v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Projects Releases Packages Activity Actions

chore(deps): update renovate/renovate docker tag to v37.68.4 #218

Open
renovate wants to merge 1976 commits from renovate/renovate-renovate-37.x into main
pull from: renovate/renovate-renovate-37.x
merge into: v:main
Conversation 1 Commits 1976 Files changed 188 +133 -80
4 changed files with 133 additions and 80 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit 15ce6620a6 - Show all commits

107
flake.lock generated
View file

@ -20,6 +20,25 @@
"type": "github"
}
},
"deploy-rs_2": {
"inputs": {
"flake-compat": "flake-compat_2",
"nixpkgs": "nixpkgs_4",
"utils": "utils_3"
},
"locked": {
"lastModified": 1648475189,
"narHash": "sha256-gAGAS6IagwoUr1B0ohE3iR6sZ8hP4LSqzYLC8Mq3WGU=",
"owner": "serokell",
"repo": "deploy-rs",
"rev": "83e0c78291cd08cb827ba0d553ad9158ae5a95c3",
"type": "github"
},
"original": {
"id": "deploy-rs",
"type": "indirect"
}
},
"flake-compat": {
"flake": false,
"locked": {
@ -37,6 +56,22 @@
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1648199409,
"narHash": "sha256-JwPKdC2PoVBkG6E+eWw3j6BMR6sL3COpYWfif7RVb8Y=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "64a525ee38886ab9028e6f61790de0832aa3ef03",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1627913399,
@ -51,7 +86,7 @@
"type": "indirect"
}
},
"flake-compat_3": {
"flake-compat_4": {
"flake": false,
"locked": {
"lastModified": 1627913399,
@ -163,11 +198,11 @@
"utils": "utils_2"
},
"locked": {
"lastModified": 1651799536,
"narHash": "sha256-+y4oD+E3PseG5jRhlfpBCSLOs1TKKtCWL/AsFCPXQYU=",
"lastModified": 1651886476,
"narHash": "sha256-fSPA5BEsoHx6ab5c2sK1apHcFbTs86SjwT63zXSuj/E=",
"owner": "jyooru",
"repo": "nix-minecraft-servers",
"rev": "1d9335ce68b66262a25037c81e81f49363e5cb04",
"rev": "bbd8bc980d45d910f2673d3abfcc6617f2c3d122",
"type": "github"
},
"original": {
@ -179,7 +214,7 @@
"nix": {
"inputs": {
"lowdown-src": "lowdown-src",
"nixpkgs": "nixpkgs_4"
"nixpkgs": "nixpkgs_5"
},
"locked": {
"lastModified": 1633098935,
@ -197,7 +232,7 @@
"nix_2": {
"inputs": {
"lowdown-src": "lowdown-src_2",
"nixpkgs": "nixpkgs_6"
"nixpkgs": "nixpkgs_7"
},
"locked": {
"lastModified": 1633098935,
@ -246,21 +281,37 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1651827164,
"narHash": "sha256-w1niZCq4rhXX+23xLvrA5KR9OqT/72e5Mx/pfz/bZYU=",
"lastModified": 1651934509,
"narHash": "sha256-xofDh2dBoE9s4Lx2h815/qdULHlFRjdDvp0jDk2OHp8=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "98000933d72a97632caf0db0027ea3eb2e5e7f29",
"rev": "c7a2979f4cec15b45e6a052b77ae590631426c9f",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable-small",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": {
"lastModified": 1648219316,
"narHash": "sha256-Ctij+dOi0ZZIfX5eMhgwugfvB+WZSrvVNAyAuANOsnQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "30d3d79b7d3607d56546dd2a6b49e156ba0ec634",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_5": {
"locked": {
"lastModified": 1632864508,
"narHash": "sha256-d127FIvGR41XbVRDPVvozUPQ/uRHbHwvfyKHwEt5xFM=",
@ -275,7 +326,7 @@
"type": "indirect"
}
},
"nixpkgs_5": {
"nixpkgs_6": {
"locked": {
"lastModified": 1632495107,
"narHash": "sha256-4NGE56r+FJGBaCYu3CTH4O83Ys4TrtnEPXrvdwg1TDs=",
@ -289,7 +340,7 @@
"type": "indirect"
}
},
"nixpkgs_6": {
"nixpkgs_7": {
"locked": {
"lastModified": 1632864508,
"narHash": "sha256-d127FIvGR41XbVRDPVvozUPQ/uRHbHwvfyKHwEt5xFM=",
@ -304,7 +355,7 @@
"type": "indirect"
}
},
"nixpkgs_7": {
"nixpkgs_8": {
"locked": {
"lastModified": 1632495107,
"narHash": "sha256-4NGE56r+FJGBaCYu3CTH4O83Ys4TrtnEPXrvdwg1TDs=",
@ -329,18 +380,19 @@
},
"serokell-nix": {
"inputs": {
"flake-compat": "flake-compat_2",
"deploy-rs": "deploy-rs_2",
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_2",
"gitignore-nix": "gitignore-nix",
"nix": "nix",
"nixpkgs": "nixpkgs_5"
"nixpkgs": "nixpkgs_6"
},
"locked": {
"lastModified": 1651674183,
"narHash": "sha256-voNo/SzDmjXdk77gq2PRe7E+yJlw/zNuyHij8lNiZDE=",
"lastModified": 1651884062,
"narHash": "sha256-gr3BGy0yJL4Qx2NdbzEUAI3+Hi558AAVUAczaz6423w=",
"owner": "serokell",
"repo": "serokell.nix",
"rev": "826a2c4c8987766640885f4dc8af344e90abb149",
"rev": "3d533eb5b37142d6a3a8dea5ea3c159ad6595eb7",
"type": "github"
},
"original": {
@ -382,12 +434,27 @@
"type": "github"
}
},
"utils_3": {
"locked": {
"lastModified": 1648297722,
"narHash": "sha256-W+qlPsiZd8F3XkzXOzAoR+mpFqzm3ekQkJNa+PIh1BQ=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "0f8662f1319ad6abf89b3380dd2722369fc51ade",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"vault-secrets": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-compat": "flake-compat_4",
"flake-utils": "flake-utils_3",
"nix": "nix_2",
"nixpkgs": "nixpkgs_7"
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1633626134,

44
flake.nix
View file

@ -7,7 +7,7 @@
inputs = {
deploy-rs.url = "github:serokell/deploy-rs";
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable-small";
nixpkgs.url = "github:nixos/nixpkgs/master";
serokell-nix.url = "github:serokell/serokell.nix";
vault-secrets.url = "github:serokell/vault-secrets";
minecraft-servers.url = "github:jyooru/nix-minecraft-servers";
@ -44,40 +44,43 @@
fastConnection = true;
profiles.system = {
user = "root";
path = deploy-rs.lib.${system}.activate.nixos
self.nixosConfigurations.${profile};
path = deploy-rs.lib.${system}.activate.nixos self.nixosConfigurations.${profile};
};
};
};
# Generates hosts.auto.tfvars.json for Terraform
genTFVars = let
hostToVar = z@{ hostname, mac, ... }: {
"${hostname}" = { inherit mac; };
};
hostSet = lib.foldr (el: acc: acc // hostToVar el) { } hosts;
json = builtins.toJSON { hosts = hostSet; };
in pkgs.writeScriptBin "gen-tf-vars" ''
echo '${json}' | ${pkgs.jq}/bin/jq > terraform/hosts.auto.tfvars.json;
echo "Generated Terraform Variables";
'';
genTFVars =
let
hostToVar = z@{ hostname, mac, ... }: {
"${hostname}" = { inherit mac; };
};
hostSet = lib.foldr (el: acc: acc // hostToVar el) { } hosts;
json = builtins.toJSON { hosts = hostSet; };
in
pkgs.writeScriptBin "gen-tf-vars" ''
echo '${json}' | ${pkgs.jq}/bin/jq > terraform/hosts.auto.tfvars.json;
echo "Generated Terraform Variables";
'';
# Import all nixos host definitions that are actual nix machines
nixHosts = filter ({ nix ? true, ... }: nix) hosts;
pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system}
[ vault-secrets.overlay ];
pkgs = serokell-nix.lib.pkgsWith nixpkgs.legacyPackages.${system} [ vault-secrets.overlay ];
deployChecks =
mapAttrs (_: lib: lib.deployChecks self.deploy) deploy-rs.lib;
deployChecks = mapAttrs (_: lib: lib.deployChecks self.deploy) deploy-rs.lib;
checks = { };
in {
in
{
# Make the config and deploy sets
nixosConfigurations =
lib.foldr (el: acc: acc // mkConfig el) { } nixHosts;
nixosConfigurations = lib.foldr (el: acc: acc // mkConfig el) { } nixHosts;
deploy.nodes = lib.foldr (el: acc: acc // mkDeploy el) { } nixHosts;
apps.${system} = {
# deploy = {
# type = "app";
# program = "${deploy-rs.packages.${system}.deploy-rs}/bin/deploy";
# };
vault-push-approles = {
type = "app";
program = "${pkgs.vault-push-approles self}/bin/vault-push-approles";
@ -97,6 +100,7 @@
devShells.${system}.default = pkgs.mkShell {
VAULT_ADDR = "http://vault.olympus:8200/";
# This only support bash so just execute zsh in bash as a workaround :/
shellHook = "zsh";
buildInputs = with pkgs; [
deploy-rs.packages.${system}.deploy-rs
fluxcd

44
nixos/hosts/nginx/configuration.nix
View file

@ -31,6 +31,10 @@ in
recommendedProxySettings = true;
recommendedTlsSettings = true;
package = pkgs.nginxMainline.override {
modules = with pkgs.nginxModules; [ brotli ];
};
# Reverse Proxies
virtualHosts."ha.0x76.dev" = proxy "http://home-assistant.olympus:8123/";
virtualHosts."zookeeper-dev.0x76.dev" = proxy "http://eevee.olympus:8085/";
@ -43,46 +47,6 @@ in
virtualHosts."wooloofan.club" = k8s_proxy;
virtualHosts."whoami.wooloofan.club" = k8s_proxy;
# Headscale
virtualHosts."vpn.0x76.dev" = {
enableACME = true;
forceSSL = true;
locations = {
"/headscale." = {
extraConfig = ''
grpc_pass grpc://headscale.olympus:50443;
'';
priority = 1;
};
# "/metrics" = {
# proxyPass = "http://plausible.olympus:9090";
# extraConfig = ''
# allow 10.0.0.0/8;
# allow 100.64.0.0/16;
# deny all;
# '';
# priority = 2;
# };
"/" = {
proxyPass = "http://headscale.olympus:8080";
proxyWebsockets = true;
extraConfig = ''
keepalive_requests 100000;
keepalive_timeout 160s;
proxy_buffering off;
proxy_connect_timeout 75;
proxy_ignore_client_abort on;
proxy_read_timeout 900s;
proxy_send_timeout 600;
send_timeout 600;
'';
priority = 99;
};
};
};
};
security.acme.defaults.email = "victorheld12@gmail.com";

18
terraform/hosts.auto.tfvars.json
View file

@ -24,12 +24,18 @@
"eevee": {
"mac": "34:97:f6:93:9A:AA"
},
"gitea": {
"mac": "DE:5F:B0:83:6F:34"
},
"home-assistant": {
"mac": "9E:60:78:ED:81:B4"
},
"k3s-node1": {
"mac": "2E:F8:55:23:D9:9B"
},
"minecraft": {
"mac": "EA:30:73:E4:B6:69"
},
"minio": {
"mac": "0A:06:5E:E7:9A:0C"
},
@ -42,6 +48,12 @@
"nuc": {
"mac": "1C:69:7A:62:30:88"
},
"plausible": {
"mac": "82:34:70:FA:44:6F"
},
"unifi": {
"mac": "1A:88:A0:B0:65:B4"
},
"unifi-ap": {
"mac": "b4:fb:e4:f3:ff:1b"
},
@ -50,6 +62,12 @@
},
"victoriametrics": {
"mac": "9E:91:61:35:84:1F"
},
"wireguard": {
"mac": "1E:ED:97:2C:C3:9D"
},
"zmeura": {
"mac": "b8:27:eb:d5:e0:f5"
}
}
}