa" {
|
||||
zone_id = aws_route53_zone.gabrielsimmercom.zone_id
|
||||
name = "gabrielsimmer.com"
|
||||
type = "AAAA"
|
||||
ttl = 3600
|
||||
records = [
|
||||
"2a09:8280:1::4e:42fd"
|
||||
]
|
||||
}
|
||||
|
||||
|
|
|
@ -2,6 +2,22 @@ resource "aws_route53_zone" "gmemca" {
|
|||
name = "gmem.ca"
|
||||
}
|
||||
|
||||
resource "aws_route53_record" "flood" {
|
||||
zone_id = aws_route53_zone.gmemca.zone_id
|
||||
name = "flood"
|
||||
type = "A"
|
||||
ttl = 3600
|
||||
records = ["100.116.48.47"]
|
||||
}
|
||||
|
||||
resource "aws_route53_record" "request-media" {
|
||||
zone_id = aws_route53_zone.gmemca.zone_id
|
||||
name = "request-media"
|
||||
type = "A"
|
||||
ttl = 3600
|
||||
records = ["100.116.48.47"]
|
||||
}
|
||||
|
||||
resource "aws_route53_record" "git" {
|
||||
zone_id = aws_route53_zone.gmemca.zone_id
|
||||
name = "git"
|
||||
|
|
Loading…
Reference in a new issue