rpqt/flocon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: rpqt:e5b17dad1e46863322cf4a1ddea721f09f12bb5b
Branches Tags
rpqt:main rpqt:clan
..
compare: rpqt:24e8d8e8239b053d9899a459256493ce9962734c
Branches Tags
rpqt:main rpqt:clan

11 Commits
e5b17dad1e ... 24e8d8e823

Author SHA1 Message Date
Romain Paquet
24e8d8e823 glance: fix pinchflat icon 2025-11-17 21:53:17 +01:00
Romain Paquet
267807ae66 vicinae: link config file instead of generating it 2025-11-17 18:51:28 +01:00
Romain Paquet
9577209e67 glance: add prometheus 2025-11-17 18:50:00 +01:00
Romain Paquet
3f71e191f9 nextcloud: move db init to clan 2025-11-17 18:48:46 +01:00
Romain Paquet
53b1264c44 clanServices/prometheus: fix IPv6 address brackets 2025-11-17 18:46:54 +01:00
Romain Paquet
20b4d300ee clan: move monitoring to its own file 2025-11-17 18:46:43 +01:00
Romain Paquet
740ed6725a move clan config to its own directory 2025-11-14 20:12:02 +01:00
Romain Paquet
a680d58664 ghostty: use bigger font 2025-11-14 17:27:57 +01:00
Romain Paquet
00d9b8f4ae niri: don't spawn vicinae server (user service) 2025-11-14 17:26:16 +01:00
Romain Paquet
8f2f922d45 alacritty: only link the config file (not dir) 2025-11-14 17:25:37 +01:00
Romain Paquet
ca14d549af add gh and nixpkgs-review 2025-11-14 17:15:40 +01:00
14 changed files with 315 additions and 273 deletions
Expand all files Collapse all files

180
clan/flake-module.nix Normal file
View File

@@ -0,0 +1,180 @@
{ self, lib, ... }:
{
imports = [
./machines.nix
./monitoring.nix
./network.nix
];
clan.meta.name = "blossom";
clan.inventory.instances."rpqt-admin" = {
module.input = "clan-core";
module.name = "admin";
roles.default.tags.server = { };
roles.default.machines.haze = { };
roles.default.settings.allowedKeys = {
rpqt_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze";
nixbld_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIyNC2sn5m7m52r4kVZqg0T7abqdz5xh/blU3cYtHKAE nixbld@haze";
};
};
clan.inventory.instances."sshd" = {
module.input = "clan-core";
module.name = "sshd";
roles.server.tags.all = { };
roles.server.extraModules = [
self.nixosModules.hardened-ssh-server
];
roles.server.settings = {
certificate.searchDomains = [
"home.rpqt.fr"
];
};
roles.client.tags.all = { };
roles.client.settings = {
certificate.searchDomains = [
"home.rpqt.fr"
];
};
};
clan.inventory.instances.user-rpqt = {
module.input = "clan-core";
module.name = "users";
roles.default.machines.haze = {
settings = {
user = "rpqt";
};
};
roles.default.extraModules = [
self.nixosModules.user-rpqt
];
};
clan.inventory.instances.common-config = {
module = {
input = "clan-core";
name = "importer";
};
roles.default.tags.all = { };
roles.default.extraModules = [ self.nixosModules.common ];
};
clan.inventory.instances.server-config = {
module = {
input = "clan-core";
name = "importer";
};
roles.default.tags.server = { };
roles.default.extraModules = [
{
nix.gc.automatic = lib.mkDefault true;
nix.gc.dates = lib.mkDefault "Mon 3:15";
nix.gc.randomizedDelaySec = lib.mkDefault "30min";
nix.gc.options = lib.mkDefault "--delete-older-than 30d";
}
];
};
clan.inventory.instances."garage" = {
module.input = "clan-core";
module.name = "garage";
roles.default.tags.garage = { };
};
clan.inventory.instances."garage-config" = {
module.input = "clan-core";
module.name = "importer";
roles.default.tags.garage = { };
roles.default.extraModules = [ ../modules/garage.nix ];
};
clan.inventory.instances."trusted-nix-caches" = {
module.input = "clan-core";
module.name = "trusted-nix-caches";
roles.default.tags.all = { };
};
clan.inventory.instances."borgbackup-storagebox" = {
module.input = "clan-core";
module.name = "borgbackup";
roles.client.machines = lib.genAttrs [ "crocus" "genepi" "verbena" ] (
machine:
let
config = self.nixosConfigurations.${machine}.config;
user = "u422292";
host = "${user}.your-storagebox.de";
in
{
settings.destinations."storagebox-${config.networking.hostName}" = {
repo = "${user}@${host}:./borgbackup/${config.networking.hostName}";
rsh = "ssh -oPort=23 -i ${
config.clan.core.vars.generators.borgbackup.files."borgbackup.ssh".path
} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null";
};
}
);
roles.client.extraModules = [
../modules/storagebox.nix
];
roles.server.machines = { };
};
clan.inventory.instances.syncthing = {
roles.peer.tags.syncthing = { };
roles.peer.settings.folders = {
Documents = {
path = "~/Documents";
};
Music = {
path = "~/Music";
};
Pictures = {
path = "~/Pictures";
};
Videos = {
path = "~/Videos";
};
};
roles.peer.settings.extraDevices = {
pixel-7a = {
id = "IZE7B4Z-LKTJY6Q-77NN4JG-ADYRC77-TYPZTXE-Q35BWV2-AEO7Q3R-ZE63IAU";
name = "Pixel 7a";
addresses = [ "dynamic" ];
};
};
};
clan.inventory.instances.buildbot = {
module.input = "self";
module.name = "@rpqt/buildbot";
roles.master.machines.verbena = {
settings = {
domain = "buildbot.turifer.dev";
admins = [ "rpqt" ];
topic = "buildbot-nix";
gitea.instanceUrl = "https://git.turifer.dev";
};
};
roles.master.extraModules = [
{
services.nginx.virtualHosts."buildbot.turifer.dev" = {
enableACME = true;
forceSSL = true;
};
security.acme.certs."buildbot.turifer.dev" = {
email = "admin@turifer.dev";
};
}
];
roles.worker.machines.verbena = { };
};
}

28
clan/machines.nix Normal file
View File

@@ -0,0 +1,28 @@
{
clan.inventory.machines = {
crocus = {
tags = [
"garage"
"server"
];
};
genepi = {
tags = [
"garage"
"server"
"syncthing"
];
};
haze = {
tags = [
"syncthing"
];
};
verbena = {
tags = [
"garage"
"server"
];
};
};
}

46
clan/monitoring.nix Normal file
View File

@@ -0,0 +1,46 @@
{ self, ... }:
{
clan.inventory.instances.prometheus = {
module.input = "self";
module.name = "@rpqt/prometheus";
roles.scraper.machines.genepi = { };
roles.scraper.settings = {
extraScrapeConfigs = [
{
job_name = "garage";
static_configs = [
{
labels.instance = "crocus";
targets = [ "crocus.home.rpqt.fr:3903" ];
}
{
labels.instance = "genepi";
targets = [ "genepi.home.rpqt.fr:3903" ];
}
{
labels.instance = "verbena";
targets = [ "verbena.home.rpqt.fr:3903" ];
}
];
authorization = {
type = "Bearer";
credentials_file =
self.nixosConfigurations.verbena.config.clan.core.vars.generators.garage.files.metrics_token.path;
};
}
];
};
roles.target.tags.server = { };
roles.target.settings = {
exporters = {
node = {
enabledCollectors = [
"systemd"
];
};
};
};
};
}

20
clan/network.nix Normal file
View File

@@ -0,0 +1,20 @@
{
clan.inventory.instances.zerotier = {
roles.controller.machines.crocus = { };
roles.moon.machines.crocus = {
settings = {
stableEndpoints = [
"116.203.18.122"
"2a01:4f8:1c1e:e415::/64"
];
};
};
roles.peer.tags."all" = { };
};
clan.inventory.instances.internet = {
roles.default.machines.verbena = {
settings.host = "git.turifer.dev";
};
};
}

2
clanServices/prometheus/default.nix
View File

@@ -51,7 +51,7 @@
targetHost = targetConfig.clan.core.vars.generators.zerotier.files.zerotier-ip.value; targetHost = targetConfig.clan.core.vars.generators.zerotier.files.zerotier-ip.value;
in in
[ [
"${targetHost}:${toString targetConfig.services.prometheus.exporters.${exporter}.port}" "[${targetHost}]:${toString targetConfig.services.prometheus.exporters.${exporter}.port}"
]; ];
labels.instance = machineName; labels.instance = machineName;
}) machinesWithExporter; }) machinesWithExporter;

3
flake.nix
View File

@@ -15,11 +15,10 @@
flake-parts.lib.mkFlake { inherit inputs; } ({ flake-parts.lib.mkFlake { inherit inputs; } ({
imports = [ imports = [
inputs.clan-core.flakeModules.default inputs.clan-core.flakeModules.default
./clan/flake-module.nix
./clanServices/flake-module.nix ./clanServices/flake-module.nix
./devShells/flake-module.nix ./devShells/flake-module.nix
./home-manager/flake-module.nix ./home-manager/flake-module.nix
./machines/flake-module.nix
./modules/flake-module.nix ./modules/flake-module.nix
./packages/flake-module.nix ./packages/flake-module.nix
]; ];

3
home-manager/desktop/terminal.nix
View File

@@ -15,7 +15,8 @@
]; ];
programs.alacritty.enable = true; programs.alacritty.enable = true;
xdg.configFile."alacritty".source = "${config.dotfiles.path}/.config/alacritty"; xdg.configFile."alacritty/alacritty.toml".source =
"${config.dotfiles.path}/.config/alacritty/alacritty.toml";
xdg.configFile."ghostty/config".source = "${config.dotfiles.path}/.config/ghostty/config"; xdg.configFile."ghostty/config".source = "${config.dotfiles.path}/.config/ghostty/config";
} }

10
home-manager/desktop/vicinae.nix
View File

@@ -1,4 +1,9 @@
{ config, inputs, ... }: {
config,
inputs,
lib,
...
}:
{ {
imports = [ imports = [
inputs.vicinae.homeManagerModules.default inputs.vicinae.homeManagerModules.default
@@ -9,6 +14,9 @@
autoStart = true; autoStart = true;
}; };
xdg.configFile."vicinae/vicinae.json".source =
lib.mkForce "${config.dotfiles.path}/.config/vicinae/vicinae.json";
xdg.configFile."matugen/config.toml".source = "${config.dotfiles.path}/.config/matugen/config.toml"; xdg.configFile."matugen/config.toml".source = "${config.dotfiles.path}/.config/matugen/config.toml";
xdg.configFile."matugen/templates/vicinae.toml".source = xdg.configFile."matugen/templates/vicinae.toml".source =
"${config.dotfiles.path}/.config/matugen/templates/vicinae.toml"; "${config.dotfiles.path}/.config/matugen/templates/vicinae.toml";

2
home-manager/dev.nix
View File

@@ -13,6 +13,7 @@
home.packages = with pkgs; [ home.packages = with pkgs; [
direnv direnv
gh
hut hut
jujutsu jujutsu
nix-output-monitor nix-output-monitor
@@ -23,6 +24,7 @@
typescript-language-server typescript-language-server
nil # Nix language server nil # Nix language server
nixfmt-rfc-style nixfmt-rfc-style
nixpkgs-review
]; ];
programs.direnv = { programs.direnv = {

1
home/.config/ghostty/config
View File

@@ -2,4 +2,5 @@ theme = dark:Kanagawa Wave,light:Builtin Light
font-feature = -liga font-feature = -liga
font-feature = -calt font-feature = -calt
font-feature = -dlig font-feature = -dlig
font-size = 14
window-inherit-working-directory = false window-inherit-working-directory = false

1
home/.config/niri/config.kdl
View File

@@ -345,7 +345,6 @@ screenshot-path "~/Pictures/Screenshots/Screenshot from %Y-%m-%d %H-%M-%S.png"
spawn-at-startup "dms" "run" spawn-at-startup "dms" "run"
spawn-at-startup "kdeconnect-indicator" spawn-at-startup "kdeconnect-indicator"
spawn-at-startup "~/rep/flocon/home/bin/monitor-dark-mode.sh" spawn-at-startup "~/rep/flocon/home/bin/monitor-dark-mode.sh"
spawn-at-startup "vicinae" "server"
spawn-at-startup "xwayland-satellite" spawn-at-startup "xwayland-satellite"
environment { environment {

253
machines/flake-module.nix
View File

@@ -1,253 +0,0 @@
{ self, lib, ... }:
{
clan = {
meta.name = "blossom";
inventory.machines = {
crocus = {
tags = [
"garage"
"server"
];
};
genepi = {
tags = [
"garage"
"server"
"syncthing"
];
};
haze = {
tags = [
"syncthing"
];
};
verbena = {
tags = [
"garage"
"server"
];
};
};
inventory.instances = {
"rpqt-admin" = {
module.input = "clan-core";
module.name = "admin";
roles.default.tags.server = { };
roles.default.machines.haze = { };
roles.default.settings.allowedKeys = {
rpqt_haze = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGa8R8obgptefcp27Cdp9bc2fiyc9x0oTfMsTPFp2ktE rpqt@haze";
};
};
zerotier = {
roles.controller.machines.crocus = { };
roles.moon.machines.crocus = {
settings = {
stableEndpoints = [
"116.203.18.122"
"2a01:4f8:1c1e:e415::/64"
];
};
};
roles.peer.tags."all" = { };
};
internet = {
roles.default.machines.verbena = {
settings.host = "git.turifer.dev";
};
};
"sshd" = {
module.input = "clan-core";
module.name = "sshd";
roles.server.tags.all = { };
roles.server.extraModules = [
self.nixosModules.hardened-ssh-server
];
};
user-rpqt = {
module.input = "clan-core";
module.name = "users";
roles.default.machines.haze = {
settings = {
user = "rpqt";
};
};
roles.default.extraModules = [
self.nixosModules.user-rpqt
];
};
common-config = {
module = {
input = "clan-core";
name = "importer";
};
roles.default.tags.all = { };
roles.default.extraModules = [ self.nixosModules.common ];
};
server-config = {
module = {
input = "clan-core";
name = "importer";
};
roles.default.tags.server = { };
roles.default.extraModules = [
{
nix.gc.automatic = lib.mkDefault true;
nix.gc.dates = lib.mkDefault "Mon 3:15";
nix.gc.randomizedDelaySec = lib.mkDefault "30min";
nix.gc.options = lib.mkDefault "--delete-older-than 30d";
}
];
};
"garage" = {
module.input = "clan-core";
module.name = "garage";
roles.default.tags.garage = { };
};
"garage-config" = {
module.input = "clan-core";
module.name = "importer";
roles.default.tags.garage = { };
roles.default.extraModules = [ ../modules/garage.nix ];
};
"trusted-nix-caches" = {
module.input = "clan-core";
module.name = "trusted-nix-caches";
roles.default.tags.all = { };
};
"borgbackup-storagebox" = {
module.input = "clan-core";
module.name = "borgbackup";
roles.client.machines = lib.genAttrs [ "crocus" "genepi" "verbena" ] (
machine:
let
config = self.nixosConfigurations.${machine}.config;
user = "u422292";
host = "${user}.your-storagebox.de";
in
{
settings.destinations."storagebox-${config.networking.hostName}" = {
repo = "${user}@${host}:./borgbackup/${config.networking.hostName}";
rsh = "ssh -oPort=23 -i ${
config.clan.core.vars.generators.borgbackup.files."borgbackup.ssh".path
} -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null";
};
}
);
roles.client.extraModules = [
../modules/storagebox.nix
];
roles.server.machines = { };
};
prometheus = {
module.input = "self";
module.name = "@rpqt/prometheus";
roles.scraper.machines.genepi = { };
roles.scraper.settings = {
extraScrapeConfigs = [
{
job_name = "garage";
static_configs = [
{
labels.instance = "crocus";
targets = [ "crocus.home.rpqt.fr:3903" ];
}
{
labels.instance = "genepi";
targets = [ "genepi.home.rpqt.fr:3903" ];
}
{
labels.instance = "verbena";
targets = [ "verbena.home.rpqt.fr:3903" ];
}
];
authorization = {
type = "Bearer";
credentials_file =
self.nixosConfigurations.verbena.config.clan.core.vars.generators.garage.files.metrics_token.path;
};
}
];
};
roles.target.tags.server = { };
roles.target.settings = {
exporters = {
node = {
enabledCollectors = [
"systemd"
];
};
};
};
};
syncthing = {
roles.peer.tags.syncthing = { };
roles.peer.settings.folders = {
Documents = {
path = "~/Documents";
};
Music = {
path = "~/Music";
};
Pictures = {
path = "~/Pictures";
};
Videos = {
path = "~/Videos";
};
};
roles.peer.settings.extraDevices = {
pixel-7a = {
id = "IZE7B4Z-LKTJY6Q-77NN4JG-ADYRC77-TYPZTXE-Q35BWV2-AEO7Q3R-ZE63IAU";
name = "Pixel 7a";
addresses = [ "dynamic" ];
};
};
};
buildbot = {
module.input = "self";
module.name = "@rpqt/buildbot";
roles.master.machines.verbena = {
settings = {
domain = "buildbot.turifer.dev";
admins = [ "rpqt" ];
topic = "buildbot-nix";
gitea.instanceUrl = "https://git.turifer.dev";
};
};
roles.master.extraModules = [
{
services.nginx.virtualHosts."buildbot.turifer.dev" = {
enableACME = true;
forceSSL = true;
};
security.acme.certs."buildbot.turifer.dev" = {
email = "admin@turifer.dev";
};
}
];
roles.worker.machines.verbena = { };
};
};
};
}

24
machines/genepi/glance-config.nix
View File

@@ -44,11 +44,6 @@
url = "https://images.home.rpqt.fr"; url = "https://images.home.rpqt.fr";
icon = "sh:immich"; icon = "sh:immich";
} }
{
title = "Grafana";
url = "https://grafana.home.rpqt.fr";
icon = "sh:grafana";
}
{ {
title = "FreshRSS"; title = "FreshRSS";
url = "https://rss.home.rpqt.fr"; url = "https://rss.home.rpqt.fr";
@@ -72,7 +67,7 @@
{ {
title = "Pinchflat"; title = "Pinchflat";
url = "https://pinchflat.home.rpqt.fr"; url = "https://pinchflat.home.rpqt.fr";
icon = "sh:pinchflat"; icon = "https://cdn.jsdelivr.net/gh/selfhst/icons/png/pinchflat.png";
} }
{ {
title = "Home Assistant"; title = "Home Assistant";
@@ -96,6 +91,23 @@
} }
]; ];
} }
{
type = "monitor";
cache = "1m";
title = "Monitoring";
sites = [
{
title = "Grafana";
url = "https://grafana.home.rpqt.fr";
icon = "sh:grafana";
}
{
title = "Prometheus";
url = "http://genepi.home.rpqt.fr:9090";
icon = "sh:prometheus";
}
];
}
{ {
type = "monitor"; type = "monitor";
cache = "1m"; cache = "1m";

15
modules/nextcloud.nix
View File

@@ -38,15 +38,14 @@ in
}; };
}; };
services.postgresql = { clan.core.postgresql = {
enable = true; enable = true;
ensureDatabases = [ "nextcloud" ]; databases = {
ensureUsers = [ nextcloud = {
{ create.enable = true;
name = "nextcloud"; restore.stopOnRestore = [ "nextcloud" ];
ensureDBOwnership = true; };
} };
];
}; };
systemd.services."nextcloud-setup" = { systemd.services."nextcloud-setup" = {