Compare commits
No commits in common. "ee71aa15633b74172e32cdc0fc3c965d92735fad" and "5cdc1edd916197b12864c904640868facf6f1c11" have entirely different histories.
ee71aa1563
...
5cdc1edd91
18
flake.lock
18
flake.lock
|
@ -7,11 +7,11 @@
|
||||||
"nixpkgs": "nixpkgs"
|
"nixpkgs": "nixpkgs"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1695339232,
|
"lastModified": 1694793763,
|
||||||
"narHash": "sha256-6wQHW3uHECpGIBolTccQ6x3/9b8E1SrO+VzTABKe2xM=",
|
"narHash": "sha256-y6gTE1C9mIoSkymRYyzCmv62PFgy+hbZ5j8fuiQK5KI=",
|
||||||
"owner": "ryantm",
|
"owner": "ryantm",
|
||||||
"repo": "agenix",
|
"repo": "agenix",
|
||||||
"rev": "7f9dfa309f24dc74450ecab6e74bc3d11c7ce735",
|
"rev": "572baca9b0c592f71982fca0790db4ce311e3c75",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -151,11 +151,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1695224363,
|
"lastModified": 1694643239,
|
||||||
"narHash": "sha256-+hfjJLUMck5G92RVFDZA7LWkR3kOxs5zQ7RPW9t3eM8=",
|
"narHash": "sha256-pv2k/5FvyirDE8g4TNehzwZ0T4UOMMmqWSQnM/luRtE=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "408ba13188ff9ce309fa2bdd2f81287d79773b00",
|
"rev": "d9b88b43524db1591fb3d9410a21428198d75d49",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -268,11 +268,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_4": {
|
"nixpkgs_4": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1695132891,
|
"lastModified": 1694948089,
|
||||||
"narHash": "sha256-cJR9AFHmt816cW/C9necLJyOg/gsnkvEeFAfxgeM1hc=",
|
"narHash": "sha256-d2B282GmQ9o8klc22/Rbbbj6r99EnELQpOQjWMyv0rU=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "8b5ab8341e33322e5b66fb46ce23d724050f6606",
|
"rev": "5148520bfab61f99fd25fb9ff7bfbb50dad3c9db",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
30
flake.nix
30
flake.nix
|
@ -138,36 +138,6 @@
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
seattle = nixpkgs.lib.nixosSystem {
|
|
||||||
system = "aarch64-linux";
|
|
||||||
modules = [
|
|
||||||
(import ./nix/seattle/configuration.nix)
|
|
||||||
{
|
|
||||||
_module.args.nixinate = {
|
|
||||||
host = "seattle";
|
|
||||||
sshUser = "gsimmer";
|
|
||||||
buildOn = "remote";
|
|
||||||
substituteOnTarget = true;
|
|
||||||
hermetic = false;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
glasgow = nixpkgs.lib.nixosSystem {
|
|
||||||
system = "aarch64-linux";
|
|
||||||
modules = [
|
|
||||||
(import ./nix/glasgow/configuration.nix)
|
|
||||||
{
|
|
||||||
_module.args.nixinate = {
|
|
||||||
host = "glasgow";
|
|
||||||
sshUser = "gsimmer";
|
|
||||||
buildOn = "remote";
|
|
||||||
substituteOnTarget = true;
|
|
||||||
hermetic = false;
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
controller:
|
controller:
|
||||||
replicaCount: 2
|
|
||||||
metrics:
|
metrics:
|
||||||
enabled: true
|
enabled: true
|
||||||
serviceMonitor:
|
serviceMonitor:
|
||||||
|
@ -11,8 +10,3 @@ controller:
|
||||||
prometheus.io/port: "10254"
|
prometheus.io/port: "10254"
|
||||||
ingressClassResource:
|
ingressClassResource:
|
||||||
default: true
|
default: true
|
||||||
publishService:
|
|
||||||
enabled: true
|
|
||||||
service:
|
|
||||||
externalTrafficPolicy: Local
|
|
||||||
hostNetwork: true
|
|
||||||
|
|
|
@ -100,6 +100,8 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
system.copySystemConfiguration = true;
|
||||||
|
|
||||||
system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT?
|
system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT?
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -71,7 +71,6 @@
|
||||||
i18n.defaultLocale = "en_GB.utf8";
|
i18n.defaultLocale = "en_GB.utf8";
|
||||||
|
|
||||||
services = {
|
services = {
|
||||||
fwupd.enable = true;
|
|
||||||
syncthing = {
|
syncthing = {
|
||||||
enable = true;
|
enable = true;
|
||||||
overrideDevices = false;
|
overrideDevices = false;
|
||||||
|
|
|
@ -16,7 +16,7 @@
|
||||||
[
|
[
|
||||||
(import (builtins.fetchTarball {
|
(import (builtins.fetchTarball {
|
||||||
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
|
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
|
||||||
sha256 = "1jn0gw1a0dffvqizy15yni6qnsr94k48zl7b2vqfvfr409nxsyaw";
|
sha256 = "17y4i3p35qbw4xq7fybs60d2ym3brqzpv9mgsb55ma1rfc08m1jc";
|
||||||
})) discordOverlay];
|
})) discordOverlay];
|
||||||
};
|
};
|
||||||
home = {
|
home = {
|
||||||
|
|
|
@ -1,54 +1,4 @@
|
||||||
{ config, pkgs, ... }:
|
{ config, pkgs, ... }: {
|
||||||
# let
|
|
||||||
# py = pkgs.python3.override {
|
|
||||||
# packageOverrides = final: prev: {
|
|
||||||
# django = prev.django_4;
|
|
||||||
# };
|
|
||||||
# };
|
|
||||||
# pydantic-edge = py.pkgs.pydantic.overridePythonAttrs (oldAttrs: rec {
|
|
||||||
# version = "2.3.0";
|
|
||||||
# src = pkgs.fetchFromGitHub {
|
|
||||||
# owner = "pydantic";
|
|
||||||
# repo = "pydantic";
|
|
||||||
# rev = "refs/tags/v${version}";
|
|
||||||
# hash = "sha256-toqrWg8bYzc3UmvG/YmXawfmT8nqaA9fxy24k1cdj+M=";
|
|
||||||
# };
|
|
||||||
# patches = [ ];
|
|
||||||
# });
|
|
||||||
# healthchecks-edge = pkgs.healthchecks.overridePythonAttrs (oldAttrs: rec {
|
|
||||||
# version = "unstable-2023-09-24";
|
|
||||||
# pname = "healthchecksedge";
|
|
||||||
# src = pkgs.fetchFromGitHub {
|
|
||||||
# owner = "healthchecks";
|
|
||||||
# repo = "healthchecks";
|
|
||||||
# rev = "507fd840d8c83a1685c8cccf47c67f939f295da1";
|
|
||||||
# hash = "sha256-EBfZQ41kc/H2BgzCPW0QZ8Js2DHU3ps4U1YaTZnGqg8=";
|
|
||||||
# };
|
|
||||||
# propagatedBuildInputs = with py.pkgs; [
|
|
||||||
# apprise
|
|
||||||
# cron-descriptor
|
|
||||||
# cronsim
|
|
||||||
# django
|
|
||||||
# django-compressor
|
|
||||||
# fido2
|
|
||||||
# minio
|
|
||||||
# psycopg2
|
|
||||||
# pycurl
|
|
||||||
# pydantic-edge
|
|
||||||
# pyotp
|
|
||||||
# segno
|
|
||||||
# statsd
|
|
||||||
# whitenoise
|
|
||||||
# ];
|
|
||||||
# passthru = {
|
|
||||||
# # PYTHONPATH of all dependencies used by the package
|
|
||||||
# pythonPath = py.pkgs.makePythonPath propagatedBuildInputs;
|
|
||||||
# };
|
|
||||||
# doCheck = false;
|
|
||||||
# });
|
|
||||||
|
|
||||||
# in
|
|
||||||
{
|
|
||||||
imports = [
|
imports = [
|
||||||
./hardware.nix
|
./hardware.nix
|
||||||
./networking.nix # generated at runtime by nixos-infect
|
./networking.nix # generated at runtime by nixos-infect
|
||||||
|
@ -63,12 +13,6 @@
|
||||||
file = ../../secrets/fastmail-smtp.age;
|
file = ../../secrets/fastmail-smtp.age;
|
||||||
owner = "healthchecks";
|
owner = "healthchecks";
|
||||||
};
|
};
|
||||||
|
|
||||||
age.secrets.healthchecks-telegram = {
|
|
||||||
file = ../../secrets/healthchecks-telegram.age;
|
|
||||||
owner = "healthchecks";
|
|
||||||
};
|
|
||||||
|
|
||||||
age.secrets.prometheus-webconfig-secret = {
|
age.secrets.prometheus-webconfig-secret = {
|
||||||
file = ../../secrets/monitoring-prometheus-webconfig.age;
|
file = ../../secrets/monitoring-prometheus-webconfig.age;
|
||||||
owner = "prometheus";
|
owner = "prometheus";
|
||||||
|
@ -235,17 +179,14 @@
|
||||||
|
|
||||||
services.healthchecks = {
|
services.healthchecks = {
|
||||||
enable = true;
|
enable = true;
|
||||||
# package = healthchecks-edge;
|
|
||||||
settings = {
|
settings = {
|
||||||
SECRET_KEY_FILE = config.age.secrets.healthchecks-secret.path;
|
SECRET_KEY_FILE = config.age.secrets.healthchecks-secret.path;
|
||||||
SITE_ROOT = "https://healthchecks.gmem.ca";
|
SITE_ROOT = "https://healthchecks.gmem.ca";
|
||||||
SITE_NAME = "Archs Healthchecks";
|
SITE_NAME = "Arch's Healthchecks";
|
||||||
EMAIL_HOST = "smtp.fastmail.com";
|
EMAIL_HOST = "smtp.fastmail.com";
|
||||||
EMAIL_HOST_PASSWORD_FILE = config.age.secrets.healthchecks-smtp.path;
|
EMAIL_HOST_PASSWORD_FILE = config.age.secrets.healthchecks-smtp.path;
|
||||||
EMAIL_HOST_USER = "g@gmem.ca";
|
EMAIL_HOST_USER = "g@gmem.ca";
|
||||||
DEFAULT_FROM_EMAIL = "healthchecks@gmem.ca";
|
DEFAULT_FROM_EMAIL = "healthchecks@gmem.ca";
|
||||||
TELEGRAM_BOT_NAME = "arch_healthchecks_bot";
|
|
||||||
TELEGRAM_TOKEN_FILE = config.age.secrets.healthchecks-telegram.path;
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -69,11 +69,10 @@
|
||||||
];
|
];
|
||||||
passwordFile = config.age.secrets.restic-password.path;
|
passwordFile = config.age.secrets.restic-password.path;
|
||||||
backupPrepareCommand = ''
|
backupPrepareCommand = ''
|
||||||
${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/gsimmer-backup/start
|
${pkgs.bash}/bin/bash -c '${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/gsimmer-backup/start'
|
||||||
'';
|
'';
|
||||||
backupCleanupCommand = ''
|
backupCleanupCommand = ''
|
||||||
output="$(journalctl --unit restic-backups-gsimmer.service --since=today --boot --no-pager | ${pkgs.coreutils}/bin/tail --bytes 100000)"
|
${pkgs.bash}/bin/bash -c '${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/gsimmer-backup'
|
||||||
${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/gsimmer-backup/$?" --data-raw "$output"
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
"becki" = {
|
"becki" = {
|
||||||
|
@ -98,11 +97,10 @@
|
||||||
passwordFile = config.age.secrets.restic-password.path;
|
passwordFile = config.age.secrets.restic-password.path;
|
||||||
initialize = true;
|
initialize = true;
|
||||||
backupPrepareCommand = ''
|
backupPrepareCommand = ''
|
||||||
${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/becki-backup/start
|
${pkgs.bash}/bin/bash -c '${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/becki-backup/start'
|
||||||
'';
|
'';
|
||||||
backupCleanupCommand = ''
|
backupCleanupCommand = ''
|
||||||
output="$(journalctl --unit restic-backups-becki.service --since=today --boot --no-pager | ${pkgs.coreutils}/bin/tail --bytes 100000)"
|
${pkgs.bash}/bin/bash -c '${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/becki-backup'
|
||||||
${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/becki-backup/$?" --data-raw "$output"
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
"apps" = {
|
"apps" = {
|
||||||
|
@ -125,11 +123,10 @@
|
||||||
"--keep-yearly 75"
|
"--keep-yearly 75"
|
||||||
];
|
];
|
||||||
backupPrepareCommand = ''
|
backupPrepareCommand = ''
|
||||||
${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/apps-backup/start
|
${pkgs.bash}/bin/bash -c '${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/apps-backup/start'
|
||||||
'';
|
'';
|
||||||
backupCleanupCommand = ''
|
backupCleanupCommand = ''
|
||||||
output="$(journalctl --unit restic-backups-apps.service --since=today --boot --no-pager | ${pkgs.coreutils}/bin/tail --bytes 100000)"
|
${pkgs.bash}/bin/bash -c '${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/apps-backup'
|
||||||
${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/apps-backup/$?" --data-raw "$output"
|
|
||||||
'';
|
'';
|
||||||
passwordFile = config.age.secrets.restic-password.path;
|
passwordFile = config.age.secrets.restic-password.path;
|
||||||
initialize = true;
|
initialize = true;
|
||||||
|
@ -346,9 +343,6 @@
|
||||||
CRUD_ACTIONS = "always";
|
CRUD_ACTIONS = "always";
|
||||||
MERGES = "always";
|
MERGES = "always";
|
||||||
};
|
};
|
||||||
indexer = {
|
|
||||||
REPO_INDEXER_ENABLED = true;
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
gitea-actions-runner = {
|
gitea-actions-runner = {
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
git.gmem.ca. 3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
|
git.gmem.ca. IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
|
||||||
food.gmem.ca. 3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
|
food.gmem.ca. IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
|
||||||
git.gmem.ca. 3600 IN A 100.116.48.47
|
git.gmem.ca. IN A 100.116.48.47
|
||||||
git.gmem.ca. 3600 IN AAAA fd7a:115c:a1e0:ab12:4843:cd96:6274:302f
|
git.gmem.ca. IN AAAA fd7a:115c:a1e0:ab12:4843:cd96:6274:302f
|
||||||
food.gmem.ca. 3600 IN A 100.77.43.133
|
food.gmem.ca. IN A 100.77.43.133
|
||||||
food.gmem.ca. 3600 IN AAAA fd7a:115c:a1e0:ab12:4843:cd96:624d:2b85
|
food.gmem.ca. IN AAAA fd7a:115c:a1e0:ab12:4843:cd96:624d:2b85
|
||||||
|
|
||||||
gmem.ca. 3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
|
gmem.ca. IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
|
||||||
gmem.ca. 3600 IN NS ruth.ns.cloudflare.com. seth.ns.cloudflare.com.
|
gmem.ca. IN NS ruth.ns.cloudflare.com. seth.ns.cloudflare.com.
|
|
@ -21,6 +21,7 @@
|
||||||
device = "/var/lib/swapfile";
|
device = "/var/lib/swapfile";
|
||||||
size = 8*1024;
|
size = 8*1024;
|
||||||
}
|
}
|
||||||
|
|
||||||
];
|
];
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
|
@ -88,7 +89,7 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
role = "server";
|
role = "server";
|
||||||
extraFlags = toString [
|
extraFlags = toString [
|
||||||
"--secrets-encryption --disable=traefik,servicelb"
|
"--secrets-encryption --disable=traefik"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -100,6 +101,8 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
system.copySystemConfiguration = true;
|
||||||
|
|
||||||
system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT?
|
system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT?
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -16,5 +16,4 @@ in
|
||||||
"secrets/monitoring-prometheus-password.age".publicKeys = [ monitoring gsimmer ];
|
"secrets/monitoring-prometheus-password.age".publicKeys = [ monitoring gsimmer ];
|
||||||
"secrets/healthchecks-ping.sh.age".publicKeys = machines ++ users;
|
"secrets/healthchecks-ping.sh.age".publicKeys = machines ++ users;
|
||||||
"secrets/fastmail-smtp.age".publicKeys = machines ++ users;
|
"secrets/fastmail-smtp.age".publicKeys = machines ++ users;
|
||||||
"secrets/healthchecks-telegram.age".publicKeys = [ monitoring gsimmer ];
|
|
||||||
}
|
}
|
||||||
|
|
Binary file not shown.
Loading…
Reference in a new issue