kat/nixfiles
1
0
Fork 0
mirror of https://github.com/kittywitch/nixfiles.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity

Syncing goliath configs

Browse source
This commit is contained in:
Kat Inskip 2023-06-16 10:04:24 -07:00
parent f1eb1f6620
commit ba6ca38613
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
19 changed files with 225 additions and 94 deletions
Download patch file Download diff file Expand all files Collapse all files

12
.sops.yaml
View file

@ -21,4 +21,14 @@ creation_rules:
- pgp: - pgp:
- *kat - *kat
age: age:
- *yukari - *yukari
- path_regex: cluster/cluster.tfvars.sops$
shamir_threshold: 1
key_groups:
- pgp:
- *kat
- path_regex: tf/tf.tfvars.sops$
shamir_threshold: 1
key_groups:
- pgp:
- *kat

2
cluster/.envrc Normal file
View file

@ -0,0 +1,2 @@
sops -d ./cluster.tfvars.sops > cluster.tfvars
export TF_CLI_ARGS="--var-file=cluster.tfvars"

1
cluster/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
cluster.tfvars

75
cluster/authentik.tf Normal file
View file

@ -0,0 +1,75 @@
variable "authentik_postgresql_password" {
type = string
}
variable "authentik_secret_key" {
type = string
}
resource "helm_release" "authentik" {
depends_on = [
helm_release.local_path_provisioner
]
name = "authentik"
repository = "https://charts.goauthentik.io"
chart = "authentik"
create_namespace = true
namespace = "authentik"
timeout = var.helm_timeout
cleanup_on_fail = true
force_update = true
values = [
yamlencode({
authentik = {
secret_key = var.authentik_secret_key
error_reporting = {
enabled = true
}
postgresql = {
password = var.authentik_postgresql_password
}
}
redis = {
enabled = true
master = {
persistence = {
enabled = true
storageClass = "local-path"
accessModes = [
"ReadWriteOnce"
]
}
}
}
postgresql = {
enabled = true
password = var.authentik_postgresql_password
postgresqlPassword = var.authentik_postgresql_password
persistence = {
enabled = true
storageClass = "local-path"
accessModes = [
"ReadWriteOnce"
]
}
}
ingress = {
enabled = true
hosts = [
{
host = "auth.inskip.me"
paths = [
{
path = "/"
pathType = "Prefix"
}
]
}
]
}
})
]
}

10
cluster/backend.tf Normal file
View file

@ -0,0 +1,10 @@
terraform {
backend "remote" {
hostname = "app.terraform.io"
organization = "kittywitch"
workspaces {
name = "infrastructure-cluster"
}
}
}

22
cluster/cluster.tfvars.sops Normal file
View file

File diff suppressed because one or more lines are too long

8
cluster/local-path-provisioner.tf
View file

@ -1,5 +1,5 @@
resource "helm_release" "local_path_provisioner" { resource "helm_release" "local_path_provisioner" {
name = "local-path-provisioner" name = "local-path-storage"
repository = "${path.module}/lpp/deploy/chart" repository = "${path.module}/lpp/deploy/chart"
chart = "local-path-provisioner" chart = "local-path-provisioner"
create_namespace = true create_namespace = true
@ -8,4 +8,10 @@ resource "helm_release" "local_path_provisioner" {
timeout = var.helm_timeout timeout = var.helm_timeout
cleanup_on_fail = true cleanup_on_fail = true
force_update = true force_update = true
values = [yamlencode({
storageClass = {
defaultClass = true
}
})]
} }

2
cluster/pihole-deployment.tf
View file

@ -131,8 +131,8 @@ resource "kubernetes_deployment" "pihole" {
initial_delay_seconds = 60 initial_delay_seconds = 60
period_seconds = 15 period_seconds = 15
} }
}
*/ */
}
container { container {
image = "ghcr.io/tailscale/tailscale:latest" image = "ghcr.io/tailscale/tailscale:latest"

49
cluster/postgres.tf
View file

@ -1,49 +0,0 @@
variable "postgres_password" {
type = string
}
resource "kubernetes_namespace" "postgres_namespace" {
metadata {
name = "postgresql"
}
}
resource "kubernetes_secret" "postgres_auth_secret" {
depends_on = [
kubernetes_namespace.postgres_namespace
]
metadata {
name = "postgres-auth-secret"
namespace = "postgresql"
}
data = {
postgres-password = var.postgres_password
}
type = "Opaque"
}
resource "helm_release" "postgresql" {
depends_on = [
kubernetes_namespace.postgres_namespace,
kubernetes_secret.postgres_auth_secret
]
name = "postgresql"
repository = "https://charts.bitnami.com/bitnami"
chart = "postgresql"
namespace = "postgresql"
timeout = var.helm_timeout
cleanup_on_fail = true
force_update = true
set {
name = "global.storageClass"
value = "local-path"
}
set {
name = "global.postgresql.existingSecret"
value = "postgres-auth-secret"
}
}

0
cluster/prometheus.tf Normal file
View file

8
cluster/tailscale.tf
View file

@ -1,11 +1,15 @@
variable "tailscale_api_key" { variable "tailscale_api_key" {
type = string type = string
} }
variable "tailnet" {
type = string
}
provider "tailscale" { provider "tailscale" {
api_key = var.tailscale_api_key api_key = var.tailscale_api_key
tailnet = "inskip.me" tailnet = var.tailnet
} }
resource "tailscale_tailnet_key" "cluster_reusable" { resource "tailscale_tailnet_key" "cluster_reusable" {

80
flake.lock generated
View file

@ -3,11 +3,11 @@
"arcexprs": { "arcexprs": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1682009296, "lastModified": 1686151686,
"narHash": "sha256-7KboTstta5M1fk0aGAj3WaFOTIKQXrg52Ck4WGT8CsE=", "narHash": "sha256-/YY+9A2Wgq9+IJHHsXQ5k6V1xVyKhvO50yWmbdp4f1E=",
"owner": "arcnmx", "owner": "arcnmx",
"repo": "nixexprs", "repo": "nixexprs",
"rev": "e8bbb166d899d6fb0777317a390c5abfa20286da", "rev": "4899d9c123fc2c6570ce755344e08bf007a35ce8",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -24,11 +24,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1682009832, "lastModified": 1686307493,
"narHash": "sha256-QdNOeFE7sI+0ddqVfn9vQDCUs7OdxhJ7evo9sdyP82Y=", "narHash": "sha256-R4VEFnDn7nRmNxAu1LwNbjns5DPM8IBsvnrWmZ8ymPs=",
"owner": "lnl7", "owner": "lnl7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "a1ee4d333b092bc055655fb06229eb3013755812", "rev": "7c16d31383a90e0e72ace0c35d2d66a18f90fb4f",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -51,11 +51,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1682063650, "lastModified": 1686747123,
"narHash": "sha256-VaDHh2z6xlnTHaONlNVHP7qEMcK5rZ8Js3sT6mKb2XY=", "narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=",
"owner": "serokell", "owner": "serokell",
"repo": "deploy-rs", "repo": "deploy-rs",
"rev": "c2ea4e642dc50fd44b537e9860ec95867af30d39", "rev": "724463b5a94daa810abfc64a4f87faef4e00f984",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -102,11 +102,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1682273416, "lastModified": 1686922395,
"narHash": "sha256-YvRc5TOyf92Fcvt6cYfsqxfjqalAUME3Klv4IbdhkBE=", "narHash": "sha256-ysevinohPxdKp0RXyhDRsz1/vh1eXazg4AWp0n5X/U4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "a5a294a622a7d3a837aaa145334e4d813c1bc5b1", "rev": "9ba7b3990eb1f4782ea3f5fe7ac4f3c88dd7a32c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -149,11 +149,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1681591833, "lastModified": 1686740472,
"narHash": "sha256-lW+xOELafAs29yw56FG4MzNOFkh8VHC/X/tRs1wsGn8=", "narHash": "sha256-b668DY2qGdBCUwIkk6Z32bcpCsUISQJrEEvhtn1gGgY=",
"owner": "Mic92", "owner": "Mic92",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "68ec961c51f48768f72d2bbdb396ce65a316677e", "rev": "e11c61073b777e025993c5ef63ddbf776a9cca15",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -164,11 +164,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1680876084, "lastModified": 1686838567,
"narHash": "sha256-eP9yxP0wc7XuVaODugh+ajgbFGaile2O1ihxiLxOuvU=", "narHash": "sha256-aqKCUD126dRlVSKV6vWuDCitfjFrZlkwNuvj5LtjRRU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "3006d2860a6ed5e01b0c3e7ffb730e9b293116e2", "rev": "429f232fe1dc398c5afea19a51aad6931ee0fb89",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -179,11 +179,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1682181988, "lastModified": 1686776226,
"narHash": "sha256-CYWhlNi16cjGzMby9h57gpYE59quBcsHPXiFgX4Sw5k=", "narHash": "sha256-o6WbKvENj98QJz9Mco6T6SZGrjPewMDAFyKg0Lp8avU=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6c43a3495a11e261e5f41e5d7eda2d71dae1b2fe", "rev": "0d2cf7fe5fa05d5271a15a8933414ee0a1570648",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -195,16 +195,16 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1682173319, "lastModified": 1686885751,
"narHash": "sha256-tPhOpJJ+wrWIusvGgIB2+x6ILfDkEgQMX0BTtM5vd/4=", "narHash": "sha256-KcbYp2KuKbXgNaYVziwKUc6AKRhgJ1G8Qq5gjAbQ3uw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ee7ec1c71adc47d2e3c2d5eb0d6b8fbbd42a8d1c", "rev": "aa4b53f79d961a7cbba0b24f791401a34c18011a",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "release-22.11", "ref": "release-23.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@ -212,11 +212,11 @@
"pypi-deps-db": { "pypi-deps-db": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1682242634, "lastModified": 1685526402,
"narHash": "sha256-tfadLvdK3CahWIf90V3XpFZqdpOvDxeORk+XAkTn4cU=", "narHash": "sha256-V0SXx0dWlUBL3E/wHWTszrkK2dOnuYYnBc7n6e0+NQU=",
"owner": "DavHau", "owner": "DavHau",
"repo": "pypi-deps-db", "repo": "pypi-deps-db",
"rev": "9832a8f9d545d59b1bf6e06e28ea9f0a65b6a01c", "rev": "ba35683c35218acb5258b69a9916994979dc73a9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -278,11 +278,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1682218555, "lastModified": 1686902322,
"narHash": "sha256-kojMklCNBnPe8KtRvJvBtFGU/gPAqRKYpZEqyehHfn4=", "narHash": "sha256-Vogj2MsipA+Uzr0M3d8300JeKQDHhPy6NEuTQXVdWu0=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "8a95e6f8cd160a05c2b560e66f702432a53b59ac", "rev": "1e2bae54870a06aa9364f8d33a5b9a0869d792fc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -317,11 +317,11 @@
}, },
"std": { "std": {
"locked": { "locked": {
"lastModified": 1682196479, "lastModified": 1685917625,
"narHash": "sha256-YChXEQO0zKauEi3+fpzPZovCaQEc4QeI00sP3IUtU14=", "narHash": "sha256-2manVKofCZrCToVDnDYNvtYUFBYOM5JhdDoNGVY4fq4=",
"owner": "chessai", "owner": "chessai",
"repo": "nix-std", "repo": "nix-std",
"rev": "2acf4573376f8d6170aee46efe0a669f5d78a642", "rev": "e20af8822b5739434b875643bfc61fe0195ea2fb",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -373,11 +373,11 @@
"systems": "systems" "systems": "systems"
}, },
"locked": { "locked": {
"lastModified": 1681202837, "lastModified": 1685518550,
"narHash": "sha256-H+Rh19JDwRtpVPAWp64F+rlEtxUWBAQW28eAi3SRSzg=", "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
"owner": "numtide", "owner": "numtide",
"repo": "flake-utils", "repo": "flake-utils",
"rev": "cfacdce06f30d2b68473a46042957675eebb3401", "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -399,11 +399,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1681581389, "lastModified": 1686480427,
"narHash": "sha256-+ygySqlQy0ejwE1aOF6i6Tiu63V0jxXik0aLlvmqioo=", "narHash": "sha256-cs2cg+x21jM3e7gOX9zYRh/19i8DFInBDLtUWMEAdvA=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NixOS-WSL", "repo": "NixOS-WSL",
"rev": "f3b6f6b04728416c64fc5ef52199fd9b9843c47d", "rev": "c192f97d59acb878fd1f2f6f362c8632d1e8426e",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
kat/shell/packages.nix
View file

@ -17,6 +17,8 @@
exa exa
# sed replacement # sed replacement
sd sd
# sops
sops
# find replacement # find replacement
fd fd
# ripgrep / grep replacement # ripgrep / grep replacement

12
nixos/roles/irc-client.nix Normal file
View file

@ -0,0 +1,12 @@
_: {
services.thelounge = {
enable = true;
extraConfig = {
reverseProxy = true;
public = false;
fileUpload = {
enable = true;
};
};
};
}

1
systems/yukari.nix
View file

@ -15,6 +15,7 @@ _: let
postgres-server postgres-server
matrix-homeserver matrix-homeserver
vaultwarden-server vaultwarden-server
irc-client
]); ]);
boot = { boot = {

2
tf/.envrc Normal file
View file

@ -0,0 +1,2 @@
sops -d ./tf.tfvars.sops > tf.tfvars
export TF_CLI_ARGS="--var-file=tf.tfvars"

1
tf/.gitignore vendored Normal file
View file

@ -0,0 +1 @@
tf.tfvars

10
tf/backend.tf Normal file
View file

@ -0,0 +1,10 @@
terraform {
backend "remote" {
hostname = "app.terraform.io"
organization = "kittywitch"
workspaces {
name = "infrastructure-tf"
}
}
}

22
tf/tf.tfvars.sops Normal file
View file

@ -0,0 +1,22 @@
{
"data": "ENC[AES256_GCM,data:5NizSWBLOaigdBsgLyFRmjka6EnojDthw8+Z79QXz/Up1b5Mw60RuWV4kJlJpu+Vy7V1rm9xSJrOh4cTQiiStDbeJ+wCUx2ijp3XPvNlJ6V4UXGefbHMV/oC3amhurRcDogDCldELqce8ZObps5Z+A9VuvzsTxb3CdSaf7C544krRr20+JZLpM55CrAJ+o8pbHF2I5GXIlHqoGbLQIOm+Y/iun9Vi4Ut/XDvbGREBOSp6lTC6D/3VbyZ6jaBH7AI2wR486TPbVRT+GLrVB+u7WJaOAMor9rstLqtMrykAuxknXuFSDo1e1AYsTmKkGlo4D/KX+nYcTarksB7gyYLk8PrBIb8JI1OaKL7XAMZUM2RjKljPb3DalN+8+qa9YCO57BVUeudEQuuv7gh4stdbNSTQ/kWfZuImgQNdDItlJ9XabM0UG3SqzQibggeXvA8cehG4ixrC/acLsMxu00MOLHzwqGhWolHvCAmnp0XEG+dEF7//+W3K5knel5HoAoLbgmENghmp1Vp28abFOagU2Hn2asPDIjjZv8MhocyMCUjBK/f1JrDVOVHZRhWIXjGyeWhJPd8+7P1XJeXlGLh2G9Echgpkpt3lnNShQ==,iv:RjDCMMgME6GrPUQ/xqq6N9pynS6mwd0SKydpBctYlZ8=,tag:8ANoqNcJGpj9NRKgfa8cOg==,type:str]",
"sops": {
"shamir_threshold": 1,
"kms": null,
"gcp_kms": null,
"azure_kv": null,
"hc_vault": null,
"age": null,
"lastmodified": "2023-05-10T15:46:17Z",
"mac": "ENC[AES256_GCM,data:VX3ZsDKja639NKEO1DvBDMh/Ho9EMqNQyDlbYo79nVfomMvHvNcSURullNehy1Usmdmk/Hr6wUjuOcira571F5k95xNby6yp/qgWFBSKDFcvduRqu4YqUzB5XvXqmWGHX+Q7d6U6MAA6PirqBgQC4A5U51OfFhPalTuJWY4V8jA=,iv:BsqyLwGgcqjIITuHnYo2jzC8Vk4DgyxkBGD6eaa+TsE=,tag:j67JoaOgQhbtNDk70i1hKA==,type:str]",
"pgp": [
{
"created_at": "2023-05-10T15:43:03Z",
"enc": "-----BEGIN PGP MESSAGE-----\n\nhQIMA82M54yws73UARAApQ2ZwB0usOsmNHzhVKbp0usviukLvU8FXl3HjaH49d0o\nzlY/h/A5isen9oVmTe8fr2h/Et/k7QtOyEQg3a+BDxbSmeHWPENdxxmJzgFdAMx0\n91b/puuIL3RpDRzZD0MxbqGk5A3pZZuoHm1PMYgRW7M+xfHzMlOAREqxC3J+2NGX\nBk9Q6iYGem/h4l660ObWdFkkkdyfGba7vz5hUl1het/DlOA73Hdy/VN5mrc+H+KN\nOtOzBYcBsNkhjWHfoK7G666yLNsADcViKZiLHvmAvAlgQly+dUq9kO4kiQwyFI+V\nLfR+/TY73yOjk+St3MS78K4rm2ywsAPNOKUnQGcSM+Vw7/n+0z22dKmZqJmu749K\noHvhE2pIlCC/6Xt3Ft8bjlKlo+4tQo1Jtb89YQ6G8nnoFr/HvAwk01qziIvD3TTJ\nM4nhQt5pArW5i/V/7oJ7iUqKPgda2O0tl0Tmen6u/sPWU3F9CuN0I+bZae8d53Zs\nPIfSGFTsfP1ChX2mxeGJ3BR6fVskvWr88lJmILtgFEo+BjvfWT6D25rIuId5ZqKQ\ngU4MnC7JK+PH/jykT+6s21v5JXnQ4M6WvSZK1J4bs0wR0yN3JbB7pki0zlh/2a8J\nFnWBB/gCaBgyGK7CHwncM/cn6NyFUAn3r2SFjElpInGHd7dqvl9dXHJ5YzyHWEbS\nXgHDOWzI8EpfVrhIKak6ZrKEJIvhodyP7qIgBexAU4zA4CdvmuuyiqIzlRawN4J8\nRwwFHRibkIe5q3xFa/QrOuBj5pfUqdBLDkJhLHkYH756m/25Fg9kqB2tou14qDU=\n=Mfyl\n-----END PGP MESSAGE-----\n",
"fp": "CD8CE78CB0B3BDD4"
}
],
"unencrypted_suffix": "_unencrypted",
"version": "3.7.3"
}
}