Luj/snowfield
1
0
Fork 0
mirror of https://github.com/JulienMalka/snowfield.git synced 2025-04-01 01:30:53 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: add photos to tower

Browse source
This commit is contained in:
Julien Malka 2024-05-18 22:04:14 +02:00
parent 1034619dd8
commit ed7df6b9c3
Signed by: Luj
GPG key ID: 6FC74C847011FD83
2 changed files with 51 additions and 27 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
lib/luj.nix
View file

@ -94,7 +94,6 @@ let
tower = { tower = {
inherit tld; inherit tld;
arch = "x86_64-linux"; arch = "x86_64-linux";
subdomains = [ "photos.julienmalka.me" ];
nixpkgs_version = inputs.nixpkgs; nixpkgs_version = inputs.nixpkgs;
hm_version = inputs.home-manager; hm_version = inputs.home-manager;
ipv4 = { ipv4 = {

77
machines/tower/default.nix
View file

@ -1,11 +1,10 @@
{ pkgs, lib, ... }: { pkgs, lib, ... }:
{ {
imports = imports = [
[ ./hardware.nix
./hardware.nix ./home-julien.nix
./home-julien.nix ];
];
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
boot.loader.grub.device = "/dev/sda"; boot.loader.grub.device = "/dev/sda";
@ -20,7 +19,11 @@
luj.buildbot.enable = true; luj.buildbot.enable = true;
luj.nginx.enable = true; luj.nginx.enable = true;
environment.systemPackages = with pkgs; [ tailscale colmena git ]; environment.systemPackages = with pkgs; [
tailscale
colmena
git
];
services.tailscale.enable = true; services.tailscale.enable = true;
@ -40,9 +43,13 @@
services.openssh.enable = true; services.openssh.enable = true;
programs.ssh.knownHosts."darwin-build-box.winter.cafe".publicKey = programs.ssh.knownHosts."darwin-build-box.winter.cafe".publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0io9E0eXiDIEHvsibXOxOPveSjUPIr1RnNKbUkw3fD";
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB0io9E0eXiDIEHvsibXOxOPveSjUPIr1RnNKbUkw3fD";
services.nginx.virtualHosts."photos.julienmalka.me" = {
enableACME = true;
forceSSL = true;
root = "/srv/photos";
};
nix = { nix = {
package = lib.mkForce pkgs.nix; package = lib.mkForce pkgs.nix;
@ -51,10 +58,18 @@
{ {
hostName = "epyc.infra.newtype.fr"; hostName = "epyc.infra.newtype.fr";
maxJobs = 100; maxJobs = 100;
systems = [ "x86_64-linux" "aarch64-linux" ]; systems = [
"x86_64-linux"
"aarch64-linux"
];
sshUser = "root"; sshUser = "root";
sshKey = "/home/julien/.ssh/id_ed25519"; sshKey = "/home/julien/.ssh/id_ed25519";
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ]; supportedFeatures = [
"nixos-test"
"benchmark"
"big-parallel"
"kvm"
];
speedFactor = 2; speedFactor = 2;
} }
{ {
@ -62,7 +77,10 @@
maxJobs = 4; maxJobs = 4;
sshKey = "/home/julien/.ssh/id_ed25519"; sshKey = "/home/julien/.ssh/id_ed25519";
sshUser = "julienmalka"; sshUser = "julienmalka";
systems = [ "aarch64-darwin" "x86_64-darwin" ]; systems = [
"aarch64-darwin"
"x86_64-darwin"
];
} }
]; ];
}; };
@ -75,15 +93,17 @@
Port 45 Port 45
''; '';
services.nix-gitlab-runner = { services.nix-gitlab-runner = {
enable = true; enable = true;
registrationConfigFile = "/var/lib/gitlab-runner/gitlab_runner"; registrationConfigFile = "/var/lib/gitlab-runner/gitlab_runner";
packages = with pkgs; [ coreutils su bash git ]; packages = with pkgs; [
coreutils
su
bash
git
];
}; };
services.nginx.virtualHosts."phd.julienmalka.me" = { services.nginx.virtualHosts."phd.julienmalka.me" = {
basicAuthFile = "/home/gitlab-runner/nginx_auth"; basicAuthFile = "/home/gitlab-runner/nginx_auth";
enableACME = true; enableACME = true;
@ -98,7 +118,6 @@
systemd.services.nginx.serviceConfig.ProtectHome = "read-only"; systemd.services.nginx.serviceConfig.ProtectHome = "read-only";
systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/home/gitlab-runner/artifacts" ]; systemd.services.nginx.serviceConfig.ReadWritePaths = [ "/home/gitlab-runner/artifacts" ];
services.grafana.enable = true; services.grafana.enable = true;
services.grafana.settings.server.http_port = 3000; services.grafana.settings.server.http_port = 3000;
services.prometheus = { services.prometheus = {
@ -107,9 +126,7 @@
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "push"; job_name = "push";
static_configs = [{ static_configs = [ { targets = [ "127.0.0.1:9091" ]; } ];
targets = [ "127.0.0.1:9091" ];
}];
} }
]; ];
}; };
@ -123,7 +140,6 @@
}; };
}; };
services.nginx.virtualHosts."prometheus.julienmalka.me" = { services.nginx.virtualHosts."prometheus.julienmalka.me" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
@ -140,7 +156,6 @@
}; };
}; };
services.syncthing = { services.syncthing = {
enable = true; enable = true;
user = "julien"; user = "julien";
@ -149,7 +164,9 @@
overrideFolders = true; overrideFolders = true;
settings = { settings = {
devices = { devices = {
"fischer" = { id = "MHV2PGN-GAHQMV5-ITXGNQS-IRJC3XL-OQIHVUX-JVKBZ6Z-33XHE7H-NC6H5AE"; }; "fischer" = {
id = "MHV2PGN-GAHQMV5-ITXGNQS-IRJC3XL-OQIHVUX-JVKBZ6Z-33XHE7H-NC6H5AE";
};
}; };
folders = { folders = {
"dev" = { "dev" = {
@ -163,10 +180,18 @@
systemd.services.syncthing.serviceConfig.StateDirectory = "syncthing"; systemd.services.syncthing.serviceConfig.StateDirectory = "syncthing";
networking.firewall.allowedTCPPorts = [
networking.firewall.allowedTCPPorts = [ 80 443 1810 9989 ]; 80
networking.firewall.allowedUDPPorts = [ 80 443 1810 9989 ]; 443
1810
9989
];
networking.firewall.allowedUDPPorts = [
80
443
1810
9989
];
system.stateVersion = "22.11"; # Did you read the comment? system.stateVersion = "22.11"; # Did you read the comment?
} }