Compare commits
No commits in common. "dd3a96e222d0c248b9596bf7a45ef0ae83525a04" and "ed21f70a53c4dc16a13c517ed99def7dce898750" have entirely different histories.
dd3a96e222
...
ed21f70a53
81
flake.lock
81
flake.lock
|
@ -7,11 +7,11 @@
|
||||||
"nixpkgs": "nixpkgs"
|
"nixpkgs": "nixpkgs"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1694793763,
|
"lastModified": 1690228878,
|
||||||
"narHash": "sha256-y6gTE1C9mIoSkymRYyzCmv62PFgy+hbZ5j8fuiQK5KI=",
|
"narHash": "sha256-9Xe7JV0krp4RJC9W9W9WutZVlw6BlHTFMiUP/k48LQY=",
|
||||||
"owner": "ryantm",
|
"owner": "ryantm",
|
||||||
"repo": "agenix",
|
"repo": "agenix",
|
||||||
"rev": "572baca9b0c592f71982fca0790db4ce311e3c75",
|
"rev": "d8c973fd228949736dedf61b7f8cc1ece3236792",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -20,25 +20,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"alertmanager-ntfy": {
|
|
||||||
"inputs": {
|
|
||||||
"flake-utils": "flake-utils",
|
|
||||||
"nixpkgs": "nixpkgs_2"
|
|
||||||
},
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1672175240,
|
|
||||||
"narHash": "sha256-znVCx+4j9961QJJGI5RHIFrv2SGFd799Hao+LRThm+I=",
|
|
||||||
"owner": "alexbakker",
|
|
||||||
"repo": "alertmanager-ntfy",
|
|
||||||
"rev": "1e8a0901410207fa4357799f4e9f6d8f26e15626",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "alexbakker",
|
|
||||||
"repo": "alertmanager-ntfy",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"bats-assert": {
|
"bats-assert": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
|
@ -94,21 +75,6 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-utils": {
|
"flake-utils": {
|
||||||
"locked": {
|
|
||||||
"lastModified": 1667395993,
|
|
||||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-utils_2": {
|
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1634851050,
|
"lastModified": 1634851050,
|
||||||
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
|
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
|
||||||
|
@ -151,11 +117,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1694643239,
|
"lastModified": 1694375657,
|
||||||
"narHash": "sha256-pv2k/5FvyirDE8g4TNehzwZ0T4UOMMmqWSQnM/luRtE=",
|
"narHash": "sha256-32X8dcty4vPXx+D4yJPQZBo5hJ1NQikALhevGv6elO4=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "d9b88b43524db1591fb3d9410a21428198d75d49",
|
"rev": "f7848d3e5f15ed02e3f286029697e41ee31662d7",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -166,7 +132,7 @@
|
||||||
},
|
},
|
||||||
"nixinate": {
|
"nixinate": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": "nixpkgs_3"
|
"nixpkgs": "nixpkgs_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1688141737,
|
"lastModified": 1688141737,
|
||||||
|
@ -235,22 +201,6 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
|
||||||
"lastModified": 1670242877,
|
|
||||||
"narHash": "sha256-jBLh7dRHnbfvPPA9znOC6oQfKrCPJ0El8Zoe0BqnCjQ=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "6e51c97f1c849efdfd4f3b78a4870e6aa2da4198",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"ref": "nixos-unstable",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs_3": {
|
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1653060744,
|
"lastModified": 1653060744,
|
||||||
"narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=",
|
"narHash": "sha256-kfRusllRumpt33J1hPV+CeCCylCXEU7e0gn2/cIM7cY=",
|
||||||
|
@ -266,13 +216,13 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_4": {
|
"nixpkgs_3": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1694948089,
|
"lastModified": 1694343207,
|
||||||
"narHash": "sha256-d2B282GmQ9o8klc22/Rbbbj6r99EnELQpOQjWMyv0rU=",
|
"narHash": "sha256-jWi7OwFxU5Owi4k2JmiL1sa/OuBCQtpaAesuj5LXC8w=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "5148520bfab61f99fd25fb9ff7bfbb50dad3c9db",
|
"rev": "78058d810644f5ed276804ce7ea9e82d92bee293",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -282,7 +232,7 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_5": {
|
"nixpkgs_4": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1636823747,
|
"lastModified": 1636823747,
|
||||||
"narHash": "sha256-oWo1nElRAOZqEf90Yek2ixdHyjD+gqtS/pAgwaQ9UhQ=",
|
"narHash": "sha256-oWo1nElRAOZqEf90Yek2ixdHyjD+gqtS/pAgwaQ9UhQ=",
|
||||||
|
@ -300,11 +250,10 @@
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"agenix": "agenix",
|
"agenix": "agenix",
|
||||||
"alertmanager-ntfy": "alertmanager-ntfy",
|
|
||||||
"home-manager": "home-manager_2",
|
"home-manager": "home-manager_2",
|
||||||
"nixinate": "nixinate",
|
"nixinate": "nixinate",
|
||||||
"nixos-generators": "nixos-generators",
|
"nixos-generators": "nixos-generators",
|
||||||
"nixpkgs": "nixpkgs_4",
|
"nixpkgs": "nixpkgs_3",
|
||||||
"terranix": "terranix"
|
"terranix": "terranix"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
@ -312,8 +261,8 @@
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"bats-assert": "bats-assert",
|
"bats-assert": "bats-assert",
|
||||||
"bats-support": "bats-support",
|
"bats-support": "bats-support",
|
||||||
"flake-utils": "flake-utils_2",
|
"flake-utils": "flake-utils",
|
||||||
"nixpkgs": "nixpkgs_5",
|
"nixpkgs": "nixpkgs_4",
|
||||||
"terranix-examples": "terranix-examples"
|
"terranix-examples": "terranix-examples"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
|
|
|
@ -13,10 +13,9 @@
|
||||||
url = "github:nix-community/nixos-generators";
|
url = "github:nix-community/nixos-generators";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
alertmanager-ntfy.url = "github:alexbakker/alertmanager-ntfy";
|
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix, alertmanager-ntfy }:
|
outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix }:
|
||||||
let
|
let
|
||||||
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||||||
tf = terranix.lib.terranixConfiguration {
|
tf = terranix.lib.terranixConfiguration {
|
||||||
|
@ -108,7 +107,6 @@
|
||||||
modules = [
|
modules = [
|
||||||
(import ./nix/monitoring/configuration.nix)
|
(import ./nix/monitoring/configuration.nix)
|
||||||
agenix.nixosModules.default
|
agenix.nixosModules.default
|
||||||
alertmanager-ntfy.nixosModules.x86_64-linux.default
|
|
||||||
{
|
{
|
||||||
_module.args.nixinate = {
|
_module.args.nixinate = {
|
||||||
host = "monitoring";
|
host = "monitoring";
|
||||||
|
|
|
@ -52,31 +52,7 @@ kind: ConfigMap
|
||||||
metadata:
|
metadata:
|
||||||
name: atuin
|
name: atuin
|
||||||
data:
|
data:
|
||||||
ATUIN_OPEN_REGISTRATION: "false"
|
ATUIN_OPEN_REGISTRATION: "true"
|
||||||
ATUIN_DB_URI: "sqlite:///config/database.sqlite"
|
ATUIN_DB_URI: "sqlite:///config/database.sqlite"
|
||||||
ATUIN_HOST: "0.0.0.0"
|
ATUIN_HOST: "0.0.0.0"
|
||||||
ATUIN_PORT: "8888"
|
ATUIN_PORT: "8888"
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: atuin
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/issuer: "le-issuer"
|
|
||||||
namespace: default
|
|
||||||
spec:
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- atuin.gmem.ca
|
|
||||||
secretName: gmem-ca-wildcard
|
|
||||||
rules:
|
|
||||||
- host: atuin.gmem.ca
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: atuin
|
|
||||||
port:
|
|
||||||
number: 8888
|
|
||||||
|
|
|
@ -42,27 +42,3 @@ spec:
|
||||||
ports:
|
ports:
|
||||||
- port: 3000
|
- port: 3000
|
||||||
targetPort: 3000
|
targetPort: 3000
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: dref
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/issuer: "le-issuer"
|
|
||||||
namespace: default
|
|
||||||
spec:
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- dref.gmem.ca
|
|
||||||
secretName: gmem-ca-wildcard
|
|
||||||
rules:
|
|
||||||
- host: dref.gmem.ca
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: dref
|
|
||||||
port:
|
|
||||||
number: 3000
|
|
||||||
|
|
|
@ -21,27 +21,3 @@ subsets:
|
||||||
- name: ombi
|
- name: ombi
|
||||||
port: 3579
|
port: 3579
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: request-media
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/issuer: "le-issuer"
|
|
||||||
namespace: default
|
|
||||||
spec:
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- request-media.gmem.ca
|
|
||||||
secretName: gmem-ca-wildcard
|
|
||||||
rules:
|
|
||||||
- host: request-media.gmem.ca
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: ombi
|
|
||||||
port:
|
|
||||||
number: 3579
|
|
||||||
|
|
|
@ -116,31 +116,3 @@ spec:
|
||||||
endpoints:
|
endpoints:
|
||||||
- port: metrics
|
- port: metrics
|
||||||
interval: 30s
|
interval: 30s
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: food
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/issuer: "le-issuer"
|
|
||||||
nginx.ingress.kubernetes.io/proxy-body-size: 100m
|
|
||||||
nginx.ingress.kubernetes.io/ssl-redirect: "false"
|
|
||||||
nginx.ingress.kubernetes.io/configuration-snippet: |
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
namespace: default
|
|
||||||
spec:
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- food.gmem.ca
|
|
||||||
secretName: gmem-ca-wildcard
|
|
||||||
rules:
|
|
||||||
- host: food.gmem.ca
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- backend:
|
|
||||||
service:
|
|
||||||
name: grocy
|
|
||||||
port:
|
|
||||||
number: 80
|
|
||||||
path: /
|
|
||||||
pathType: Prefix
|
|
||||||
|
|
|
@ -72,27 +72,3 @@ spec:
|
||||||
ports:
|
ports:
|
||||||
- port: 80
|
- port: 80
|
||||||
targetPort: 80
|
targetPort: 80
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: freshrss
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/issuer: "le-issuer"
|
|
||||||
namespace: default
|
|
||||||
spec:
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- freshrss.gmem.ca
|
|
||||||
secretName: gmem-ca-wildcard
|
|
||||||
rules:
|
|
||||||
- host: freshrss.gmem.ca
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: freshrss
|
|
||||||
port:
|
|
||||||
number: 80
|
|
||||||
|
|
|
@ -47,28 +47,3 @@ spec:
|
||||||
- port: 80
|
- port: 80
|
||||||
targetPort: 80
|
targetPort: 80
|
||||||
name: web
|
name: web
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: home
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/issuer: "le-issuer"
|
|
||||||
namespace: default
|
|
||||||
|
|
||||||
spec:
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- home.gmem.ca
|
|
||||||
secretName: gmem-ca-wildcard
|
|
||||||
rules:
|
|
||||||
- host: home.gmem.ca
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: dashy
|
|
||||||
port:
|
|
||||||
number: 80
|
|
||||||
|
|
|
@ -66,27 +66,3 @@ spec:
|
||||||
- port: 5353
|
- port: 5353
|
||||||
targetPort: 5353
|
targetPort: 5353
|
||||||
name: bonjour
|
name: bonjour
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: homebridge
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/issuer: "le-issuer"
|
|
||||||
namespace: default
|
|
||||||
spec:
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- hb.gmem.ca
|
|
||||||
secretName: gmem-ca-wildcard
|
|
||||||
rules:
|
|
||||||
- host: hb.gmem.ca
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: homebridge
|
|
||||||
port:
|
|
||||||
number: 8581
|
|
||||||
|
|
|
@ -48,27 +48,3 @@ spec:
|
||||||
ports:
|
ports:
|
||||||
- port: 80
|
- port: 80
|
||||||
targetPort: 80
|
targetPort: 80
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: hue
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/issuer: "le-issuer"
|
|
||||||
namespace: default
|
|
||||||
spec:
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- hue.gmem.ca
|
|
||||||
secretName: gmem-ca-wildcard
|
|
||||||
rules:
|
|
||||||
- host: hue.gmem.ca
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: hue
|
|
||||||
port:
|
|
||||||
number: 80
|
|
||||||
|
|
|
@ -0,0 +1,153 @@
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: primary-ingress
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/issuer: "le-issuer"
|
||||||
|
nginx.ingress.kubernetes.io/proxy-body-size: 100m
|
||||||
|
namespace: default
|
||||||
|
|
||||||
|
spec:
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- home.gmem.ca
|
||||||
|
- atuin.gmem.ca
|
||||||
|
- pw.gmem.ca
|
||||||
|
- icr.gmem.ca
|
||||||
|
- hue.gmem.ca
|
||||||
|
- request-media.gmem.ca
|
||||||
|
- ntfy.gmem.ca
|
||||||
|
- dref.gmem.ca
|
||||||
|
- freshrss.gmem.ca
|
||||||
|
- hb.gmem.ca
|
||||||
|
secretName: primary-tls
|
||||||
|
rules:
|
||||||
|
- host: pw.gmem.ca
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: vaultwarden
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
- host: icr.gmem.ca
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: registry
|
||||||
|
port:
|
||||||
|
number: 5000
|
||||||
|
- host: hue.gmem.ca
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: hue
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
- host: request-media.gmem.ca
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: ombi
|
||||||
|
port:
|
||||||
|
number: 3579
|
||||||
|
- host: ntfy.gmem.ca
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: ntfy
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
- host: dref.gmem.ca
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: dref
|
||||||
|
port:
|
||||||
|
number: 3000
|
||||||
|
- host: freshrss.gmem.ca
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: freshrss
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
- host: hb.gmem.ca
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: homebridge
|
||||||
|
port:
|
||||||
|
number: 8581
|
||||||
|
- host: atuin.gmem.ca
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: atuin
|
||||||
|
port:
|
||||||
|
number: 8888
|
||||||
|
- host: home.gmem.ca
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- path: /
|
||||||
|
pathType: Prefix
|
||||||
|
backend:
|
||||||
|
service:
|
||||||
|
name: dashy
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
---
|
||||||
|
apiVersion: networking.k8s.io/v1
|
||||||
|
kind: Ingress
|
||||||
|
metadata:
|
||||||
|
name: funneled-ingress
|
||||||
|
annotations:
|
||||||
|
cert-manager.io/issuer: "le-issuer"
|
||||||
|
nginx.ingress.kubernetes.io/proxy-body-size: 100m
|
||||||
|
nginx.ingress.kubernetes.io/ssl-redirect: "false"
|
||||||
|
nginx.ingress.kubernetes.io/configuration-snippet: |
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
|
namespace: default
|
||||||
|
|
||||||
|
spec:
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- food.gmem.ca
|
||||||
|
secretName: funnel-tls
|
||||||
|
rules:
|
||||||
|
- host: food.gmem.ca
|
||||||
|
http:
|
||||||
|
paths:
|
||||||
|
- backend:
|
||||||
|
service:
|
||||||
|
name: grocy
|
||||||
|
port:
|
||||||
|
number: 80
|
||||||
|
path: /
|
||||||
|
pathType: Prefix
|
|
@ -7,7 +7,7 @@ spec:
|
||||||
# The ACME server URL
|
# The ACME server URL
|
||||||
server: https://acme-v02.api.letsencrypt.org/directory
|
server: https://acme-v02.api.letsencrypt.org/directory
|
||||||
# Email address used for ACME registration
|
# Email address used for ACME registration
|
||||||
email: acme@gmem.ca
|
email: mc-invites@gmem.ca
|
||||||
# Name of a secret used to store the ACME account private key
|
# Name of a secret used to store the ACME account private key
|
||||||
privateKeySecretRef:
|
privateKeySecretRef:
|
||||||
name: letsencrypt-pro
|
name: letsencrypt-pro
|
||||||
|
@ -17,20 +17,9 @@ spec:
|
||||||
dnsZones:
|
dnsZones:
|
||||||
- "gmem.ca"
|
- "gmem.ca"
|
||||||
dns01:
|
dns01:
|
||||||
cloudflare:
|
route53:
|
||||||
apiTokenSecretRef:
|
region: us-east-1
|
||||||
name: cloudflare-cert-api
|
accessKeyID: AKIA5VMESTY2UY5MRR42
|
||||||
key: api-token
|
secretAccessKeySecretRef:
|
||||||
---
|
name: route53
|
||||||
apiVersion: cert-manager.io/v1
|
key: secret-access-key
|
||||||
kind: Certificate
|
|
||||||
metadata:
|
|
||||||
name: gmem-ca-wildcard
|
|
||||||
spec:
|
|
||||||
secretName: gmem-ca-wildcard
|
|
||||||
issuerRef:
|
|
||||||
kind: Issuer
|
|
||||||
name: le-issuer
|
|
||||||
commonName: "*.gmem.ca"
|
|
||||||
dnsNames:
|
|
||||||
- "*.gmem.ca"
|
|
|
@ -52,27 +52,4 @@ data:
|
||||||
base-url: https://ntfy.gmem.ca
|
base-url: https://ntfy.gmem.ca
|
||||||
behind-proxy: true
|
behind-proxy: true
|
||||||
upstream-base-url: "https://ntfy.sh"
|
upstream-base-url: "https://ntfy.sh"
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: ntfy
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/issuer: "le-issuer"
|
|
||||||
namespace: default
|
|
||||||
spec:
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- ntfy.gmem.ca
|
|
||||||
secretName: gmem-ca-wildcard
|
|
||||||
rules:
|
|
||||||
- host: ntfy.gmem.ca
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: ntfy
|
|
||||||
port:
|
|
||||||
number: 80
|
|
||||||
|
|
|
@ -52,12 +52,5 @@ prometheus:
|
||||||
remoteWrite:
|
remoteWrite:
|
||||||
- name: monitoring
|
- name: monitoring
|
||||||
url: http://grafana.gmem.ca:9001/api/v1/write
|
url: http://grafana.gmem.ca:9001/api/v1/write
|
||||||
basicAuth:
|
|
||||||
username:
|
|
||||||
name: prometheus-remote-basic-auth
|
|
||||||
key: username
|
|
||||||
password:
|
|
||||||
name: prometheus-remote-basic-auth
|
|
||||||
key: password
|
|
||||||
grafana:
|
grafana:
|
||||||
enabled: false
|
enabled: false
|
||||||
|
|
|
@ -46,28 +46,3 @@ spec:
|
||||||
accessModes:
|
accessModes:
|
||||||
- ReadWriteOnce
|
- ReadWriteOnce
|
||||||
storageClassName: nfs-client
|
storageClassName: nfs-client
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: container-registry
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/issuer: "le-issuer"
|
|
||||||
nginx.ingress.kubernetes.io/proxy-body-size: 100m
|
|
||||||
namespace: default
|
|
||||||
spec:
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- icr.gmem.ca
|
|
||||||
secretName: gmem-ca-wildcard
|
|
||||||
rules:
|
|
||||||
- host: icr.gmem.ca
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: registry
|
|
||||||
port:
|
|
||||||
number: 5000
|
|
||||||
|
|
|
@ -22,7 +22,7 @@ spec:
|
||||||
name: vaultwarden
|
name: vaultwarden
|
||||||
initContainers:
|
initContainers:
|
||||||
- name: init-litestream
|
- name: init-litestream
|
||||||
image: litestream/litestream:0.3.11
|
image: litestream/litestream:sha-749bc0d
|
||||||
args: ['restore', '-if-db-not-exists', '-if-replica-exists', '-v', '/data/db.sqlite3']
|
args: ['restore', '-if-db-not-exists', '-if-replica-exists', '-v', '/data/db.sqlite3']
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: data
|
- name: data
|
||||||
|
@ -54,7 +54,7 @@ spec:
|
||||||
mountPath: /data/config.json
|
mountPath: /data/config.json
|
||||||
subPath: vaultwarden.json
|
subPath: vaultwarden.json
|
||||||
- name: litestream
|
- name: litestream
|
||||||
image: litestream/litestream:0.3.11
|
image: litestream/litestream:sha-749bc0d
|
||||||
args: ['replicate']
|
args: ['replicate']
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: data
|
- name: data
|
||||||
|
@ -116,27 +116,3 @@ spec:
|
||||||
endpoints:
|
endpoints:
|
||||||
- port: metrics
|
- port: metrics
|
||||||
interval: 30s
|
interval: 30s
|
||||||
---
|
|
||||||
apiVersion: networking.k8s.io/v1
|
|
||||||
kind: Ingress
|
|
||||||
metadata:
|
|
||||||
name: vaultwarden
|
|
||||||
annotations:
|
|
||||||
cert-manager.io/issuer: "le-issuer"
|
|
||||||
namespace: default
|
|
||||||
spec:
|
|
||||||
tls:
|
|
||||||
- hosts:
|
|
||||||
- pw.gmem.ca
|
|
||||||
secretName: gmem-ca-wildcard
|
|
||||||
rules:
|
|
||||||
- host: pw.gmem.ca
|
|
||||||
http:
|
|
||||||
paths:
|
|
||||||
- path: /
|
|
||||||
pathType: Prefix
|
|
||||||
backend:
|
|
||||||
service:
|
|
||||||
name: vaultwarden
|
|
||||||
port:
|
|
||||||
number: 80
|
|
||||||
|
|
|
@ -1,5 +1,24 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
let
|
||||||
|
|
||||||
|
syncthingLatest =
|
||||||
|
let
|
||||||
|
version = "1.24.0";
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
owner = "syncthing";
|
||||||
|
repo = "syncthing";
|
||||||
|
rev = "v1.24.0";
|
||||||
|
hash = "sha256-5vr9qWMHBYpu8wHpV1JZcX1kEPi+mYeZ7ZQBqXASp9I=";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
(pkgs.syncthing.override rec {
|
||||||
|
buildGoModule = args: pkgs.buildGoModule.override {} (args // {
|
||||||
|
inherit src version;
|
||||||
|
vendorHash = "sha256-BZwZ6npmWFU0lvynjRZOBOhtxqic0djoSUdCOLbUwjE=";
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
in
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[
|
[
|
||||||
|
@ -59,7 +78,7 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
|
allowedUDPPortRanges = [ { from = 27031; to = 27036; } ];
|
||||||
allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
|
allowedTCPPortRanges = [ { from = 27036; to = 27037; } ];
|
||||||
allowedTCPPorts = [ 7000 7100 22000 8000 ];
|
allowedTCPPorts = [ 7000 7100 22000 ];
|
||||||
allowedUDPPorts = [ 6000 6001 7011 41641 3478 22000 21027 ];
|
allowedUDPPorts = [ 6000 6001 7011 41641 3478 22000 21027 ];
|
||||||
trustedInterfaces = [ "tailscale0" ];
|
trustedInterfaces = [ "tailscale0" ];
|
||||||
checkReversePath = "loose";
|
checkReversePath = "loose";
|
||||||
|
@ -78,6 +97,7 @@
|
||||||
user = "gsimmer";
|
user = "gsimmer";
|
||||||
dataDir = "/home/gsimmer";
|
dataDir = "/home/gsimmer";
|
||||||
guiAddress = "100.95.77.62:8384";
|
guiAddress = "100.95.77.62:8384";
|
||||||
|
package = syncthingLatest;
|
||||||
};
|
};
|
||||||
usbmuxd.enable = true;
|
usbmuxd.enable = true;
|
||||||
prometheus.exporters.node = {
|
prometheus.exporters.node = {
|
||||||
|
@ -135,8 +155,6 @@
|
||||||
nvidia = {
|
nvidia = {
|
||||||
modesetting.enable = true;
|
modesetting.enable = true;
|
||||||
nvidiaSettings = true;
|
nvidiaSettings = true;
|
||||||
open = true;
|
|
||||||
package = config.boot.kernelPackages.nvidiaPackages.vulkan_beta;
|
|
||||||
};
|
};
|
||||||
sane.enable = true;
|
sane.enable = true;
|
||||||
sane.extraBackends = [ pkgs.epkowa ];
|
sane.extraBackends = [ pkgs.epkowa ];
|
||||||
|
@ -154,7 +172,6 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
programs = {
|
programs = {
|
||||||
river.enable = true;
|
|
||||||
gamemode.enable = true;
|
gamemode.enable = true;
|
||||||
zsh.enable = true;
|
zsh.enable = true;
|
||||||
fish.enable = true;
|
fish.enable = true;
|
||||||
|
@ -216,8 +233,6 @@
|
||||||
yubikey-touch-detector
|
yubikey-touch-detector
|
||||||
docker-compose
|
docker-compose
|
||||||
home-manager
|
home-manager
|
||||||
libimobiledevice
|
|
||||||
ifuse
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
[
|
[
|
||||||
(import (builtins.fetchTarball {
|
(import (builtins.fetchTarball {
|
||||||
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
|
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
|
||||||
sha256 = "17y4i3p35qbw4xq7fybs60d2ym3brqzpv9mgsb55ma1rfc08m1jc";
|
sha256 = "0h5jabl78dpgknf5p3q5wmwx1856ywjh3nxlbsrqk8fr1g3aix8n";
|
||||||
})) discordOverlay];
|
})) discordOverlay];
|
||||||
};
|
};
|
||||||
home = {
|
home = {
|
||||||
|
@ -565,7 +565,6 @@ $env.config = {
|
||||||
discord
|
discord
|
||||||
mangohud
|
mangohud
|
||||||
comma
|
comma
|
||||||
gamescope
|
|
||||||
];
|
];
|
||||||
|
|
||||||
# This value determines the Home Manager release that your
|
# This value determines the Home Manager release that your
|
||||||
|
|
|
@ -9,17 +9,6 @@
|
||||||
owner = "healthchecks";
|
owner = "healthchecks";
|
||||||
};
|
};
|
||||||
|
|
||||||
age.secrets.prometheus-webconfig-secret = {
|
|
||||||
file = ../../secrets/monitoring-prometheus-webconfig.age;
|
|
||||||
owner = "prometheus";
|
|
||||||
mode = "775";
|
|
||||||
};
|
|
||||||
|
|
||||||
age.secrets.prometheus-password-secret = {
|
|
||||||
file = ../../secrets/monitoring-prometheus-password.age;
|
|
||||||
owner = "prometheus";
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.tmp.cleanOnBoot = true;
|
boot.tmp.cleanOnBoot = true;
|
||||||
zramSwap.enable = true;
|
zramSwap.enable = true;
|
||||||
networking.hostName = "monitoring";
|
networking.hostName = "monitoring";
|
||||||
|
@ -38,89 +27,11 @@
|
||||||
http_addr = "127.0.0.1";
|
http_addr = "127.0.0.1";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services.alertmanager-ntfy = {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
http = {
|
|
||||||
addr = "127.0.0.1:8111";
|
|
||||||
};
|
|
||||||
ntfy = {
|
|
||||||
baseurl = "https://ntfy.gmem.ca";
|
|
||||||
notification = {
|
|
||||||
topic = "alerts";
|
|
||||||
priority = ''
|
|
||||||
status == "firing" ? "high" : "default"
|
|
||||||
'';
|
|
||||||
templates = {
|
|
||||||
title = ''{{ if eq .Status "resolved" }}Resolved: {{ end }}{{ index .Annotations "summary" }}'';
|
|
||||||
description = ''{{ index .Annotations "description" }}'';
|
|
||||||
click = ''http://grafana.gmem.ca/d/{{ index .Annotations "dashboard" }}'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
services.prometheus = {
|
services.prometheus = {
|
||||||
enable = true;
|
enable = true;
|
||||||
webConfigFile = config.age.secrets.prometheus-webconfig-secret.path;
|
|
||||||
globalConfig = {
|
globalConfig = {
|
||||||
scrape_interval = "15s";
|
scrape_interval = "15s";
|
||||||
};
|
};
|
||||||
alertmanagers = [ {
|
|
||||||
basic_auth = {
|
|
||||||
username = "homelab";
|
|
||||||
password_file = config.age.secrets.prometheus-password-secret.path;
|
|
||||||
};
|
|
||||||
static_configs = [ {
|
|
||||||
targets = [
|
|
||||||
"localhost:9093"
|
|
||||||
];
|
|
||||||
} ];
|
|
||||||
} ];
|
|
||||||
rules = [(builtins.toJSON {
|
|
||||||
groups = [{
|
|
||||||
name = "healthchecks";
|
|
||||||
rules = [
|
|
||||||
{
|
|
||||||
alert = "HealthcheckFailedCheckin";
|
|
||||||
expr = ''hc_check_up < 1'';
|
|
||||||
for = "5m";
|
|
||||||
labels.severity = "page";
|
|
||||||
annotations = {
|
|
||||||
summary = "{{ $labels.name }} healthcheck failed";
|
|
||||||
description = "The {{ $labels.name }} healthcheck failed to check in.";
|
|
||||||
dashboard = "f594ea85-45f2-4019-b988-2d17638b5cf3";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
}];
|
|
||||||
})];
|
|
||||||
alertmanager = {
|
|
||||||
enable = true;
|
|
||||||
extraFlags = [ "--web.config.file=${config.age.secrets.prometheus-webconfig-secret.path}" ];
|
|
||||||
webExternalUrl = "https://alerts.gmem.ca";
|
|
||||||
configText = ''
|
|
||||||
global: {}
|
|
||||||
|
|
||||||
# The directory from which notification templates are read.
|
|
||||||
templates:
|
|
||||||
- '/etc/alertmanager/template/*.tmpl'
|
|
||||||
|
|
||||||
# The root route on which each incoming alert enters.
|
|
||||||
route:
|
|
||||||
group_by: ['alertname', 'cluster', 'service']
|
|
||||||
group_wait: 0s
|
|
||||||
group_interval: 5m
|
|
||||||
repeat_interval: 3h
|
|
||||||
# A default receiver
|
|
||||||
receiver: ntfy
|
|
||||||
|
|
||||||
receivers:
|
|
||||||
- name: ntfy
|
|
||||||
webhook_configs:
|
|
||||||
- url: http://localhost:8111/hook
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
port = 9001;
|
port = 9001;
|
||||||
extraFlags = [ "--web.enable-remote-write-receiver" ];
|
extraFlags = [ "--web.enable-remote-write-receiver" ];
|
||||||
scrapeConfigs = [
|
scrapeConfigs = [
|
||||||
|
@ -142,10 +53,6 @@
|
||||||
job_name = "forgejo";
|
job_name = "forgejo";
|
||||||
static_configs = [ { targets = [ "git.gmem.ca" ]; } ];
|
static_configs = [ { targets = [ "git.gmem.ca" ]; } ];
|
||||||
}
|
}
|
||||||
{
|
|
||||||
job_name = "coredns";
|
|
||||||
static_configs = [ { targets = [ "vancouver:9253" ]; } ];
|
|
||||||
}
|
|
||||||
{
|
{
|
||||||
job_name = "healthchecks";
|
job_name = "healthchecks";
|
||||||
scrape_interval = "60s";
|
scrape_interval = "60s";
|
||||||
|
@ -200,7 +107,6 @@
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
virtualHosts."healthchecks.gmem.ca" = {
|
virtualHosts."healthchecks.gmem.ca" = {
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
|
@ -208,6 +114,9 @@
|
||||||
proxyPass = "http://127.0.0.1:8000";
|
proxyPass = "http://127.0.0.1:8000";
|
||||||
proxyWebsockets = true;
|
proxyWebsockets = true;
|
||||||
};
|
};
|
||||||
|
locations."~ \/projects\/.+\/metrics\/.+" = {
|
||||||
|
extraConfig = "deny all;";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
security.acme.acceptTerms = true;
|
security.acme.acceptTerms = true;
|
||||||
|
|
|
@ -1,15 +1,29 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }:
|
||||||
|
let
|
||||||
|
syncthingLatest =
|
||||||
|
let
|
||||||
|
version = "1.24.0";
|
||||||
|
src = pkgs.fetchFromGitHub {
|
||||||
|
owner = "syncthing";
|
||||||
|
repo = "syncthing";
|
||||||
|
rev = "v1.24.0";
|
||||||
|
hash = "sha256-5vr9qWMHBYpu8wHpV1JZcX1kEPi+mYeZ7ZQBqXASp9I=";
|
||||||
|
};
|
||||||
|
in
|
||||||
|
(pkgs.syncthing.override rec {
|
||||||
|
buildGoModule = args: pkgs.buildGoModule.override {} (args // {
|
||||||
|
inherit src version;
|
||||||
|
vendorHash = "sha256-BZwZ6npmWFU0lvynjRZOBOhtxqic0djoSUdCOLbUwjE=";
|
||||||
|
});
|
||||||
|
});
|
||||||
|
in
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[ # Include the results of the hardware scan.
|
[ # Include the results of the hardware scan.
|
||||||
./hardware.nix
|
./hardware.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
age.secrets.action-token = {
|
age.secrets.action-token.file = ../../secrets/vancouver-action-runner.age;
|
||||||
file = ../../secrets/vancouver-action-runner.age;
|
|
||||||
owner = "gitea-runner";
|
|
||||||
};
|
|
||||||
age.secrets.restic-b2-credentials = {
|
age.secrets.restic-b2-credentials = {
|
||||||
file = ../../secrets/vancouver-restic-b2.age;
|
file = ../../secrets/vancouver-restic-b2.age;
|
||||||
group = "users";
|
group = "users";
|
||||||
|
@ -81,7 +95,6 @@
|
||||||
repository = "s3:s3.us-west-000.backblazeb2.com/bsimmer-backup";
|
repository = "s3:s3.us-west-000.backblazeb2.com/bsimmer-backup";
|
||||||
paths = [
|
paths = [
|
||||||
"\"/Primary/becki/VRChat\ Avatars\""
|
"\"/Primary/becki/VRChat\ Avatars\""
|
||||||
"/Primary/becki/Pictures"
|
|
||||||
];
|
];
|
||||||
timerConfig = {
|
timerConfig = {
|
||||||
OnCalendar = "daily";
|
OnCalendar = "daily";
|
||||||
|
@ -140,6 +153,7 @@
|
||||||
user = "gsimmer";
|
user = "gsimmer";
|
||||||
dataDir = "/Primary/gabriel";
|
dataDir = "/Primary/gabriel";
|
||||||
guiAddress = "100.116.48.47:8384";
|
guiAddress = "100.116.48.47:8384";
|
||||||
|
package = syncthingLatest;
|
||||||
};
|
};
|
||||||
prometheus.exporters = {
|
prometheus.exporters = {
|
||||||
blackbox = {
|
blackbox = {
|
||||||
|
@ -159,8 +173,6 @@
|
||||||
config =
|
config =
|
||||||
''
|
''
|
||||||
.:53 {
|
.:53 {
|
||||||
prometheus 100.116.48.47:9253
|
|
||||||
|
|
||||||
health
|
health
|
||||||
file /var/src/dns.db git.gmem.ca food.gmem.ca
|
file /var/src/dns.db git.gmem.ca food.gmem.ca
|
||||||
forward . 45.90.28.116 45.90.30.116
|
forward . 45.90.28.116 45.90.30.116
|
||||||
|
@ -336,13 +348,6 @@
|
||||||
metrics = {
|
metrics = {
|
||||||
ENABLED = true;
|
ENABLED = true;
|
||||||
};
|
};
|
||||||
"repository.signing" = {
|
|
||||||
SIGNING_KEY = "default";
|
|
||||||
INITIAL_COMMIT = "always";
|
|
||||||
WIKI = "always";
|
|
||||||
CRUD_ACTIONS = "always";
|
|
||||||
MERGES = "always";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
gitea-actions-runner = {
|
gitea-actions-runner = {
|
||||||
|
@ -444,8 +449,6 @@
|
||||||
cloudflared
|
cloudflared
|
||||||
bat
|
bat
|
||||||
virtiofsd
|
virtiofsd
|
||||||
gnupg
|
|
||||||
pinentry
|
|
||||||
];
|
];
|
||||||
|
|
||||||
time.timeZone = "Europe/London";
|
time.timeZone = "Europe/London";
|
||||||
|
@ -471,7 +474,7 @@
|
||||||
openssh.authorizedKeys.keys = let
|
openssh.authorizedKeys.keys = let
|
||||||
authorizedKeys = pkgs.fetchurl {
|
authorizedKeys = pkgs.fetchurl {
|
||||||
url = "https://gmem.ca/ssh";
|
url = "https://gmem.ca/ssh";
|
||||||
hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
|
sha256 = "0vm0q5fzx55mmgw7md430c20rvywmknmpvnkffx9szlm0l74bypc";
|
||||||
};
|
};
|
||||||
in pkgs.lib.splitString "\n" (builtins.readFile
|
in pkgs.lib.splitString "\n" (builtins.readFile
|
||||||
authorizedKeys);
|
authorizedKeys);
|
||||||
|
@ -484,7 +487,7 @@
|
||||||
root.openssh.authorizedKeys.keys = let
|
root.openssh.authorizedKeys.keys = let
|
||||||
authorizedKeys = pkgs.fetchurl {
|
authorizedKeys = pkgs.fetchurl {
|
||||||
url = "https://gmem.ca/ssh";
|
url = "https://gmem.ca/ssh";
|
||||||
hash = "sha256-7PpFDgWVfp26c9PuW+2s3O8MBAODtHr4q7WU/l3BoG4=";
|
sha256 = "0iwrm80hsadr0midy0h3da4x0sbci76a92g8f9wnz5pj38gimdi9";
|
||||||
};
|
};
|
||||||
in pkgs.lib.splitString "\n" (builtins.readFile
|
in pkgs.lib.splitString "\n" (builtins.readFile
|
||||||
authorizedKeys);
|
authorizedKeys);
|
||||||
|
|
|
@ -1,6 +1,13 @@
|
||||||
{ config, pkgs, callPackage, ... }:
|
{ config, pkgs, callPackage, ... }:
|
||||||
|
|
||||||
{
|
{
|
||||||
|
nixpkgs.overlays = [
|
||||||
|
(import (builtins.fetchTarball {
|
||||||
|
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
|
||||||
|
sha256 = "11knjfj2gnj8y6jy4xali11g86clq7jmy5ndzy1gg0yy1y72xrhm";
|
||||||
|
}))
|
||||||
|
];
|
||||||
|
|
||||||
home.username = "gsimmer";
|
home.username = "gsimmer";
|
||||||
home.homeDirectory = "/Primary/gabriel";
|
home.homeDirectory = "/Primary/gabriel";
|
||||||
|
|
||||||
|
@ -51,6 +58,16 @@ end
|
||||||
nix-direnv.enable = true;
|
nix-direnv.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# services.lorri.enable = true;
|
||||||
|
|
||||||
|
programs.emacs = {
|
||||||
|
enable = false;
|
||||||
|
package = pkgs.emacs-unstable-pgtk;
|
||||||
|
extraPackages = epkgs: [
|
||||||
|
epkgs.vterm
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
programs.eza = {
|
programs.eza = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableAliases = true;
|
enableAliases = true;
|
||||||
|
|
|
@ -12,7 +12,5 @@ in
|
||||||
"secrets/vancouver-restic-password.age".publicKeys = [ vancouver gsimmer ];
|
"secrets/vancouver-restic-password.age".publicKeys = [ vancouver gsimmer ];
|
||||||
"secrets/monitoring-healthchecks-secret.age".publicKeys = [ monitoring gsimmer ];
|
"secrets/monitoring-healthchecks-secret.age".publicKeys = [ monitoring gsimmer ];
|
||||||
"secrets/monitoring-healthchecks-ro.age".publicKeys = [ monitoring gsimmer ];
|
"secrets/monitoring-healthchecks-ro.age".publicKeys = [ monitoring gsimmer ];
|
||||||
"secrets/monitoring-prometheus-webconfig.age".publicKeys = [ monitoring gsimmer ];
|
|
||||||
"secrets/monitoring-prometheus-password.age".publicKeys = [ monitoring gsimmer ];
|
|
||||||
"secrets/healthchecks-ping.sh.age".publicKeys = machines ++ users;
|
"secrets/healthchecks-ping.sh.age".publicKeys = machines ++ users;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,10 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> ssh-ed25519 J+a91w qN8Z94Hx1iQy12DngGD5/AiLJxbGbs51Tr3aE1/80gk
|
|
||||||
6eH40Q7Hn/ES463b7FPjyUnNDlcOFCC1VM1qf5G7F/M
|
|
||||||
-> ssh-ed25519 qbziOw k3d+DHeevcGtHJnPfCEKro/f2R8S2auaH+3BGE1meVI
|
|
||||||
rAEfQWRi5CDYDPdYwFAV4cQgDT/B77lVBFKCGfeDk7I
|
|
||||||
-> wU3bY.f)-grease m#L* _b8 `WSigN 3%
|
|
||||||
A+cZ7hzU7HvAu6zUWZZ5pPMW20A8gCtCK6mUzMXbnjDNMtxW+bIRuQeKIOqKKjdw
|
|
||||||
azUjJKU6NaEktNrNWG7G9PXn9uQ
|
|
||||||
--- WDkj0HNNagL9VWzwgUZjAe4V/hZ1jZVkmVBgxHzXN7c
|
|
||||||
¯%R»rJ[2̨<C38C>ºRbˆšë#o`5Q<35>+:ŽÊŽíî‡ÚV\LøQêoê°g:ÈRFL¼ÁÙýAƒL/ü<>peÛ!7ü¿©/Wÿ5€R<E282AC> <20>ÈËŽxKY Û³fô*Ò'î<>KÎ*.ýg¢×1RTÍFêû.2z5ðÿ¾~ˆý=|ecàP:„+{«ÈšeÂ0úù¿ÎS°ÛÄnS¥ao¨Š¸¢¿ç9†ƒÞ§ü<C2A7>¤W
—†„Õ<E2809E>³a> »ø!‚Â
|
|
|
@ -1,10 +1,9 @@
|
||||||
age-encryption.org/v1
|
age-encryption.org/v1
|
||||||
-> ssh-ed25519 oN6OTQ 290Jjq3X3EKWAJjbrxxNdLVYq7OOdTZAQBLnb0JlzEw
|
-> ssh-ed25519 oN6OTQ BBqv4gyfV+ZTQTKNhEUPRrzWNKz1YjVr3qyouxZ1l1s
|
||||||
Ci/Ngx0O5JbCbxNqkUdSz1zuHs2YMvi+st/Nf+BlhXk
|
ApaqQizmjolL/f1j2iQAvRUuCrrv9l0R8ms63TsKmU0
|
||||||
-> ssh-ed25519 qbziOw pexX+lrzjrIvjD1BXDOwZ6jvHNwHvI8NN7t0g+WAHE4
|
-> ssh-ed25519 qbziOw XL46mKp0s0IqX3sOY7wdyuxgIAdsNSb+pMl1oUgI2EY
|
||||||
8TlaRQnd/H/1nML+bJOL9J6rG1FOSFY7qTTiu11gqRo
|
C+4Zy+62bzn7VkRdndpaiDtHc013K9PIrQXBpSqxD3s
|
||||||
-> Q5TArB-grease
|
-> <#q*-grease
|
||||||
bYTE3nqG4aLFTuXCpjRNM7rnVFlL7BCJ2BlqJbMn0CImH3owoMnYwpBBEO2i5/O7
|
GKgzRmWm4lA3tKsx96FM0QFnDI8Mu8jc76XM5uFZJnEY
|
||||||
XdBin6lrZDYiFZMLzQ4DRd8B
|
--- FZbu3X6NM/NxZBnjbc/BRIsccomlfkwIelFdc4NXt5g
|
||||||
--- GfQW76dgud6sOfFfB1VoRiiZZqDePubrWRTbvKcx3Z0
|
PÄó¨‹u®'®¦TÛ åßšµ¹^ªTÃ{ñevô÷Rb{ð1ì<31>K¦Í´eN œAàØéîÊÎ}MûjZ5K…öXd®vÜ+yƒ³”vÝE
|
||||||
“n-‡ŽA3]Éró]YHp'`º…2óH^Î%Ï}= Nzútoöä:³5õ³ˆª‚éùê—R <52>§¾áýL瞶6‹©ÀÐÝ24¼ª"WË
|
|
Loading…
Reference in a new issue