Compare commits
No commits in common. "5f60e6a0d746201fd5cf34e65facb59c8c5c46c3" and "ee71aa15633b74172e32cdc0fc3c965d92735fad" have entirely different histories.
5f60e6a0d7
...
ee71aa1563
221
flake.lock
221
flake.lock
|
@ -7,17 +7,16 @@
|
|||
"nixpkgs": "nixpkgs"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1695384796,
|
||||
"narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=",
|
||||
"lastModified": 1695339232,
|
||||
"narHash": "sha256-6wQHW3uHECpGIBolTccQ6x3/9b8E1SrO+VzTABKe2xM=",
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "1f677b3e161d3bdbfd08a939e8f25de2568e0ef4",
|
||||
"rev": "7f9dfa309f24dc74450ecab6e74bc3d11c7ce735",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "ryantm",
|
||||
"repo": "agenix",
|
||||
"rev": "1f677b3e161d3bdbfd08a939e8f25de2568e0ef4",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
|
@ -94,43 +93,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-compat": {
|
||||
"locked": {
|
||||
"lastModified": 1688025799,
|
||||
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
|
||||
"owner": "nix-community",
|
||||
"repo": "flake-compat",
|
||||
"rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "flake-compat",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-parts": {
|
||||
"inputs": {
|
||||
"nixpkgs-lib": [
|
||||
"nixpkgs-wayland",
|
||||
"nix-eval-jobs",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1696343447,
|
||||
"narHash": "sha256-B2xAZKLkkeRFG5XcHHSXXcP7To9Xzr59KXeZiRf4vdQ=",
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"rev": "c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "hercules-ci",
|
||||
"repo": "flake-parts",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils": {
|
||||
"locked": {
|
||||
"lastModified": 1667395993,
|
||||
|
@ -147,24 +109,6 @@
|
|||
}
|
||||
},
|
||||
"flake-utils_2": {
|
||||
"inputs": {
|
||||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694529238,
|
||||
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"flake-utils_3": {
|
||||
"locked": {
|
||||
"lastModified": 1634851050,
|
||||
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
|
||||
|
@ -207,11 +151,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1696737557,
|
||||
"narHash": "sha256-YD/pjDjj/BNmisEvRdM/vspkCU3xyyeGVAUWhvVSi5Y=",
|
||||
"lastModified": 1695224363,
|
||||
"narHash": "sha256-+hfjJLUMck5G92RVFDZA7LWkR3kOxs5zQ7RPW9t3eM8=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "3c1d8758ac3f55ab96dcaf4d271c39da4b6e836d",
|
||||
"rev": "408ba13188ff9ce309fa2bdd2f81287d79773b00",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -220,45 +164,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"lib-aggregate": {
|
||||
"inputs": {
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs-lib": "nixpkgs-lib"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1696766909,
|
||||
"narHash": "sha256-lU1BmCWpQ9cx64YnJKc89lMg9cx4pCokXIbh5J//2t0=",
|
||||
"owner": "nix-community",
|
||||
"repo": "lib-aggregate",
|
||||
"rev": "9f495e4feea66426589cbb59ac8b972993b5d872",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "lib-aggregate",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-eval-jobs": {
|
||||
"inputs": {
|
||||
"flake-parts": "flake-parts",
|
||||
"nixpkgs": "nixpkgs_5",
|
||||
"treefmt-nix": "treefmt-nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1696712215,
|
||||
"narHash": "sha256-znUR51gbpoqm79FKVyVl9V4va6P5bTr7tohPPW+iydU=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-eval-jobs",
|
||||
"rev": "26af7cabdb7ee637dc9b63f1ce609a467534713c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nix-eval-jobs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixinate": {
|
||||
"inputs": {
|
||||
"nixpkgs": "nixpkgs_3"
|
||||
|
@ -300,11 +205,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1696058303,
|
||||
"narHash": "sha256-eNqKWpF5zG0SrgbbtljFOrRgFgRzCc4++TMFADBMLnc=",
|
||||
"lastModified": 1693791338,
|
||||
"narHash": "sha256-wHmtB5H8AJTUaeGHw+0hsQ6nU4VyvVrP2P4NeCocRzY=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-generators",
|
||||
"rev": "150f38bd1e09e20987feacb1b0d5991357532fb5",
|
||||
"rev": "8ee78470029e641cddbd8721496da1316b47d3b4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -329,44 +234,6 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-lib": {
|
||||
"locked": {
|
||||
"lastModified": 1696726172,
|
||||
"narHash": "sha256-89yxFXzTA7JRyWo6hg7SD4DlS/ejYt8Y8IvGZHbSWsg=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"rev": "59da6ac0c02c48aa92dee37057f978412797db2a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs.lib",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs-wayland": {
|
||||
"inputs": {
|
||||
"flake-compat": "flake-compat",
|
||||
"lib-aggregate": "lib-aggregate",
|
||||
"nix-eval-jobs": "nix-eval-jobs",
|
||||
"nixpkgs": [
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1696768017,
|
||||
"narHash": "sha256-a3/jmm6ppT8Jtz4qq6urVCSNpcbKGsv18RMB3wXWk5w=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs-wayland",
|
||||
"rev": "20c7e3550485ed6be55c2ce9b6c8c05bbb9a6e1b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "nixpkgs-wayland",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1670242877,
|
||||
|
@ -401,11 +268,11 @@
|
|||
},
|
||||
"nixpkgs_4": {
|
||||
"locked": {
|
||||
"lastModified": 1696693680,
|
||||
"narHash": "sha256-PH0HQTkqyj7DmdPKPwrrXwVURLBqzZs4nqnDw9q8mhg=",
|
||||
"lastModified": 1695132891,
|
||||
"narHash": "sha256-cJR9AFHmt816cW/C9necLJyOg/gsnkvEeFAfxgeM1hc=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "945559664c1dc5836173ee12896ba421d9b37181",
|
||||
"rev": "8b5ab8341e33322e5b66fb46ce23d724050f6606",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -416,22 +283,6 @@
|
|||
}
|
||||
},
|
||||
"nixpkgs_5": {
|
||||
"locked": {
|
||||
"lastModified": 1696466515,
|
||||
"narHash": "sha256-SQJyUBoLXmPGueYTLj1yDVHolg2pnB+rUR4Z6p5AKpA=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "c52af267ad0c11b55f89cf6c70adb10694ad938e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "NixOS",
|
||||
"ref": "master",
|
||||
"repo": "nixpkgs",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixpkgs_6": {
|
||||
"locked": {
|
||||
"lastModified": 1636823747,
|
||||
"narHash": "sha256-oWo1nElRAOZqEf90Yek2ixdHyjD+gqtS/pAgwaQ9UhQ=",
|
||||
|
@ -454,39 +305,23 @@
|
|||
"nixinate": "nixinate",
|
||||
"nixos-generators": "nixos-generators",
|
||||
"nixpkgs": "nixpkgs_4",
|
||||
"nixpkgs-wayland": "nixpkgs-wayland",
|
||||
"terranix": "terranix"
|
||||
}
|
||||
},
|
||||
"systems": {
|
||||
"locked": {
|
||||
"lastModified": 1681028828,
|
||||
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-systems",
|
||||
"repo": "default",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"terranix": {
|
||||
"inputs": {
|
||||
"bats-assert": "bats-assert",
|
||||
"bats-support": "bats-support",
|
||||
"flake-utils": "flake-utils_3",
|
||||
"nixpkgs": "nixpkgs_6",
|
||||
"flake-utils": "flake-utils_2",
|
||||
"nixpkgs": "nixpkgs_5",
|
||||
"terranix-examples": "terranix-examples"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1695406838,
|
||||
"narHash": "sha256-xiUfVD6rtsVWFotVtUW3Q1nQh4obKzgvpN1wqZuGXvM=",
|
||||
"lastModified": 1684906298,
|
||||
"narHash": "sha256-pNuJxmVMGbBHw7pa+Bx0HY0orXIXoyyAXOKuQ1zpfus=",
|
||||
"owner": "terranix",
|
||||
"repo": "terranix",
|
||||
"rev": "fc9077ca02ab5681935dbf0ecd725c4d889b9275",
|
||||
"rev": "c0dd15076856c6cb425795b8c7d5d37d3a1e922a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -509,28 +344,6 @@
|
|||
"repo": "terranix-examples",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"treefmt-nix": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
"nixpkgs-wayland",
|
||||
"nix-eval-jobs",
|
||||
"nixpkgs"
|
||||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1695822946,
|
||||
"narHash": "sha256-IQU3fYo0H+oGlqX5YrgZU3VRhbt2Oqe6KmslQKUO4II=",
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"rev": "720bd006d855b08e60664e4683ccddb7a9ff614a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "numtide",
|
||||
"repo": "treefmt-nix",
|
||||
"type": "github"
|
||||
}
|
||||
}
|
||||
},
|
||||
"root": "root",
|
||||
|
|
43
flake.nix
43
flake.nix
|
@ -1,14 +1,10 @@
|
|||
{
|
||||
description = "Nix flake for my infrastructure";
|
||||
inputs = {
|
||||
agenix.url = "github:ryantm/agenix?rev=1f677b3e161d3bdbfd08a939e8f25de2568e0ef4";
|
||||
agenix.url = "github:ryantm/agenix";
|
||||
terranix.url = "github:terranix/terranix";
|
||||
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
||||
nixinate.url = "github:matthewcroughan/nixinate";
|
||||
nixpkgs-wayland = {
|
||||
url = "github:nix-community/nixpkgs-wayland";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
home-manager = {
|
||||
url = "github:nix-community/home-manager";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
@ -20,7 +16,7 @@
|
|||
alertmanager-ntfy.url = "github:alexbakker/alertmanager-ntfy";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix, alertmanager-ntfy, nixpkgs-wayland}:
|
||||
outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix, alertmanager-ntfy }:
|
||||
let
|
||||
pkgs = nixpkgs.legacyPackages.x86_64-linux;
|
||||
tf = terranix.lib.terranixConfiguration {
|
||||
|
@ -36,7 +32,7 @@
|
|||
set +o allexport
|
||||
'';
|
||||
nativeBuildInputs = [
|
||||
jq opentofu kubectl awscli2
|
||||
jq terraform ansible kubectl awscli2
|
||||
nodePackages.yaml-language-server
|
||||
k9s terraform-ls kubernetes-helm nil
|
||||
];
|
||||
|
@ -60,8 +56,8 @@
|
|||
program = toString (pkgs.writers.writeBash "plan" ''
|
||||
if [[ -e terraform/config.tf.json ]]; then rm -f terraform/config.tf.json; fi
|
||||
cp ${tf} terraform/config.tf.json \
|
||||
&& ${pkgs.opentofu}/bin/tofu -chdir=terraform init \
|
||||
&& ${pkgs.opentofu}/bin/tofu -chdir=terraform plan -out=plan.out
|
||||
&& ${pkgs.terraform}/bin/terraform -chdir=terraform init \
|
||||
&& ${pkgs.terraform}/bin/terraform -chdir=terraform plan -out=plan.out
|
||||
'');
|
||||
};
|
||||
tf-apply = {
|
||||
|
@ -69,8 +65,8 @@
|
|||
program = toString (pkgs.writers.writeBash "apply" ''
|
||||
if [[ -e terraform/config.tf.json ]]; then rm -f terraform/config.tf.json; fi
|
||||
cp ${tf} terraform/config.tf.json \
|
||||
&& ${pkgs.opentofu}/bin/tofu -chdir=terraform init \
|
||||
&& ${pkgs.opentofu}/bin/tofu -chdir=terraform apply plan.out
|
||||
&& ${pkgs.terraform}/bin/terraform -chdir=terraform init \
|
||||
&& ${pkgs.terraform}/bin/terraform -chdir=terraform apply plan.out
|
||||
'');
|
||||
};
|
||||
};
|
||||
|
@ -90,31 +86,6 @@
|
|||
home-manager.useUserPackages = true;
|
||||
home-manager.users.gsimmer = import ./nix/london/gsimmer.nix;
|
||||
}
|
||||
({pkgs, config, ... }:
|
||||
{
|
||||
config = {
|
||||
nix.settings = {
|
||||
# add binary caches
|
||||
trusted-public-keys = [
|
||||
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
|
||||
"nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
|
||||
];
|
||||
substituters = [
|
||||
"https://cache.nixos.org"
|
||||
"https://nixpkgs-wayland.cachix.org"
|
||||
];
|
||||
};
|
||||
|
||||
# use it as an overlay
|
||||
nixpkgs.overlays = [ nixpkgs-wayland.overlay ];
|
||||
|
||||
# or, pull specific packages (built against inputs.nixpkgs, usually `nixos-unstable`)
|
||||
environment.systemPackages = [
|
||||
nixpkgs-wayland.packages.x86_64-linux.waybar
|
||||
];
|
||||
};
|
||||
}
|
||||
)
|
||||
];
|
||||
};
|
||||
oracle-gitea-runner = nixpkgs.lib.nixosSystem {
|
||||
|
|
|
@ -1,134 +0,0 @@
|
|||
--- # Daemonset.yaml
|
||||
apiVersion: apps/v1
|
||||
kind: DaemonSet
|
||||
metadata:
|
||||
name: promtail-daemonset
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
name: promtail
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
name: promtail
|
||||
spec:
|
||||
serviceAccount: promtail-serviceaccount
|
||||
containers:
|
||||
- name: promtail-container
|
||||
image: grafana/promtail
|
||||
args:
|
||||
- -config.file=/etc/promtail/promtail.yaml
|
||||
env:
|
||||
- name: 'HOSTNAME' # needed when using kubernetes_sd_configs
|
||||
valueFrom:
|
||||
fieldRef:
|
||||
fieldPath: 'spec.nodeName'
|
||||
volumeMounts:
|
||||
- name: logs
|
||||
mountPath: /var/log
|
||||
- name: promtail-config
|
||||
mountPath: /etc/promtail
|
||||
- mountPath: /var/lib/docker/containers
|
||||
name: varlibdockercontainers
|
||||
readOnly: true
|
||||
volumes:
|
||||
- name: logs
|
||||
hostPath:
|
||||
path: /var/log
|
||||
- name: varlibdockercontainers
|
||||
hostPath:
|
||||
path: /var/lib/docker/containers
|
||||
- name: promtail-config
|
||||
configMap:
|
||||
name: promtail-config
|
||||
--- # configmap.yaml
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: promtail-config
|
||||
data:
|
||||
promtail.yaml: |
|
||||
server:
|
||||
http_listen_port: 9080
|
||||
grpc_listen_port: 0
|
||||
|
||||
clients:
|
||||
- url: http://monitoring:3030/loki/api/v1/push
|
||||
|
||||
positions:
|
||||
filename: /tmp/positions.yaml
|
||||
target_config:
|
||||
sync_period: 10s
|
||||
scrape_configs:
|
||||
- job_name: pod-logs
|
||||
kubernetes_sd_configs:
|
||||
- role: pod
|
||||
pipeline_stages:
|
||||
- docker: {}
|
||||
relabel_configs:
|
||||
- source_labels:
|
||||
- __meta_kubernetes_pod_node_name
|
||||
target_label: __host__
|
||||
- action: labelmap
|
||||
regex: __meta_kubernetes_pod_label_(.+)
|
||||
- action: replace
|
||||
replacement: $1
|
||||
separator: /
|
||||
source_labels:
|
||||
- __meta_kubernetes_namespace
|
||||
- __meta_kubernetes_pod_name
|
||||
target_label: job
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_namespace
|
||||
target_label: namespace
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_name
|
||||
target_label: pod
|
||||
- action: replace
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_container_name
|
||||
target_label: container
|
||||
- replacement: /var/log/pods/*$1/*.log
|
||||
separator: /
|
||||
source_labels:
|
||||
- __meta_kubernetes_pod_uid
|
||||
- __meta_kubernetes_pod_container_name
|
||||
target_label: __path__
|
||||
|
||||
--- # Clusterrole.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRole
|
||||
metadata:
|
||||
name: promtail-clusterrole
|
||||
rules:
|
||||
- apiGroups: [""]
|
||||
resources:
|
||||
- nodes
|
||||
- services
|
||||
- pods
|
||||
verbs:
|
||||
- get
|
||||
- watch
|
||||
- list
|
||||
|
||||
--- # ServiceAccount.yaml
|
||||
apiVersion: v1
|
||||
kind: ServiceAccount
|
||||
metadata:
|
||||
name: promtail-serviceaccount
|
||||
|
||||
--- # Rolebinding.yaml
|
||||
apiVersion: rbac.authorization.k8s.io/v1
|
||||
kind: ClusterRoleBinding
|
||||
metadata:
|
||||
name: promtail-clusterrolebinding
|
||||
subjects:
|
||||
- kind: ServiceAccount
|
||||
name: promtail-serviceaccount
|
||||
namespace: default
|
||||
roleRef:
|
||||
kind: ClusterRole
|
||||
name: promtail-clusterrole
|
||||
apiGroup: rbac.authorization.k8s.io
|
|
@ -71,35 +71,6 @@
|
|||
i18n.defaultLocale = "en_GB.utf8";
|
||||
|
||||
services = {
|
||||
promtail = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
server = {
|
||||
http_listen_port = 3031;
|
||||
grpc_listen_port = 0;
|
||||
};
|
||||
positions = {
|
||||
filename = "/tmp/positions.yaml";
|
||||
};
|
||||
clients = [{
|
||||
url = "http://monitoring:3030/loki/api/v1/push";
|
||||
}];
|
||||
scrape_configs = [{
|
||||
job_name = "journal";
|
||||
journal = {
|
||||
max_age = "12h";
|
||||
labels = {
|
||||
job = "systemd-journal";
|
||||
host = "london";
|
||||
};
|
||||
};
|
||||
relabel_configs = [{
|
||||
source_labels = [ "__journal__systemd_unit" ];
|
||||
target_label = "unit";
|
||||
}];
|
||||
}];
|
||||
};
|
||||
};
|
||||
fwupd.enable = true;
|
||||
syncthing = {
|
||||
enable = true;
|
||||
|
@ -182,14 +153,9 @@
|
|||
];
|
||||
};
|
||||
};
|
||||
environment.sessionVariables = {
|
||||
NIXOS_OZONE_WL = "1";
|
||||
};
|
||||
|
||||
programs = {
|
||||
hyprland = {
|
||||
enable = true;
|
||||
enableNvidiaPatches = true;
|
||||
};
|
||||
river.enable = true;
|
||||
gamemode.enable = true;
|
||||
zsh.enable = true;
|
||||
fish.enable = true;
|
||||
|
@ -230,15 +196,11 @@
|
|||
libvirtd.enable = true;
|
||||
};
|
||||
|
||||
fonts = {
|
||||
packages = with pkgs; [
|
||||
fonts.packages = with pkgs; [
|
||||
ibm-plex
|
||||
jetbrains-mono
|
||||
emojione
|
||||
font-awesome
|
||||
];
|
||||
enableDefaultPackages = true;
|
||||
};
|
||||
|
||||
environment = {
|
||||
shells = with pkgs; [ zsh fish ];
|
||||
|
@ -257,15 +219,6 @@
|
|||
home-manager
|
||||
libimobiledevice
|
||||
ifuse
|
||||
glxinfo
|
||||
vulkan-tools
|
||||
glmark2
|
||||
waybar
|
||||
waypipe
|
||||
rofi-wayland
|
||||
mako
|
||||
libnotify
|
||||
hyprpaper
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
@ -16,7 +16,7 @@
|
|||
[
|
||||
(import (builtins.fetchTarball {
|
||||
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
|
||||
sha256 = "0sf0xnv5mbkrp1gkvy00rkf1jw0zzhj4h6l0qs14arqpg0ncby7x";
|
||||
sha256 = "1jn0gw1a0dffvqizy15yni6qnsr94k48zl7b2vqfvfr409nxsyaw";
|
||||
})) discordOverlay];
|
||||
};
|
||||
home = {
|
||||
|
|
|
@ -1,5 +1,53 @@
|
|||
{ config, pkgs, ... }:
|
||||
# let
|
||||
# py = pkgs.python3.override {
|
||||
# packageOverrides = final: prev: {
|
||||
# django = prev.django_4;
|
||||
# };
|
||||
# };
|
||||
# pydantic-edge = py.pkgs.pydantic.overridePythonAttrs (oldAttrs: rec {
|
||||
# version = "2.3.0";
|
||||
# src = pkgs.fetchFromGitHub {
|
||||
# owner = "pydantic";
|
||||
# repo = "pydantic";
|
||||
# rev = "refs/tags/v${version}";
|
||||
# hash = "sha256-toqrWg8bYzc3UmvG/YmXawfmT8nqaA9fxy24k1cdj+M=";
|
||||
# };
|
||||
# patches = [ ];
|
||||
# });
|
||||
# healthchecks-edge = pkgs.healthchecks.overridePythonAttrs (oldAttrs: rec {
|
||||
# version = "unstable-2023-09-24";
|
||||
# pname = "healthchecksedge";
|
||||
# src = pkgs.fetchFromGitHub {
|
||||
# owner = "healthchecks";
|
||||
# repo = "healthchecks";
|
||||
# rev = "507fd840d8c83a1685c8cccf47c67f939f295da1";
|
||||
# hash = "sha256-EBfZQ41kc/H2BgzCPW0QZ8Js2DHU3ps4U1YaTZnGqg8=";
|
||||
# };
|
||||
# propagatedBuildInputs = with py.pkgs; [
|
||||
# apprise
|
||||
# cron-descriptor
|
||||
# cronsim
|
||||
# django
|
||||
# django-compressor
|
||||
# fido2
|
||||
# minio
|
||||
# psycopg2
|
||||
# pycurl
|
||||
# pydantic-edge
|
||||
# pyotp
|
||||
# segno
|
||||
# statsd
|
||||
# whitenoise
|
||||
# ];
|
||||
# passthru = {
|
||||
# # PYTHONPATH of all dependencies used by the package
|
||||
# pythonPath = py.pkgs.makePythonPath propagatedBuildInputs;
|
||||
# };
|
||||
# doCheck = false;
|
||||
# });
|
||||
|
||||
# in
|
||||
{
|
||||
imports = [
|
||||
./hardware.nix
|
||||
|
@ -50,109 +98,6 @@
|
|||
http_addr = "127.0.0.1";
|
||||
};
|
||||
};
|
||||
services.loki = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
server.http_listen_port = 3030;
|
||||
auth_enabled = false;
|
||||
|
||||
ingester = {
|
||||
lifecycler = {
|
||||
address = "127.0.0.1";
|
||||
ring = {
|
||||
kvstore = {
|
||||
store = "inmemory";
|
||||
};
|
||||
replication_factor = 1;
|
||||
};
|
||||
};
|
||||
chunk_idle_period = "1h";
|
||||
max_chunk_age = "1h";
|
||||
chunk_target_size = 999999;
|
||||
chunk_retain_period = "30s";
|
||||
max_transfer_retries = 0;
|
||||
};
|
||||
|
||||
schema_config = {
|
||||
configs = [{
|
||||
from = "2022-06-06";
|
||||
store = "boltdb-shipper";
|
||||
object_store = "filesystem";
|
||||
schema = "v11";
|
||||
index = {
|
||||
prefix = "index_";
|
||||
period = "24h";
|
||||
};
|
||||
}];
|
||||
};
|
||||
|
||||
storage_config = {
|
||||
boltdb_shipper = {
|
||||
active_index_directory = "/var/lib/loki/boltdb-shipper-active";
|
||||
cache_location = "/var/lib/loki/boltdb-shipper-cache";
|
||||
cache_ttl = "24h";
|
||||
shared_store = "filesystem";
|
||||
};
|
||||
|
||||
filesystem = {
|
||||
directory = "/var/lib/loki/chunks";
|
||||
};
|
||||
};
|
||||
|
||||
limits_config = {
|
||||
reject_old_samples = true;
|
||||
reject_old_samples_max_age = "168h";
|
||||
};
|
||||
|
||||
chunk_store_config = {
|
||||
max_look_back_period = "0s";
|
||||
};
|
||||
|
||||
table_manager = {
|
||||
retention_deletes_enabled = false;
|
||||
retention_period = "0s";
|
||||
};
|
||||
|
||||
compactor = {
|
||||
working_directory = "/var/lib/loki";
|
||||
shared_store = "filesystem";
|
||||
compactor_ring = {
|
||||
kvstore = {
|
||||
store = "inmemory";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
services.promtail = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
server = {
|
||||
http_listen_port = 3031;
|
||||
grpc_listen_port = 0;
|
||||
};
|
||||
positions = {
|
||||
filename = "/tmp/positions.yaml";
|
||||
};
|
||||
clients = [{
|
||||
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
|
||||
}];
|
||||
scrape_configs = [{
|
||||
job_name = "journal";
|
||||
journal = {
|
||||
max_age = "12h";
|
||||
labels = {
|
||||
job = "systemd-journal";
|
||||
host = "monitoring";
|
||||
};
|
||||
};
|
||||
relabel_configs = [{
|
||||
source_labels = [ "__journal__systemd_unit" ];
|
||||
target_label = "unit";
|
||||
}];
|
||||
}];
|
||||
};
|
||||
};
|
||||
services.alertmanager-ntfy = {
|
||||
enable = true;
|
||||
settings = {
|
||||
|
|
|
@ -25,10 +25,6 @@
|
|||
group = "users";
|
||||
mode = "770";
|
||||
};
|
||||
age.secrets.cloudflare-dns = {
|
||||
file = ../../secrets/cloudflare-dns.age;
|
||||
owner = "acme";
|
||||
};
|
||||
nix = {
|
||||
settings = {
|
||||
auto-optimise-store = true;
|
||||
|
@ -47,35 +43,6 @@
|
|||
};
|
||||
|
||||
services = {
|
||||
promtail = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
server = {
|
||||
http_listen_port = 3031;
|
||||
grpc_listen_port = 0;
|
||||
};
|
||||
positions = {
|
||||
filename = "/tmp/positions.yaml";
|
||||
};
|
||||
clients = [{
|
||||
url = "http://monitoring:3030/loki/api/v1/push";
|
||||
}];
|
||||
scrape_configs = [{
|
||||
job_name = "journal";
|
||||
journal = {
|
||||
max_age = "12h";
|
||||
labels = {
|
||||
job = "systemd-journal";
|
||||
host = "vancouver";
|
||||
};
|
||||
};
|
||||
relabel_configs = [{
|
||||
source_labels = [ "__journal__systemd_unit" ];
|
||||
target_label = "unit";
|
||||
}];
|
||||
}];
|
||||
};
|
||||
};
|
||||
restic = {
|
||||
backups = {
|
||||
"gsimmer" = {
|
||||
|
@ -564,23 +531,23 @@
|
|||
security.acme.defaults.email = "acme@gmem.ca";
|
||||
security.acme.certs."git.gmem.ca" = {
|
||||
domain = "*.gmem.ca";
|
||||
dnsProvider = "cloudflare";
|
||||
credentialsFile = config.age.secrets.cloudflare-dns.path;
|
||||
dnsProvider = "route53";
|
||||
credentialsFile = "/var/lib/secrets/credentials";
|
||||
};
|
||||
security.acme.certs."vancouver.gmem.ca" = {
|
||||
domain = "vancouver.gmem.ca";
|
||||
dnsProvider = "cloudflare";
|
||||
credentialsFile = config.age.secrets.cloudflare-dns.path;
|
||||
dnsProvider = "route53";
|
||||
credentialsFile = "/var/lib/secrets/credentials";
|
||||
};
|
||||
security.acme.certs."request-media.gmem.ca" = {
|
||||
domain = "request-media.gmem.ca";
|
||||
dnsProvider = "cloudflare";
|
||||
credentialsFile = config.age.secrets.cloudflare-dns.path;
|
||||
dnsProvider = "route53";
|
||||
credentialsFile = "/var/lib/secrets/credentials";
|
||||
};
|
||||
security.acme.certs."flood.gmem.ca" = {
|
||||
domain = "flood.gmem.ca";
|
||||
dnsProvider = "cloudflare";
|
||||
credentialsFile = config.age.secrets.cloudflare-dns.path;
|
||||
dnsProvider = "route53";
|
||||
credentialsFile = "/var/lib/secrets/credentials";
|
||||
};
|
||||
|
||||
system.stateVersion = "23.05";
|
||||
|
|
|
@ -17,5 +17,4 @@ in
|
|||
"secrets/healthchecks-ping.sh.age".publicKeys = machines ++ users;
|
||||
"secrets/fastmail-smtp.age".publicKeys = machines ++ users;
|
||||
"secrets/healthchecks-telegram.age".publicKeys = [ monitoring gsimmer ];
|
||||
"secrets/cloudflare-dns.age".publicKeys = machines ++ users;
|
||||
}
|
||||
|
|
|
@ -1,11 +0,0 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 oN6OTQ dDaVX+FaETkw8TuwjNuOOlL9b6DixX57CjVL+OOWX1w
|
||||
Wnqjx7DfO+0PlodlxJuTltO4jSf28qxUGVoTYfWUNV8
|
||||
-> ssh-ed25519 J+a91w SkVKu77RVvuRNlcCiDpU3/z/XVJZUr7P4OXD2nzfEHg
|
||||
X1w3fyqetaHXz/NSF+DD4R33BdhIK0nD8f0zqbU9btk
|
||||
-> ssh-ed25519 qbziOw A31ABUBqGMlKUdXrPiafT/LaK+Wf/TvwY8l4t0DgzBo
|
||||
TmXHaeq1YNZ6mzXJaoiDK6rJOXbAHYi+h0K+/436Ckk
|
||||
-> {)dpv:-grease p /.S. \-)
|
||||
0LTrws+0jI5675eLt+S+vA
|
||||
--- 3sS/aqKGA73wMAjxOwiMllnHx/NTAmJSWCDdtXswrpk
|
||||
Ê?n‚|ǘ;/¢B—>à3·’xJ¬M,‡´¢ë:]DÕßLŒ7<15>fâYÆ5iÌW漏4Ãîs(¥~ä†é`*œ¢¦þ\7m7„Ð3ÿ!çùD1¨€49Êü-Æã'ÙåjÎF
|
Loading…
Reference in a new issue