kalipso/infrastructure
1
1
Fork 1
Code Issues 42 Pull Requests 2 Actions Projects 2 Releases Wiki Activity

Compare commits

base: kalipso:sanoid
Branches Tags
kalipso:master kalipso:vaultwarden kalipso:staging kalipso:script kalipso:zineshop kalipso:nextcloud_upgrade_31 kalipso:printer-module kalipso:microvm-dirs kalipso:sanoid kalipso:issue77 kalipso:reproducible-deployments kalipso:reproducible-deployments-filestructure kalipso:issue31 kalipso:microvm-module kalipso:issue47 kalipso:hostbuilder kalipso:better-workflows kalipso:issue51 kalipso:local-testing-v2 kalipso:gitea kalipso:fileserver
..
compare: kalipso:ee709ee36e8c107907a057f2753cf1f560bc4fed
Branches Tags
kalipso:vaultwarden kalipso:master kalipso:staging kalipso:script kalipso:zineshop kalipso:nextcloud_upgrade_31 kalipso:printer-module kalipso:microvm-dirs kalipso:sanoid kalipso:issue77 kalipso:reproducible-deployments kalipso:reproducible-deployments-filestructure kalipso:issue31 kalipso:microvm-module kalipso:issue47 kalipso:hostbuilder kalipso:better-workflows kalipso:issue51 kalipso:local-testing-v2 kalipso:gitea kalipso:fileserver

14 Commits
sanoid ... ee709ee36e

Author SHA1 Message Date
kalipso
ee709ee36e [flake] update zineshop
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m27s
Details
2025-04-12 02:27:04 +02:00
kalipso
686ef89e76 [flake] update zineshop 2025-04-11 19:32:50 +02:00
kalipso
e294fecf7e [zineshop] init
Some checks failed
Check flake syntax / flake-check (push) Failing after 1m2s
Details
2025-04-11 18:18:30 +02:00
kalipso
568cce0d48 [louise] add c258 printer driver
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m43s
Details
2025-04-08 18:53:56 +02:00
kalipso
46e9bae193 [flake] update tasklist
All checks were successful
Check flake syntax / flake-check (push) Successful in 6m23s
Details
2025-04-01 00:10:18 +02:00
kalipso
4949719307 Merge pull request 'Initialize microvm directories' (#93) from microvm-dirs into master
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m34s
Details 
Reviewed-on: #93
 2025-03-20 20:05:42 +01:00
kalipso
e8c188debf [microvms] rm unused code
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m50s
Details
2025-03-20 19:55:51 +01:00
kalipso
1f559d93ba [microvms] initialize directories on microvm host
Some checks failed
Check flake syntax / flake-check (push) Has been cancelled
Details
2025-03-20 19:51:52 +01:00
kalipso
a03b7506c5 [run-vm] keep microvm.deployHosts on nestedMicrovms 2025-03-20 19:51:14 +01:00
kalipso
3b2a7cedc5 [backup] add 24 hourly backups
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m36s
Details
2025-03-17 18:34:03 +01:00
kalipso
a48e271853 [docs] rm outdated 2025-03-17 16:02:57 +01:00
ahtlon
d202a3d0cb [user module] I love symlinks
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m23s
Details
2025-03-16 14:16:52 +01:00
ahtlon
ef33833910 Add backup server to vpn
All checks were successful
Check flake syntax / flake-check (push) Successful in 6m18s
Details
2025-03-16 13:38:37 +01:00
kalipso
d73031e7f1 Merge pull request 'backup module' (#92) from sanoid into master
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m28s
Details 
Reviewed-on: #92
Reviewed-by: ahtlon <ahtlon@noreply.git.dynamicdiscord.de>
 2025-03-16 13:13:55 +01:00
13 changed files with 4918 additions and 25 deletions
Expand all files Collapse all files

15
doc/src/anleitung/create.md
View File

@@ -21,18 +21,3 @@ Testing disko partitioning is working quite well. Just run the following and che
```bash ```bash
nix run -L .\#nixosConfigurations.fanny.config.system.build.vmWithDisko nix run -L .\#nixosConfigurations.fanny.config.system.build.vmWithDisko
``` ```
Only problem is that encryption is not working, so it needs to be commented out. For testing host fanny the following parts in ```./machines/modules/disko/fanny.nix``` need to be commented out(for both pools!):
```nix
datasets = {
encrypted = {
options = {
encryption = "aes-256-gcm"; #THIS ONE
keyformat = "passphrase"; #THIS ONE
keylocation = "file:///tmp/root.key"; #THIS ONE
};
# use this to read the key during boot
postCreateHook = '' #THIS ONE
zfs set keylocation="prompt" "zroot/$name"; #THIS ONE
''; #THIS ONE
```

65
flake.lock generated
View File

@@ -235,7 +235,8 @@
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",
"sops-nix": "sops-nix", "sops-nix": "sops-nix",
"tasklist": "tasklist", "tasklist": "tasklist",
"utils": "utils_3" "utils": "utils_3",
"zineshop": "zineshop"
} }
}, },
"sops-nix": { "sops-nix": {
@@ -334,6 +335,21 @@
"type": "github" "type": "github"
} }
}, },
"systems_5": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"tasklist": { "tasklist": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@@ -341,11 +357,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1737548421, "lastModified": 1743458889,
"narHash": "sha256-gmlqJdC+v86vXc2yMhiza1mvsqh3vMfrEsiw+tV5MXg=", "narHash": "sha256-eVTtsCPio3Wj/g/gvKTsyjh90vrNsmgjzXK9jMfcboM=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "c5fff78c83959841ac724980a13597dcfa6dc26d", "rev": "b61466549e2687628516aa1f9ba73f251935773a",
"revCount": 29, "revCount": 30,
"type": "git", "type": "git",
"url": "https://git.dynamicdiscord.de/kalipso/tasklist" "url": "https://git.dynamicdiscord.de/kalipso/tasklist"
}, },
@@ -407,6 +423,45 @@
"repo": "flake-utils", "repo": "flake-utils",
"type": "github" "type": "github"
} }
},
"utils_4": {
"inputs": {
"systems": "systems_5"
},
"locked": {
"lastModified": 1731533236,
"narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"zineshop": {
"inputs": {
"nixpkgs": [
"nixpkgs"
],
"utils": "utils_4"
},
"locked": {
"lastModified": 1744407738,
"narHash": "sha256-dIFaDlezDfAdl9oE0L/3pXqQ5kxH9A3YbqpkQDbKbLE=",
"ref": "refs/heads/master",
"rev": "0b4439647aeb13b2f0f2cfb44a372b1d78db1387",
"revCount": 73,
"type": "git",
"url": "https://git.dynamicdiscord.de/kalipso/zineshop"
},
"original": {
"type": "git",
"url": "https://git.dynamicdiscord.de/kalipso/zineshop"
}
} }
}, },
"root": "root", "root": "root",

5
flake.nix
View File

@@ -22,6 +22,11 @@
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
zineshop = {
url = "git+https://git.dynamicdiscord.de/kalipso/zineshop";
inputs.nixpkgs.follows = "nixpkgs";
};
ep3-bs = { ep3-bs = {
url = "git+https://git.dynamicdiscord.de/kalipso/ep3-bs.nix"; url = "git+https://git.dynamicdiscord.de/kalipso/ep3-bs.nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";

8
machines/hosts.nix
View File

@@ -67,6 +67,14 @@
}; };
}; };
zineshop = {
type = "microvm";
network = {
address = "10.0.0.15";
mac = "D0:E5:CA:F0:D7:F1";
};
};
testvm = { testvm = {
type = "host"; type = "host";
}; };

1
machines/louise/configuration.nix
View File

@@ -52,6 +52,7 @@
services.printing.enable = true; services.printing.enable = true;
services.printing.drivers = [ services.printing.drivers = [
(pkgs.writeTextDir "share/cups/model/brother5350.ppd" (builtins.readFile ../modules/BR5350_2_GPL.ppd)) (pkgs.writeTextDir "share/cups/model/brother5350.ppd" (builtins.readFile ../modules/BR5350_2_GPL.ppd))
(pkgs.writeTextDir "share/cups/model/konicaminoltac258.ppd" (builtins.readFile ../modules/KOC658UX.ppd))
pkgs.gutenprint pkgs.gutenprint
pkgs.gutenprintBin pkgs.gutenprintBin
pkgs.brlaser pkgs.brlaser

4777
machines/modules/KOC658UX.ppd Normal file
View File

File diff suppressed because it is too large Load Diff

5
machines/modules/host_builder.nix
View File

@@ -195,8 +195,7 @@ rec {
vmNestedMicroVMOverwrites = host: sopsDummy: { vmNestedMicroVMOverwrites = host: sopsDummy: {
services.malobeo.microvm.deployHosts = pkgs.lib.mkForce []; microvm.vms = pkgs.lib.mkForce (
microvm.vms =
let let
# Map the values to each hostname to then generate an Attrset using listToAttrs # Map the values to each hostname to then generate an Attrset using listToAttrs
mapperFunc = name: { inherit name; value = { mapperFunc = name: { inherit name; value = {
@@ -216,7 +215,7 @@ rec {
}; };
}; }; }; };
in in
builtins.listToAttrs (map mapperFunc self.nixosConfigurations.${host}.config.services.malobeo.microvm.deployHosts); builtins.listToAttrs (map mapperFunc self.nixosConfigurations.${host}.config.services.malobeo.microvm.deployHosts));
}; };
buildVM = host: networking: sopsDummy: disableDisko: varPath: writableStore: fwdPort: (self.nixosConfigurations.${host}.extendModules { buildVM = host: networking: sopsDummy: disableDisko: varPath: writableStore: fwdPort: (self.nixosConfigurations.${host}.extendModules {

2
machines/modules/malobeo/backup.nix
View File

@@ -65,7 +65,7 @@ in
enable = true; enable = true;
templates."default" = { templates."default" = {
hourly = 0; hourly = 24;
daily = 30; #keep 30 daily snapshots daily = 30; #keep 30 daily snapshots
monthly = 6; #keep 6 monthly backups monthly = 6; #keep 6 monthly backups
yearly = 0; yearly = 0;

16
machines/modules/malobeo/microvm_host.nix
View File

@@ -102,6 +102,22 @@ in
/run/current-system/sw/bin/microvm -Ru ${name} /run/current-system/sw/bin/microvm -Ru ${name}
''; '';
}; };
"microvm-init-dirs@${name}" = {
description = "Initialize microvm directories";
after = [ "zfs-mount.service" ];
wantedBy = [ "microvm@${name}.service" ];
unitConfig.ConditionPathExists = "!/var/lib/microvms/${name}/.is_initialized";
serviceConfig = {
Type = "oneshot";
};
script = ''
mkdir -p /var/lib/microvms/${name}/var
mkdir -p /var/lib/microvms/${name}/etc
mkdir -p /var/lib/microvms/data/${name}
touch /var/lib/microvms/${name}/.is_initialized
'';
};
}) {} (cfg.deployHosts); }) {} (cfg.deployHosts);
systemd.timers = builtins.foldl' (timers: name: timers // { systemd.timers = builtins.foldl' (timers: name: timers // {

7
machines/modules/malobeo/peers.nix
View File

@@ -43,4 +43,11 @@
allowedIPs = [ "10.100.0.101/32" ]; allowedIPs = [ "10.100.0.101/32" ];
publicKey = "3U59F6T1s/1LaZBIa6wB0qsVuO6pRR9jfYZJIH2piAU="; publicKey = "3U59F6T1s/1LaZBIa6wB0qsVuO6pRR9jfYZJIH2piAU=";
}; };
"backup0" = {
role = "client";
address = "10.100.0.20";
allowedIPs = [ "10.100.0.20/32" ];
publicKey = "Pp55Jg//jREzHdbbIqTXc9N7rnLZIFw904qh6NLrACE=";
};
} }

6
machines/modules/malobeo/users.nix
View File

@@ -68,7 +68,11 @@ in
users = [ "backup" ]; users = [ "backup" ];
commands = [ commands = [
{ {
command = "${pkgs.zfs}/bin/zfs"; command = "/run/current-system/sw/bin/zfs";
options = [ "NOPASSWD" ];
}
{
command = "/run/current-system/sw/bin/zpool";
options = [ "NOPASSWD" ]; options = [ "NOPASSWD" ];
} }
]; ];

6
machines/overwatch/configuration.nix
View File

@@ -107,6 +107,12 @@ with lib;
targets = [ "10.0.0.13:9002" ]; targets = [ "10.0.0.13:9002" ];
}]; }];
} }
{
job_name = "zineshop";
static_configs = [{
targets = [ "10.0.0.15:9002" ];
}];
}
{ {
job_name = "fanny"; job_name = "fanny";
static_configs = [{ static_configs = [{

30
machines/zineshop/configuration.nix Normal file
View File

@@ -0,0 +1,30 @@
{ self, config, lib, pkgs, inputs, ... }:
with lib;
{
networking = {
hostName = mkDefault "zineshop";
useDHCP = false;
};
imports = [
inputs.malobeo.nixosModules.malobeo.metrics
inputs.zineshop.nixosModules.zineshop
../modules/malobeo_user.nix
../modules/sshd.nix
];
malobeo.metrics = {
enable = true;
enablePromtail = true;
logNginx = true;
lokiHost = "10.0.0.14";
};
services.zineshop.enable = true;
networking.firewall.allowedTCPPorts = [ 8080 ];
system.stateVersion = "22.11"; # Did you read the comment?
}