v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Projects Releases Packages Activity Actions

Minor updates

Browse source
This commit is contained in:
Vivian 2022-06-12 12:25:46 +02:00
parent b691e44095
commit 65751c7323
10 changed files with 41 additions and 76 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
.gitignore vendored Normal file
View file

@ -0,0 +1 @@
result

0
Dockerfile
View file

24
flake.lock generated
View file

@ -10,11 +10,11 @@
"utils": "utils" "utils": "utils"
}, },
"locked": { "locked": {
"lastModified": 1654325492, "lastModified": 1654885765,
"narHash": "sha256-+eegOXTfWyVygrqWCid1pg5IdCjmh0G8o5uA93IQFdA=", "narHash": "sha256-BU8uDapI/ZS1B/K0M1n/AvQ3ZIwBk0NMytM49WqZo8w=",
"owner": "zhaofengli", "owner": "zhaofengli",
"repo": "colmena", "repo": "colmena",
"rev": "b5629dca833fc0bd545898c2dd2d9d5ae1fd5066", "rev": "1b3c272b5873f809c18434924d99967c73d4e2cf",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -206,11 +206,11 @@
"utils": "utils_3" "utils": "utils_3"
}, },
"locked": { "locked": {
"lastModified": 1654583212, "lastModified": 1654910231,
"narHash": "sha256-TNM2Y4lnCnGsmRfYRVoYzaApSL3GE9NDad0ApJ4CCOg=", "narHash": "sha256-BGKT7IL+IrZLBQFJ0PxC8lFUV4Y3IONmi/SbaabsWlY=",
"owner": "jyooru", "owner": "jyooru",
"repo": "nix-minecraft-servers", "repo": "nix-minecraft-servers",
"rev": "3423f5faf24744490963f1024da214c37f199a9f", "rev": "14465ed2e2804484d1d456afee0d8fded6eb05bd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -257,11 +257,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1654230545, "lastModified": 1654682581,
"narHash": "sha256-8Vlwf0x8ow6pPOK2a04bT+pxIeRnM1+O0Xv9/CuDzRs=", "narHash": "sha256-Jb1PQCwKgwdNAp907eR5zPzuxV+kRroA3UIxUxCMJ9s=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "236cc2971ac72acd90f0ae3a797f9f83098b17ec", "rev": "e0169d7a9d324afebf5679551407756c77af8930",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -325,11 +325,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1654503399, "lastModified": 1654872670,
"narHash": "sha256-io7/mE1uPMznvFILtRSUafuaofyOqaQZKjSQLR6qTZk=", "narHash": "sha256-96CAJ3AujffxOECfEMFvonrznS/xPvP+R6oKYkD3UVw=",
"owner": "serokell", "owner": "serokell",
"repo": "serokell.nix", "repo": "serokell.nix",
"rev": "eb14d979cc8257663dd94d6098a86c8c1ce99e72", "rev": "faf02c7b2ac9900ae44c2068a10237c5db73f692",
"type": "github" "type": "github"
}, },
"original": { "original": {

11
flake.nix
View file

@ -80,8 +80,6 @@
pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ]; pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ];
deployChecks = mapAttrs (_: lib: lib.deployChecks self.deploy) deploy-rs.lib;
checks = { };
in in
{ {
# Make the config and deploy sets # Make the config and deploy sets
@ -112,7 +110,7 @@
devShells.${system}.default = pkgs.mkShell { devShells.${system}.default = pkgs.mkShell {
VAULT_ADDR = "http://vault.olympus:8200/"; VAULT_ADDR = "http://vault.olympus:8200/";
# This only support bash so just execute zsh in bash as a workaround :/ # This only support bash so just execute zsh in bash as a workaround :/
shellHook = "zsh"; shellHook = "zsh; exit $?";
buildInputs = with pkgs; [ buildInputs = with pkgs; [
deploy-rs.packages.${system}.deploy-rs deploy-rs.packages.${system}.deploy-rs
fluxcd fluxcd
@ -129,6 +127,11 @@
]; ];
}; };
checks = lib.recursiveUpdate deployChecks checks; # Filter out non-system checks: https://github.com/NixOS/nixpkgs/issues/175875#issuecomment-1152996862
checks = lib.filterAttrs
(a: _: a == system)
(builtins.mapAttrs
(system: deployLib: deployLib.deployChecks self.deploy)
deploy-rs.lib);
}; };
} }

9
hosts.nix
View file

@ -82,12 +82,9 @@
ip = "10.42.42.17"; ip = "10.42.42.17";
mac = "0A:06:5E:E7:9A:0C"; mac = "0A:06:5E:E7:9A:0C";
} }
{ # {
hostname = "plausible"; # ip = "10.42.42.18";
ip = "10.42.42.18"; # }
mac = "82:34:70:FA:44:6F";
nix = false;
}
{ {
hostname = "victoriametrics"; hostname = "victoriametrics";
ip = "10.42.42.19"; ip = "10.42.42.19";

2
nixos/hosts/template/configuration.nix → nixos/hosts/_template/configuration.nix
View file

@ -15,7 +15,7 @@
# this value at the release version of the first install of this system. # this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option # Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment? system.stateVersion = "22.11"; # Did you read the comment?
# Additional packages # Additional packages
environment.systemPackages = with pkgs; [ ]; environment.systemPackages = with pkgs; [ ];

4
nixos/hosts/bastion/configuration.nix
View file

@ -34,6 +34,10 @@ in {
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.05"; # Did you read the comment? system.stateVersion = "21.05"; # Did you read the comment?
virtualisation.podman = {
enable = true;
};
# Additional packages # Additional packages
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
binutils binutils

3
nixos/hosts/gitea/configuration.nix
View file

@ -23,6 +23,8 @@
networking.firewall.allowedTCPPorts = [ config.services.gitea.httpPort ]; networking.firewall.allowedTCPPorts = [ config.services.gitea.httpPort ];
services.openssh.startWhenNeeded = false;
services.gitea = { services.gitea = {
enable = true; enable = true;
domain = "git.0x76.dev"; domain = "git.0x76.dev";
@ -34,7 +36,6 @@
disableRegistration = true; disableRegistration = true;
cookieSecure = true; cookieSecure = true;
settings = { settings = {
ui = { ui = {
DEFAULT_THEME = "arc-green"; DEFAULT_THEME = "arc-green";

11
nixos/hosts/k3s/configuration.nix
View file

@ -5,9 +5,14 @@
]; ];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
boot.loader.grub.enable = true; boot.loader.grub = {
boot.loader.grub.version = 2; enable = true;
boot.loader.grub.device = "/dev/sda"; version = 2;
device = "/dev/sda";
};
boot.kernel.sysctl."fs.inotify.max_user_instances" = 2147483647; # INT_MAX, dynamically limited based on available memory
boot.kernel.sysctl."fs.inotify.max_user_watches" = 1048576;
networking.hostName = "k3s-node1"; networking.hostName = "k3s-node1";

46
nixos/hosts/plausible/configuration.nix
View file

@ -1,46 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
let
vs = config.vault-secrets.secrets;
cfg = config.services.plausible;
in
{
imports = [ ];
networking.hostName = "plausible";
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "21.11"; # Did you read the comment?
# Additional packages
environment.systemPackages = with pkgs; [ ];
networking.firewall.allowedTCPPorts = [ cfg.server.port ];
networking.firewall.allowedUDPPorts = [ ];
vault-secrets.secrets.plausible = { };
services.plausible = {
enable = true;
releaseCookiePath = "${pkgs.runCommand "cookie" { } ''
${pkgs.openssl}/bin/openssl rand -base64 64 >"$out"
''}";
server = {
baseUrl = "https://analytics.0x76.dev";
secretKeybaseFile = "${vs.plausible}/secretkeybase";
};
adminUser = {
activate = true;
email = "plausible@xirion.net";
passwordFile = "${vs.plausible}/password";
};
};
}