flake.lock

@@ -7,11 +7,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1695339232,
+        "lastModified": 1694793763,
-        "narHash": "sha256-6wQHW3uHECpGIBolTccQ6x3/9b8E1SrO+VzTABKe2xM=",
+        "narHash": "sha256-y6gTE1C9mIoSkymRYyzCmv62PFgy+hbZ5j8fuiQK5KI=",
         "owner": "ryantm",
         "repo": "agenix",
-        "rev": "7f9dfa309f24dc74450ecab6e74bc3d11c7ce735",
+        "rev": "572baca9b0c592f71982fca0790db4ce311e3c75",
         "type": "github"
       },
       "original": {
@@ -151,11 +151,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1695224363,
+        "lastModified": 1694643239,
-        "narHash": "sha256-+hfjJLUMck5G92RVFDZA7LWkR3kOxs5zQ7RPW9t3eM8=",
+        "narHash": "sha256-pv2k/5FvyirDE8g4TNehzwZ0T4UOMMmqWSQnM/luRtE=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "408ba13188ff9ce309fa2bdd2f81287d79773b00",
+        "rev": "d9b88b43524db1591fb3d9410a21428198d75d49",
         "type": "github"
       },
       "original": {
@@ -268,11 +268,11 @@
     },
     "nixpkgs_4": {
       "locked": {
-        "lastModified": 1695132891,
+        "lastModified": 1694948089,
-        "narHash": "sha256-cJR9AFHmt816cW/C9necLJyOg/gsnkvEeFAfxgeM1hc=",
+        "narHash": "sha256-d2B282GmQ9o8klc22/Rbbbj6r99EnELQpOQjWMyv0rU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "8b5ab8341e33322e5b66fb46ce23d724050f6606",
+        "rev": "5148520bfab61f99fd25fb9ff7bfbb50dad3c9db",
         "type": "github"
       },
       "original": {

flake.nix

@@ -138,36 +138,6 @@
             }
           ];
         };
-        seattle = nixpkgs.lib.nixosSystem {
-          system = "aarch64-linux";
-          modules = [
-            (import ./nix/seattle/configuration.nix)
-            {
-              _module.args.nixinate = {
-                host = "seattle";
-                sshUser = "gsimmer";
-                buildOn = "remote";
-                substituteOnTarget = true;
-                hermetic = false;
-              };
-            }
-          ];
-        };
-        glasgow = nixpkgs.lib.nixosSystem {
-          system = "aarch64-linux";
-          modules = [
-            (import ./nix/glasgow/configuration.nix)
-            {
-              _module.args.nixinate = {
-                host = "glasgow";
-                sshUser = "gsimmer";
-                buildOn = "remote";
-                substituteOnTarget = true;
-                hermetic = false;
-              };
-            }
-          ];
-        };
       };
     };
 }

homelab/nginx-ingress.yml

@@ -1,5 +1,4 @@
 controller:
-  replicaCount: 2
   metrics:
     enabled: true
     serviceMonitor:
@@ -11,8 +10,3 @@ controller:
     prometheus.io/port: "10254"
   ingressClassResource:
     default: true    
-  publishService:
-    enabled: true
-  service:
-    externalTrafficPolicy: Local
-  hostNetwork: true

nix/glasgow/configuration.nix

@@ -100,6 +100,8 @@
     };
   };
 
+  system.copySystemConfiguration = true;
+
   system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT?
 
 }

nix/london/configuration.nix

@@ -71,7 +71,6 @@
   i18n.defaultLocale = "en_GB.utf8";
 
   services = {
-    fwupd.enable = true;
     syncthing = {
       enable = true;
       overrideDevices = false;

nix/london/gsimmer.nix

@@ -16,7 +16,7 @@
         [
           (import (builtins.fetchTarball {
             url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
-            sha256 = "1jn0gw1a0dffvqizy15yni6qnsr94k48zl7b2vqfvfr409nxsyaw";
+            sha256 = "17y4i3p35qbw4xq7fybs60d2ym3brqzpv9mgsb55ma1rfc08m1jc";
           })) discordOverlay];
   };
   home = {

nix/monitoring/configuration.nix

@@ -1,54 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, ... }: {
-# let
-#   py = pkgs.python3.override {
-#     packageOverrides = final: prev: {
-#       django = prev.django_4;
-#     };
-#   };
-#   pydantic-edge = py.pkgs.pydantic.overridePythonAttrs (oldAttrs: rec {
-#     version = "2.3.0";
-#     src = pkgs.fetchFromGitHub {
-#       owner = "pydantic";
-#       repo = "pydantic";
-#       rev = "refs/tags/v${version}";
-#       hash = "sha256-toqrWg8bYzc3UmvG/YmXawfmT8nqaA9fxy24k1cdj+M=";
-#     };
-#     patches = [ ];
-#   });
-#   healthchecks-edge = pkgs.healthchecks.overridePythonAttrs (oldAttrs: rec {
-#     version = "unstable-2023-09-24";
-#     pname = "healthchecksedge";
-#     src = pkgs.fetchFromGitHub {
-#       owner = "healthchecks";
-#       repo = "healthchecks";
-#       rev = "507fd840d8c83a1685c8cccf47c67f939f295da1";
-#       hash = "sha256-EBfZQ41kc/H2BgzCPW0QZ8Js2DHU3ps4U1YaTZnGqg8=";
-#     };
-#     propagatedBuildInputs = with py.pkgs; [
-#       apprise
-#       cron-descriptor
-#       cronsim
-#       django
-#       django-compressor
-#       fido2
-#       minio
-#       psycopg2
-#       pycurl
-#       pydantic-edge
-#       pyotp
-#       segno
-#       statsd
-#       whitenoise
-#     ];
-#     passthru = {
-#       # PYTHONPATH of all dependencies used by the package
-#       pythonPath = py.pkgs.makePythonPath propagatedBuildInputs;
-#     };
-#     doCheck = false;
-#   });
-
-# in
-{
   imports = [
     ./hardware.nix
     ./networking.nix # generated at runtime by nixos-infect
@@ -63,12 +13,6 @@
     file = ../../secrets/fastmail-smtp.age;
     owner = "healthchecks";
   };
-
-  age.secrets.healthchecks-telegram = {
-    file = ../../secrets/healthchecks-telegram.age;
-    owner = "healthchecks";
-  };
-  
   age.secrets.prometheus-webconfig-secret = {
     file = ../../secrets/monitoring-prometheus-webconfig.age;
     owner = "prometheus";
@@ -235,17 +179,14 @@
 
   services.healthchecks = {
     enable = true;
-    # package = healthchecks-edge;
     settings = {
       SECRET_KEY_FILE = config.age.secrets.healthchecks-secret.path;
       SITE_ROOT = "https://healthchecks.gmem.ca";
-      SITE_NAME = "Archs Healthchecks";
+      SITE_NAME = "Arch's Healthchecks";
       EMAIL_HOST = "smtp.fastmail.com";
       EMAIL_HOST_PASSWORD_FILE = config.age.secrets.healthchecks-smtp.path;
       EMAIL_HOST_USER = "g@gmem.ca";
       DEFAULT_FROM_EMAIL = "healthchecks@gmem.ca";
-      TELEGRAM_BOT_NAME = "arch_healthchecks_bot";
-      TELEGRAM_TOKEN_FILE = config.age.secrets.healthchecks-telegram.path;
     };
   };
   

nix/nas/configuration.nix

@@ -69,11 +69,10 @@
           ];
           passwordFile = config.age.secrets.restic-password.path;
           backupPrepareCommand = ''
-            ${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/gsimmer-backup/start
+            ${pkgs.bash}/bin/bash -c '${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/gsimmer-backup/start'
           '';
           backupCleanupCommand = ''
-            output="$(journalctl --unit restic-backups-gsimmer.service --since=today --boot --no-pager | ${pkgs.coreutils}/bin/tail --bytes 100000)"
+            ${pkgs.bash}/bin/bash -c '${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/gsimmer-backup'
-            ${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/gsimmer-backup/$?" --data-raw "$output"
           '';
         };
         "becki" = {
@@ -98,11 +97,10 @@
           passwordFile = config.age.secrets.restic-password.path;
           initialize = true;
           backupPrepareCommand = ''
-            ${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/becki-backup/start
+            ${pkgs.bash}/bin/bash -c '${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/becki-backup/start'
           '';
           backupCleanupCommand = ''
-            output="$(journalctl --unit restic-backups-becki.service --since=today --boot --no-pager | ${pkgs.coreutils}/bin/tail --bytes 100000)"
+            ${pkgs.bash}/bin/bash -c '${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/becki-backup'
-            ${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/becki-backup/$?" --data-raw "$output"
           '';
         };
         "apps" = {
@@ -125,11 +123,10 @@
             "--keep-yearly 75"
           ];
           backupPrepareCommand = ''
-            ${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/apps-backup/start
+            ${pkgs.bash}/bin/bash -c '${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/apps-backup/start'
           '';
           backupCleanupCommand = ''
-            output="$(journalctl --unit restic-backups-apps.service --since=today --boot --no-pager | ${pkgs.coreutils}/bin/tail --bytes 100000)"
+            ${pkgs.bash}/bin/bash -c '${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/apps-backup'
-            ${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/apps-backup/$?" --data-raw "$output"
           '';
           passwordFile = config.age.secrets.restic-password.path;
           initialize = true;
@@ -346,9 +343,6 @@
           CRUD_ACTIONS = "always";
           MERGES = "always";
         };
-        indexer = {
-          REPO_INDEXER_ENABLED = true;
-        };
       };
     };
     gitea-actions-runner = {

nix/nas/dns.db

@@ -1,9 +1,9 @@
-git.gmem.ca.            3600 IN     SOA     sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
+git.gmem.ca.            IN      SOA     sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
-food.gmem.ca.           3600 IN     SOA     sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
+food.gmem.ca.           IN      SOA     sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
-git.gmem.ca.            3600 IN     A       100.116.48.47
+git.gmem.ca.            IN      A       100.116.48.47
-git.gmem.ca.            3600 IN     AAAA    fd7a:115c:a1e0:ab12:4843:cd96:6274:302f
+git.gmem.ca.            IN      AAAA    fd7a:115c:a1e0:ab12:4843:cd96:6274:302f
-food.gmem.ca.           3600 IN     A       100.77.43.133
+food.gmem.ca.           IN      A       100.77.43.133
-food.gmem.ca.           3600 IN     AAAA    fd7a:115c:a1e0:ab12:4843:cd96:624d:2b85
+food.gmem.ca.           IN      AAAA    fd7a:115c:a1e0:ab12:4843:cd96:624d:2b85
 
-gmem.ca.            3600 IN     SOA     sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
+gmem.ca.            IN      SOA     sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
-gmem.ca.			3600 IN		NS      ruth.ns.cloudflare.com. seth.ns.cloudflare.com.
+gmem.ca.			IN		NS      ruth.ns.cloudflare.com. seth.ns.cloudflare.com.

nix/seattle/configuration.nix

@@ -21,6 +21,7 @@
       device = "/var/lib/swapfile";
       size = 8*1024;
     }
+
   ];
 
   nix = {
@@ -88,7 +89,7 @@
       enable = true;
       role = "server";
       extraFlags = toString [
-        "--secrets-encryption --disable=traefik,servicelb"
+        "--secrets-encryption --disable=traefik"
       ];
     };
   };
@@ -100,6 +101,8 @@
     };
   };
 
+  system.copySystemConfiguration = true;
+
   system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT?
 
 }

secrets.nix

@@ -16,5 +16,4 @@ in
   "secrets/monitoring-prometheus-password.age".publicKeys = [ monitoring gsimmer ];
   "secrets/healthchecks-ping.sh.age".publicKeys = machines ++ users;
   "secrets/fastmail-smtp.age".publicKeys = machines ++ users;
-  "secrets/healthchecks-telegram.age".publicKeys = [ monitoring gsimmer ];
 }