Compare commits

..

9 commits

12 changed files with 164 additions and 120 deletions

View file

@ -37,7 +37,7 @@ jobs:
# - run: colmena build -v --on @active-core
# - run: colmena build -v --on @active
# - run: colmena build -v --on @active-ext
# - run: colmena build -v --on @active-gitlab
# - run: colmena build -v --on @active-git
deploy_dns:
runs-on: nix

View file

@ -8,5 +8,5 @@ jobs:
runs-on: nix
steps:
- uses: actions/checkout@v4
- run: colmena apply -v --on @active-gitlab --show-trace
- run: colmena apply -v --on @active-git --show-trace
shell: bash

View file

@ -124,7 +124,7 @@ build:
- colmena build -v --on @active-core
- colmena build -v --on @active
- colmena build -v --on @active-ext
- colmena build -v --on @active-gitlab
- colmena build -v --on @active-git
# dns always has to be deployed first
deploy_dns:
@ -167,5 +167,5 @@ deploy_gitlab:
<<: *deployment
stage: deploy_gitlab
script:
- colmena apply -v --on @active-gitlab
- colmena apply -v --on @active-git
when: manual

View file

@ -43,7 +43,7 @@ colmena build --on @active-dns
Deploying is putting (apply-ing) the config tat was built onto the server, there is no need to build first, it will automatically do so.
While the ***recommended way of deploying is using the CI/CD process*** there are times when you will have to manually deploy the config.
One such case is the ``@active-gitlab`` group if either Gitlab or Gitlab-runner got updated.
One such case is the ``@active-git`` group if either Gitlab or Gitlab-runner got updated.
Another is if ye have fecked up DNS.
Your ``~/.ssh/config`` should be set up as follows and you should be a member of ``skynet-admins-linux``
@ -60,10 +60,10 @@ Then you can run the following commands like so:
```shell
colmena apply
colmena apply --on @active-dns
colmena apply --on @active-gitlab
colmena apply --on @active-git
```
The CI/CD pipeline has a manual job that can be triggered to update ``@active-gitlab`` if you know it wont cause issues.
The CI/CD pipeline has a manual job that can be triggered to update ``@active-git`` if you know it wont cause issues.
### Agenix

View file

@ -59,11 +59,11 @@ in {
r_type = "CNAME";
value = config.services.skynet.host.name;
}
# {
# record = "whiteboard.${cfg.domain.sub}";
# r_type = "CNAME";
# value = config.services.skynet.host.name;
# }
{
record = "whiteboard.${cfg.domain.sub}";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
];
# /var/lib/nextcloud/data
@ -87,6 +87,7 @@ in {
extraApps = {
inherit (config.services.nextcloud.package.packages.apps) richdocuments;
};
extraAppsEnable = true;
settings = {
trusted_proxies = ["193.1.99.65"];
@ -96,15 +97,15 @@ in {
};
};
# environment.etc."nextcloud-whiteboard-secret".text = ''
# JWT_SECRET_KEY=test123
# '';
#
# services.nextcloud-whiteboard-server = {
# enable = true;
# settings.NEXTCLOUD_URL = "https://nextcloud.skynet.ie";
# secrets = ["/etc/nextcloud-whiteboard-secret"];
# };
environment.etc."nextcloud-whiteboard-secret".text = ''
JWT_SECRET_KEY=test123
'';
services.nextcloud-whiteboard-server = {
enable = true;
settings.NEXTCLOUD_URL = "https://nextcloud.skynet.ie";
secrets = ["/etc/nextcloud-whiteboard-secret"];
};
nixpkgs.config.allowUnfree = true;
# impacted by https://github.com/NixOS /nixpkgs/issues/352443
@ -122,14 +123,14 @@ in {
useACMEHost = "skynet";
locations."/".proxyPass = "http://127.0.0.1:8000";
};
# "whiteboard.${domain}" = {
# forceSSL = true;
# useACMEHost = "skynet";
# locations."/" = {
# proxyPass = "http://localhost:3002";
# proxyWebsockets = true;
# };
# };
"whiteboard.${domain}" = {
forceSSL = true;
useACMEHost = "skynet";
locations."/" = {
proxyPass = "http://localhost:3002";
proxyWebsockets = true;
};
};
};
};
}

View file

@ -7,11 +7,11 @@
}:
stdenv.mkDerivation rec {
pname = "pelican-wings";
version = "v1.0.0-beta6";
version = "v1.0.0-beta9";
src = fetchurl {
url = "https://github.com/pelican-dev/wings/releases/download/${version}/wings_linux_amd64";
hash = "sha256-a2T4BjqS8Hy5YqwDEJpbvGqqsrVjdRhxvJLgk3MCXag=";
hash = "sha256-YaS1bthNSeWXH5drc2yensRqsRAOa2VXvivJOaPybqc=";
};
buildInputs = [docker gnutar];

View file

@ -23,6 +23,7 @@ in {
config = mkIf cfg.enable {
services.skynet.acme.domains = [
"www.skynet.ie"
"discord.skynet.ie"
"public.skynet.ie"
];
@ -34,6 +35,11 @@ in {
r_type = "A";
value = config.services.skynet.host.ip;
}
{
record = "www";
r_type = "CNAME";
value = config.services.skynet.host.name;
}
{
record = "discord";
r_type = "CNAME";
@ -47,9 +53,8 @@ in {
];
services.nginx = {
virtualHosts = {
# main site
"skynet.ie" = {
virtualHosts = let
main_site = {
forceSSL = true;
useACMEHost = "skynet";
locations = {
@ -62,6 +67,10 @@ in {
};
};
};
in {
# main site
"www.skynet.ie" = main_site;
"skynet.ie" = main_site;
# a custom discord url, because we are too cheap otehrwise
"discord.skynet.ie" = {

View file

@ -30,11 +30,11 @@
]
},
"locked": {
"lastModified": 1719514321,
"narHash": "sha256-ys1nJdZ8zB8JlpUbQmnj0hZalg03bEPgQdZN30DhETE=",
"lastModified": 1733729059,
"narHash": "sha256-5xYai0KZirUX2EQpNMMCWoC27932n/i1E4KeVRIss7s=",
"owner": "kamadorueda",
"repo": "alejandra",
"rev": "d7552fef2ccf1bbf0d36b27f6fddb19073f205b7",
"rev": "6db88764334bd6a8b7a33cb312c318baad1d5e93",
"type": "github"
},
"original": {
@ -67,15 +67,14 @@
"inputs": {
"flake-parts": "flake-parts",
"haskell-flake": "haskell-flake",
"hercules-ci-effects": "hercules-ci-effects",
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1729444465,
"narHash": "sha256-+lCi3cQlFNGAGKaVeUNhTeR40zvMy9JX4hp1JA0dLwE=",
"lastModified": 1733918465,
"narHash": "sha256-hSuGa8Hh67EHr2x812Ay6WFyFT2BGKn+zk+FJWeKXPg=",
"owner": "hercules-ci",
"repo": "arion",
"rev": "94d092fffd5cfd4f09b8988aca1b857a9d37c4d6",
"rev": "f01c95c10f9d4f04bb08d97b3233b530b180f12e",
"type": "github"
},
"original": {
@ -124,15 +123,16 @@
"inputs": {
"flake-compat": "flake-compat",
"flake-utils": "flake-utils",
"nix-github-actions": "nix-github-actions",
"nixpkgs": "nixpkgs_3",
"stable": "stable"
},
"locked": {
"lastModified": 1728263678,
"narHash": "sha256-gyUVsPAWY9AgVKjrNPoowrIr5BvK4gI0UkDXvv8iSxA=",
"lastModified": 1734897875,
"narHash": "sha256-LLpiqfOGBippRax9F33kSJ/Imt8gJXb6o0JwSBiNHCk=",
"owner": "zhaofengli",
"repo": "colmena",
"rev": "b0a62f234fae02a006123e661ff70e62af16106b",
"rev": "a6b51f5feae9bfb145daa37fd0220595acb7871e",
"type": "github"
},
"original": {
@ -192,11 +192,11 @@
"rust-analyzer-src": "rust-analyzer-src"
},
"locked": {
"lastModified": 1668234453,
"narHash": "sha256-FmuZThToBvRsqCauYJ3l8HJoGLAY5cMULeYEKIaGrRw=",
"lastModified": 1730615655,
"narHash": "sha256-2HBR3zLn57LXKNRtxBb+O+uDqHM4n0pz51rPayMl4cg=",
"owner": "nix-community",
"repo": "fenix",
"rev": "8f219f6b36e8d0d56afa7f67e6e3df63ef013cdb",
"rev": "efeb50e2535b17ffd4a135e6e3e5fd60a525180c",
"type": "github"
},
"original": {
@ -268,11 +268,11 @@
]
},
"locked": {
"lastModified": 1722555600,
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
"lastModified": 1733312601,
"narHash": "sha256-4pDvzqnegAfRkPwO3wmwBhVi/Sye1mzps0zHWYnP88c=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
"rev": "205b12d8b7cd4802fbcb8e8ef6a0f1408781a4f9",
"type": "github"
},
"original": {
@ -281,27 +281,6 @@
"type": "github"
}
},
"flake-parts_2": {
"inputs": {
"nixpkgs-lib": [
"arion",
"hercules-ci-effects",
"nixpkgs"
]
},
"locked": {
"lastModified": 1712014858,
"narHash": "sha256-sB4SWl2lX95bExY2gMFG5HIzvva5AVMJd4Igm+GpZNw=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "9126214d0a59633752a136528f5f3b9aa8565b7d",
"type": "github"
},
"original": {
"id": "flake-parts",
"type": "indirect"
}
},
"flake-utils": {
"locked": {
"lastModified": 1659877975,
@ -322,11 +301,11 @@
"systems": "systems_4"
},
"locked": {
"lastModified": 1710146030,
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
@ -356,11 +335,11 @@
"flakeCompat": {
"flake": false,
"locked": {
"lastModified": 1650374568,
"narHash": "sha256-Z+s0J8/r907g149rllvwhb4pKi8Wam5ij0st8PwAh+E=",
"lastModified": 1696426674,
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
"owner": "edolstra",
"repo": "flake-compat",
"rev": "b4a34015c698c7793d592d66adbab377907a2be8",
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
"type": "github"
},
"original": {
@ -416,28 +395,6 @@
"type": "github"
}
},
"hercules-ci-effects": {
"inputs": {
"flake-parts": "flake-parts_2",
"nixpkgs": [
"arion",
"nixpkgs"
]
},
"locked": {
"lastModified": 1719226092,
"narHash": "sha256-YNkUMcCUCpnULp40g+svYsaH1RbSEj6s4WdZY/SHe38=",
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"rev": "11e4b8dc112e2f485d7c97e1cee77f9958f498f5",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "hercules-ci-effects",
"type": "github"
}
},
"home-manager": {
"inputs": {
"nixpkgs": [
@ -548,6 +505,27 @@
"type": "github"
}
},
"nix-github-actions": {
"inputs": {
"nixpkgs": [
"colmena",
"nixpkgs"
]
},
"locked": {
"lastModified": 1729742964,
"narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
"owner": "nix-community",
"repo": "nix-github-actions",
"rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-github-actions",
"type": "github"
}
},
"nixpkgs": {
"locked": {
"lastModified": 1703013332,
@ -724,11 +702,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1722630782,
"narHash": "sha256-hMyG9/WlUi0Ho9VkRrrez7SeNlDzLxalm9FwY7n/Noo=",
"lastModified": 1733212471,
"narHash": "sha256-M1+uCoV5igihRfcUKrr1riygbe73/dzNnzPsmaLCmpo=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "d04953086551086b44b6f3c6b7eeb26294f207da",
"rev": "55d15ad12a74eb7d4646254e13638ad0c4128776",
"type": "github"
},
"original": {
@ -740,11 +718,11 @@
},
"nixpkgs_3": {
"locked": {
"lastModified": 1725103162,
"narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=",
"lastModified": 1734119587,
"narHash": "sha256-AKU6qqskl0yf2+JdRdD0cfxX4b9x3KKV5RqA6wijmPM=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b",
"rev": "3566ab7246670a43abd2ffa913cc62dad9cdf7d5",
"type": "github"
},
"original": {
@ -798,11 +776,11 @@
},
"nixpkgs_7": {
"locked": {
"lastModified": 1730200266,
"narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
"lastModified": 1736012469,
"narHash": "sha256-/qlNWm/IEVVH7GfgAIyP6EsVZI6zjAx1cV5zNyrs+rI=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd",
"rev": "8f3e1f807051e32d8c95cd12b9b421623850a34d",
"type": "github"
},
"original": {
@ -865,11 +843,11 @@
"rust-analyzer-src": {
"flake": false,
"locked": {
"lastModified": 1668182250,
"narHash": "sha256-PYGaOCiFvnJdVz+ZCaKF8geGdffXjJUNcMwaBHv0FT4=",
"lastModified": 1730555913,
"narHash": "sha256-KNHZUlqsEibg3YtfUyOFQSofP8hp1HKoY+laoesBxRM=",
"owner": "rust-lang",
"repo": "rust-analyzer",
"rev": "45ec315e01dc8dd1146dfeb65f0ef6e5c2efed78",
"rev": "f17a5bbfd0969ba2e63a74505a80e55ecb174ed9",
"type": "github"
},
"original": {
@ -926,11 +904,11 @@
"utils": "utils_3"
},
"locked": {
"lastModified": 1732974570,
"narHash": "sha256-y7DflW/V4/9Df/0/FncvzBOnEVTK/p4hCh2K0/TCaM0=",
"lastModified": 1735938087,
"narHash": "sha256-Vx44a4GTL8+p6Xy4Ot3lKHvBngnqosTFdWbzq4vIdjU=",
"ref": "refs/heads/main",
"rev": "b7d36de976ca8a0e2e9724043b1890e6eb4d3e10",
"revCount": 172,
"rev": "0a4f5281a545281c11c68185836ded2c17453306",
"revCount": 174,
"type": "git",
"url": "https://forgejo.skynet.ie/Skynet/discord-bot"
},
@ -1095,11 +1073,11 @@
},
"stable": {
"locked": {
"lastModified": 1724316499,
"narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
"lastModified": 1730883749,
"narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
"rev": "dba414932936fde69f0606b4f1d87c5bc0003ede",
"type": "github"
},
"original": {

56
machines/_template.nix Normal file
View file

@ -0,0 +1,56 @@
/*
Name: Link to where information on the name can be found
Why: Why is it named this
Type: VM/Physical
Hardware: - if its a VM, the hardware (PowerEdge r210) if its physical
From: 2023/2024/2025/...
Role: What role does it have in teh cluster
Notes:
*/
{
pkgs,
lib,
nodes,
...
}: let
# name of the server, sets teh hostname and record for it
name = "name";
# Assigned IP address
ip_pub = "193.1.99.000";
# dont need to change these
hostname = "${name}.skynet.ie";
host = {
ip = ip_pub;
name = name;
hostname = hostname;
};
in {
# what configurrations to import, email in this example
imports = [
../applications/email.nix
];
deployment = {
# dont need to change these
targetHost = hostname;
targetPort = 22;
targetUser = null;
# deployment option: active-dns/active-core/active-ext/active
tags = [
"active"
];
};
services.skynet = {
# pass in the details of the host server
host = host;
# enable the backup service
backup.enable = true;
# enable the imported service
email.enable = true;
};
}

View file

@ -35,7 +35,7 @@ in {
targetPort = 22;
targetUser = null;
tags = ["active-gitlab"];
tags = ["active-git"];
};
services.skynet = {

View file

@ -33,7 +33,7 @@ in {
targetPort = 22;
targetUser = null;
tags = ["active-gitlab"];
tags = ["active-git"];
};
services.skynet = {

Binary file not shown.