sin_serhao/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: sin_serhao:5affde5fff2174582e5d061abcb7b31834172a0e
Branches Tags
sin_serhao:master sin_serhao:authelia sin_serhao:disk sin_serhao:test-deploy
..
compare: sin_serhao:disk
Branches Tags
sin_serhao:master sin_serhao:authelia sin_serhao:disk sin_serhao:test-deploy

6 Commits
5affde5fff ... disk

Author SHA1 Message Date
sin serhao
07ae2f1996 luks
All checks were successful
/ perform flake analysis (push) Successful in 36s
Details
2026-01-15 14:09:07 +01:00
sin serhao
679e8e2781 single disk array
All checks were successful
/ perform flake analysis (push) Successful in 40s
Details
2026-01-15 10:32:07 +01:00
sin serhao
637433e101 disk
All checks were successful
/ perform flake analysis (push) Successful in 37s
Details
2026-01-13 22:33:20 +01:00
Sin Ser'hao
5c1dec5c27 remove secrets
Some checks failed
/ build hive configuration (push) Failing after 1m7s
Details
/ perform flake analysis (push) Successful in 1m23s
Details
2026-01-09 16:58:32 +01:00
Sin Ser'hao
a194e1fb90 mkem
Some checks failed
/ perform flake analysis (push) Successful in 36s
Details
/ build hive configuration (push) Failing after 1m11s
Details
2026-01-09 16:56:05 +01:00
Sin Ser'hao
9a20f7846e remove nix-serve 2026-01-09 16:43:09 +01:00
9 changed files with 29 additions and 64 deletions
Expand all files Collapse all files

5
.gitea/workflows/deploy.yaml
View File

@@ -5,6 +5,9 @@ on:
jobs: jobs:
deploy: deploy:
container:
volumes:
- /nix/store:/var/nix/hosted-store
permissions: permissions:
contents: read contents: read
id-token: write id-token: write
@@ -26,7 +29,7 @@ jobs:
with: with:
extra_nix_config: | extra_nix_config: |
extra-trusted-public-keys = localhost:TiRpr2LzamX/MCKBUmFlZ8inWz94QWGL88fMEHg9Kgc= extra-trusted-public-keys = localhost:TiRpr2LzamX/MCKBUmFlZ8inWz94QWGL88fMEHg9Kgc=
substituters = http://localhost:5000 extra-substituters = "local?store=/var/nix/hosted-store&priority=20"
secret-key-files = /var/secrets/cache_privkey secret-key-files = /var/secrets/cache_privkey
post-build-hook = /etc/nix/upload-to-cache.sh post-build-hook = /etc/nix/upload-to-cache.sh
- name: Install SSH key - name: Install SSH key

21
flake.nix
View File

@@ -65,6 +65,26 @@
); );
in in
{ {
nixosConfigurations = {
sin = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
disko.nixosModules.disko
agenix.nixosModules.default
./hosts/sin/configuration.nix
./hosts/sin/hardware-configuration.nix
]
++ [
# modules
./modules/gitea/sin
];
specialArgs = {
inherit inputs;
};
};
};
colmenaHive = colmena.lib.makeHive { colmenaHive = colmena.lib.makeHive {
meta = { meta = {
nixpkgs = import nixpkgs { nixpkgs = import nixpkgs {
@@ -118,6 +138,7 @@
]; ];
deployment.targetHost = "192.168.1.14"; deployment.targetHost = "192.168.1.14";
deployment.allowLocalDeployment = true;
}; };
}; };
devShells = forEachSupportedSystem ( devShells = forEachSupportedSystem (

32
hosts/sin/luks-btrfs-raid.nix
View File

@@ -50,39 +50,17 @@
}; };
}; };
data1 = { data = {
type = "disk"; type = "disk";
device = "/dev/sda"; device = "/dev/sda";
content = { content = {
type = "gpt"; type = "gpt";
partitions = { partitions = {
crypt_p1 = { crypt_p = {
size = "100%"; size = "100%";
content = { content = {
type = "luks"; type = "luks";
name = "p_data1"; # device-mapper name when decrypted name = "p_data";
# Remove settings.keyFile if you want to use interactive password entry
settings = {
allowDiscards = true;
keyFile = "/dev/disk/by-uuid/2021-07-11-12-33-27-00";
keyFileSize = 4096;
};
};
};
};
};
};
data2 = {
type = "disk";
device = "/dev/sdb";
content = {
type = "gpt";
partitions = {
crypt_p2 = {
size = "100%";
content = {
type = "luks";
name = "p_data2";
# Remove settings.keyFile if you want to use interactive password entry # Remove settings.keyFile if you want to use interactive password entry
settings = { settings = {
allowDiscards = true; allowDiscards = true;
@@ -91,10 +69,6 @@
}; };
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = [
"-d raid0"
"/dev/mapper/p_data1" # Use decrypted mapped device, same name as defined in disk1
];
subvolumes = { subvolumes = {
"/" = { "/" = {
mountpoint = "/mnt/fs"; mountpoint = "/mnt/fs";

1
hosts/thea/configuration.nix
View File

@@ -20,7 +20,6 @@ in
# ./cybercoffee # ./cybercoffee
./ollama.nix ./ollama.nix
./minecraft.nix ./minecraft.nix
./secrets
./nix-serve.nix ./nix-serve.nix
]; ];

12
hosts/thea/nix-serve.nix
View File

@@ -1,12 +0,0 @@
{
pkgs,
config,
lib,
...
}:
{
services.nix-serve = {
enable = true;
secretKeyFile = config.age.secrets.cache-privkey.path;
};
}

1
hosts/thea/ressources/cache/pubkey.pem vendored
View File

@@ -1 +0,0 @@
localhost:TiRpr2LzamX/MCKBUmFlZ8inWz94QWGL88fMEHg9Kgc=

10
hosts/thea/secrets/cache-privkey.age
View File

@@ -1,10 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 QvCxGg uhxooXKWZwPQUJ2Dxu127JDdXC3fjcEZPHK1n1nXSHs
8ZGyYyxHfQ2xpquGVWRaNBILDPGfxRxVWYXTTbPcmvU
-> ssh-ed25519 /uqj4A ZJjtn6qWDXjOfYm/wa9Ch87yC7Wn/xIPvfLZkNfLD1A
oh84B629HMAX7d6kBAks/mnbwYla0gzLxZ1yTTGuYrE
-> ssh-ed25519 70Re8Q B01cYHBUptpfgjrZrEb1UO7mjFNBxYQRphMIMDmh4QQ
KOwjzGz+DIlX0dhJyhjAG5Z6j+MERa/+tDO4FOgxnGo
--- l76GMa1frNIiNiloxdLv9HqSpMPVZYFhS5oVE10U9QI
<EFBFBD>îá²KÍ!*dí¾”7N¦í½3S7×è9þ$öWšLõªa¦7¹(Ì<>áؼCå¦ç¨<C3A7>acøíßì
ÝÅÞ†‹ `OŠê-òP<C3B2>áïïXf<58>¯È+‰ìº½½

9
hosts/thea/secrets/default.nix
View File

@@ -1,9 +0,0 @@
{ ... }:
{
age.secrets = {
cache-privkey = {
file = ./cache-privkey.age;
mode = "700";
};
};
}

2
modules/gitea/thea/virtualisation.nix
View File

@@ -24,7 +24,7 @@
container: container:
network: "host" network: "host"
valid_volumes: valid_volumes:
- "/nix/store:/nix/store" - "/var/nix/hosted-store"
''; '';
}; };
in in