sin_serhao/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: sin_serhao:7bdb31c46c14f95c5ee0f7b0ae97313778123afc
Branches Tags
sin_serhao:master
sin_serhao:test-deploy
..
compare: sin_serhao:733a125f775dafe1ad636504bbab7dca14df15b8
Branches Tags
sin_serhao:master
sin_serhao:test-deploy

No commits in common. "7bdb31c46c14f95c5ee0f7b0ae97313778123afc" and "733a125f775dafe1ad636504bbab7dca14df15b8" have entirely different histories.
7bdb31c46c ... 733a125f77

13 changed files with 254 additions and 215 deletions
Show Stats Expand all files Collapse all files

15
.gitea/workflows/analysis.yaml
View File

@ -1,15 +0,0 @@
on: [push]
jobs:
analysis:
permissions:
contents: read
id-token: write
name: perform flake analysis
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main
- uses: DeterminateSystems/magic-nix-cache-action@main
- name: Check Nix flake inputs
uses: http://github.com/DeterminateSystems/flake-checker-action@main

14
.gitea/workflows/analysis.yml Normal file
View File

@ -0,0 +1,14 @@
on: [push]
jobs:
build:
name: Build Nix targets
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: http://github.com/cachix/install-nix-action@v18
- uses: http://github.com/cachix/cachix-action@v12
with:
name: statix
- name: Check Nix flake inputs
uses: http://github.com/DeterminateSystems/flake-checker-action@main

42
.gitea/workflows/deploy.yaml
View File

@ -1,42 +0,0 @@
on:
push:
branches:
- master
jobs:
deploy:
permissions:
contents: read
id-token: write
name: build hive configuration
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: DeterminateSystems/nix-installer-action@main
- name: Restore and save Nix store
uses: nix-community/cache-nix-action@v6
with:
# restore and save a cache using this key
primary-key: nix-${{ runner.os }}-${{ hashFiles('**/*.nix', '**/flake.lock') }}
# if there's no cache hit, restore a cache by this prefix
restore-prefixes-first-match: nix-${{ runner.os }}-
# collect garbage until the Nix store size (in bytes) is at most this number
# before trying to save a new cache
# 1G = 1073741824
gc-max-store-size-linux: 1G
# do purge caches
purge: true
# purge all versions of the cache
purge-prefixes: nix-${{ runner.os }}-
# created more than this number of seconds ago
purge-created: 60000
purge-primary-key: never
- name: Install SSH key
uses: shimataro/ssh-key-action@v2
with:
key: ${{ secrets.SSH_KEY }}
known_hosts: ${{ secrets.KNOWN_HOSTS }}
- uses: http://github.com/cachix/cachix-action@v16
with:
name: colmena
- run: nix run .#colmena apply

190
flake.lock generated
View File

@ -8,11 +8,11 @@
"systems": "systems"
},
"locked": {
"lastModified": 1762618334,
"narHash": "sha256-wyT7Pl6tMFbFrs8Lk/TlEs81N6L+VSybPfiIgzU8lbQ=",
"lastModified": 1754433428,
"narHash": "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=",
"owner": "ryantm",
"repo": "agenix",
"rev": "fcdea223397448d35d9b31f798479227e80183f6",
"rev": "9edb1787864c4f59ae5074ad498b6272b3ec308d",
"type": "github"
},
"original": {
@ -30,11 +30,11 @@
"stable": "stable"
},
"locked": {
"lastModified": 1762034856,
"narHash": "sha256-QVey3iP3UEoiFVXgypyjTvCrsIlA4ecx6Acaz5C8/PQ=",
"lastModified": 1755272288,
"narHash": "sha256-ypTPb2eKcOBbOoyvPV0j4ZOXs4kayo73/2KI456QnE0=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "349b035a5027f23d88eeb3bc41085d7ee29f18ed",
"rev": "5bf4ce6a24adba74a5184f4a9bef01d545a09473",
"type": "github"
},
"original": {
@ -49,11 +49,11 @@
"nixpkgs": "nixpkgs_3"
},
"locked": {
"lastModified": 1762095388,
"narHash": "sha256-7Q8LtcvKWHbP8znARRTOY2tpU5WoV6FHwp5TZJOI8Us=",
"lastModified": 1760309387,
"narHash": "sha256-yCjkJuQbt6DjdS1XJL2uwyLu1AcmDvlyMGojBq8Ua38=",
"owner": "9001",
"repo": "copyparty",
"rev": "ac085b8149ff50e03d260128596dd130ed1c7cae",
"rev": "d099e5e84e191d67a7bffa574ab39b6d0d4f6adf",
"type": "github"
},
"original": {
@ -91,11 +91,11 @@
]
},
"locked": {
"lastModified": 1762276996,
"narHash": "sha256-TtcPgPmp2f0FAnc+DMEw4ardEgv1SGNR3/WFGH0N19M=",
"lastModified": 1758287904,
"narHash": "sha256-IGmaEf3Do8o5Cwp1kXBN1wQmZwQN3NLfq5t4nHtVtcU=",
"owner": "nix-community",
"repo": "disko",
"rev": "af087d076d3860760b3323f6b583f4d828c1ac17",
"rev": "67ff9807dd148e704baadbd4fd783b54282ca627",
"type": "github"
},
"original": {
@ -233,11 +233,11 @@
"nixpkgs": "nixpkgs_4"
},
"locked": {
"lastModified": 1762826586,
"narHash": "sha256-KlPcXOxxyv+KNcf7yNFQ4DGVFbOpITqHfvMcAUYrL7E=",
"lastModified": 1760234253,
"narHash": "sha256-ElkSuw4RxtyOY3mThezUpOM8c0fTNWlL0we/deGiTZU=",
"owner": "Infinidoge",
"repo": "nix-minecraft",
"rev": "1a4fa22ec6e9f2ece24fca273352463b75f6f7c0",
"rev": "a82ae8f5079a134d33337cf211d7617f1268b301",
"type": "github"
},
"original": {
@ -311,11 +311,11 @@
},
"nixpkgs_5": {
"locked": {
"lastModified": 1762756533,
"narHash": "sha256-HiRDeUOD1VLklHeOmaKDzf+8Hb7vSWPVFcWwaTrpm+U=",
"lastModified": 1759994382,
"narHash": "sha256-wSK+3UkalDZRVHGCRikZ//CyZUJWDJkBDTQX1+G77Ow=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c2448301fb856e351aab33e64c33a3fc8bcf637d",
"rev": "5da4a26309e796daa7ffca72df93dbe53b8164c7",
"type": "github"
},
"original": {
@ -340,6 +340,36 @@
}
},
"nixpkgs_7": {
"locked": {
"lastModified": 1744440957,
"narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-24.11",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_8": {
"locked": {
"lastModified": 1744463964,
"narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=",
"rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650",
"revCount": 782401,
"type": "tarball",
"url": "https://api.flakehub.com/f/pinned/NixOS/nixpkgs/0.1.782401%2Brev-2631b0b7abcea6e640ce31cd78ea58910d31e650/01962c8a-63c4-7abd-a3df-63a17b548cc7/source.tar.gz"
},
"original": {
"type": "tarball",
"url": "https://flakehub.com/f/NixOS/nixpkgs/0.1.%2A.tar.gz"
}
},
"nixpkgs_9": {
"locked": {
"lastModified": 1736549401,
"narHash": "sha256-ibkQrMHxF/7TqAYcQE+tOnIsSEzXmMegzyBWza6uHKM=",
@ -355,6 +385,56 @@
"type": "github"
}
},
"pyproject-build-systems": {
"inputs": {
"nixpkgs": [
"striped-back",
"nixpkgs"
],
"pyproject-nix": [
"striped-back",
"pyproject-nix"
],
"uv2nix": [
"striped-back",
"uv2nix"
]
},
"locked": {
"lastModified": 1744599653,
"narHash": "sha256-nysSwVVjG4hKoOjhjvE6U5lIKA8sEr1d1QzEfZsannU=",
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"rev": "7dba6dbc73120e15b558754c26024f6c93015dd7",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "build-system-pkgs",
"type": "github"
}
},
"pyproject-nix": {
"inputs": {
"nixpkgs": [
"striped-back",
"nixpkgs"
]
},
"locked": {
"lastModified": 1743438845,
"narHash": "sha256-1GSaoubGtvsLRwoYwHjeKYq40tLwvuFFVhGrG8J9Oek=",
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"rev": "8063ec98edc459571d042a640b1c5e334ecfca1e",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "pyproject.nix",
"type": "github"
}
},
"root": {
"inputs": {
"agenix": "agenix",
@ -364,6 +444,8 @@
"nix-minecraft": "nix-minecraft",
"nixpkgs": "nixpkgs_5",
"shoblog-front": "shoblog-front",
"striped-back": "striped-back",
"striped-front": "striped-front",
"testing-grounds": "testing-grounds",
"unstable": "unstable"
}
@ -402,6 +484,45 @@
"type": "github"
}
},
"striped-back": {
"inputs": {
"nixpkgs": "nixpkgs_7",
"pyproject-build-systems": "pyproject-build-systems",
"pyproject-nix": "pyproject-nix",
"uv2nix": "uv2nix"
},
"locked": {
"lastModified": 1748719386,
"narHash": "sha256-nyXHemXPEKnqIVIYIorSbt64zRwMvijyGQGCW3zUUkc=",
"ref": "refs/heads/master",
"rev": "bdfd6f1f4aac6a00ae4509f14b3a63c84d169edf",
"revCount": 8,
"type": "git",
"url": "ssh://git@gitlab.com/striped1/striped-back"
},
"original": {
"type": "git",
"url": "ssh://git@gitlab.com/striped1/striped-back"
}
},
"striped-front": {
"inputs": {
"nixpkgs": "nixpkgs_8"
},
"locked": {
"lastModified": 1748718798,
"narHash": "sha256-KUxbrUjRfuKjkJZLzKr11WEXLfPs38YrW/CMG6XbnbY=",
"ref": "refs/heads/master",
"rev": "a553f10147dad9e41829f67b247817a079f6f671",
"revCount": 11,
"type": "git",
"url": "ssh://git@gitlab.com/striped1/striped-front"
},
"original": {
"type": "git",
"url": "ssh://git@gitlab.com/striped1/striped-front"
}
},
"systems": {
"locked": {
"lastModified": 1681028828,
@ -434,7 +555,7 @@
},
"testing-grounds": {
"inputs": {
"nixpkgs": "nixpkgs_7"
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1755527993,
@ -452,11 +573,11 @@
},
"unstable": {
"locked": {
"lastModified": 1762596750,
"narHash": "sha256-rXXuz51Bq7DHBlfIjN7jO8Bu3du5TV+3DSADBX7/9YQ=",
"lastModified": 1760038930,
"narHash": "sha256-Oncbh0UmHjSlxO7ErQDM3KM0A5/Znfofj2BSzlHLeVw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "b6a8526db03f735b89dd5ff348f53f752e7ddc8e",
"rev": "0b4defa2584313f3b781240b29d61f6f9f7e0df3",
"type": "github"
},
"original": {
@ -465,6 +586,31 @@
"repo": "nixpkgs",
"type": "github"
}
},
"uv2nix": {
"inputs": {
"nixpkgs": [
"striped-back",
"nixpkgs"
],
"pyproject-nix": [
"striped-back",
"pyproject-nix"
]
},
"locked": {
"lastModified": 1744797880,
"narHash": "sha256-gt9JBkYjZAEvGwCG7RMAAAr0j2RsaRmOMj/vV0briXk=",
"owner": "pyproject-nix",
"repo": "uv2nix",
"rev": "3583e037163491ecd833f1d5d3eedf3869543c5d",
"type": "github"
},
"original": {
"owner": "pyproject-nix",
"repo": "uv2nix",
"type": "github"
}
}
},
"root": "root",

16
flake.nix
View File

@ -18,8 +18,8 @@
nix-minecraft.url = "github:Infinidoge/nix-minecraft";
testing-grounds.url = "gitlab:shobu13/testing-grounds";
shoblog-front.url = "gitlab:shobu13/shoblog";
# striped-front.url = "git+ssh://git@gitlab.com/striped1/striped-front";
# striped-back.url = "git+ssh://git@gitlab.com/striped1/striped-back";
striped-front.url = "git+ssh://git@gitlab.com/striped1/striped-front";
striped-back.url = "git+ssh://git@gitlab.com/striped1/striped-back";
copyparty.url = "github:9001/copyparty";
@ -38,8 +38,8 @@
disko,
shoblog-front,
# striped-front,
# striped-back,
striped-front,
striped-back,
nix-minecraft,
testing-grounds,
copyparty,
@ -78,7 +78,7 @@
./modules/gitea/${name}
];
deployment.targetHost = "192.168.1.12";
deployment.targetHost = "thea.homelab.local";
};
sin = {name, nodes, pkgs, ...}: {
@ -92,7 +92,7 @@
./modules/gitea/${name}
];
deployment.targetHost = "192.168.1.14";
deployment.targetHost = "sin.homelab.local";
};
};
devShells = forEachSupportedSystem ({ pkgs }: {
@ -109,9 +109,5 @@
'';
};
});
packages = forEachSupportedSystem ({pkgs}: {
inherit (colmena.packages."${pkgs.system}") colmena;
});
};
}

6
hosts/sin/configuration.nix
View File

@ -29,11 +29,9 @@
networking = {
hostName = "sin";
networkmanager.enable = true;
nameservers = [ "10.0.0.4" ];
# nameservers = [ "10.0.0.4" ];
# dhcpcd.extraConfig = "nohook resolv.conf";
dhcpcd.extraConfig = "nohook resolv.conf";
firewall = {
allowedTCPPorts = [

2
hosts/sin/coredns/default.nix
View File

@ -1,6 +1,6 @@
{...}: {
services.coredns = {
enable = false;
enable = true;
config = ''
homelab.local {
log

8
hosts/sin/homepage.nix
View File

@ -1,12 +1,12 @@
{ inputs, pkgs, ... }:
{
{inputs, pkgs, ...}: {
services.homepage-dashboard = {
enable = true;
openFirewall = true;
allowedHosts = "dashboard.shobu.fr";
settings = {
title = "Shobu's homelab dashboard";
description = "a dashboard of free and awesome bullshit";
description = "a dashboard of free and wesome bullshit";
startUrl = "https://dashboard.shobu.fr";
base = "https://dashboard.shobu.fr";
headerStyle = "boxed";
@ -44,7 +44,7 @@
widgets = [
{
greeting = {
text = "Welcome on my services and links dashboard, make yourself home. :3";
text = "Welcome on my services and links dashboard, make yourself home.";
};
}
{

12
hosts/thea/configuration.nix
View File

@ -2,9 +2,7 @@
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, nodes, ... }:let
sin-address = "192.168.1.14";
in
{ config, lib, pkgs, nodes, ... }:
{
imports =
@ -24,11 +22,9 @@ in
networking = {
hostName = "thea"; # Define your hostname.
networkmanager.enable = true;
nameservers = [ "10.0.0.4" ];
# nameservers = [ "10.0.0.4" ];
# dhcpcd.extraConfig = "nohook resolv.conf";
dhcpcd.extraConfig = "nohook resolv.conf";
firewall = {
allowedTCPPorts = [ nodes.sin.config.services.gitea.settings.server.SSH_PORT ];
@ -41,7 +37,7 @@ in
# TODO refactor this in the gitea/n100 module
sourcePort = nodes.sin.config.services.gitea.settings.server.SSH_PORT;
proto = "tcp";
destination = "${sin-address}:22";
destination = "10.0.0.4:22";
} ];
};
};

32
hosts/thea/nginx.nix
View File

@ -1,8 +1,6 @@
{inputs, ...}:
let
# striped-front = inputs.striped-front;
sin-address = "192.168.1.14";
striped-front = inputs.striped-front;
in {
networking.firewall.allowedTCPPorts = [ 80 443 8448 ];
@ -20,7 +18,7 @@ in {
forceSSL = true;
locations."/" = {
proxyPass = "http://${sin-address}:${port}";
proxyPass = "http://10.0.0.4:${port}";
proxyWebsockets = true;
extraConfig = ''
proxy_ssl_server_name on;
@ -59,7 +57,7 @@ in {
forceSSL = true;
locations."/" = {
proxyPass = "http://${sin-address}:8001";
proxyPass = "http://10.0.0.4:8001";
extraConfig = ''
proxy_ssl_server_name on;
'';
@ -70,25 +68,25 @@ in {
forceSSL = true;
locations."/" = {
proxyPass = "http://${sin-address}:8000";
proxyPass = "http://10.0.0.4:8000";
proxyWebsockets = true;
extraConfig = ''
proxy_ssl_server_name on;
'';
};
};
# "striped.shobu.fr" = {
# enableACME = true;
# forceSSL = true;
"striped.shobu.fr" = {
enableACME = true;
forceSSL = true;
# root = "${striped-front.packages.x86_64-linux.default}/dist";
# };
root = "${striped-front.packages.x86_64-linux.default}/dist";
};
"dashboard.shobu.fr" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://${sin-address}:8082";
proxyPass = "http://10.0.0.4:8082";
};
};
"git.shobu.fr" = {
@ -96,7 +94,7 @@ in {
forceSSL = true;
locations."/" = {
proxyPass = "http://${sin-address}:3000";
proxyPass = "http://10.0.0.4:3000";
};
};
"files.shobu.fr" = {
@ -104,7 +102,7 @@ in {
forceSSL = true;
locations."/" = {
proxyPass = "http://${sin-address}:8086";
proxyPass = "http://10.0.0.4:8086";
};
};
# "matrix.shobu.fr" = {
@ -113,9 +111,9 @@ in {
# locations."/".extraConfig = ''
# return 404;
# '';
# locations."/_matrix".proxyPass = "http://${sin-address}:8008";
# locations."/_synapse/client".proxyPass = "http://${sin-address}:8008";
# locations."/.well-known/matrix/server".proxyPass = "http://${sin-address}:8008/.well-known/matrix/server";
# locations."/_matrix".proxyPass = "http://10.0.0.4:8008";
# locations."/_synapse/client".proxyPass = "http://10.0.0.4:8008";
# locations."/.well-known/matrix/server".proxyPass = "http://10.0.0.4:8008/.well-known/matrix/server";
# };
}
);

7
hosts/thea/shares.nix
View File

@ -1,13 +1,10 @@
{...}: let
sin-address = "192.168.1.14";
in
{
{...}: {
boot.supportedFilesystems = [ "fuse.sshfs" ];
programs.fuse.userAllowOther = true;
fileSystems = {
"/mnt/shares/data" = {
device = "shobu@${sin-address}:/mnt/data/";
device = "shobu@10.0.0.4:/mnt/data/";
fsType = "fuse.sshfs";
options = [
"debug"

54
modules/gitea/thea/default.nix
View File

@ -1,56 +1,10 @@
{
nodes,
inputs,
pkgs,
...
}:
let
sin-address = "192.168.1.14";
unstable = import inputs.unstable { system = pkgs.system; };
in
{
{nodes, ...}:{
imports = [
./virtualisation.nix
];
networking.nat.forwardPorts = [
{
networking.nat.forwardPorts = [{
sourcePort = nodes.sin.config.services.gitea.settings.server.SSH_PORT;
proto = "tcp";
destination = "${sin-address}:22";
}
];
services.gitea-actions-runner.package = unstable.gitea-actions-runner;
# services.gitea-actions-runner.instances = {
# "gitea.shobu.fr-runner" = {
# enable = true;
# name = "gitea.shobu.fr-runner";
# url = nodes.sin.config.services.gitea.settings.server.ROOT_URL;
# token = "uEDPBW6Z9oItAKRtloVwis0LkPbD4OmV2w5esOhW";
# labels = [
# "ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04"
# ];
# settings = {
# cache = {
# # Enable cache server to use actions/cache.
# enabled = true;
# # The directory to store the cache data.
# # If it's empty, the cache data will be stored in $HOME/.cache/actcache.
# dir = "";
# # The host of the cache server.
# # It's not for the address to listen, but the address to connect from job containers.
# # So 0.0.0.0 is a bad choice, leave it empty to detect automatically.
# host = "";
# # The port of the cache server.
# # 0 means to use a random available port.
# port = 0;
# # The external cache server URL. Valid only when enable is true.
# # If it's specified, act_runner will use this URL as the ACTIONS_CACHE_URL rather than start a server by itself.
# # The URL should generally end with "/".
# external_server = "";
# };
# };
# };
# };
destination = "10.0.0.4:22";
}];
}

11
modules/gitea/thea/virtualisation.nix
View File

@ -1,5 +1,4 @@
{ nodes, pkgs, ... }:
{
{nodes, pkgs, ...}: {
systemd.sockets.podman.socketConfig.Symlinks = [
"/run/docker.sock"
];
@ -16,17 +15,15 @@
};
};
virtualisation.oci-containers.containers =
let
virtualisation.oci-containers.containers = let
runner_config = pkgs.writeTextFile {
name = "config.yml";
text = ''
container:
network: "host"
network: "bridge"
'';
};
in
{
in {
gitea-runner = {
image = "gitea/act_runner@sha256:8477d5b61b655caad4449888bae39f1f34bebd27db56cb15a62dccb3dcf3a944";
autoStart = true;