bram.gotink.be / macharian
A lowly tech priest's attempt to please Mars
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

feat: get rid of drimor, rip

Bram Gotink 9b57e32d 2fc84ad2

+60 -29
+2 -5
README.md
··· 6 6 7 7 My setup is currently as follows: 8 8 9 - - Drimor: an ASUS NUC 14 running Debian with several KVM guests: 10 - - Ayzinith: Alpine VM running [pi-hole](https://github.com/pi-hole/pi-hole) 11 - - ~~Persepolis: Home Assistant OS VM~~ (currently broken after an SSD failure) 12 - - Proteus Quartus: A [Talos](https://talos.dev) node 13 - - Proteus Secundus: an ASUS NUC 15 running a [Talos](https://talos.dev) node on bare metal 9 + - Proteus Quartus: an ASUS NUC 14 running a [Talos](https://talos.dev) node on bare metal 10 + - Proteus Secundus: an ASUS NUC 15 running a Talos node on bare metal 14 11 - Paleon: A [Scaleway](https://scaleway.com/) VPS running an NGINX reverse proxy that exposes certain services over Tailscale to the outside world. 15 12 16 13 ## Kubernetes
+4 -1
kubernetes/apps/media/arr/radarr.yaml
··· 107 107 media: 108 108 existingClaim: media-storage 109 109 globalMounts: 110 - - path: /data/media 110 + - path: /data/media/downloads 111 + subPath: downloads 112 + - path: /data/media/movies 113 + subPath: movies
+4 -1
kubernetes/apps/media/arr/sonarr.yaml
··· 107 107 media: 108 108 existingClaim: media-storage 109 109 globalMounts: 110 - - path: /data/media 110 + - path: /data/media/downloads 111 + subPath: downloads 112 + - path: /data/media/shows 113 + subPath: shows
-6
talos/manifests/warp.yaml
··· 1 - apiVersion: v1alpha1 2 - kind: ExistingVolumeConfig 3 - name: warp 4 - discovery: 5 - volumeSelector: 6 - match: volume.dev_path == "/dev/vdc"
+42 -11
talos/talconfig.yaml
··· 23 23 nodeLabels: 24 24 node.kubernetes.io/exclude-from-external-load-balancers: 25 25 $$patch: delete 26 - - '@./manifests/registry-mirrors.yaml' 26 + # - '@./manifests/registry-mirrors.yaml' 27 27 28 28 cniConfig: 29 29 name: none ··· 33 33 - ${proteus_secundus_ip}/24 34 34 nameservers: 35 35 - ${upstream_dns} 36 + - ${upstream_dns2} 36 37 # ingressFirewall: 37 38 # defaultAction: block 38 39 # rules: ··· 114 115 - name: EPHEMERAL 115 116 provisioning: 116 117 maxSize: 50GiB 117 - encryption: &volume_encryption 118 + encryption: &secundus_volume_encryption 118 119 provider: luks2 119 120 keys: 120 121 - slot: 0 ··· 124 125 static: 125 126 passphrase: ${proteus_secundus_ssd_passphrase} 126 127 - name: STATE 127 - encryption: *volume_encryption 128 + encryption: *secundus_volume_encryption 128 129 userVolumes: 129 130 - name: longhorn-data 130 131 provisioning: ··· 134 135 grow: true 135 136 filesystem: 136 137 type: xfs 137 - encryption: *volume_encryption 138 + encryption: *secundus_volume_encryption 138 139 139 140 kernelModules: 140 141 - name: nvme_tcp ··· 160 161 machineSpec: 161 162 mode: metal 162 163 arch: amd64 163 - secureboot: false 164 + useUKI: true 165 + secureboot: true 164 166 schematic: 165 167 customization: 166 168 systemExtensions: 167 169 officialExtensions: 168 - - siderolabs/qemu-guest-agent 170 + - siderolabs/i915 171 + - siderolabs/intel-ucode 169 172 - siderolabs/iscsi-tools 173 + - siderolabs/tailscale 170 174 - siderolabs/util-linux-tools 171 175 172 - installDisk: /dev/vda 173 - # Proteus Quartus is a VM, the host takes care of disk encryption 176 + installDisk: /dev/nvme0n1 177 + volumes: 178 + - name: EPHEMERAL 179 + provisioning: 180 + maxSize: 50GiB 181 + encryption: &quartus_volume_encryption 182 + provider: luks2 183 + keys: 184 + - slot: 0 185 + tpm: 186 + checkSecurebootStatusOnEnroll: true 187 + - slot: 1 188 + static: 189 + passphrase: ${proteus_quartus_ssd_passphrase} 190 + - name: STATE 191 + encryption: *quartus_volume_encryption 174 192 userVolumes: 175 193 - name: longhorn-data 176 194 provisioning: 177 195 diskSelector: 178 - match: disk.dev_path == "/dev/vdb" 196 + match: disk.transport == "nvme" 179 197 minSize: 500GiB 180 198 grow: true 181 199 filesystem: 182 200 type: xfs 201 + encryption: *quartus_volume_encryption 202 + - name: warp 203 + provisioning: 204 + diskSelector: 205 + match: disk.transport == "sata" 206 + minSize: 3TiB 207 + grow: true 208 + filesystem: 209 + type: xfs 183 210 184 211 kernelModules: 185 212 - name: nvme_tcp 186 213 - name: vfio_pci 187 214 188 215 networkInterfaces: 189 - - interface: enp1s0 216 + - interface: enp86s0 190 217 addresses: 191 218 - ${proteus_quartus_ip}/24 192 219 routes: 193 220 - network: 0.0.0.0/0 194 221 gateway: ${proteus_gateway} 195 222 mtu: 1500 223 + vlans: 224 + - vlanId: 1 225 + addresses: 226 + - "${proteus_quartus_ip_admin_vlan}/24" 196 227 197 228 patches: 198 - - '@./manifests/warp.yaml' 229 + - '@./manifests/tailscale.yaml' 199 230 - '@./manifests/mount-longhorn-to-kubelet.yaml'
+8 -5
talos/talenv.yaml
··· 1 1 proteus_gateway: ENC[AES256_GCM,data:xcFr7bVazTonOapF,iv:VgBTk3l1Q8CtpXorP0sukR2IwDhpwdcR8WP+wwwIvxY=,tag:tEnw5i8Tlx39fLil6siEHw==,type:str] 2 2 proteus_secundus_ip: ENC[AES256_GCM,data:gbdC0Ft+J0Tr461g,iv:sF1N9m/1w0EpzxCPjWSnd4Ht3tudo0XogXG8bYE3NkQ=,tag:3CKvozSHh92L+PQGUjdvQg==,type:str] 3 - proteus_quartus_ip: ENC[AES256_GCM,data:rQF+ETp4vCWtGHj96A==,iv:xQ1SBcNoKovSdTs/UQmi9yiCQ0hRQC9opbjkXiU8bKE=,tag:op+1qnpMUc05KlSUTyTVxw==,type:str] 3 + proteus_quartus_ip: ENC[AES256_GCM,data:043skbZMi2ceXzw44Q==,iv:LXjIBvNhbPcgaRpSdNj6QcZqOFJ8uYvLlq+FNCSTCKc=,tag:/Pz9Ay86ALk/S5K0lFVK1Q==,type:str] 4 + proteus_quartus_ip_admin_vlan: ENC[AES256_GCM,data:kOZyYKzvhLAv/H0=,iv:lxDOeHngjQHmiuimcRMpijsCeWK7dOef1mWpnXXWm8Q=,tag:Zj+4juF1fEHRljhY6kJ2uQ==,type:str] 4 5 proteus_secundus_ssd_passphrase: ENC[AES256_GCM,data:X99/HFkWT3+Mz4zF+2YfwE9J2v6aBsuvtMx63oVs/P5wFYdcQtJ6/+ZYaAEC0mPgnenZSEzrbIVsIiue8IA3NOBor/sGOCDD8f2ATXcpKXYkZXoO9y6ELi7Infj76GSpJTu0IJUBpwjRKQPMVut/U0FJjR57ehjsYbcgSl51auec12C+yg3SaSThs5Nq2yde5FKDqV8qn+5/UsFUlxIv8TFD4pGtY10auw01EA==,iv:oqP2cR1VjerkcL7sxE8Iyqh5qJMH8jR57F/DWB2/a6Q=,tag:zMCNqXCUSIzm0+Zz10BGXw==,type:str] 6 + proteus_quartus_ssd_passphrase: ENC[AES256_GCM,data:djE96vT/jFZiuc/eGcqlInDqb+c6zWGvcAK8pL/T+m2LcmJgExNI1GfA8GiCzj7hmQS7LOWZpmKM8wIWveQKavyyeAmeCaYJdLM9G5Arsf5gsIl8YnHS3Su+aITep4S4hfHXxjJ1Nut3cjdQsvCdvcsXjDgwB8vME5jJD7dxKl5R1uluyUQzFC5izrNZ6r7zsXg/GCu1lh//DG7r04/ObENnszib5znaaFmJlQ==,iv:HUYUjDL9ea4/7EOPrTy0HOeRGbHIXYwSgb/ZeGxDC/8=,tag:5F0w4cyoZLhtdyf8DzKpog==,type:str] 5 7 admin_network: ENC[AES256_GCM,data:oc5xrdtIcWzMcYQ=,iv:GrumOJ7+CO9bRrWkmiD3ERZFGiUGcjiN6/Ue7+MvlJY=,tag:x6dYZvHj4GZXOTGUBozrPw==,type:str] 6 - upstream_dns: ENC[AES256_GCM,data:0j+L1FuG7Of0Ubxl,iv:OquOBpsGgD1hS5XOYePtD2eUaaS1b9ObUhNw/CuKa30=,tag:pJo4EiXKIMlmSYjAPW91Bg==,type:str] 8 + upstream_dns: ENC[AES256_GCM,data:NpSsakNZpA==,iv:t0UBVPYOZxGJXannKXJT7u3sVK6Siifp3qy7eicBzoM=,tag:nUaqQHuAfBrgTRRD0jcC+g==,type:str] 9 + upstream_dns2: ENC[AES256_GCM,data:sSgx4/xKBA==,iv:8wn61VmJ3G4klSQjm8MHICQzVzLHSw+X+pxkGIkvoQI=,tag:8S31a7sUq9nCWIWqLKwe4Q==,type:str] 7 10 harbor_username: ENC[AES256_GCM,data:5oegwHqXLgW7kDMvY8CA0/g0,iv:cb/suHtRt7XfXbLIEvcUM03miBHciUVlvQiFoo/aEL8=,tag:JLV/OCTM+0HDtQF+190JEQ==,type:str] 8 11 harbor_password: ENC[AES256_GCM,data:sWZraLG4z/GtTOn1hxXW/T4pt5R3toXhVnsUwwhedxY=,iv:0VjMFiDqOItnlrufPkJrBprjrJHnRzQelfBI5QvkMXc=,tag:Lb+VgZYS1P/2nS6wAYlOYA==,type:str] 9 12 secret_host: ENC[AES256_GCM,data:NbUxO/oahD17lpixRg==,iv:OwwxL8q+gFQkkMRENWIPXVrySM9QZr4Axy9nK7CLJjM=,tag:689Ze4lYdJO5npSVIiRoWw==,type:str] 10 - ts_authkey: ENC[AES256_GCM,data:0TSLG7DwGwM1pwvxoYB8pwhs5hn28WJzdhY5v/kFh64GoIFUgDwo1bGEEIUIyjY+AaGTctvTDx04IFEeIQ==,iv:5K6vN0P+fW+EslHp8OKDh67Y7de74o+pvKqISUDiSB0=,tag:/8VR2of9bkyZymlI/BXpQw==,type:str] 13 + ts_authkey: ENC[AES256_GCM,data:D6TeZTHySOixOJ+yoe6Z14Iy24YlirTdQFB5DCIYsXlTDMvVC2TBRQ6RZTQCnQQY5TQqagNdNqJptqk2cQ==,iv:xURkmQfTSysGuGEAtHs4n6gnCLiDz5sWB3/OnawrwPs=,tag:173n9z9/Gnih16Kx+269Bw==,type:str] 11 14 sops: 12 15 age: 13 16 - recipient: age13u6nqs8jgp268mya8rht9gyhu86cc53j74f5va65077rsrvkr9gsjeqk88 ··· 19 22 MFYyWWw0Q2pkajdOeVNRcmkwL1RxQnMK0g+KnIWd5tGyrW8XO/21XzZoy7EzJP/T 20 23 PvJ7f2tpLekKrBu/5YvIbl3davF+V1YV30L3ySFuDzdOcz3hg+DxbQ== 21 24 -----END AGE ENCRYPTED FILE----- 22 - lastmodified: "2025-11-19T19:47:07Z" 23 - mac: ENC[AES256_GCM,data:42f9JPJycLmGub/LSYRDxZn/yxOtijYbMgPXrzsZmgPfpYi1OdT3tIHLFGJHB4yM1c/rCz968uZx8NrReiSDjXtbsssNZnT0q84zbEr5sYUn1s3bbw+WDrm6FzceOW46r8qvD8FZC4atW50ddqQ2uWmS7C0mtzDAFSjCkoEVefo=,iv:wZKMpftszzDKfo7y7FPDtgN+Bkz68KxFHHPYK4wHV3Y=,tag:EeYXpO/r7wy6NHsyAWDg6g==,type:str] 25 + lastmodified: "2026-03-24T21:40:16Z" 26 + mac: ENC[AES256_GCM,data:qbMXzynVfM7hLbtTtb4sMoqqdBGGrzbBz0RyHH5K+wnD+g/npiMmziS/LgwqyfUAwFgSHBYigxcNdu4CpP9t6OvdL4OeiPVjlJ8PBZqY3X6dFmxaWJUoNWO4BsPyxX9aIvM3RdgsKUOjBA2DN4sytnXpdNWg6r52/yzExJeq9vw=,iv:8dRO1CE+4opuwcuofzdU4nBq8sQtmyrIMY1iVHl8v1o=,tag:RMEJxFYYPo25mdBgxgrv5Q==,type:str] 24 27 unencrypted_suffix: _unencrypted 25 28 version: 3.11.0