Compare commits
No commits in common. "e1e7b401fcbec6ae9d7610b614fd9bb814f5b63c" and "ef4db52dce8c58fc19755ebd0cef93d78a0023af" have entirely different histories.
e1e7b401fc
...
ef4db52dce
|
@ -1,10 +1,6 @@
|
||||||
couchdbConfig:
|
couchdbConfig:
|
||||||
couchdb:
|
couchdb:
|
||||||
uuid: 25274915ac5d403292fef27909e679cc
|
uuid: 25274915ac5d403292fef27909e679cc
|
||||||
chttpd:
|
|
||||||
enable_cors: true
|
|
||||||
cors:
|
|
||||||
origins: "https://artbybecki.com, https://admin.artbybecki.com"
|
|
||||||
clusterSize: 1
|
clusterSize: 1
|
||||||
persistentVolume:
|
persistentVolume:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
nfs:
|
nfs:
|
||||||
server: vancouver
|
server: 192.168.50.229
|
||||||
path: /Primary/k3scluster
|
path: /mnt/Primary/k3scluster
|
||||||
storageClass:
|
storageClass:
|
||||||
defaultClass: true
|
defaultClass: true
|
||||||
archiveOnDelete: false
|
archiveOnDelete: false
|
||||||
|
|
|
@ -1,9 +0,0 @@
|
||||||
age-encryption.org/v1
|
|
||||||
-> piv-p256 JccfSQ AhIbgVYw7nnbfVvpM2755rvolAK+7TVKMYV7+7HXweKW
|
|
||||||
tpz/Ea90ttJQanaA033mrIgMzKtIOgiBkcfNY9qPPyM
|
|
||||||
-> D-grease &[o{ }PTMp/+M y!I
|
|
||||||
4B6KLBrcEWiTzcCyfN+EKTd0j9rOPe9RP5KFM87HAmFAOR7fa4yOousUqFvP32Xw
|
|
||||||
Xs8hyC4vT+P3buXFMPR/k9yrzJcAOdmB
|
|
||||||
--- e930foLDztNKnvtkkj6phGiXCo6z02hczVmScHC0uw8
|
|
||||||
Y ù_•<>AœWæ"#W@^¦<>‰y4Ò!‘êHz
|
|
||||||
°ú)×0Oži5‹9ûV¨7rÖ¦ÙQß(¦ì ™Íš{lÎ.B<>ÖøR¨·¶˜Ä‡U+²hª!h[(©ê1ö ªt #‹è¹ŒƒÁJ±XŒ¶¼xN<>CÚÖ)Èi«ï\t»åq
|
|
|
@ -30,9 +30,17 @@ spec:
|
||||||
- name: litestream
|
- name: litestream
|
||||||
mountPath: /etc/litestream.yml
|
mountPath: /etc/litestream.yml
|
||||||
subPath: vaultwarden.yml
|
subPath: vaultwarden.yml
|
||||||
envFrom:
|
env:
|
||||||
- secretRef:
|
- name: LITESTREAM_USERNAME
|
||||||
name: vaultwarden-litestream-s3
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: litestream
|
||||||
|
key: username
|
||||||
|
- name: LITESTREAM_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: litestream
|
||||||
|
key: password
|
||||||
|
|
||||||
containers:
|
containers:
|
||||||
- name: vaultwarden
|
- name: vaultwarden
|
||||||
|
@ -62,9 +70,17 @@ spec:
|
||||||
- name: litestream
|
- name: litestream
|
||||||
mountPath: /etc/litestream.yml
|
mountPath: /etc/litestream.yml
|
||||||
subPath: vaultwarden.yml
|
subPath: vaultwarden.yml
|
||||||
envFrom:
|
env:
|
||||||
- secretRef:
|
- name: LITESTREAM_USERNAME
|
||||||
name: vaultwarden-litestream-s3
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: litestream
|
||||||
|
key: username
|
||||||
|
- name: LITESTREAM_PASSWORD
|
||||||
|
valueFrom:
|
||||||
|
secretKeyRef:
|
||||||
|
name: litestream
|
||||||
|
key: password
|
||||||
ports:
|
ports:
|
||||||
- name: metrics
|
- name: metrics
|
||||||
containerPort: 9090
|
containerPort: 9090
|
||||||
|
@ -80,7 +96,6 @@ spec:
|
||||||
- metadata:
|
- metadata:
|
||||||
name: data
|
name: data
|
||||||
spec:
|
spec:
|
||||||
storageClassName: nfs-client
|
|
||||||
accessModes: [ "ReadWriteOnce" ]
|
accessModes: [ "ReadWriteOnce" ]
|
||||||
resources:
|
resources:
|
||||||
requests:
|
requests:
|
||||||
|
|
|
@ -8,7 +8,7 @@ let
|
||||||
oracle-gitea-runner-source = lib.evalSource [
|
oracle-gitea-runner-source = lib.evalSource [
|
||||||
{
|
{
|
||||||
nixpkgs.git = {
|
nixpkgs.git = {
|
||||||
ref = "66aedfd010204949cb225cf749be08cb13ce1813";
|
ref = "0a4f20e1867ebb798ba5ed51b9db52a09ba6623d";
|
||||||
url = https://github.com/NixOS/nixpkgs;
|
url = https://github.com/NixOS/nixpkgs;
|
||||||
|
|
||||||
shallow = true;
|
shallow = true;
|
||||||
|
@ -18,27 +18,14 @@ let
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
oracle-nix-cache-source = lib.evalSource [
|
|
||||||
{
|
|
||||||
nixpkgs.git = {
|
|
||||||
ref = "66aedfd010204949cb225cf749be08cb13ce1813";
|
|
||||||
url = https://github.com/NixOS/nixpkgs;
|
|
||||||
|
|
||||||
shallow = true;
|
|
||||||
};
|
|
||||||
nixos-config.file = toString ./oracle-nix-cache/configuration.nix;
|
|
||||||
"hardware.nix".file = toString ./oracle-nix-cache/hardware.nix;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
nas-source = lib.evalSource [
|
nas-source = lib.evalSource [
|
||||||
{
|
{
|
||||||
nixpkgs.git = {
|
nixpkgs.git = {
|
||||||
ref = "origin/nixos-unstable";
|
ref = "origin/nixos-23.05";
|
||||||
url = https://github.com/NixOS/nixpkgs;
|
url = https://github.com/NixOS/nixpkgs;
|
||||||
};
|
};
|
||||||
home-manager.git = {
|
home-manager.git = {
|
||||||
ref = "origin/master";
|
ref = "origin/release-23.05";
|
||||||
url = https://github.com/nix-community/home-manager;
|
url = https://github.com/nix-community/home-manager;
|
||||||
};
|
};
|
||||||
nixos-config.file = toString ./nas/configuration.nix;
|
nixos-config.file = toString ./nas/configuration.nix;
|
||||||
|
@ -58,17 +45,6 @@ let
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
seattle-source = lib.evalSource [
|
|
||||||
{
|
|
||||||
nixpkgs.git = {
|
|
||||||
ref = "origin/nixos-unstable";
|
|
||||||
url = https://github.com/NixOS/nixpkgs;
|
|
||||||
};
|
|
||||||
nixos-config.file = toString ./seattle/configuration.nix;
|
|
||||||
"hardware.nix".file = toString ./glasgow/hardware.nix;
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
glasgow-source = lib.evalSource [
|
glasgow-source = lib.evalSource [
|
||||||
{
|
{
|
||||||
nixpkgs.git = {
|
nixpkgs.git = {
|
||||||
|
@ -85,10 +61,6 @@ in {
|
||||||
source = oracle-gitea-runner-source;
|
source = oracle-gitea-runner-source;
|
||||||
target = "root@130.162.169.74";
|
target = "root@130.162.169.74";
|
||||||
};
|
};
|
||||||
oracle-nix-cache = pkgs.krops.writeDeploy "oracle-nix-cache" {
|
|
||||||
source = oracle-nix-cache-source;
|
|
||||||
target = "root@141.147.94.210";
|
|
||||||
};
|
|
||||||
nas = pkgs.krops.writeDeploy "nas" {
|
nas = pkgs.krops.writeDeploy "nas" {
|
||||||
source = nas-source;
|
source = nas-source;
|
||||||
target = "root@192.168.50.229";
|
target = "root@192.168.50.229";
|
||||||
|
@ -97,10 +69,6 @@ in {
|
||||||
source = nas-k3s-source;
|
source = nas-k3s-source;
|
||||||
target = "root@192.168.50.229:22001";
|
target = "root@192.168.50.229:22001";
|
||||||
};
|
};
|
||||||
seattle = pkgs.krops.writeDeploy "seattle" {
|
|
||||||
source = seattle-source;
|
|
||||||
target = "root@192.168.50.146";
|
|
||||||
};
|
|
||||||
glasgow = pkgs.krops.writeDeploy "glasgow" {
|
glasgow = pkgs.krops.writeDeploy "glasgow" {
|
||||||
source = glasgow-source;
|
source = glasgow-source;
|
||||||
target = "root@192.168.50.144";
|
target = "root@192.168.50.144";
|
||||||
|
|
|
@ -27,30 +27,6 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
coredns = {
|
|
||||||
enable = true;
|
|
||||||
config =
|
|
||||||
''
|
|
||||||
.:53 {
|
|
||||||
cache
|
|
||||||
bind tailscale0
|
|
||||||
}
|
|
||||||
git.gmem.ca {
|
|
||||||
cache
|
|
||||||
bind tailscale0
|
|
||||||
template IN A {
|
|
||||||
answer "{{ .Name }} 0 IN A 100.116.48.47"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
pipewire = {
|
|
||||||
enable = true;
|
|
||||||
alsa.enable = true;
|
|
||||||
alsa.support32Bit = true;
|
|
||||||
pulse.enable = true;
|
|
||||||
jack.enable = true;
|
|
||||||
};
|
|
||||||
zfs.autoScrub.enable = true;
|
zfs.autoScrub.enable = true;
|
||||||
tailscale.enable = true;
|
tailscale.enable = true;
|
||||||
openssh.enable = true;
|
openssh.enable = true;
|
||||||
|
@ -128,24 +104,28 @@
|
||||||
recommendedBrotliSettings = true;
|
recommendedBrotliSettings = true;
|
||||||
recommendedZstdSettings = true;
|
recommendedZstdSettings = true;
|
||||||
recommendedOptimisation = true;
|
recommendedOptimisation = true;
|
||||||
recommendedTlsSettings = true;
|
|
||||||
# We can only proxy one port with Tailscale Funnel so we abuse locations instead.
|
# We can only proxy one port with Tailscale Funnel so we abuse locations instead.
|
||||||
virtualHosts."vancouver.gmem.ca" = {
|
virtualHosts."vancouver.gmem.ca" = {
|
||||||
default = true;
|
default = true;
|
||||||
enableACME = true;
|
enableACME = false;
|
||||||
addSSL = true;
|
forceSSL = false;
|
||||||
acmeRoot = null;
|
|
||||||
locations."/" = {
|
locations."/" = {
|
||||||
root = "/var/www/";
|
root = "/var/www/";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
error_page 404 /404.html;
|
error_page 404 /404.html;
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
locations."/git" = {
|
locations."/git/" = {
|
||||||
|
proxyWebsockets = false; # needed if you need to use WebSocket
|
||||||
extraConfig =
|
extraConfig =
|
||||||
''
|
''
|
||||||
return 301 $scheme://git.gmem.ca;
|
proxy_set_header Host $host;
|
||||||
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header X-Forwarded-Proto $scheme;
|
||||||
'';
|
'';
|
||||||
|
proxyPass = "http://127.0.0.1:8973/";
|
||||||
};
|
};
|
||||||
locations."/n8n/" = {
|
locations."/n8n/" = {
|
||||||
proxyPass = "http://127.0.0.1:5678/";
|
proxyPass = "http://127.0.0.1:5678/";
|
||||||
|
@ -156,21 +136,6 @@
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
virtualHosts."git.gmem.ca" = {
|
|
||||||
enableACME = true;
|
|
||||||
addSSL = true;
|
|
||||||
acmeRoot = null;
|
|
||||||
locations."/" = {
|
|
||||||
extraConfig =
|
|
||||||
''
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header X-Forwarded-Proto $scheme;
|
|
||||||
'';
|
|
||||||
proxyPass = "http://127.0.0.1:8973/";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
gitea = {
|
gitea = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -178,7 +143,7 @@
|
||||||
package = pkgs.forgejo;
|
package = pkgs.forgejo;
|
||||||
settings = {
|
settings = {
|
||||||
server = {
|
server = {
|
||||||
ROOT_URL = "https://git.gmem.ca/";
|
ROOT_URL = "https://vancouver.scorpion-ghost.ts.net/git/";
|
||||||
HTTP_PORT = 8973;
|
HTTP_PORT = 8973;
|
||||||
};
|
};
|
||||||
service = {
|
service = {
|
||||||
|
@ -194,7 +159,6 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
gitea-actions-runner = {
|
gitea-actions-runner = {
|
||||||
package = pkgs.forgejo-actions-runner;
|
|
||||||
instances = {
|
instances = {
|
||||||
vancouver = {
|
vancouver = {
|
||||||
name = "vancouver";
|
name = "vancouver";
|
||||||
|
@ -203,7 +167,8 @@
|
||||||
"debian-latest:docker://node:18-bullseye"
|
"debian-latest:docker://node:18-bullseye"
|
||||||
"nix:docker://nixos/nix"
|
"nix:docker://nixos/nix"
|
||||||
];
|
];
|
||||||
url = "https://git.gmem.ca/";
|
url = "https://vancouver.scorpion-ghost.ts.net/git";
|
||||||
|
token = "";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -217,9 +182,7 @@
|
||||||
firewall = {
|
firewall = {
|
||||||
trustedInterfaces = ["tailscale0"];
|
trustedInterfaces = ["tailscale0"];
|
||||||
checkReversePath = "loose";
|
checkReversePath = "loose";
|
||||||
enable = true;
|
enable = false;
|
||||||
allowedTCPPorts = [ 22 53 80 443 ];
|
|
||||||
allowedUDPPorts = [ 53 ];
|
|
||||||
};
|
};
|
||||||
nftables.enable = true;
|
nftables.enable = true;
|
||||||
};
|
};
|
||||||
|
@ -234,8 +197,6 @@
|
||||||
screen
|
screen
|
||||||
nix-output-monitor
|
nix-output-monitor
|
||||||
cifs-utils
|
cifs-utils
|
||||||
cloudflared
|
|
||||||
bat
|
|
||||||
# atuin
|
# atuin
|
||||||
];
|
];
|
||||||
|
|
||||||
|
@ -272,13 +233,9 @@
|
||||||
isNormalUser = true;
|
isNormalUser = true;
|
||||||
home = "/Primary/becki";
|
home = "/Primary/becki";
|
||||||
};
|
};
|
||||||
root.openssh.authorizedKeys.keys = let
|
root.openssh.authorizedKeys.keys = [
|
||||||
authorizedKeys = pkgs.fetchurl {
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILIztwQxt+jqroFONSgq+xzPMuE2I5Dq/zWPQ8RcTYJr"
|
||||||
url = "https://gmem.ca/ssh";
|
];
|
||||||
sha256 = "0iwrm80hsadr0midy0h3da4x0sbci76a92g8f9wnz5pj38gimdi9";
|
|
||||||
};
|
|
||||||
in pkgs.lib.splitString "\n" (builtins.readFile
|
|
||||||
authorizedKeys);
|
|
||||||
};
|
};
|
||||||
|
|
||||||
home-manager.users.gsimmer = { pkgs, ... }: {
|
home-manager.users.gsimmer = { pkgs, ... }: {
|
||||||
|
@ -294,25 +251,22 @@
|
||||||
virtualisation = {
|
virtualisation = {
|
||||||
docker = {
|
docker = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
rootless = {
|
||||||
|
enable = true;
|
||||||
|
setSocketVariable = true;
|
||||||
|
};
|
||||||
};
|
};
|
||||||
libvirtd.enable = true;
|
libvirtd.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
sound.enable = true;
|
sound.enable = true;
|
||||||
security.rtkit.enable = true;
|
security.rtkit.enable = true;
|
||||||
|
services.pipewire = {
|
||||||
security.acme.acceptTerms = true;
|
enable = true;
|
||||||
security.acme.defaults.email = "acme@gmem.ca";
|
alsa.enable = true;
|
||||||
security.acme.certs."git.gmem.ca" = {
|
alsa.support32Bit = true;
|
||||||
domain = "git.gmem.ca";
|
pulse.enable = true;
|
||||||
dnsProvider = "route53";
|
jack.enable = true;
|
||||||
credentialsFile = "/var/lib/secrets/credentials";
|
|
||||||
};
|
};
|
||||||
security.acme.certs."vancouver.gmem.ca" = {
|
|
||||||
domain = "vancouver.gmem.ca";
|
|
||||||
dnsProvider = "route53";
|
|
||||||
credentialsFile = "/var/lib/secrets/credentials";
|
|
||||||
};
|
|
||||||
|
|
||||||
system.stateVersion = "23.05";
|
system.stateVersion = "23.05";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,111 +0,0 @@
|
||||||
{ config, pkgs, ... }:
|
|
||||||
|
|
||||||
{
|
|
||||||
imports =
|
|
||||||
[ # Include the results of the hardware scan.
|
|
||||||
./hardware.nix
|
|
||||||
];
|
|
||||||
|
|
||||||
boot = {
|
|
||||||
tmp.cleanOnBoot = true;
|
|
||||||
};
|
|
||||||
zramSwap.enable = true;
|
|
||||||
|
|
||||||
nix = {
|
|
||||||
settings = {
|
|
||||||
auto-optimise-store = true;
|
|
||||||
experimental-features = ["nix-command" "flakes"];
|
|
||||||
};
|
|
||||||
gc = {
|
|
||||||
automatic = true;
|
|
||||||
dates = "weekly";
|
|
||||||
options = "--delete-older-than 30d";
|
|
||||||
};
|
|
||||||
# Free up to 1GiB whenever there is less than 100MiB left.
|
|
||||||
extraOptions = ''
|
|
||||||
min-free = ${toString (100 * 1024 * 1024)}
|
|
||||||
max-free = ${toString (1024 * 1024 * 1024)}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
networking = {
|
|
||||||
hostName = "nix-cache";
|
|
||||||
domain = "gmem.ca";
|
|
||||||
firewall = {
|
|
||||||
trustedInterfaces = ["tailscale0"];
|
|
||||||
checkReversePath = "loose";
|
|
||||||
allowedTCPPorts = [ 80 443 ];
|
|
||||||
allowedUDPPortRanges = [
|
|
||||||
{ from = 4000; to = 4007; }
|
|
||||||
{ from = 8000; to = 8010; }
|
|
||||||
];
|
|
||||||
enable = true;
|
|
||||||
};
|
|
||||||
nftables.enable = true;
|
|
||||||
nameservers = [ "1.1.1.1" "1.0.0.1" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
time.timeZone = "Europe/London";
|
|
||||||
|
|
||||||
users.users.root.openssh.authorizedKeys.keys = let
|
|
||||||
authorizedKeys = pkgs.fetchurl {
|
|
||||||
url = "https://gmem.ca/ssh";
|
|
||||||
sha256 = "0iwrm80hsadr0midy0h3da4x0sbci76a92g8f9wnz5pj38gimdi9";
|
|
||||||
};
|
|
||||||
in pkgs.lib.splitString "\n" (builtins.readFile
|
|
||||||
authorizedKeys);
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
vim
|
|
||||||
wget
|
|
||||||
htop
|
|
||||||
git
|
|
||||||
screen
|
|
||||||
nix-output-monitor
|
|
||||||
tailscale
|
|
||||||
nfs-utils
|
|
||||||
];
|
|
||||||
|
|
||||||
services = {
|
|
||||||
rpcbind.enable = true;
|
|
||||||
openssh.enable = true;
|
|
||||||
tailscale.enable = true;
|
|
||||||
nix-serve = {
|
|
||||||
enable = true;
|
|
||||||
secretKeyFile = "/var/cache-priv-key.pem";
|
|
||||||
};
|
|
||||||
nginx = {
|
|
||||||
enable = true;
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
recommendedGzipSettings = true;
|
|
||||||
recommendedBrotliSettings = true;
|
|
||||||
recommendedZstdSettings = true;
|
|
||||||
recommendedOptimisation = true;
|
|
||||||
recommendedTlsSettings = true;
|
|
||||||
virtualHosts = {
|
|
||||||
"nix-cache.gmem.ca" = {
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
|
|
||||||
};
|
|
||||||
"git.gmem.ca" = {
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://100.116.48.47";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
security.acme = {
|
|
||||||
acceptTerms = true;
|
|
||||||
email = "acme@gmem.ca";
|
|
||||||
};
|
|
||||||
|
|
||||||
system.copySystemConfiguration = true;
|
|
||||||
|
|
||||||
system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT?
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,15 +0,0 @@
|
||||||
{ modulesPath, ... }:
|
|
||||||
{
|
|
||||||
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
|
|
||||||
boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
|
||||||
boot.loader.grub = {
|
|
||||||
efiSupport = true;
|
|
||||||
efiInstallAsRemovable = true;
|
|
||||||
device = "nodev";
|
|
||||||
};
|
|
||||||
fileSystems."/boot/efi" = { device = "/dev/disk/by-uuid/CC2E-AEC0"; fsType = "vfat"; };
|
|
||||||
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" ];
|
|
||||||
boot.initrd.kernelModules = [ "nvme" ];
|
|
||||||
fileSystems."/" = { device = "/dev/mapper/ocivolume-root"; fsType = "xfs"; };
|
|
||||||
|
|
||||||
}
|
|
|
@ -24,6 +24,4 @@
|
||||||
nix-output-monitor
|
nix-output-monitor
|
||||||
tailscale
|
tailscale
|
||||||
];
|
];
|
||||||
|
|
||||||
system.stateVersion = "23.05";
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -30,6 +30,16 @@ resource "aws_route53_record" "gabrielsimmercom-a" {
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
resource "aws_route53_record" "gabrielsimmercom-google-ownership" {
|
||||||
|
zone_id = aws_route53_zone.gabrielsimmercom.zone_id
|
||||||
|
name = "gabrielsimmer.com"
|
||||||
|
type = "TXT"
|
||||||
|
ttl = 300
|
||||||
|
records = [
|
||||||
|
"google-site-verification=EW1TJ2_9BRa81mIRX9doz-5aR4ydYh4hzG1yuqfu_C4",
|
||||||
|
]
|
||||||
|
}
|
||||||
|
|
||||||
resource "aws_route53_record" "gabrielsimmercom-next" {
|
resource "aws_route53_record" "gabrielsimmercom-next" {
|
||||||
zone_id = aws_route53_zone.gabrielsimmercom.zone_id
|
zone_id = aws_route53_zone.gabrielsimmercom.zone_id
|
||||||
name = "next"
|
name = "next"
|
||||||
|
@ -72,7 +82,7 @@ resource "aws_route53_record" "gabrielsimmercom-github-verification" {
|
||||||
type = "TXT"
|
type = "TXT"
|
||||||
ttl = 300
|
ttl = 300
|
||||||
records = [
|
records = [
|
||||||
"fcf7482bbeced61719161ebd56e110",
|
"fcf7482bbeced61719161ebd56e110"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -83,8 +93,7 @@ resource "aws_route53_record" "gabrielsimmercom-txt-verifications" {
|
||||||
ttl = 300
|
ttl = 300
|
||||||
records = [
|
records = [
|
||||||
"keybase-site-verification=f2MAsoM3HCGQAsYNcWzCy4Ul2kvh79j6etJbL7aQwv8",
|
"keybase-site-verification=f2MAsoM3HCGQAsYNcWzCy4Ul2kvh79j6etJbL7aQwv8",
|
||||||
"v=spf1 include:spf.messagingengine.com ?all",
|
"v=spf1 include:spf.messagingengine.com ?all"
|
||||||
"google-site-verification=EW1TJ2_9BRa81mIRX9doz-5aR4ydYh4hzG1yuqfu_C4"
|
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -2,22 +2,6 @@ resource "aws_route53_zone" "gmemca" {
|
||||||
name = "gmem.ca"
|
name = "gmem.ca"
|
||||||
}
|
}
|
||||||
|
|
||||||
resource "aws_route53_record" "git" {
|
|
||||||
zone_id = aws_route53_zone.gmemca.zone_id
|
|
||||||
name = "git"
|
|
||||||
type = "A"
|
|
||||||
ttl = 300
|
|
||||||
records = ["141.147.94.210"]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "aws_route53_record" "nix-cache" {
|
|
||||||
zone_id = aws_route53_zone.gmemca.zone_id
|
|
||||||
name = "nix-cache"
|
|
||||||
type = "A"
|
|
||||||
ttl = 300
|
|
||||||
records = ["141.147.94.210"]
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "aws_route53_record" "fursona" {
|
resource "aws_route53_record" "fursona" {
|
||||||
zone_id = aws_route53_zone.gmemca.zone_id
|
zone_id = aws_route53_zone.gmemca.zone_id
|
||||||
name = "fursona"
|
name = "fursona"
|
||||||
|
|
Loading…
Reference in a new issue