Compare commits
No commits in common. "ee71aa15633b74172e32cdc0fc3c965d92735fad" and "5cdc1edd916197b12864c904640868facf6f1c11" have entirely different histories.
ee71aa1563
...
5cdc1edd91
18
flake.lock
18
flake.lock
|
|
@ -7,11 +7,11 @@
|
|||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1695339232,
|
||||
"narHash": "sha256-6wQHW3uHECpGIBolTccQ6x3/9b8E1SrO+VzTABKe2xM=",
|
||||
"lastModified": 1694793763,
|
||||
"narHash": "sha256-y6gTE1C9mIoSkymRYyzCmv62PFgy+hbZ5j8fuiQK5KI=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "7f9dfa309f24dc74450ecab6e74bc3d11c7ce735",
|
||||
"rev": "572baca9b0c592f71982fca0790db4ce311e3c75",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -151,11 +151,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1695224363,
|
||||
"narHash": "sha256-+hfjJLUMck5G92RVFDZA7LWkR3kOxs5zQ7RPW9t3eM8=",
|
||||
"lastModified": 1694643239,
|
||||
"narHash": "sha256-pv2k/5FvyirDE8g4TNehzwZ0T4UOMMmqWSQnM/luRtE=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "408ba13188ff9ce309fa2bdd2f81287d79773b00",
|
||||
"rev": "d9b88b43524db1591fb3d9410a21428198d75d49",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
@ -268,11 +268,11 @@
|
|||
},
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1695132891,
|
||||
"narHash": "sha256-cJR9AFHmt816cW/C9necLJyOg/gsnkvEeFAfxgeM1hc=",
|
||||
"lastModified": 1694948089,
|
||||
"narHash": "sha256-d2B282GmQ9o8klc22/Rbbbj6r99EnELQpOQjWMyv0rU=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "8b5ab8341e33322e5b66fb46ce23d724050f6606",
|
||||
"rev": "5148520bfab61f99fd25fb9ff7bfbb50dad3c9db",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
|||
30
flake.nix
30
flake.nix
|
|
@ -138,36 +138,6 @@
|
|||
}
|
||||
];
|
||||
};
|
||||
seattle = nixpkgs.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
modules = [
|
||||
(import ./nix/seattle/configuration.nix)
|
||||
{
|
||||
_module.args.nixinate = {
|
||||
host = "seattle";
|
||||
sshUser = "gsimmer";
|
||||
buildOn = "remote";
|
||||
substituteOnTarget = true;
|
||||
hermetic = false;
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
glasgow = nixpkgs.lib.nixosSystem {
|
||||
system = "aarch64-linux";
|
||||
modules = [
|
||||
(import ./nix/glasgow/configuration.nix)
|
||||
{
|
||||
_module.args.nixinate = {
|
||||
host = "glasgow";
|
||||
sshUser = "gsimmer";
|
||||
buildOn = "remote";
|
||||
substituteOnTarget = true;
|
||||
hermetic = false;
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,5 +1,4 @@
|
|||
controller:
|
||||
replicaCount: 2
|
||||
metrics:
|
||||
enabled: true
|
||||
serviceMonitor:
|
||||
|
|
@ -11,8 +10,3 @@ controller:
|
|||
prometheus.io/port: "10254"
|
||||
ingressClassResource:
|
||||
default: true
|
||||
publishService:
|
||||
enabled: true
|
||||
service:
|
||||
externalTrafficPolicy: Local
|
||||
hostNetwork: true
|
||||
|
|
|
|||
|
|
@ -100,6 +100,8 @@
|
|||
};
|
||||
};
|
||||
|
||||
system.copySystemConfiguration = true;
|
||||
|
||||
system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT?
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -71,7 +71,6 @@
|
|||
i18n.defaultLocale = "en_GB.utf8";
|
||||
|
||||
services = {
|
||||
fwupd.enable = true;
|
||||
syncthing = {
|
||||
enable = true;
|
||||
overrideDevices = false;
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@
|
|||
[
|
||||
(import (builtins.fetchTarball {
|
||||
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
|
||||
sha256 = "1jn0gw1a0dffvqizy15yni6qnsr94k48zl7b2vqfvfr409nxsyaw";
|
||||
sha256 = "17y4i3p35qbw4xq7fybs60d2ym3brqzpv9mgsb55ma1rfc08m1jc";
|
||||
})) discordOverlay];
|
||||
};
|
||||
home = {
|
||||
|
|
|
|||
|
|
@ -1,54 +1,4 @@
|
|||
{ config, pkgs, ... }:
|
||||
# let
|
||||
# py = pkgs.python3.override {
|
||||
# packageOverrides = final: prev: {
|
||||
# django = prev.django_4;
|
||||
# };
|
||||
# };
|
||||
# pydantic-edge = py.pkgs.pydantic.overridePythonAttrs (oldAttrs: rec {
|
||||
# version = "2.3.0";
|
||||
# src = pkgs.fetchFromGitHub {
|
||||
# owner = "pydantic";
|
||||
# repo = "pydantic";
|
||||
# rev = "refs/tags/v${version}";
|
||||
# hash = "sha256-toqrWg8bYzc3UmvG/YmXawfmT8nqaA9fxy24k1cdj+M=";
|
||||
# };
|
||||
# patches = [ ];
|
||||
# });
|
||||
# healthchecks-edge = pkgs.healthchecks.overridePythonAttrs (oldAttrs: rec {
|
||||
# version = "unstable-2023-09-24";
|
||||
# pname = "healthchecksedge";
|
||||
# src = pkgs.fetchFromGitHub {
|
||||
# owner = "healthchecks";
|
||||
# repo = "healthchecks";
|
||||
# rev = "507fd840d8c83a1685c8cccf47c67f939f295da1";
|
||||
# hash = "sha256-EBfZQ41kc/H2BgzCPW0QZ8Js2DHU3ps4U1YaTZnGqg8=";
|
||||
# };
|
||||
# propagatedBuildInputs = with py.pkgs; [
|
||||
# apprise
|
||||
# cron-descriptor
|
||||
# cronsim
|
||||
# django
|
||||
# django-compressor
|
||||
# fido2
|
||||
# minio
|
||||
# psycopg2
|
||||
# pycurl
|
||||
# pydantic-edge
|
||||
# pyotp
|
||||
# segno
|
||||
# statsd
|
||||
# whitenoise
|
||||
# ];
|
||||
# passthru = {
|
||||
# # PYTHONPATH of all dependencies used by the package
|
||||
# pythonPath = py.pkgs.makePythonPath propagatedBuildInputs;
|
||||
# };
|
||||
# doCheck = false;
|
||||
# });
|
||||
|
||||
# in
|
||||
{
|
||||
{ config, pkgs, ... }: {
|
||||
imports = [
|
||||
./hardware.nix
|
||||
./networking.nix # generated at runtime by nixos-infect
|
||||
|
|
@ -63,12 +13,6 @@
|
|||
file = ../../secrets/fastmail-smtp.age;
|
||||
owner = "healthchecks";
|
||||
};
|
||||
|
||||
age.secrets.healthchecks-telegram = {
|
||||
file = ../../secrets/healthchecks-telegram.age;
|
||||
owner = "healthchecks";
|
||||
};
|
||||
|
||||
age.secrets.prometheus-webconfig-secret = {
|
||||
file = ../../secrets/monitoring-prometheus-webconfig.age;
|
||||
owner = "prometheus";
|
||||
|
|
@ -235,17 +179,14 @@
|
|||
|
||||
services.healthchecks = {
|
||||
enable = true;
|
||||
# package = healthchecks-edge;
|
||||
settings = {
|
||||
SECRET_KEY_FILE = config.age.secrets.healthchecks-secret.path;
|
||||
SITE_ROOT = "https://healthchecks.gmem.ca";
|
||||
SITE_NAME = "Archs Healthchecks";
|
||||
SITE_NAME = "Arch's Healthchecks";
|
||||
EMAIL_HOST = "smtp.fastmail.com";
|
||||
EMAIL_HOST_PASSWORD_FILE = config.age.secrets.healthchecks-smtp.path;
|
||||
EMAIL_HOST_USER = "g@gmem.ca";
|
||||
DEFAULT_FROM_EMAIL = "healthchecks@gmem.ca";
|
||||
TELEGRAM_BOT_NAME = "arch_healthchecks_bot";
|
||||
TELEGRAM_TOKEN_FILE = config.age.secrets.healthchecks-telegram.path;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -69,11 +69,10 @@
|
|||
];
|
||||
passwordFile = config.age.secrets.restic-password.path;
|
||||
backupPrepareCommand = ''
|
||||
${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/gsimmer-backup/start
|
||||
${pkgs.bash}/bin/bash -c '${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/gsimmer-backup/start'
|
||||
'';
|
||||
backupCleanupCommand = ''
|
||||
output="$(journalctl --unit restic-backups-gsimmer.service --since=today --boot --no-pager | ${pkgs.coreutils}/bin/tail --bytes 100000)"
|
||||
${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/gsimmer-backup/$?" --data-raw "$output"
|
||||
${pkgs.bash}/bin/bash -c '${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/gsimmer-backup'
|
||||
'';
|
||||
};
|
||||
"becki" = {
|
||||
|
|
@ -98,11 +97,10 @@
|
|||
passwordFile = config.age.secrets.restic-password.path;
|
||||
initialize = true;
|
||||
backupPrepareCommand = ''
|
||||
${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/becki-backup/start
|
||||
${pkgs.bash}/bin/bash -c '${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/becki-backup/start'
|
||||
'';
|
||||
backupCleanupCommand = ''
|
||||
output="$(journalctl --unit restic-backups-becki.service --since=today --boot --no-pager | ${pkgs.coreutils}/bin/tail --bytes 100000)"
|
||||
${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/becki-backup/$?" --data-raw "$output"
|
||||
${pkgs.bash}/bin/bash -c '${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/becki-backup'
|
||||
'';
|
||||
};
|
||||
"apps" = {
|
||||
|
|
@ -125,11 +123,10 @@
|
|||
"--keep-yearly 75"
|
||||
];
|
||||
backupPrepareCommand = ''
|
||||
${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/apps-backup/start
|
||||
${pkgs.bash}/bin/bash -c '${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/apps-backup/start'
|
||||
'';
|
||||
backupCleanupCommand = ''
|
||||
output="$(journalctl --unit restic-backups-apps.service --since=today --boot --no-pager | ${pkgs.coreutils}/bin/tail --bytes 100000)"
|
||||
${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null "$(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/apps-backup/$?" --data-raw "$output"
|
||||
${pkgs.bash}/bin/bash -c '${pkgs.curl}/bin/curl -fsS -m 10 --retry 5 -o /dev/null $(${pkgs.coreutils}/bin/cat ${config.age.secrets.healthcheck-ping.path})/apps-backup'
|
||||
'';
|
||||
passwordFile = config.age.secrets.restic-password.path;
|
||||
initialize = true;
|
||||
|
|
@ -346,9 +343,6 @@
|
|||
CRUD_ACTIONS = "always";
|
||||
MERGES = "always";
|
||||
};
|
||||
indexer = {
|
||||
REPO_INDEXER_ENABLED = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
gitea-actions-runner = {
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
git.gmem.ca. 3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
|
||||
food.gmem.ca. 3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
|
||||
git.gmem.ca. 3600 IN A 100.116.48.47
|
||||
git.gmem.ca. 3600 IN AAAA fd7a:115c:a1e0:ab12:4843:cd96:6274:302f
|
||||
food.gmem.ca. 3600 IN A 100.77.43.133
|
||||
food.gmem.ca. 3600 IN AAAA fd7a:115c:a1e0:ab12:4843:cd96:624d:2b85
|
||||
git.gmem.ca. IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
|
||||
food.gmem.ca. IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
|
||||
git.gmem.ca. IN A 100.116.48.47
|
||||
git.gmem.ca. IN AAAA fd7a:115c:a1e0:ab12:4843:cd96:6274:302f
|
||||
food.gmem.ca. IN A 100.77.43.133
|
||||
food.gmem.ca. IN AAAA fd7a:115c:a1e0:ab12:4843:cd96:624d:2b85
|
||||
|
||||
gmem.ca. 3600 IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
|
||||
gmem.ca. 3600 IN NS ruth.ns.cloudflare.com. seth.ns.cloudflare.com.
|
||||
gmem.ca. IN SOA sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
|
||||
gmem.ca. IN NS ruth.ns.cloudflare.com. seth.ns.cloudflare.com.
|
||||
|
|
@ -21,6 +21,7 @@
|
|||
device = "/var/lib/swapfile";
|
||||
size = 8*1024;
|
||||
}
|
||||
|
||||
];
|
||||
|
||||
nix = {
|
||||
|
|
@ -88,7 +89,7 @@
|
|||
enable = true;
|
||||
role = "server";
|
||||
extraFlags = toString [
|
||||
"--secrets-encryption --disable=traefik,servicelb"
|
||||
"--secrets-encryption --disable=traefik"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
@ -100,6 +101,8 @@
|
|||
};
|
||||
};
|
||||
|
||||
system.copySystemConfiguration = true;
|
||||
|
||||
system.stateVersion = "23.11"; # dId YoU rEaD tHe CoMmEnT?
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -16,5 +16,4 @@ in
|
|||
"secrets/monitoring-prometheus-password.age".publicKeys = [ monitoring gsimmer ];
|
||||
"secrets/healthchecks-ping.sh.age".publicKeys = machines ++ users;
|
||||
"secrets/fastmail-smtp.age".publicKeys = machines ++ users;
|
||||
"secrets/healthchecks-telegram.age".publicKeys = [ monitoring gsimmer ];
|
||||
}
|
||||
|
|
|
|||
Binary file not shown.
Loading…
Reference in a new issue