From 8414f2da2ac29a5a770e3f07bd0157de2690dca3 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 1 Feb 2025 14:51:34 -0500 Subject: [PATCH 1/4] pin kernel Signed-off-by: ahuston-0 --- systems/artemision/configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/systems/artemision/configuration.nix b/systems/artemision/configuration.nix index 4149319..8321e1f 100644 --- a/systems/artemision/configuration.nix +++ b/systems/artemision/configuration.nix @@ -31,7 +31,7 @@ }; boot = { - #kernelPackages = lib.mkForce pkgs.linuxPackages_zen; + kernelPackages = lib.mkForce pkgs.linuxPackages_6_6; useSystemdBoot = true; default = true; }; -- 2.48.1 From 0bae399d47c13e395add7eb438170a90a58f0c15 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sat, 1 Feb 2025 14:52:11 -0500 Subject: [PATCH 2/4] increase NAR limit to 800MB Signed-off-by: ahuston-0 --- utils/attic-push.bash | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/attic-push.bash b/utils/attic-push.bash index 1855eb2..87b6b7a 100755 --- a/utils/attic-push.bash +++ b/utils/attic-push.bash @@ -7,7 +7,7 @@ set -e # retrieve all paths under 100M nix_paths=$(nix path-info --json --all --closure-size \ - | jq 'map_values(.closureSize | select(. < 1e8)) | to_entries | sort_by(.value)' \ + | jq 'map_values(.closureSize | select(. < 8e8)) | to_entries | sort_by(.value)' \ | jq 'map(.key) | join("\n")' | sed -E -e 's/\\n/\n/g;s/^"//g;s/"$//g') readarray -t nix_path_array < <(echo "$nix_paths") -- 2.48.1 From e2931be9af084e3cccd181d5a619808e79ee1e81 Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Sun, 2 Feb 2025 14:03:23 -0500 Subject: [PATCH 3/4] reduce attic to 500MB Signed-off-by: ahuston-0 --- utils/attic-push.bash | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/attic-push.bash b/utils/attic-push.bash index 87b6b7a..0200a0c 100755 --- a/utils/attic-push.bash +++ b/utils/attic-push.bash @@ -7,7 +7,7 @@ set -e # retrieve all paths under 100M nix_paths=$(nix path-info --json --all --closure-size \ - | jq 'map_values(.closureSize | select(. < 8e8)) | to_entries | sort_by(.value)' \ + | jq 'map_values(.closureSize | select(. < 5e8)) | to_entries | sort_by(.value)' \ | jq 'map(.key) | join("\n")' | sed -E -e 's/\\n/\n/g;s/^"//g;s/"$//g') readarray -t nix_path_array < <(echo "$nix_paths") -- 2.48.1 From 6a6eddb517ab4ee7f796c1e58bbcdac0dab2d5ca Mon Sep 17 00:00:00 2001 From: ahuston-0 Date: Thu, 13 Feb 2025 23:57:16 -0500 Subject: [PATCH 4/4] move minio and attic to nayeonie.com Signed-off-by: ahuston-0 --- systems/palatine-hill/attic/default.nix | 6 ++-- systems/palatine-hill/docker/haproxy.cfg | 40 ++++++++++++++++-------- 2 files changed, 30 insertions(+), 16 deletions(-) diff --git a/systems/palatine-hill/attic/default.nix b/systems/palatine-hill/attic/default.nix index 35c3aa5..1fc9e29 100644 --- a/systems/palatine-hill/attic/default.nix +++ b/systems/palatine-hill/attic/default.nix @@ -18,8 +18,8 @@ settings = { listen = "[::]:8183"; - allowed-hosts = [ "attic.alicehuston.xyz" ]; - api-endpoint = "https://attic.alicehuston.xyz/"; + allowed-hosts = [ "attic.nayeonie.com" ]; + api-endpoint = "https://attic.nayeonie.com/"; compression.type = "none"; # let ZFS do the compressing database = { url = "postgres://atticd?host=/run/postgresql"; @@ -32,7 +32,7 @@ type = "s3"; region = "us-east-1"; bucket = "cache-nix-dot"; - endpoint = "https://minio.alicehuston.xyz"; + endpoint = "https://minio.nayeonie.com"; }; # Warning: If you change any of the values here, it will be diff --git a/systems/palatine-hill/docker/haproxy.cfg b/systems/palatine-hill/docker/haproxy.cfg index 6323434..86abb37 100755 --- a/systems/palatine-hill/docker/haproxy.cfg +++ b/systems/palatine-hill/docker/haproxy.cfg @@ -23,7 +23,7 @@ frontend stats # you can call this whatever you want frontend ContentSwitching bind *:80 # bind *:443 ssl crt /etc/ssl/certs/cloudflare.pem - bind *:443 ssl crt /etc/ssl/certs/origin_ca_ecc_root_new.pem + bind *:443 ssl crt /etc/ssl/certs/origin_ca_ecc_root_new.pem crt /var/lib/acme/nayeonie.com/full.pem strict-sni mode http option httplog @@ -31,26 +31,32 @@ frontend ContentSwitching # 16000000 seconds is a bit more than 6 months http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;" + # Front-end acess control list + http-request return status 200 content-type text/plain lf-string "%[path,field(-1,/)].${ACCOUNT_THUMBPRINT}\n" if { path_beg '/.well-known/acme-challenge/' } + # Front-end acess control list acl host_www hdr(host) -i www.alicehuston.xyz acl host_www hdr(host) -i alicehuston.xyz # acl host_ldapui hdr(host) -i authui.alicehuston.xyz acl host_glances hdr(host) -i monit.alicehuston.xyz acl host_glances hdr(host) -i glances.alicehuston.xyz - acl host_foundry hdr(host) -i dnd.alicehuston.xyz + # acl host_foundry hdr(host) -i dnd.alicehuston.xyz # acl host_netdata hdr(host) -i netdata.alicehuston.xyz #acl host_terraria hdr(host) -i terraria.alicehuston.xyz acl host_nextcloud hdr(host) -i nextcloud.alicehuston.xyz acl host_nextcloud hdr(host) -i nayeonie.com acl host_hydra hdr(host) -i hydra.alicehuston.xyz - acl host_nix_serve hdr(host) -i cache.alicehuston.xyz acl host_attic hdr(host) -i attic.alicehuston.xyz - acl host_nix_serve hdr(host) -i nixsrv.alicehuston.xyz acl host_minio hdr(host) -i minio.alicehuston.xyz acl host_minio_console hdr(host) -i minio-console.alicehuston.xyz + acl host_attic hdr(host) -i attic.nayeonie.com + acl host_minio hdr(host) -i minio.nayeonie.com + acl host_minio_console hdr(host) -i minio-console.nayeonie.com #acl host_nextcloud_vol hdr(host) -i nextcloud-vol.alicehuston.xyz # acl host_collabora hdr(host) -i collabora.alicehuston.xyz acl host_prometheus hdr(host) -i prom.alicehuston.xyz + acl host_gitea hdr(host) -i git.alicehuston.xyz + acl host_gitea hdr(host) -i nayeonie.com # Backend-forwarding use_backend www_nodes if host_www # use_backend ldapui_nodes if host_ldapui @@ -60,13 +66,13 @@ frontend ContentSwitching # use_backend terraria_nodes if host_terraria use_backend nextcloud_nodes if host_nextcloud use_backend hydra_nodes if host_hydra - use_backend nix_serve_nodes if host_nix_serve use_backend attic_nodes if host_attic #use_backend nextcloud_vol_nodes if host_nextcloud_vol # use_backend collabora_nodes if host_collabora use_backend prometheus_nodes if host_prometheus use_backend minio_nodes if host_minio use_backend minio_console_nodes if host_minio_console + use_backend gitea_nodes if host_gitea #frontend ldap # bind *:389 @@ -136,10 +142,10 @@ backend minio_console_nodes mode http server server 192.168.76.2:8501 -backend foundry_nodes - timeout tunnel 50s - mode http - server server foundryvtt:30000 +# backend foundry_nodes +# timeout tunnel 50s +# mode http +# server server foundryvtt:30000 #backend ldap_nodes # mode tcp @@ -159,10 +165,6 @@ backend hydra_nodes mode http server server 192.168.76.2:3000 -backend nix_serve_nodes - mode http - server server 192.168.76.2:5000 - backend attic_nodes mode http server server 192.168.76.2:8183 @@ -171,6 +173,10 @@ backend prometheus_nodes mode http server server 192.168.76.2:9001 +backend gitea_nodes + mode http + server server 192.168.76.2:6443 + #backend netdata_nodes # mode http # server server 192.168.76.2:19999 @@ -180,6 +186,14 @@ backend prometheus_nodes # server server foundry:30000 # acl host_www hdr(host) -i www.tmmworkshop.com +frontend giteassh + mode tcp + bind :2222 + default_backend giteassh_nodes + +backend giteassh_nodes + mode tcp + server s1 192.168.76.2:2223 frontend minecraft mode tcp -- 2.48.1