arch/infra
arch/infra
1
0
Fork 0
Code Actions Packages Activity

Compare commits

base: arch:ee71aa15633b74172e32cdc0fc3c965d92735fad
Branches Tags
arch:trunk
arch:woodpecker-ci
..
compare: arch:5f60e6a0d746201fd5cf34e65facb59c8c5c46c3
Branches Tags
arch:trunk
arch:woodpecker-ci

5 commits
ee71aa1563 ... 5f60e6a0d7

Author SHA1 Message Date
Gabriel Simmer 5f60e6a0d7
Remove custom healthchecks package
All checks were successful
Lint / lint (push) Successful in 22s
Details
2023-10-08 22:56:34 +01:00
Gabriel Simmer 70fd78a661
Enable Hyprland on London 2023-10-08 22:56:15 +01:00
Gabriel Simmer d86c834b37
Enable Promtail 2023-10-08 22:55:29 +01:00
Gabriel Simmer 36c46f5d07
Update, use opentofu 2023-10-08 22:54:52 +01:00
Gabriel Simmer e89431f6b0
Cloudflare for DNS 2023-10-08 22:54:43 +01:00
9 changed files with 582 additions and 85 deletions
Show stats Expand all files Collapse all files

221
flake.lock
View file

@ -7,16 +7,17 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1695339232, "lastModified": 1695384796,
"narHash": "sha256-6wQHW3uHECpGIBolTccQ6x3/9b8E1SrO+VzTABKe2xM=", "narHash": "sha256-TYlE4B0ktPtlJJF9IFxTWrEeq+XKG8Ny0gc2FGEAdj0=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "7f9dfa309f24dc74450ecab6e74bc3d11c7ce735", "rev": "1f677b3e161d3bdbfd08a939e8f25de2568e0ef4",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "1f677b3e161d3bdbfd08a939e8f25de2568e0ef4",
"type": "github" "type": "github"
} }
}, },
@ -93,6 +94,43 @@
"type": "github" "type": "github"
} }
}, },
"flake-compat": {
"locked": {
"lastModified": 1688025799,
"narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
"owner": "nix-community",
"repo": "flake-compat",
"rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "flake-compat",
"type": "github"
}
},
"flake-parts": {
"inputs": {
"nixpkgs-lib": [
"nixpkgs-wayland",
"nix-eval-jobs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1696343447,
"narHash": "sha256-B2xAZKLkkeRFG5XcHHSXXcP7To9Xzr59KXeZiRf4vdQ=",
"owner": "hercules-ci",
"repo": "flake-parts",
"rev": "c9afaba3dfa4085dbd2ccb38dfade5141e33d9d4",
"type": "github"
},
"original": {
"owner": "hercules-ci",
"repo": "flake-parts",
"type": "github"
}
},
"flake-utils": { "flake-utils": {
"locked": { "locked": {
"lastModified": 1667395993, "lastModified": 1667395993,
@ -109,6 +147,24 @@
} }
}, },
"flake-utils_2": { "flake-utils_2": {
"inputs": {
"systems": "systems"
},
"locked": {
"lastModified": 1694529238,
"narHash": "sha256-zsNZZGTGnMOf9YpHKJqMSsa0dXbfmxeoJ7xHlrt+xmY=",
"owner": "numtide",
"repo": "flake-utils",
"rev": "ff7b65b44d01cf9ba6a71320833626af21126384",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "flake-utils",
"type": "github"
}
},
"flake-utils_3": {
"locked": { "locked": {
"lastModified": 1634851050, "lastModified": 1634851050,
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=", "narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
@ -151,11 +207,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1695224363, "lastModified": 1696737557,
"narHash": "sha256-+hfjJLUMck5G92RVFDZA7LWkR3kOxs5zQ7RPW9t3eM8=", "narHash": "sha256-YD/pjDjj/BNmisEvRdM/vspkCU3xyyeGVAUWhvVSi5Y=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "408ba13188ff9ce309fa2bdd2f81287d79773b00", "rev": "3c1d8758ac3f55ab96dcaf4d271c39da4b6e836d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -164,6 +220,45 @@
"type": "github" "type": "github"
} }
}, },
"lib-aggregate": {
"inputs": {
"flake-utils": "flake-utils_2",
"nixpkgs-lib": "nixpkgs-lib"
},
"locked": {
"lastModified": 1696766909,
"narHash": "sha256-lU1BmCWpQ9cx64YnJKc89lMg9cx4pCokXIbh5J//2t0=",
"owner": "nix-community",
"repo": "lib-aggregate",
"rev": "9f495e4feea66426589cbb59ac8b972993b5d872",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "lib-aggregate",
"type": "github"
}
},
"nix-eval-jobs": {
"inputs": {
"flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_5",
"treefmt-nix": "treefmt-nix"
},
"locked": {
"lastModified": 1696712215,
"narHash": "sha256-znUR51gbpoqm79FKVyVl9V4va6P5bTr7tohPPW+iydU=",
"owner": "nix-community",
"repo": "nix-eval-jobs",
"rev": "26af7cabdb7ee637dc9b63f1ce609a467534713c",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nix-eval-jobs",
"type": "github"
}
},
"nixinate": { "nixinate": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_3" "nixpkgs": "nixpkgs_3"
@ -205,11 +300,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1693791338, "lastModified": 1696058303,
"narHash": "sha256-wHmtB5H8AJTUaeGHw+0hsQ6nU4VyvVrP2P4NeCocRzY=", "narHash": "sha256-eNqKWpF5zG0SrgbbtljFOrRgFgRzCc4++TMFADBMLnc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixos-generators", "repo": "nixos-generators",
"rev": "8ee78470029e641cddbd8721496da1316b47d3b4", "rev": "150f38bd1e09e20987feacb1b0d5991357532fb5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -234,6 +329,44 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs-lib": {
"locked": {
"lastModified": 1696726172,
"narHash": "sha256-89yxFXzTA7JRyWo6hg7SD4DlS/ejYt8Y8IvGZHbSWsg=",
"owner": "nix-community",
"repo": "nixpkgs.lib",
"rev": "59da6ac0c02c48aa92dee37057f978412797db2a",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs.lib",
"type": "github"
}
},
"nixpkgs-wayland": {
"inputs": {
"flake-compat": "flake-compat",
"lib-aggregate": "lib-aggregate",
"nix-eval-jobs": "nix-eval-jobs",
"nixpkgs": [
"nixpkgs"
]
},
"locked": {
"lastModified": 1696768017,
"narHash": "sha256-a3/jmm6ppT8Jtz4qq6urVCSNpcbKGsv18RMB3wXWk5w=",
"owner": "nix-community",
"repo": "nixpkgs-wayland",
"rev": "20c7e3550485ed6be55c2ce9b6c8c05bbb9a6e1b",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "nixpkgs-wayland",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1670242877, "lastModified": 1670242877,
@ -268,11 +401,11 @@
}, },
"nixpkgs_4": { "nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1695132891, "lastModified": 1696693680,
"narHash": "sha256-cJR9AFHmt816cW/C9necLJyOg/gsnkvEeFAfxgeM1hc=", "narHash": "sha256-PH0HQTkqyj7DmdPKPwrrXwVURLBqzZs4nqnDw9q8mhg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8b5ab8341e33322e5b66fb46ce23d724050f6606", "rev": "945559664c1dc5836173ee12896ba421d9b37181",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -283,6 +416,22 @@
} }
}, },
"nixpkgs_5": { "nixpkgs_5": {
"locked": {
"lastModified": 1696466515,
"narHash": "sha256-SQJyUBoLXmPGueYTLj1yDVHolg2pnB+rUR4Z6p5AKpA=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "c52af267ad0c11b55f89cf6c70adb10694ad938e",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_6": {
"locked": { "locked": {
"lastModified": 1636823747, "lastModified": 1636823747,
"narHash": "sha256-oWo1nElRAOZqEf90Yek2ixdHyjD+gqtS/pAgwaQ9UhQ=", "narHash": "sha256-oWo1nElRAOZqEf90Yek2ixdHyjD+gqtS/pAgwaQ9UhQ=",
@ -305,23 +454,39 @@
"nixinate": "nixinate", "nixinate": "nixinate",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_4",
"nixpkgs-wayland": "nixpkgs-wayland",
"terranix": "terranix" "terranix": "terranix"
} }
}, },
"systems": {
"locked": {
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default",
"type": "github"
}
},
"terranix": { "terranix": {
"inputs": { "inputs": {
"bats-assert": "bats-assert", "bats-assert": "bats-assert",
"bats-support": "bats-support", "bats-support": "bats-support",
"flake-utils": "flake-utils_2", "flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_5", "nixpkgs": "nixpkgs_6",
"terranix-examples": "terranix-examples" "terranix-examples": "terranix-examples"
}, },
"locked": { "locked": {
"lastModified": 1684906298, "lastModified": 1695406838,
"narHash": "sha256-pNuJxmVMGbBHw7pa+Bx0HY0orXIXoyyAXOKuQ1zpfus=", "narHash": "sha256-xiUfVD6rtsVWFotVtUW3Q1nQh4obKzgvpN1wqZuGXvM=",
"owner": "terranix", "owner": "terranix",
"repo": "terranix", "repo": "terranix",
"rev": "c0dd15076856c6cb425795b8c7d5d37d3a1e922a", "rev": "fc9077ca02ab5681935dbf0ecd725c4d889b9275",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -344,6 +509,28 @@
"repo": "terranix-examples", "repo": "terranix-examples",
"type": "github" "type": "github"
} }
},
"treefmt-nix": {
"inputs": {
"nixpkgs": [
"nixpkgs-wayland",
"nix-eval-jobs",
"nixpkgs"
]
},
"locked": {
"lastModified": 1695822946,
"narHash": "sha256-IQU3fYo0H+oGlqX5YrgZU3VRhbt2Oqe6KmslQKUO4II=",
"owner": "numtide",
"repo": "treefmt-nix",
"rev": "720bd006d855b08e60664e4683ccddb7a9ff614a",
"type": "github"
},
"original": {
"owner": "numtide",
"repo": "treefmt-nix",
"type": "github"
}
} }
}, },
"root": "root", "root": "root",

43
flake.nix
View file

@ -1,10 +1,14 @@
{ {
description = "Nix flake for my infrastructure"; description = "Nix flake for my infrastructure";
inputs = { inputs = {
agenix.url = "github:ryantm/agenix"; agenix.url = "github:ryantm/agenix?rev=1f677b3e161d3bdbfd08a939e8f25de2568e0ef4";
terranix.url = "github:terranix/terranix"; terranix.url = "github:terranix/terranix";
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable"; nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
nixinate.url = "github:matthewcroughan/nixinate"; nixinate.url = "github:matthewcroughan/nixinate";
nixpkgs-wayland = {
url = "github:nix-community/nixpkgs-wayland";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = { home-manager = {
url = "github:nix-community/home-manager"; url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -16,7 +20,7 @@
alertmanager-ntfy.url = "github:alexbakker/alertmanager-ntfy"; alertmanager-ntfy.url = "github:alexbakker/alertmanager-ntfy";
}; };
outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix, alertmanager-ntfy }: outputs = { self, nixpkgs, nixos-generators, nixinate, home-manager, agenix, terranix, alertmanager-ntfy, nixpkgs-wayland}:
let let
pkgs = nixpkgs.legacyPackages.x86_64-linux; pkgs = nixpkgs.legacyPackages.x86_64-linux;
tf = terranix.lib.terranixConfiguration { tf = terranix.lib.terranixConfiguration {
@ -32,7 +36,7 @@
set +o allexport set +o allexport
''; '';
nativeBuildInputs = [ nativeBuildInputs = [
jq terraform ansible kubectl awscli2 jq opentofu kubectl awscli2
nodePackages.yaml-language-server nodePackages.yaml-language-server
k9s terraform-ls kubernetes-helm nil k9s terraform-ls kubernetes-helm nil
]; ];
@ -56,8 +60,8 @@
program = toString (pkgs.writers.writeBash "plan" '' program = toString (pkgs.writers.writeBash "plan" ''
if [[ -e terraform/config.tf.json ]]; then rm -f terraform/config.tf.json; fi if [[ -e terraform/config.tf.json ]]; then rm -f terraform/config.tf.json; fi
cp ${tf} terraform/config.tf.json \ cp ${tf} terraform/config.tf.json \
&& ${pkgs.terraform}/bin/terraform -chdir=terraform init \ && ${pkgs.opentofu}/bin/tofu -chdir=terraform init \
&& ${pkgs.terraform}/bin/terraform -chdir=terraform plan -out=plan.out && ${pkgs.opentofu}/bin/tofu -chdir=terraform plan -out=plan.out
''); '');
}; };
tf-apply = { tf-apply = {
@ -65,8 +69,8 @@
program = toString (pkgs.writers.writeBash "apply" '' program = toString (pkgs.writers.writeBash "apply" ''
if [[ -e terraform/config.tf.json ]]; then rm -f terraform/config.tf.json; fi if [[ -e terraform/config.tf.json ]]; then rm -f terraform/config.tf.json; fi
cp ${tf} terraform/config.tf.json \ cp ${tf} terraform/config.tf.json \
&& ${pkgs.terraform}/bin/terraform -chdir=terraform init \ && ${pkgs.opentofu}/bin/tofu -chdir=terraform init \
&& ${pkgs.terraform}/bin/terraform -chdir=terraform apply plan.out && ${pkgs.opentofu}/bin/tofu -chdir=terraform apply plan.out
''); '');
}; };
}; };
@ -86,6 +90,31 @@
home-manager.useUserPackages = true; home-manager.useUserPackages = true;
home-manager.users.gsimmer = import ./nix/london/gsimmer.nix; home-manager.users.gsimmer = import ./nix/london/gsimmer.nix;
} }
({pkgs, config, ... }:
{
config = {
nix.settings = {
# add binary caches
trusted-public-keys = [
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nixpkgs-wayland.cachix.org-1:3lwxaILxMRkVhehr5StQprHdEo4IrE8sRho9R9HOLYA="
];
substituters = [
"https://cache.nixos.org"
"https://nixpkgs-wayland.cachix.org"
];
};
# use it as an overlay
nixpkgs.overlays = [ nixpkgs-wayland.overlay ];
# or, pull specific packages (built against inputs.nixpkgs, usually `nixos-unstable`)
environment.systemPackages = [
nixpkgs-wayland.packages.x86_64-linux.waybar
];
};
}
)
]; ];
}; };
oracle-gitea-runner = nixpkgs.lib.nixosSystem { oracle-gitea-runner = nixpkgs.lib.nixosSystem {

134
homelab/promtail.yml Normal file
View file

@ -0,0 +1,134 @@
--- # Daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: promtail-daemonset
spec:
selector:
matchLabels:
name: promtail
template:
metadata:
labels:
name: promtail
spec:
serviceAccount: promtail-serviceaccount
containers:
- name: promtail-container
image: grafana/promtail
args:
- -config.file=/etc/promtail/promtail.yaml
env:
- name: 'HOSTNAME' # needed when using kubernetes_sd_configs
valueFrom:
fieldRef:
fieldPath: 'spec.nodeName'
volumeMounts:
- name: logs
mountPath: /var/log
- name: promtail-config
mountPath: /etc/promtail
- mountPath: /var/lib/docker/containers
name: varlibdockercontainers
readOnly: true
volumes:
- name: logs
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
- name: promtail-config
configMap:
name: promtail-config
--- # configmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: promtail-config
data:
promtail.yaml: |
server:
http_listen_port: 9080
grpc_listen_port: 0
clients:
- url: http://monitoring:3030/loki/api/v1/push
positions:
filename: /tmp/positions.yaml
target_config:
sync_period: 10s
scrape_configs:
- job_name: pod-logs
kubernetes_sd_configs:
- role: pod
pipeline_stages:
- docker: {}
relabel_configs:
- source_labels:
- __meta_kubernetes_pod_node_name
target_label: __host__
- action: labelmap
regex: __meta_kubernetes_pod_label_(.+)
- action: replace
replacement: $1
separator: /
source_labels:
- __meta_kubernetes_namespace
- __meta_kubernetes_pod_name
target_label: job
- action: replace
source_labels:
- __meta_kubernetes_namespace
target_label: namespace
- action: replace
source_labels:
- __meta_kubernetes_pod_name
target_label: pod
- action: replace
source_labels:
- __meta_kubernetes_pod_container_name
target_label: container
- replacement: /var/log/pods/*$1/*.log
separator: /
source_labels:
- __meta_kubernetes_pod_uid
- __meta_kubernetes_pod_container_name
target_label: __path__
--- # Clusterrole.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: promtail-clusterrole
rules:
- apiGroups: [""]
resources:
- nodes
- services
- pods
verbs:
- get
- watch
- list
--- # ServiceAccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: promtail-serviceaccount
--- # Rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: promtail-clusterrolebinding
subjects:
- kind: ServiceAccount
name: promtail-serviceaccount
namespace: default
roleRef:
kind: ClusterRole
name: promtail-clusterrole
apiGroup: rbac.authorization.k8s.io

55
nix/london/configuration.nix
View file

@ -71,6 +71,35 @@
i18n.defaultLocale = "en_GB.utf8"; i18n.defaultLocale = "en_GB.utf8";
services = { services = {
promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 3031;
grpc_listen_port = 0;
};
positions = {
filename = "/tmp/positions.yaml";
};
clients = [{
url = "http://monitoring:3030/loki/api/v1/push";
}];
scrape_configs = [{
job_name = "journal";
journal = {
max_age = "12h";
labels = {
job = "systemd-journal";
host = "london";
};
};
relabel_configs = [{
source_labels = [ "__journal__systemd_unit" ];
target_label = "unit";
}];
}];
};
};
fwupd.enable = true; fwupd.enable = true;
syncthing = { syncthing = {
enable = true; enable = true;
@ -153,9 +182,14 @@
]; ];
}; };
}; };
environment.sessionVariables = {
NIXOS_OZONE_WL = "1";
};
programs = { programs = {
river.enable = true; hyprland = {
enable = true;
enableNvidiaPatches = true;
};
gamemode.enable = true; gamemode.enable = true;
zsh.enable = true; zsh.enable = true;
fish.enable = true; fish.enable = true;
@ -196,11 +230,15 @@
libvirtd.enable = true; libvirtd.enable = true;
}; };
fonts.packages = with pkgs; [ fonts = {
packages = with pkgs; [
ibm-plex ibm-plex
jetbrains-mono jetbrains-mono
emojione emojione
]; font-awesome
];
enableDefaultPackages = true;
};
environment = { environment = {
shells = with pkgs; [ zsh fish ]; shells = with pkgs; [ zsh fish ];
@ -219,6 +257,15 @@
home-manager home-manager
libimobiledevice libimobiledevice
ifuse ifuse
glxinfo
vulkan-tools
glmark2
waybar
waypipe
rofi-wayland
mako
libnotify
hyprpaper
]; ];
}; };

2
nix/london/gsimmer.nix
View file

@ -16,7 +16,7 @@
[ [
(import (builtins.fetchTarball { (import (builtins.fetchTarball {
url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz"; url = "https://github.com/nix-community/emacs-overlay/archive/master.tar.gz";
sha256 = "1jn0gw1a0dffvqizy15yni6qnsr94k48zl7b2vqfvfr409nxsyaw"; sha256 = "0sf0xnv5mbkrp1gkvy00rkf1jw0zzhj4h6l0qs14arqpg0ncby7x";
})) discordOverlay]; })) discordOverlay];
}; };
home = { home = {

151
nix/monitoring/configuration.nix
View file

@ -1,53 +1,5 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
# let
# py = pkgs.python3.override {
# packageOverrides = final: prev: {
# django = prev.django_4;
# };
# };
# pydantic-edge = py.pkgs.pydantic.overridePythonAttrs (oldAttrs: rec {
# version = "2.3.0";
# src = pkgs.fetchFromGitHub {
# owner = "pydantic";
# repo = "pydantic";
# rev = "refs/tags/v${version}";
# hash = "sha256-toqrWg8bYzc3UmvG/YmXawfmT8nqaA9fxy24k1cdj+M=";
# };
# patches = [ ];
# });
# healthchecks-edge = pkgs.healthchecks.overridePythonAttrs (oldAttrs: rec {
# version = "unstable-2023-09-24";
# pname = "healthchecksedge";
# src = pkgs.fetchFromGitHub {
# owner = "healthchecks";
# repo = "healthchecks";
# rev = "507fd840d8c83a1685c8cccf47c67f939f295da1";
# hash = "sha256-EBfZQ41kc/H2BgzCPW0QZ8Js2DHU3ps4U1YaTZnGqg8=";
# };
# propagatedBuildInputs = with py.pkgs; [
# apprise
# cron-descriptor
# cronsim
# django
# django-compressor
# fido2
# minio
# psycopg2
# pycurl
# pydantic-edge
# pyotp
# segno
# statsd
# whitenoise
# ];
# passthru = {
# # PYTHONPATH of all dependencies used by the package
# pythonPath = py.pkgs.makePythonPath propagatedBuildInputs;
# };
# doCheck = false;
# });
# in
{ {
imports = [ imports = [
./hardware.nix ./hardware.nix
@ -98,6 +50,109 @@
http_addr = "127.0.0.1"; http_addr = "127.0.0.1";
}; };
}; };
services.loki = {
enable = true;
configuration = {
server.http_listen_port = 3030;
auth_enabled = false;
ingester = {
lifecycler = {
address = "127.0.0.1";
ring = {
kvstore = {
store = "inmemory";
};
replication_factor = 1;
};
};
chunk_idle_period = "1h";
max_chunk_age = "1h";
chunk_target_size = 999999;
chunk_retain_period = "30s";
max_transfer_retries = 0;
};
schema_config = {
configs = [{
from = "2022-06-06";
store = "boltdb-shipper";
object_store = "filesystem";
schema = "v11";
index = {
prefix = "index_";
period = "24h";
};
}];
};
storage_config = {
boltdb_shipper = {
active_index_directory = "/var/lib/loki/boltdb-shipper-active";
cache_location = "/var/lib/loki/boltdb-shipper-cache";
cache_ttl = "24h";
shared_store = "filesystem";
};
filesystem = {
directory = "/var/lib/loki/chunks";
};
};
limits_config = {
reject_old_samples = true;
reject_old_samples_max_age = "168h";
};
chunk_store_config = {
max_look_back_period = "0s";
};
table_manager = {
retention_deletes_enabled = false;
retention_period = "0s";
};
compactor = {
working_directory = "/var/lib/loki";
shared_store = "filesystem";
compactor_ring = {
kvstore = {
store = "inmemory";
};
};
};
};
};
services.promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 3031;
grpc_listen_port = 0;
};
positions = {
filename = "/tmp/positions.yaml";
};
clients = [{
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
}];
scrape_configs = [{
job_name = "journal";
journal = {
max_age = "12h";
labels = {
job = "systemd-journal";
host = "monitoring";
};
};
relabel_configs = [{
source_labels = [ "__journal__systemd_unit" ];
target_label = "unit";
}];
}];
};
};
services.alertmanager-ntfy = { services.alertmanager-ntfy = {
enable = true; enable = true;
settings = { settings = {

49
nix/nas/configuration.nix
View file

@ -25,6 +25,10 @@
group = "users"; group = "users";
mode = "770"; mode = "770";
}; };
age.secrets.cloudflare-dns = {
file = ../../secrets/cloudflare-dns.age;
owner = "acme";
};
nix = { nix = {
settings = { settings = {
auto-optimise-store = true; auto-optimise-store = true;
@ -43,6 +47,35 @@
}; };
services = { services = {
promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 3031;
grpc_listen_port = 0;
};
positions = {
filename = "/tmp/positions.yaml";
};
clients = [{
url = "http://monitoring:3030/loki/api/v1/push";
}];
scrape_configs = [{
job_name = "journal";
journal = {
max_age = "12h";
labels = {
job = "systemd-journal";
host = "vancouver";
};
};
relabel_configs = [{
source_labels = [ "__journal__systemd_unit" ];
target_label = "unit";
}];
}];
};
};
restic = { restic = {
backups = { backups = {
"gsimmer" = { "gsimmer" = {
@ -531,23 +564,23 @@
security.acme.defaults.email = "acme@gmem.ca"; security.acme.defaults.email = "acme@gmem.ca";
security.acme.certs."git.gmem.ca" = { security.acme.certs."git.gmem.ca" = {
domain = "*.gmem.ca"; domain = "*.gmem.ca";
dnsProvider = "route53"; dnsProvider = "cloudflare";
credentialsFile = "/var/lib/secrets/credentials"; credentialsFile = config.age.secrets.cloudflare-dns.path;
}; };
security.acme.certs."vancouver.gmem.ca" = { security.acme.certs."vancouver.gmem.ca" = {
domain = "vancouver.gmem.ca"; domain = "vancouver.gmem.ca";
dnsProvider = "route53"; dnsProvider = "cloudflare";
credentialsFile = "/var/lib/secrets/credentials"; credentialsFile = config.age.secrets.cloudflare-dns.path;
}; };
security.acme.certs."request-media.gmem.ca" = { security.acme.certs."request-media.gmem.ca" = {
domain = "request-media.gmem.ca"; domain = "request-media.gmem.ca";
dnsProvider = "route53"; dnsProvider = "cloudflare";
credentialsFile = "/var/lib/secrets/credentials"; credentialsFile = config.age.secrets.cloudflare-dns.path;
}; };
security.acme.certs."flood.gmem.ca" = { security.acme.certs."flood.gmem.ca" = {
domain = "flood.gmem.ca"; domain = "flood.gmem.ca";
dnsProvider = "route53"; dnsProvider = "cloudflare";
credentialsFile = "/var/lib/secrets/credentials"; credentialsFile = config.age.secrets.cloudflare-dns.path;
}; };
system.stateVersion = "23.05"; system.stateVersion = "23.05";

1
secrets.nix
View file

@ -17,4 +17,5 @@ in
"secrets/healthchecks-ping.sh.age".publicKeys = machines ++ users; "secrets/healthchecks-ping.sh.age".publicKeys = machines ++ users;
"secrets/fastmail-smtp.age".publicKeys = machines ++ users; "secrets/fastmail-smtp.age".publicKeys = machines ++ users;
"secrets/healthchecks-telegram.age".publicKeys = [ monitoring gsimmer ]; "secrets/healthchecks-telegram.age".publicKeys = [ monitoring gsimmer ];
"secrets/cloudflare-dns.age".publicKeys = machines ++ users;
} }

11
secrets/cloudflare-dns.age Normal file
View file

@ -0,0 +1,11 @@
age-encryption.org/v1
-> ssh-ed25519 oN6OTQ dDaVX+FaETkw8TuwjNuOOlL9b6DixX57CjVL+OOWX1w
Wnqjx7DfO+0PlodlxJuTltO4jSf28qxUGVoTYfWUNV8
-> ssh-ed25519 J+a91w SkVKu77RVvuRNlcCiDpU3/z/XVJZUr7P4OXD2nzfEHg
X1w3fyqetaHXz/NSF+DD4R33BdhIK0nD8f0zqbU9btk
-> ssh-ed25519 qbziOw A31ABUBqGMlKUdXrPiafT/LaK+Wf/TvwY8l4t0DgzBo
TmXHaeq1YNZ6mzXJaoiDK6rJOXbAHYi+h0K+/436Ckk
-> {)dpv:-grease p /.S. \-)
0LTrws+0jI5675eLt+S+vA
--- 3sS/aqKGA73wMAjxOwiMllnHx/NTAmJSWCDdtXswrpk
Ê?n|ǘ;/¢B—>à3·xJ¬M,‡´¢ë:]DÕßLŒ7<15>fâYÆ5i ÌW漏4Ãîs( ¥~ä†é`*œ¢¦þ\7m7„Ð3ÿ!çùD1¨€49Êü-Æã'ÙåjÎF