arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

Compare commits

base: arch:af3918ffab833fcf072daec13eb41b9bad5ae86b
Branches Tags
arch:trunk
arch:woodpecker-ci
..
compare: arch:598c25d4bce83cac1a9bc4be957bcf10aafb2593
Branches Tags
arch:trunk
arch:woodpecker-ci

9 commits
af3918ffab ... 598c25d4bc

Author SHA1 Message Date
Gabriel Simmer 598c25d4bc
update immich
All checks were successful
Lint / lint (push) Successful in 20s
Details
2024-03-22 21:44:15 +00:00
Gabriel Simmer 77b01a051b
update desktop configuration with new options 2024-03-22 21:44:02 +00:00
Gabriel Simmer 0ca7cadef6
diggtastic, alacritty for desktop 2024-03-22 21:43:45 +00:00
Gabriel Simmer 9eb07d0c18
Remove atuin from nas 2024-03-22 21:43:32 +00:00
Gabriel Simmer 3399178d3c
Cleanup prometheus for homelab cluster 2024-03-22 21:43:18 +00:00
Gabriel Simmer 5a006b562e
Add changedetection to kubernetes.nix 2024-03-22 21:42:58 +00:00
Gabriel Simmer 55b04c7421
Update flake.lock 2024-03-22 21:41:51 +00:00
Gabriel Simmer a5e7b2ecae
Update cloudflared, expose metrics, replicas to 3 2024-03-22 21:41:37 +00:00
Gabriel Simmer 55f0bf49c8
Deploy changedetection 2024-03-22 21:41:25 +00:00
13 changed files with 182 additions and 108 deletions
Show stats Expand all files Collapse all files

1
dns/dns.nix
View file

@ -37,6 +37,7 @@
"tools"
"ytproxy"
"nitter"
"changedetect"
] (name: {cname.data = "cluster";})
// lib.attrsets.genAttrs [
# Externally hosted applications with Tunnels

54
flake.lock
View file

@ -27,11 +27,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1672175240,
"narHash": "sha256-znVCx+4j9961QJJGI5RHIFrv2SGFd799Hao+LRThm+I=",
"lastModified": 1710590710,
"narHash": "sha256-944FyFvgVl1fLUgWCdh6gS6Zi/Wmk7zusfMCoKTv2zE=",
"owner": "alexbakker",
"repo": "alertmanager-ntfy",
"rev": "1e8a0901410207fa4357799f4e9f6d8f26e15626",
"rev": "b60d1feee3844f091cfa911d9125bd836039dc08",
"type": "github"
},
"original": {
@ -183,11 +183,11 @@
"systems": "systems_2"
},
"locked": {
"lastModified": 1709126324,
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"type": "github"
},
"original": {
@ -239,11 +239,11 @@
]
},
"locked": {
"lastModified": 1709938482,
"narHash": "sha256-2Vw2WOFmEXWQH8ziFNOr0U48Guh5FacuD6BOEIcE99s=",
"lastModified": 1710532761,
"narHash": "sha256-SUXGZNrXX05YA9G6EmgupxhOr3swI1gcxLUeDMUhrEY=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "17431970b4ebc75a92657101ccffcfc9e1f9d8f0",
"rev": "206f457fffdb9a73596a4cb2211a471bd305243d",
"type": "github"
},
"original": {
@ -279,11 +279,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1709467759,
"narHash": "sha256-ojIpNROGKk56wyvpMAlBVor3CvPez3pFMORrocxW4io=",
"lastModified": 1710184940,
"narHash": "sha256-FzYm4td3FJfzOAuEkCXt3KdUgZuA072OAQXqIq+IAMo=",
"owner": "nix-community",
"repo": "lib-aggregate",
"rev": "206e40afdc468d0658e30e1644e2473dc6285cf2",
"rev": "45b75bf534592c0c1c881a1c447f7fdb37a87eaf",
"type": "github"
},
"original": {
@ -355,11 +355,11 @@
},
"nixlib": {
"locked": {
"lastModified": 1709426687,
"narHash": "sha256-jLBZmwXf0WYHzLkmEMq33bqhX55YtT5edvluFr0RcSA=",
"lastModified": 1710031547,
"narHash": "sha256-pkUg3hOKuGWMGF9WEMPPN/G4pqqdbNGJQ54yhyQYDVY=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "7873d84a89ae6e4841528ff7f5697ddcb5bdfe6c",
"rev": "630ebdc047ca96d8126e16bb664c7730dc52f6e6",
"type": "github"
},
"original": {
@ -397,11 +397,11 @@
]
},
"locked": {
"lastModified": 1709887845,
"narHash": "sha256-803UIoB8+vGkm/VK/g55aBAAOf/ncTGvxXyjTF4ydm0=",
"lastModified": 1710398463,
"narHash": "sha256-fQlYanU84E8uwBpcoTCcLCwU8cqn0eQ7nwTcrWfSngc=",
"owner": "nix-community",
"repo": "nixos-generators",
"rev": "bef32a05496d9480b02be586fa7827748b9e597b",
"rev": "efd4e38532b5abfaa5c9fc95c5a913157dc20ccb",
"type": "github"
},
"original": {
@ -428,11 +428,11 @@
},
"nixpkgs-lib": {
"locked": {
"lastModified": 1709426687,
"narHash": "sha256-jLBZmwXf0WYHzLkmEMq33bqhX55YtT5edvluFr0RcSA=",
"lastModified": 1710031547,
"narHash": "sha256-pkUg3hOKuGWMGF9WEMPPN/G4pqqdbNGJQ54yhyQYDVY=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "7873d84a89ae6e4841528ff7f5697ddcb5bdfe6c",
"rev": "630ebdc047ca96d8126e16bb664c7730dc52f6e6",
"type": "github"
},
"original": {
@ -451,11 +451,11 @@
]
},
"locked": {
"lastModified": 1709975798,
"narHash": "sha256-LdHYxpw7N7inGInX3i6Z6Rm3hl0ai7YXkbzJn+WV0l4=",
"lastModified": 1710631003,
"narHash": "sha256-6bOCj2BUwOYDO1Lq3DgwIfrdUiieKkm1fCHFQRkLK4Y=",
"owner": "nix-community",
"repo": "nixpkgs-wayland",
"rev": "639141e297f4fe7c1bbf0662e1fde05fa964efa9",
"rev": "bce941770aa96005f08c7b60851037352bf76156",
"type": "github"
},
"original": {
@ -514,11 +514,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1709780214,
"narHash": "sha256-p4iDKdveHMhfGAlpxmkCtfQO3WRzmlD11aIcThwPqhk=",
"lastModified": 1710534455,
"narHash": "sha256-huQT4Xs0y4EeFKn2BTBVYgEwJSv8SDlm82uWgMnCMmI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "f945939fd679284d736112d3d5410eb867f3b31c",
"rev": "9af9c1c87ed3e3ed271934cb896e0cdd33dae212",
"type": "github"
},
"original": {

97
homelab/changedetection.nix Normal file
View file

@ -0,0 +1,97 @@
let
appName = "changedetection";
changedetection-Image = "dgtlmoon/changedetection.io:latest";
browserless-Image = "browserless/chrome:latest";
in
{...}: {
kubernetes.resources.services.changedetection = {
spec = {
selector.app = appName;
ports.http = {
port = 5000;
targetPort = 5000;
};
};
};
kubernetes.resources.statefulSets.changedetection.spec = {
selector.matchLabels.app = appName;
serviceName = appName;
template = {
metadata.labels.app = appName;
spec = {
volumes = {
config.configMap.name = appName;
};
containers = {
changedetection = {
image = changedetection-Image;
imagePullPolicy = "Always";
ports.http.containerPort = 5000;
env = [
{
name = "PLAYWRIGHT_DRIVER_URL";
value = "ws://localhost:3000";
}
];
volumeMounts = [
{
name = "data";
mountPath = "/datastore";
}
];
};
browserless = {
image = browserless-Image;
imagePullPolicy = "Always";
ports.webdriver.containerPort = 3000;
resources = {
requests.memory = "768Mi";
limits.memory = "2Gi";
};
};
};
};
};
volumeClaimTemplates = [
{
metadata.name = "data";
spec = {
storageClassName = "nfs-client";
accessModes = ["ReadWriteOnce"];
resources.requests.storage = "1Gi";
};
}
];
};
kubernetes.resources.ingresses.changedetection = {
metadata = {
name = appName;
annotations = {
"cert-manager.io/issuer" = "le-issuer";
};
};
spec = {
tls = [
{
hosts = ["changedetect.gmem.ca"];
secretName = "gmem-ca-wildcard";
}
];
rules = [
{
host = "changedetect.gmem.ca";
http.paths = [
{
path = "/";
pathType = "Prefix";
backend.service = {
name = appName;
port.name = "http";
};
}
];
}
];
};
};
}

34
homelab/cloudflared.yml
View file

@ -7,7 +7,7 @@ spec:
selector:
matchLabels:
app: cloudflared
replicas: 1
replicas: 3
template:
metadata:
labels:
@ -15,12 +15,15 @@ spec:
spec:
containers:
- name: cloudflared
image: cloudflare/cloudflared:2023.10.0-arm64
image: cloudflare/cloudflared:2024.2.1
args:
- tunnel
- --config
- /etc/cloudflared/config/config.yaml
- run
ports:
- containerPort: 2000
name: metrics
livenessProbe:
httpGet:
# Cloudflared has a /ready endpoint which returns 200 if and only if
@ -47,4 +50,29 @@ spec:
items:
- key: config.yaml
path: config.yaml
---
apiVersion: v1
kind: Service
metadata:
name: cloudflared-metrics
spec:
selector:
app: cloudflared
ports:
- name: metrics
port: 2000
targetPort: 2000
---
apiVersion: monitoring.coreos.com/v1
kind: PodMonitor
metadata:
name: cloudflared
labels:
release: prometheus
spec:
selector:
matchLabels:
app: cloudflared
podMetricsEndpoints:
- port: metrics
interval: 30s

2
homelab/immich.nix
View file

@ -13,7 +13,7 @@
};
# arbitrary attrset passed as values to the helm release
values = {
image.tag = "v1.95.1";
image.tag = "v1.98.2";
machine-learning.enabled = false;
immich.persistence.library.existingClaim = "immich";
redis.enabled = true;

1
homelab/kubernetes.nix
View file

@ -22,5 +22,6 @@
(import ./irc.nix)
(import ./netboot.nix)
(import ./nitter.nix)
(import ./changedetection.nix)
];
}

47
homelab/prometheus-agent.yml
View file

@ -3,52 +3,7 @@ prometheus:
prometheusSpec:
podMonitorSelectorNilUsesHelmValues: false
serviceMonitorSelectorNilUsesHelmValues: false
additionalScrapeConfigs:
- job_name: kubernetes-service-endpoints
kubernetes_sd_configs:
- role: service
relabel_configs:
# annotation 'prometheus.io/scrape' must be set to 'true'
- action: keep
regex: true
source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape]
# service cannot be in kube-system or prom namespaces
- action: drop
regex: (kube-system|prom)
source_labels: [__meta_kubernetes_namespace]
# service port name must end with word 'metrics'
- action: keep
regex: .*metrics
source_labels: [__meta_kubernetes_service_port_name]
# allow override of http scheme
- action: replace
regex: (https?)
source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scheme]
target_label: __scheme__
# allow override of default /metrics path
- action: replace
regex: (.+)
source_labels: [__meta_kubernetes_service_annotation_prometheus_io_path]
target_label: __metrics_path__
# allow override of default port
- action: replace
regex: ([^:]+)(?::\d+)?;(\d+)
replacement: $1:$2
source_labels: [__address__, __meta_kubernetes_service_annotation_prometheus_io_port]
target_label: __address__
- {action: labelmap, regex: __meta_kubernetes_service_label_(.+)}
- action: replace
source_labels: [__meta_kubernetes_namespace]
target_label: kubernetes_namespace
- action: replace
source_labels: [__meta_kubernetes_service_name]
target_label: kubernetes_name
ruleSelectorNilUsesHelmValues: false
remoteWrite:
- name: monitoring
url: http://grafana.gmem.ca:9001/api/v1/write

11
homelab/tclip.nix
View file

@ -15,11 +15,7 @@ in {
};
};
kubernetes.resources.services.tclip = {
metadata.annotations = {
"prometheus.io/port" = "9090";
"prometheus.io/scrape" = "true";
"prometheus.io/path" = "/metrics";
};
metadata.labels.app = appName;
spec = {
selector.app = appName;
ports.metrics = {
@ -90,7 +86,10 @@ in {
}
];
envFrom = [{secretRef.name = "tclip-litestream-s3";}];
ports.metrics.containerPort = 9090;
ports.metrics = {
containerPort = 9090;
name = "metrics";
};
};
};
};

9
homelab/vaultwarden.yml
View file

@ -33,7 +33,6 @@ spec:
envFrom:
- secretRef:
name: vaultwarden-litestream-s3
containers:
- name: vaultwarden
image: docker.io/vaultwarden/server:testing
@ -91,10 +90,8 @@ apiVersion: v1
kind: Service
metadata:
name: vaultwarden
annotations:
prometheus.io/port: "9090"
prometheus.io/scrape: "true"
prometheus.io/path: "/metrics"
labels:
app: vaultwarden
spec:
selector:
app: vaultwarden
@ -104,7 +101,7 @@ spec:
name: web
- port: 9090
targetPort: 9090
name: litestream-metrics
name: metrics
---
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor

6
homelab/vrchat-prometheus-exporter.nix
View file

@ -14,11 +14,7 @@ in {
};
};
kubernetes.resources.services.vrchat-prometheus-adapter = {
metadata.annotations = {
"prometheus.io/port" = "6534";
"prometheus.io/scrape" = "true";
"prometheus.io/path" = "/metrics";
};
metadata.labels.app = appName;
spec = {
selector.app = appName;
ports.metrics = {

11
nix/london/configuration.nix
View file

@ -140,12 +140,11 @@
xkb.layout = "us";
xkb.variant = "";
enable = true;
desktopManager = {
# plasma5.enable = true;
plasma6.enable = true;
};
displayManager.sddm.enable = true;
};
desktopManager = {
plasma6.enable = true;
};
pipewire = {
enable = true;
alsa.enable = true;
@ -193,7 +192,7 @@
xdg.portal.enable = true;
programs = {
sway.enable = true;
tmux.enable = true;
gamemode.enable = true;
zsh.enable = true;
fish.enable = true;
@ -207,7 +206,6 @@
};
gnupg.agent = {
enable = true;
pinentryFlavor = "qt";
enableSSHSupport = false;
};
};
@ -254,7 +252,6 @@
pinentry-curses
noisetorch
nix-output-monitor
pinentry-gnome
xdg-utils
dracula-theme
yubikey-touch-detector

12
nix/london/gsimmer.nix
View file

@ -22,7 +22,7 @@
in [
(import (builtins.fetchTarball {
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
sha256 = "0i972nkqhjfpy8g7dmryw2fvkfda43624zfhsh35k795zbx38jc7";
sha256 = "0w843vgi0d7p2hmhlgq046r2gg7aid3xphnzibv17fp38wa1y6dm";
}))
discordOverlay
];
@ -45,6 +45,12 @@
};
programs = {
alacritty = {
enable = true;
settings = {
import = [ "${pkgs.alacritty-theme}/breeze.toml" ];
};
};
bash.enable = false;
fish = {
enable = true;
@ -77,6 +83,7 @@
gpgSign = true;
};
};
difftastic.enable = true;
};
emacs = {
@ -89,8 +96,8 @@
eza = {
enable = true;
enableFishIntegration = true;
};
bat = {
enable = true;
};
@ -115,7 +122,6 @@
thunderbird
prismlauncher
ripgrep
kitty
virt-manager
jre8
parsec-bin

5
nix/nas/home.nix
View file

@ -23,7 +23,6 @@
function fish_greeting; end
function fish_title; end
end
atuin init fish | source
'';
loginShellInit = ''
if test "$TERM" = "dumb"
@ -45,15 +44,13 @@
programs.eza = {
enable = true;
enableAliases = true;
enableFishIntegration = true;
};
programs.bat = {
enable = true;
};
home.packages = with pkgs; [atuin];
# This value determines the Home Manager release that your
# configuration is compatible with. This helps avoid breakage
# when a new Home Manager release introduces backwards