snowfield/machines/lambda/default.nix

{
  pkgs,
  inputs,
  profiles,
  ...
}:

{
  imports = [
    ./hardware.nix
    ./home-julien.nix
    ./uptime-kuma.nix
  ];

  machine.meta = {
    arch = "aarch64-linux";
    nixpkgs_version = inputs.nixpkgs;
    hm_version = inputs.home-manager;
    profiles = with profiles; [ server ];
    ips = {
      public.ipv4 = "141.145.197.219";
      vpn.ipv4 = "100.100.45.13";
      public.ipv6 = "2603:c027:c001:89aa:aad9:34b3:f3c9:924f";
      vpn.ipv6 = "fd7a:115c:a1e0::d";
    };
  };

  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

  networking.useNetworkd = true;
  systemd.network.networks."10-wan" = {
    matchConfig.Name = "enp0s3";
    DHCP = "ipv4";
    addresses = [ { Address = "2603:c027:c001:89aa:aad9:34b3:f3c9:924f"; } ];
    linkConfig.RequiredForOnline = "routable";
  };

  deployment.buildOnTarget = true;
  deployment.tags = [ "server" ];

  luj.nginx.enable = true;

  services.ntfy-sh = {
    enable = true;
    package = pkgs.unstable.ntfy-sh;
    settings = {
      listen-http = ":8081";
      behind-proxy = true;
      upstream-base-url = "https://ntfy.sh";
      base-url = "https://notifications.julienmalka.me";
      auth-file = "/srv/ntfy/user.db";
      auth-default-access = "deny-all";
    };
  };

  services.nginx.virtualHosts."notifications.julienmalka.me" = {
    forceSSL = true;
    enableACME = true;
    locations."/" = {
      proxyPass = "http://localhost:8081";
      proxyWebsockets = true;
    };
  };

  nix.gc = {
    automatic = true;
    dates = "weekly";
  };

  system.stateVersion = "22.11";
}
feat: setup arkheon 2024-09-02 16:42:35 +02:00			`{`
			`pkgs,`
			`inputs,`
			`profiles,`
			`...`
			`}:`
Added lambda secrets 2023-01-08 21:18:11 +01:00
			`{`
chore: clean machines 2024-05-26 19:32:00 +02:00			`imports = [`
			`./hardware.nix`
			`./home-julien.nix`
feat(lambda): init stateless uptime-kuma 2024-11-02 02:09:27 +01:00			`./uptime-kuma.nix`
chore: clean machines 2024-05-26 19:32:00 +02:00			`];`
Added lambda secrets 2023-01-08 21:18:11 +01:00
chore: use meta module 2024-08-10 17:56:30 +02:00			`machine.meta = {`
			`arch = "aarch64-linux";`
			`nixpkgs_version = inputs.nixpkgs;`
			`hm_version = inputs.home-manager;`
feat: setup arkheon 2024-09-02 16:42:35 +02:00			`profiles = with profiles; [ server ];`
chore: rewrite ips meta 2024-08-12 18:12:00 +02:00			`ips = {`
			`public.ipv4 = "141.145.197.219";`
			`vpn.ipv4 = "100.100.45.13";`
			`public.ipv6 = "2603:c027:c001:89aa:aad9:34b3:f3c9:924f";`
			`vpn.ipv6 = "fd7a:115c:a1e0::d";`
chore: use meta module 2024-08-10 17:56:30 +02:00			`};`
			`};`

Added lambda secrets 2023-01-08 21:18:11 +01:00			`boot.loader.systemd-boot.enable = true;`
			`boot.loader.efi.canTouchEfiVariables = true;`

chore: switch lambda to systemd-networkd 2024-06-25 16:14:08 +02:00			`networking.useNetworkd = true;`
			`systemd.network.networks."10-wan" = {`
			`matchConfig.Name = "enp0s3";`
			`DHCP = "ipv4";`
fix(eval): silence last eval warning 2024-12-01 17:59:34 +01:00			`addresses = [ { Address = "2603:c027:c001:89aa:aad9:34b3:f3c9:924f"; } ];`
chore: switch lambda to systemd-networkd 2024-06-25 16:14:08 +02:00			`linkConfig.RequiredForOnline = "routable";`
			`};`

deployment module 2023-07-27 21:08:00 +02:00			`deployment.buildOnTarget = true;`
chore: filter configurations through colmena tags 2024-05-26 20:24:00 +02:00			`deployment.tags = [ "server" ];`
deployment module 2023-07-27 21:08:00 +02:00
chore: clean machines 2024-05-26 19:32:00 +02:00			`luj.nginx.enable = true;`
Added lambda secrets 2023-01-08 21:18:11 +01:00
chore: clean machines 2024-05-26 19:32:00 +02:00			`services.ntfy-sh = {`
			`enable = true;`
			`package = pkgs.unstable.ntfy-sh;`
			`settings = {`
			`listen-http = ":8081";`
			`behind-proxy = true;`
			`upstream-base-url = "https://ntfy.sh";`
			`base-url = "https://notifications.julienmalka.me";`
			`auth-file = "/srv/ntfy/user.db";`
			`auth-default-access = "deny-all";`
fix: ntfy version rollback 2023-04-09 00:13:41 +02:00			`};`
chore: clean machines 2024-05-26 19:32:00 +02:00			`};`
Added lambda secrets 2023-01-08 21:18:11 +01:00
			`services.nginx.virtualHosts."notifications.julienmalka.me" = {`
			`forceSSL = true;`
			`enableACME = true;`
			`locations."/" = {`
added headscale to lambda 2023-05-20 21:42:29 +02:00			`proxyPass = "http://localhost:8081";`
Added lambda secrets 2023-01-08 21:18:11 +01:00			`proxyWebsockets = true;`
			`};`
			`};`

activate auto gc on lambda 2024-04-04 17:37:32 +02:00			`nix.gc = {`
			`automatic = true;`
			`dates = "weekly";`
			`};`

Cleaned lambda's config 2023-01-14 20:29:35 +01:00			`system.stateVersion = "22.11";`
Added lambda secrets 2023-01-08 21:18:11 +01:00			`}`