merge avalanche and storm into firestorm

host/avalanche/default.nix → archive/avalanche/default.nix

@@ -17,6 +17,8 @@ in
     boot = {
       grub.enable = true;
       remoteUnlock = {
+        enable = true;
+        tailscale = true;
         luks = false;
         zfs = [ "zroot" ];
       };
@@ -64,7 +66,7 @@ in
           }
         ];
       };
-      synapse.enable = true;
+      # synapse.enable = true;
     };
   };
 
@@ -166,12 +168,12 @@ in
     };
   };
 
-  services.ceph.osd.daemons = [ "1" ];
+  # services.ceph.osd.daemons = [ "1" ];
 
-  services.k3s = {
-    enable = true;
-    role = "agent";
-  };
+  # services.k3s = {
+    # enable = true;
+    # role = "agent";
+  # };
 
   system.stateVersion = "21.11";
   nzbr.home.config.home.stateVersion = "22.05";

host/storm/default.nix → archive/storm/default.nix

@@ -14,6 +14,8 @@
     boot = {
       grub.enable = true;
       remoteUnlock = {
+        enable = true;
+        tailscale = true;
         luks = false;
         zfs = [ "zroot" ];
       };
@@ -61,33 +63,33 @@
     };
   };
 
-  nirgenx = {
-    enable = true;
-    kubeconfigPath = "/run/kubeconfig";
-    waitForUnits = [ "network-online.target" "k3s.service" ];
-    helmNixPath = config.nzbr.flake.root;
-    helmPackage = pkgs.kubernetes-helm;
-    kubectlPackage = pkgs.kubectl;
-    deployment = {
-      amp.enable = true;
-      # birdsite.enable = true;
-      cert-manager.enable = true;
-      # debug-shell.enable = true;
-      gitlab.enable = true;
-      hedgedoc.enable = true;
-      kadalu.enable = true;
-      keycloak.enable = true;
-      matrix.enable = true;
-      n8n.enable = true;
-      nextcloud.enable = true;
-      nginx.enable = true;
-      openldap.enable = true;
-      pingcheck.enable = true;
-      plex.enable = true;
-      stash.enable = true;
-      vaultwarden.enable = true;
-    };
-  };
+  # nirgenx = {
+  #   enable = true;
+  #   kubeconfigPath = "/run/kubeconfig";
+  #   waitForUnits = [ "network-online.target" "k3s.service" ];
+  #   helmNixPath = config.nzbr.flake.root;
+  #   helmPackage = pkgs.kubernetes-helm;
+  #   kubectlPackage = pkgs.kubectl;
+  #   deployment = {
+  #     amp.enable = true;
+  #     # birdsite.enable = true;
+  #     cert-manager.enable = true;
+  #     # debug-shell.enable = true;
+  #     gitlab.enable = true;
+  #     hedgedoc.enable = true;
+  #     kadalu.enable = true;
+  #     keycloak.enable = true;
+  #     matrix.enable = true;
+  #     n8n.enable = true;
+  #     nextcloud.enable = true;
+  #     nginx.enable = true;
+  #     openldap.enable = true;
+  #     pingcheck.enable = true;
+  #     plex.enable = true;
+  #     stash.enable = true;
+  #     vaultwarden.enable = true;
+  #   };
+  # };
 
   boot = {
     loader.grub.device = "/dev/sda";
@@ -185,57 +187,57 @@
     };
   };
 
-  services.postgresql =
-    let
-      services = [
-        "bitwarden"
-        "hedgedoc"
-        "keycloak"
-        "n8n"
-        "synapse"
-        "vaultwarden"
-      ];
-    in
-    {
-      enable = true;
-      package = pkgs.postgresql_13;
-      dataDir = "/storage/postgres/${config.services.postgresql.package.psqlSchema}";
-      enableTCPIP = true;
-      authentication = ''
-        host all all 10.42.0.0/24 md5
-        host all all 10.12.0.0/16 md5
-        host all all 100.64.0.0/10 md5
-      '';
-      ensureDatabases = services;
-      ensureUsers =
-        map
-          (name: {
-            inherit name;
-            ensurePermissions = {
-              "DATABASE ${name}" = "ALL PRIVILEGES";
-            };
-          })
-          services;
-      initialScript = config.nzbr.assets."postgres-setup.sql";
-    };
-  services.postgresqlBackup = {
-    enable = true;
-    location = "/storage/postgres/backup";
-    compression = "none";
-    databases = config.services.postgresql.ensureDatabases;
-  };
-  systemd.tmpfiles.rules = [
-    "d /storage/postgres 0755 postgres users"
-  ];
-  age.secrets."postgres-setup.sql".owner = "postgres";
-
-  services.ceph.osd.daemons = [ "0" ];
-
-  services.k3s = {
-    enable = true;
-    role = "server";
-    dbEndpoint = "sqlite:///storage/kubernetes/kine.db?_journal=wal";
-  };
+  # services.postgresql =
+  #   let
+  #     services = [
+  #       "bitwarden"
+  #       "hedgedoc"
+  #       "keycloak"
+  #       "n8n"
+  #       "synapse"
+  #       "vaultwarden"
+  #     ];
+  #   in
+  #   {
+  #     enable = true;
+  #     package = pkgs.postgresql_13;
+  #     dataDir = "/storage/postgres/${config.services.postgresql.package.psqlSchema}";
+  #     enableTCPIP = true;
+  #     authentication = ''
+  #       host all all 10.42.0.0/24 md5
+  #       host all all 10.12.0.0/16 md5
+  #       host all all 100.64.0.0/10 md5
+  #     '';
+  #     ensureDatabases = services;
+  #     ensureUsers =
+  #       map
+  #         (name: {
+  #           inherit name;
+  #           ensurePermissions = {
+  #             "DATABASE ${name}" = "ALL PRIVILEGES";
+  #           };
+  #         })
+  #         services;
+  #     initialScript = config.nzbr.assets."postgres-setup.sql";
+  #   };
+  # services.postgresqlBackup = {
+  #   enable = true;
+  #   location = "/storage/postgres/backup";
+  #   compression = "none";
+  #   databases = config.services.postgresql.ensureDatabases;
+  # };
+  # systemd.tmpfiles.rules = [
+  #   "d /storage/postgres 0755 postgres users"
+  # ];
+  # age.secrets."postgres-setup.sql".owner = "postgres";
+
+  # services.ceph.osd.daemons = [ "0" ];
+
+  # services.k3s = {
+  #   enable = true;
+  #   role = "server";
+  #   dbEndpoint = "sqlite:///storage/kubernetes/kine.db?_journal=wal";
+  # };
 
   system.stateVersion = "21.11";
   nzbr.home.config.home.stateVersion = "22.05";

host/firestorm/default.nix

@@ -43,7 +43,7 @@ in
       #   enable = true;
       #   extraTags = [ "kube-deploy" ];
       # };
-      # synapse.enable = true;
+      synapse.enable = true;
     };
   };
 
@@ -113,6 +113,82 @@ in
     };
   };
 
+  services.k3s = {
+    enable = true;
+    role = "server";
+    dbEndpoint = "sqlite:///storage/kubernetes/kine.db?_journal=wal";
+  };
+  nirgenx = {
+    enable = true;
+    kubeconfigPath = "/run/kubeconfig";
+    waitForUnits = [ "network-online.target" "k3s.service" ];
+    helmNixPath = config.nzbr.flake.root;
+    helmPackage = pkgs.kubernetes-helm;
+    kubectlPackage = pkgs.kubectl;
+    deployment = {
+      amp.enable = true;
+      cert-manager.enable = true;
+      # debug-shell.enable = true;
+      gitlab.enable = true;
+      hedgedoc.enable = true;
+      kadalu.enable = true;
+      keycloak.enable = true;
+      matrix.enable = true;
+      # n8n.enable = true;
+      nextcloud.enable = true;
+      nginx.enable = true;
+      openldap.enable = true;
+      # pingcheck.enable = true;
+      plex.enable = true;
+      # stash.enable = true;
+      vaultwarden.enable = true;
+    };
+  };
+
+  services.postgresql =
+    let
+      services = [
+        "bitwarden"
+        "hedgedoc"
+        "keycloak"
+        "n8n"
+        "synapse"
+        "vaultwarden"
+      ];
+    in
+    {
+      enable = true;
+      package = pkgs.postgresql_13;
+      dataDir = "/storage/postgres/${config.services.postgresql.package.psqlSchema}";
+      enableTCPIP = true;
+      authentication = ''
+        host all all 10.42.0.0/24 md5
+        host all all 10.12.0.0/16 md5
+        host all all 100.64.0.0/10 md5
+      '';
+      ensureDatabases = services;
+      ensureUsers =
+        map
+          (name: {
+            inherit name;
+            ensurePermissions = {
+              "DATABASE ${name}" = "ALL PRIVILEGES";
+            };
+          })
+          services;
+      initialScript = config.nzbr.assets."postgres-setup.sql";
+    };
+  services.postgresqlBackup = {
+    enable = true;
+    location = "/storage/postgres/backup";
+    compression = "none";
+    databases = config.services.postgresql.ensureDatabases;
+  };
+  systemd.tmpfiles.rules = [
+    "d /storage/postgres 0755 postgres users"
+  ];
+  age.secrets."postgres-setup.sql".owner = "postgres";
+
   services.mailmover = {
     enable = true;
     schedule = "*-*-* *:*:1";

host/firestorm/k8s/n8n-secret.yaml.age

@@ -0,0 +1,14 @@
+age-encryption.org/v1
+-> ssh-ed25519 ypn7zQ XquT65j1kaphJYLb14HtHDr73c/EKhinItS79GGMPws
+9HQHO0HQKYiBS7BIPrBntsVk7O1HPZmy5Q/5rAcadoI
+-> ssh-ed25519 GTZ+fg qnjYjH8Seetcsc4aogbY8xa+hguNt1aPerjG+tP5vww
+H9f16teDrpijjCHYfk9KroyfqLsS1STs982gox4qnG0
+-> ssh-ed25519 PEimKA RuRKMGMRXuwPjqXOxIo8du90LmOuIs1/ufpg7SOMM1Q
+n7a1GqTnsi6ZBYXqysjL8fz69PxQxep08ZUKEPEFKz0
+-> ssh-ed25519 CpRMlA 51cty/If7MWU6fz6orZCR3HwtvG7FEVSN5VmnilqNmA
+YGq8bU1kPTtVe76LUWKmUdvfTwXDhy9D5e21XhcaoUI
+-> "\-grease J*>` S Tz 2[J5X{
+
+--- U+fsKCs2Kfq4cfz15fKFQr2kSIfmsJgZ2cjHbQ0ae9A
+�MfNཤZZ��8�������"1:�O퉱���pBÔ�FF�c�.���j�#���4D�]M�*���N
��t�j0~��ǟ�׃�]��J��P̆���j?����L�V�a�� ����@� ����$��Z_ߵ�ǫ"B�.��swTv�FB�k����|a5Ai��fH��g�lF�M���#�������xi���n"V�(%�c������/Dd�_�UŠ�:F�ǵ����ٿ�Ĭߕ��l|�����.�uV��bI��Y6h��c[?��%KR��Z�5�`[!���R�W_��.�խM��\9���v�:��(�Bm6�O�����}�U�c'9�^ȡ�\د"l���u��62�X�="|߉p���!�Yz����FW�j֥ģ���U�k��k����G��ա�A_��#)8#��������U�>�N|&~�l��3�q~����E�v��%IΥ��~�W�=�u��
"H�j2���Wb�e9m��ٌI���[Մ�n��ͨ���6U�6�r
+�����-*

host/firestorm/k8s/openldap-secret.yaml.age

@@ -0,0 +1,14 @@
+age-encryption.org/v1
+-> ssh-ed25519 ypn7zQ LIDNgmye4E9RrXgLnezJbR71aJAmZ7bfiGlT7eIHsHg
+mWRj6HhvJzo/tuZRaCzpB/9qlT5iEqnNIvxCmp1G0us
+-> ssh-ed25519 GTZ+fg rFmcfgAu1NOYTGmlNQDPzsZsnuEVzZB7nDxMNmA4HBE
+mjNSrTo/MxROZdPQR36Xe8xhYrsPxNsJxuICdF4dXxM
+-> ssh-ed25519 PEimKA giHjCwl1BTjSgaNz5SH9jn21F32FWT0AaRbXDT0RGBY
+kGUny8MoMtRnOjDyz57meMN5Rv+BvtWQ1uHnntW4gFc
+-> ssh-ed25519 CpRMlA 4Uvit3zOwVieI9LaK+WZg2UkkE68S0d8CXcpwMuFP0Y
+BiMD+o5vFw/T40NXJVsJgXkwiUhtOz+I21Y2cLT/lMA
+-> 8B$h|~D-grease Z<LS .G
+78FnoLROK6PebaW/870v4MnpFStigkMhTyIPa2R5pBfLmebcWdt9C95xqr28lJVL
+i6RATxZk35dY79Qt/fy9xoMm4v1u3/iso9O5qc1nOCduVBJeLM2v
+--- +SddHIK9M6aIWtY64xLPIBOyb6Dk2YQwXzyW4vDvcKY
+�"�Sbv�.ϲܡ�ܕcV��OOR�E2��?V���(�%���l�J���T��&�o���<"8�y[�O�Y����Ͻν9�0�L��.Bo�H�|�M%�|*P���Nb����ć��7y�?��_���@�cvr��:���4y˫�!���4P�I�K����$ܡ�]x�xS��@��l{�