Add comma, remove syncthing service

Disallow outside metrics reading
2023-09-13 23:18:06 +01:00 · 2023-09-13 23:17:37 +01:00
4 changed files with 13 additions and 8 deletions
--- a/nix/london/gsimmer.nix
+++ b/nix/london/gsimmer.nix
@ -1,7 +1,11 @@
-{ config, pkgs, callPackage, ... }:
+{ config, pkgs, callPackage, lib, ... }:
 {
  nixpkgs = {
    config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
      "parsec-bin"
      "discord"
    ];
    config.allowUnfree = true;
    overlays =
      let
@ -12,17 +16,13 @@
        [
          (import (builtins.fetchTarball {
            url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
-            sha256 = "13h6m5dq1kvy6qv0qqil5l3hyv1pwz7g1mxz3h74a75bi47iasbi";
+            sha256 = "0h5jabl78dpgknf5p3q5wmwx1856ywjh3nxlbsrqk8fr1g3aix8n";
          })) discordOverlay];
  };
  home = {
    username = "gsimmer";
    homeDirectory = "/home/gsimmer";
  };
  services.syncthing = {
    enable = true;
  };
  programs = {
    bash.enable = false;
@ -564,6 +564,7 @@ $env.config = {
    rage
    discord
    mangohud
    comma
  ];
  # This value determines the Home Manager release that your
--- a/nix/monitoring/configuration.nix
+++ b/nix/monitoring/configuration.nix
@ -56,7 +56,7 @@
      {
        job_name = "healthchecks";
        scrape_interval = "60s";
-        metrics_path = "/projects/5f1de50f-a52d-4215-961f-aae7cc6cf6c9/metrics/qyitrbccSwyuvZEISGdBHSBQaEwLcaFu";
+        metrics_path = "/projects/5f1de50f-a52d-4215-961f-aae7cc6cf6c9/metrics/TbMoU7SUdknzMe-H5Q4HzmKl3itOIrJk";
        static_configs = [ { targets = [ "localhost:8000" ]; } ];
      }
      {
@ -85,6 +85,7 @@
    settings = {
      SECRET_KEY_FILE = config.age.secrets.healthchecks-secret.path;
      SITE_ROOT = "https://healthchecks.gmem.ca";
      SITE_NAME = "Arch's Healthchecks";
    };
  };
@ -113,6 +114,9 @@
        proxyPass = "http://127.0.0.1:8000";
        proxyWebsockets = true;
      };
      locations."~ \/projects\/.+\/metrics\/.+" = {
        extraConfig = "deny all;";
      };
    };
  };
  security.acme.acceptTerms = true;
--- a/secrets.nix
+++ b/secrets.nix
@ -11,6 +11,6 @@ in
  "secrets/vancouver-restic-b2.age".publicKeys = [ vancouver gsimmer ];
  "secrets/vancouver-restic-password.age".publicKeys = [ vancouver gsimmer ];
  "secrets/monitoring-healthchecks-secret.age".publicKeys = [ monitoring gsimmer ];
-
+  "secrets/monitoring-healthchecks-ro.age".publicKeys = [ monitoring gsimmer ];
  "secrets/healthchecks-ping.sh.age".publicKeys = machines ++ users;
 }
--- a/secrets/monitoring-healthchecks-ro.age
+++ b/secrets/monitoring-healthchecks-ro.age
Author	SHA1	Message	Date
Gabriel Simmer	ed21f70a53	Add comma, remove syncthing service All checks were successful Lint / lint (push) Successful in 13s Details	2023-09-13 23:18:06 +01:00
Gabriel Simmer	02a9a0b23b	Disallow outside metrics reading	2023-09-13 23:17:37 +01:00