Compare commits
12 commits
f8e30902e1
...
09cf8c226b
Author | SHA1 | Date | |
---|---|---|---|
Gabriel Simmer | 09cf8c226b | ||
Gabriel Simmer | c39f5c3803 | ||
Gabriel Simmer | 76f5b653f3 | ||
Gabriel Simmer | d2f62b6ff3 | ||
Gabriel Simmer | 481b0fa9d0 | ||
Gabriel Simmer | 6949c68814 | ||
Gabriel Simmer | d8d8b303cb | ||
Gabriel Simmer | 0832307fc3 | ||
Gabriel Simmer | 88be070f1d | ||
Gabriel Simmer | d5d0cb2077 | ||
Gabriel Simmer | 87a64dc602 | ||
Gabriel Simmer | d25e732dc0 |
|
@ -52,11 +52,10 @@
|
||||||
"homelab".a.data = ["192.168.50.45"];
|
"homelab".a.data = ["192.168.50.45"];
|
||||||
"_acme-challenge.router".txt.data = ["CJKnxKczldLEAy6zPkST0xeJ5Cy-xdT_ElzqMxhNh5E"];
|
"_acme-challenge.router".txt.data = ["CJKnxKczldLEAy6zPkST0xeJ5Cy-xdT_ElzqMxhNh5E"];
|
||||||
|
|
||||||
"osc-triggers" = {
|
"osc-triggers".cname = {
|
||||||
a.data = ["46.23.81.157"];
|
ttl = 0;
|
||||||
aaaa.data = ["2a03:6000:1813:1337::157"];
|
data = "osc-triggers.pages.dev";
|
||||||
};
|
};
|
||||||
|
|
||||||
"mitu.camera".a.data = ["192.168.50.121"];
|
"mitu.camera".a.data = ["192.168.50.121"];
|
||||||
|
|
||||||
"ns1" = {
|
"ns1" = {
|
||||||
|
@ -166,6 +165,7 @@
|
||||||
"metube"
|
"metube"
|
||||||
"search"
|
"search"
|
||||||
"red"
|
"red"
|
||||||
|
"secrets"
|
||||||
] (name: {cname.data = "cluster.gmem.ca";})
|
] (name: {cname.data = "cluster.gmem.ca";})
|
||||||
// lib.attrsets.genAttrs [
|
// lib.attrsets.genAttrs [
|
||||||
# Externally hosted applications with Tunnels
|
# Externally hosted applications with Tunnels
|
||||||
|
|
|
@ -46,6 +46,7 @@
|
||||||
"e6"
|
"e6"
|
||||||
"red"
|
"red"
|
||||||
"minecraft-invites"
|
"minecraft-invites"
|
||||||
|
"secrets"
|
||||||
] (name: {
|
] (name: {
|
||||||
name = name + ".gmem.ca";
|
name = name + ".gmem.ca";
|
||||||
content = "homelab.gmem.ca";
|
content = "homelab.gmem.ca";
|
||||||
|
|
72
flake.lock
72
flake.lock
|
@ -101,11 +101,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717664893,
|
"lastModified": 1718644238,
|
||||||
"narHash": "sha256-k79hmHv7Q1/FZSqBzNqmLAU6WGICKPFN6QcCX0QM8Og=",
|
"narHash": "sha256-Kjqe0v2n0+ZU74edGZJADysx+n4Ny5QVuqk4xVEblHE=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "emacs-overlay",
|
"repo": "emacs-overlay",
|
||||||
"rev": "28779a7abf781d387806f2567b578af6fd165705",
|
"rev": "1f57a6596440c15e6135dfbde5f93c2851f01ac9",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -310,11 +310,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717525419,
|
"lastModified": 1718526747,
|
||||||
"narHash": "sha256-5z2422pzWnPXHgq2ms8lcCfttM0dz+hg+x1pCcNkAws=",
|
"narHash": "sha256-sKrD/utGvmtQALvuDj4j0CT3AJXP1idOAq2p+27TpeE=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "a7117efb3725e6197dd95424136f79147aa35e5b",
|
"rev": "0a7ffb28e5df5844d0e8039c9833d7075cdee792",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -331,11 +331,11 @@
|
||||||
"treefmt": "treefmt"
|
"treefmt": "treefmt"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717524369,
|
"lastModified": 1718110643,
|
||||||
"narHash": "sha256-OR0IaHPh6dHrpwTJJdq9IMvJyY6/OQWmS4FEk38Qlm4=",
|
"narHash": "sha256-KrEOCx/bpN++sySOEL5EO5AhYsqRZZk+CXacueUeSl4=",
|
||||||
"owner": "hall",
|
"owner": "hall",
|
||||||
"repo": "kubenix",
|
"repo": "kubenix",
|
||||||
"rev": "b5dc95c847893857f02579118f7dfb37b580746e",
|
"rev": "a04066c45526c6d8410ba998134f692ff991b4f3",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -350,11 +350,11 @@
|
||||||
"nixpkgs-lib": "nixpkgs-lib"
|
"nixpkgs-lib": "nixpkgs-lib"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717330178,
|
"lastModified": 1718539824,
|
||||||
"narHash": "sha256-rRZjmC3xcPpHTJHnEy3T99O86Ecjao5YhakzaoNiRcs=",
|
"narHash": "sha256-pVGgM3MOOpMMqprkrMkuWwhC1dsw6Xt7aRGaBkMQqG0=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "lib-aggregate",
|
"repo": "lib-aggregate",
|
||||||
"rev": "64d43e2bbc6eab8d1cbdfba96d90a71e15a847d7",
|
"rev": "17a1c1bfca963a2776969866aaa07744d7ac9135",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -413,11 +413,11 @@
|
||||||
"treefmt-nix": "treefmt-nix_2"
|
"treefmt-nix": "treefmt-nix_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1715804156,
|
"lastModified": 1717698186,
|
||||||
"narHash": "sha256-GtIHP86Cz1kD9xZO/cKbNQACHKdoT9WFbLJAq6W2EDY=",
|
"narHash": "sha256-e3/cvm7bAn0RsTBcPfHwuYOi2lwoO4jpTn4nmMSvHfU=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nix-eval-jobs",
|
"repo": "nix-eval-jobs",
|
||||||
"rev": "bb95091f6c6f38f6cfc215a1797a2dd466312c8b",
|
"rev": "b6169e08e76e10b673d1b54f944cddb1e7cbea97",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -512,11 +512,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716210724,
|
"lastModified": 1718025593,
|
||||||
"narHash": "sha256-iqQa3omRcHGpWb1ds75jS9ruA5R39FTmAkeR3J+ve1w=",
|
"narHash": "sha256-WZ1gdKq/9u1Ns/oXuNsDm+W0salonVA0VY1amw8urJ4=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixos-generators",
|
"repo": "nixos-generators",
|
||||||
"rev": "d14b286322c7f4f897ca4b1726ce38cb68596c94",
|
"rev": "35c20ba421dfa5059e20e0ef2343c875372bdcf3",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -527,11 +527,11 @@
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717574423,
|
"lastModified": 1718548414,
|
||||||
"narHash": "sha256-cz3P5MZffAHwL2IQaNzsqUBsJS+u0J/AAwArHMAcCa0=",
|
"narHash": "sha256-1obyIuQPR/Kq1j5/i/5EuAfQrDwjYnjCDG8iLtXmBhQ=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "d6c6cf6f5fead4057d8fb2d5f30aa8ac1727f177",
|
"rev": "cde8f7e11f036160b0fd6a9e07dc4c8e4061cf06",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -559,11 +559,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-lib": {
|
"nixpkgs-lib": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717289404,
|
"lastModified": 1718499101,
|
||||||
"narHash": "sha256-4q6ZO3BqHgdd3Aacb/xiQXB4g9TQKpQg/praTpD9vbI=",
|
"narHash": "sha256-2oGRKxl3qEyRH2DJRiVtLeJICcybXMkqjWQYODINL9M=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixpkgs.lib",
|
"repo": "nixpkgs.lib",
|
||||||
"rev": "e090cb30ae82f4b4461aafdb808847c6c97b08c2",
|
"rev": "6fba0c5a27b984914794ffdab8d7bb5c29ab11b6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -574,11 +574,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717530100,
|
"lastModified": 1718447546,
|
||||||
"narHash": "sha256-b4Dn+PnrZoVZ/BoR9JN2fTxXxplJrAsdSUIePf4Cacs=",
|
"narHash": "sha256-JHuXsrC9pr4kA4n7LuuPfWFJUVlDBVJ1TXDVpHEuUgM=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "a2e1d0414259a144ebdc048408a807e69e0565af",
|
"rev": "842253bf992c3a7157b67600c2857193f126563a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -598,11 +598,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717669106,
|
"lastModified": 1718648571,
|
||||||
"narHash": "sha256-C7jLK3KgTbGBQcpRsu1qivSoSfkp7PaWI+tLfo9qHHY=",
|
"narHash": "sha256-B8gba/06zL6xahoOeoTRg4pc9EvDX6sZNhvuiSmhKbE=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixpkgs-wayland",
|
"repo": "nixpkgs-wayland",
|
||||||
"rev": "27f970b56d7de3b7214b6017cec7f149656448a1",
|
"rev": "8b98b818f71327a617f730cd8a7a8e1be41ce66e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -629,11 +629,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_3": {
|
"nixpkgs_3": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717196966,
|
"lastModified": 1718318537,
|
||||||
"narHash": "sha256-yZKhxVIKd2lsbOqYd5iDoUIwsRZFqE87smE2Vzf6Ck0=",
|
"narHash": "sha256-4Zu0RYRcAY/VWuu6awwq4opuiD//ahpc2aFHg2CWqFY=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "57610d2f8f0937f39dbd72251e9614b1561942d8",
|
"rev": "e9ee548d90ff586a6471b4ae80ae9cfcbceb3420",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -677,11 +677,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_6": {
|
"nixpkgs_6": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1717459389,
|
"lastModified": 1718428119,
|
||||||
"narHash": "sha256-I8/plBsua4/NZ5bKgj+z7/ThiWuud1YFwLsn1QQ5PgE=",
|
"narHash": "sha256-WdWDpNaq6u1IPtxtYHHWpl5BmabtpmLnMAx0RdJ/vo8=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "3b01abcc24846ae49957b30f4345bab4b3f1d14b",
|
"rev": "e6cea36f83499eb4e9cd184c8a8e823296b50ad5",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
32
flake.nix
32
flake.nix
|
@ -54,7 +54,8 @@
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
pkgs = import nixpkgs {
|
pkgs = import nixpkgs {
|
||||||
inherit system;
|
inherit system;
|
||||||
overlays = [emacs-overlay.overlays.default];
|
config.allowUnfree = true;
|
||||||
|
overlays = [emacs-overlay.overlay nixpkgs-wayland.overlay];
|
||||||
};
|
};
|
||||||
tf = terranix.lib.terranixConfiguration {
|
tf = terranix.lib.terranixConfiguration {
|
||||||
system = "x86_64-linux";
|
system = "x86_64-linux";
|
||||||
|
@ -267,7 +268,7 @@
|
||||||
};
|
};
|
||||||
nixosConfigurations = {
|
nixosConfigurations = {
|
||||||
london = nixpkgs.lib.nixosSystem {
|
london = nixpkgs.lib.nixosSystem {
|
||||||
system = "x86_64-linux";
|
inherit system pkgs;
|
||||||
modules = [
|
modules = [
|
||||||
lix-module.nixosModules.default
|
lix-module.nixosModules.default
|
||||||
(import ./nix/london/configuration.nix)
|
(import ./nix/london/configuration.nix)
|
||||||
|
@ -275,35 +276,10 @@
|
||||||
(import ./modules/vfio.nix)
|
(import ./modules/vfio.nix)
|
||||||
home-manager.nixosModules.home-manager
|
home-manager.nixosModules.home-manager
|
||||||
{
|
{
|
||||||
|
home-manager.useGlobalPkgs = true;
|
||||||
home-manager.useUserPackages = true;
|
home-manager.useUserPackages = true;
|
||||||
home-manager.users.gsimmer = import ./nix/london/gsimmer.nix;
|
home-manager.users.gsimmer = import ./nix/london/gsimmer.nix;
|
||||||
}
|
}
|
||||||
(
|
|
||||||
{
|
|
||||||
pkgs,
|
|
||||||
config,
|
|
||||||
...
|
|
||||||
}: {
|
|
||||||
config = {
|
|
||||||
nix.settings = {
|
|
||||||
# add binary caches
|
|
||||||
trusted-public-keys = [
|
|
||||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
|
||||||
"nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
|
|
||||||
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
|
||||||
];
|
|
||||||
substituters = [
|
|
||||||
"https://cache.nixos.org"
|
|
||||||
"https://nixpkgs-wayland.cachix.org"
|
|
||||||
"https://nix-community.cachix.org"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
|
|
||||||
# use it as an overlay
|
|
||||||
nixpkgs.overlays = [nixpkgs-wayland.overlay];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
)
|
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
oracle-gitea-runner = nixpkgs.lib.nixosSystem {
|
oracle-gitea-runner = nixpkgs.lib.nixosSystem {
|
||||||
|
|
|
@ -3,7 +3,7 @@ authentik:
|
||||||
enabled: false
|
enabled: false
|
||||||
global:
|
global:
|
||||||
image:
|
image:
|
||||||
tag: 2024.2.3
|
tag: 2024.4.2
|
||||||
env:
|
env:
|
||||||
- name: AUTHENTIK_WEB__THREADS
|
- name: AUTHENTIK_WEB__THREADS
|
||||||
value: "2"
|
value: "2"
|
||||||
|
@ -43,3 +43,7 @@ server:
|
||||||
- authentik.gmem.ca
|
- authentik.gmem.ca
|
||||||
redis:
|
redis:
|
||||||
enabled: true
|
enabled: true
|
||||||
|
image:
|
||||||
|
registry: "registry.redict.io"
|
||||||
|
repository: "redict"
|
||||||
|
tag: "7.3-compat"
|
||||||
|
|
|
@ -18,5 +18,13 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
{
|
||||||
|
name = "infisicalsecrets";
|
||||||
|
attrName = "infisicalsecret";
|
||||||
|
group = "secrets.infisical.com";
|
||||||
|
kind = "InfisicalSecret";
|
||||||
|
version = "v1alpha1";
|
||||||
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
73
homelab/duplikate.nix
Normal file
73
homelab/duplikate.nix
Normal file
|
@ -0,0 +1,73 @@
|
||||||
|
let
|
||||||
|
appName = "duplikate";
|
||||||
|
appImage = "git.gmem.ca/arch/duplikate:latest";
|
||||||
|
functions = import ./functions.nix {};
|
||||||
|
in
|
||||||
|
{
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
kubenix,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
|
kubernetes.resources.deployments.duplikate = {
|
||||||
|
metadata.namespace = "duplikate";
|
||||||
|
spec = {
|
||||||
|
selector.matchLabels.app = appName;
|
||||||
|
template = {
|
||||||
|
metadata.labels.app = appName;
|
||||||
|
spec = {
|
||||||
|
containers = {
|
||||||
|
duplikate = {
|
||||||
|
image = appImage;
|
||||||
|
env.REDIS_URL.value = "redis://duplikate-redis-master";
|
||||||
|
envFrom = [
|
||||||
|
{secretRef.name = "duplikate";}
|
||||||
|
];
|
||||||
|
resources = {
|
||||||
|
requests = {
|
||||||
|
cpu = "10m";
|
||||||
|
memory = "32Mi";
|
||||||
|
};
|
||||||
|
limits = {
|
||||||
|
cpu = "1";
|
||||||
|
memory = "128Mi";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
kubernetes.resources."secrets.infisical.com"."v1alpha1".InfisicalSecret.duplikate = functions.secret "duplikate";
|
||||||
|
|
||||||
|
kubernetes.helm.releases.duplikate-redis = {
|
||||||
|
namespace = "duplikate";
|
||||||
|
chart = kubenix.lib.helm.fetch {
|
||||||
|
repo = "https://charts.bitnami.com/bitnami";
|
||||||
|
chart = "redis";
|
||||||
|
version = "18.6.1";
|
||||||
|
sha256 = "CyvGHc1v1BtbzDx6hbbPah2uWpUhlNIUQowephT6hmM=";
|
||||||
|
};
|
||||||
|
values = {
|
||||||
|
auth.enabled = false;
|
||||||
|
architecture = "standalone";
|
||||||
|
image = {
|
||||||
|
registry = "registry.redict.io";
|
||||||
|
repository = "redict";
|
||||||
|
tag = "7.3-compat";
|
||||||
|
digest = "sha256:91fcd3124ddb77a098ec0da93c07f99b02b178ab356fe51aa0839aaa62891208";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
kubernetes.resources.statefulSets.duplikate-redis-master = {
|
||||||
|
metadata.namespace = "duplikate";
|
||||||
|
spec = {
|
||||||
|
template.spec.volumes.start-scripts.configMap.name = lib.mkForce "duplikate-redis-scripts-a4596108c1";
|
||||||
|
template.spec.volumes.health.configMap.name = lib.mkForce "duplikate-redis-health-05691b979f";
|
||||||
|
template.spec.volumes.config.configMap.name = lib.mkForce "duplikate-redis-configuration-4712c8e029";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
28
homelab/functions.nix
Normal file
28
homelab/functions.nix
Normal file
|
@ -0,0 +1,28 @@
|
||||||
|
{ ... }: {
|
||||||
|
secret = name: {
|
||||||
|
metadata.namespace = "${name}";
|
||||||
|
spec = {
|
||||||
|
hostAPI = "http://infisical:8080";
|
||||||
|
resyncInterval = 10;
|
||||||
|
authentication = {
|
||||||
|
kubernetesAuth = {
|
||||||
|
identityId = "68d1f432-7b0a-4e4a-b439-acbbbc160f1e";
|
||||||
|
serviceAccountRef = {
|
||||||
|
name = "infisical-auth";
|
||||||
|
namespace = "infisical";
|
||||||
|
};
|
||||||
|
secretsScope = {
|
||||||
|
projectSlug = "kubernetes-homelab-dp67";
|
||||||
|
envSlug = "prod";
|
||||||
|
secretsPath = "/${name}";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
managedSecretReference = {
|
||||||
|
secretName = "${name}";
|
||||||
|
secretNamespace = "${name}";
|
||||||
|
creationPolicy = "Owner";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -19,6 +19,7 @@
|
||||||
immich.persistence.library.existingClaim = "immich";
|
immich.persistence.library.existingClaim = "immich";
|
||||||
redis = {
|
redis = {
|
||||||
enabled = true;
|
enabled = true;
|
||||||
|
|
||||||
};
|
};
|
||||||
env = {
|
env = {
|
||||||
PGSSLMODE = "no-verify";
|
PGSSLMODE = "no-verify";
|
||||||
|
@ -58,4 +59,9 @@
|
||||||
resources.requests.storage = "50Gi";
|
resources.requests.storage = "50Gi";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
kubernetes.resources.statefulSets.immich-redis-master = {
|
||||||
|
metadata.namespace = "immich";
|
||||||
|
spec.template.spec.containers.redis.image = lib.mkForce "registry.redict.io/redict:7.3-compat";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
12
homelab/infvalues.yml
Normal file
12
homelab/infvalues.yml
Normal file
|
@ -0,0 +1,12 @@
|
||||||
|
infisical:
|
||||||
|
fullnameOverride: infisical
|
||||||
|
image:
|
||||||
|
tag: v0.70.1-postgres
|
||||||
|
ingress:
|
||||||
|
enabled: true
|
||||||
|
hostName: secrets.gmem.ca
|
||||||
|
tls:
|
||||||
|
- hosts:
|
||||||
|
- secrets.gmem.ca
|
||||||
|
postgresql:
|
||||||
|
enabled: false
|
|
@ -2,7 +2,12 @@ let
|
||||||
appName = "soju";
|
appName = "soju";
|
||||||
sojuImage = "git.gmem.ca/arch/soju:latest";
|
sojuImage = "git.gmem.ca/arch/soju:latest";
|
||||||
gamjaImage = "git.gmem.ca/arch/gamja:latest";
|
gamjaImage = "git.gmem.ca/arch/gamja:latest";
|
||||||
in {
|
in {
|
||||||
|
lib,
|
||||||
|
config,
|
||||||
|
kubenix,
|
||||||
|
...
|
||||||
|
}: {
|
||||||
kubernetes.resources.services.soju = {
|
kubernetes.resources.services.soju = {
|
||||||
metadata.namespace = "irc";
|
metadata.namespace = "irc";
|
||||||
spec = {
|
spec = {
|
||||||
|
@ -43,7 +48,7 @@ in {
|
||||||
metadata.labels.app = appName;
|
metadata.labels.app = appName;
|
||||||
spec = {
|
spec = {
|
||||||
volumes = {
|
volumes = {
|
||||||
config.configMap.name = "soju";
|
config.configMap.name = config.kubernetes.resources.configMaps.soju.metadata.name;
|
||||||
ssl.secret.secretName = "irc-gmem-ca";
|
ssl.secret.secretName = "irc-gmem-ca";
|
||||||
};
|
};
|
||||||
containers = {
|
containers = {
|
||||||
|
|
|
@ -30,5 +30,6 @@
|
||||||
(import ./searxng.nix)
|
(import ./searxng.nix)
|
||||||
(import ./redlib.nix)
|
(import ./redlib.nix)
|
||||||
(import ./minecraft-invites.nix)
|
(import ./minecraft-invites.nix)
|
||||||
|
(import ./duplikate.nix)
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
let
|
let
|
||||||
appName = "miniflux";
|
appName = "miniflux";
|
||||||
appImage = "docker.io/miniflux/miniflux";
|
appImage = "docker.io/miniflux/miniflux";
|
||||||
|
functions = import ./functions.nix {};
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
lib,
|
lib,
|
||||||
|
@ -20,7 +21,7 @@ in
|
||||||
image = appImage;
|
image = appImage;
|
||||||
envFrom = [
|
envFrom = [
|
||||||
{secretRef.name = "miniflux";}
|
{secretRef.name = "miniflux";}
|
||||||
{configMapRef.name = "miniflux";}
|
{configMapRef.name = config.kubernetes.resources.configMaps.miniflux.metadata.name;}
|
||||||
];
|
];
|
||||||
resources = {
|
resources = {
|
||||||
requests = {
|
requests = {
|
||||||
|
@ -100,6 +101,15 @@ in
|
||||||
METRICS_COLLECTOR = "1";
|
METRICS_COLLECTOR = "1";
|
||||||
METRICS_ALLOWED_NETWORKS = "0.0.0.0/0";
|
METRICS_ALLOWED_NETWORKS = "0.0.0.0/0";
|
||||||
BASE_URL = "https://rss.gmem.ca/";
|
BASE_URL = "https://rss.gmem.ca/";
|
||||||
|
RUN_MIGRATIONS = "1";
|
||||||
|
CREATE_ADMIN = "1";
|
||||||
|
OAUTH2_PROVIDER = "oidc";
|
||||||
|
OAUTH2_REDIRECT_URL = "https://rss.gmem.ca/oauth2/oidc/callback";
|
||||||
|
OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://authentik.gmem.ca/application/o/miniflux/";
|
||||||
|
OAUTH2_USER_CREATION = "1";
|
||||||
|
YOUTUBE_EMBED_URL_OVERRIDE = "https://piped.gmem.ca/embed/";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
kubernetes.resources."secrets.infisical.com"."v1alpha1".InfisicalSecret.miniflux = functions.secret "miniflux";
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,7 +21,7 @@ in
|
||||||
image = appImage;
|
image = appImage;
|
||||||
envFrom = [
|
envFrom = [
|
||||||
{secretRef.name = "nitter-bot";}
|
{secretRef.name = "nitter-bot";}
|
||||||
{configMapRef.name = "nitter-bot";}
|
{configMapRef.name = config.kubernetes.resources.configMaps.nitter-bot.metadata.name;}
|
||||||
];
|
];
|
||||||
resources = {
|
resources = {
|
||||||
requests = {
|
requests = {
|
||||||
|
|
|
@ -84,6 +84,11 @@ in
|
||||||
values = {
|
values = {
|
||||||
auth.enabled = false;
|
auth.enabled = false;
|
||||||
architecture = "standalone";
|
architecture = "standalone";
|
||||||
|
image = {
|
||||||
|
registry = "registry.redict.io";
|
||||||
|
repository = "redict";
|
||||||
|
tag = "7.3-compat";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
kubernetes.resources.ingresses.nitter = {
|
kubernetes.resources.ingresses.nitter = {
|
||||||
|
|
|
@ -27,7 +27,7 @@ in
|
||||||
metadata.labels.app = appName;
|
metadata.labels.app = appName;
|
||||||
spec = {
|
spec = {
|
||||||
volumes = {
|
volumes = {
|
||||||
config.configMap.name = "searxng";
|
config.configMap.name = config.kubernetes.resources.configMaps.searxng.metadata.name;
|
||||||
};
|
};
|
||||||
containers = {
|
containers = {
|
||||||
searxng = {
|
searxng = {
|
||||||
|
@ -104,6 +104,11 @@ in
|
||||||
values = {
|
values = {
|
||||||
auth.enabled = false;
|
auth.enabled = false;
|
||||||
architecture = "standalone";
|
architecture = "standalone";
|
||||||
|
image = {
|
||||||
|
registry = "registry.redict.io";
|
||||||
|
repository = "redict";
|
||||||
|
tag = "7.3-compat";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -39,6 +39,16 @@
|
||||||
settings = {
|
settings = {
|
||||||
experimental-features = ["nix-command" "flakes"];
|
experimental-features = ["nix-command" "flakes"];
|
||||||
auto-optimise-store = true;
|
auto-optimise-store = true;
|
||||||
|
trusted-public-keys = [
|
||||||
|
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||||
|
"nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
|
||||||
|
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
|
||||||
|
];
|
||||||
|
substituters = [
|
||||||
|
"https://cache.nixos.org"
|
||||||
|
"https://nixpkgs-wayland.cachix.org"
|
||||||
|
"https://nix-community.cachix.org"
|
||||||
|
];
|
||||||
};
|
};
|
||||||
gc = {
|
gc = {
|
||||||
automatic = true;
|
automatic = true;
|
||||||
|
@ -46,7 +56,6 @@
|
||||||
options = "--delete-older-than 15d";
|
options = "--delete-older-than 15d";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
nixpkgs.config.allowUnfree = true;
|
|
||||||
systemd.services.NetworkManager-wait-online.enable = false;
|
systemd.services.NetworkManager-wait-online.enable = false;
|
||||||
networking = {
|
networking = {
|
||||||
hostId = "3c26267f";
|
hostId = "3c26267f";
|
||||||
|
|
|
@ -30,7 +30,7 @@
|
||||||
fileSystems."/tmp" = {
|
fileSystems."/tmp" = {
|
||||||
device = "tmpfs";
|
device = "tmpfs";
|
||||||
fsType = "tmpfs";
|
fsType = "tmpfs";
|
||||||
options = ["size=4G" "mode=777"]; # mode=755 so only root can write to those files
|
options = ["size=4G" "mode=777"];
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [
|
swapDevices = [
|
||||||
|
|
|
@ -48,7 +48,7 @@
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
eula = true;
|
eula = true;
|
||||||
#package = pkgs.papermc;
|
package = pkgs.papermc;
|
||||||
};
|
};
|
||||||
bluemap = {
|
bluemap = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -293,6 +293,7 @@
|
||||||
plex = {
|
plex = {
|
||||||
enable = true;
|
enable = true;
|
||||||
openFirewall = true;
|
openFirewall = true;
|
||||||
|
accelerationDevices = [ "/dev/dri/renderD128" ];
|
||||||
};
|
};
|
||||||
nginx = {
|
nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -478,6 +479,7 @@
|
||||||
bat
|
bat
|
||||||
gnupg
|
gnupg
|
||||||
pinentry
|
pinentry
|
||||||
|
nvtopPackages.nvidia
|
||||||
];
|
];
|
||||||
|
|
||||||
time.timeZone = "Europe/London";
|
time.timeZone = "Europe/London";
|
||||||
|
|
Loading…
Reference in a new issue