erwin/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Wiki Activity Actions

Compare commits

base: erwin:97b5cb8504c083d63736b9e0a3fbc3c100273c2a
Branches Tags
erwin:main
...
compare: erwin:4968d2cd3f690b3937bd17bbb2e8d1b9941469a7
Branches Tags
erwin:main

19 commits
97b5cb8504 ... 4968d2cd3f

Author SHA1 Message Date
Erwin Boskma
4968d2cd3f
sops: Update keys for containers 2024-01-02 22:48:01 +01:00
Erwin Boskma
8e957df7f0
colmena: Handle tags 2024-01-02 22:46:48 +01:00
Erwin Boskma
9f47a3d8d5
woodpecker: Update hostname 2024-01-02 22:46:36 +01:00
Erwin Boskma
92edb06f46
tailscale: Set firewall mode when nftables is enabled 2024-01-02 22:46:09 +01:00
Erwin Boskma
e59585530e
keycloak: Update admin UI hashes 2024-01-02 22:45:29 +01:00
Erwin Boskma
09beecf5e3
gitea: Update allowed host list for webhooks 2024-01-02 22:44:49 +01:00
Erwin Boskma
9546c19d9b
docker: Make interface name dependent on whether nftables is used 2024-01-02 22:44:04 +01:00
Erwin Boskma
f3857b3bae
caddy-proxy: Rename drone to ci 2024-01-02 22:43:48 +01:00
Erwin Boskma
ea644b34f5
frigate: Update config 2024-01-02 22:43:34 +01:00
Erwin Boskma
4e8d440a67
k3s: init 2024-01-02 22:41:05 +01:00
Erwin Boskma
4224240da0
pixiecore: init 2024-01-02 22:40:43 +01:00
Erwin Boskma
d99ac2d3f7
Finish configuration for odin on NUC, update containers for Incus 2024-01-02 22:37:05 +01:00
Erwin Boskma
d06576a0ac
flake.lock: Update 
Flake lock file updates:

• Updated input 'emacs-overlay':
    'github:nix-community/emacs-overlay/7fd5b5b760ea726aa4c7670be7d93623936f9bf3' (2024-01-01)
  → 'github:nix-community/emacs-overlay/e3fb072d0225fee400a7d0f8106dd555f950a6bd' (2024-01-02)
• Updated input 'flake-parts':
    'github:hercules-ci/flake-parts/34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5' (2023-12-01)
  → 'github:hercules-ci/flake-parts/88a2cd8166694ba0b6cb374700799cec53aef527' (2024-01-01)
• Updated input 'flake-parts/nixpkgs-lib':
    'github:NixOS/nixpkgs/e92039b55bcd58469325ded85d4f58dd5a4eaf58?dir=lib' (2023-11-29)
  → 'github:NixOS/nixpkgs/b0d36bd0a420ecee3bc916c91886caca87c894e9?dir=lib' (2023-12-30)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/f752581d6723a10da7dfe843e917a3b5e4d8115a' (2024-01-01)
  → 'github:NixOS/nixos-hardware/5bf829d72ccdc05be3343afd81bd922d5748ef4e' (2024-01-02)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/cfc3698c31b1fb9cdcf10f36c9643460264d0ca8' (2023-12-27)
  → 'github:nixos/nixpkgs/b0d36bd0a420ecee3bc916c91886caca87c894e9' (2023-12-30)
 2024-01-02 21:58:38 +01:00
Erwin Boskma
9aaf09f6d2
flake.lock: Update 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/0ce1b15b99ac7c280384f136eae00b968f5b3f72' (2023-12-28)
  → 'github:nix-community/disko/59f915b45a38cb0ec0e97a713237877a06b43386' (2024-01-01)
• Updated input 'emacs-overlay':
    'github:nix-community/emacs-overlay/285a626fe34c40d6f3e3f63f69f4ceb0cfc29e80' (2023-12-30)
  → 'github:nix-community/emacs-overlay/7fd5b5b760ea726aa4c7670be7d93623936f9bf3' (2024-01-01)
• Updated input 'emacs-overlay/nixpkgs-stable':
    'github:NixOS/nixpkgs/d02d818f22c777aa4e854efc3242ec451e5d462a' (2023-12-25)
  → 'github:NixOS/nixpkgs/32f63574c85fbc80e4ba1fbb932cde9619bad25e' (2023-12-31)
• Updated input 'home-manager':
    'github:nix-community/home-manager/2aff324cf65f5f98f89d878c056b779466b17db8' (2023-12-29)
  → 'github:nix-community/home-manager/6e91c5df192395753d8e6d55a0352109cb559790' (2024-01-01)
• Updated input 'microvm':
    'github:astro/microvm.nix/c39a472523d3c99ddfa88df62223a21b19793490' (2023-12-28)
  → 'github:astro/microvm.nix/d5553b1388f2947915c4cec6249b89474046573a' (2024-01-01)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/22ae59fec26591ef72ce4ccb5538c42c5f090fe3' (2023-12-29)
  → 'github:NixOS/nixos-hardware/f752581d6723a10da7dfe843e917a3b5e4d8115a' (2024-01-01)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/319f57cd2c34348c55970a4bf2b35afe82088681' (2023-12-30)
  → 'github:oxalica/rust-overlay/a0df72e106322b67e9c6e591fe870380bd0da0d5' (2024-01-01)
• Updated input 'sops':
    'github:Mic92/sops-nix/e523e89763ff45f0a6cf15bcb1092636b1da9ed3' (2023-12-24)
  → 'github:Mic92/sops-nix/cfdbaf68d00bc2f9e071f17ae77be4b27ff72fa6' (2023-12-31)
• Updated input 'sops/nixpkgs-stable':
    'github:NixOS/nixpkgs/7790e078f8979a9fcd543f9a47427eeaba38f268' (2023-12-23)
  → 'github:NixOS/nixpkgs/0aad9113182747452dbfc68b93c86e168811fa6c' (2023-12-30)
 2024-01-01 19:17:30 +01:00
Erwin Boskma
e8d9859bfa
flake.lock: Update 
Flake lock file updates:

• Updated input 'emacs-overlay':
    'github:nix-community/emacs-overlay/a99d70addcc094dfb2c93d74073850c11c0b5a7f' (2023-12-29)
  → 'github:nix-community/emacs-overlay/285a626fe34c40d6f3e3f63f69f4ceb0cfc29e80' (2023-12-30)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/1bace8cedd4fa4ea9efb5ea17a06b9d92af86206' (2023-12-29)
  → 'github:NixOS/nixos-hardware/22ae59fec26591ef72ce4ccb5538c42c5f090fe3' (2023-12-29)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/5f64a12a728902226210bf01d25ec6cbb9d9265b' (2023-12-24)
  → 'github:nixos/nixpkgs/cfc3698c31b1fb9cdcf10f36c9643460264d0ca8' (2023-12-27)
• Updated input 'pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/7f35ec30d16b38fe0eed8005933f418d1a4693ee' (2023-12-24)
  → 'github:cachix/pre-commit-hooks.nix/9d3d7e18c6bc4473d7520200d4ddab12f8402d38' (2023-12-30)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/2b24e1f369f00f5ae9876e15e12f77e12c9c2374' (2023-12-29)
  → 'github:oxalica/rust-overlay/319f57cd2c34348c55970a4bf2b35afe82088681' (2023-12-30)
 2023-12-30 17:12:17 +01:00
Erwin Boskma
e577fc0ec2
flake.lock: Update 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/1b191113874dee97796749bb21eac3d84735c70a' (2023-12-25)
  → 'github:nix-community/disko/0ce1b15b99ac7c280384f136eae00b968f5b3f72' (2023-12-28)
• Updated input 'emacs-overlay':
    'github:nix-community/emacs-overlay/9147a4227e3db2c461dac05f9e0e7c586f852fb9' (2023-12-26)
  → 'github:nix-community/emacs-overlay/a99d70addcc094dfb2c93d74073850c11c0b5a7f' (2023-12-29)
• Updated input 'emacs-overlay/nixpkgs-stable':
    'github:NixOS/nixpkgs/7790e078f8979a9fcd543f9a47427eeaba38f268' (2023-12-23)
  → 'github:NixOS/nixpkgs/d02d818f22c777aa4e854efc3242ec451e5d462a' (2023-12-25)
• Updated input 'home-manager':
    'github:nix-community/home-manager/80679ea5074ab7190c4cce478c600057cfb5edae' (2023-12-25)
  → 'github:nix-community/home-manager/2aff324cf65f5f98f89d878c056b779466b17db8' (2023-12-29)
• Updated input 'microvm':
    'github:astro/microvm.nix/5a76dfa5fec6c3db8954b90d60a66bbec4684d6a' (2023-12-23)
  → 'github:astro/microvm.nix/c39a472523d3c99ddfa88df62223a21b19793490' (2023-12-28)
• Added input 'microvm/spectrum':
    'git+https://spectrum-os.org/git/spectrum?ref=refs/heads/main&rev=97e2f3429ee61dc37664b4d096b2fec48a57b691' (2023-12-22)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/a15b6e525f5737a47b4ce28445c836996fb2ea8c' (2023-12-25)
  → 'github:NixOS/nixos-hardware/1bace8cedd4fa4ea9efb5ea17a06b9d92af86206' (2023-12-29)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/6df37dc6a77654682fe9f071c62b4242b5342e04' (2023-12-22)
  → 'github:nixos/nixpkgs/5f64a12a728902226210bf01d25ec6cbb9d9265b' (2023-12-24)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/f2b937756343365f9b1ba66ec7a1ca489aef745c' (2023-12-25)
  → 'github:oxalica/rust-overlay/2b24e1f369f00f5ae9876e15e12f77e12c9c2374' (2023-12-29)
 2023-12-29 13:39:52 +01:00
Erwin Boskma
2319c0dc3a
flake.lock: Update 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/2890a8c922a329468e0fa8cab88b83a87240ff24' (2023-12-24)
  → 'github:nix-community/disko/1b191113874dee97796749bb21eac3d84735c70a' (2023-12-25)
• Updated input 'emacs-overlay':
    'github:nix-community/emacs-overlay/28c6b6217ef2b5346ad4fb08365cdb6e116e521a' (2023-12-24)
  → 'github:nix-community/emacs-overlay/9147a4227e3db2c461dac05f9e0e7c586f852fb9' (2023-12-26)
• Updated input 'emacs-overlay/nixpkgs-stable':
    'github:NixOS/nixpkgs/312ab59e8ade69e6083017bd9b98a2919f1fb86a' (2023-12-20)
  → 'github:NixOS/nixpkgs/7790e078f8979a9fcd543f9a47427eeaba38f268' (2023-12-23)
• Updated input 'home-manager':
    'github:nix-community/home-manager/a2523ea0343b056ba240abbac90ab5f116a7aa7b' (2023-12-23)
  → 'github:nix-community/home-manager/80679ea5074ab7190c4cce478c600057cfb5edae' (2023-12-25)
• Updated input 'nixos-hardware':
    'github:NixOS/nixos-hardware/7763c6fd1f299cb9361ff2abf755ed9619ef01d6' (2023-12-13)
  → 'github:NixOS/nixos-hardware/a15b6e525f5737a47b4ce28445c836996fb2ea8c' (2023-12-25)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/cb6395cb3c2f69ad028914c90bce833e51d339c9' (2023-12-24)
  → 'github:oxalica/rust-overlay/f2b937756343365f9b1ba66ec7a1ca489aef745c' (2023-12-25)
 2023-12-26 12:52:19 +01:00
Erwin Boskma
1909c8c36f
flake.lock: Update 
Flake lock file updates:

• Updated input 'disko':
    'github:nix-community/disko/b4104fcaea42037b04c199a5d6784682a15be254' (2023-12-20)
  → 'github:nix-community/disko/2890a8c922a329468e0fa8cab88b83a87240ff24' (2023-12-24)
• Updated input 'emacs-overlay':
    'github:nix-community/emacs-overlay/47798c4ab07d5f055bb2625010cf6d8e3f384923' (2023-12-12)
  → 'github:nix-community/emacs-overlay/28c6b6217ef2b5346ad4fb08365cdb6e116e521a' (2023-12-24)
• Updated input 'emacs-overlay/nixpkgs-stable':
    'github:NixOS/nixpkgs/c2786e7084cbad90b4f9472d5b5e35ecb57958af' (2023-12-10)
  → 'github:NixOS/nixpkgs/312ab59e8ade69e6083017bd9b98a2919f1fb86a' (2023-12-20)
• Updated input 'eww':
    'github:elkowar/eww/fff40ce1a78d4d75bf63a8ee33dd7d9be8dc289e' (2023-12-11)
  → 'github:elkowar/eww/65d622c81f2e753f462d23121fa1939b0a84a3e0' (2023-12-20)
• Updated input 'home-manager':
    'github:nix-community/home-manager/efc177c15f2a8bb063aeb250fe3c7c21e1de265e' (2023-12-19)
  → 'github:nix-community/home-manager/a2523ea0343b056ba240abbac90ab5f116a7aa7b' (2023-12-23)
• Updated input 'microvm':
    'github:astro/microvm.nix/736d43ae8552653ea8ad51fc8c79288668c866a5' (2023-12-20)
  → 'github:astro/microvm.nix/5a76dfa5fec6c3db8954b90d60a66bbec4684d6a' (2023-12-23)
• Updated input 'nixpkgs':
    'github:nixos/nixpkgs/54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6' (2023-12-19)
  → 'github:nixos/nixpkgs/6df37dc6a77654682fe9f071c62b4242b5342e04' (2023-12-22)
• Updated input 'pre-commit-hooks':
    'github:cachix/pre-commit-hooks.nix/007a45d064c1c32d04e1b8a0de5ef00984c419bc' (2023-12-13)
  → 'github:cachix/pre-commit-hooks.nix/7f35ec30d16b38fe0eed8005933f418d1a4693ee' (2023-12-24)
• Updated input 'rust-overlay':
    'github:oxalica/rust-overlay/16ab5af8f23b63f34dd7a48a68ab3b50dc3dd2b6' (2023-12-20)
  → 'github:oxalica/rust-overlay/cb6395cb3c2f69ad028914c90bce833e51d339c9' (2023-12-24)
• Updated input 'sops':
    'github:Mic92/sops-nix/f7db64b88dabc95e4f7bee20455f418e7ab805d4' (2023-12-18)
  → 'github:Mic92/sops-nix/e523e89763ff45f0a6cf15bcb1092636b1da9ed3' (2023-12-24)
• Updated input 'sops/nixpkgs-stable':
    'github:NixOS/nixpkgs/a19a71d1ee93226fd71984359552affbc1cd3dc3' (2023-12-17)
  → 'github:NixOS/nixpkgs/7790e078f8979a9fcd543f9a47427eeaba38f268' (2023-12-23)
 2023-12-24 20:22:45 +01:00
Erwin Boskma
98b2d5d5cb
incus-ui: init 2023-12-23 20:20:04 +01:00
39 changed files with 1610 additions and 262 deletions
Show stats Expand all files Collapse all files

14
.sops.yaml
View file

@ -2,13 +2,13 @@ keys:
- &erwin age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
- &erwin_horus age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg
- &loki age1m93jeyexus2uqvrk99r7hh0xp7qxk55tgmju4h422dfkf92jce2sxpntu5
- &drone age1q0dfxz58vt4zxwx2etqy8xycf4l0p5nujpznh53kd0fwwc28ms7q6qrhct
- &frigate age17p30jwu847x5g9y6wzmt2c4a2e0m9m77ajk5qsgsahdxc8wssu8skdzmq2
- &gitea age1jkj6xrhr3uf52hac4wlda4a8jcegha86jf5lgv58df0xunadz53qpjlpae
- &ci age1tmlx45s4f6qp929839yd5y5vxkj2z4z8wmhqsnne9j8j5uwx6p8qssun8l
- &frigate age1gtzlyyxdnt23xzyq6lq5ye645egxl7up25agxw23nuhjl6ax0dmqrlqvpf
- &gitea age1mh39yv2j3ltl50tjnqqgjctxth3nxa74ggwn29dpvcv08qd0psnssajsmd
- &heimdall age1z94c897pvq4tx0xwsj6wr8emnlpmk6u0xks75rydga6r33dlapjqyqqacc
- &mimir age192a3nepaclecjjkxssszueak6rxar49prceplvvxc5m4f3ww7g5qpfgdqj
- &minio age1p5hu2l0ys8z2j9rhf0xp5et2wd4222utyn3tk562ksrxmckye9dqu25f49
- &proxy age1dg4euuwvqyyuwpjm08psvehgxr5p6q76ht8k4je6z2xc2pv55vksw9ap7m
- &minio age1cjxe2e7zemvs0jacjawug6k2qnmcpvnka3e04mfzp939h7hppydqrlp6l5
- &proxy age1yz7k9s5plamjq425memjh00y4sdldgdhpwxqpx9gk9wutttx9scsdg3qd5
- &k3s-1 age1gsjy4em8u668tnx77jr7kk345m4hzmmt3seclzvsd25ldgwd45pq6zu7cv
- &k3s-2 age1ghda0mj5wc2vpksjuvaf3t0xklpcgnykvepzu9k5csf482ngpans9h05pp
- &k3s-3 age1mpyg2qcrehfcpksygk9hduz79l93gy2crpwn0vu70mtcmzapeyvqrrjw5r
@ -22,12 +22,12 @@ creation_rules:
- *k3s-1
- *k3s-2
- *k3s-3
- path_regex: machines/drone/[^/]+\.yaml$
- path_regex: machines/ci/[^/]+\.yaml$
key_groups:
- age:
- *erwin
- *erwin_horus
- *drone
- *ci
- path_regex: machines/frigate/[^/]+\.yaml$
key_groups:
- age:

105
flake.lock
View file

@ -81,11 +81,11 @@
]
},
"locked": {
"lastModified": 1703063214,
"narHash": "sha256-OgrRZKb7IkSSlIshUDaD7plxe0xIQauMA1y+OirtEWo=",
"lastModified": 1704072400,
"narHash": "sha256-Es4zcFoCJ+Pa9TN46VoqgNlYznuhc6s50LRcDqQEATs=",
"owner": "nix-community",
"repo": "disko",
"rev": "b4104fcaea42037b04c199a5d6784682a15be254",
"rev": "59f915b45a38cb0ec0e97a713237877a06b43386",
"type": "github"
},
"original": {
@ -105,11 +105,11 @@
"nixpkgs-stable": "nixpkgs-stable"
},
"locked": {
"lastModified": 1702399955,
"narHash": "sha256-FnB5O1RVFzj3h7Ayf7UxFnOL1gsJuG6gn1LCTd9dKFs=",
"lastModified": 1704212238,
"narHash": "sha256-/SqnUe8tLLUo93VEe0bveFMwo95n6ozBzPK7a1MycmI=",
"owner": "nix-community",
"repo": "emacs-overlay",
"rev": "47798c4ab07d5f055bb2625010cf6d8e3f384923",
"rev": "e3fb072d0225fee400a7d0f8106dd555f950a6bd",
"type": "github"
},
"original": {
@ -129,11 +129,11 @@
]
},
"locked": {
"lastModified": 1702290399,
"narHash": "sha256-hIP3l1a9Jm8HZx9TuV8IoqdvFzjI+SB5Npz08oC6ZU8=",
"lastModified": 1703102678,
"narHash": "sha256-MR91Ytt9Jf63dshn7LX64LWAVygbZgQYkcTIKhfVNXI=",
"owner": "elkowar",
"repo": "eww",
"rev": "fff40ce1a78d4d75bf63a8ee33dd7d9be8dc289e",
"rev": "65d622c81f2e753f462d23121fa1939b0a84a3e0",
"type": "github"
},
"original": {
@ -232,11 +232,11 @@
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1701473968,
"narHash": "sha256-YcVE5emp1qQ8ieHUnxt1wCZCC3ZfAS+SRRWZ2TMda7E=",
"lastModified": 1704152458,
"narHash": "sha256-DS+dGw7SKygIWf9w4eNBUZsK+4Ug27NwEWmn2tnbycg=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "34fed993f1674c8d06d58b37ce1e0fe5eebcb9f5",
"rev": "88a2cd8166694ba0b6cb374700799cec53aef527",
"type": "github"
},
"original": {
@ -340,11 +340,11 @@
]
},
"locked": {
"lastModified": 1703026685,
"narHash": "sha256-AkualfMbc40HkDR2AZc6u71pcap50wDQOXFCY1ULDUA=",
"lastModified": 1704100519,
"narHash": "sha256-SgZC3cxquvwTN07vrYYT9ZkfvuhS5Y1k1F4+AMsuflc=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "efc177c15f2a8bb063aeb250fe3c7c21e1de265e",
"rev": "6e91c5df192395753d8e6d55a0352109cb559790",
"type": "github"
},
"original": {
@ -360,14 +360,15 @@
],
"nixpkgs": [
"nixpkgs"
]
],
"spectrum": "spectrum"
},
"locked": {
"lastModified": 1703033270,
"narHash": "sha256-W4vAVJgQVglR2WdXB4ZVN9qn0kgl9iNvy8HSZ68cV0s=",
"lastModified": 1704120350,
"narHash": "sha256-s5BOPAnVc4e/4WvGDeeF3VSLAWzBUB+YW6fJb3pFbRw=",
"owner": "astro",
"repo": "microvm.nix",
"rev": "736d43ae8552653ea8ad51fc8c79288668c866a5",
"rev": "d5553b1388f2947915c4cec6249b89474046573a",
"type": "github"
},
"original": {
@ -466,11 +467,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1702453208,
"narHash": "sha256-0wRi9SposfE2wHqjuKt8WO2izKB/ASDOV91URunIqgo=",
"lastModified": 1704228290,
"narHash": "sha256-M3y1ADeFVdPTV/bJXvO5QHDYFujzpJNblkfIgECTxGc=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "7763c6fd1f299cb9361ff2abf755ed9619ef01d6",
"rev": "5bf829d72ccdc05be3343afd81bd922d5748ef4e",
"type": "github"
},
"original": {
@ -481,11 +482,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1703013332,
"narHash": "sha256-+tFNwMvlXLbJZXiMHqYq77z/RfmpfpiI3yjL6o/Zo9M=",
"lastModified": 1703961334,
"narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "54aac082a4d9bb5bbc5c4e899603abfb76a3f6d6",
"rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
"type": "github"
},
"original": {
@ -498,11 +499,11 @@
"nixpkgs-lib": {
"locked": {
"dir": "lib",
"lastModified": 1701253981,
"narHash": "sha256-ztaDIyZ7HrTAfEEUt9AtTDNoCYxUdSd6NrRHaYOIxtk=",
"lastModified": 1703961334,
"narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "e92039b55bcd58469325ded85d4f58dd5a4eaf58",
"rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9",
"type": "github"
},
"original": {
@ -515,16 +516,16 @@
},
"nixpkgs-stable": {
"locked": {
"lastModified": 1702221085,
"narHash": "sha256-Br3GCSkkvkmw46cT6wCz6ro2H1WgDMWbKE0qctbdtL0=",
"lastModified": 1703992652,
"narHash": "sha256-C0o8AUyu8xYgJ36kOxJfXIroy9if/G6aJbNOpA5W0+M=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c2786e7084cbad90b4f9472d5b5e35ecb57958af",
"rev": "32f63574c85fbc80e4ba1fbb932cde9619bad25e",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "nixos-23.05",
"ref": "nixos-23.11",
"repo": "nixpkgs",
"type": "github"
}
@ -547,11 +548,11 @@
},
"nixpkgs-stable_3": {
"locked": {
"lastModified": 1702777222,
"narHash": "sha256-/SYmqgxTYzqZnQEfbOCHCN4GzqB9uAIsR9IWLzo0/8I=",
"lastModified": 1703950681,
"narHash": "sha256-veU5bE4eLOmi7aOzhE7LfZXcSOONRMay0BKv01WHojo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a19a71d1ee93226fd71984359552affbc1cd3dc3",
"rev": "0aad9113182747452dbfc68b93c86e168811fa6c",
"type": "github"
},
"original": {
@ -602,11 +603,11 @@
"nixpkgs-stable": "nixpkgs-stable_2"
},
"locked": {
"lastModified": 1702456155,
"narHash": "sha256-I2XhXGAecdGlqi6hPWYT83AQtMgL+aa3ulA85RAEgOk=",
"lastModified": 1703939133,
"narHash": "sha256-Gxe+mfOT6bL7wLC/tuT2F+V+Sb44jNr8YsJ3cyIl4Mo=",
"owner": "cachix",
"repo": "pre-commit-hooks.nix",
"rev": "007a45d064c1c32d04e1b8a0de5ef00984c419bc",
"rev": "9d3d7e18c6bc4473d7520200d4ddab12f8402d38",
"type": "github"
},
"original": {
@ -675,11 +676,11 @@
]
},
"locked": {
"lastModified": 1703037971,
"narHash": "sha256-HzfW5MLt+I0DlfPM9sL+Vd1XrywoWiW0LSAez3wp23E=",
"lastModified": 1704075545,
"narHash": "sha256-L3zgOuVKhPjKsVLc3yTm2YJ6+BATyZBury7wnhyc8QU=",
"owner": "oxalica",
"repo": "rust-overlay",
"rev": "16ab5af8f23b63f34dd7a48a68ab3b50dc3dd2b6",
"rev": "a0df72e106322b67e9c6e591fe870380bd0da0d5",
"type": "github"
},
"original": {
@ -696,11 +697,11 @@
"nixpkgs-stable": "nixpkgs-stable_3"
},
"locked": {
"lastModified": 1702937567,
"narHash": "sha256-bUNl3GPqRgTGp13+oV1DrYa1/NHuGHo5SKmr+RqC/2g=",
"lastModified": 1703991717,
"narHash": "sha256-XfBg2dmDJXPQEB8EdNBnzybvnhswaiAkUeeDj7fa/hQ=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "f7db64b88dabc95e4f7bee20455f418e7ab805d4",
"rev": "cfdbaf68d00bc2f9e071f17ae77be4b27ff72fa6",
"type": "github"
},
"original": {
@ -709,6 +710,22 @@
"type": "github"
}
},
"spectrum": {
"flake": false,
"locked": {
"lastModified": 1703273931,
"narHash": "sha256-CJ1Crdi5fXHkCiemovsp20/RC4vpDaZl1R6V273FecI=",
"ref": "refs/heads/main",
"rev": "97e2f3429ee61dc37664b4d096b2fec48a57b691",
"revCount": 597,
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
},
"original": {
"type": "git",
"url": "https://spectrum-os.org/git/spectrum"
}
},
"sunshine": {
"inputs": {
"flake-utils": [

6
flake.nix
View file

@ -191,6 +191,8 @@
deployment = {
targetHost = machines.${machine}.deploy.host;
targetUser = "root"; # machines.${machine}.deploy.sshUser;
# targetUser = machines.${machine}.deploy.sshUser;
tags = machines.${machine}.deploy.tags or [ ];
};
imports = self.lib.systemModules (machines.${machine}.system or "x86_64-linux") machines.${machine}.config;
};
@ -219,6 +221,10 @@
};
packages = {
incus-ui = pkgs.callPackage ./pkgs/incus-ui { };
};
devShells.default = with pkgs;
mkShell {
inherit (self'.checks.pre-commit-check) shellHook;

90
machines/ci/configuration.nix Normal file
View file

@ -0,0 +1,90 @@
{ self, ... }:
{ modulesPath, ... }: {
imports = [
(modulesPath + "/virtualisation/lxc-container.nix")
../../users/root
../../users/erwin
];
eboskma = {
users.erwin = {
enable = true;
server = true;
};
nix-common = {
enable = true;
remote-builders = true;
};
tailscale.enable = true;
woodpecker.enable = true;
};
boot.isContainer = true;
time.timeZone = "Europe/Amsterdam";
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
networking = {
hostName = "ci";
useDHCP = false;
useHostResolvConf = false;
networkmanager.enable = false;
useNetworkd = true;
nftables.enable = false;
firewall = {
trustedInterfaces = [ "tailscale0" ];
interfaces."podman+" = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
};
};
};
virtualisation.podman = {
enable = true;
autoPrune = {
enable = true;
dates = "weekly";
};
defaultNetwork.settings.dns_enabled = true;
};
systemd.network = {
enable = true;
networks = {
"40-eth0" = {
matchConfig = {
Name = "eth0";
};
networkConfig = {
Address = "10.0.0.202/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
};
};
};
};
security = {
sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = false;
};
sudo.enable = false;
};
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {
woodpecker-server = { };
woodpecker-agent = { };
};
system.stateVersion = "24.05";
}

42
machines/ci/secrets.yaml Normal file
View file

@ -0,0 +1,42 @@
drone: ENC[AES256_GCM,data:PZPChq/iQDw7gOfdmSOB4ZvtWgnT55lMc1/kSKVoh5kTkIX+FdNE7uJlhKJQHryYWdrbyoRu09RhhPLr27oWeiCvN4Z0QmM9ofrM4CfuUPotp3niZIjfXrLIiX2s1JlxT2eElEwkX2h1UCIC+tNqFCL+ThLkP4iMmeXRXwFBIOahYscskwbmutbyraj/yQq3KcwUyFLd618pDT+0VWiBETQudauWdmJXFDW/rKW7STTVhe/7ixCIw3O5BYThOin9YhZSZxje225+bBB8vPM6NfdvNCHEtzAwxTjtm3n0beqsAAxd6hzQXk3L7a2X6Y+mmK1XMjmLhsGgI5B6Zssmv3/3oTSczn+YdtfT9bz0KxaZtJdQrYEfVowKEQMTcWO5H55F5Mv+qShweIAcWqKInFb6+EDjyPzABlN/S9/XJakQsPxcCwBKKusYr3P3IFjNnzdZD18ayhc6frs4TJmSGcQIkW/cCWNjwpct/yVbkIrIXZEWb7DoZ0M=,iv:F++KLxnqAtBhcSdj5rZhGpVvCKfI8y5HhvlejCfwi/k=,tag:YdiiZUN7wGn9yA1evMu5jg==,type:str]
drone-runner: ENC[AES256_GCM,data:Uh7OQSDtV0M5j00oHHm4uz4zwi+1W1k2qd5uXoROj5tcgNs76YBcfkU7d+1qXj/Hma7++HOcga0LvF1+Dl/GJQyj47kVFi/+h6I9yiuoO5sW3nxh5pW5W1Ws1qchKqVhoyZLf0K4AnYE2puleKcYXfogJ1hjnB3vn5F/eOKA/QB+7KfaVPRUGZsUYQw3rHLdTbTFHXPv//z8xxYqY5JcG+vvWsHXiI/sKSTZBWoPJEZnKK2mo8+dbZn3nSj29luG,iv:40JTvOJ7isGcHGg9KI5ED8Ju5knmIWP1m/i/dwlpG/M=,tag:GHbkLIeuiGVlNsR2EW/PGw==,type:str]
woodpecker-server: ENC[AES256_GCM,data:cW108wxYT2b65pCRcwZBoRi6eQsB4NrcUNLirfQkkqPPOymT4QFyE5Zmx6K1P33dUSAj5nA0Eh0HOsS8RhFQIOPZA9za4Ffs51Ex0HkQozduqusDGaENWR+zBOTgRhgIrwQlDSHh8UgLTzOgN8hpEqR8fFVsiWCcCAuOFjDNyczywtbbu2jNHzG6FMz2fdXy7p1dRmyTq1sFjoMEkJM5Ix8oRB8zWV+O3l6XE7Uw1vD3QbOsJiqcbWFoNw==,iv:VIlHVVvuBSZiO/tMgd/4HpT2uecn1WqJE60SkHaX+80=,tag:+xfTfq2FgSrPUVXeH4tJkQ==,type:str]
woodpecker-agent: ENC[AES256_GCM,data:YO9MCMIPVOEU+6euiCHuAN+tFFs8JkRRmb9+AIhMEuQE2ObajfJZ3NN5LsccIT9z1axA/gfjLrxM,iv:UDimHs2cKyCvy0XGdDzgX2ry114qz3V1KaXlXL3yYgI=,tag:OGITUerrT0nWU85fxcpEig==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDTWNGd2FLTWcwTThodlBD
K1VRUmFmQlhoN3YwcDlpQmFzR0JZaW9jQngwCjJOYndqVDVjMWFtQnpmZGpRMGg3
Q0JXQys3TVpSZm1BcWFkcjhQcDJzOG8KLS0tIENjUWtaWW5GeE4yK09yUEx2SWpG
SFc5S1kvT2pBbHorZks3b1MzRU9ERFEKdS9c7j0iyHHbAc8XXpahsOTDu53BKsmr
+ff060PPzBIzQ+7aI52E8CSUAJw0GVYZD5KZForwwBhR3vaZGQYysg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBEV3lvZmdCU20vT05SWTVB
cUdZTW4yVndyME4waU5qdmYwbUZuUlQyN2hvClRqSkZ0andyN3RmSFhVdzVMUWdS
VUtPR2tDRzVuZ0kzRVIyZnNMZTIwSVkKLS0tIHprQVR4c2RZQ3I0SlMzSDBnS25a
Z0JrZVhPMEZBQ1FVMjA2QnBITzJjbjQKCghnCUxyR8QkZM2R0EOgjq7J8E7MLlV6
vnEEu6iehd01vHvBKB1x3z6o/wzL8m3TA35knICZCk6jAD0w+OeW9A==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tmlx45s4f6qp929839yd5y5vxkj2z4z8wmhqsnne9j8j5uwx6p8qssun8l
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBneWpaNDRaYk1WS3BuQmtp
L0gxcmFTSEZ3VXBtcTZQLzl0Qm85RmJvMDFnCktJbXJVM0ZDdVJZTHF1VEF6OXAy
RGdMU3RYNytla0k0QjNydTkrbjYrV0kKLS0tIHY3UjFvZ0VxRm1JOTg3NDgySU4x
dFpad2ZiNXR0cEQ4TTMxa0luK3lGRFUKsqF3x5NvdtqXtE05TjMMhFB3cHREYRCA
2LgUDn4FYbxprXTG0dOX+87aAQmoepMkVEXo2kBopoYrGHa1DsOznw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-06-12T09:28:02Z"
mac: ENC[AES256_GCM,data:mE0O44Sa+RMqRoCqXftn3GuPFLHiyGn3tVlYgBGc973nP7mz5ZwClNgja1gk+MNolnztsrwgso5ZiNpriyI7pGKd/dG6DJQrGixqhRvgyNyIESGEuN9n6bfhYNNSzV1yRb9V6Z7iELkut03gvVU9by0MosJ7SJPMyDyZZ4tMFeA=,iv:rzrvGwJQAdbMcHQ7U/JFB08V7o2keLI1kUrUs9RaClA=,tag:UpE7ZeG7S32CNKsgT+rMMQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3

11
machines/default.nix
View file

@ -1,12 +1,13 @@
inputs: {
drone = {
ci = {
config = import ./drone/configuration.nix inputs;
deploy = {
# host = "10.0.0.202";
host = "drone.barn-beaver.ts.net";
host = "ci.barn-beaver.ts.net";
sshUser = "erwin";
buildOn = "local";
substituteOnTarget = true;
tags = [ "container" ];
};
};
frigate = {
@ -17,6 +18,7 @@ inputs: {
sshUser = "erwin";
buildOn = "local";
substituteOnTarget = true;
tags = [ "container" ];
};
};
gitea = {
@ -27,6 +29,7 @@ inputs: {
sshUser = "erwin";
buildOn = "local";
substituteOnTarget = true;
tags = [ "container" ];
};
};
heimdall = {
@ -53,6 +56,7 @@ inputs: {
sshUser = "erwin";
buildOn = "local";
substituteOnTarget = true;
tags = [ "container" ];
};
};
odin = {
@ -66,6 +70,7 @@ inputs: {
sshUser = "erwin";
buildOn = "local";
substituteOnTarget = true;
tags = [ "container" ];
};
};
regin = {
@ -90,6 +95,7 @@ inputs: {
sshUser = "erwin";
buildOn = "local";
substituteOnTarget = true;
tags = [ "container" ];
};
};
valkyrie = {
@ -100,6 +106,7 @@ inputs: {
sshUser = "erwin";
buildOn = "local";
substituteOnTarget = true;
tags = [ "container" ];
};
};
}

50
machines/frigate/configuration.nix
View file

@ -1,7 +1,10 @@
{ self, ... }:
{ self, nixos-hardware, ... }:
{ modulesPath, ... }: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
(modulesPath + "/virtualisation/lxc-container.nix")
nixos-hardware.nixosModules.common-cpu-intel
../../users/root
../../users/erwin
];
@ -18,26 +21,57 @@
enable = true;
remote-builders = true;
};
podman.enable = true;
tailscale.enable = true;
};
time.timeZone = "Europe/Amsterdam";
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
networking = { };
networking = {
hostName = "frigate";
useDHCP = false;
useHostResolvConf = false;
networkmanager.enable = false;
useNetworkd = true;
# nftables.enable = true;
proxmoxLXC = {
privileged = true;
firewall.trustedInterfaces = [ "tailscale0" ];
};
security.sudo.execWheelOnly = true;
systemd.network = {
enable = true;
services.tailscale.enable = true;
networks = {
"40-eth0" = {
matchConfig = {
Name = "eth0";
};
networkConfig = {
Address = "10.0.0.205/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
};
};
};
};
security = {
sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = false;
};
sudo.enable = false;
};
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {
frigate = { };
};
system.stateVersion = "23.05";
system.stateVersion = "24.05";
}

32
machines/frigate/secrets.yaml
View file

@ -8,29 +8,29 @@ sops:
- recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3cGVxdk1xWi9PbTl4dGVv
QlFIL0ppRzRReVRnYkMwZDQrQVZ5SEkzblNNCjlwK0xFSGFoallaVUhVZWxjNFBQ
ZVJPdUoyRm9FUGZDaFpyRGs2VEZiUmMKLS0tIDloRGZVT290NHYvRXVSb29aMXRw
dDIzVFNaVjJGTVNVQlJLODhYUlVKVkkKjMHAlBNaKSk3q/rWSRKSz9wuyXp3KshD
J7sCrTde+8hhudKpS7fw0DzuZ+tq4/JOj+imAS3eXmeNRI6V6eLxLQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzTnlKWS9MMlpLaUZFWE5R
WUxRZnFmeG1jV2ljajZacUpGaUc0Vks2OFVjCjZlclFMMWhIYzZwa21sTmV0cUZO
eWhmbHR4OW5Oanl5Y0J4LzZBU1dxekkKLS0tIHBDbHFNMEJlQ1BjQmMyRm5SWEo1
Vlp5YUpkanh0a253WEZ4YXJzcXJlU00KN6I5LyH+8QYbVJk3K/0ir0qRf8Q6iwpa
XubDryZhBA/tfy1zaJ7GmpFJVDjjjOiGYcKIGHQ/R35O3awGJcrCmQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDWGV6TVprTlFQQjFsODRk
SVBiMFo3WTFmNVg1b21HTTNYMzFNbHBuMXpnCk1uWStoU0RtbG96eXU1ZWlXSk9F
QmRhRDhyOWpJWDV6bnRRK01IUllITFUKLS0tIEVCU3RFdmNCazZJL1lSZDJDanRO
NmRXdzhlN0Yyb056c1RDY1hhMWZ3MFkKZ9JJmYXKeZRbUiDncC/cfUu/q+O5dBYN
3AxTIOScw7rDyUDEXOxcTMA75V3ttSe9dkny4CNC3881hObYyot6gg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWY0FDM1paRUdJZUd2RTBn
QmxxL1VmVWx6Nkp1TmdaaFN5ZmJ5c2dzbVVvCnBGUEI3MUhZSll5Z05KUWhtb2lz
Szc3SGhoSy9BdTRLSlUwVWNZeC9MclEKLS0tIFF0dXRicm5lQW9ZeDI0SHB4blpu
TEhuRjhkZXJhUVpvQlA1MFBBQmU0VW8K8D5iIMCLQWHXdzGC67w4Jo+PQin1SXwr
QjjsA6fjfhgV1+PnuRDhOro+WS3Rbp0WfCskq4+uzuDW16+5bpy62A==
-----END AGE ENCRYPTED FILE-----
- recipient: age17p30jwu847x5g9y6wzmt2c4a2e0m9m77ajk5qsgsahdxc8wssu8skdzmq2
- recipient: age1gtzlyyxdnt23xzyq6lq5ye645egxl7up25agxw23nuhjl6ax0dmqrlqvpf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPSkJJcHVkSnJxUmo0ajhU
TmRGWEIzSFFDZnI2b2lPaWJDNlQzbTAxTW1zCjZXOVFzZ01uWTJFTTdvQkltR3VD
cVNFUlFDZDljVDZyaDlhSFJOc3RCT1UKLS0tIDAzVzhueVg5bTJRbS8xN3lDaUR4
NXJsSzFsaVZBeFhlakpZSW9ObGNBWGMKgX2qtoyTmBXH9XjMYT/YWllfUBcbLpv/
tLLIbgDGfEKKlLIO+jn3pyhv3+Vf78uOyxNh7llDetrR2rZmJLZbaw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpQVB0ZWRtaHBqWXo2bEN6
T2dKWThTRzRLOU0zcTZHMUNYOEJCd0hrR0dzClFVVzBFZWlSRzZ3QjQ5YTdpdG1h
aVR3cUpPbEVjUU5pVnc5YmlUb1FZaTAKLS0tIEhLQ1V1WWRvYzJaekdFbVR4elF3
YkFoWUpBNGhMRUloYzYvMlhPalBnSTgKXUV6iEE5ZU0tlaAAMDg4hrJSCoUkLA/B
6WOwLvfq1/JTgyD58LVsJOqMJ8cqvG/4uHIcaHq17F9CFZykBprJqQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-03-26T14:26:15Z"
mac: ENC[AES256_GCM,data:0PeNZGGPRcT385nwym2zgjl+rB7b3u/lCj1jF0MB2UPV73ig42A2ZNm2PFAvH0pzPpDiwW+4fZM/4WJbos7XwFC3+jKW5zOxLFmMvNDd7Y3eM0jYbHqxKhWr3I+SNgPyUPAjiZmN1muNpxLi2vie/jz6jABz9ETOksd8PrOjRu4=,iv:pJy6M6HwQfxL7ifkOwy7q2kYgx8a1c38PUMXeFJgv8o=,tag:gDYEuNwFqtc8YXVhWk0JHw==,type:str]

48
machines/gitea/configuration.nix
View file

@ -1,7 +1,7 @@
{ self, ... }:
{ modulesPath, ... }: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
(modulesPath + "/virtualisation/lxc-container.nix")
../../users/root
../../users/erwin
@ -18,6 +18,7 @@
enable = true;
remote-builders = true;
};
tailscale.enable = true;
};
boot.isContainer = true;
@ -26,13 +27,50 @@
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
proxmoxLXC = {
privileged = true;
networking = {
hostName = "ci";
useDHCP = false;
useHostResolvConf = false;
networkmanager.enable = false;
useNetworkd = true;
nftables.enable = false;
firewall = {
trustedInterfaces = [ "tailscale0" ];
interfaces."podman+" = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
};
};
};
security.sudo.execWheelOnly = true;
systemd.network = {
enable = true;
services.tailscale.enable = true;
networks = {
"40-eth0" = {
matchConfig = {
Name = "eth0";
};
networkConfig = {
Address = "10.0.0.203/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
};
};
};
};
security = {
sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = false;
};
sudo.enable = false;
};
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {

32
machines/gitea/secrets.yaml
View file

@ -10,29 +10,29 @@ sops:
- recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4NHY0SzdYUFk3dUNnYU04
U2JIK1FnRXVVYy8xNE56eGE2Y1pWRHk0U0ZnCnIvN1RnL2RuNzlOSXNxYisyK21Z
YkNuMytqdjltakswT2RoenNyNXFNbFUKLS0tIHh2MkFTMURTUGVWeDlES0UyTngx
MUsxVWxBQ0FuaHpESjNZRitDcG1YTkUKfrvBUhZNjaQLOVbBVvytb2L9rtvWhUd0
kP4/BcdkKIQQ0WgQ1+qNfHZJUrBTJEUQW74MJai/hZZkXXwT5CB4sQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBadmRzQ0pBUlZlNndBK2tH
NHVmMWxRRlVJRTEyd2tZVkduZmk2cExMQnlvCkZLeEhoYTF1WUJEaG9QK0xrRkpB
dG1FdFNJT1BjOXI1VkpNc2lPKzVHZ2cKLS0tIGxVSDRLMVRQQldPSCtoYnhSSkZB
aGdJZ3lsSGR3REhvYzEwbmgvNitWSWMKOHG8i+a7RUjWV02a5xczNseDGqEF9q5D
N3GA1kZ/imGqTpeh4mlvZ4dnbtN0lsrmUDt3pZD4Zi4zvOhTyJmQdg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqeXlySFFpZW1IZnJpN01F
U0F5Nk1vM0pHd3dPTWRFVWJpb0xGM2VSeHhvCmswZXRRT1VWWXZHUTkrMlNGNHh1
a0lSRUlSMXl2RjlOa2FBVVJTU2hUaXcKLS0tIExoeHhWVDdzM0krNXczT1cwZ0F5
NjVyQmgvaDVuSXNrY0ZCWEY3aldjM0kKKL/vHXncbbk5YSfoOWCsAL4UCWRKiNI3
1wLHWHhJ4Qt6L7sbQD5n4lCvxTgNx94Tow6T0vI3qd3l6ERmAtwmuw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4MFg5N092eVd4V1FRTG93
Z0daWWJGNkloWXJ5bVBWakNUb0RVeVVwVlhnClRqY2VRK3BjK2dWS21HOHV5S3F2
TUswZXZNRzh4aHlCQkxpYlJ5b3kwQ2cKLS0tIDVlSGx0MjhBQVNRODRxVFlQS29R
VHZyS3QzZjB3ZW9VVWpoNFpEcWFUL00KX715Po4Kjk7T2axTStyrWsjOmW3knTMO
a7Ic/5yRBbCMBipnqH8rNMqNOfUBapnfnZ516kxg9c5NFv/uJlSC1g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1jkj6xrhr3uf52hac4wlda4a8jcegha86jf5lgv58df0xunadz53qpjlpae
- recipient: age1mh39yv2j3ltl50tjnqqgjctxth3nxa74ggwn29dpvcv08qd0psnssajsmd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRK2E5OVBvV1pVa3dwQ0k1
M3RIWHJXakgzWFNWMStuOGxXdk11VGtNM2djCm5UQmo0bEd3Y3B5Q3pGSCt2a0g3
bkE0UG8yOTJ0QnBDdmJxS0tKcWY5S28KLS0tIEUxTi9mUWpuTGM1ZjdWUVZuTTBq
eXVkZ2NzYXd0K3RKMEFnYU9yT1JmU0kKVJ97jMdqiz19NGQi3EBXvYEr4D37h79G
G02mxBm9EDKb4jgaj/5TcKqCOj8qLnBpu1DJSu1vICt9S/hN2baJsQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOM3BIb2F2eU0wQURqRzZR
NHNyVngvM2kwTE05YlU3Z3VBVHlPeFRDREE4CndkZ1N0RjBRRHJBUW04UGdtVlV6
MWc4SGp6OUo0UXhXQis0Q2RiWi9oemMKLS0tIHcvbDljUStRL2g4Slk3T1dKamRQ
bjRhdWRWN1l0WkpiQkx6OGdYanZWYzAKygot2Ef5HWuetcXNP16ZfNx7ZsIXX0Ap
mMSyckoJWMTnuxBLGq8WZMeoHTANPL+gpVoPU1IULCqpIff5rn7z4g==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2022-10-26T18:26:01Z"
mac: ENC[AES256_GCM,data:byjcMu8J5cAeOoU0mAZbJL/bkX3utCXk7VuBhApz8F/6N0ekyLixUHVqBcShp7XgWs4MU3GewVaMZZNqPkEfj15PgEWxxfpsE4HiLN6eaI6Fx21X2CmllQQ5qjeRQVZwkJchrpCO4rp/Q+nFqyVYMgAr8yJm85zZ3FIvHPbErOY=,iv:RsXReft0DUnPr/huYQYZkPy/0iCeEiU3k881KqhcUiY=,tag:JqD3o2BLU8PrBYCeLtdZjg==,type:str]

44
machines/minio/configuration.nix
View file

@ -1,7 +1,7 @@
{ self, ... }:
{ modulesPath, ... }: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
(modulesPath + "/virtualisation/lxc-container.nix")
./backup.nix
../../users/root
@ -20,19 +20,51 @@
enable = true;
remote-builders = true;
};
tailscale.enable = true;
};
time.timeZone = "Europe/Amsterdam";
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
proxmoxLXC = {
privileged = true;
networking = {
hostName = "minio";
useDHCP = false;
useHostResolvConf = false;
networkmanager.enable = false;
useNetworkd = true;
nftables.enable = true;
firewall.trustedInterfaces = [ "tailscale0" ];
};
security.sudo.execWheelOnly = true;
systemd.network = {
enable = true;
services.tailscale.enable = true;
networks = {
"40-eth0" = {
matchConfig = {
Name = "eth0";
};
networkConfig = {
Address = "10.0.0.204/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
};
};
};
};
security = {
sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = false;
};
sudo.enable = false;
};
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {
@ -41,5 +73,5 @@
minio_backup_pass = { };
};
system.stateVersion = "23.05";
system.stateVersion = "24.05";
}

32
machines/minio/secrets.yaml
View file

@ -10,29 +10,29 @@ sops:
- recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYQ1B1TFBnd0NZWVFWT25P
bHk2RDRHL0tzSW5abzh1MS9KNUFDaERUWlNVCkc3UkJrZFl4cW9zY3JmYjgrOHJC
a0ZHWm9TL0dTVWIrTW8rTFRlZ08zQUkKLS0tIFQ2S2VrMTJFMkwzN1QyclcyMllM
SXJhdUh6NzdmbUR6cklyaFdxdDFqMDQKJa1jgD3oZS5CxZViKeurzfVORoGPX4ky
b3oIjohx17LHinrO1zVhwZXfcHF7xlsMKVqAvZldZE9ckRPSbH7f8g==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBmZHY3T3BldXRVZTBxTkQr
YXNZbzRXSS9xVlhvMXRXWTFwUUwya3V6SlZzCmNTL1FTbTFxSkVCVEUrVjVacUlR
YVNsZXBaRlVTMHM4ZU1FMlhqWE8wb3MKLS0tIGJZVHlWc00ya3lPUG5BYWtJdkxY
aGVJY1JPZzRDc253Q3hHRk1hWE5sT1EKFVk0QJSjdZQrYFfeaDWZpBK/nIQY95Ah
Y9fBEaQkzsKZBdOTQZu3SEU7W4KjXrkU/SAP9EbF8sph/1UaAzsYrw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0b0FqNktKbUtTcDBlUExn
SEJyak5nOW1ITzgyR0ZCZ0ZXVkErS1FmMHlBCnNxbC9BU01Ua2NKSEZQL2hqYkVP
RmRMeENPMGhKbzlLdVE0aU02MGg5c1UKLS0tIHA3citHSWVqODhKT3RpbHNhcEo2
akozVFpEOW9COEgwL0lPdm4xRUlobWcKQpov1ITcXNSTiP3nZ7vL+WYBep2NKFjV
LGk4wKfAry+SlRfsq3A/4Kv/WDceaFY9UiXoGu7lWwuJkzJXaJUBPg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIUzBOZnZ0d01KZFdsTCsy
dGZLRXg4U0sxcVgvTEE0Ri9rWEVrU2Q0Z2tvCmMvWENWU3l6elY4SDF4b1dBdkMw
aEtxMXdSbmRjcWgzUGV5MktRWncyQ0UKLS0tIHp3STNadDJFR1djNk5ZZW5iTThr
SmtnRlUwUVpxN00rUmd4VGQ4ZnA0U0EKrzkG5duj91jy2j6cB612urKhK8cMkeVJ
lBrmKXt0/SddCgpn0ldZx99E1KIL/O1V6JhfxAPvTGkIIIXGXut1hQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p5hu2l0ys8z2j9rhf0xp5et2wd4222utyn3tk562ksrxmckye9dqu25f49
- recipient: age1cjxe2e7zemvs0jacjawug6k2qnmcpvnka3e04mfzp939h7hppydqrlp6l5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTWmdQZUlZZ2JZcHMvVWV5
TGVzUnU3cHNySlowa21VYVZvS1REcVV0ZkVFCmV3NURRNWZzaXRaQ3EzeU52UVhS
MkJIbHFVSXRqQXdLSDFQR2hkcUN5T28KLS0tIExUNWgySDVaaVNHRFJIbWtFWFBN
S2VBY05lVXZIZ1dTaDNvSGNQaVVmS1kKirfOAiMzO6dz5VYHb0RpUtNojg7Zd6I4
1QZR3oJykIUybeNScW7Qhb2AtRObUefXMx3kA814d62yDJkwbApkDw==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5M3J4czVkVXI1QUVwMlly
MDBSQUpTZFdITEZXa3kxeU9sQUtkNkJTZm1RCnMzeHRyNDJqTi9QRXFqQ241eUV1
QlhMZUszQmZLQXAwaGJORThoNnFMK28KLS0tIHRkdW03MDBwRGxMV280R2hoaTFN
d0NWMXF3R2lwL2RQRFVFY3RteGFPVEkKACtGvv9tx9H34QW7vbLswFBsaQHTWwXc
L2n3760iwAnVad4Aw7cQHUwzEUopWwhvg10BTrhi67CB9AG73yPNmA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-09-11T14:19:07Z"
mac: ENC[AES256_GCM,data:G/hYRqQxQxdij3hNsZcaQvx/SA95FeEA9q2DlC/Bkx1x0ApM7qG7eVNeVtqlYHkUd7IsylKyq1lf4Z4GQMj0Cq2sMZRn0Z6InUq67FSHqTd0JInZPQGDY5DDSD0WNuDSIHPJLWd1cC+onSpvBtx2xqxGb9HGNAJo+sGM4mlUBvU=,iv:E5pzAv+WRx8lPofUGZcH39lEPZa0MIn/m/ldX4I9PdU=,tag:a7pnkayI+U04G1KBrBEpOg==,type:str]

52
machines/odin/configuration.nix
View file

@ -1,4 +1,5 @@
{ nixos-hardware, disko, ... }:
{ pkgs, config, ... }:
{
imports = [
nixos-hardware.nixosModules.common-cpu-intel
@ -7,6 +8,8 @@
disko.nixosModules.disko
./storage.nix
./network.nix
./virtualisation.nix
../../users/erwin
../../users/root
];
@ -14,6 +17,7 @@
eboskma = {
users.erwin = {
enable = true;
server = true;
};
base = {
@ -25,11 +29,18 @@
remote-builders = true;
};
libvirtd.enable = true;
# libvirtd.enable = true;
systemd.enable = true;
tailscale.enable = true;
};
security = {
sudo-rs = {
enable = true;
};
sudo.enable = false;
};
networking.hostName = "odin";
boot = {
loader = {
@ -41,30 +52,37 @@
};
initrd = {
availableKernelModules = [ "xhci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" "virtio_blk" "virtio_pci" ];
kernelModules = [ "kvm-intel" "kvm-amd" ];
availableKernelModules = [ "xhci_pci" "thunderbolt" "nvme" "ahci" "usb_storage" "usbhid" "sd_mod" "virtio_blk" "virtio_pci" ];
kernelModules = [ "kvm-intel" ];
};
kernelModules = [ "kvm-intel" "kvm-amd" ];
kernelPackages = pkgs.linuxPackages_latest;
kernelModules = [ "kvm-intel" "dm-thin-pool" "dm-snapshot" ];
# From PVE: ro quiet intel_iommu=on i915.enable_gvt=1 cpufreq.default_governor=ondemand
# kernelParams = [ "intel_iommu=on" "i915.enable_gvt=1" "cpufreq.default_governor=ondemand" ];
extraModulePackages = with config.boot.kernelPackages; [ gasket ];
};
hardware.enableAllFirmware = true;
powerManagement.cpuFreqGovernor = "ondemand";
services.cockpit = {
enable = true;
settings = {
WebService = {
Origins = [ "https://cockpit.datarift.nl" ];
ProtocolHeader = "X-Forwarded-Proto";
ForwardedForHeader = "X-Forwarded-For";
services = {
openssh.enable = true;
cockpit = {
enable = true;
settings = {
WebService = {
Origins = "https://cockpit.datarift.nl";
ProtocolHeader = "X-Forwarded-Proto";
ForwardedForHeader = "X-Forwarded-For";
};
};
};
lvm = {
enable = true;
};
};
services.lvm = {
enable = true;
};
system.stateVersion = "23.05";
system.stateVersion = "24.05";
}

67
machines/odin/network.nix Normal file
View file

@ -0,0 +1,67 @@
{
networking = {
hostName = "odin";
useDHCP = false;
networkmanager.enable = false;
useNetworkd = true;
nftables.enable = true;
};
systemd = {
coredump.enable = false;
network = {
enable = true;
wait-online = {
anyInterface = true;
};
netdevs = {
"25-vmbr0" = {
netdevConfig = {
Kind = "bridge";
Name = "vmbr0";
MACAddress = "48:21:0b:56:b1:42";
};
};
};
networks = {
"40-enp86s0" = {
matchConfig = {
Name = "enp86s0";
};
networkConfig = {
# DHCP = "yes";
Bridge = "vmbr0";
};
};
"40-vmbr0" = {
matchConfig = {
Name = "vmbr0";
};
networkConfig = {
Address = "10.0.0.252/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.1";
DHCP = "no";
};
};
};
links = {
"40-enp86s0" = {
matchConfig = {
OriginalName = "enp86s0";
};
linkConfig = {
WakeOnLan = "magic";
};
};
};
};
};
}

99
machines/odin/storage.nix
View file

@ -1,64 +1,66 @@
{ disko, ... }:
{
disko.devices = {
disk = {
sda = {
device = "/dev/vda";
nvme0n1 = {
device = "/dev/nvme0n1";
type = "disk";
content = {
type = "table";
format = "gpt";
partitions = [
{
name = "boot";
start = "1MiB";
end = "512MiB";
bootable = true;
type = "gpt";
partitions = {
esp = {
name = "ESP";
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
};
}
{
name = "root_pv_sda";
start = "512MiB";
end = "100%";
};
root = {
name = "root_pv_nvme0n1";
size = "260G";
content = {
type = "lvm_pv";
vg = "pool";
vg = "root-pool";
};
}
];
};
data = {
name = "data_pv_nvme0n1";
size = "100%";
content = {
type = "lvm_pv";
vg = "data";
};
};
};
};
};
sdb = {
device = "/dev/vdb";
device = "/dev/sda";
type = "disk";
content = {
type = "table";
format = "gpt";
partitions = [
{
name = "root_pv_sdb";
start = "0%";
end = "100%";
type = "gpt";
partitions = {
root = {
name = "data_pv_sdb";
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
vg = "data";
};
}
];
};
};
};
};
};
lvm_vg = {
pool = {
root-pool = {
type = "lvm_vg";
lvs = {
root = {
size = "32GiB";
nixos = {
size = "250G";
content = {
type = "filesystem";
format = "ext4";
@ -68,34 +70,25 @@
};
swap = {
size = "8GiB";
size = "8G";
content = {
type = "swap";
randomEncryption = false;
randomEncryption = true;
};
};
zz_data = {
};
};
data = {
type = "lvm_vg";
lvs = {
data = {
size = "100%FREE";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/data";
mountOptions = [ "defaults" ];
};
extraArgs = [
"--type=thin-pool"
];
};
};
};
};
};
# fileSystems."/" = {
# device = "/dev/disk/by-label/nixos";
# fsType = "ext4";
# };
# fileSystems."/data" = {
# device = "/dev/disk/by-label/data";
# fsType = "btrfs";
# };
}

134
machines/odin/virtualisation.nix Normal file
View file

@ -0,0 +1,134 @@
{ pkgs, ... }:
{
users.users.erwin.extraGroups = [ "incus-admin" ];
virtualisation = {
incus = {
enable = true;
preseed = {
networks = [
{
config = {
"ipv4.address" = "10.0.100.1/24";
"ipv4.nat" = "true";
};
name = "incusbr0";
type = "bridge";
}
];
profiles = [
{
name = "default";
devices = {
root = {
path = "/";
pool = "default";
size = "32GiB";
type = "disk";
};
};
}
{
name = "nixos";
config = {
"security.nesting" = true;
};
}
{
name = "privileged";
config = {
"security.privileged" = true;
};
}
{
name = "autostart";
config = {
"boot.autostart" = true;
};
}
{
name = "net-bridged";
devices = {
eth0 = {
type = "nic";
nictype = "bridged";
parent = "vmbr0";
};
};
}
{
name = "homeassistant";
devices = {
root = {
path = "/";
pool = "default";
size = "128GiB";
type = "disk";
};
eth0 = {
type = "nic";
nictype = "bridged";
parent = "vmbr0";
};
zigbee = {
type = "usb";
productid = "55d4";
vendorid = "1a86";
};
p1 = {
type = "usb";
productid = "0403";
vendorid = "6001";
};
};
config = {
"limits.cpu" = 4;
"limits.memory" = "8GiB";
};
}
];
storage_pools = [
{
config = {
"lvm.thinpool_name" = "data";
"lvm.vg_name" = "data";
};
driver = "lvm";
name = "default";
}
];
config = {
"oidc.client.id" = "incus";
"oidc.issuer" = "https://id.datarift.nl/realms/datarift/.well-known/openid-configuration";
"core.https_address" = "[::]:8443";
};
};
};
};
systemd.services = {
incus = {
path = [
pkgs.nftables
pkgs.lvm2
pkgs.e2fsprogs
];
environment = {
INCUS_UI = pkgs.incus-ui;
};
};
incus-preseed = {
path = [ pkgs.lvm2 ];
};
};
networking.firewall.allowedTCPPorts = [
8443
];
}

71
machines/proxy/configuration.nix
View file

@ -1,7 +1,7 @@
{ self, caddy-with-plugins, ... }:
{ modulesPath, pkgs, ... }: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
(modulesPath + "/virtualisation/lxc-container.nix")
../../users/root
../../users/erwin
];
@ -21,48 +21,67 @@
package = caddy-with-plugins.lib.caddyWithPackages {
inherit (pkgs) caddy buildGoModule;
plugins = [ "github.com/caddy-dns/cloudflare@74f004e1c1ab9056288f0baf3cd4b0039d6c77f3" ];
vendorSha256 = "7TWLOeEHn/cmpCXWuwLQrWpezrW6qcCERscutzYjpN0=";
vendorSha256 = "UYNFkGK4A7DJSmin4nCo9rUD60gx80e9YZodn7uEcUM=";
};
};
tailscale.enable = true;
};
boot.isContainer = true;
boot = {
isContainer = true;
kernel.sysctl = {
"net.core.rmem_max" = 2500000;
"net.core.wmem_max" = 2500000;
};
};
time.timeZone = "Europe/Amsterdam";
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
# networking = {
# hostName = "proxy";
# useDHCP = false;
networking = {
hostName = "proxy";
useDHCP = false;
useHostResolvConf = false;
networkmanager.enable = false;
useNetworkd = true;
nftables.enable = true;
# interfaces = {
# eth0 = {
# ipv4.addresses = [
# {
# address = "10.0.0.251";
# prefixLength = 24;
# }
# ];
# };
# };
# defaultGateway = "10.0.0.1";
# nameservers = [ "10.0.0.254" ];
# };
proxmoxLXC = {
privileged = true;
firewall.trustedInterfaces = [ "tailscale0" ];
};
services.tailscale.enable = true;
systemd.network = {
enable = true;
security.sudo.execWheelOnly = true;
networks = {
"40-eth0" = {
matchConfig = {
Name = "eth0";
};
networkConfig = {
Address = "10.0.0.251/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
};
};
};
};
security = {
sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = false;
};
sudo.enable = false;
};
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = {
caddy-env = { };
};
system.stateVersion = "21.11";
system.stateVersion = "24.05";
}

32
machines/proxy/secrets.yaml
View file

@ -8,29 +8,29 @@ sops:
- recipient: age1h7ddyj66gcqt5vnzphjfn6y5tul79q0glcdl0et9w44z2evl999qe02wht
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBxMDh2aUZrNjFrb0FoOUN2
Q0ZYUGJUaVh0QnU4NWV1bzU3OEJNUU1iZzNRCkgxYnN4NzJnaldrSXZsY2VPM1ZF
YlR4eVlmRG9yVU1ieWJEbU13bnljV2sKLS0tIFFIODJtRFZ4SjFMbWZDZVFCMUUv
VjBpQUY2OWRpNWNpcDVXVUhTQnFvMXcKF6T0r4jS+mtmsm0oG48n8GTrIh6K6QFB
rLa2LMjqXJFv1PohM3/oRdznHKLV8sW1mr/GQ+DgNmh/8i0J1RH/vA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKNmVyOGtudS9ZdlpxVmpD
Qmd5dWlQRkJ0b3lrK1JrV0RXWjRzdHgyblZzCjlacnJra1NHT25oQ3V4NEc3K09k
MnBObjBXQTFxaHJNTmpsTVo4TDlCdjQKLS0tIGFZREpPWVI5a2ZDQjAxbkRHRTJ4
a1dYRzNXQWRrYkRESkRIVGljYlZDOGcKBdQ+F+5KmTpOkBR0UlTRdon+F+qWgQRA
oisOMoX/WFss3/CNJxr4LwqXFoinWQT7qiXXPsBiZ+VpsaBfPJ3sMw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1435gxhlpu55pp86r8pullhc6wg43nv6qm5l3g2vl5000xhn8apdqtlf8cg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRUDVGaTFzdTNpdkJaQ1Qw
ZGRWNHBEcHo5VHh1SXIxUHJjVHhlVWV6Y3g4CjJGTlQ2M1JXMi8wamREQ29ud0ho
anVaV2FtUkp4SGt2ZlFwSmpyMUxQclUKLS0tIDIrVGhZUkRzMG42RXFIdFVybFZO
K1FiL21YTTh5RVZ4eEZaN0FjNmZmeXcK2cC+7TXmiXlcfbYelTjqpTMBMYh255Du
g82xFVcvd404xnnrDuYp5hHFnz3D3Gg6IQoVjJv6H+t5I2x/gJiQZg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWeElXK2hjLzhQc2hpYUtT
VjAyM3lIcjdJNGQ0Ujh0S2U5eXlxYXFTU2swCjlMa2xTQTFqZUVQd3lMalRrSDds
aXJyM3B1ZFg3cWxKSHdpbWVxT3JKS3cKLS0tIHp0Q0dDM1d0aGNrQlA4bnlITE41
OWZIT3BZbCtLaFl5eU1CMlE3S3RNVUkKUShpf1ahWy5AF7UhucPcz1FzGF85Z26E
FbPEHzSfjLZoRtEaxXDOJVASd7xuGkb+L8g86rWR462atAI6lTuEfg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1dg4euuwvqyyuwpjm08psvehgxr5p6q76ht8k4je6z2xc2pv55vksw9ap7m
- recipient: age1yz7k9s5plamjq425memjh00y4sdldgdhpwxqpx9gk9wutttx9scsdg3qd5
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1MGM0K1FJbmdvMUJWd2wz
djBRMWxML2dBQ2ZBTjN1S0gwWDlSUytWeERnCmZteWFZRnpKcEt5aXo3R00zWUkx
RGVCdFhVYVR2RjZaZGJ0YnAvVnpBcGcKLS0tIHpUV25RcmFjMENTQWI5OVdVZ2Zz
RW5kVVdlTmxsalB1TFVRd2dUOU5kL00KP4f1FGMxnWJajfdQqeTXr1ADu6HCTcto
yUbbhHkhwS8IBUM0ETbEaY76o3y9WufAye37Lp3Vg44GN5IozURpOg==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBERWtjd2h3N2lIbDNBZGpZ
VnViQ2FXY0hQaXV6RXZaYnRHODJFOVZOcEJZCmdXSjMrVTFBZzhlQS9XSWNmYzRs
NXVCT2N6NDlSbGhpNnZ0S0FhTFpEMjAKLS0tIGg1TDFrZ3RmVjBPR1hleWhwNWVC
UTFJZmxIK2YxY0FieFpoNVV4Z2ttK1UKeqJuuzuMyVayliFUscLSCtUZDjjZKaIg
Kp6952AQPC4h+7j61C0iqtqG8dxIABdJfu7gvdgEfpKltDae3vQR8w==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-08-09T22:09:02Z"
mac: ENC[AES256_GCM,data:PxSVqIFldfaMf/XGV+eHwEGZoSLDBCc+Vmgt9EMMMA9CrJLniMXdBWCfDyoIal3JOPy7RekwMHsw56D56vaX7Fe0g80/IK+xoUv8a6nrXW1T58bOuQbSliuKI3MbGHYrqDkZXr+7+A8rugg3ENwmGdunQx02CzS5v3RraCzr/L4=,iv:avU85FslUGNdLRRyCgrlfS+WvAES1MGqyJ5Yy3fUPHU=,tag:b6reWUEKxIUQNystlRRYNA==,type:str]

57
machines/unifi/configuration.nix
View file

@ -1,7 +1,7 @@
{ self, ... }:
{ modulesPath, pkgs, lib, ... }: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
(modulesPath + "/virtualisation/lxc-container.nix")
../../users/root
../../users/erwin
];
@ -15,11 +15,12 @@
enable = true;
remote-builders = true;
};
tailscale.enable = true;
};
services.unifi = {
enable = true;
unifiPackage = pkgs.unifi;
unifiPackage = pkgs.unifi8;
# unifiPackage = pkgs.unifi.overrideAttrs (_oldAttrs: {
# version = "7.5.176";
# src = builtins.fetchurl {
@ -30,25 +31,53 @@
openFirewall = true;
};
networking.firewall = {
allowPing = true;
trustedInterfaces = [ "tailscale0" ];
allowedTCPPorts = [ 8443 ];
};
boot.isContainer = true;
time.timeZone = "Europe/Amsterdam";
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
proxmoxLXC = {
privileged = true;
networking = {
hostName = "unifi";
useDHCP = false;
useHostResolvConf = false;
networkmanager.enable = false;
useNetworkd = true;
nftables.enable = true;
firewall = {
trustedInterfaces = [ "tailscale0" ];
allowPing = true;
allowedTCPPorts = [ 8443 ];
};
};
services.tailscale.enable = true;
systemd.network = {
enable = true;
networks = {
"40-eth0" = {
matchConfig = {
Name = "eth0";
};
networkConfig = {
Address = "10.0.0.207/24";
Gateway = "10.0.0.1";
DNS = "10.0.0.206";
DHCP = "no";
};
};
};
};
security = {
sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = false;
};
sudo.enable = false;
};
security.sudo.execWheelOnly = true;
sops.defaultSopsFile = ./secrets.yaml;
sops.secrets = { };

42
machines/valkyrie/configuration.nix
View file

@ -1,7 +1,7 @@
{ self, ... }:
{ modulesPath, ... }: {
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
(modulesPath + "/virtualisation/lxc-container.nix")
../../users/root
../../users/erwin
@ -23,6 +23,7 @@
remote-builders = true;
};
unbound.enable = true;
tailscale.enable = true;
};
services.resolved.extraConfig = ''
@ -33,15 +34,44 @@
system.configurationRevision = self.inputs.nixpkgs.lib.mkIf (self ? rev) self.rev;
proxmoxLXC = {
privileged = true;
networking = {
hostName = "valkyrie";
useDHCP = false;
useHostResolvConf = false;
networkmanager.enable = false;
useNetworkd = true;
nftables.enable = true;
firewall.trustedInterfaces = [ "tailscale0" ];
};
networking.firewall.trustedInterfaces = [ "tailscale0" ];
systemd.network = {
enable = true;
security.sudo.execWheelOnly = true;
networks = {
"40-eth0" = {
matchConfig = {
Name = "eth0";
};
services.tailscale.enable = true;
networkConfig = {
Address = "10.0.0.206/24";
Gateway = "10.0.0.1";
DNS = "127.0.0.1";
DHCP = "no";
};
};
};
};
security = {
sudo-rs = {
enable = true;
execWheelOnly = true;
wheelNeedsPassword = false;
};
sudo.enable = false;
};
system.stateVersion = "23.11";
}

2
modules/caddy-proxy/default.nix
View file

@ -48,7 +48,7 @@ in
virtualHosts = {
"home.datarift.nl" = mkProxyHost "homeassistant.barn-beaver.ts.net:8123";
"drone.datarift.nl" = mkProxyHost "drone.barn-beaver.ts.net:8100";
"ci.datarift.nl" = mkProxyHost "ci.barn-beaver.ts.net:8100";
"frigate.datarift.nl" = mkLocalProxyHost "frigate.barn-beaver.ts.net:5000";
"git.datarift.nl" = mkProxyHost "gitea.barn-beaver.ts.net:3000";
"minio.datarift.nl" = mkProxyHost "minio.barn-beaver.ts.net:9000";

4
modules/docker/default.nix
View file

@ -5,6 +5,8 @@
}:
with lib; let
cfg = config.eboskma.podman;
podmanInterfaces = if config.networking.nftables.enable then "podman*" else "podman+";
in
{
options.eboskma.podman = {
@ -55,7 +57,7 @@ in
users.extraUsers.${config.eboskma.var.mainUser}.extraGroups = [ "podman" ];
# Make DNS work in containers
networking.firewall.interfaces."podman*" = {
networking.firewall.interfaces.${podmanInterfaces} = {
allowedUDPPorts = [ 53 ];
allowedTCPPorts = [ 53 ];
};

2
modules/frigate/config.yml
View file

@ -59,7 +59,7 @@ go2rtc:
webrtc:
candidates:
- 10.0.0.205:8555
- 100.114.77.58:8555 # Tailscale
- 100.84.124.27:8555 # Tailscale
- stun:8555
cameras:

4
modules/frigate/default.nix
View file

@ -32,9 +32,11 @@ in
"--shm-size=128m"
"--mount"
"type=tmpfs,target=/tmp/cache,tmpfs-size=1G"
"--cap-add"
"CAP_PERFMON"
];
environment = {
LIBVA_DRIVER_NAME = "i965";
LIBVA_DRIVER_NAME = "iHD";
};
environmentFiles = [
config.sops.secrets.frigate.path

2
modules/gitea/default.nix
View file

@ -66,7 +66,7 @@ in
};
webhook = {
ALLOWED_HOST_LIST = "external,10.0.0.202/32,drone.datarift.nl";
ALLOWED_HOST_LIST = "external,10.0.0.202/32,ci.datarift.nl";
};
# Experimental Gitea Actions

17
modules/k3s/default.nix Normal file
View file

@ -0,0 +1,17 @@
{ pkgs, config, lib, ... }:
with lib;
let
cfg = config.eboskma.k3s;
in
{
options.eboskma.k3s = { enable = mkEnableOption "k3s"; };
config = mkIf cfg.enable {
services.k3s = {
enable = true;
extraFlags = "--tls-san=10.0.0.4 --tls-san=100.106.117.132";
};
environment.systemPackages = with pkgs; [ kubectl kubernetes-helm ];
};
}

4
modules/keycloak/keycloak-admin-ui.nix
View file

@ -13,12 +13,12 @@ buildMavenPackage {
owner = "keycloak";
repo = "keycloak";
rev = version;
hash = "sha256-Lk2CWzIV7UcDHy3hth9ccw3OUAsphM3llahHtehAcV0=";
hash = "sha256-2tTdm8e+OUgO+g/ob1mw+4wFbr6wAPlnbCr8edKGuoE=";
};
sourceRoot = "source/integration/admin-client";
mvnHash = "sha256-HkVib0WCbl+/EuwUf8JiYKewIz1AntTvGySInsOkODE=";
mvnHash = "sha256-dM9KBAjRPtea3kgmkEQiS953U/jAAXOfgpJOE/KuCOE=";
installPhase = ''
install -D target/keycloak-admin-client-${version}.jar $out/keycloak-admin-client-${version}.jar

26
modules/pixiecore/default.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, lib, inputs, ... }:
with lib;
let
cfg = config.eboskma.pixiecore;
installerSystem = import ./installer.nix { inherit (inputs.nixpkgs.lib) nixosSystem; };
build = installerSystem.config.system.build;
in
{
options.eboskma.pixiecore = { enable = mkEnableOption "pixiecore with NixOS Installer"; };
config = mkIf cfg.enable {
services.pixiecore = {
enable = true;
openFirewall = true;
dhcpNoBind = true;
mode = "boot";
kernel = "${build.kernel}/bzImage";
initrd = "${build.netbootRamdisk}/initrd";
cmdLine = "init=${build.toplevel}/init loglevel=4";
debug = true;
};
};
}

27
modules/pixiecore/installer.nix Normal file
View file

@ -0,0 +1,27 @@
{ nixosSystem }:
nixosSystem {
system = "x86_64-linux";
modules = [
({ config, modulesPath, ... }: {
imports = [
"${modulesPath}/installer/netboot/netboot-minimal.nix"
../../users/root
];
config = {
services.openssh = {
enable = true;
openFirewall = true;
settings = {
PasswordAuthentication = false;
KbdInteractiveAuthentication = false;
};
};
system.stateVersion = "24.05";
};
})
];
}

7
modules/tailscale/default.nix
View file

@ -4,14 +4,17 @@ let
cfg = config.eboskma.tailscale;
in
{
options.eboskma.tailscale = { enable = mkEnableOption "tailscale"; };
options.eboskma.tailscale = {
enable = mkEnableOption "tailscale";
nftables = mkEnableOption "nftables";
};
config = mkIf cfg.enable {
services.tailscale = {
enable = true;
};
systemd.services.tailscaled.environment = {
systemd.services.tailscaled.environment = mkIf cfg.nftables {
TS_DEBUG_FIREWALL_MODE = "auto";
};
};

2
modules/woodpecker/default.nix
View file

@ -12,7 +12,7 @@ in
environment = {
WOODPECKER_GITEA = "true";
WOODPECKER_GITEA_URL = "https://git.datarift.nl";
WOODPECKER_HOST = "https://drone.datarift.nl";
WOODPECKER_HOST = "https://ci.datarift.nl";
WOODPECKER_SERVER_ADDR = ":8100";
WOODPECKER_ADMIN = "erwin";
WOODPECKER_SESSION_EXPIRES = "48h";

1
overlays/default.nix
View file

@ -22,4 +22,5 @@ _final: prev: {
patches = (prevAttrs.patches or [ ]) ++ [ ./ddccontrol-db/0001-add-del41d9.patch ];
});
incus-ui = prev.pkgs.callPackage ../pkgs/incus-ui { };
}

76
pkgs/incus-ui/default.nix Normal file
View file

@ -0,0 +1,76 @@
{ lib
, stdenv
, fetchFromGitHub
, fetchYarnDeps
, nodejs
, prefetch-yarn-deps
, yarn
}:
stdenv.mkDerivation rec {
pname = "incus-ui";
version = "0.5";
src = fetchFromGitHub {
owner = "canonical";
repo = "lxd-ui";
rev = version;
hash = "sha256-52MRf7bk8Un9wqz00+JjDmuJgPKYhgAhIbMbcAuf8W8=";
};
offlineCache = fetchYarnDeps {
yarnLock = "${src}/yarn.lock";
hash = "sha256-WWnNjwzhN57PzTPmLWWzPoj66VFUnuzW1hTjKlVV8II=";
};
patches = [
./ui-canonical-0001-Branding.patch
./ui-canonical-0002-Update-navigation.patch
./ui-canonical-0003-Update-certificate-generation.patch
./ui-canonical-0004-Remove-external-links.patch
./ui-canonical-0005-Remove-Canonical-image-servers.patch
];
nativeBuildInputs = [
nodejs
prefetch-yarn-deps
yarn
];
configurePhase = ''
runHook preConfigure
export HOME=$(mktemp -d)
yarn config --offline set yarn-offline-mirror "$offlineCache"
fixup-yarn-lock yarn.lock
yarn --offline --frozen-lockfile --ignore-platform --ignore-scripts --no-progress --non-interactive install
patchShebangs node_modules
cp ${./favicon-32x32.png} public/assets/img/favicon-32x32.png
runHook postConfigure
'';
buildPhase = ''
runHook preBuild
yarn --offline build
runHook postBuild
'';
installPhase = ''
runHook preInstall
cp -r build/ui $out
runHook postInstall
'';
meta = with lib; {
description = "Easy and accessible container and virtual machine management. A browser interface for LXD";
homepage = "https://github.com/canonical/lxd-ui";
license = licenses.gpl3;
maintainers = with maintainers; [ ];
platforms = platforms.linux;
};
}

BIN
pkgs/incus-ui/favicon-32x32.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 2.4 KiB

276
pkgs/incus-ui/ui-canonical-0001-Branding.patch Normal file
View file

@ -0,0 +1,276 @@
From b2c17ef237b6c7540d4947f3d4544dc08dbd33ad Mon Sep 17 00:00:00 2001
From: Erwin Boskma <erwin@datarift.nl>
Date: Sat, 23 Dec 2023 20:02:24 +0100
Subject: [PATCH] Branding
---
index.html | 2 +-
public/assets/img/incus-logo.svg | 129 ++++++++++++++++++++++++++++++
public/assets/img/lxd-logo.svg | 34 --------
src/components/Logo.tsx | 6 +-
src/sass/_pattern_navigation.scss | 8 +-
src/util/title.tsx | 2 +-
6 files changed, 138 insertions(+), 43 deletions(-)
create mode 100644 public/assets/img/incus-logo.svg
delete mode 100644 public/assets/img/lxd-logo.svg
diff --git a/index.html b/index.html
index 6aa1283..85b46bd 100644
--- a/index.html
+++ b/index.html
@@ -5,7 +5,7 @@
<meta charset="UTF-8" />
<meta name="viewport" content="width=device-width, initial-scale=1" />
- <title>LXD UI</title>
+ <title>Incus UI</title>
<link rel="shortcut icon" href="/assets/img/favicon-32x32.png" type="image/x-icon">
<script>const global = globalThis;</script>
diff --git a/public/assets/img/incus-logo.svg b/public/assets/img/incus-logo.svg
new file mode 100644
index 0000000..9caf711
--- /dev/null
+++ b/public/assets/img/incus-logo.svg
@@ -0,0 +1,129 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 18.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"
+ width="165.754px" height="152.992px" viewBox="134.113 113.05 165.754 152.992"
+ enable-background="new 134.113 113.05 165.754 152.992" xml:space="preserve">
+<polygon fill="#DD4814" stroke="#FFFFFF" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" points="
+ 299.088,189.546 299.018,218.023 217.256,265.542 217.326,237.066 "/>
+<polygon fill="#DD4814" stroke="#FFFFFF" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" points="
+ 217.326,237.066 217.256,265.542 134.971,218.023 135.041,189.546 "/>
+<polygon fill="#333333" stroke="#FFFFFF" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" points="
+ 299.157,161.07 258.277,184.829 175.991,137.31 216.872,113.55 "/>
+<g enable-background="new ">
+ <polygon fill="#333333" stroke="#FFFFFF" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" points="
+ 299.367,161.175 299.262,189.651 258.382,213.411 258.486,184.934 "/>
+</g>
+<g enable-background="new ">
+ <g>
+ <polygon id="SVGID_1_" fill="#333333" points="258.277,184.829 258.207,213.306 175.922,165.787 175.991,137.31 "/>
+ </g>
+ <g>
+ <defs>
+ <polygon id="SVGID_4_" points="258.277,184.829 258.207,213.306 175.922,165.787 175.991,137.31 "/>
+ </defs>
+ <clipPath id="SVGID_6_">
+ <use xlink:href="#SVGID_4_" overflow="visible"/>
+ </clipPath>
+ <polygon clip-path="url(#SVGID_6_)" fill="#333333" stroke="#FFFFFF" stroke-miterlimit="10" points="258.277,184.829
+ 258.207,213.306 175.922,165.787 175.991,137.31 "/>
+ </g>
+ <g>
+ <polygon id="SVGID_2_" fill="none" stroke="#FFFFFF" stroke-miterlimit="10" points="258.277,184.829 258.207,213.306
+ 175.922,165.787 175.991,137.31 "/>
+ </g>
+</g>
+<polygon fill="#888888" stroke="#FFFFFF" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" points="
+ 258.242,199.05 217.361,222.81 135.076,175.326 175.956,151.566 "/>
+<polygon fill="#888888" stroke="#FFFFFF" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" points="
+ 217.361,222.81 217.326,237.066 135.041,189.546 135.076,175.326 "/>
+<polygon fill="#888888" stroke="#FFFFFF" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" points="
+ 258.242,199.05 258.207,213.306 217.326,237.066 217.361,222.81 "/>
+<polygon fill="#2C001E" stroke="#FFFFFF" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" points="
+ 216.802,161.14 216.767,175.326 176.061,198.98 176.096,184.794 "/>
+<polygon fill="#CDCDCD" points="216.802,161.14 176.096,184.794 135.111,161.14 175.991,137.31 "/>
+<polygon fill="#CDCDCD" points="176.096,184.794 176.061,198.98 135.076,175.326 135.111,161.14 "/>
+<polygon fill="#CDCDCD" points="216.802,161.14 216.767,175.326 176.061,198.98 176.096,184.794 "/>
+<g>
+ <g enable-background="new ">
+ <g>
+ <defs>
+ <polygon id="SVGID_8_" points="216.802,175.326 176.061,198.98 135.111,175.326 175.991,151.566 "/>
+ </defs>
+ <clipPath id="SVGID_10_">
+ <use xlink:href="#SVGID_8_" overflow="visible"/>
+ </clipPath>
+ <polygon clip-path="url(#SVGID_10_)" fill="none" stroke="#FFFFFF" stroke-miterlimit="10" points="216.802,175.326
+ 176.096,198.98 135.111,175.326 175.991,151.566 "/>
+ </g>
+ <g>
+ <polygon id="SVGID_3_" fill="none" stroke="#FFFFFF" stroke-miterlimit="10" points="216.802,175.326 176.061,198.98
+ 135.111,175.326 175.991,151.566 "/>
+ </g>
+ </g>
+ <g enable-background="new ">
+ <g>
+ <defs>
+ <polygon id="SVGID_12_" points="216.837,161.14 176.131,184.794 135.146,161.14 176.026,137.31 "/>
+ </defs>
+ <clipPath id="SVGID_13_">
+ <use xlink:href="#SVGID_12_" overflow="visible"/>
+ </clipPath>
+ <polygon clip-path="url(#SVGID_13_)" fill="none" stroke="#FFFFFF" stroke-miterlimit="10" points="216.837,161.14
+ 176.131,184.794 135.146,161.14 176.026,137.31 "/>
+ </g>
+ <g>
+ <polygon id="SVGID_5_" fill="none" stroke="#FFFFFF" stroke-miterlimit="10" points="216.837,161.14 176.131,184.794
+ 135.146,161.14 176.026,137.31 "/>
+ </g>
+ </g>
+ <g enable-background="new ">
+ <g>
+ <defs>
+ <polygon id="SVGID_14_" points="176.131,184.794 176.061,198.98 135.111,175.326 135.146,161.14 "/>
+ </defs>
+ <clipPath id="SVGID_15_">
+ <use xlink:href="#SVGID_14_" overflow="visible"/>
+ </clipPath>
+ <polygon clip-path="url(#SVGID_15_)" fill="none" stroke="#FFFFFF" stroke-miterlimit="10" points="176.131,184.794
+ 176.096,198.98 135.111,175.326 135.146,161.14 "/>
+ </g>
+ <g>
+ <polygon id="SVGID_7_" fill="none" stroke="#FFFFFF" stroke-miterlimit="10" points="176.131,184.794 176.061,198.98
+ 135.111,175.326 135.146,161.14 "/>
+ </g>
+ </g>
+ <g enable-background="new ">
+ <g>
+ <defs>
+ <polygon id="SVGID_16_" points="135.146,161.14 176.026,137.31 175.991,151.566 135.111,175.326 "/>
+ </defs>
+ <clipPath id="SVGID_17_">
+ <use xlink:href="#SVGID_16_" overflow="visible"/>
+ </clipPath>
+ <polygon clip-path="url(#SVGID_17_)" fill="none" stroke="#FFFFFF" stroke-miterlimit="10" points="135.146,161.14
+ 176.026,137.31 175.991,151.566 135.111,175.326 "/>
+ </g>
+ <g>
+ <polygon id="SVGID_9_" fill="none" stroke="#FFFFFF" stroke-miterlimit="10" points="135.146,161.14 176.026,137.31
+ 175.991,151.566 135.111,175.326 "/>
+ </g>
+ </g>
+ <g enable-background="new ">
+ <g>
+ <defs>
+ <polygon id="SVGID_18_" points="176.026,137.31 216.837,161.14 216.802,175.326 175.991,151.566 "/>
+ </defs>
+ <clipPath id="SVGID_19_">
+ <use xlink:href="#SVGID_18_" overflow="visible"/>
+ </clipPath>
+ <polygon clip-path="url(#SVGID_19_)" fill="none" stroke="#FFFFFF" stroke-miterlimit="10" points="176.026,137.31
+ 216.837,161.14 216.802,175.326 175.817,151.671 "/>
+ </g>
+ <g>
+ <polygon id="SVGID_11_" fill="none" stroke="#FFFFFF" stroke-miterlimit="10" points="176.026,137.31 216.837,161.14
+ 216.802,175.326 175.991,151.566 "/>
+ </g>
+ </g>
+</g>
+</svg>
diff --git a/public/assets/img/lxd-logo.svg b/public/assets/img/lxd-logo.svg
deleted file mode 100644
index 272ef59..0000000
--- a/public/assets/img/lxd-logo.svg
+++ /dev/null
@@ -1,34 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1900 400">
- <defs>
- <style>
- .cls-1 {
- fill: none;
- }
-
- .cls-2 {
- fill: #e95420;
- }
-
- .cls-3 {
- fill: #fff;
- }
- </style>
- </defs>
- <g>
- <rect class="cls-2" width="252.43" height="400"/>
- <rect class="cls-1" x="30.05" y="168.29" width="192.33" height="192.33"/>
- <g>
- <path class="cls-3" d="m173.07,243.26v-47.87l-46.86-27.1-46.86,27.1v47.87l-41.66,24.05v54.19l46.86,27.1,41.66-24.16,41.66,24.05,46.86-27.1v-54.19l-41.66-23.94Zm-46.86-62.77l36.36,21v41.77l-36.36,21.11-36.47-21v-41.77l36.47-21.11Zm-41.66,155.92l-36.36-21v-42l36.24-20.89,36.58,21.11v41.77l-36.47,21Zm119.68-21l-36.36,21-36.36-21v-41.77l36.58-21.11,36.24,20.89v42h-.11Z"/>
- <polygon class="cls-3" points="171.49 319.69 191.47 307.84 191.47 284.35 171.49 296.1 171.49 319.69"/>
- <polygon class="cls-3" points="167.76 266.97 147.78 278.48 167.88 289.89 187.86 278.14 167.76 266.97"/>
- <polygon class="cls-3" points="144.28 308.18 164.38 319.92 164.38 296.1 144.05 284.69 144.28 308.18"/>
- <polygon class="cls-3" points="84.44 266.97 64.46 278.48 84.55 289.89 104.54 278.14 84.44 266.97"/>
- <polygon class="cls-3" points="60.96 308.18 81.05 319.92 81.05 296.1 60.84 284.69 60.96 308.18"/>
- <polygon class="cls-3" points="88.17 319.69 108.26 307.84 108.26 284.35 88.17 296.1 88.17 319.69"/>
- <polygon class="cls-3" points="146.09 206.11 126.1 195.05 106.12 206.56 126.1 217.85 146.09 206.11"/>
- <polygon class="cls-3" points="122.6 247.89 122.6 224.06 102.51 212.66 102.62 236.26 122.6 247.89"/>
- <polygon class="cls-3" points="129.72 247.77 149.81 235.92 149.81 212.21 129.72 224.06 129.72 247.77"/>
- </g>
- </g>
-</svg>
\ No newline at end of file
diff --git a/src/components/Logo.tsx b/src/components/Logo.tsx
index bcaf07e..92a0a5a 100644
--- a/src/components/Logo.tsx
+++ b/src/components/Logo.tsx
@@ -15,11 +15,11 @@ const Logo: FC = () => {
return (
<NavLink className="p-panel__logo" to={getLogoLink()}>
<img
- src="/ui/assets/img/lxd-logo.svg"
- alt="LXD-UI logo"
+ src="/ui/assets/img/incus-logo.svg"
+ alt="Incus-UI logo"
className="p-panel__logo-image"
/>
- <div className="logo-text p-heading--4">Canonical LXD</div>
+ <div className="logo-text p-heading--4">Incus UI</div>
</NavLink>
);
};
diff --git a/src/sass/_pattern_navigation.scss b/src/sass/_pattern_navigation.scss
index a224ef4..d68f363 100644
--- a/src/sass/_pattern_navigation.scss
+++ b/src/sass/_pattern_navigation.scss
@@ -5,20 +5,20 @@
.p-panel__logo-image {
height: 36px;
- margin-top: -3px;
+ margin-top: 2px;
max-width: inherit;
}
.logo-text {
color: #fff;
- left: 47px;
+ left: 70px;
position: absolute;
top: $spv--x-small;
}
@include mobile {
.logo-text {
- left: 38px;
+ left: 66px;
}
}
@@ -28,7 +28,7 @@
}
.logo-text {
- left: 52px;
+ left: 80px;
}
}
}
diff --git a/src/util/title.tsx b/src/util/title.tsx
index 715fd43..a40b0b7 100644
--- a/src/util/title.tsx
+++ b/src/util/title.tsx
@@ -6,6 +6,6 @@ export const setTitle = () => {
useEffect(() => {
const host = settings?.config["user.ui_title"] ?? location.hostname;
- document.title = `${host} | LXD UI`;
+ document.title = `${host} | Incus UI`;
}, [settings?.config]);
};
--
2.42.0

74
pkgs/incus-ui/ui-canonical-0002-Update-navigation.patch Normal file
View file

@ -0,0 +1,74 @@
From 837f1824fb44a3f9d47370ebb098e09f84e7fd9d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org>
Date: Wed, 22 Nov 2023 23:02:27 +0000
Subject: [PATCH 2/5] Update navigation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
---
src/components/Navigation.tsx | 5 ++---
src/components/NoMatch.tsx | 2 +-
src/context/useDocs.tsx | 2 +-
3 files changed, 4 insertions(+), 5 deletions(-)
diff --git a/src/components/Navigation.tsx b/src/components/Navigation.tsx
index 0e0c704..93d2db2 100644
--- a/src/components/Navigation.tsx
+++ b/src/components/Navigation.tsx
@@ -287,7 +287,7 @@ const Navigation: FC = () => {
<li className="p-side-navigation__item">
<a
className="p-side-navigation__link"
- href="https://discourse.ubuntu.com/c/lxd/126"
+ href="https://discuss.linuxcontainers.org"
target="_blank"
rel="noreferrer"
title="Discussion"
@@ -302,7 +302,7 @@ const Navigation: FC = () => {
<li className="p-side-navigation__item">
<a
className="p-side-navigation__link"
- href="https://github.com/canonical/lxd-ui/issues/new"
+ href="https://github.com/zabbly/incus/issues/new"
target="_blank"
rel="noreferrer"
title="Report a bug"
@@ -314,7 +314,6 @@ const Navigation: FC = () => {
Report a bug
</a>
</li>
- <Version />
</ul>
</div>
</div>
diff --git a/src/components/NoMatch.tsx b/src/components/NoMatch.tsx
index 8d5270c..bd9e515 100644
--- a/src/components/NoMatch.tsx
+++ b/src/components/NoMatch.tsx
@@ -13,7 +13,7 @@ const NoMatch: FC = () => {
<br />
If you think this is an error in our product, please{" "}
<a
- href="https://github.com/canonical/lxd-ui/issues/new"
+ href="https://github.com/zabbly/incus/issues/new"
target="_blank"
rel="noreferrer"
title="Report a bug"
diff --git a/src/context/useDocs.tsx b/src/context/useDocs.tsx
index 454d98c..90a0de9 100644
--- a/src/context/useDocs.tsx
+++ b/src/context/useDocs.tsx
@@ -1,7 +1,7 @@
import { useSettings } from "context/useSettings";
export const useDocs = (): string => {
- const remoteBase = "https://documentation.ubuntu.com/lxd/en/latest";
+ const remoteBase = "/documentation";
const localBase = "/documentation";
const { data: settings } = useSettings();
--
2.39.2

195
pkgs/incus-ui/ui-canonical-0003-Update-certificate-generation.patch Normal file
View file

@ -0,0 +1,195 @@
From fc477ad289e1be83d2e4350e07563c01c8750468 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org>
Date: Wed, 22 Nov 2023 23:03:33 +0000
Subject: [PATCH 3/5] Update certificate generation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
---
src/pages/login/BrowserImport.tsx | 18 +++++++++---------
src/pages/login/CertificateAdd.tsx | 4 ++--
src/pages/login/CertificateGenerate.tsx | 12 ++++++------
src/util/certificate.tsx | 4 ++--
4 files changed, 19 insertions(+), 19 deletions(-)
diff --git a/src/pages/login/BrowserImport.tsx b/src/pages/login/BrowserImport.tsx
index f3cbcae..5d11d80 100644
--- a/src/pages/login/BrowserImport.tsx
+++ b/src/pages/login/BrowserImport.tsx
@@ -25,7 +25,7 @@ const BrowserImport: FC<Props> = ({ sendPfx }) => {
<>
<li className="p-list__item">
This opens a certificate management dialog. Click <code>Import...</code>
- then <code>Next</code> and select the <code>lxd-ui.pfx</code> file you
+ then <code>Next</code> and select the <code>incus-ui.pfx</code> file you
just downloaded. Enter your password, or leave the field empty if you
have not set one. Click <code>Next</code>.
</li>
@@ -34,14 +34,14 @@ const BrowserImport: FC<Props> = ({ sendPfx }) => {
<code>Next</code>, then click <code>Finish</code>.
</li>
<li className="p-list__item">
- Restart the browser and open LXD-UI. Select the LXD-UI certificate.
+ Restart the browser and open Incus-UI. Select the Incus-UI certificate.
</li>
</>
);
const downloadPfx = (
<li className="p-list__item u-clearfix">
- Download <code>lxd-ui.pfx</code>
+ Download <code>incus-ui.pfx</code>
{sendPfx && (
<div className="u-float-right--large">
<Button onClick={sendPfx}>Download pfx</Button>
@@ -82,12 +82,12 @@ const BrowserImport: FC<Props> = ({ sendPfx }) => {
<code>Import</code>.
</li>
<li className="p-list__item">
- Select the <code>lxd-ui.pfx</code> file you just downloaded.
+ Select the <code>incus-ui.pfx</code> file you just downloaded.
Enter your password, or leave the field empty if you have not
set one.
</li>
<li className="p-list__item">
- Restart the browser and open LXD-UI. Select the LXD-UI
+ Restart the browser and open Incus-UI. Select the Incus-UI
certificate.
</li>
</ul>
@@ -108,11 +108,11 @@ const BrowserImport: FC<Props> = ({ sendPfx }) => {
</li>
<li className="p-list__item">
Click the <code>Import</code> button and select the{" "}
- <code>lxd-ui.pfx</code> file you just downloaded. Enter your
+ <code>incus-ui.pfx</code> file you just downloaded. Enter your
password, or leave the field empty if you have not set one.
</li>
<li className="p-list__item">
- Restart the browser and open LXD-UI. Select the LXD-UI
+ Restart the browser and open Incus-UI. Select the Incus-UI
certificate.
</li>
</ul>
@@ -179,7 +179,7 @@ const BrowserImport: FC<Props> = ({ sendPfx }) => {
keychain.
</li>
<li className="p-list__item">
- Drag the <code>lxd-ui.pfx</code> file onto the Keychain Access
+ Drag the <code>incus-ui.pfx</code> file onto the Keychain Access
app.
</li>
<li className="p-list__item">
@@ -187,7 +187,7 @@ const BrowserImport: FC<Props> = ({ sendPfx }) => {
and password for an administrator user on this computer.
</li>
<li className="p-list__item">
- Restart the browser and open LXD-UI. Select the LXD-UI
+ Restart the browser and open Incus-UI. Select the Incus-UI
certificate.
</li>
</ul>
diff --git a/src/pages/login/CertificateAdd.tsx b/src/pages/login/CertificateAdd.tsx
index e539588..bc09982 100644
--- a/src/pages/login/CertificateAdd.tsx
+++ b/src/pages/login/CertificateAdd.tsx
@@ -52,7 +52,7 @@ const CertificateAdd: FC = () => {
<p>Generate a token on the command line</p>
<div className="p-code-snippet">
<pre className="p-code-snippet__block--icon">
- <code>lxc config trust add --name lxd-ui</code>
+ <code>incus config trust add --name incus-ui</code>
</pre>
</div>
</div>
@@ -78,7 +78,7 @@ const CertificateAdd: FC = () => {
</Col>
<Col size={6}>
<div className="p-stepped-list__content">
- <p>Enjoy LXD UI.</p>
+ <p>Enjoy Incus UI.</p>
</div>
</Col>
</Row>
diff --git a/src/pages/login/CertificateGenerate.tsx b/src/pages/login/CertificateGenerate.tsx
index e8ce222..3c23645 100644
--- a/src/pages/login/CertificateGenerate.tsx
+++ b/src/pages/login/CertificateGenerate.tsx
@@ -82,7 +82,7 @@ const CertificateGenerate: FC = () => {
mainClassName="certificate-generate"
header={
<div className="p-panel__header is-sticky">
- <h1 className="p-panel__title">Setup LXD UI</h1>
+ <h1 className="p-panel__title">Setup Incus UI</h1>
</div>
}
>
@@ -137,12 +137,12 @@ const CertificateGenerate: FC = () => {
<Col size={6}>
<div className="p-stepped-list__content">
<p>
- Download <code>lxd-ui.crt</code> and add it to the LXD
+ Download <code>incus-ui.crt</code> and add it to the Incus
trust store
</p>
<div className="p-code-snippet">
<pre className="p-code-snippet__block--icon">
- <code>lxc config trust add Downloads/lxd-ui.crt</code>
+ <code>incus config trust add-certificate Downloads/incus-ui.crt</code>
</pre>
</div>
</div>
@@ -152,7 +152,7 @@ const CertificateGenerate: FC = () => {
<Button
onClick={() =>
downloadText(
- `lxd-ui-${location.hostname}.crt`,
+ `incus-ui-${location.hostname}.crt`,
certs.crt,
)
}
@@ -174,7 +174,7 @@ const CertificateGenerate: FC = () => {
certs
? () =>
downloadBase64(
- `lxd-ui-${location.hostname}.pfx`,
+ `incus-ui-${location.hostname}.pfx`,
certs.pfx,
)
: undefined
@@ -190,7 +190,7 @@ const CertificateGenerate: FC = () => {
</Col>
<Col size={6}>
<div className="p-stepped-list__content">
- <p>Enjoy LXD UI.</p>
+ <p>Enjoy Incus UI.</p>
</div>
</Col>
</Row>
diff --git a/src/util/certificate.tsx b/src/util/certificate.tsx
index b409147..a802f5d 100644
--- a/src/util/certificate.tsx
+++ b/src/util/certificate.tsx
@@ -26,7 +26,7 @@ const details = [
},
{
name: "organizationName",
- value: `LXD UI ${location.hostname} (Browser Generated)`,
+ value: `Incus UI ${location.hostname} (Browser Generated)`,
},
];
@@ -51,7 +51,7 @@ const generateCert = (password: string) => {
const asn1 = forge.pkcs12.toPkcs12Asn1(keys.privateKey, [cert], password, {
algorithm: "3des", // would like to use aes, but macOS keychain only supports 3des
generateLocalKeyId: true,
- friendlyName: "LXD-UI",
+ friendlyName: "Incus-UI",
});
const der = forge.asn1.toDer(asn1).getBytes();
const pfx = forge.util.encode64(der);
--
2.39.2

38
pkgs/incus-ui/ui-canonical-0004-Remove-external-links.patch Normal file
View file

@ -0,0 +1,38 @@
From 1ada954bbf0220653ad3edec673b83fc32f2c56d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org>
Date: Wed, 22 Nov 2023 23:12:29 +0000
Subject: [PATCH 4/5] Remove external links
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
---
src/pages/storage/UploadCustomImageHint.tsx | 11 -----------
1 file changed, 11 deletions(-)
diff --git a/src/pages/storage/UploadCustomImageHint.tsx b/src/pages/storage/UploadCustomImageHint.tsx
index b66934e..fbb616d 100644
--- a/src/pages/storage/UploadCustomImageHint.tsx
+++ b/src/pages/storage/UploadCustomImageHint.tsx
@@ -9,17 +9,6 @@ const UploadCustomImageHint: FC = () => {
<h5 className="p-notification__title">
Some image formats need to be modified in order to work with LXD.
</h5>
- <p>
- <a
- className="p-notification__action"
- href="https://ubuntu.com/tutorials/how-to-install-a-windows-11-vm-using-lxd#1-overview"
- target="_blank"
- rel="noreferrer"
- >
- Windows ISO images
- <Icon className="external-link-icon" name="external-link" />
- </a>
- </p>
</div>
</div>
</>
--
2.39.2

55
pkgs/incus-ui/ui-canonical-0005-Remove-Canonical-image-servers.patch Normal file
View file

@ -0,0 +1,55 @@
From b429729297ed2bf93af12b5f429f5c0122e61a02 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org>
Date: Wed, 22 Nov 2023 23:16:13 +0000
Subject: [PATCH 5/5] Remove Canonical image servers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
---
src/pages/images/ImageSelector.tsx | 14 --------------
1 file changed, 14 deletions(-)
diff --git a/src/pages/images/ImageSelector.tsx b/src/pages/images/ImageSelector.tsx
index 3af5f69..868a7fe 100644
--- a/src/pages/images/ImageSelector.tsx
+++ b/src/pages/images/ImageSelector.tsx
@@ -81,25 +81,13 @@ const ImageSelector: FC<Props> = ({ onSelect, onClose }) => {
},
);
- const { data: canonicalImages = [], isLoading: isCiLoading } = useQuery({
- queryKey: [queryKeys.images, canonicalServer],
- queryFn: () => loadImages(canonicalJson, canonicalServer),
- });
-
- const { data: minimalImages = [], isLoading: isMinimalLoading } = useQuery({
- queryKey: [queryKeys.images, minimalServer],
- queryFn: () => loadImages(minimalJson, minimalServer),
- });
-
const { data: localImages = [], isLoading: isLocalImageLoading } = useQuery({
queryKey: [queryKeys.images, project],
queryFn: () => fetchImageList(project ?? ""),
});
const isLoading =
- isCiLoading ||
isLciLoading ||
- isMinimalLoading ||
isLocalImageLoading ||
isSettingsLoading;
const archSupported = getArchitectureAliases(
@@ -110,8 +98,6 @@ const ImageSelector: FC<Props> = ({ onSelect, onClose }) => {
: localImages
.filter((image) => !image.cached)
.map(localLxdToRemoteImage)
- .concat([...minimalImages].reverse().sort(byLtsFirst))
- .concat([...canonicalImages].reverse().sort(byLtsFirst))
.concat(linuxContainerImages)
.filter((image) => archSupported.includes(image.arch));
--
2.39.2