aynish/helm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

i can't remember what caused this...

Browse Source
This commit is contained in:
Anish Lakhwara
2024-03-15 23:25:49 -07:00
parent f8ec4cfa0f
commit b9fa71a9d3
44 changed files with 2448 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files
hosts/box/default.nix
+5 -4
View File
@@ -7,12 +7,12 @@
../profiles/taskd
../profiles/shaarli
../profiles/dns
../profiles/monitoring
# ../profiles/monitoring
../profiles/nfs
../profiles/gonic
../profiles/headphones
../profiles/headphones
../profiles/radicale
../profiles/seafile
../profiles/seafile
../profiles/syncthing
../profiles/dhyan
../profiles/calibre
@@ -22,9 +22,10 @@
../profiles/grasp
# ../profiles/archivebox
# ../profiles/woodpecker-agent
../profiles/jellyfin
# ../profiles/jellyfin
../profiles/ulogger-server
../profiles/photoprism
#../profiles/postgres_upgrade_script
];
# Backups
hosts/curve/default.nix
+7 -1
View File
@@ -20,6 +20,12 @@
# import profiling tools
programs.systemtap.enable = true;
virtualisation.docker.enable = true;
virtualisation.docker.storageDriver = "btrfs";
environment.systemPackages = with pkgs; [
docker-compose
];
# Speed up boot by removing dependency on network
systemd = {
targets.network-online.wantedBy = pkgs.lib.mkForce [ ]; # Normally ["multi-user.target"]
@@ -87,7 +93,7 @@
#virtualisation.docker.enable = true;
boot.blacklistedKernelModules = [ "qcserial" ];
# Used for packer Capsul
users.users.anish.extraGroups = [ "adbusers" "wheel" "plugdev" "libvertd" ];
users.users.anish.extraGroups = [ "adbusers" "wheel" "plugdev" "libvertd" "docker" ];
virtualisation.libvirtd.enable = true;
hardware.keyboard.zsa.enable = true;
services.udev.extraRules = ''
hosts/curve/hardware-configuration.nix
+12 -16
View File
@@ -5,37 +5,34 @@
{
imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/2C41-3DAA";
fsType = "vfat";
};
fileSystems."/" =
{
device = "/dev/disk/by-uuid/a4ae2855-10b9-49f3-adb0-acd82b74eeb9";
{ device = "/dev/disk/by-uuid/e1268753-4f18-4e6f-8edb-d4724ad8eb4a";
fsType = "btrfs";
options = [ "subvol=root" ];
};
fileSystems."/home" =
{
device = "/dev/disk/by-uuid/a4ae2855-10b9-49f3-adb0-acd82b74eeb9";
{ device = "/dev/disk/by-uuid/e1268753-4f18-4e6f-8edb-d4724ad8eb4a";
fsType = "btrfs";
options = [ "subvol=home" ];
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/8244-A184";
fsType = "vfat";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/23658926-6ffa-42dc-8915-a6479c385e0b"; }];
[ { device = "/dev/disk/by-uuid/e220fea6-cf3b-4687-bfe1-9cf6d3ba57f7"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
@@ -46,6 +43,5 @@
# networking.interfaces.wlp3s0.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
# hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}
hosts/development/mirlo/docker-compose.nix
+337
View File
@@ -0,0 +1,337 @@
# Auto-generated using compose2nix v0.1.6.
{ pkgs, lib, ... }:
{
# Runtime
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
defaultNetwork.settings = {
# Required for container networking to be able to use names.
dns_enabled = true;
};
};
virtualisation.oci-containers.backend = "podman";
# Containers
virtualisation.oci-containers.containers."blackbird-api" = {
image = "";
environment = {
API_DOMAIN = "http://localhost:3000";
DATABASE_URL = "postgresql://nomads:nomads@pgsql:5432/nomads?schema=public";
JWT_SECRET = "test1234";
MEDIA_LOCATION = "./data/media/";
MEDIA_LOCATION_DOWNLOAD_CACHE = "/data/media/downloadCache";
MEDIA_LOCATION_INCOMING = "/data/media/incoming";
MINIO_HOST = "minio";
MINIO_PORT = "9000";
MINIO_ROOT_PASSWORD = "password";
MINIO_ROOT_USER = "blackbird";
NODE_ENV = "development";
PORT = "3000";
POSTGRES_LOCAL_MACHINE_PORT = "5434";
POSTGRES_PASSWORD = "nomads";
POSTGRES_USER = "nomads";
REACT_APP_API_DOMAIN = "http://localhost:3000";
REDIS_HOST = "redis";
REDIS_PASSWORD = "password";
REDIS_PORT = "6379";
REFRESH_TOKEN_SECRET = "test1234";
STATIC_MEDIA_HOST = "http://localhost:3000";
STRIPE_KEY = "";
};
volumes = [
"/home/anish/.ssh:/root/.ssh:rw"
"/home/anish/usr/mirlo:/var/www/api:rw"
"/home/anish/usr/mirlo/data/media/downloadCache:/data/media/downloadCache:rw"
"/home/anish/usr/mirlo/data/media/incoming:/data/media/incoming:rw"
];
ports = [
"3000:3000/tcp"
];
cmd = [ "/bin/sh" "-c" "yarn && yarn migrate:deploy && yarn dev:api" ];
dependsOn = [
"blackbird-minio"
"blackbird-pgsql"
"blackbird-redis"
];
log-driver = "journald";
extraOptions = [
"--network-alias=api"
"--network=mirlo-api-network"
"--network=mirlo-redis-network"
];
};
systemd.services."podman-blackbird-api" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-mirlo-api-network.service"
"podman-network-mirlo-redis-network.service"
];
requires = [
"podman-network-mirlo-api-network.service"
"podman-network-mirlo-redis-network.service"
];
partOf = [
"podman-compose-mirlo-root.target"
];
unitConfig.UpheldBy = [
"podman-blackbird-minio.service"
"podman-blackbird-pgsql.service"
"podman-blackbird-redis.service"
];
wantedBy = [
"podman-compose-mirlo-root.target"
];
};
virtualisation.oci-containers.containers."blackbird-background" = {
image = "";
environment = {
API_DOMAIN = "http://localhost:3000";
DATABASE_URL = "postgresql://nomads:nomads@pgsql:5432/nomads?schema=public";
JWT_SECRET = "test1234";
MEDIA_LOCATION = "./data/media/";
MEDIA_LOCATION_DOWNLOAD_CACHE = "/data/media/downloadCache";
MEDIA_LOCATION_INCOMING = "/data/media/incoming";
MINIO_HOST = "minio";
MINIO_PORT = "9000";
MINIO_ROOT_PASSWORD = "password";
MINIO_ROOT_USER = "blackbird";
NODE_ENV = "development";
PORT = "3000";
POSTGRES_LOCAL_MACHINE_PORT = "5434";
POSTGRES_PASSWORD = "nomads";
POSTGRES_USER = "nomads";
REACT_APP_API_DOMAIN = "http://localhost:3000";
REDIS_HOST = "redis";
REDIS_PASSWORD = "password";
REDIS_PORT = "6379";
REFRESH_TOKEN_SECRET = "test1234";
STATIC_MEDIA_HOST = "http://localhost:3000";
STRIPE_KEY = "";
};
volumes = [
"/home/anish/.ssh:/root/.ssh:rw"
"/home/anish/usr/mirlo:/var/www/api:rw"
"/home/anish/usr/mirlo/data/media/processing:/data/media/processing:rw"
];
dependsOn = [
"blackbird-api"
"blackbird-minio"
"blackbird-pgsql"
"blackbird-redis"
];
log-driver = "journald";
extraOptions = [
"--network-alias=background"
"--network=mirlo-api-network"
"--network=mirlo-redis-network"
];
};
systemd.services."podman-blackbird-background" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-mirlo-api-network.service"
"podman-network-mirlo-redis-network.service"
];
requires = [
"podman-network-mirlo-api-network.service"
"podman-network-mirlo-redis-network.service"
];
partOf = [
"podman-compose-mirlo-root.target"
];
unitConfig.UpheldBy = [
"podman-blackbird-api.service"
"podman-blackbird-minio.service"
"podman-blackbird-pgsql.service"
"podman-blackbird-redis.service"
];
wantedBy = [
"podman-compose-mirlo-root.target"
];
};
virtualisation.oci-containers.containers."blackbird-minio" = {
image = "minio/minio";
environment = {
API_DOMAIN = "http://localhost:3000";
DATABASE_URL = "postgresql://nomads:nomads@pgsql:5432/nomads?schema=public";
JWT_SECRET = "test1234";
MEDIA_LOCATION = "./data/media/";
MEDIA_LOCATION_DOWNLOAD_CACHE = "/data/media/downloadCache";
MEDIA_LOCATION_INCOMING = "/data/media/incoming";
MINIO_HOST = "minio";
MINIO_PORT = "9000";
MINIO_ROOT_PASSWORD = "password";
MINIO_ROOT_USER = "blackbird";
PORT = "3000";
POSTGRES_LOCAL_MACHINE_PORT = "5434";
POSTGRES_PASSWORD = "nomads";
POSTGRES_USER = "nomads";
REACT_APP_API_DOMAIN = "http://localhost:3000";
REDIS_HOST = "redis";
REDIS_PASSWORD = "password";
REDIS_PORT = "6379";
REFRESH_TOKEN_SECRET = "test1234";
STATIC_MEDIA_HOST = "http://localhost:3000";
STRIPE_KEY = "";
};
volumes = [
"/home/anish/usr/mirlo/data/minio_storage:/data:rw"
];
ports = [
"9000:9000/tcp"
"9001:9001/tcp"
];
cmd = [ "server" "--console-address" ":9001" "/data" ];
log-driver = "journald";
extraOptions = [
"--network-alias=minio"
"--network=mirlo-api-network:alias=minio"
];
};
systemd.services."podman-blackbird-minio" = {
serviceConfig = {
Restart = lib.mkOverride 500 "no";
};
after = [
"podman-network-mirlo-api-network.service"
];
requires = [
"podman-network-mirlo-api-network.service"
];
partOf = [
"podman-compose-mirlo-root.target"
];
wantedBy = [
"podman-compose-mirlo-root.target"
];
};
virtualisation.oci-containers.containers."blackbird-pgsql" = {
image = "postgres:14-alpine";
environment = {
API_DOMAIN = "http://localhost:3000";
DATABASE_URL = "postgresql://nomads:nomads@pgsql:5432/nomads?schema=public";
JWT_SECRET = "test1234";
MEDIA_LOCATION = "./data/media/";
MEDIA_LOCATION_DOWNLOAD_CACHE = "/data/media/downloadCache";
MEDIA_LOCATION_INCOMING = "/data/media/incoming";
MINIO_HOST = "minio";
MINIO_PORT = "9000";
MINIO_ROOT_PASSWORD = "password";
MINIO_ROOT_USER = "blackbird";
PORT = "3000";
POSTGRES_LOCAL_MACHINE_PORT = "5434";
POSTGRES_PASSWORD = "nomads";
POSTGRES_USER = "nomads";
REACT_APP_API_DOMAIN = "http://localhost:3000";
REDIS_HOST = "redis";
REDIS_PASSWORD = "password";
REDIS_PORT = "6379";
REFRESH_TOKEN_SECRET = "test1234";
STATIC_MEDIA_HOST = "http://localhost:3000";
STRIPE_KEY = "";
};
volumes = [
"/home/anish/usr/mirlo/data/pgsql:/var/lib/postgresql/data:rw"
"/home/anish/usr/mirlo/data/pgsql_backups:/backups:rw"
];
ports = [
"5432:5432/tcp"
];
log-driver = "journald";
extraOptions = [
"--network-alias=pgsql"
"--network=mirlo-api-network:alias=pgsql"
];
};
systemd.services."podman-blackbird-pgsql" = {
serviceConfig = {
Restart = lib.mkOverride 500 "no";
};
after = [
"podman-network-mirlo-api-network.service"
];
requires = [
"podman-network-mirlo-api-network.service"
];
partOf = [
"podman-compose-mirlo-root.target"
];
wantedBy = [
"podman-compose-mirlo-root.target"
];
};
virtualisation.oci-containers.containers."blackbird-redis" = {
image = "redis";
ports = [
"6379:6379/tcp"
];
cmd = [ "redis-server" "--appendonly" "yes" "--requirepass " ];
log-driver = "journald";
extraOptions = [
"--network-alias=redis"
"--network=mirlo-redis-network"
];
};
systemd.services."podman-blackbird-redis" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-mirlo-redis-network.service"
];
requires = [
"podman-network-mirlo-redis-network.service"
];
partOf = [
"podman-compose-mirlo-root.target"
];
wantedBy = [
"podman-compose-mirlo-root.target"
];
};
# Networks
systemd.services."podman-network-mirlo-api-network" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "${pkgs.podman}/bin/podman network rm -f mirlo-api-network";
};
script = ''
podman network inspect mirlo-api-network || podman network create mirlo-api-network --opt isolate=true
'';
partOf = [ "podman-compose-mirlo-root.target" ];
wantedBy = [ "podman-compose-mirlo-root.target" ];
};
systemd.services."podman-network-mirlo-redis-network" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "${pkgs.podman}/bin/podman network rm -f mirlo-redis-network";
};
script = ''
podman network inspect mirlo-redis-network || podman network create mirlo-redis-network --opt isolate=true
'';
partOf = [ "podman-compose-mirlo-root.target" ];
wantedBy = [ "podman-compose-mirlo-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."podman-compose-mirlo-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}
hosts/helix/default.nix
+4 -3
View File
@@ -11,6 +11,7 @@
# ../profiles/mount-mossnet
../profiles/freshrss
../profiles/microbin
# ../profiles/postgres_upgrade_script
];
# Capsul specific
@@ -27,11 +28,11 @@
privateKeyFile = "/run/agenix/helix-wg";
};
services.postgresql.package = pkgs.postgresql_11;
services.postgresql.package = pkgs.postgresql_15;
services.postgresqlBackup = {
# TODO needs working wireguard to box
enable = false;
databases = [ "gitea" "freshrss" "woodpecker" ];
databases = [ "gitea" "freshrss" ]; # "woodpecker"
location = "/mnt/two/postgres";
};
@@ -41,7 +42,7 @@
paths = [
"/var/lib/gitea"
"/var/lib/freshrss"
"/var/lib/woodpecker"
# "/var/lib/woodpecker"
"/var/lib/microbin"
];
hosts/profiles/core/default.nix
+1 -1
View File
@@ -32,7 +32,7 @@ in
};
environment.systemPackages = with pkgs; [
pinentry_gnome
pinentry-gnome
cached-nix-shell
];
hosts/profiles/desktop/default.nix
+5 -2
View File
@@ -99,7 +99,7 @@ in
papirus-icon-theme
calendar-cli
wyrd
tic-80
# tic-80
ytfzf
yt-dlp
];
@@ -123,9 +123,12 @@ in
};
xserver = {
enable = true;
xkb.layout = "us,dvorak";
# TODO should be xkb.layout
layout = "us";
# xkb.variant = "dvorak";
desktopManager.wallpaper.mode = "fill";
displayManager = {
# startx.enable = true;
defaultSession = "none+bspwm";
sessionCommands = ''
${pkgs.xorg.xrdb}/bin/xrdb -merge <<EOF
hosts/profiles/freshrss/default.nix
+8 -7
View File
@@ -17,13 +17,14 @@
services.postgresql = {
enable = true; # Ensure postgresql is enabled
authentication = ''
local freshrss all ident map=freshrss-users
'';
identMap = # Map the freshrss user to postgresql
''
freshrss-users freshrss freshrss
'';
# authentication = ''
# local freshrss all ident map=freshrss-users
# '';
# identMap = # Map the freshrss user to postgresql
# ''
# freshrss-users freshrss freshrss
# freshrss-users postgres freshrss
# '';
ensureDatabases = [ "freshrss" ];
ensureUsers = [{
name = "freshrss";
hosts/profiles/gitea/default.nix
+8 -7
View File
@@ -46,13 +46,14 @@
environment.systemPackages = [ pkgs.pandoc ];
services.postgresql = {
enable = true; # Ensure postgresql is enabled
authentication = ''
local gitea all ident map=gitea-users
'';
identMap = # Map the gitea user to postgresql
''
gitea-users gitea gitea
'';
# authentication = ''
# local gitea all ident map=gitea-users
# '';
# identMap = # Map the gitea user to postgresql
# ''
# gitea-users gitea gitea
# gitea-users postgres gitea
# '';
ensureDatabases = [ "gitea" ];
ensureUsers = [{
name = "gitea";
hosts/profiles/microbin/default.nix
+2 -2
View File
@@ -1,8 +1,8 @@
{ config, lib, pkgs, ... }:
{
services.microbin.enable = true;
services.microbin.hostname = "bin.sealight.xyz";
services.microbin.port = 4949;
services.microbin.settings.PUBLIC_PATH = "bin.sealight.xyz";
services.microbin.settings.MICROBIN_PORT = 4949;
networking.firewall.allowedTCPPorts = [ 4949 ];
services.nginx.virtualHosts."bin.sealight.xyz" = {
enableACME = true;
hosts/profiles/music/default.nix
+2 -2
View File
@@ -16,7 +16,7 @@
orca-c
supercollider
dirt
sunvox
# sunvox
vcv-rack
lmms
bespokesynth
@@ -38,7 +38,7 @@
alsa.enable = true;
alsa.support32Bit = false;
pulse.enable = true;
jack.enable = true;
jack.enable = true;
# Deprecated as of 23.05
# config = {
# pipewire."context.properties"."default.clock.rate" = "48000";
hosts/profiles/postgres_upgrade_script/default.nix
+3 -4
View File
@@ -6,13 +6,12 @@
# TODO it's perhaps advisable to stop all services that depend on postgresql
systemctl stop postgresql
# TODO replace `<new version>` with the psqlSchema here
# The schema can be found by running:
# nix-instantiate '<nixpkgs>' --eval -A postgresql_14.psqlSchema
export NEWDATA="/var/lib/postgresql/<new version>"
# nix eval --raw nixpkgs#postgresql_15.psqlSchema
export NEWDATA="/var/lib/postgresql/15"
# TODO specify the postgresql package you'd like to upgrade to
export NEWBIN="${pkgs.postgresql_14}/bin"
export NEWBIN="${pkgs.postgresql_15}/bin"
export OLDDATA="${config.services.postgresql.dataDir}"
export OLDBIN="${config.services.postgresql.package}/bin"
hosts/profiles/sync/music/get-music.sh
Executable → Regular
View File
hosts/profiles/ulogger-server/default.nix
+1 -1
View File
@@ -6,7 +6,7 @@
ensureDatabases = [ "ulogger" ];
ensureUsers = [{
name = "ulogger";
nsureDBOwnership = true;
ensureDBOwnership = true;
}];
};
hosts/profiles/wallabag/default.nix
+3 -2
View File
@@ -25,7 +25,8 @@
services.wallabag = {
enable = true;
hostName = "read.mossnet.lan";
package = pkgs.wallabag;
package = pkgs.my-wallabag;
dataDir = "/var/lib/wallabag";
conf = ''
# This file is a "template" of what your parameters.yml file should look like
parameters:
@@ -42,7 +43,7 @@
# with PostgreSQL and SQLite, you must set "utf8"
database_charset: utf8
domain_name: http://read.mossnet.lan/
domain_name: http://read.mossnet.lan
server_name: "mossnet wallabag instance"
mailer_dsn: null://