v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Projects Releases Packages Activity Actions

Merge branch 'main' of ssh://git.0x76.dev:42/v/infrastructure

Browse source
This commit is contained in:
Vivian 2023-05-25 20:05:27 +02:00
commit 820fd3fadc
23 changed files with 1240 additions and 1321 deletions
Download patch file Download diff file Expand all files Collapse all files

7
nixos/common/common.nix
View file

@ -57,6 +57,13 @@
nixpkgs.config.allowUnfree = true;
nixpkgs.config.permittedInsecurePackages = [
"nodejs-14.21.3"
"openssl-1.1.1t"
"nodejs-16.20.0"
];
# Limit the systemd journal to 100 MB of disk or the
# last 7 days of logs, whichever happens first.
services.journald.extraConfig = ''

3
nixos/common/desktop/home.nix
View file

@ -16,8 +16,7 @@ in {
gimp
inputs.comma.packages.${pkgs.system}.default
inputs.webcord.packages.${pkgs.system}.default
jetbrains.clion
jetbrains.idea-ultimate
# jetbrains.clion
kdenlive
mullvad-vpn
neofetch

4
nixos/hosts/hades/immich/configuration.nix
View file

@ -2,10 +2,10 @@
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ pkgs, config, lib, ... }:
{ pkgs, config, ... }:
let
# https://github.com/immich-app/immich/releases
version = "1.55.1";
# version = "1.55.1";
dataDir = "/var/lib/immich";
in {
imports = [ ];

8
nixos/hosts/hades/mastodon/configuration.nix
View file

@ -7,9 +7,17 @@ in {
# Use DHCP with static leases
networking.interfaces.eth0.useDHCP = true;
nixpkgs.config.permittedInsecurePackages = [
"openssl-1.1.1t"
];
# Better cache hits
environment.noXlibs = lib.mkForce false;
networking.hosts = {
"192.168.0.122" = [ "xirion.net" "o.xirion.net" ];
};
services.elasticsearch = {
enable = true;
cluster_name = "mastodon-es";

5
nixos/hosts/hades/nginx/configuration.nix
View file

@ -15,6 +15,8 @@ let
in {
imports = [ ];
nixpkgs.config.permittedInsecurePackages = [ "openssl-1.1.1t" ];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
@ -70,6 +72,7 @@ in {
allow 10.10.10.1/24;
allow 192.168.0.0/23;
allow 80.60.83.220;
allow 83.128.154.23;
allow 195.85.167.32/29;
deny all;
'';
@ -152,7 +155,7 @@ in {
proxyWebsockets = true;
};
locations."api/v1/streaming" = {
locations."/api/v1/streaming" = {
proxyPass = "http://192.168.0.138:55000";
proxyWebsockets = true;
};

2
nixos/hosts/hades/overseerr/prowlarr.nix
View file

@ -5,7 +5,7 @@ _: {
};
virtualisation.oci-containers.containers.flaresolverr = {
image = "flaresolverr/flaresolverr:v3.1.2";
image = "flaresolverr/flaresolverr:v3.2.0";
ports = [ "8191:8191" ];
};
}

1
nixos/hosts/olympus/nginx/configuration.nix
View file

@ -85,6 +85,7 @@ in {
allow 10.42.42.0/23;
allow 192.168.0.0/23;
allow 80.60.83.220;
allow 83.128.154.23;
allow 195.85.167.32/29;
deny all;
'';

2
nixos/hosts/olympus/wireguard/configuration.nix
View file

@ -77,7 +77,7 @@ in {
# https://docs.opnsense.org/manual/how-tos/wireguard-s2s.html
publicKey = "KgqLhmUMX6kyTjRoa/GOCrZOvXNE5HWYuOr/T3v8/VI=";
allowedIPs = [ "10.100.0.5/32" "192.168.0.0/23" "10.10.10.0/24" ];
endpoint = "80.60.83.220:51820";
endpoint = "83.128.154.23:51820";
persistentKeepalive = 25;
}
];

4
nixos/pkgs/default.nix
View file

@ -21,5 +21,9 @@ _final: prev: {
platformio.platformio-ide =
prev.callPackage ./vscode-extensions/platformio.nix { };
};
};
plex-plexpass = prev.callPackage ./plex-pass { };
plexRaw-plexpass = prev.callPackage ./plex-pass/raw.nix { };
}

2
nixos/pkgs/glitch-soc/default.nix
View file

@ -42,7 +42,7 @@ stdenv.mkDerivation rec {
yarnOfflineCache = fetchYarnDeps {
yarnLock = "${src}/yarn.lock";
# sha256 = lib.fakeSha256;
sha256 = "sha256-5KmPgKE1QRPoTjeSYidKt/z9vzWzTOoJVr5dNtofKJY=";
sha256 = "sha256-+i5vejb1XWwNQffg9gzRY8FVOt8MK6ht4cxSSrGAS/Q=";
};
nativeBuildInputs = [

2367
nixos/pkgs/glitch-soc/gemset.nix
View file

File diff suppressed because it is too large Load diff

9
nixos/pkgs/glitch-soc/source.nix
View file

@ -1,12 +1,11 @@
# This file was generated by pkgs.mastodon.updateScript.
{ fetchgit, applyPatches }:
let
{ fetchgit, applyPatches }: let
src = fetchgit {
url = "https://github.com/glitch-soc/mastodon.git";
rev = "c18884de32b60152600ec95ed42cdf9c00fdab7a";
sha256 = "08b520wfs7hpi4jy9srynydkkh5b2wwnb2b3xxa843yialf0qmlh";
rev = "058898802a377877961ff3bfa7d5209a5e275545";
sha256 = "0rn7l94031yl1lyyz7yvky6bqshw4nllwissxlpyqcmii52gwp7y";
};
in applyPatches {
inherit src;
patches = [ ];
patches = [];
}

3
nixos/pkgs/plex-pass/default.nix Normal file
View file

@ -0,0 +1,3 @@
{ plex, plexRaw-plexpass }:
# Copied from: https://github.com/tadfisher/flake/blob/ed949a619236ba30f0be614fed804abdf1e8005b/pkgs/plex-plexpass/default.nix
plex.override { plexRaw = plexRaw-plexpass; }

13
nixos/pkgs/plex-pass/raw.nix Normal file
View file

@ -0,0 +1,13 @@
{ lib, stdenv, plexRaw, fetchurl }:
let
sources = builtins.fromJSON (builtins.readFile ./sources.json);
source = lib.findFirst (x: x.platform == stdenv.hostPlatform.system)
(throw "unsupported platform: ${stdenv.hostPlatform.system}") sources;
in plexRaw.overrideAttrs (attrs: {
pname = attrs.pname + "-plexpass";
inherit (source) version;
src = fetchurl {
inherit (source) url;
sha256 = source.hash;
};
})

14
nixos/pkgs/plex-pass/sources.json Normal file
View file

@ -0,0 +1,14 @@
[
{
"version": "1.32.2.7100",
"platform": "aarch64-linux",
"url": "https://downloads.plex.tv/plex-media-server-new/1.32.2.7100-248a2daf0/debian/plexmediaserver_1.32.2.7100-248a2daf0_arm64.deb",
"hash": "1rs967n4vli7gba2137l5z6vrdcdxfy3hni21lay3ayyds3xmavd"
},
{
"version": "1.32.2.7100",
"platform": "x86_64-linux",
"url": "https://downloads.plex.tv/plex-media-server-new/1.32.2.7100-248a2daf0/debian/plexmediaserver_1.32.2.7100-248a2daf0_amd64.deb",
"hash": "0myr0nws0dhhkp9cc5zwxs4pigs7bmyf582fwskzjqm3d7phlwmi"
}
]

32
nixos/pkgs/plex-pass/update.sh Executable file
View file

@ -0,0 +1,32 @@
#!/usr/bin/env bash
set -x
shopt -s extglob
set -eu -o pipefail
path="$(realpath "$(dirname "$0")")"
declare -A platforms=(
[linux-x86_64]=x86_64-linux
[linux-aarch64]=aarch64-linux
)
token=$(vault kv get -field=plex_token hades_secrets/nixos/plex)
manifest=$(curl -s "https://plex.tv/api/downloads/5.json?channel=plexpass" -H "X-Plex-Token: ${token}")
version=$(echo "$manifest" | jq -r '.computer.Linux.version | split("-") | .[0]')
tmp="$path/sources.tmp.json"
echo '' >$tmp
for arch in "${!platforms[@]}"; do
url="$(echo "$manifest" | jq --arg arch "$arch" -r '.computer.Linux.releases[] | select(.distro == "debian" and .build == $arch) .url')"
hash="$(nix-prefetch-url "$url")"
nixPlatform=${platforms[$arch]}
jq --arg version $version \
--arg platform $nixPlatform \
--arg url "$url" \
--arg hash $hash \
-n '$ARGS.named' >>$tmp
done
jq -s '.' $tmp >"$path/sources.json"
rm $tmp

12
nixos/util.nix
View file

@ -24,9 +24,10 @@ let
# Add to whatever realm a host belong to its list of tags
add_realm_to_tags = mapAttrs (realm:
mapAttrs (_hostname:
{ tags ? [ ], ... }@host:
{ type ? "lxc", tags ? [ ], ... }@host:
host // {
tags = [ realm ] ++ tags;
# Tags are for deployment, so don't add them to local machines
tags = tags ++ (if type == "local" then [ ] else [ realm ]);
inherit realm;
}));
@ -41,7 +42,8 @@ let
# outputs
# Helper function to build a colmena host definition
mkColmenaHost = { ip ? null, exposes ? null, hostname, tags, realm, type ? "lxc", ... }@host:
mkColmenaHost = { ip ? null, exposes ? null, hostname, tags, realm
, type ? "lxc", ... }@host:
let
# this makes local apply work a bit nicer
name = if type == "local" then hostname else "${hostname}.${realm}";
@ -67,6 +69,4 @@ let
hosts = add_realm_to_tags (import ./hosts);
flat_hosts = flatten_hosts hosts;
nixHosts = filter_nix_hosts flat_hosts;
in {
inherit base_imports mkColmenaHost hosts flat_hosts nixHosts;
}
in { inherit base_imports mkColmenaHost hosts flat_hosts nixHosts; }