Merge branch 'main' of ssh://git.0x76.dev:42/v/infrastructure
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
This commit is contained in:
commit
df8cc8a854
10 changed files with 47 additions and 78 deletions
44
flake.lock
44
flake.lock
|
@ -88,11 +88,11 @@
|
||||||
"stable": "stable"
|
"stable": "stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1682202576,
|
"lastModified": 1682737380,
|
||||||
"narHash": "sha256-vcTEEEHKx4PTfY80bUmZMwXRy0cTDJCkULHhqe1HJS8=",
|
"narHash": "sha256-n3rZkHZls9BNr35o3veK00UsM1KSh/oNTJjLkFbEOY8=",
|
||||||
"owner": "zhaofengli",
|
"owner": "zhaofengli",
|
||||||
"repo": "colmena",
|
"repo": "colmena",
|
||||||
"rev": "089431737e283ed3e402a7dff578cb442444c431",
|
"rev": "be837ee341b6508c355035973d5f7c7e88d7c64f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -502,11 +502,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1682663009,
|
"lastModified": 1682759296,
|
||||||
"narHash": "sha256-i5ZDuY5kUBDwbWFUludL2cm6PBb6oj245qTFXSpOkdo=",
|
"narHash": "sha256-FgBfP1e+TnED0lT3L9G6KJ6j07xQElFMRdLIsmKQ0Ss=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "43ba4489bd3f9f69519f5f7ebdb76d0455eccbbe",
|
"rev": "27d89b49e3cd3c83b9609a6ff9173a9b8d2d9ad4",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -833,11 +833,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_22-11": {
|
"nixpkgs_22-11": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1682538316,
|
"lastModified": 1682669017,
|
||||||
"narHash": "sha256-YuHgVsR7S9zxJWHo7lo2ugd+uDC4ESWg1hA4bEZQv3Y=",
|
"narHash": "sha256-Vi+p4y3wnl0/4gcwTdmCO398kKlDaUrNROtf3GOD2NY=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "15b75800dce80225b44f067c9012b09de37dfad2",
|
"rev": "7449971a3ecf857b4a554cf79b1d9dcc1a4647d8",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -865,11 +865,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_4": {
|
"nixpkgs_4": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1682688250,
|
"lastModified": 1682777022,
|
||||||
"narHash": "sha256-eE/h7+V5M96HmobnZEPbPyinPv+Y+vcs/3gL55I7rRI=",
|
"narHash": "sha256-tzMqNaMS8wDpEnNG8vuPrbOUw1y+AI7BRFznjmCBVjE=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "4452d55f8e5c2480b91bbe1eaf4b34c8ee07ebb9",
|
"rev": "6f3b947593983bf1bf0b243717fac8b42a1e014d",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -965,11 +965,11 @@
|
||||||
"pre-commit-hooks": "pre-commit-hooks"
|
"pre-commit-hooks": "pre-commit-hooks"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1682677025,
|
"lastModified": 1682714854,
|
||||||
"narHash": "sha256-HQ3E4JKHcj6MWwmo/JoGIrFhBymVszGyFoAv3R6JOxk=",
|
"narHash": "sha256-7vFHIUeaZ47REJopzzY6bX5wb0qmn6fNsQCKOQ8G3Mg=",
|
||||||
"owner": "pta2002",
|
"owner": "pta2002",
|
||||||
"repo": "nixvim",
|
"repo": "nixvim",
|
||||||
"rev": "3014192cdc6e5ac59e72c74baa6075c9c9148bfd",
|
"rev": "d0383da7f8579610f49b99b982b662ad197d97d1",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -980,11 +980,11 @@
|
||||||
},
|
},
|
||||||
"nur": {
|
"nur": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1682686658,
|
"lastModified": 1682751794,
|
||||||
"narHash": "sha256-h2gpcWIEcO5CYfdLFBvxI59cOS65YJejpxVqdh1sZGU=",
|
"narHash": "sha256-+lo+jlBp5Np2UId6CfAQZdG/yLJLZhtoluMj1NkBlDU=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "NUR",
|
"repo": "NUR",
|
||||||
"rev": "8814b947eb4f10b1f26ed7cb7b067c58b28b065a",
|
"rev": "b3b850a6da43a794e7fab9566b529ca43e22458a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -1280,11 +1280,11 @@
|
||||||
"nixpkgs": "nixpkgs_9"
|
"nixpkgs": "nixpkgs_9"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1682689494,
|
"lastModified": 1682690091,
|
||||||
"narHash": "sha256-ZGOJ5Mg92Vuf3mMlLL4hu6ENU4Ykk+uAjnoU+rdSFcM=",
|
"narHash": "sha256-j8Uu1Lu+3t5CrLlnHIco6LXIuH7F5KM4pUJZ+QIBiVQ=",
|
||||||
"ref": "refs/heads/main",
|
"ref": "refs/heads/main",
|
||||||
"rev": "3393123d5814d572eeccb6c6163bab9f374550ca",
|
"rev": "5af2f123dcd9dcf7ddb3856434f8ea1c76b699b3",
|
||||||
"revCount": 2,
|
"revCount": 3,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.0x76.dev/v/vault-unseal.git"
|
"url": "https://git.0x76.dev/v/vault-unseal.git"
|
||||||
},
|
},
|
||||||
|
|
|
@ -87,7 +87,7 @@
|
||||||
nix repl --file "${./.}/repl.nix" $@
|
nix repl --file "${./.}/repl.nix" $@
|
||||||
'';
|
'';
|
||||||
in {
|
in {
|
||||||
# Make the nixosConfigurations for compat reasons
|
# Make the nixosConfigurations for compat reasons (e.g. vault)
|
||||||
nixosConfigurations =
|
nixosConfigurations =
|
||||||
(import (inputs.colmena + "/src/nix/hive/eval.nix") {
|
(import (inputs.colmena + "/src/nix/hive/eval.nix") {
|
||||||
rawFlake = self;
|
rawFlake = self;
|
||||||
|
|
|
@ -19,7 +19,7 @@ spec:
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
containers:
|
containers:
|
||||||
- name: renovate
|
- name: renovate
|
||||||
image: renovate/renovate:35.58.0
|
image: renovate/renovate:35.64.0
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: config-volume
|
- name: config-volume
|
||||||
mountPath: /opt/renovate/
|
mountPath: /opt/renovate/
|
||||||
|
|
|
@ -9,6 +9,7 @@ in {
|
||||||
home.packages = with pkgs; [
|
home.packages = with pkgs; [
|
||||||
btop
|
btop
|
||||||
calibre
|
calibre
|
||||||
|
celluloid
|
||||||
element-desktop
|
element-desktop
|
||||||
fusee-launcher
|
fusee-launcher
|
||||||
gcc
|
gcc
|
||||||
|
@ -17,6 +18,7 @@ in {
|
||||||
inputs.webcord.packages.${pkgs.system}.default
|
inputs.webcord.packages.${pkgs.system}.default
|
||||||
jetbrains.clion
|
jetbrains.clion
|
||||||
jetbrains.idea-ultimate
|
jetbrains.idea-ultimate
|
||||||
|
kdenlive
|
||||||
mullvad-vpn
|
mullvad-vpn
|
||||||
neofetch
|
neofetch
|
||||||
nixfmt
|
nixfmt
|
||||||
|
|
|
@ -1,40 +0,0 @@
|
||||||
# Edit this configuration file to define what should be installed on
|
|
||||||
# your system. Help is available in the configuration.nix(5) man page
|
|
||||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
|
||||||
|
|
||||||
{ config, pkgs, ... }:
|
|
||||||
let
|
|
||||||
databases = [ "umami" "drone" ];
|
|
||||||
in
|
|
||||||
{
|
|
||||||
imports = [ ];
|
|
||||||
|
|
||||||
# This value determines the NixOS release from which the default
|
|
||||||
# settings for stateful data, like file locations and database versions
|
|
||||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
|
||||||
# this value at the release version of the first install of this system.
|
|
||||||
# Before changing this value read the documentation for this option
|
|
||||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
|
||||||
system.stateVersion = "21.11"; # Did you read the comment?
|
|
||||||
|
|
||||||
# Additional packages
|
|
||||||
environment.systemPackages = with pkgs; [ ];
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ config.services.postgresql.port ];
|
|
||||||
|
|
||||||
services.postgresql =
|
|
||||||
{
|
|
||||||
enable = true;
|
|
||||||
package = pkgs.postgresql_14;
|
|
||||||
ensureDatabases = databases;
|
|
||||||
enableTCPIP = true;
|
|
||||||
# Allow all hosts on the server subnet, should probably lock this down more in the future
|
|
||||||
authentication = "host all all 10.42.42.0/24 trust";
|
|
||||||
ensureUsers = map
|
|
||||||
(name: {
|
|
||||||
inherit name;
|
|
||||||
ensurePermissions = { "DATABASE ${name}" = "ALL PRIVILEGES"; };
|
|
||||||
})
|
|
||||||
databases;
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -110,10 +110,7 @@
|
||||||
ip = "10.42.42.25";
|
ip = "10.42.42.25";
|
||||||
mac = "1E:ED:97:2C:C3:9D";
|
mac = "1E:ED:97:2C:C3:9D";
|
||||||
};
|
};
|
||||||
"database" = {
|
# 10.42.42.26
|
||||||
ip = "10.42.42.26";
|
|
||||||
mac = "CE:6E:96:87:18:1B";
|
|
||||||
};
|
|
||||||
"bookwyrm" = {
|
"bookwyrm" = {
|
||||||
ip = "10.42.42.27";
|
ip = "10.42.42.27";
|
||||||
mac = "9E:8A:6C:39:27:DE";
|
mac = "9E:8A:6C:39:27:DE";
|
||||||
|
@ -123,11 +120,7 @@
|
||||||
ip = "10.42.42.28";
|
ip = "10.42.42.28";
|
||||||
mac = "9E:86:D3:46:EE:AE";
|
mac = "9E:86:D3:46:EE:AE";
|
||||||
};
|
};
|
||||||
"slimmelezer" = {
|
# 10.42.42.29
|
||||||
ip = "10.42.42.29";
|
|
||||||
mac = "b4:8a:0a:ee:b0:5e";
|
|
||||||
nix = false;
|
|
||||||
};
|
|
||||||
"vault-1" = {
|
"vault-1" = {
|
||||||
ip = "10.42.42.30";
|
ip = "10.42.42.30";
|
||||||
mac = "26:69:0E:7C:B3:79";
|
mac = "26:69:0E:7C:B3:79";
|
||||||
|
|
|
@ -25,12 +25,18 @@ in {
|
||||||
quoteEnvironmentValues = false; # Needed for docker
|
quoteEnvironmentValues = false; # Needed for docker
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# For some reason networking is broken in podman
|
||||||
virtualisation.podman = {
|
virtualisation.podman = {
|
||||||
enable = true;
|
enable = false;
|
||||||
dockerSocket.enable = true;
|
dockerSocket.enable = true;
|
||||||
dockerCompat = true;
|
dockerCompat = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
virtualisation.docker = {
|
||||||
|
enable = true;
|
||||||
|
autoPrune.enable = true;
|
||||||
|
};
|
||||||
|
|
||||||
services.woodpecker-server = {
|
services.woodpecker-server = {
|
||||||
enable = true;
|
enable = true;
|
||||||
environment = {
|
environment = {
|
||||||
|
@ -49,12 +55,12 @@ in {
|
||||||
docker = {
|
docker = {
|
||||||
enable = true;
|
enable = true;
|
||||||
environment = {
|
environment = {
|
||||||
DOCKER_HOST = "unix:///run/podman/podman.sock";
|
# DOCKER_HOST = "unix:///run/podman/podman.sock";
|
||||||
WOODPECKER_BACKEND = "docker";
|
WOODPECKER_BACKEND = "docker";
|
||||||
WOODPECKER_SERVER = "localhost:9000";
|
WOODPECKER_SERVER = "localhost:9000";
|
||||||
};
|
};
|
||||||
environmentFile = [ "${vs.woodpecker}/environment" ];
|
environmentFile = [ "${vs.woodpecker}/environment" ];
|
||||||
extraGroups = [ "podman" ];
|
extraGroups = [ "docker" ];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -41,6 +41,8 @@
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [ wireguard-tools ];
|
environment.systemPackages = with pkgs; [ wireguard-tools ];
|
||||||
|
|
||||||
|
environment.sessionVariables.NIXOS_OZONE_WL = "1";
|
||||||
|
|
||||||
home-manager = {
|
home-manager = {
|
||||||
useGlobalPkgs = true;
|
useGlobalPkgs = true;
|
||||||
useUserPackages = true;
|
useUserPackages = true;
|
||||||
|
|
|
@ -23,7 +23,12 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
# udev
|
# udev
|
||||||
services.udev.packages = with pkgs; [ wooting-udev-rules ];
|
services.udev.packages = with pkgs; [
|
||||||
|
android-udev-rules
|
||||||
|
logitech-udev-rules
|
||||||
|
qmk-udev-rules
|
||||||
|
wooting-udev-rules
|
||||||
|
];
|
||||||
|
|
||||||
# FS
|
# FS
|
||||||
fileSystems."/".options = [ "compress=zstd" ];
|
fileSystems."/".options = [ "compress=zstd" ];
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
let
|
let
|
||||||
inherit (builtins) filter attrValues concatMap mapAttrs;
|
inherit (builtins) filter attrValues concatMap mapAttrs;
|
||||||
inherit (nixpkgs.lib.attrsets) mapAttrsToList;
|
inherit (nixpkgs.lib.attrsets) mapAttrsToList;
|
||||||
|
inherit (nixpkgs.lib) nixosSystem;
|
||||||
base_imports = [
|
base_imports = [
|
||||||
home-manager.nixosModules.home-manager
|
home-manager.nixosModules.home-manager
|
||||||
mailserver.nixosModules.mailserver
|
mailserver.nixosModules.mailserver
|
||||||
|
@ -44,7 +45,7 @@ in {
|
||||||
mkColmenaHost = { ip ? null, hostname, tags, realm, type ? "lxc", ... }@host:
|
mkColmenaHost = { ip ? null, hostname, tags, realm, type ? "lxc", ... }@host:
|
||||||
let
|
let
|
||||||
# this makes local apply work a bit nicer
|
# this makes local apply work a bit nicer
|
||||||
name = if realm == "thalassa" then hostname else "${hostname}.${realm}";
|
name = if type == "local" then hostname else "${hostname}.${realm}";
|
||||||
in {
|
in {
|
||||||
"${name}" = {
|
"${name}" = {
|
||||||
imports = resolve_imports host;
|
imports = resolve_imports host;
|
||||||
|
|
Loading…
Reference in a new issue