Gleipnir/nixos-systems
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
219 commits 1 branch 0 tags 938 KiB
Commit graph

219 commits

This branch
This branch
All branches
Author SHA1 Message Date
Eli Ribble
009829f6d9 Add twenty CRM secrets 2025-10-22 18:13:22 +00:00
Eli Ribble
7147413112 Switch fieldseeker to not do a top-level merge 
This actually breaks on any servers that don't define the fieldseeker
deployments as an empty list. Instead we do the clunkier, but working,
import-then-merge-each-attr.
 2025-10-22 18:02:15 +00:00
Eli Ribble
b7b06ec63b Fix sexcore name 2025-10-22 18:02:15 +00:00
Eli Ribble
dd3ae9f4d3 Add ffmpeg to webserver runtime 
Because it's running it as a subprocess now for transcoding.
 2025-10-22 18:02:15 +00:00
Eli Ribble
6d780d8ada Add non-standard SSH port 2025-10-22 18:02:15 +00:00
Eli Ribble
c83b46a352 Deploy fssync without separate audio post processor 2025-10-22 18:02:15 +00:00
Eli Ribble
fff3fa31b9 Switch to full domains in frps config 2025-10-22 18:02:15 +00:00
Eli Ribble
1119c3668c Flesh out all my ribbles domains 2025-10-22 18:02:15 +00:00
Eli Ribble
4e68e938ef Add config for frps subdomains 2025-10-22 18:02:15 +00:00
Eli Ribble
8eee817ef6 Unblock frps port in firewall 2025-10-22 18:02:15 +00:00
Eli Ribble
d739394ae2 Specify the bind port directly 
It's not a secret, and this will make it possible to use the
address/interface configured in the host configuration.
 2025-10-22 18:02:15 +00:00
Eli Ribble
010cabfe14 Add frps systemd unit for running frps all the time 2025-10-22 18:02:15 +00:00
Eli Ribble
e465a7bf1c Add label studio integration to gleipnir qa deployment 2025-10-22 18:00:34 +00:00
Eli Ribble
c5fc53024c Add secrets for label studio integration 2025-10-22 16:49:31 +00:00
Eli Ribble
8ca7c886a9 Update sentry dsn to use glitchtip SaaS 2025-10-22 03:27:39 +00:00
Eli Ribble
8f5ac7fe7c Enable debug logging and log level for librechat 
Trying to debug some behavior
 2025-10-20 23:01:15 +00:00
Eli Ribble
b7a5cdc1bd Lot Glitchtip errors to cloud hosted Glitchtip. 
On suggestion of one of its maintainers.
 2025-10-20 23:00:52 +00:00
Eli Ribble
71d1109bf8 Disable glitchtip private tmp 
I can't auto-clean the temp files when private temp is enabled according
to Claude
 2025-10-20 23:00:07 +00:00
Eli Ribble
2d5ccb7a8c Disable glitchtip 
Apparently our problems are fixed in the latest release, but we can't
have it until we go NixOS unstable, which I don't want to do yet.
 2025-10-20 23:00:07 +00:00
Eli Ribble
512a86e0b9 Remove warning about string type. 2025-10-20 23:00:07 +00:00
Eli Ribble
cea700ecf2 Remove some FRPS settings from old server install 2025-10-14 02:56:11 +00:00
Eli Ribble
62b4eb1933 Add frps systemd unit for running frps all the time 2025-10-13 22:03:15 +00:00
Eli Ribble
311890c861 Add frpc/frps to the system packages 2025-10-13 17:10:22 +00:00
Eli Ribble
8995e95041 Add the sovr role and initial frps deployment 2025-10-13 17:06:15 +00:00
Eli Ribble
29fa447da6 Make nocix sexcore name consistent 
I realized I had incorrectly used "hexcore"
 2025-10-10 01:36:45 +00:00
Eli Ribble
6c56e9a6da Move delta files to bigdisk 2025-10-10 01:34:08 +00:00
Eli Ribble
eaf2868cd3 Update fieldseeker sync environment for Delta and Gleipnir QA 2025-10-08 20:38:53 +00:00
Eli Ribble
e0931fae3a Clean up sops config, allow subdirectories. 2025-10-08 20:35:56 +00:00
Eli Ribble
fc936897c7 Move base restic backup config into a restic module 
This way its not duplicated in fieldseeker-sync
 2025-10-08 20:35:33 +00:00
Eli Ribble
da0954e737 Allow logic reuse in fieldseeker-sync deployment 
This uses a system of patterns to deploy everything needed for
fieldseeker sync and standardizes the naming conventions.
 2025-10-08 20:34:49 +00:00
Eli Ribble
de98f88da8 Make fieldseeker-sync a flake input 
Makes it easier to update since I just bump the commit ID and then it'll
deploy
 2025-10-07 18:24:58 +00:00
Eli Ribble
bff1b3183c Pass authentik-nix through as an input 
We aren't operating on it, just passing it through, so no need to
manually enumerate it on every pass-through point.
 2025-10-07 17:07:54 +00:00
Eli Ribble
a0017979c3 Add system definition for nocix-amd-legacy-hexcore 2025-10-07 17:07:54 +00:00
Eli Ribble
0abca6a86d Add definition for amd-legacy-hexcore 
This is merged between the existing sync system and the existing
nixos-anywhere definition for amd-legacy-hexcore. I'm going to attempt
to bring in a new pattern.
 2025-10-07 17:07:54 +00:00
Eli Ribble
6f89f0fe56 Add noxic-amd-legacy-hexcore to sops secrets 2025-10-07 17:07:19 +00:00
Eli Ribble
3e89673560 Get rag_api running through unix domain socket postgres 2025-10-03 15:01:36 +00:00
Eli Ribble
20330304b6 Enable cross-origin requests from minio to label studio 
This allows streaming of audio files directly to label studio
 2025-10-03 15:01:36 +00:00
Eli Ribble
352ed1a433 Disable signup for new users in label studio 
I'll manually create all the users myself
 2025-10-03 15:01:36 +00:00
Eli Ribble
e569fcd7d4 Switch to custom built label-studio 
I have a bug fix in to them for audio streaming
 2025-10-03 15:01:36 +00:00
Eli Ribble
938b1863f4 Fix missing redirect for console login 
Without this we get redirected to "/console" which doesn't load the UI
for some reason.
 2025-10-03 15:01:36 +00:00
Eli Ribble
54b79f1437 Switch reverse proxy to also handle s3 API 
Without this we only get the console but can't actually access the
S3-compatible portion of the API
 2025-10-03 15:01:36 +00:00
Eli Ribble
0632df5a30 Add proper Authentik scopes to minio OIDC config 
See https://integrations.goauthentik.io/infrastructure/minio/ for
details that I was following
 2025-10-03 15:01:36 +00:00
Eli Ribble
dad759c4b3 Add minio module for S3-compatible object storage 
Label Studio _really_ prefers using a direct object storage model. Can't
say I blame them, it makes sense given they are running Python.

I had to bump Authentik to not use its default port so that minio could
use its own default port. That seemed safest given that Authentik is
always proxied but minio/S3 may _not_ be. I'm just not sure.
 2025-10-03 15:01:36 +00:00
Eli Ribble
dbbed7117a Set up reverse proxy, configure hostname 
It was rather rediculously hard to get the CSRF settings correct. I
don't think I can register new users on anything but the commandline at
this point via:

podman exec -it podman-label-studio /bin/bash
label-studio start --username <username> --password <password>

Where <username> should actually be an email.
 2025-10-03 15:01:36 +00:00
Eli Ribble
d246caa613 Connect label-studio to postgres 2025-10-03 15:01:36 +00:00
Eli Ribble
8790585e6b Add label-studio initial module 
To make this work I have to map to the user 1001 inside the container.
I can't figure out how to do that intelligently after a bunch of
experimenting. Instead I'm just creating a new user "label-studio" with
uid 1001 and chowning the data directory to that user.

This is very brittle.

However, it's working, so I'm moving forward.
 2025-10-03 15:01:36 +00:00
Eli Ribble
a30f3321b1 Stop copying the glitchtip directory inside itself 
Over and over and over again
 2025-10-03 15:01:36 +00:00
Eli Ribble
443af99364 Enable mosh on all servers 
For times when I have to connect over cellular
 2025-10-03 15:01:36 +00:00
Eli Ribble
e3cb729e42 Get fieldseeker-sync database backup working 
The previous version only cleaned up previous backups because it was
missing a path or a set of dynamic files which is a feature for doing
cleanup. Instead I backported the unstable version so I could use
stdin-from-commend. Tested now and the upload completed.
 2025-10-01 14:48:56 +00:00
Eli Ribble
a2c37bac70 Move glitchtip to big disk and clean up its temp files 2025-09-30 22:57:19 +00:00