Compare commits
No commits in common. "a8372897206d97ef82bed710f9be8c8cf1ea25a2" and "99ff6f1f96d315afafb290c404b978c58eeac053" have entirely different histories.
a837289720
...
99ff6f1f96
146
dns/dns.nix
146
dns/dns.nix
|
@ -3,25 +3,36 @@
|
|||
zones = {
|
||||
"gmem.ca" =
|
||||
{
|
||||
"grafana" = {
|
||||
a.data = ["91.107.206.145"];
|
||||
aaaa.data = ["2a01:4f8:c012:5ec6::"];
|
||||
"test" = {
|
||||
aaaa = {
|
||||
ttl = 0;
|
||||
data = ["100::"];
|
||||
};
|
||||
};
|
||||
"uptime" = {
|
||||
a = {
|
||||
data = ["91.107.206.145"];
|
||||
};
|
||||
aaaa = {
|
||||
data = ["2a01:4f8:c012:5ec6::"];
|
||||
};
|
||||
};
|
||||
"uptime".cname.data = "grafana.gmem.ca";
|
||||
"healthchecks".cname.data = "grafana.gmem.ca";
|
||||
"truenas".a.data = ["192.168.50.229"];
|
||||
"docs" = {
|
||||
a.data = ["100.116.48.47"];
|
||||
aaaa.data = ["fd7a:115c:a1e0:ab12:4843:cd96:6274:302f"];
|
||||
a = {
|
||||
data = ["100.116.48.47"];
|
||||
};
|
||||
aaaa = {
|
||||
data = ["fd7a:115c:a1e0:ab12:4843:cd96:6274:302f"];
|
||||
};
|
||||
};
|
||||
"cluster" = {
|
||||
a = {
|
||||
ttl = 3600;
|
||||
data = ["100.87.208.14"];
|
||||
data = ["100.77.43.133"];
|
||||
};
|
||||
aaaa = {
|
||||
ttl = 3600;
|
||||
data = ["fd7a:115c:a1e0::2001:d00e"];
|
||||
data = [
|
||||
"fd7a:115c:a1e0:ab12:4843:cd96:624d:2b85"
|
||||
];
|
||||
};
|
||||
};
|
||||
"newcluster" = {
|
||||
|
@ -31,106 +42,25 @@
|
|||
};
|
||||
aaaa = {
|
||||
ttl = 3600;
|
||||
data = ["fd7a:115c:a1e0::2001:d00e"];
|
||||
data = [ "fd7a:115c:a1e0::2001:d00e" ];
|
||||
};
|
||||
};
|
||||
"homelab".a.data = ["192.168.50.45"];
|
||||
"_acme-challenge.router".txt.data = ["CJKnxKczldLEAy6zPkST0xeJ5Cy-xdT_ElzqMxhNh5E"];
|
||||
|
||||
"osc-triggers" = {
|
||||
a.data = ["46.23.81.157"];
|
||||
aaaa.data = ["2a03:6000:1813:1337::157"];
|
||||
};
|
||||
|
||||
"mitu.camera".a.data = ["192.168.50.121"];
|
||||
|
||||
"ns1" = {
|
||||
"homelab" = {
|
||||
a = {
|
||||
ttl = 300;
|
||||
data = ["162.159.1.247"];
|
||||
};
|
||||
aaaa = {
|
||||
ttl = 300;
|
||||
data = ["2400:cb00:2049:1::a29f:1f7"];
|
||||
data = ["192.168.50.45"];
|
||||
};
|
||||
};
|
||||
"ns2" = {
|
||||
a = {
|
||||
ttl = 300;
|
||||
data = ["162.159.2.232"];
|
||||
};
|
||||
aaaa = {
|
||||
ttl = 300;
|
||||
data = ["2400:cb00:2049:1::a29f:2e8"];
|
||||
"_acme-challenge.router" = {
|
||||
txt = {
|
||||
data = ["CJKnxKczldLEAy6zPkST0xeJ5Cy-xdT_ElzqMxhNh5E"];
|
||||
};
|
||||
};
|
||||
"ns3" = {
|
||||
a = {
|
||||
ttl = 300;
|
||||
data = ["162.159.3.252"];
|
||||
};
|
||||
aaaa = {
|
||||
ttl = 300;
|
||||
data = ["2400:cb00:2049:1::a29f:3fc"];
|
||||
};
|
||||
};
|
||||
"ns4" = {
|
||||
a = {
|
||||
ttl = 300;
|
||||
data = ["162.159.5.243"];
|
||||
};
|
||||
aaaa = {
|
||||
ttl = 300;
|
||||
data = ["2400:cb00:2049:1::a29f:5f3"];
|
||||
};
|
||||
};
|
||||
|
||||
"vancouver" = {
|
||||
a.data = ["100.116.48.47"];
|
||||
aaaa.data = ["fd7a:115c:a1e0:ab12:4843:cd96:6274:302f"];
|
||||
};
|
||||
|
||||
"" = {
|
||||
aaaa.data = ["100::"];
|
||||
aaaa.ttl = 0;
|
||||
mx.data = [
|
||||
{
|
||||
exchange = "in1-smtp.messagingengine.com";
|
||||
preference = 10;
|
||||
}
|
||||
{
|
||||
exchange = "in2-smtp.messagingengine.com";
|
||||
preference = 20;
|
||||
}
|
||||
];
|
||||
txt.data = [
|
||||
"v=spf1 include:spf.messagingengine.com include:spf.mushu.services.floofy.tech -all"
|
||||
"google-site-verification=NrdjjQmhVjOj2s_CV8IdLkhAYCZ1tC3zrkIjn_-ny2o"
|
||||
];
|
||||
};
|
||||
"postal-d6u33j._domainkey".txt.data = ["v=DKIM1; t=s; h=sha256; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCoSvi65zRk8yn0IySfXWyNzeQpz8DEg8ZnmR/Kqq+Ga890KoINkQHB0toQu/iURjmLo+2mYKMxkAMWZPEsKaNsBCLBB55NCvq3/jeJdjOKYLplc51KSdxSb3AGokGqwCDhQ8u+MJty/R3QOHbzndddQTnSG0ApDkJNiPdFVnXnewIDAQAB;"];
|
||||
"_discord".txt.data = ["dh=28112e71a152f2126fb224a14d80d5816ea5916e"];
|
||||
"_dmarc".txt.data = ["v=DMARC1; p=reject; rua=mailto:f2c1db0a7b6041e593961a3057be4d49@dmarc-reports.cloudflare.net"];
|
||||
|
||||
"fm1._domainkey".cname.data = "fm1.gmem.ca.dkim.fmhosted.com";
|
||||
"fm2._domainkey".cname.data = "fm2.gmem.ca.dkim.fmhosted.com";
|
||||
"fm3._domainkey".cname.data = "fm3.gmem.ca.dkim.fmhosted.com";
|
||||
|
||||
"cdn".cname = {
|
||||
ttl = 0;
|
||||
data = "public.r2.dev";
|
||||
};
|
||||
"fursona".cname = {
|
||||
ttl = 0;
|
||||
data = "well-known-fursona.pages.dev";
|
||||
};
|
||||
"bgnet0".cname = {
|
||||
ttl = 0;
|
||||
data = "bgnet0.pages.dev";
|
||||
};
|
||||
|
||||
"stream".a.data = ["141.147.109.157"];
|
||||
}
|
||||
// lib.attrsets.genAttrs [
|
||||
# Internally hosted applications
|
||||
"netboot"
|
||||
"changedetect"
|
||||
] (name: {cname.data = "cluster";})
|
||||
// lib.attrsets.genAttrs [
|
||||
# Internally hosted applications
|
||||
"atuin"
|
||||
|
@ -145,9 +75,7 @@
|
|||
"rss"
|
||||
"request-media"
|
||||
"ntfy"
|
||||
"metube"
|
||||
"search"
|
||||
] (name: {cname.data = "cluster.gmem.ca";})
|
||||
] (name: {cname.data = "newcluster";})
|
||||
// lib.attrsets.genAttrs [
|
||||
# Externally hosted applications with Tunnels
|
||||
"authentik"
|
||||
|
@ -159,12 +87,10 @@
|
|||
"photos"
|
||||
"proxmox"
|
||||
"tokyo"
|
||||
"ci"
|
||||
"paste"
|
||||
] (name: {
|
||||
cname = {
|
||||
ttl = 0;
|
||||
data = "a1544154-d851-44ee-8d3a-9fa245867745.cfargotunnel.com";
|
||||
data = "a1544154-d851-44ee-8d3a-9fa245867745.cfargotunnel.com.";
|
||||
};
|
||||
});
|
||||
};
|
||||
|
|
|
@ -9,7 +9,6 @@
|
|||
"pw"
|
||||
"tokyo"
|
||||
"nitter"
|
||||
"paste"
|
||||
] (name: {
|
||||
name = name + ".gmem.ca";
|
||||
content = "newcluster.gmem.ca";
|
||||
|
@ -38,9 +37,7 @@
|
|||
"request-media"
|
||||
"tools"
|
||||
"ytproxy"
|
||||
"metube"
|
||||
"search"
|
||||
"paste"
|
||||
"changedetect"
|
||||
] (name: {
|
||||
name = name + ".gmem.ca";
|
||||
content = "homelab.gmem.ca";
|
||||
|
|
168
flake.lock
168
flake.lock
|
@ -180,7 +180,7 @@
|
|||
},
|
||||
"flake-utils_2": {
|
||||
"inputs": {
|
||||
"systems": "systems_2"
|
||||
"systems": "systems_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1710146030,
|
||||
|
@ -197,24 +197,6 @@
|
|||
}
|
||||
},
|
||||
"flake-utils_3": {
|
||||
"inputs": {
|
||||
"systems": "systems_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1710146030,
|
||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_4": {
|
||||
"locked": {
|
||||
"lastModified": 1634851050,
|
||||
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
|
||||
|
@ -229,21 +211,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flakey-profile": {
|
||||
"locked": {
|
||||
"lastModified": 1712898590,
|
||||
"narHash": "sha256-FhGIEU93VHAChKEXx905TSiPZKga69bWl1VB37FK//I=",
|
||||
"owner": "lf-",
|
||||
"repo": "flakey-profile",
|
||||
"rev": "243c903fd8eadc0f63d205665a92d4df91d42d9d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "lf-",
|
||||
"repo": "flakey-profile",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"home-manager": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
@ -272,11 +239,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1715930644,
|
||||
"narHash": "sha256-W9pyM3/vePxrffHtzlJI6lDS3seANQ+Nqp+i58O46LI=",
|
||||
"lastModified": 1714515075,
|
||||
"narHash": "sha256-azMK7aWH0eUc3IqU4Fg5rwZdB9WZBvimOGG3piqvtsY=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "e3ad5108f54177e6520535768ddbf1e6af54b59d",
|
||||
"rev": "6d3b6dc9222c12b951169becdf4b0592ee9576ef",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -293,11 +260,11 @@
|
|||
"treefmt": "treefmt"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1715211269,
|
||||
"narHash": "sha256-bO1n41QjfdFNoEih0csMe/MUB42DdOuwlT+6LGpUCSc=",
|
||||
"lastModified": 1711480255,
|
||||
"narHash": "sha256-CPF0+ZW3biHoWHE88bZt6a7G65X5Bxtgvw7xwLGrDJ4=",
|
||||
"owner": "hall",
|
||||
"repo": "kubenix",
|
||||
"rev": "060f4757292e1e7172cc9ebcb16f38d89cb707ab",
|
||||
"rev": "5692af23e0835e7b21ec4e2f362b5ef9ff96d893",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -308,15 +275,15 @@
|
|||
},
|
||||
"lib-aggregate": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_3",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1715515815,
|
||||
"narHash": "sha256-yaLScMHNFCH6SbB0HSA/8DWDgK0PyOhCXoFTdHlWkhk=",
|
||||
"lastModified": 1714306226,
|
||||
"narHash": "sha256-CA7bfnDt9TcFc7I8eKHf72DodYUEETDPgmBFXBRP9/E=",
|
||||
"owner": "nix-community",
|
||||
"repo": "lib-aggregate",
|
||||
"rev": "09883ca828e8cfaacdb09e29190a7b84ad1d9925",
|
||||
"rev": "49d9b510614b9bd137e067eb31445a8feca83313",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -325,48 +292,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"lix": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1714955862,
|
||||
"narHash": "sha256-REWlo2RYHfJkxnmZTEJu3Cd/2VM+wjjpPy7Xi4BdDTQ=",
|
||||
"ref": "refs/tags/2.90-beta.1",
|
||||
"rev": "b6799ab0374a8e1907a48915d3187e07da41d88c",
|
||||
"revCount": 15501,
|
||||
"type": "git",
|
||||
"url": "https://git@git.lix.systems/lix-project/lix"
|
||||
},
|
||||
"original": {
|
||||
"ref": "refs/tags/2.90-beta.1",
|
||||
"type": "git",
|
||||
"url": "https://git@git.lix.systems/lix-project/lix"
|
||||
}
|
||||
},
|
||||
"lix-module": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_2",
|
||||
"flakey-profile": "flakey-profile",
|
||||
"lix": [
|
||||
"lix"
|
||||
],
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1715885250,
|
||||
"narHash": "sha256-IUFYAl3158Ig5vySnRBHoPReb2/S97bjodCo6FhzJv4=",
|
||||
"ref": "refs/heads/main",
|
||||
"rev": "53d713eb486f21d653af3ef3528e9a19ecfc45e5",
|
||||
"revCount": 81,
|
||||
"type": "git",
|
||||
"url": "https://git.lix.systems/lix-project/nixos-module"
|
||||
},
|
||||
"original": {
|
||||
"type": "git",
|
||||
"url": "https://git.lix.systems/lix-project/nixos-module"
|
||||
}
|
||||
},
|
||||
"nix-eval-jobs": {
|
||||
"inputs": {
|
||||
"flake-parts": "flake-parts",
|
||||
|
@ -375,11 +300,11 @@
|
|||
"treefmt-nix": "treefmt-nix_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1715804156,
|
||||
"narHash": "sha256-GtIHP86Cz1kD9xZO/cKbNQACHKdoT9WFbLJAq6W2EDY=",
|
||||
"lastModified": 1713858845,
|
||||
"narHash": "sha256-StJq7Zy+/iVBUAKFzhHWlsirFucZ3gNtzXhAYXAsNnw=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-eval-jobs",
|
||||
"rev": "bb95091f6c6f38f6cfc215a1797a2dd466312c8b",
|
||||
"rev": "7b6640f2a10701bf0db16aff048070f400e8ea7c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -449,15 +374,15 @@
|
|||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
],
|
||||
"systems": "systems_3",
|
||||
"systems": "systems_2",
|
||||
"treefmt-nix": "treefmt-nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1715321534,
|
||||
"narHash": "sha256-cDTRRrLj08k867/lajKXkCg9HTNWuoYGfgr8wyAVaTY=",
|
||||
"lastModified": 1713393417,
|
||||
"narHash": "sha256-YriEUgA8u37V859nbSpqeYlL/GiezzeBIyBAAzhxZaI=",
|
||||
"owner": "Janik-Haag",
|
||||
"repo": "nixos-dns",
|
||||
"rev": "c4f734d771038db15700a61a8703d0da5f993b3a",
|
||||
"rev": "1cf30ea07873b291fc39265d4c6dc63bfdf67ad7",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -489,11 +414,11 @@
|
|||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1716034089,
|
||||
"narHash": "sha256-QBfab6V4TeQ6Y4NiXVrEATdQuhCNFNaXt/L1K/Zw+zc=",
|
||||
"lastModified": 1714465198,
|
||||
"narHash": "sha256-ySkEJvS0gPz2UhXm0H3P181T8fUxvDVcoUyGn0Kc5AI=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "b55712de78725c8fcde422ee0a0fe682046e73c3",
|
||||
"rev": "68d680c1b7c0e67a9b2144d6776583ee83664ef4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -521,11 +446,11 @@
|
|||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"lastModified": 1715474941,
|
||||
"narHash": "sha256-CNCqCGOHdxuiVnVkhTpp2WcqSSmSfeQjubhDOcgwGjU=",
|
||||
"lastModified": 1714265296,
|
||||
"narHash": "sha256-jVnKiCOoFulPT1zDdA4jfG/lnEnngdth5CT6rVDXEJ4=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "58e03b95f65dfdca21979a081aa62db0eed6b1d8",
|
||||
"rev": "ade4fb7bbf04cd52bc1705734d5dc67755d77ec9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -544,11 +469,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1716052422,
|
||||
"narHash": "sha256-9zObaIzZ3OnW4nMdNzMmrjUrGhqhAZhn1VQnxWUlKts=",
|
||||
"lastModified": 1714525911,
|
||||
"narHash": "sha256-XYARtyCpKeL0IosMSzeHl6YFblV3n4y7plM+K9fg4N4=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs-wayland",
|
||||
"rev": "0c6afa4c3c068730a90ce20762bf0fdfac23e64b",
|
||||
"rev": "4cbf82124f2c03fa5b1b669771c48f9927264684",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -607,11 +532,11 @@
|
|||
},
|
||||
"nixpkgs_5": {
|
||||
"locked": {
|
||||
"lastModified": 1715996989,
|
||||
"narHash": "sha256-ObD9YSelkwCAylEXJHcNjrn3hLOfIVScB1tPz9zeDN8=",
|
||||
"lastModified": 1714314149,
|
||||
"narHash": "sha256-yNAevSKF4krRWacmLUsLK7D7PlfuY3zF0lYnGYNi9vQ=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "63d3e5d82edf5a138e7d0872231cc23ed4e740fd",
|
||||
"rev": "cf8cc1201be8bc71b7cbbbdaf349b22f4f99c7ae",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -623,11 +548,11 @@
|
|||
},
|
||||
"nixpkgs_6": {
|
||||
"locked": {
|
||||
"lastModified": 1715037484,
|
||||
"narHash": "sha256-OUt8xQFmBU96Hmm4T9tOWTu4oCswCzoVl+pxSq/kiFc=",
|
||||
"lastModified": 1713805509,
|
||||
"narHash": "sha256-YgSEan4CcrjivCNO5ZNzhg7/8ViLkZ4CB/GrGBVSudo=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "ad7efee13e0d216bf29992311536fce1d3eefbef",
|
||||
"rev": "1e1dc66fe68972a76679644a5577828b6a7e8be4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -658,8 +583,6 @@
|
|||
"alertmanager-ntfy": "alertmanager-ntfy",
|
||||
"home-manager": "home-manager_2",
|
||||
"kubenix": "kubenix",
|
||||
"lix": "lix",
|
||||
"lix-module": "lix-module",
|
||||
"nixinate": "nixinate",
|
||||
"nixos-dns": "nixos-dns",
|
||||
"nixos-generators": "nixos-generators",
|
||||
|
@ -684,21 +607,6 @@
|
|||
}
|
||||
},
|
||||
"systems_2": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"systems_3": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
|
@ -712,7 +620,7 @@
|
|||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"systems_4": {
|
||||
"systems_3": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
|
@ -731,7 +639,7 @@
|
|||
"inputs": {
|
||||
"bats-assert": "bats-assert",
|
||||
"bats-support": "bats-support",
|
||||
"flake-utils": "flake-utils_4",
|
||||
"flake-utils": "flake-utils_3",
|
||||
"nixpkgs": "nixpkgs_7",
|
||||
"terranix-examples": "terranix-examples"
|
||||
},
|
||||
|
@ -793,11 +701,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1714058656,
|
||||
"narHash": "sha256-Qv4RBm4LKuO4fNOfx9wl40W2rBbv5u5m+whxRYUMiaA=",
|
||||
"lastModified": 1711963903,
|
||||
"narHash": "sha256-N3QDhoaX+paWXHbEXZapqd1r95mdshxToGowtjtYkGI=",
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"rev": "c6aaf729f34a36c445618580a9f95a48f5e4e03f",
|
||||
"rev": "49dc4a92b02b8e68798abd99184f228243b6e3ac",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
24
flake.nix
24
flake.nix
|
@ -22,21 +22,11 @@
|
|||
alertmanager-ntfy.url = "github:alexbakker/alertmanager-ntfy";
|
||||
kubenix.url = "github:hall/kubenix";
|
||||
nixos-hardware.url = "github:NixOS/nixos-hardware/master";
|
||||
lix = {
|
||||
url = "git+https://git@git.lix.systems/lix-project/lix?ref=refs/tags/2.90-beta.1";
|
||||
flake = false;
|
||||
};
|
||||
lix-module = {
|
||||
url = "git+https://git.lix.systems/lix-project/nixos-module";
|
||||
inputs.lix.follows = "lix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = {
|
||||
self,
|
||||
nixpkgs,
|
||||
lix-module,
|
||||
nixos-generators,
|
||||
nixinate,
|
||||
home-manager,
|
||||
|
@ -47,7 +37,6 @@
|
|||
kubenix,
|
||||
nixos-dns,
|
||||
nixos-hardware,
|
||||
...
|
||||
} @ inputs: let
|
||||
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||||
tf = terranix.lib.terranixConfiguration {
|
||||
|
@ -95,7 +84,6 @@
|
|||
terraform-ls
|
||||
kubernetes-helm
|
||||
nil
|
||||
talosctl
|
||||
(octodns.withProviders (ps: [
|
||||
octodns-providers.bind
|
||||
octodns-cloudflare
|
||||
|
@ -137,6 +125,9 @@
|
|||
inherit dnsConfig;
|
||||
config = {
|
||||
processors = {
|
||||
ownership = {
|
||||
class = "octodns.processor.ownership.OwnershipProcessor";
|
||||
};
|
||||
ttl-to-proxy = {
|
||||
class = "octodns_cloudflare.processor.ttl.TtlToProxy";
|
||||
ttl = 0;
|
||||
|
@ -150,15 +141,12 @@
|
|||
class = "octodns_cloudflare.CloudflareProvider";
|
||||
token = "env/CLOUDFLARE_API_TOKEN";
|
||||
min_ttl = 0;
|
||||
update_pcent_threshold = 0.5;
|
||||
delete_pcent_threshold = 0.5;
|
||||
auto_ttl_target = 300;
|
||||
};
|
||||
};
|
||||
};
|
||||
zones = {
|
||||
"gmem.ca." = {
|
||||
processors = ["ttl-to-proxy"];
|
||||
processors = ["ownership" "ttl-to-proxy"];
|
||||
sources = ["config"];
|
||||
targets = ["cloudflare"];
|
||||
};
|
||||
|
@ -189,11 +177,12 @@
|
|||
|
||||
for profile in rewrites:
|
||||
for rewrite in rewrites[profile]:
|
||||
print(json.dumps(rewrite))
|
||||
req = requests.post(
|
||||
f'https://api.nextdns.io/profiles/{profile}/rewrites', data=json.dumps(rewrite),
|
||||
headers={'X-Api-Key': auth, 'Content-Type': 'application/json'}
|
||||
)
|
||||
print(f'done {rewrite["name"]} -> {rewrite["content"]}')
|
||||
print(req.text)
|
||||
'');
|
||||
};
|
||||
|
||||
|
@ -262,7 +251,6 @@
|
|||
london = nixpkgs.lib.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
lix-module.nixosModules.default
|
||||
(import ./nix/london/configuration.nix)
|
||||
(import ./modules/cloudflare-warp.nix)
|
||||
(import ./modules/vfio.nix)
|
||||
|
|
|
@ -112,6 +112,4 @@ data:
|
|||
service: http://ibiza.endpoints.svc.cluster.local:8000
|
||||
- hostname: chat.gmem.ca
|
||||
service: tcp://192.168.50.45:443
|
||||
- hostname: paste.gmem.ca
|
||||
service: http://tclip.tclip.svc.cluster.local:8080
|
||||
- service: http_status:404
|
||||
|
|
|
@ -22,14 +22,14 @@
|
|||
};
|
||||
}
|
||||
{
|
||||
Jellyseerr = {
|
||||
icon = "jellyseerr.png";
|
||||
Overseerr = {
|
||||
icon = "overseerr.png";
|
||||
href = "https://request-media.gmem.ca";
|
||||
description = "Request movies and TV shows";
|
||||
widget = {
|
||||
type = "jellyseerr";
|
||||
type = "overseerr";
|
||||
url = "https://request-media.gmem.ca";
|
||||
key = "{{HOMEPAGE_VAR_JELLYSEERR_KEY}}";
|
||||
key = "{{HOMEPAGE_VAR_OVERSEERR_KEY}}";
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -14,7 +14,7 @@
|
|||
};
|
||||
# arbitrary attrset passed as values to the helm release
|
||||
values = {
|
||||
image.tag = "v1.105.1";
|
||||
image.tag = "v1.102.3";
|
||||
machine-learning.enabled = false;
|
||||
immich.persistence.library.existingClaim = "immich";
|
||||
redis = {
|
||||
|
|
|
@ -26,7 +26,5 @@
|
|||
(import ./nitter-bot.nix)
|
||||
(import ./miniflux.nix)
|
||||
# (import ./snikket.nix)
|
||||
(import ./metube.nix)
|
||||
(import ./searxng.nix)
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,64 +0,0 @@
|
|||
let
|
||||
appName = "metube";
|
||||
appImage = "ghcr.io/alexta69/metube";
|
||||
in {
|
||||
kubernetes.resources.services.metube = {
|
||||
metadata.namespace = "metube";
|
||||
spec = {
|
||||
selector.app = "metube";
|
||||
ports.http = {
|
||||
port = 8081;
|
||||
targetPort = 8081;
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
kubernetes.resources.deployments.metube = {
|
||||
metadata.namespace = "metube";
|
||||
spec = {
|
||||
selector.matchLabels.app = "metube";
|
||||
template = {
|
||||
metadata.labels.app = "metube";
|
||||
spec = {
|
||||
containers = {
|
||||
metube = {
|
||||
image = appImage;
|
||||
imagePullPolicy = "Always";
|
||||
ports.http.containerPort = 8081;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
kubernetes.resources.ingresses.metube = {
|
||||
metadata.namespace = "metube";
|
||||
metadata.annotations = {
|
||||
"cert-manager.io/cluster-issuer" = "le-issuer";
|
||||
};
|
||||
spec = {
|
||||
tls = [
|
||||
{
|
||||
hosts = ["metube.gmem.ca"];
|
||||
}
|
||||
];
|
||||
rules = [
|
||||
{
|
||||
host = "metube.gmem.ca";
|
||||
http.paths = [
|
||||
{
|
||||
path = "/";
|
||||
pathType = "Prefix";
|
||||
backend.service = {
|
||||
name = "metube";
|
||||
port.number = 8081;
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
}
|
|
@ -73,7 +73,7 @@
|
|||
kubernetes.resources.cronJobs.piped-refresh = {
|
||||
metadata.namespace = "piped";
|
||||
spec = {
|
||||
schedule = "*/30 * * * *";
|
||||
schedule = "*/10 * * * *";
|
||||
jobTemplate.spec.template.spec = {
|
||||
restartPolicy = "Never";
|
||||
containers.refresh-subscriptions = {
|
||||
|
@ -84,14 +84,12 @@
|
|||
"-c"
|
||||
''
|
||||
apt update && apt install -y postgresql-client curl
|
||||
curl -o /dev/null "https://healthchecks.gmem.ca/ping/$HEALTHCHECKS_UUID/start"
|
||||
export PGPASSWORD=$password &&
|
||||
export subs=$(psql -U piped -h 192.168.50.236 -qtAX -c 'select id from public.pubsub;') &&
|
||||
while IFS= read -r line; do
|
||||
echo "refreshing $line"
|
||||
curl -k -o /dev/null "http://piped-backend:8080/channel/$line"
|
||||
done < <(printf '%s' "$subs")
|
||||
curl -o /dev/null "https://healthchecks.gmem.ca/ping/$HEALTHCHECKS_UUID"
|
||||
''
|
||||
];
|
||||
};
|
||||
|
|
|
@ -21,7 +21,6 @@ prometheus:
|
|||
static_configs:
|
||||
- targets:
|
||||
- 192.168.50.236:9187
|
||||
- 192.168.50.62:9187
|
||||
grafana:
|
||||
enabled: false
|
||||
alertmanager:
|
||||
|
|
|
@ -1,140 +0,0 @@
|
|||
let
|
||||
appName = "searxng";
|
||||
appImage = "docker.io/searxng/searxng:latest";
|
||||
in
|
||||
{
|
||||
lib,
|
||||
config,
|
||||
kubenix,
|
||||
...
|
||||
}: {
|
||||
kubernetes.resources.services.searxng = {
|
||||
metadata.namespace = "searxng";
|
||||
metadata.labels.app = appName;
|
||||
spec = {
|
||||
selector.app = appName;
|
||||
ports.http = {
|
||||
port = 8080;
|
||||
targetPort = 8080;
|
||||
};
|
||||
};
|
||||
};
|
||||
kubernetes.resources.deployments.searxng = {
|
||||
metadata.namespace = "searxng";
|
||||
spec = {
|
||||
selector.matchLabels.app = appName;
|
||||
template = {
|
||||
metadata.labels.app = appName;
|
||||
spec = {
|
||||
volumes = {
|
||||
config.configMap.name = "searxng";
|
||||
};
|
||||
containers = {
|
||||
searxng = {
|
||||
image = appImage;
|
||||
imagePullPolicy = "Always";
|
||||
volumeMounts = [
|
||||
{
|
||||
name = "config";
|
||||
mountPath = "/etc/searxng/settings.yml";
|
||||
subPath = "settings.yml";
|
||||
}
|
||||
{
|
||||
name = "config";
|
||||
mountPath = "/etc/searxng/limiter.toml";
|
||||
subPath = "limiter.toml";
|
||||
}
|
||||
];
|
||||
envFrom = [{secretRef.name = "searxng";}];
|
||||
ports.http.containerPort = 8080;
|
||||
resources = {
|
||||
requests = {
|
||||
cpu = "100m";
|
||||
memory = "512Mi";
|
||||
};
|
||||
limits = {
|
||||
memory = "1Gi";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
kubernetes.resources.configMaps.searxng = {
|
||||
metadata.namespace = "searxng";
|
||||
data."settings.yml" = ''
|
||||
use_default_settings: true
|
||||
server:
|
||||
image_proxy: true
|
||||
http_protocol_version: "1.1"
|
||||
method: "GET"
|
||||
ui:
|
||||
static_use_hash: true
|
||||
redis:
|
||||
url: redis://searxng-redis-master:6379/0
|
||||
general:
|
||||
instance_name: search.gmem.ca
|
||||
hostname_replace:
|
||||
'(.*\.)?youtube\.com$': 'piped.gmem.ca'
|
||||
'(.*\.)?youtu\.be$': 'piped.gmem.ca'
|
||||
'(.*\.)?youtube-noocookie\.com$': 'piped.gmem.ca'
|
||||
'(www\.)?twitter\.com$': 'nitter.gmem.ca'
|
||||
'(www\.)?x\.com$': 'nitter.gmem.ca'
|
||||
'';
|
||||
data."limiter.toml" = ''
|
||||
# This configuration file updates the default configuration file
|
||||
# See https://github.com/searxng/searxng/blob/master/searx/botdetection/limiter.toml
|
||||
|
||||
[botdetection.ip_limit]
|
||||
# activate link_token method in the ip_limit method
|
||||
link_token = true
|
||||
'';
|
||||
};
|
||||
kubernetes.helm.releases.searxng-redis = {
|
||||
namespace = "searxng";
|
||||
chart = kubenix.lib.helm.fetch {
|
||||
repo = "https://charts.bitnami.com/bitnami";
|
||||
chart = "redis";
|
||||
version = "18.6.1";
|
||||
sha256 = "CyvGHc1v1BtbzDx6hbbPah2uWpUhlNIUQowephT6hmM=";
|
||||
};
|
||||
values = {
|
||||
auth.enabled = false;
|
||||
architecture = "standalone";
|
||||
};
|
||||
};
|
||||
|
||||
kubernetes.resources.ingresses.searxng = {
|
||||
metadata = {
|
||||
name = appName;
|
||||
namespace = "searxng";
|
||||
annotations = {
|
||||
"cert-manager.io/cluster-issuer" = "le-issuer";
|
||||
};
|
||||
};
|
||||
spec = {
|
||||
tls = [
|
||||
{
|
||||
hosts = ["search.gmem.ca"];
|
||||
}
|
||||
];
|
||||
rules = [
|
||||
{
|
||||
host = "search.gmem.ca";
|
||||
http.paths = [
|
||||
{
|
||||
path = "/";
|
||||
pathType = "Prefix";
|
||||
backend.service = {
|
||||
name = appName;
|
||||
port.name = "http";
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -23,16 +23,7 @@ in {
|
|||
name = "USE_FUNNEL";
|
||||
value = "true";
|
||||
}
|
||||
{
|
||||
name = "HTTP_PORT";
|
||||
value = "8080";
|
||||
}
|
||||
{
|
||||
name = "ENABLE_METRICS";
|
||||
value = "true";
|
||||
}
|
||||
];
|
||||
ports.http.containerPort = 8080;
|
||||
envFrom = [{secretRef.name = "tclip";}];
|
||||
volumeMounts = [
|
||||
{
|
||||
|
@ -56,45 +47,4 @@ in {
|
|||
];
|
||||
};
|
||||
};
|
||||
kubernetes.resources.services.tclip = {
|
||||
metadata.namespace = "tclip";
|
||||
spec = {
|
||||
selector.app = appName;
|
||||
ports.http = {
|
||||
port = 8080;
|
||||
targetPort = 8080;
|
||||
};
|
||||
};
|
||||
};
|
||||
kubernetes.resources.ingresses.tclip = {
|
||||
metadata = {
|
||||
name = appName;
|
||||
namespace = "tclip";
|
||||
annotations = {
|
||||
"cert-manager.io/cluster-issuer" = "le-issuer";
|
||||
};
|
||||
};
|
||||
spec = {
|
||||
tls = [
|
||||
{
|
||||
hosts = ["paste.gmem.ca"];
|
||||
}
|
||||
];
|
||||
rules = [
|
||||
{
|
||||
host = "paste.gmem.ca";
|
||||
http.paths = [
|
||||
{
|
||||
path = "/";
|
||||
pathType = "Prefix";
|
||||
backend.service = {
|
||||
name = appName;
|
||||
port.name = "http";
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
''${builtins.fetchTarball {
|
||||
url = "https://github.com/nix-community/disko/archive/master.tar.gz";
|
||||
sha256 = "1wg3nnh8lrc8q8q4qyk9yynsa24qqj9126h3cy0ijq93mz46i1k7";
|
||||
sha256 = "1dk4xi79lvm8hv1raf2snm3j8y4q23csm6d3siljg4cpf2y4wyl7";
|
||||
}}/module.nix''
|
||||
./disk-config.nix
|
||||
];
|
||||
|
|
|
@ -12,7 +12,7 @@
|
|||
(modulesPath + "/profiles/qemu-guest.nix")
|
||||
''${builtins.fetchTarball {
|
||||
url = "https://github.com/nix-community/disko/archive/master.tar.gz";
|
||||
sha256 = "1wg3nnh8lrc8q8q4qyk9yynsa24qqj9126h3cy0ijq93mz46i1k7";
|
||||
sha256 = "1dk4xi79lvm8hv1raf2snm3j8y4q23csm6d3siljg4cpf2y4wyl7";
|
||||
}}/module.nix''
|
||||
./disk-config.nix
|
||||
];
|
||||
|
|
|
@ -28,7 +28,7 @@
|
|||
theme = "breeze";
|
||||
};
|
||||
};
|
||||
powerManagement.enable = true;
|
||||
|
||||
time.hardwareClockInLocalTime = true;
|
||||
hardware = {
|
||||
cpu.amd.updateMicrocode = true;
|
||||
|
@ -53,9 +53,7 @@
|
|||
hostName = "LONDON";
|
||||
networkmanager.enable = true;
|
||||
interfaces.enp14s0.useDHCP = true;
|
||||
interfaces.enp14s0.wakeOnLan.enable = true;
|
||||
interfaces.br0.useDHCP = true;
|
||||
interfaces.br0.wakeOnLan.enable = true;
|
||||
bridges = {
|
||||
"br0" = {
|
||||
interfaces = ["enp14s0"];
|
||||
|
|
|
@ -22,7 +22,7 @@
|
|||
in [
|
||||
(import (builtins.fetchTarball {
|
||||
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
|
||||
sha256 = "09rsdkn16al5qsyrl5fjrljw7ff0z5yb9ihskbipcdiffcn11kax";
|
||||
sha256 = "0yy91pryh8pbq2sz07nzjb11s5ghrn9773v0vsh475an4g4p9933";
|
||||
}))
|
||||
discordOverlay
|
||||
];
|
||||
|
|
|
@ -414,11 +414,6 @@
|
|||
scrape_interval = "10s";
|
||||
static_configs = [{targets = ["100.87.208.14:8404"];}];
|
||||
}
|
||||
{
|
||||
job_name = "tclip";
|
||||
scrape_interval = "15s";
|
||||
static_configs = [{targets = ["paste"];}];
|
||||
}
|
||||
];
|
||||
exporters.node = {
|
||||
enable = true;
|
||||
|
|
|
@ -31,10 +31,6 @@
|
|||
file = ../../secrets/cloudflare-dns.age;
|
||||
owner = "acme";
|
||||
};
|
||||
age.secrets.paperless-oauth = {
|
||||
file = ../../secrets/paperless-oauth.age;
|
||||
owner = "paperless";
|
||||
};
|
||||
nix = {
|
||||
settings = {
|
||||
auto-optimise-store = true;
|
||||
|
@ -51,7 +47,7 @@
|
|||
kernelModules = ["coretemp" "kvm-amd" "it87"];
|
||||
zfs.extraPools = ["tank"];
|
||||
};
|
||||
systemd.services.paperless-web.serviceConfig.EnvironmentFile = config.age.secrets.paperless-oauth.path;
|
||||
|
||||
services = {
|
||||
paperless = {
|
||||
enable = true;
|
||||
|
|
|
@ -30,7 +30,5 @@ in {
|
|||
"secrets/monitoring-grafana-client-secret.age".publicKeys = [monitoring gsimmer];
|
||||
"secrets/k3s-token.age".publicKeys = k3s ++ users;
|
||||
|
||||
"secrets/paperless-oauth.age".publicKeys = [vancouver] ++ users;
|
||||
|
||||
"secrets/dnsmasq-nextdns-profile.age".publicKeys = dnsmasq ++ users;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue