From a5855d61c9d4f939a43a4c972143fdb2172de434 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 19 Dec 2025 15:46:08 -0700 Subject: [PATCH 01/47] bluetui --- nix/alex-desktop.nix | 1 + nix/home-manager/alex.home.nix | 2 ++ nix/home-manager/desktop.home.nix | 2 ++ 3 files changed, 5 insertions(+) diff --git a/nix/alex-desktop.nix b/nix/alex-desktop.nix index 6ac4671..19224d3 100644 --- a/nix/alex-desktop.nix +++ b/nix/alex-desktop.nix @@ -113,6 +113,7 @@ mesa-gl-headers mesa driversi686Linux.mesa + mesa-demos ]; services.tailscale.enable = true; services.openssh.enable = true; diff --git a/nix/home-manager/alex.home.nix b/nix/home-manager/alex.home.nix index ba9488e..20a9fd6 100644 --- a/nix/home-manager/alex.home.nix +++ b/nix/home-manager/alex.home.nix @@ -58,6 +58,8 @@ export DOTNET_WATCH_RESTART_ON_RUDE_EDIT=1 export DOTNET_CLI_TELEMETRY_OPTOUT=1 set -x LIBVIRT_DEFAULT_URI qemu:///system +alias blue="bluetui" +alias jelly="jellyfin-tui" ''; }; home.file = { diff --git a/nix/home-manager/desktop.home.nix b/nix/home-manager/desktop.home.nix index dc8b5af..7d64c07 100644 --- a/nix/home-manager/desktop.home.nix +++ b/nix/home-manager/desktop.home.nix @@ -20,6 +20,8 @@ ffmpeg gh bitwarden-desktop + jellyfin-tui + bluetui ]; programs.ghostty = { From 1d8d287a1ed2fc633f7e211f69d23eebb24f5539 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 19 Dec 2025 16:09:03 -0700 Subject: [PATCH 02/47] ovmf --- .github/workflows/beets-sync.yml | 6 +++--- nix/home-server.nix | 14 +++++++------- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/beets-sync.yml b/.github/workflows/beets-sync.yml index 7523cc5..c73fc2a 100644 --- a/.github/workflows/beets-sync.yml +++ b/.github/workflows/beets-sync.yml @@ -1,8 +1,8 @@ name: Beets on: - schedule: - # Run 4 times a day: 6am, 12pm, 6pm, 12am UTC - - cron: '0 6,12,18,0 * * *' + # schedule: + # # Run 4 times a day: 6am, 12pm, 6pm, 12am UTC + # - cron: '0 6,12,18,0 * * *' workflow_dispatch: # Allow manual trigger jobs: diff --git a/nix/home-server.nix b/nix/home-server.nix index a4e42f5..5e68b8f 100644 --- a/nix/home-server.nix +++ b/nix/home-server.nix @@ -167,13 +167,13 @@ package = pkgs.qemu_kvm; runAsRoot = true; swtpm.enable = true; - ovmf = { - enable = true; - packages = [ pkgs.OVMFFull.fd ]; - # packages = [ - # (pkgs.OVMF.override { secureBoot = true; tpmSupport = true; }).fd - # ]; - }; + # ovmf = { + # enable = true; + # packages = [ pkgs.OVMFFull.fd ]; + # # packages = [ + # # (pkgs.OVMF.override { secureBoot = true; tpmSupport = true; }).fd + # # ]; + # }; }; }; networking.interfaces.enp5s0.useDHCP = true; From 508e1c8a119e2f8639fd01cedefd8277adee2bf9 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 19 Dec 2025 16:19:19 -0700 Subject: [PATCH 03/47] ovmf --- nix/home-server.nix | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/nix/home-server.nix b/nix/home-server.nix index 5e68b8f..2a8038b 100644 --- a/nix/home-server.nix +++ b/nix/home-server.nix @@ -167,13 +167,7 @@ package = pkgs.qemu_kvm; runAsRoot = true; swtpm.enable = true; - # ovmf = { - # enable = true; - # packages = [ pkgs.OVMFFull.fd ]; - # # packages = [ - # # (pkgs.OVMF.override { secureBoot = true; tpmSupport = true; }).fd - # # ]; - # }; + ovmfPackages = [ pkgs.OVMFFull.fd ]; }; }; networking.interfaces.enp5s0.useDHCP = true; From 385a18445bd9062e0e1d1eff0ff3826e60fe92cd Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 19 Dec 2025 16:20:03 -0700 Subject: [PATCH 04/47] ovmf --- nix/home-server.nix | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/nix/home-server.nix b/nix/home-server.nix index 2a8038b..0f1191c 100644 --- a/nix/home-server.nix +++ b/nix/home-server.nix @@ -167,7 +167,6 @@ package = pkgs.qemu_kvm; runAsRoot = true; swtpm.enable = true; - ovmfPackages = [ pkgs.OVMFFull.fd ]; }; }; networking.interfaces.enp5s0.useDHCP = true; @@ -187,9 +186,9 @@ environment.etc = { "qemu/edk2-x86_64-secure-code.fd".source = - lib.mkForce "${pkgs.OVMF.fd}/FV/OVMF_CODE.ms.fd"; + lib.mkForce "${pkgs.OVMFFull.fd}/FV/OVMF_CODE.ms.fd"; "qemu/edk2-x86_64-secure-vars.fd".source = - lib.mkForce "${pkgs.OVMF.fd}/FV/OVMF_VARS.ms.fd"; + lib.mkForce "${pkgs.OVMFFull.fd}/FV/OVMF_VARS.ms.fd"; }; systemd.tmpfiles.rules = [ "d /var/lib/libvirt/qemu/nvram 0755 root root -" From 2ab9f380ae0f72f79dc00ec557213b9e3b3b7c47 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 19 Dec 2025 16:23:16 -0700 Subject: [PATCH 05/47] vars --- nix/home-server.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nix/home-server.nix b/nix/home-server.nix index 0f1191c..2ca80ca 100644 --- a/nix/home-server.nix +++ b/nix/home-server.nix @@ -189,6 +189,8 @@ lib.mkForce "${pkgs.OVMFFull.fd}/FV/OVMF_CODE.ms.fd"; "qemu/edk2-x86_64-secure-vars.fd".source = lib.mkForce "${pkgs.OVMFFull.fd}/FV/OVMF_VARS.ms.fd"; + "qemu/OVMF_VARS.fd".source = + lib.mkForce "${pkgs.OVMFFull.fd}/FV/OVMF_VARS.fd"; }; systemd.tmpfiles.rules = [ "d /var/lib/libvirt/qemu/nvram 0755 root root -" From e0093b0e53fba6a5af0df0df26ed4db943ab84b2 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Wed, 31 Dec 2025 10:02:55 -0700 Subject: [PATCH 06/47] changes --- nix/ai-server-1.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/ai-server-1.nix b/nix/ai-server-1.nix index 8745ccf..7ea1634 100644 --- a/nix/ai-server-1.nix +++ b/nix/ai-server-1.nix @@ -122,7 +122,7 @@ dbus - + # protontricks stuff? freetype freetype.bin fontconfig From 094aa7efd22e932fec41361f91b64891fa9a2f83 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 2 Jan 2026 13:57:00 -0700 Subject: [PATCH 07/47] changes --- .github/workflows/apply-kubernetes.yml | 32 +++++++++++++++ home-server/docker-compose.yml | 55 +++++++++++++------------- kubernetes/jellyfin/deployment.yml | 11 +++++- kubernetes/jellyfin/ingress.yml | 28 ++++++------- kubernetes/jellyfin/service.yml | 16 +++++++- nix/home-manager/work.home.nix | 2 +- 6 files changed, 99 insertions(+), 45 deletions(-) create mode 100644 .github/workflows/apply-kubernetes.yml diff --git a/.github/workflows/apply-kubernetes.yml b/.github/workflows/apply-kubernetes.yml new file mode 100644 index 0000000..875ae05 --- /dev/null +++ b/.github/workflows/apply-kubernetes.yml @@ -0,0 +1,32 @@ +name: Apply Kuberentes Configs +on: [push, workflow_dispatch] +jobs: + update-repo: + runs-on: [home-server] + steps: + - name: checkout repo + working-directory: /home/github/infrastructure + run: | + if [ -d "infrastructure" ]; then + cd infrastructure + echo "Infrastructure folder exists. Resetting to the most recent commit." + git reset --hard HEAD + git pull https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }} $(git rev-parse --abbrev-ref HEAD) + else + git clone https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git + fi + update-infrastructure: + runs-on: [home-server] + needs: update-repo + steps: + - name: update home server containers + env: + MY_GITHUB_TOKEN: ${{ secrets.MY_GITHUB_TOKEN }} + HOMEASSISTANT_TOKEN: ${{ secrets.HOMEASSISTANT_TOKEN }} + GRAFANA_PASSWORD: ${{ secrets.GRAFANA_PASSWORD }} + CLOUDFLARE_CONFIG: ${{ secrets.CLOUDFLARE_CONFIG }} + COPILOT_TOKEN: ${{ secrets.COPILOT_TOKEN }} + working-directory: /home/github/infrastructure/infrastructure + run: | + kubectl apply -f kuberentes/ingress + kubectl apply -f kuberentes/proxy-ingress \ No newline at end of file diff --git a/home-server/docker-compose.yml b/home-server/docker-compose.yml index a137078..248af15 100644 --- a/home-server/docker-compose.yml +++ b/home-server/docker-compose.yml @@ -183,33 +183,33 @@ services: # - 0.0.0.0:9162:9162 # docker run -it --rm -p 9162:9162 --net=host sfudeus/apcupsd_exporter:master_1.19 - reverse-proxy: - image: ghcr.io/linuxserver/swag - container_name: reverse-proxy - restart: unless-stopped - cap_add: - - NET_ADMIN - environment: - - PUID=1000 - - PGID=1000 - - TZ=America/Denver - - URL=alexmickelson.guru - - SUBDOMAINS=wildcard - - VALIDATION=dns - - DNSPLUGIN=cloudflare - volumes: - - ./nginx.conf:/config/nginx/site-confs/default.conf - - /data/swag:/config - - /data/cloudflare/cloudflare.ini:/config/dns-conf/cloudflare.ini - ports: - - 0.0.0.0:80:80 - - 0.0.0.0:443:443 - # - 0.0.0.0:7080:80 - # - 0.0.0.0:7443:443 - extra_hosts: - - host.docker.internal:host-gateway - networks: - - proxy + # reverse-proxy: + # image: ghcr.io/linuxserver/swag + # container_name: reverse-proxy + # restart: unless-stopped + # cap_add: + # - NET_ADMIN + # environment: + # - PUID=1000 + # - PGID=1000 + # - TZ=America/Denver + # - URL=alexmickelson.guru + # - SUBDOMAINS=wildcard + # - VALIDATION=dns + # - DNSPLUGIN=cloudflare + # volumes: + # - ./nginx.conf:/config/nginx/site-confs/default.conf + # - /data/swag:/config + # - /data/cloudflare/cloudflare.ini:/config/dns-conf/cloudflare.ini + # ports: + # - 0.0.0.0:80:80 + # - 0.0.0.0:443:443 + # # - 0.0.0.0:7080:80 + # # - 0.0.0.0:7443:443 + # extra_hosts: + # - host.docker.internal:host-gateway + # networks: + # - proxy audiobookshelf: @@ -220,7 +220,6 @@ services: volumes: - /data/media/audiobooks:/audiobooks - /data/media/audiobooks-libation:/audiobooks-libation - # - :/podcasts - /data/audiobookshelf/config:/config - /data/audiobookshelf/metadata:/metadata networks: diff --git a/kubernetes/jellyfin/deployment.yml b/kubernetes/jellyfin/deployment.yml index a61dc76..fcdcbbe 100644 --- a/kubernetes/jellyfin/deployment.yml +++ b/kubernetes/jellyfin/deployment.yml @@ -13,13 +13,18 @@ spec: labels: app: jellyfin spec: + hostNetwork: true containers: - name: jellyfin image: jellyfin/jellyfin securityContext: runAsUser: 1000 runAsGroup: 1000 + supplementalGroups: + - 303 # render group for GPU access volumeMounts: + - name: dri-device + mountPath: /dev/dri/renderD128 - name: config-volume mountPath: /config - name: cache-volume @@ -52,4 +57,8 @@ spec: - name: tvshows-volume hostPath: path: /data/jellyfin/tvshows - restartPolicy: Always \ No newline at end of file + - name: dri-device + hostPath: + path: /dev/dri/renderD128 + type: CharDevice + restartPolicy: Always diff --git a/kubernetes/jellyfin/ingress.yml b/kubernetes/jellyfin/ingress.yml index 5416f72..b9c1b0c 100644 --- a/kubernetes/jellyfin/ingress.yml +++ b/kubernetes/jellyfin/ingress.yml @@ -1,14 +1,14 @@ -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: jellyfin-ingress - namespace: projects -spec: - rules: - - host: jellyfin.alexmickelson.guru - http: - paths: - - path: / - backend: - service: jellyfin - port: 8096 \ No newline at end of file +# apiVersion: networking.k8s.io/v1 +# kind: Ingress +# metadata: +# name: jellyfin-ingress +# namespace: projects +# spec: +# rules: +# - host: jellyfin.alexmickelson.guru +# http: +# paths: +# - path: / +# backend: +# service: jellyfin +# port: 8096 \ No newline at end of file diff --git a/kubernetes/jellyfin/service.yml b/kubernetes/jellyfin/service.yml index 5fbd4ca..7e753d3 100644 --- a/kubernetes/jellyfin/service.yml +++ b/kubernetes/jellyfin/service.yml @@ -10,4 +10,18 @@ spec: - protocol: TCP port: 8096 targetPort: 8096 - type: ClusterIP \ No newline at end of file + nodePort: 30096 + type: NodePort +# apiVersion: v1 +# kind: Service +# metadata: +# name: jellyfin +# namespace: projects +# spec: +# selector: +# app: jellyfin +# ports: +# - protocol: TCP +# port: 8096 +# targetPort: 8096 +# type: ClusterIP \ No newline at end of file diff --git a/nix/home-manager/work.home.nix b/nix/home-manager/work.home.nix index d0d1a96..000a485 100644 --- a/nix/home-manager/work.home.nix +++ b/nix/home-manager/work.home.nix @@ -53,7 +53,7 @@ in { opencodeFlake.packages.${system}.opencode bitwarden-desktop wiremix - moonlight-qt + (config.lib.nixGL.wrap moonlight-qt) # jan # texlivePackages.jetbrainsmono-otf # nerd-fonts.fira-code From d29c5edf472bd78b27633ffbbd440a693db2f6b6 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 2 Jan 2026 14:00:48 -0700 Subject: [PATCH 08/47] kubeclt for runner --- nix/home-server.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/home-server.nix b/nix/home-server.nix index 2ca80ca..a22ef48 100644 --- a/nix/home-server.nix +++ b/nix/home-server.nix @@ -290,6 +290,7 @@ sanoid mbuffer lzop + kubectl ]; }; }; From 00ffb6dfbc248c7e880dc9e1e5af41a69d70af80 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 2 Jan 2026 14:03:02 -0700 Subject: [PATCH 09/47] zfs --- nix/home-server.nix | 11 ++--------- 1 file changed, 2 insertions(+), 9 deletions(-) diff --git a/nix/home-server.nix b/nix/home-server.nix index a22ef48..7476e65 100644 --- a/nix/home-server.nix +++ b/nix/home-server.nix @@ -176,14 +176,7 @@ interfaces = [ "enp5s0" ]; }; }; - - # not working yet, in theory simplifies xml for vm - # environment.etc."qemu/edk2-x86_64-secure-code.fd".source = "${pkgs.OVMF.fd}/FV/OVMF_CODE.secboot.fd"; - # environment.etc."qemu/edk2-i386-vars.fd".source = "${pkgs.OVMF.fd}/FV/OVMF_VARS.fd"; - - # environment.etc."qemu/edk2-x86_64-secure-code.fd".source = "${pkgs.OVMF.fd}/FV/OVMF_CODE.secboot.fd"; - # environment.etc."qemu/edk2-x86_64-secure-vars.fd".source = "${pkgs.OVMF.fd}/FV/OVMF_VARS.secboot.fd"; - + environment.etc = { "qemu/edk2-x86_64-secure-code.fd".source = lib.mkForce "${pkgs.OVMFFull.fd}/FV/OVMF_CODE.ms.fd"; @@ -204,7 +197,7 @@ boot.supportedFilesystems = [ "zfs" ]; boot.zfs.forceImportRoot = false; networking.hostId = "eafe9551"; - boot.zfs.extraPools = [ "data-ssd" "backup" "vms" "vms-2" ]; + boot.zfs.extraPools = [ "data-ssd" "backup" "vms-2" "vms-3" ]; services.sanoid = { enable = true; templates.production = { From 6c88dd243dfc8fbbf09faff27f378bfbd72a0e8f Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 2 Jan 2026 14:05:29 -0700 Subject: [PATCH 10/47] pathing --- .github/workflows/apply-kubernetes.yml | 1 + kubernetes/proxy-ingress/homepage-proxy-ingress.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/.github/workflows/apply-kubernetes.yml b/.github/workflows/apply-kubernetes.yml index 875ae05..757844b 100644 --- a/.github/workflows/apply-kubernetes.yml +++ b/.github/workflows/apply-kubernetes.yml @@ -28,5 +28,6 @@ jobs: COPILOT_TOKEN: ${{ secrets.COPILOT_TOKEN }} working-directory: /home/github/infrastructure/infrastructure run: | + ls -alh kubectl apply -f kuberentes/ingress kubectl apply -f kuberentes/proxy-ingress \ No newline at end of file diff --git a/kubernetes/proxy-ingress/homepage-proxy-ingress.yml b/kubernetes/proxy-ingress/homepage-proxy-ingress.yml index 444ef0f..9747190 100644 --- a/kubernetes/proxy-ingress/homepage-proxy-ingress.yml +++ b/kubernetes/proxy-ingress/homepage-proxy-ingress.yml @@ -31,3 +31,4 @@ metadata: spec: type: ExternalName externalName: 100.122.128.107 + \ No newline at end of file From 5197568e4385def8adc6dc370bc166bf18eaa8e9 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 2 Jan 2026 14:06:18 -0700 Subject: [PATCH 11/47] amature mispell --- .github/workflows/apply-kubernetes.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/apply-kubernetes.yml b/.github/workflows/apply-kubernetes.yml index 757844b..a02e10a 100644 --- a/.github/workflows/apply-kubernetes.yml +++ b/.github/workflows/apply-kubernetes.yml @@ -29,5 +29,5 @@ jobs: working-directory: /home/github/infrastructure/infrastructure run: | ls -alh - kubectl apply -f kuberentes/ingress - kubectl apply -f kuberentes/proxy-ingress \ No newline at end of file + kubectl apply -f kubernetes/ingress + kubectl apply -f kubernetes/proxy-ingress \ No newline at end of file From de71f8ec2a5a588d7b5f52528b277154956eec57 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 2 Jan 2026 14:09:50 -0700 Subject: [PATCH 12/47] env --- .github/workflows/apply-kubernetes.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/apply-kubernetes.yml b/.github/workflows/apply-kubernetes.yml index a02e10a..dc35474 100644 --- a/.github/workflows/apply-kubernetes.yml +++ b/.github/workflows/apply-kubernetes.yml @@ -17,10 +17,11 @@ jobs: fi update-infrastructure: runs-on: [home-server] - needs: update-repo + needs: update-repo steps: - name: update home server containers env: + KUBECONFIG: .kube/config MY_GITHUB_TOKEN: ${{ secrets.MY_GITHUB_TOKEN }} HOMEASSISTANT_TOKEN: ${{ secrets.HOMEASSISTANT_TOKEN }} GRAFANA_PASSWORD: ${{ secrets.GRAFANA_PASSWORD }} @@ -28,6 +29,5 @@ jobs: COPILOT_TOKEN: ${{ secrets.COPILOT_TOKEN }} working-directory: /home/github/infrastructure/infrastructure run: | - ls -alh kubectl apply -f kubernetes/ingress - kubectl apply -f kubernetes/proxy-ingress \ No newline at end of file + kubectl apply -f kubernetes/proxy-ingress From bc803bd624389b25b01f5d4bad56a04f89ad500c Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 2 Jan 2026 14:31:32 -0700 Subject: [PATCH 13/47] paths --- .github/workflows/apply-kubernetes.yml | 2 +- nix/home-server.nix | 12 ------------ 2 files changed, 1 insertion(+), 13 deletions(-) diff --git a/.github/workflows/apply-kubernetes.yml b/.github/workflows/apply-kubernetes.yml index dc35474..c94b512 100644 --- a/.github/workflows/apply-kubernetes.yml +++ b/.github/workflows/apply-kubernetes.yml @@ -21,7 +21,7 @@ jobs: steps: - name: update home server containers env: - KUBECONFIG: .kube/config + KUBECONFIG: /home/github/.kube/config MY_GITHUB_TOKEN: ${{ secrets.MY_GITHUB_TOKEN }} HOMEASSISTANT_TOKEN: ${{ secrets.HOMEASSISTANT_TOKEN }} GRAFANA_PASSWORD: ${{ secrets.GRAFANA_PASSWORD }} diff --git a/nix/home-server.nix b/nix/home-server.nix index 7476e65..08deb5a 100644 --- a/nix/home-server.nix +++ b/nix/home-server.nix @@ -254,7 +254,6 @@ tokenFile = "/data/runner/github-infrastructure-token.txt"; url = "https://github.com/alexmickelson/infrastructure"; extraLabels = [ "home-server" ]; - #workDir = "/data/runner/infrastructure/"; replace = true; serviceOverrides = { ReadWritePaths = [ @@ -269,12 +268,8 @@ ProtectSystem = false; PrivateMounts = false; PrivateUsers = false; - #DynamicUser = true; - #NoNewPrivileges = false; ProtectHome = false; - #RuntimeDirectoryPreserve = "yes"; Restart = lib.mkForce "always"; - #RuntimeMaxSec = "7d"; }; extraPackages = with pkgs; [ docker @@ -287,15 +282,8 @@ ]; }; }; - # services.cron = { - # enable = true; - # systemCronJobs = [ - # "*/5 * * * * root date >> /tmp/cron.log" - # ]; - # }; networking.firewall.enable = false; - # networking.firewall.trustedInterfaces = [ "docker0" ]; # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions From e5d7725ceddb5d1d6a4ea9a24f78a4f7615b0360 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 2 Jan 2026 14:34:19 -0700 Subject: [PATCH 14/47] ingressclass --- .github/workflows/apply-kubernetes.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/apply-kubernetes.yml b/.github/workflows/apply-kubernetes.yml index c94b512..1346b80 100644 --- a/.github/workflows/apply-kubernetes.yml +++ b/.github/workflows/apply-kubernetes.yml @@ -31,3 +31,5 @@ jobs: run: | kubectl apply -f kubernetes/ingress kubectl apply -f kubernetes/proxy-ingress + + kubectl annotate ingressclass nginx ingressclass.kubernetes.io/is-default-class=true \ No newline at end of file From 3b8e6410ef2f7b7f0807da67520a39f7028d61b1 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 2 Jan 2026 15:36:40 -0700 Subject: [PATCH 15/47] copilot ingress --- .github/workflows/apply-kubernetes.yml | 5 +-- home-server/nginx.conf | 12 ------- .../proxy-ingress/copilot-proxy-ingress.yml | 33 +++++++++++++++++++ 3 files changed, 36 insertions(+), 14 deletions(-) create mode 100644 kubernetes/proxy-ingress/copilot-proxy-ingress.yml diff --git a/.github/workflows/apply-kubernetes.yml b/.github/workflows/apply-kubernetes.yml index 1346b80..2dacc42 100644 --- a/.github/workflows/apply-kubernetes.yml +++ b/.github/workflows/apply-kubernetes.yml @@ -31,5 +31,6 @@ jobs: run: | kubectl apply -f kubernetes/ingress kubectl apply -f kubernetes/proxy-ingress - - kubectl annotate ingressclass nginx ingressclass.kubernetes.io/is-default-class=true \ No newline at end of file + + kubectl annotate ingressclass nginx \ + ingressclass.kubernetes.io/is-default-class="true" --overwrite diff --git a/home-server/nginx.conf b/home-server/nginx.conf index f4cb29b..48d92bd 100644 --- a/home-server/nginx.conf +++ b/home-server/nginx.conf @@ -55,18 +55,6 @@ server { } } -server { - listen 443 ssl; - listen [::]:443 ssl; - server_name plex.alexmickelson.guru; - - location / { - proxy_pass http://host.docker.internal:32400; - proxy_set_header Host $host; - proxy_set_header X-Real-IP $remote_addr; - } -} - server { listen 443 ssl; listen [::]:443 ssl; diff --git a/kubernetes/proxy-ingress/copilot-proxy-ingress.yml b/kubernetes/proxy-ingress/copilot-proxy-ingress.yml new file mode 100644 index 0000000..0e5224a --- /dev/null +++ b/kubernetes/proxy-ingress/copilot-proxy-ingress.yml @@ -0,0 +1,33 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: copilot-ingress + namespace: projects + annotations: + cert-manager.io/cluster-issuer: cloudflare-issuer +spec: + ingressClassName: nginx + tls: + - hosts: + - copilot.alexmickelson.guru + secretName: copilot-tls-cert + rules: + - host: copilot.alexmickelson.guru + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: copilot-service + port: + number: 4444 +--- +apiVersion: v1 +kind: Service +metadata: + name: copilot-service + namespace: projects +spec: + type: ExternalName + externalName: 100.122.128.107 From b882fe4a20d2b4457c2b005fdcefc89e86825ca1 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 2 Jan 2026 16:00:31 -0700 Subject: [PATCH 16/47] helm stuff --- .github/workflows/apply-kubernetes.yml | 14 +++++++++++++- nix/home-server.nix | 4 ++++ 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/.github/workflows/apply-kubernetes.yml b/.github/workflows/apply-kubernetes.yml index 2dacc42..87738ce 100644 --- a/.github/workflows/apply-kubernetes.yml +++ b/.github/workflows/apply-kubernetes.yml @@ -29,7 +29,19 @@ jobs: COPILOT_TOKEN: ${{ secrets.COPILOT_TOKEN }} working-directory: /home/github/infrastructure/infrastructure run: | - kubectl apply -f kubernetes/ingress + helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx + helm repo update + + helm install ingress-nginx ingress-nginx/ingress-nginx \ + --namespace ingress-nginx \ + --create-namespace \ + --set controller.kind=DaemonSet \ + --set controller.hostNetwork=true \ + --set controller.service.type=NodePort \ + --set controller.allowSnippetAnnotations=true \ + --set controller.metrics.enabled=false + + # kubectl apply -f kubernetes/ingress kubectl apply -f kubernetes/proxy-ingress kubectl annotate ingressclass nginx \ diff --git a/nix/home-server.nix b/nix/home-server.nix index 08deb5a..6fe5213 100644 --- a/nix/home-server.nix +++ b/nix/home-server.nix @@ -58,6 +58,9 @@ description = "github"; extraGroups = [ "docker" ]; shell = pkgs.fish; + packages = [ + kubernetes-helm + ]; }; users.users.alex = { isNormalUser = true; @@ -279,6 +282,7 @@ mbuffer lzop kubectl + kubernetes-helm ]; }; }; From 52718cc43bb84fc8df76073621e070b3259cdfd8 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 2 Jan 2026 16:02:05 -0700 Subject: [PATCH 17/47] helm stuff --- nix/home-server.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nix/home-server.nix b/nix/home-server.nix index 6fe5213..062116b 100644 --- a/nix/home-server.nix +++ b/nix/home-server.nix @@ -58,7 +58,7 @@ description = "github"; extraGroups = [ "docker" ]; shell = pkgs.fish; - packages = [ + packages = with pkgs; [ kubernetes-helm ]; }; From 34d9be2c20fd7c0e04340c3bfe2d0955ba96561c Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 2 Jan 2026 16:03:20 -0700 Subject: [PATCH 18/47] helm stuff --- .github/workflows/apply-kubernetes.yml | 12 ------------ kubernetes/helm-stuff.md | 16 ++++++++++++++++ nix/home-manager/server.home.nix | 1 + 3 files changed, 17 insertions(+), 12 deletions(-) create mode 100644 kubernetes/helm-stuff.md diff --git a/.github/workflows/apply-kubernetes.yml b/.github/workflows/apply-kubernetes.yml index 87738ce..39ec4b1 100644 --- a/.github/workflows/apply-kubernetes.yml +++ b/.github/workflows/apply-kubernetes.yml @@ -29,18 +29,6 @@ jobs: COPILOT_TOKEN: ${{ secrets.COPILOT_TOKEN }} working-directory: /home/github/infrastructure/infrastructure run: | - helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx - helm repo update - - helm install ingress-nginx ingress-nginx/ingress-nginx \ - --namespace ingress-nginx \ - --create-namespace \ - --set controller.kind=DaemonSet \ - --set controller.hostNetwork=true \ - --set controller.service.type=NodePort \ - --set controller.allowSnippetAnnotations=true \ - --set controller.metrics.enabled=false - # kubectl apply -f kubernetes/ingress kubectl apply -f kubernetes/proxy-ingress diff --git a/kubernetes/helm-stuff.md b/kubernetes/helm-stuff.md new file mode 100644 index 0000000..994b8ce --- /dev/null +++ b/kubernetes/helm-stuff.md @@ -0,0 +1,16 @@ + +ingress + +```bash +helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx +helm repo update + +helm install ingress-nginx ingress-nginx/ingress-nginx \ + --namespace ingress-nginx \ + --create-namespace \ + --set controller.kind=DaemonSet \ + --set controller.hostNetwork=true \ + --set controller.service.type=NodePort \ + --set controller.allowSnippetAnnotations=true \ + --set controller.metrics.enabled=false +``` \ No newline at end of file diff --git a/nix/home-manager/server.home.nix b/nix/home-manager/server.home.nix index bbc9a06..b92931c 100644 --- a/nix/home-manager/server.home.nix +++ b/nix/home-manager/server.home.nix @@ -5,5 +5,6 @@ opencode quickemu tree + kubernetes-helm ]; } \ No newline at end of file From b765566f94fa3d07a1ae1cc0600b2048629b1311 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 2 Jan 2026 16:13:45 -0700 Subject: [PATCH 19/47] helm ingress noted --- kubernetes/helm-stuff.md | 16 ---------------- kubernetes/readme.md | 22 ++++++++++++++++++++-- 2 files changed, 20 insertions(+), 18 deletions(-) delete mode 100644 kubernetes/helm-stuff.md diff --git a/kubernetes/helm-stuff.md b/kubernetes/helm-stuff.md deleted file mode 100644 index 994b8ce..0000000 --- a/kubernetes/helm-stuff.md +++ /dev/null @@ -1,16 +0,0 @@ - -ingress - -```bash -helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx -helm repo update - -helm install ingress-nginx ingress-nginx/ingress-nginx \ - --namespace ingress-nginx \ - --create-namespace \ - --set controller.kind=DaemonSet \ - --set controller.hostNetwork=true \ - --set controller.service.type=NodePort \ - --set controller.allowSnippetAnnotations=true \ - --set controller.metrics.enabled=false -``` \ No newline at end of file diff --git a/kubernetes/readme.md b/kubernetes/readme.md index eaac337..afb0a9d 100644 --- a/kubernetes/readme.md +++ b/kubernetes/readme.md @@ -34,8 +34,26 @@ Currently clouflare domains cannot be CNAME'd to tailscale domains: ## Kubernetes ingress controller -I had to modify the base ingress to allow for use on 80 and 443. There should be a way to do this with helm, but I can never quite get it to work + + +ingress + +```bash +helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx +helm repo update + +helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \ + --namespace ingress-nginx \ + --create-namespace \ + --set controller.kind=DaemonSet \ + --set controller.hostNetwork=true \ + --set controller.service.type=NodePort \ + --set controller.allowSnippetAnnotations=true \ + --set controller.metrics.enabled=false \ + --set controller.ingressClassResource.default=true +``` \ No newline at end of file From bd04e3a2d186214f7c86fe580fc16d40349e80b9 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 2 Jan 2026 16:18:22 -0700 Subject: [PATCH 20/47] send to jellyfin --- .../proxy-ingress/jellyfin-proxy-ingress.yml | 44 ++++++++++++------- 1 file changed, 29 insertions(+), 15 deletions(-) diff --git a/kubernetes/proxy-ingress/jellyfin-proxy-ingress.yml b/kubernetes/proxy-ingress/jellyfin-proxy-ingress.yml index a87f414..d438788 100644 --- a/kubernetes/proxy-ingress/jellyfin-proxy-ingress.yml +++ b/kubernetes/proxy-ingress/jellyfin-proxy-ingress.yml @@ -8,20 +8,20 @@ metadata: spec: ingressClassName: nginx tls: - - hosts: - - jellyfin.alexmickelson.guru - secretName: jellyfin-tls-cert + - hosts: + - jellyfin.alexmickelson.guru + secretName: jellyfin-tls-cert rules: - - host: jellyfin.alexmickelson.guru - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: jellyfin-service - port: - number: 8096 + - host: jellyfin.alexmickelson.guru + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: jellyfin-service + port: + number: 8096 --- apiVersion: v1 kind: Service @@ -29,5 +29,19 @@ metadata: name: jellyfin-service namespace: projects spec: - type: ExternalName - externalName: 100.122.128.107 \ No newline at end of file + ports: + - port: 8096 + targetPort: 8096 + protocol: TCP +--- +apiVersion: v1 +kind: Endpoints +metadata: + name: jellyfin-service + namespace: projects +subsets: + - addresses: + - ip: 100.122.128.107 + ports: + - port: 8096 + protocol: TCP From 84340e86cd183d376521556d6dee8ad43835853e Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 2 Jan 2026 16:19:36 -0700 Subject: [PATCH 21/47] send to jellyfin --- .../proxy-ingress/jellyfin-proxy-ingress.yml | 18 +++++++++++------- 1 file changed, 11 insertions(+), 7 deletions(-) diff --git a/kubernetes/proxy-ingress/jellyfin-proxy-ingress.yml b/kubernetes/proxy-ingress/jellyfin-proxy-ingress.yml index d438788..289e5b2 100644 --- a/kubernetes/proxy-ingress/jellyfin-proxy-ingress.yml +++ b/kubernetes/proxy-ingress/jellyfin-proxy-ingress.yml @@ -34,14 +34,18 @@ spec: targetPort: 8096 protocol: TCP --- -apiVersion: v1 -kind: Endpoints +apiVersion: discovery.k8s.io/v1 +kind: EndpointSlice metadata: name: jellyfin-service namespace: projects -subsets: + labels: + kubernetes.io/service-name: jellyfin-service +addressType: IPv4 +ports: + - name: http + port: 8096 + protocol: TCP +endpoints: - addresses: - - ip: 100.122.128.107 - ports: - - port: 8096 - protocol: TCP + - 100.122.128.107 From dae82f8971afc11e676c30cb007179567b8b0d19 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 2 Jan 2026 16:23:03 -0700 Subject: [PATCH 22/47] helm ingress noted --- kubernetes/proxy-ingress/jellyfin-proxy-ingress.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/kubernetes/proxy-ingress/jellyfin-proxy-ingress.yml b/kubernetes/proxy-ingress/jellyfin-proxy-ingress.yml index 289e5b2..baa9178 100644 --- a/kubernetes/proxy-ingress/jellyfin-proxy-ingress.yml +++ b/kubernetes/proxy-ingress/jellyfin-proxy-ingress.yml @@ -19,14 +19,14 @@ spec: pathType: Prefix backend: service: - name: jellyfin-service + name: jellyfin port: number: 8096 --- apiVersion: v1 kind: Service metadata: - name: jellyfin-service + name: jellyfin namespace: projects spec: ports: @@ -37,10 +37,10 @@ spec: apiVersion: discovery.k8s.io/v1 kind: EndpointSlice metadata: - name: jellyfin-service + name: jellyfin namespace: projects labels: - kubernetes.io/service-name: jellyfin-service + kubernetes.io/service-name: jellyfin addressType: IPv4 ports: - name: http @@ -49,3 +49,5 @@ ports: endpoints: - addresses: - 100.122.128.107 + conditions: + ready: true From 97ac6d224b9ffac01277e81f8bc9564ba5afec20 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 2 Jan 2026 16:29:49 -0700 Subject: [PATCH 23/47] refactoring proxy ingress to use endpointslice --- .../proxy-ingress/audiobook-proxy-ingress.yml | 30 ++++++++-- .../proxy-ingress/copilot-proxy-ingress.yml | 30 ++++++++-- .../proxy-ingress/grafana-proxy-ingress.yml | 30 ++++++++-- kubernetes/proxy-ingress/ha-proxy-ingress.yml | 30 ++++++++-- .../proxy-ingress/homepage-proxy-ingress.yml | 53 +++++++++++------ .../proxy-ingress/immich-proxy-ingress.yml | 52 ++++++++++++----- .../musicassistant-proxy-ingress.yml | 52 ++++++++++++----- .../proxy-ingress/nextcloud-proxy-ingress.yml | 58 +++++++++++++------ .../prometheus-proxy-ingress.yml | 28 +++++++-- 9 files changed, 271 insertions(+), 92 deletions(-) diff --git a/kubernetes/proxy-ingress/audiobook-proxy-ingress.yml b/kubernetes/proxy-ingress/audiobook-proxy-ingress.yml index ebd11fc..43b3958 100644 --- a/kubernetes/proxy-ingress/audiobook-proxy-ingress.yml +++ b/kubernetes/proxy-ingress/audiobook-proxy-ingress.yml @@ -8,7 +8,7 @@ metadata: spec: ingressClassName: nginx tls: - - hosts: + - hosts: - audiobook.alexmickelson.guru secretName: audiobookshelf-tls-cert rules: @@ -19,15 +19,35 @@ spec: pathType: Prefix backend: service: - name: audiobookshelf-service + name: audiobookshelf port: number: 13378 --- apiVersion: v1 kind: Service metadata: - name: audiobookshelf-service + name: audiobookshelf namespace: projects spec: - type: ExternalName - externalName: 100.122.128.107 + ports: + - port: 13378 + targetPort: 13378 + protocol: TCP +--- +apiVersion: discovery.k8s.io/v1 +kind: EndpointSlice +metadata: + name: audiobookshelf + namespace: projects + labels: + kubernetes.io/service-name: audiobookshelf +addressType: IPv4 +ports: +- name: http + port: 13378 + protocol: TCP +endpoints: +- addresses: + - 100.122.128.107 + conditions: + ready: true diff --git a/kubernetes/proxy-ingress/copilot-proxy-ingress.yml b/kubernetes/proxy-ingress/copilot-proxy-ingress.yml index 0e5224a..509d511 100644 --- a/kubernetes/proxy-ingress/copilot-proxy-ingress.yml +++ b/kubernetes/proxy-ingress/copilot-proxy-ingress.yml @@ -8,7 +8,7 @@ metadata: spec: ingressClassName: nginx tls: - - hosts: + - hosts: - copilot.alexmickelson.guru secretName: copilot-tls-cert rules: @@ -19,15 +19,35 @@ spec: pathType: Prefix backend: service: - name: copilot-service + name: copilot port: number: 4444 --- apiVersion: v1 kind: Service metadata: - name: copilot-service + name: copilot namespace: projects spec: - type: ExternalName - externalName: 100.122.128.107 + ports: + - port: 4444 + targetPort: 4444 + protocol: TCP +--- +apiVersion: discovery.k8s.io/v1 +kind: EndpointSlice +metadata: + name: copilot + namespace: projects + labels: + kubernetes.io/service-name: copilot +addressType: IPv4 +ports: +- name: http + port: 4444 + protocol: TCP +endpoints: +- addresses: + - 100.122.128.107 + conditions: + ready: true diff --git a/kubernetes/proxy-ingress/grafana-proxy-ingress.yml b/kubernetes/proxy-ingress/grafana-proxy-ingress.yml index 0127788..cc4af56 100644 --- a/kubernetes/proxy-ingress/grafana-proxy-ingress.yml +++ b/kubernetes/proxy-ingress/grafana-proxy-ingress.yml @@ -8,7 +8,7 @@ metadata: spec: ingressClassName: nginx tls: - - hosts: + - hosts: - grafana.alexmickelson.guru secretName: grafana-tls-cert rules: @@ -19,15 +19,35 @@ spec: pathType: Prefix backend: service: - name: grafana-service + name: grafana port: number: 3000 --- apiVersion: v1 kind: Service metadata: - name: grafana-service + name: grafana namespace: projects spec: - type: ExternalName - externalName: 100.122.128.107 + ports: + - port: 3000 + targetPort: 3000 + protocol: TCP +--- +apiVersion: discovery.k8s.io/v1 +kind: EndpointSlice +metadata: + name: grafana + namespace: projects + labels: + kubernetes.io/service-name: grafana +addressType: IPv4 +ports: +- name: http + port: 3000 + protocol: TCP +endpoints: +- addresses: + - 100.122.128.107 + conditions: + ready: true diff --git a/kubernetes/proxy-ingress/ha-proxy-ingress.yml b/kubernetes/proxy-ingress/ha-proxy-ingress.yml index 2332c20..bb310d1 100644 --- a/kubernetes/proxy-ingress/ha-proxy-ingress.yml +++ b/kubernetes/proxy-ingress/ha-proxy-ingress.yml @@ -8,7 +8,7 @@ metadata: spec: ingressClassName: nginx tls: - - hosts: + - hosts: - ha.alexmickelson.guru secretName: ha-tls-cert rules: @@ -19,15 +19,35 @@ spec: pathType: Prefix backend: service: - name: home-assistant-service + name: home-assistant port: number: 8123 --- apiVersion: v1 kind: Service metadata: - name: home-assistant-service + name: home-assistant namespace: projects spec: - type: ExternalName - externalName: 100.122.128.107 + ports: + - port: 8123 + targetPort: 8123 + protocol: TCP +--- +apiVersion: discovery.k8s.io/v1 +kind: EndpointSlice +metadata: + name: home-assistant + namespace: projects + labels: + kubernetes.io/service-name: home-assistant +addressType: IPv4 +ports: +- name: http + port: 8123 + protocol: TCP +endpoints: +- addresses: + - 100.122.128.107 + conditions: + ready: true diff --git a/kubernetes/proxy-ingress/homepage-proxy-ingress.yml b/kubernetes/proxy-ingress/homepage-proxy-ingress.yml index 9747190..5bdcd10 100644 --- a/kubernetes/proxy-ingress/homepage-proxy-ingress.yml +++ b/kubernetes/proxy-ingress/homepage-proxy-ingress.yml @@ -8,27 +8,46 @@ metadata: spec: ingressClassName: nginx tls: - - hosts: - - home.alexmickelson.guru - secretName: home-tls-cert + - hosts: + - home.alexmickelson.guru + secretName: home-tls-cert rules: - - host: home.alexmickelson.guru - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: homepage-service - port: - number: 3001 + - host: home.alexmickelson.guru + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: homepage + port: + number: 3001 --- apiVersion: v1 kind: Service metadata: - name: homepage-service + name: homepage namespace: projects spec: - type: ExternalName - externalName: 100.122.128.107 - \ No newline at end of file + ports: + - port: 3001 + targetPort: 3001 + protocol: TCP +--- +apiVersion: discovery.k8s.io/v1 +kind: EndpointSlice +metadata: + name: homepage + namespace: projects + labels: + kubernetes.io/service-name: homepage +addressType: IPv4 +ports: + - name: http + port: 3001 + protocol: TCP +endpoints: + - addresses: + - 100.122.128.107 + conditions: + ready: true diff --git a/kubernetes/proxy-ingress/immich-proxy-ingress.yml b/kubernetes/proxy-ingress/immich-proxy-ingress.yml index 46d6a0e..f1f8dd6 100644 --- a/kubernetes/proxy-ingress/immich-proxy-ingress.yml +++ b/kubernetes/proxy-ingress/immich-proxy-ingress.yml @@ -12,26 +12,46 @@ metadata: spec: ingressClassName: nginx tls: - - hosts: - - photos.alexmickelson.guru - secretName: immich-tls-cert + - hosts: + - photos.alexmickelson.guru + secretName: immich-tls-cert rules: - - host: photos.alexmickelson.guru - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: immich-service - port: - number: 2283 + - host: photos.alexmickelson.guru + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: immich + port: + number: 2283 --- apiVersion: v1 kind: Service metadata: - name: immich-service + name: immich namespace: projects spec: - type: ExternalName - externalName: 100.122.128.107 + ports: + - port: 2283 + targetPort: 2283 + protocol: TCP +--- +apiVersion: discovery.k8s.io/v1 +kind: EndpointSlice +metadata: + name: immich + namespace: projects + labels: + kubernetes.io/service-name: immich +addressType: IPv4 +ports: + - name: http + port: 2283 + protocol: TCP +endpoints: + - addresses: + - 100.122.128.107 + conditions: + ready: true diff --git a/kubernetes/proxy-ingress/musicassistant-proxy-ingress.yml b/kubernetes/proxy-ingress/musicassistant-proxy-ingress.yml index 94fb76d..b6efc73 100644 --- a/kubernetes/proxy-ingress/musicassistant-proxy-ingress.yml +++ b/kubernetes/proxy-ingress/musicassistant-proxy-ingress.yml @@ -8,26 +8,46 @@ metadata: spec: ingressClassName: nginx tls: - - hosts: - - sound.alexmickelson.guru - secretName: sound-tls-cert + - hosts: + - sound.alexmickelson.guru + secretName: sound-tls-cert rules: - - host: sound.alexmickelson.guru - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: musicassistant-service - port: - number: 8095 + - host: sound.alexmickelson.guru + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: musicassistant + port: + number: 8095 --- apiVersion: v1 kind: Service metadata: - name: musicassistant-service + name: musicassistant namespace: projects spec: - type: ExternalName - externalName: 100.122.128.107 + ports: + - port: 8095 + targetPort: 8095 + protocol: TCP +--- +apiVersion: discovery.k8s.io/v1 +kind: EndpointSlice +metadata: + name: musicassistant + namespace: projects + labels: + kubernetes.io/service-name: musicassistant +addressType: IPv4 +ports: + - name: http + port: 8095 + protocol: TCP +endpoints: + - addresses: + - 100.122.128.107 + conditions: + ready: true diff --git a/kubernetes/proxy-ingress/nextcloud-proxy-ingress.yml b/kubernetes/proxy-ingress/nextcloud-proxy-ingress.yml index 54e6131..12e4b9c 100644 --- a/kubernetes/proxy-ingress/nextcloud-proxy-ingress.yml +++ b/kubernetes/proxy-ingress/nextcloud-proxy-ingress.yml @@ -5,10 +5,10 @@ metadata: namespace: projects annotations: cert-manager.io/cluster-issuer: cloudflare-issuer - nginx.ingress.kubernetes.io/proxy-body-size: 51200m + nginx.ingress.kubernetes.io/proxy-body-size: 51200m nginx.ingress.kubernetes.io/server-snippet: |- - server_tokens off; - proxy_hide_header X-Powered-By; + server_tokens off; + proxy_hide_header X-Powered-By; nginx.ingress.kubernetes.io/cors-allow-headers: X-Forwarded-For nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/proxy-buffer-size: 225m @@ -20,26 +20,46 @@ metadata: spec: ingressClassName: nginx tls: - - hosts: - - next.alexmickelson.guru - secretName: nextcloud-tls-cert + - hosts: + - next.alexmickelson.guru + secretName: nextcloud-tls-cert rules: - - host: next.alexmickelson.guru - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: nextcloud-service - port: - number: 9001 + - host: next.alexmickelson.guru + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: nextcloud + port: + number: 9001 --- apiVersion: v1 kind: Service metadata: - name: nextcloud-service + name: nextcloud namespace: projects spec: - type: ExternalName - externalName: 100.122.128.107 + ports: + - port: 9001 + targetPort: 9001 + protocol: TCP +--- +apiVersion: discovery.k8s.io/v1 +kind: EndpointSlice +metadata: + name: nextcloud + namespace: projects + labels: + kubernetes.io/service-name: nextcloud +addressType: IPv4 +ports: + - name: http + port: 9001 + protocol: TCP +endpoints: + - addresses: + - 100.122.128.107 + conditions: + ready: true diff --git a/kubernetes/proxy-ingress/prometheus-proxy-ingress.yml b/kubernetes/proxy-ingress/prometheus-proxy-ingress.yml index 0b040fe..fa80474 100644 --- a/kubernetes/proxy-ingress/prometheus-proxy-ingress.yml +++ b/kubernetes/proxy-ingress/prometheus-proxy-ingress.yml @@ -19,15 +19,35 @@ spec: pathType: Prefix backend: service: - name: prometheus-service + name: prometheus port: number: 9091 --- apiVersion: v1 kind: Service metadata: - name: prometheus-service + name: prometheus namespace: projects spec: - type: ExternalName - externalName: 100.122.128.107 + ports: + - port: 9091 + targetPort: 9091 + protocol: TCP +--- +apiVersion: discovery.k8s.io/v1 +kind: EndpointSlice +metadata: + name: prometheus + namespace: projects + labels: + kubernetes.io/service-name: prometheus +addressType: IPv4 +ports: + - name: http + port: 9091 + protocol: TCP +endpoints: + - addresses: + - 100.122.128.107 + conditions: + ready: true From 0b798efb6832d35e2f4ae939984258f1f6212aa0 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 2 Jan 2026 17:50:38 -0700 Subject: [PATCH 24/47] working helm config --- .../proxy-ingress/nextcloud-proxy-ingress.yml | 4 +-- .../prometheus-proxy-ingress.yml | 26 +++++++++---------- kubernetes/readme.md | 8 ++++-- 3 files changed, 21 insertions(+), 17 deletions(-) diff --git a/kubernetes/proxy-ingress/nextcloud-proxy-ingress.yml b/kubernetes/proxy-ingress/nextcloud-proxy-ingress.yml index 12e4b9c..d534bb0 100644 --- a/kubernetes/proxy-ingress/nextcloud-proxy-ingress.yml +++ b/kubernetes/proxy-ingress/nextcloud-proxy-ingress.yml @@ -13,9 +13,9 @@ metadata: nginx.ingress.kubernetes.io/enable-cors: "true" nginx.ingress.kubernetes.io/proxy-buffer-size: 225m nginx.ingress.kubernetes.io/proxy-buffering: "on" - nginx.ingress.kubernetes.io/proxy-connect-timeout: 60s - nginx.ingress.kubernetes.io/proxy-read-timeout: "1800" nginx.ingress.kubernetes.io/proxy-request-buffering: "on" + nginx.ingress.kubernetes.io/proxy-connect-timeout: "60" + nginx.ingress.kubernetes.io/proxy-read-timeout: "1800" nginx.ingress.kubernetes.io/proxy-send-timeout: "1800" spec: ingressClassName: nginx diff --git a/kubernetes/proxy-ingress/prometheus-proxy-ingress.yml b/kubernetes/proxy-ingress/prometheus-proxy-ingress.yml index fa80474..3a031e1 100644 --- a/kubernetes/proxy-ingress/prometheus-proxy-ingress.yml +++ b/kubernetes/proxy-ingress/prometheus-proxy-ingress.yml @@ -8,20 +8,20 @@ metadata: spec: ingressClassName: nginx tls: - - hosts: - - prometheus.alexmickelson.guru - secretName: prometheus-tls-cert + - hosts: + - prometheus.alexmickelson.guru + secretName: prometheus-tls-cert rules: - - host: prometheus.alexmickelson.guru - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: prometheus - port: - number: 9091 + - host: prometheus.alexmickelson.guru + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: prometheus + port: + number: 9091 --- apiVersion: v1 kind: Service diff --git a/kubernetes/readme.md b/kubernetes/readme.md index afb0a9d..45ea403 100644 --- a/kubernetes/readme.md +++ b/kubernetes/readme.md @@ -51,9 +51,13 @@ helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \ --namespace ingress-nginx \ --create-namespace \ --set controller.kind=DaemonSet \ - --set controller.hostNetwork=true \ + --set controller.hostPort.enabled=true \ + --set controller.hostPort.ports.http=80 \ + --set controller.hostPort.ports.https=443 \ --set controller.service.type=NodePort \ --set controller.allowSnippetAnnotations=true \ + --set controller.config.annotations-risk-level=Critical \ --set controller.metrics.enabled=false \ --set controller.ingressClassResource.default=true -``` \ No newline at end of file +``` + From 661d781e781f2c93f2517083bbcb4fae7b078d03 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 2 Jan 2026 17:54:22 -0700 Subject: [PATCH 25/47] updated note --- kubernetes/ingress/ingress-nginx.yml | 782 --------------------------- kubernetes/readme.md | 2 +- 2 files changed, 1 insertion(+), 783 deletions(-) delete mode 100644 kubernetes/ingress/ingress-nginx.yml diff --git a/kubernetes/ingress/ingress-nginx.yml b/kubernetes/ingress/ingress-nginx.yml deleted file mode 100644 index 81dae7c..0000000 --- a/kubernetes/ingress/ingress-nginx.yml +++ /dev/null @@ -1,782 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - name: ingress-nginx ---- -apiVersion: v1 -automountServiceAccountToken: true -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 - name: ingress-nginx - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - namespaces - verbs: - - get -- apiGroups: - - "" - resources: - - configmaps - - pods - - secrets - - endpoints - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - coordination.k8s.io - resourceNames: - - ingress-nginx-leader - resources: - - leases - verbs: - - get - - update -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - create -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 - name: ingress-nginx-admission - namespace: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - secrets - verbs: - - get - - create ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 - name: ingress-nginx -rules: -- apiGroups: - - "" - resources: - - configmaps - - endpoints - - nodes - - pods - - secrets - - namespaces - verbs: - - list - - watch -- apiGroups: - - coordination.k8s.io - resources: - - leases - verbs: - - list - - watch -- apiGroups: - - "" - resources: - - nodes - verbs: - - get -- apiGroups: - - "" - resources: - - services - verbs: - - get - - list - - watch -- apiGroups: - - networking.k8s.io - resources: - - ingresses - verbs: - - get - - list - - watch -- apiGroups: - - "" - resources: - - events - verbs: - - create - - patch -- apiGroups: - - networking.k8s.io - resources: - - ingresses/status - verbs: - - update -- apiGroups: - - networking.k8s.io - resources: - - ingressclasses - verbs: - - get - - list - - watch -- apiGroups: - - discovery.k8s.io - resources: - - endpointslices - verbs: - - list - - watch - - get ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRole -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 - name: ingress-nginx-admission -rules: -- apiGroups: - - admissionregistration.k8s.io - resources: - - validatingwebhookconfigurations - verbs: - - get - - update ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 - name: ingress-nginx - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 - name: ingress-nginx-admission - namespace: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 - name: ingress-nginx -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx -subjects: -- kind: ServiceAccount - name: ingress-nginx - namespace: ingress-nginx ---- -apiVersion: rbac.authorization.k8s.io/v1 -kind: ClusterRoleBinding -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 - name: ingress-nginx-admission -roleRef: - apiGroup: rbac.authorization.k8s.io - kind: ClusterRole - name: ingress-nginx-admission -subjects: -- kind: ServiceAccount - name: ingress-nginx-admission - namespace: ingress-nginx ---- -apiVersion: v1 -data: - allow-snippet-annotations: "false" -kind: ConfigMap -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 - name: ingress-nginx-controller - namespace: ingress-nginx -data: - allow-snippet-annotations: "true" -# http-snippet: | -# proxy_cache_path /tmp/nginx-cache levels=1:2 keys_zone=static-cache:2m max_size=100m inactive=7d use_temp_path=off; -# proxy_cache_key $scheme$proxy_host$request_uri; -# proxy_cache_lock on; -# proxy_cache_use_stale updating; ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - ipFamilies: - - IPv4 - ipFamilyPolicy: SingleStack - ports: - - appProtocol: http - name: http - port: 80 - protocol: TCP - targetPort: http - - appProtocol: https - name: https - port: 443 - protocol: TCP - targetPort: https - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: NodePort ---- -apiVersion: v1 -kind: Service -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 - name: ingress-nginx-controller-admission - namespace: ingress-nginx -spec: - ports: - - appProtocol: https - name: https-webhook - port: 443 - targetPort: webhook - selector: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - type: ClusterIP -# --- -# apiVersion: apps/v1 -# kind: Deployment -# metadata: -# labels: -# app.kubernetes.io/component: controller -# app.kubernetes.io/instance: ingress-nginx -# app.kubernetes.io/name: ingress-nginx -# app.kubernetes.io/part-of: ingress-nginx -# app.kubernetes.io/version: 1.10.0 -# name: ingress-nginx-controller -# namespace: ingress-nginx -# spec: -# minReadySeconds: 0 -# revisionHistoryLimit: 10 -# selector: -# matchLabels: -# app.kubernetes.io/component: controller -# app.kubernetes.io/instance: ingress-nginx -# app.kubernetes.io/name: ingress-nginx -# strategy: -# rollingUpdate: -# maxUnavailable: 1 -# type: RollingUpdate -# template: -# metadata: -# labels: -# app.kubernetes.io/component: controller -# app.kubernetes.io/instance: ingress-nginx -# app.kubernetes.io/name: ingress-nginx -# app.kubernetes.io/part-of: ingress-nginx -# app.kubernetes.io/version: 1.10.0 -# spec: -# hostNetwork: true -# containers: -# - args: -# - /nginx-ingress-controller -# - --election-id=ingress-nginx-leader -# - --controller-class=k8s.io/ingress-nginx -# - --ingress-class=nginx -# - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller -# - --validating-webhook=:8443 -# - --validating-webhook-certificate=/usr/local/certificates/cert -# - --validating-webhook-key=/usr/local/certificates/key -# - --enable-metrics=false -# env: -# - name: POD_NAME -# valueFrom: -# fieldRef: -# fieldPath: metadata.name -# - name: POD_NAMESPACE -# valueFrom: -# fieldRef: -# fieldPath: metadata.namespace -# - name: LD_PRELOAD -# value: /usr/local/lib/libmimalloc.so -# image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c -# imagePullPolicy: IfNotPresent -# lifecycle: -# preStop: -# exec: -# command: -# - /wait-shutdown -# livenessProbe: -# failureThreshold: 5 -# httpGet: -# path: /healthz -# port: 10254 -# scheme: HTTP -# initialDelaySeconds: 10 -# periodSeconds: 10 -# successThreshold: 1 -# timeoutSeconds: 1 -# name: controller -# ports: -# - containerPort: 80 -# name: http -# protocol: TCP -# - containerPort: 443 -# name: https -# protocol: TCP -# - containerPort: 8443 -# name: webhook -# protocol: TCP -# readinessProbe: -# failureThreshold: 3 -# httpGet: -# path: /healthz -# port: 10254 -# scheme: HTTP -# initialDelaySeconds: 10 -# periodSeconds: 10 -# successThreshold: 1 -# timeoutSeconds: 1 -# resources: -# requests: -# cpu: 100m -# memory: 90Mi -# securityContext: -# allowPrivilegeEscalation: false -# capabilities: -# add: -# - NET_BIND_SERVICE -# drop: -# - ALL -# readOnlyRootFilesystem: false -# runAsNonRoot: true -# runAsUser: 101 -# seccompProfile: -# type: RuntimeDefault -# volumeMounts: -# - mountPath: /usr/local/certificates/ -# name: webhook-cert -# readOnly: true -# dnsPolicy: ClusterFirst -# nodeSelector: -# kubernetes.io/os: linux -# serviceAccountName: ingress-nginx -# terminationGracePeriodSeconds: 300 -# volumes: -# - name: webhook-cert -# secret: -# secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 - name: ingress-nginx-admission-create - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 - name: ingress-nginx-admission-create - spec: - containers: - - args: - - create - - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc - - --namespace=$(POD_NAMESPACE) - - --secret-name=ingress-nginx-admission - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 - imagePullPolicy: IfNotPresent - name: create - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 65532 - seccompProfile: - type: RuntimeDefault - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - serviceAccountName: ingress-nginx-admission ---- -apiVersion: apps/v1 -kind: DaemonSet -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 - name: ingress-nginx-controller - namespace: ingress-nginx -spec: - selector: - matchLabels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - template: - metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 - spec: - hostNetwork: true - containers: - - args: - - /nginx-ingress-controller - - --election-id=ingress-nginx-leader - - --controller-class=k8s.io/ingress-nginx - - --ingress-class=nginx - - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller - - --validating-webhook=:8443 - - --validating-webhook-certificate=/usr/local/certificates/cert - - --validating-webhook-key=/usr/local/certificates/key - - --enable-metrics=false - env: - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - - name: LD_PRELOAD - value: /usr/local/lib/libmimalloc.so - image: registry.k8s.io/ingress-nginx/controller:v1.10.0@sha256:42b3f0e5d0846876b1791cd3afeb5f1cbbe4259d6f35651dcc1b5c980925379c - imagePullPolicy: IfNotPresent - lifecycle: - preStop: - exec: - command: - - /wait-shutdown - livenessProbe: - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 - name: controller - ports: - - containerPort: 80 - name: http - protocol: TCP - - containerPort: 443 - name: https - protocol: TCP - - containerPort: 8443 - name: webhook - protocol: TCP - readinessProbe: - httpGet: - path: /healthz - port: 10254 - scheme: HTTP - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 1 - resources: - requests: - cpu: 100m - memory: 90Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - add: - - NET_BIND_SERVICE - drop: - - ALL - readOnlyRootFilesystem: false - runAsNonRoot: true - runAsUser: 101 - seccompProfile: - type: RuntimeDefault - volumeMounts: - - mountPath: /usr/local/certificates/ - name: webhook-cert - readOnly: true - dnsPolicy: ClusterFirst - nodeSelector: - # kubernetes.io/hostname: alex-office2 - kubernetes.io/os: linux - serviceAccountName: ingress-nginx - terminationGracePeriodSeconds: 300 - volumes: - - name: webhook-cert - secret: - secretName: ingress-nginx-admission ---- -apiVersion: batch/v1 -kind: Job -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 - name: ingress-nginx-admission-patch - namespace: ingress-nginx -spec: - template: - metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 - name: ingress-nginx-admission-patch - spec: - containers: - - args: - - patch - - --webhook-name=ingress-nginx-admission - - --namespace=$(POD_NAMESPACE) - - --patch-mutating=false - - --secret-name=ingress-nginx-admission - - --patch-failure-policy=Fail - env: - - name: POD_NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - image: registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.4.0@sha256:44d1d0e9f19c63f58b380c5fddaca7cf22c7cee564adeff365225a5df5ef3334 - imagePullPolicy: IfNotPresent - name: patch - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - readOnlyRootFilesystem: true - runAsNonRoot: true - runAsUser: 65532 - seccompProfile: - type: RuntimeDefault - nodeSelector: - kubernetes.io/os: linux - restartPolicy: OnFailure - serviceAccountName: ingress-nginx-admission ---- -apiVersion: networking.k8s.io/v1 -kind: IngressClass -metadata: - labels: - app.kubernetes.io/component: controller - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 - name: nginx -spec: - controller: k8s.io/ingress-nginx ---- -apiVersion: admissionregistration.k8s.io/v1 -kind: ValidatingWebhookConfiguration -metadata: - labels: - app.kubernetes.io/component: admission-webhook - app.kubernetes.io/instance: ingress-nginx - app.kubernetes.io/name: ingress-nginx - app.kubernetes.io/part-of: ingress-nginx - app.kubernetes.io/version: 1.10.0 - name: ingress-nginx-admission -webhooks: -- admissionReviewVersions: - - v1 - clientConfig: - service: - name: ingress-nginx-controller-admission - namespace: ingress-nginx - path: /networking/v1/ingresses - failurePolicy: Fail - matchPolicy: Equivalent - name: validate.nginx.ingress.kubernetes.io - rules: - - apiGroups: - - networking.k8s.io - apiVersions: - - v1 - operations: - - CREATE - - UPDATE - resources: - - ingresses - sideEffects: None diff --git a/kubernetes/readme.md b/kubernetes/readme.md index 45ea403..c055474 100644 --- a/kubernetes/readme.md +++ b/kubernetes/readme.md @@ -60,4 +60,4 @@ helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \ --set controller.metrics.enabled=false \ --set controller.ingressClassResource.default=true ``` - + From 64fd6707d56f6beb6e34244a52637a589319918d Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Sat, 3 Jan 2026 12:59:00 -0700 Subject: [PATCH 26/47] updates --- kubernetes/gitea/web.yml | 31 +++++++++++++++++-------------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/kubernetes/gitea/web.yml b/kubernetes/gitea/web.yml index 7801e95..aa894f8 100644 --- a/kubernetes/gitea/web.yml +++ b/kubernetes/gitea/web.yml @@ -15,7 +15,7 @@ spec: spec: containers: - name: gitea - image: docker.io/gitea/gitea:1.23 + image: docker.io/gitea/gitea:1.25 ports: - containerPort: 3000 - containerPort: 22 @@ -34,6 +34,8 @@ spec: value: "gitea" - name: GITEA__database__PASSWD value: wauiofnasufnweaiufbsdklfjb23456 + - name: GITEA__server__ROOT_URL + value: "https://gitea.alexmickelson.guru/" volumeMounts: - name: gitea-data mountPath: /data @@ -81,20 +83,21 @@ metadata: name: gitea namespace: projects annotations: - cert-manager.io/cluster-issuer: cloudflare-issuer # not really working with tailscale + cert-manager.io/cluster-issuer: cloudflare-issuer spec: - ingressClassName: tailscale + ingressClassName: nginx tls: - - hosts: - - gitea.alexmickelson.guru - secretName: gitea-tls-cert + - hosts: + - gitea.alexmickelson.guru + secretName: gitea-tls-cert2 rules: - - http: + - host: gitea.alexmickelson.guru + http: paths: - - path: / - pathType: Prefix - backend: - service: - name: gitea-web-svc - port: - number: 3000 \ No newline at end of file + - path: / + pathType: Prefix + backend: + service: + name: gitea-web-svc + port: + number: 3000 From d12f4f87f8ba44a78d906340542f14798b139a17 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Sat, 3 Jan 2026 19:34:23 -0700 Subject: [PATCH 27/47] updates --- nix/alex-desktop.nix | 15 +++++++++++++++ nix/home-server.nix | 2 +- 2 files changed, 16 insertions(+), 1 deletion(-) diff --git a/nix/alex-desktop.nix b/nix/alex-desktop.nix index 19224d3..b8fd236 100644 --- a/nix/alex-desktop.nix +++ b/nix/alex-desktop.nix @@ -156,6 +156,21 @@ boot.zfs.extraPools = [ "data" "data2" ]; + systemd.timers."nix-garbage-collect-weekly" = { + wantedBy = [ "timers.target" ]; + timerConfig = { + OnCalendar = "weekly"; + Persistent = true; + }; + }; + + systemd.services."nix-garbage-collect-weekly" = { + serviceConfig = { + Type = "oneshot"; + ExecStart = "/run/current-system/sw/bin/nix-collect-garbage --delete-older-than 7d"; + }; + }; + # This value determines the NixOS release from which the default # settings for stateful data, like file locations and database versions # on your system were taken. It‘s perfectly fine and recommended to leave diff --git a/nix/home-server.nix b/nix/home-server.nix index 062116b..8e2546a 100644 --- a/nix/home-server.nix +++ b/nix/home-server.nix @@ -78,7 +78,7 @@ home-manager.useGlobalPkgs = true; services.fwupd.enable = true; - systemd.timers."nix-garbage-collect-weekly" = { + systemd.timers."nix-garbage-collect-weekly" = { wantedBy = [ "timers.target" ]; timerConfig = { OnCalendar = "weekly"; From 7afbdaa5d9b57e0717023a6ec0705ae32ac0aeac Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Sun, 4 Jan 2026 16:50:03 -0700 Subject: [PATCH 28/47] fwupd --- nix/tv-computer.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/tv-computer.nix b/nix/tv-computer.nix index 0b318a7..596f560 100644 --- a/nix/tv-computer.nix +++ b/nix/tv-computer.nix @@ -64,6 +64,7 @@ programs.firefox.enable = true; nixpkgs.config.allowUnfree = true; + services.fwupd.enable = true; environment.systemPackages = with pkgs; [ vim From 2dd792206bcfbf859479d5a19a7e4e3d4bc1342a Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Sun, 4 Jan 2026 18:44:05 -0700 Subject: [PATCH 29/47] nexusmods --- nix/home-manager/desktop.home.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/home-manager/desktop.home.nix b/nix/home-manager/desktop.home.nix index 7d64c07..6feccde 100644 --- a/nix/home-manager/desktop.home.nix +++ b/nix/home-manager/desktop.home.nix @@ -22,6 +22,7 @@ bitwarden-desktop jellyfin-tui bluetui + nexusmods-app-unfree ]; programs.ghostty = { From 7d901d47dafd358d9464a649359bfa6a930918c5 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Mon, 5 Jan 2026 16:04:41 -0700 Subject: [PATCH 30/47] updates --- nix/home-manager/work.home.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nix/home-manager/work.home.nix b/nix/home-manager/work.home.nix index 000a485..d26008e 100644 --- a/nix/home-manager/work.home.nix +++ b/nix/home-manager/work.home.nix @@ -106,6 +106,8 @@ in { set -x LIBVIRT_DEFAULT_URI qemu:///system set -x TERM xterm-256color # ghostty + source "$HOME/.cargo/env.fish" + export SSH_AUTH_SOCK=/home/alexm/.bitwarden-ssh-agent.sock # ssh agent ''; }; From ccad019fdccb92fd6d8d2c33eb83b0124eebcf54 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Mon, 5 Jan 2026 19:43:31 -0700 Subject: [PATCH 31/47] metatube --- home-server/metatube/docker-compose.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) create mode 100644 home-server/metatube/docker-compose.yml diff --git a/home-server/metatube/docker-compose.yml b/home-server/metatube/docker-compose.yml new file mode 100644 index 0000000..28e22f7 --- /dev/null +++ b/home-server/metatube/docker-compose.yml @@ -0,0 +1,18 @@ +services: + metatube: + image: jvt038/metatube:latest + container_name: metatube + ports: + - 5555:5555 + environment: + - PORT=5555 + - HOST=0.0.0.0 + # Optional: set DEBUG=true for verbose logs + # - DEBUG=true + - DATABASE_URL=sqlite:////database/metatube.db + # Optional: set custom default download folder inside container + # - DOWNLOADS=/downloads + volumes: + - /data/media/music/tagged:/downloads + - /data/metatube/database:/database + - /data/metatube/migrations:/config/migrations \ No newline at end of file From 8019972d36b512686d2d2330f23e57c90b96110e Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Mon, 5 Jan 2026 19:50:29 -0700 Subject: [PATCH 32/47] no metatube --- home-server/metatube/docker-compose.yml | 18 ------------------ 1 file changed, 18 deletions(-) delete mode 100644 home-server/metatube/docker-compose.yml diff --git a/home-server/metatube/docker-compose.yml b/home-server/metatube/docker-compose.yml deleted file mode 100644 index 28e22f7..0000000 --- a/home-server/metatube/docker-compose.yml +++ /dev/null @@ -1,18 +0,0 @@ -services: - metatube: - image: jvt038/metatube:latest - container_name: metatube - ports: - - 5555:5555 - environment: - - PORT=5555 - - HOST=0.0.0.0 - # Optional: set DEBUG=true for verbose logs - # - DEBUG=true - - DATABASE_URL=sqlite:////database/metatube.db - # Optional: set custom default download folder inside container - # - DOWNLOADS=/downloads - volumes: - - /data/media/music/tagged:/downloads - - /data/metatube/database:/database - - /data/metatube/migrations:/config/migrations \ No newline at end of file From 7e5ff0be42a91d168e897885ad62fe14f1afb7b3 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Mon, 5 Jan 2026 19:51:45 -0700 Subject: [PATCH 33/47] yubal --- home-server/yubal/docker-compose.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) create mode 100644 home-server/yubal/docker-compose.yml diff --git a/home-server/yubal/docker-compose.yml b/home-server/yubal/docker-compose.yml new file mode 100644 index 0000000..73701f3 --- /dev/null +++ b/home-server/yubal/docker-compose.yml @@ -0,0 +1,13 @@ +services: + yubal: + image: ghcr.io/guillevc/yubal:latest + container_name: yubal + ports: + - 5555:8000 + environment: + YUBAL_TZ: UTC + volumes: + - /data/media/music/tagged:/app/data # Where your music will be saved + - /data/yubal/beets:/app/beets # Beets configuration and database + - /data/yubal/ytdlp:/app/ytdlp # yt-dlp configuration (cookies) + restart: unless-stopped \ No newline at end of file From b527582b9dc0d8f654cb71ba47def91d84ae93cd Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Mon, 5 Jan 2026 22:53:52 -0700 Subject: [PATCH 34/47] zip --- nix/ai-vm.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/nix/ai-vm.nix b/nix/ai-vm.nix index e37d143..64d6634 100644 --- a/nix/ai-vm.nix +++ b/nix/ai-vm.nix @@ -72,6 +72,7 @@ git tmux vscode + zip ]; }; home-manager.users.alex = { pgks, ...}: { From ee632f7ea950dceefa0f019994e0d8a76e1c4e41 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Tue, 6 Jan 2026 12:32:15 -0700 Subject: [PATCH 35/47] updates --- nix/flakes/opencode/flake.lock | 6 +++--- nix/flakes/opencode/flake.nix | 1 + 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/nix/flakes/opencode/flake.lock b/nix/flakes/opencode/flake.lock index ad7d10e..c8fb9e9 100644 --- a/nix/flakes/opencode/flake.lock +++ b/nix/flakes/opencode/flake.lock @@ -20,11 +20,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1759520764, - "narHash": "sha256-jERdfBm1rQc9qAdPi1lMEv9inEl7kvvnXCst//ZD2Yc=", + "lastModified": 1767726775, + "narHash": "sha256-mpA/pevxXJzu/5rbdb7u0BzgEJCDDQd1EZ3oyyOo8VI=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bcbcd4e5a8cb24199859dd73e448494c8c7d55cb", + "rev": "f8ce89e3edbc488a5b17c559ad55f083282420e9", "type": "github" }, "original": { diff --git a/nix/flakes/opencode/flake.nix b/nix/flakes/opencode/flake.nix index f57834d..da0992b 100644 --- a/nix/flakes/opencode/flake.nix +++ b/nix/flakes/opencode/flake.nix @@ -19,6 +19,7 @@ }; models = { "gpt-oss-120b" = { }; + "devstral-123b" = { }; }; }; home = { From 909c72a310bf7f39b0891a70f3bd1330c2914c77 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Tue, 6 Jan 2026 14:25:41 -0700 Subject: [PATCH 36/47] ghostty config --- nix/home-manager/alex.home.nix | 7 +++++++ nix/home-manager/work.home.nix | 2 +- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/nix/home-manager/alex.home.nix b/nix/home-manager/alex.home.nix index 20a9fd6..e4d6b9b 100644 --- a/nix/home-manager/alex.home.nix +++ b/nix/home-manager/alex.home.nix @@ -29,6 +29,13 @@ programs.direnv = { enable = true; }; + programs.ghostty = { + enable = true; + enableFishIntegration = true; + settings = { + window-new-tab-cwd = "home"; + }; + }; home.sessionVariables = { EDITOR = "vim"; }; diff --git a/nix/home-manager/work.home.nix b/nix/home-manager/work.home.nix index d26008e..33b58d4 100644 --- a/nix/home-manager/work.home.nix +++ b/nix/home-manager/work.home.nix @@ -50,7 +50,7 @@ in { firefoxpwa bluetui #nixfmt-classic - opencodeFlake.packages.${system}.opencode + opencodeFlake.packages.${pkgs.stdenv.hostPlatform.system}.opencode bitwarden-desktop wiremix (config.lib.nixGL.wrap moonlight-qt) From 096d8c7a3e72427b0b29c24911f15cc6b6105254 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Wed, 7 Jan 2026 09:17:19 -0700 Subject: [PATCH 37/47] updates --- nix/home-manager/work.home.nix | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/nix/home-manager/work.home.nix b/nix/home-manager/work.home.nix index 33b58d4..c4ca6a2 100644 --- a/nix/home-manager/work.home.nix +++ b/nix/home-manager/work.home.nix @@ -2,6 +2,7 @@ let opencodeFlake = builtins.getFlake (toString ../flakes/opencode); + monitorTuiFlake = builtins.getFlake (toString ../../monitors/monitor-tui-rs); nixgl = import (fetchTarball "https://github.com/nix-community/nixGL/archive/main.tar.gz") { }; @@ -51,6 +52,7 @@ in { bluetui #nixfmt-classic opencodeFlake.packages.${pkgs.stdenv.hostPlatform.system}.opencode + monitorTuiFlake.packages.${pkgs.stdenv.hostPlatform.system}.default bitwarden-desktop wiremix (config.lib.nixGL.wrap moonlight-qt) @@ -69,7 +71,13 @@ in { }; programs.direnv = { enable = true; }; - programs.ghostty = { enable = true; }; + programs.ghostty = { + enable = true; + enableFishIntegration = true; + settings = { + window-new-tab-cwd = "home"; + }; + }; programs.fish = { enable = true; shellInit = '' From ec0b25779fffbb5006dec98ca48007fb3f023863 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Wed, 7 Jan 2026 11:49:25 -0700 Subject: [PATCH 38/47] ghostty --- nix/home-manager/alex.home.nix | 6 +++++- nix/home-manager/work.home.nix | 6 +++++- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/nix/home-manager/alex.home.nix b/nix/home-manager/alex.home.nix index e4d6b9b..755daa1 100644 --- a/nix/home-manager/alex.home.nix +++ b/nix/home-manager/alex.home.nix @@ -33,7 +33,11 @@ enable = true; enableFishIntegration = true; settings = { - window-new-tab-cwd = "home"; + window-inherit-working-directory = "false"; + theme = "Atom"; + font-size = "18"; + window-height = "30"; + window-width = "120"; }; }; home.sessionVariables = { diff --git a/nix/home-manager/work.home.nix b/nix/home-manager/work.home.nix index c4ca6a2..52938fa 100644 --- a/nix/home-manager/work.home.nix +++ b/nix/home-manager/work.home.nix @@ -75,7 +75,11 @@ in { enable = true; enableFishIntegration = true; settings = { - window-new-tab-cwd = "home"; + window-inherit-working-directory = "false"; + theme = "Atom"; + font-size = "18"; + window-height = "30"; + window-width = "120"; }; }; programs.fish = { From 409074f3bf255035a105606e2a69918469ad2a83 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Wed, 7 Jan 2026 11:56:57 -0700 Subject: [PATCH 39/47] k3s --- kubernetes/readme.md | 3 +++ nix/modules/k3s.nix | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/kubernetes/readme.md b/kubernetes/readme.md index c055474..151f30c 100644 --- a/kubernetes/readme.md +++ b/kubernetes/readme.md @@ -61,3 +61,6 @@ helm upgrade --install ingress-nginx ingress-nginx/ingress-nginx \ --set controller.ingressClassResource.default=true ``` + + + diff --git a/nix/modules/k3s.nix b/nix/modules/k3s.nix index 4e9c4d4..6b6b087 100644 --- a/nix/modules/k3s.nix +++ b/nix/modules/k3s.nix @@ -11,6 +11,13 @@ "--bind-address 100.122.128.107" "--node-external-ip 100.122.128.107" "--tls-san 100.122.128.107" + + + # Disable disk-based evictions + "--kubelet-arg=eviction-hard=" + "--kubelet-arg=eviction-soft=" + "--kubelet-arg=eviction-soft-grace-period=" + "--kubelet-arg=eviction-pressure-transition-period=0s" ]; serverAddr = "https://100.122.128.107:6443"; }; From 7766fd10b94284891e185ec76d940865e87bd057 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Wed, 7 Jan 2026 15:03:37 -0700 Subject: [PATCH 40/47] zen stuff --- nix/home-manager/work.home.nix | 25 ++++++++++++++++++++++++- nix/modules/k3s.nix | 1 - 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/nix/home-manager/work.home.nix b/nix/home-manager/work.home.nix index 52938fa..b747ec1 100644 --- a/nix/home-manager/work.home.nix +++ b/nix/home-manager/work.home.nix @@ -3,6 +3,7 @@ let opencodeFlake = builtins.getFlake (toString ../flakes/opencode); monitorTuiFlake = builtins.getFlake (toString ../../monitors/monitor-tui-rs); + zenBrowserFlake = builtins.getFlake "github:youwen5/zen-browser-flake"; nixgl = import (fetchTarball "https://github.com/nix-community/nixGL/archive/main.tar.gz") { }; @@ -53,6 +54,7 @@ in { #nixfmt-classic opencodeFlake.packages.${pkgs.stdenv.hostPlatform.system}.opencode monitorTuiFlake.packages.${pkgs.stdenv.hostPlatform.system}.default + (config.lib.nixGL.wrap zenBrowserFlake.packages.${pkgs.stdenv.hostPlatform.system}.default) bitwarden-desktop wiremix (config.lib.nixGL.wrap moonlight-qt) @@ -207,6 +209,28 @@ in { Terminal=false Categories=Network;WebBrowser; ''; + ".local/share/applications/zen-browser.desktop".text = '' + [Desktop Entry] + Version=1.0 + Type=Application + Name=Zen Browser + Comment=A calmer Firefox-based browser + Exec=nixGLIntel zen + Icon=${zenBrowserFlake.packages.${pkgs.stdenv.hostPlatform.system}.default}/share/icons/hicolor/128x128/apps/zen.png + Terminal=false + Categories=Network;WebBrowser; + MimeType=text/html;text/xml;application/xhtml+xml;x-scheme-handler/http;x-scheme-handler/https; + StartupWMClass=zen + Actions=new-window;new-private-window; + + [Desktop Action new-window] + Name=Open a New Window + Exec=nixGLIntel zen --new-window + + [Desktop Action new-private-window] + Name=Open a New Private Window + Exec=nixGLIntel zen --private-window + ''; }; home.sessionVariables = { EDITOR = "vim"; }; @@ -236,6 +260,5 @@ in { package = pkgs.gnome-themes-extra; }; }; - # Let Home Manager install and manage itself. programs.home-manager.enable = true; } diff --git a/nix/modules/k3s.nix b/nix/modules/k3s.nix index 6b6b087..b5d14d6 100644 --- a/nix/modules/k3s.nix +++ b/nix/modules/k3s.nix @@ -6,7 +6,6 @@ enable = true; role = "server"; extraFlags = toString [ - # "--debug" # Optionally add additional args to k3s "--disable=traefik" "--bind-address 100.122.128.107" "--node-external-ip 100.122.128.107" From f8f793fea3e340740f9471772aa55ea2660c7d16 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Wed, 7 Jan 2026 19:57:58 -0700 Subject: [PATCH 41/47] ghostty home --- home-server/yubal/docker-compose.yml | 13 ------------- nix/home-manager/desktop.home.nix | 7 +++++++ 2 files changed, 7 insertions(+), 13 deletions(-) delete mode 100644 home-server/yubal/docker-compose.yml diff --git a/home-server/yubal/docker-compose.yml b/home-server/yubal/docker-compose.yml deleted file mode 100644 index 73701f3..0000000 --- a/home-server/yubal/docker-compose.yml +++ /dev/null @@ -1,13 +0,0 @@ -services: - yubal: - image: ghcr.io/guillevc/yubal:latest - container_name: yubal - ports: - - 5555:8000 - environment: - YUBAL_TZ: UTC - volumes: - - /data/media/music/tagged:/app/data # Where your music will be saved - - /data/yubal/beets:/app/beets # Beets configuration and database - - /data/yubal/ytdlp:/app/ytdlp # yt-dlp configuration (cookies) - restart: unless-stopped \ No newline at end of file diff --git a/nix/home-manager/desktop.home.nix b/nix/home-manager/desktop.home.nix index 6feccde..32b54a4 100644 --- a/nix/home-manager/desktop.home.nix +++ b/nix/home-manager/desktop.home.nix @@ -28,6 +28,13 @@ programs.ghostty = { enable = true; enableFishIntegration = true; + settings = { + window-inherit-working-directory = "false"; + theme = "Atom"; + font-size = "18"; + window-height = "30"; + window-width = "120"; + }; }; fonts.fontconfig.enable = true; From 88c1b9eb687d68da6beb20e5c283385f907ee051 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Wed, 7 Jan 2026 20:10:20 -0700 Subject: [PATCH 42/47] ghostty configs --- nix/home-manager/desktop.home.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/nix/home-manager/desktop.home.nix b/nix/home-manager/desktop.home.nix index 32b54a4..34e78bb 100644 --- a/nix/home-manager/desktop.home.nix +++ b/nix/home-manager/desktop.home.nix @@ -31,9 +31,9 @@ settings = { window-inherit-working-directory = "false"; theme = "Atom"; - font-size = "18"; - window-height = "30"; - window-width = "120"; + font-size = 10; + window-height = 30; + window-width = 90; }; }; From 293ec63b750fb59c5e35d87a978fbe1f44c4420c Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Thu, 8 Jan 2026 10:05:48 -0700 Subject: [PATCH 43/47] testing --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 9f75fd6..7f4ff69 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,10 @@ ![home server update](https://github.com/alexmickelson/infrastructure/actions/workflows/update-home-server.yml/badge.svg) + [![ZFS Backup](https://github.com/alexmickelson/infrastructure/actions/workflows/backup-zfs.yml/badge.svg)](https://github.com/alexmickelson/infrastructure/actions/workflows/backup-zfs.yml) + + + [![Manage Jellyfin Playlists](https://github.com/alexmickelson/infrastructure/actions/workflows/update-playlist.yml/badge.svg)](https://github.com/alexmickelson/infrastructure/actions/workflows/update-playlist.yml) From dadabdb1bbe3600f7cc153df9bd305df3ab170a1 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Sat, 10 Jan 2026 14:44:40 -0700 Subject: [PATCH 44/47] adb stuff --- nix/alex-desktop.nix | 3 ++- nix/home-manager/alex.home.nix | 7 ------- nix/home-manager/desktop.home.nix | 4 ++-- 3 files changed, 4 insertions(+), 10 deletions(-) diff --git a/nix/alex-desktop.nix b/nix/alex-desktop.nix index b8fd236..5d787d9 100644 --- a/nix/alex-desktop.nix +++ b/nix/alex-desktop.nix @@ -114,6 +114,8 @@ mesa driversi686Linux.mesa mesa-demos + + android-tools ]; services.tailscale.enable = true; services.openssh.enable = true; @@ -123,7 +125,6 @@ programs.fish.enable = true; services.flatpak.enable = true; hardware.steam-hardware.enable = true; - programs.adb.enable = true; # graphene # programs.gamescope = { # enable = true; diff --git a/nix/home-manager/alex.home.nix b/nix/home-manager/alex.home.nix index 755daa1..f21e53d 100644 --- a/nix/home-manager/alex.home.nix +++ b/nix/home-manager/alex.home.nix @@ -32,13 +32,6 @@ programs.ghostty = { enable = true; enableFishIntegration = true; - settings = { - window-inherit-working-directory = "false"; - theme = "Atom"; - font-size = "18"; - window-height = "30"; - window-width = "120"; - }; }; home.sessionVariables = { EDITOR = "vim"; diff --git a/nix/home-manager/desktop.home.nix b/nix/home-manager/desktop.home.nix index 34e78bb..b75c917 100644 --- a/nix/home-manager/desktop.home.nix +++ b/nix/home-manager/desktop.home.nix @@ -31,9 +31,9 @@ settings = { window-inherit-working-directory = "false"; theme = "Atom"; - font-size = 10; + font-size = 14; window-height = 30; - window-width = 90; + window-width = 100; }; }; From 86bf7971b28191f407611b02e25778d01c3be03a Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Sat, 10 Jan 2026 16:20:16 -0700 Subject: [PATCH 45/47] updates --- nix/alex-desktop.nix | 42 +++++++++++++++--------------------------- nix/tv-computer.nix | 2 +- 2 files changed, 16 insertions(+), 28 deletions(-) diff --git a/nix/alex-desktop.nix b/nix/alex-desktop.nix index 5d787d9..2cafd6b 100644 --- a/nix/alex-desktop.nix +++ b/nix/alex-desktop.nix @@ -9,8 +9,7 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - networking.hostName = "alex-desktop"; # Define your hostname. - # networking.wireless.enable = true; # Enables wireless support via wpa_supplicant. + networking.hostName = "alex-desktop"; nix.settings.experimental-features = [ "nix-command" "flakes" ]; networking.networkmanager.enable = true; @@ -50,8 +49,21 @@ alsa.enable = true; alsa.support32Bit = true; pulse.enable = true; + + wireplumber = { + enable = true; + + extraConfig = { + "disable-x11" = { + "wireplumber.settings" = { + "support.x11" = false; + }; + }; + }; + }; }; + users.users.alex = { isNormalUser = true; description = "alex"; @@ -73,6 +85,7 @@ services.fwupd.enable = true; hardware.enableAllFirmware = true; hardware.firmware = with pkgs; [ linux-firmware ]; + programs.nix-ld.enable = true; nixpkgs.config.allowUnfree = true; environment.systemPackages = with pkgs; [ @@ -91,7 +104,6 @@ mangohud mlocate - wineWowPackages.stable wine (wine.override { wineBuild = "wine64"; }) @@ -99,16 +111,6 @@ wineWowPackages.staging winetricks wineWowPackages.waylandFull - # woeusb ntfs3g - # (lutris.override { - # extraLibraries = pkgs: [ - # # List library dependencies here - # ]; - # extraPkgs = pkgs: [ - # # List package dependencies here - # ]; - # }) - mesa-gl-headers mesa @@ -125,19 +127,6 @@ programs.fish.enable = true; services.flatpak.enable = true; hardware.steam-hardware.enable = true; - - # programs.gamescope = { - # enable = true; - # capSysNice = true; - # }; - # programs.gamemode.enable = true; - # programs.steam = { - # enable = true; - # gamescopeSession.enable = true; - # remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play - # dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server - # localNetworkGameTransfers.openFirewall = true; # Open ports in the firewall for Steam Local Network Game Transfers - # }; networking.firewall.enable = false; hardware.graphics = { @@ -145,7 +134,6 @@ enable = true; }; - fileSystems."/steam-data" = { device = "/dev/disk/by-uuid/437358fd-b9e4-46e2-bd45-f6b368acaac1"; diff --git a/nix/tv-computer.nix b/nix/tv-computer.nix index 596f560..d094dd7 100644 --- a/nix/tv-computer.nix +++ b/nix/tv-computer.nix @@ -102,6 +102,6 @@ systemd.targets.hibernate.enable = false; systemd.targets.hybrid-sleep.enable = false; - system.stateVersion = "24.05"; # Did you read the comment? + system.stateVersion = "25.11"; # Did you read the comment? } \ No newline at end of file From 4d49f57aa2cdd12ea07f7dae35ddf7f64423a0bf Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Fri, 16 Jan 2026 14:50:21 -0700 Subject: [PATCH 46/47] amd --- home-server/docker-compose.yml | 1 + nix/home-manager/work.home.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/home-server/docker-compose.yml b/home-server/docker-compose.yml index 248af15..833b6ce 100644 --- a/home-server/docker-compose.yml +++ b/home-server/docker-compose.yml @@ -261,6 +261,7 @@ services: environment: - SEARXNG_BASE_URL=http://server.alexmickelson.guru:4446/ restart: unless-stopped + networks: proxy: name: proxy diff --git a/nix/home-manager/work.home.nix b/nix/home-manager/work.home.nix index b747ec1..655c0b6 100644 --- a/nix/home-manager/work.home.nix +++ b/nix/home-manager/work.home.nix @@ -58,6 +58,7 @@ in { bitwarden-desktop wiremix (config.lib.nixGL.wrap moonlight-qt) + nvtopPackages.amd # jan # texlivePackages.jetbrainsmono-otf # nerd-fonts.fira-code From 929d32724f3c3cb01323f765ef52cfafc988ddb5 Mon Sep 17 00:00:00 2001 From: Alex Mickelson Date: Thu, 22 Jan 2026 14:07:56 -0700 Subject: [PATCH 47/47] lfs --- nix/ai-server-1.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/nix/ai-server-1.nix b/nix/ai-server-1.nix index 7ea1634..9cef9b0 100644 --- a/nix/ai-server-1.nix +++ b/nix/ai-server-1.nix @@ -131,6 +131,8 @@ zlib quickemu + + git-lfs ]; programs.nix-ld.enable = true;