Noratrieb/vps
1
0
Fork 0
mirror of https://github.com/Noratrieb/vps.git synced 2026-01-15 17:15:14 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Update to NixOS 24.11

Browse source
This commit is contained in:
nora 2025-01-01 21:20:34 +01:00
parent 839a438272
commit 23bbc31969
13 changed files with 60 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

55
newinfra/nix/deploy/smoke-tests.sh
View file

@ -4,20 +4,51 @@
set -eux set -eux
# Check DNS name servers check_dig_answer() {
dig @dns1.infra.noratrieb.dev dns1.infra.noratrieb.dev +noall +answer | grep 154.38.163.74 type="$1"
dig @dns2.infra.noratrieb.dev dns1.infra.noratrieb.dev +noall +answer | grep 154.38.163.74 host="$2"
grep="$3"
dig @dns1.infra.noratrieb.dev nilstrieb.dev +noall +answer | grep 161.97.165.1 dig @dns1.infra.noratrieb.dev "$type" "$host" +noall +answer | grep "$grep"
dig @dns2.infra.noratrieb.dev nilstrieb.dev +noall +answer | grep 161.97.165.1 dig @dns2.infra.noratrieb.dev "$type" "$host" +noall +answer | grep "$grep"
}
# Check DNS name servers
check_dig_answer A "dns1.infra.noratrieb.dev" "154.38.163.74"
check_dig_answer A "nilstrieb.dev" "161.97.165.1"
# Check the NS records. The trailing dot matters! # Check the NS records. The trailing dot matters!
dig @dns1.infra.noratrieb.dev NS noratrieb.dev | grep "noratrieb.dev..*3600.*IN.*NS.*ns1.noratrieb.dev." check_dig_answer NS noratrieb.dev "noratrieb.dev..*3600.*IN.*NS.*ns1.noratrieb.dev."
dig @dns2.infra.noratrieb.dev NS noratrieb.dev | grep "noratrieb.dev..*3600.*IN.*NS.*ns1.noratrieb.dev."
# Mail stuff
check_dig_answer MX noratrieb.dev "mail.protonmail.ch."
check_dig_answer MX noratrieb.dev "mailsec.protonmail.ch."
check_dig_answer TXT noratrieb.dev "protonmail-verification=09106d260e40df267109be219d9c7b2759e808b5"
check_dig_answer TXT noratrieb.dev "v=spf1 include:_spf.protonmail.ch ~all"
# Check HTTP responses # Check HTTP responses
curl --fail -s https://vps1.infra.noratrieb.dev -o /dev/null http_hosts=(
curl --fail -s https://vps3.infra.noratrieb.dev -o /dev/null noratrieb.dev
curl --fail -s https://vps4.infra.noratrieb.dev -o /dev/null nilstrieb.dev
curl --fail -s https://vps5.infra.noratrieb.dev -o /dev/null vps1.infra.noratrieb.dev
curl --fail -s https://noratrieb.dev -o /dev/null vps3.infra.noratrieb.dev
vps4.infra.noratrieb.dev
vps5.infra.noratrieb.dev
bisect-rustc.noratrieb.dev
docker.noratrieb.dev
does-it-build.noratrieb.dev
grafana.noratrieb.dev
hugo-chat.noratrieb.dev
api.hugo-chat.noratrieb.dev/api/v2/rooms
uptime.noratrieb.dev
www.noratrieb.dev
# legacy:
blog.noratrieb.dev
)
for http_host in "${http_hosts[@]}"; do
curl --fail -s "https://${http_host}/" -o /dev/null
done

16
newinfra/nix/hive.nix
View file

@ -5,11 +5,11 @@
# - A path to a Nixpkgs checkout # - A path to a Nixpkgs checkout
# - The Nixpkgs lambda (e.g., import <nixpkgs>) # - The Nixpkgs lambda (e.g., import <nixpkgs>)
# - An initialized Nixpkgs attribute set # - An initialized Nixpkgs attribute set
nixpkgs = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/b134951a4c9f3c995fd7be05f3243f8ecd65d798.tar.gz"); # nixos-24.05 2025-01-01 nixpkgs = import (fetchTarball "https://github.com/NixOS/nixpkgs/archive/3ffbbdbac0566a0977da3d2657b89cbcfe9a173b.tar.gz"); # nixos-24.11 2025-01-01
specialArgs = { specialArgs = {
website = import (fetchTarball "https://github.com/Noratrieb/website/archive/ab44e5ef7586a220fc1d251bda333a8752bb7783.tar.gz"); website = import (fetchTarball "https://github.com/Noratrieb/website/archive/5637e3cb59b00c80feca6a293c158046a4e1efe4.tar.gz");
blog = fetchTarball "https://github.com/Noratrieb/blog/archive/ab95691e6faebdbd7a6d37150a79b2b813ea181f.tar.gz"; blog = fetchTarball "https://github.com/Noratrieb/blog/archive/3f1978cc85668495bc5a9ac43d5c44fa844c97d6.tar.gz";
slides = fetchTarball "https://github.com/Noratrieb/slides/archive/0401f35c22b124b69447655f0c537badae9e223c.tar.gz"; slides = fetchTarball "https://github.com/Noratrieb/slides/archive/0401f35c22b124b69447655f0c537badae9e223c.tar.gz";
pretense = import (fetchTarball "https://github.com/Noratrieb/pretense/archive/270b01fc1118dfd713c1c41530d1a7d98f04527d.tar.gz"); pretense = import (fetchTarball "https://github.com/Noratrieb/pretense/archive/270b01fc1118dfd713c1c41530d1a7d98f04527d.tar.gz");
@ -161,7 +161,7 @@
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
./modules/contabo ./modules/contabo
./modules/wg-mesh ./modules/wg-mesh
./modules/ingress ./modules/caddy
./modules/garage ./modules/garage
./modules/podman ./modules/podman
./modules/registry ./modules/registry
@ -175,7 +175,7 @@
./apps/killua ./apps/killua
]; ];
deployment.tags = [ "ingress" "eu" "apps" "website" ]; deployment.tags = [ "caddy" "eu" "apps" "website" ];
system.stateVersion = "23.11"; system.stateVersion = "23.11";
}; };
# VPS3 is the primary monitoring/metrics server. # VPS3 is the primary monitoring/metrics server.
@ -184,7 +184,7 @@
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
./modules/contabo ./modules/contabo
./modules/wg-mesh ./modules/wg-mesh
./modules/ingress ./modules/caddy
./modules/garage ./modules/garage
./modules/prometheus ./modules/prometheus
]; ];
@ -196,7 +196,7 @@
vps4 = { lib, modulesPath, ... }: { vps4 = { lib, modulesPath, ... }: {
imports = [ imports = [
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
./modules/ingress ./modules/caddy
./modules/wg-mesh ./modules/wg-mesh
./modules/garage ./modules/garage
./modules/backup ./modules/backup
@ -256,7 +256,7 @@
imports = [ imports = [
(modulesPath + "/profiles/qemu-guest.nix") (modulesPath + "/profiles/qemu-guest.nix")
./modules/contabo ./modules/contabo
./modules/ingress ./modules/caddy
./modules/wg-mesh ./modules/wg-mesh
./modules/garage ./modules/garage
]; ];

0
newinfra/nix/modules/ingress/base.Caddyfile → newinfra/nix/modules/caddy/base.Caddyfile
View file

0
newinfra/nix/modules/ingress/caddy-build.nix → newinfra/nix/modules/caddy/caddy-build.nix
View file

0
newinfra/nix/modules/ingress/caddy-static-prepare/default.nix → newinfra/nix/modules/caddy/caddy-static-prepare/default.nix
View file

0
newinfra/nix/modules/ingress/caddy-static-prepare/prepare.py → newinfra/nix/modules/caddy/caddy-static-prepare/prepare.py
View file

0
newinfra/nix/modules/ingress/debugging-page/index.html → newinfra/nix/modules/caddy/debugging-page/index.html
View file

0
newinfra/nix/modules/ingress/default.nix → newinfra/nix/modules/caddy/default.nix
View file

8
newinfra/nix/modules/ingress/vps1.Caddyfile → newinfra/nix/modules/caddy/vps1.Caddyfile
View file

@ -60,7 +60,13 @@ docker.noratrieb.dev {
} }
################################################################ ################################################################
# deadname redirects # redirects
blog.noratrieb.dev {
log
redir https://noratrieb.dev/blog{uri} permanent
}
nilstrieb.dev { nilstrieb.dev {
log log
redir https://noratrieb.dev{uri} permanent redir https://noratrieb.dev{uri} permanent

0
newinfra/nix/modules/ingress/vps3.Caddyfile → newinfra/nix/modules/caddy/vps3.Caddyfile
View file

0
newinfra/nix/modules/ingress/vps4.Caddyfile → newinfra/nix/modules/caddy/vps4.Caddyfile
View file

2
newinfra/nix/modules/dns/noratrieb.dev.nix
View file

@ -55,7 +55,7 @@ let
ns2 = dns2; ns2 = dns2;
# --- website stuff # --- website stuff
blog.CNAME = [ (cname "noratrieb.github.io") ]; blog = vps1;
www = vps1; www = vps1;
# --- legacy crap # --- legacy crap

1
newinfra/nix/modules/registry/default.nix
View file

@ -28,6 +28,7 @@
storage = { storage = {
s3 = { s3 = {
regionendpoint = "http://127.0.0.1:3900"; regionendpoint = "http://127.0.0.1:3900";
forcepathstyle = true; # ensure it doesn't try docker-registry.127.0.0.1 as the host
region = "garage"; region = "garage";
bucket = "docker-registry"; bucket = "docker-registry";
# accesskey = ""; ENV REGISTRY_STORAGE_S3_ACCESSKEY # accesskey = ""; ENV REGISTRY_STORAGE_S3_ACCESSKEY