Compare commits

..

No commits in common. "4809eb83a4d784480a1e821ef1ffeb9474ce206c" and "a8793b42479fa1ab77256dd2e3079d91315ec5d8" have entirely different histories.

17 changed files with 231 additions and 52 deletions

View file

@ -1,14 +1,68 @@
{
"nodes": {
"attic": {
"inputs": {
"crane": "crane",
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1692225040,
"narHash": "sha256-jbQNvkgWGioiC6S39dZVyn6us8p/DlEvm5hQKEYkzDU=",
"owner": "zhaofengli",
"repo": "attic",
"rev": "b43d12082e34bceb26038bdad0438fd68804cfcd",
"type": "github"
},
"original": {
"owner": "zhaofengli",
"repo": "attic",
"type": "github"
}
},
"crane": {
"inputs": {
"flake-compat": "flake-compat_2",
"flake-utils": "flake-utils",
"flake-compat": [
"attic",
"flake-compat"
],
"flake-utils": [
"attic",
"flake-utils"
],
"nixpkgs": [
"attic",
"nixpkgs"
],
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1677892403,
"narHash": "sha256-/Wi0L1spSWLFj+UQxN3j0mPYMoc7ZoAujpUF/juFVII=",
"owner": "ipetkov",
"repo": "crane",
"rev": "105e27adb70a9890986b6d543a67761cbc1964a2",
"type": "github"
},
"original": {
"owner": "ipetkov",
"repo": "crane",
"type": "github"
}
},
"crane_2": {
"inputs": {
"flake-compat": "flake-compat_3",
"flake-utils": "flake-utils_2",
"nixpkgs": [
"ironbar",
"nixpkgs"
],
"rust-overlay": "rust-overlay"
"rust-overlay": "rust-overlay_2"
},
"locked": {
"lastModified": 1693439040,
@ -26,7 +80,7 @@
},
"deploy-rs": {
"inputs": {
"flake-compat": "flake-compat",
"flake-compat": "flake-compat_2",
"nixpkgs": [
"nixpkgs"
],
@ -47,6 +101,22 @@
}
},
"flake-compat": {
"flake": false,
"locked": {
"lastModified": 1673956053,
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
"type": "github"
},
"original": {
"owner": "edolstra",
"repo": "flake-compat",
"type": "github"
}
},
"flake-compat_2": {
"flake": false,
"locked": {
"lastModified": 1668681692,
@ -62,7 +132,7 @@
"type": "github"
}
},
"flake-compat_2": {
"flake-compat_3": {
"flake": false,
"locked": {
"lastModified": 1673956053,
@ -97,6 +167,21 @@
}
},
"flake-utils": {
"locked": {
"lastModified": 1667395993,
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_2": {
"inputs": {
"systems": "systems_2"
},
@ -114,7 +199,7 @@
"type": "github"
}
},
"flake-utils_2": {
"flake-utils_3": {
"inputs": {
"systems": "systems_3"
},
@ -203,12 +288,12 @@
},
"ironbar": {
"inputs": {
"crane": "crane",
"crane": "crane_2",
"naersk": "naersk",
"nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay_2"
"rust-overlay": "rust-overlay_3"
},
"locked": {
"lastModified": 1695668783,
@ -352,6 +437,22 @@
}
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1685004253,
"narHash": "sha256-AbVL1nN/TDicUQ5wXZ8xdLERxz/eJr7+o8lqkIOVuaE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "3e01645c40b92d29f3ae76344a6d654986a91a91",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1694908564,
"narHash": "sha256-ducA98AuWWJu5oUElIzN24Q22WlO8bOfixGzBgzYdVc=",
@ -385,6 +486,7 @@
},
"root": {
"inputs": {
"attic": "attic",
"deploy-rs": "deploy-rs",
"home-manager": "home-manager",
"hyprland": "hyprland",
@ -397,6 +499,33 @@
}
},
"rust-overlay": {
"inputs": {
"flake-utils": [
"attic",
"crane",
"flake-utils"
],
"nixpkgs": [
"attic",
"crane",
"nixpkgs"
]
},
"locked": {
"lastModified": 1675391458,
"narHash": "sha256-ukDKZw922BnK5ohL9LhwtaDAdCsJL7L6ScNEyF1lO9w=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "383a4acfd11d778d5c2efcf28376cbd845eeaedf",
"type": "github"
},
"original": {
"owner": "oxalica",
"repo": "rust-overlay",
"type": "github"
}
},
"rust-overlay_2": {
"inputs": {
"flake-utils": [
"ironbar",
@ -423,9 +552,9 @@
"type": "github"
}
},
"rust-overlay_2": {
"rust-overlay_3": {
"inputs": {
"flake-utils": "flake-utils_2",
"flake-utils": "flake-utils_3",
"nixpkgs": [
"ironbar",
"nixpkgs"
@ -450,7 +579,7 @@
"nixpkgs": [
"nixpkgs"
],
"nixpkgs-stable": "nixpkgs-stable"
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1695284550,

View file

@ -25,6 +25,10 @@
url = "github:JakeStanger/ironbar";
inputs.nixpkgs.follows = "nixpkgs";
};
attic = {
url = "github:zhaofengli/attic";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-index-database = {
url = "github:Mic92/nix-index-database";
inputs.nixpkgs.follows = "nixpkgs";

View file

@ -4,6 +4,7 @@ inputs: let
hmModule = inputs.home-manager.nixosModules.home-manager;
hyprlandModule = inputs.hyprland.homeManagerModules.default;
ironbarModule = inputs.ironbar.homeManagerModules.default;
atticdModule = inputs.attic.nixosModules.atticd;
nix-index-Module = inputs.nix-index-database.hmModules.nix-index;
inherit (inputs.nixpkgs.lib) nixosSystem;
in {
@ -14,6 +15,7 @@ in {
./tsuki
sopsModule
hmModule
atticdModule
{
home-manager = {
useGlobalPkgs = true;
@ -38,6 +40,7 @@ in {
./sakura
sopsModule
hmModule
atticdModule
{
home-manager = {
useGlobalPkgs = true;

View file

@ -1,11 +1,9 @@
{config, ...}: {
sops.secrets.attic-secret = {};
sops.secrets.s3-keyid = {};
sops.secrets.s3-secret-key = {};
services.atticd = {
enable = true;
credentialsFile = config.sops.secrets.attic-secret.path;
credentialsFile = "/etc/attic/atticd.env";
settings = {
listen = "[::]:8100";
allowed-hosts = ["cache.notohh.dev"];
@ -21,12 +19,6 @@
max-size = 256 * 1024; # 256 KiB
};
storage = {
type = "s3";
region = "us-east-005";
bucket = "notoh-binary-cache";
endpoint = "https://s3.us-east-005.backblazeb2.com";
};
garbage-collection = {
interval = "12 hours";
default-retention-period = "2 weeks";

View file

@ -5,7 +5,7 @@
settings = {
global = {
address = "0.0.0.0";
server_name = "matrix.flake.sh";
server_name = "matrix.notohh.dev";
allow_registration = true;
allow_federation = false;
allow_encryption = true;

View file

@ -10,6 +10,7 @@
./dashdot.nix
./grafana.nix
./vaultwarden.nix
./atticd.nix
./conduit.nix
./cloudflareddns.nix
];

View file

@ -19,7 +19,7 @@
server = {
HTTP_PORT = 3200;
DOMAIN = "git.notohh.dev";
ROOT_URL = "https://git.flake.sh";
ROOT_URL = "https://git.notohh.dev";
LANDING_PAGE = "/explore/repos";
};
database = {

View file

@ -3,8 +3,8 @@ _: {
enable = true;
settings = {
server = {
root_url = "https://metrics.flake.sh";
domain = "metrics.flake.sh";
root_url = "https://metrics.notohh.dev";
domain = "metrics.notohh.dev";
enforce_domain = true;
http_addr = "0.0.0.0";
http_port = 3100;

View file

@ -3,8 +3,8 @@ _: {
enable = true;
settings = {
port = 3300;
domain = "scratch.flake.sh";
allowOrigin = ["scratch.flake.sh"];
domain = "scratch.notohh.dev";
allowOrigin = ["scratch.notohh.dev"];
allowAnonymous = true;
allowFreeURL = true;
allowEmailRegister = false;

View file

@ -46,52 +46,59 @@
middlewares = "authelia";
};
foundryvtt = {
rule = "Host(`foundry.flake.sh`)";
rule = "Host(`foundry.notohh.dev`)";
entrypoints = ["websecure"];
service = "foundryvtt";
tls.domains = [{main = "*.flake.sh";}];
tls.domains = [{main = "*.notohh.dev";}];
tls.certresolver = "production";
};
forgejo = {
rule = "Host(`git.flake.sh`)";
gitea = {
rule = "Host(`git.notohh.dev`)";
entrypoints = ["websecure"];
service = "forgejo";
tls.domains = [{main = "*.flake.sh";}];
service = "gitea";
tls.domains = [{main = "*.notohh.dev";}];
tls.certresolver = "production";
};
rustypaste = {
rule = "Host(`i.flake.sh`)";
rule = "Host(`img.notohh.dev`)";
entrypoints = ["websecure"];
service = "rustypaste";
tls.domains = [{main = "*.flake.sh";}];
tls.domains = [{main = "*.notohh.dev";}];
tls.certresolver = "production";
};
grafana = {
rule = "Host(`metrics.flake.sh`)";
rule = "Host(`metrics.notohh.dev`)";
entrypoints = ["websecure"];
service = "grafana";
tls.domains = [{main = "*.flake.sh";}];
tls.domains = [{main = "*.notohh.dev";}];
tls.certresolver = "production";
};
woodpecker-server = {
rule = "Host(`ci.flake.sh`)";
rule = "Host(`ci.notohh.dev`)";
entrypoints = ["websecure"];
service = "woodpecker-server";
tls.domains = [{main = "*.flake.sh";}];
tls.domains = [{main = "*.notohh.dev";}];
tls.certresolver = "production";
};
atticd = {
rule = "Host(`cache.notohh.dev`)";
entrypoints = ["websecure"];
service = "atticd";
tls.domains = [{main = "*.notohh.dev";}];
tls.certresolver = "production";
};
hedgedoc = {
rule = "Host(`scratch.flake.sh`)";
rule = "Host(`scratch.notohh.dev`)";
entrypoints = ["websecure"];
service = "hedgedoc";
tls.domains = [{main = "*.flake.sh";}];
tls.domains = [{main = "*.notohh.dev";}];
tls.certresolver = "production";
};
vaultwarden = {
rule = "Host(`vault.flake.sh`)";
rule = "Host(`vault.notohh.dev`)";
entrypoints = ["websecure"];
service = "vaultwarden";
tls.domains = [{main = "*.flake.sh";}];
tls.domains = [{main = "*.notohh.dev";}];
tls.certresolver = "production";
};
};
@ -100,10 +107,11 @@
dashdot.loadBalancer.servers = [{url = "http://localhost:4000";}];
hugo.loadBalancer.servers = [{url = "http://localhost:1313";}];
foundryvtt.loadBalancer.servers = [{url = "http://localhost:30000";}];
forgejo.loadBalancer.servers = [{url = "http://localhost:3200";}];
gitea.loadBalancer.servers = [{url = "http://localhost:3200";}];
rustypaste.loadBalancer.servers = [{url = "http://localhost:8000";}];
grafana.loadBalancer.servers = [{url = "http://localhost:3100";}];
woodpecker-server.loadBalancer.servers = [{url = "http://localhost:8200";}];
atticd.loadBalancer.servers = [{url = "http://localhost:8100";}];
hedgedoc.loadBalancer.servers = [{url = "http://localhost:3300";}];
vaultwarden.loadBalancer.servers = [{url = "http://localhost:8222";}];
};

View file

@ -4,7 +4,7 @@
package = pkgs.vaultwarden-postgresql;
dbBackend = "postgresql";
config = {
DOMAIN = "https://vault.flake.sh/";
DOMAIN = "https://vault.notohh.dev/";
SIGNUPS_ALLOWED = false;
DATABASE_URL = "postgresql://vaultwarden:vaultwarden@192.168.1.211:5432/vaultwarden";
LOG_LEVEL = "Info";

View file

@ -6,10 +6,10 @@
environment = {
WOODPECKER_SERVER_ADDR = ":8200";
WOODPECKER_GRPC_ADDR = ":8300";
WOODPECKER_HOST = "https://ci.flake.sh";
WOODPECKER_HOST = "https://ci.notohh.dev";
WOODPECKER_OPEN = "false";
WOODPECKER_GITEA = "true";
WOODPECKER_GITEA_URL = "https://git.flake.sh";
WOODPECKER_GITEA_URL = "https://git.notohh.dev";
WOODPECKER_ADMIN = "notohh";
WOODPECKER_AGENT_SECRET = config.sops.secrets.woodpecker-agent-secret.path;
WOODPECKER_LOG_LEVEL = "debug";

View file

@ -26,30 +26,38 @@
service = "api@internal";
};
uptime-kuma = {
rule = "Host(`status.flake.sh`)";
rule = "Host(`status.notohh.dev`)";
entrypoints = ["websecure"];
service = "uptime-kuma";
tls.domains = [{main = "*.flake.sh";}];
tls.domains = [{main = "*.notohh.dev";}];
tls.certresolver = "production";
};
gotify = {
rule = "Host(`gotify.flake.sh`)";
rule = "Host(`gotify.notohh.dev`)";
entrypoints = ["websecure"];
service = "gotify";
tls.domains = [{main = "*.flake.sh";}];
tls.domains = [{main = "*.notohh.dev";}];
tls.certresolver = "production";
};
neko = {
rule = "Host(`neko.notohh.dev`)";
entrypoints = ["websecure"];
service = "neko";
tls.domains = [{main = "neko.notohh.dev";}];
tls.certresolver = "production";
};
conduit = {
rule = "Host(`matrix.flake.sh`)";
rule = "Host(`matrix.notohh.dev`)";
entrypoints = ["websecure"];
service = "conduit";
tls.domains = [{main = "*.flake.sh";}];
tls.domains = [{main = "matrix.notohh.dev";}];
tls.certresolver = "production";
};
};
services = {
uptime-kuma.loadBalancer.servers = [{url = "http://100.87.54.48:4000";}];
gotify.loadBalancer.servers = [{url = "http://100.87.54.48:3000";}];
neko.loadBalancer.servers = [{url = "http://100.110.140.130:8080";}];
conduit.loadBalancer.servers = [{url = "http://100.121.201.47:6167";}];
};
};

View file

@ -94,6 +94,7 @@
qemu_kvm
pinentry-gtk2
jdk17
attic-client
comma
inputs.matugen.packages.x86_64-linux.default
];

View file

@ -8,5 +8,6 @@
./dashdot.nix
./jellyfin.nix
./neko.nix
./vikunja.nix
];
}

View file

@ -40,6 +40,11 @@ _: {
entrypoints = ["web"];
service = "jellyseerr";
};
vikunja-frontend = {
rule = "Host(`vikunja.home.arpa`)";
entrypoints = ["web"];
service = "vikunja-frontend";
};
};
services = {
stash.loadBalancer.servers = [{url = "http://localhost:9999";}];
@ -48,6 +53,7 @@ _: {
searxng.loadBalancer.servers = [{url = "http://localhost:8100";}];
jellyfin.loadBalancer.servers = [{url = "http://localhost:8096";}];
jellyseerr.loadBalancer.servers = [{url = "http://localhost:5055";}];
vikunja-frontend.loadBalancer.servers = [{url = "http://localhost:6789";}];
};
};
};

View file

@ -0,0 +1,26 @@
{pkgs, ...}: {
networking.firewall.allowedTCPPorts = [3456 6789];
virtualisation.oci-containers.containers.vikunja = {
image = "vikunja/api";
environment = {
VIKUNJA_SERVICE_FRONTENDURL = "vikunja.home.arpa";
};
ports = [
"3456:3456"
];
volumes = [
"/home/notoh/docker/vikunja/files:/app/vikunja/files"
];
};
virtualisation.oci-containers.containers.vikunja-frontend = {
image = "vikunja/frontend";
ports = [
"6789:80"
];
environment = {
VIKUNJA_API_URL = "http://192.168.1.36:3456/api/v1";
};
};
}