Ittihadyya/adyya-flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request 'monitoring' (#1) from monitoring into trunk
Some checks failed
/ Check formatting (push) Failing after 1s
Details

Browse source 
Reviewed-on: #1
This commit is contained in:
Ittihadyya 2024-12-20 18:16:41 +02:00
commit 8d5d3f3eb1
8 changed files with 126 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
adyya-pkgs/adyya_pkgs.mod.nix
View file

@ -66,7 +66,7 @@
{ {
nixpkgs.overlays = [ nixpkgs.overlays = [
(final: prev: { (final: prev: {
# beeref = final.callPackage ./beeref.nix {}; # I'M GOING TO TRUNCATE *YOU*, BEEREF. # beeref = final.callPackage ./beeref.nix {}; # I'M GOING TO TRUNCATE *YOU*, BEEREF.
}) })
]; ];
} }

2
art.mod.nix
View file

@ -18,7 +18,7 @@
darktable darktable
obs-studio obs-studio
# pureref # not updated on nixpkgs apparently # pureref # not updated on nixpkgs apparently
# beeref # straight up doesn't work # beeref # straight up doesn't work
]; ];
} }
) )

8
networking/firewall.mod.nix
View file

@ -23,9 +23,13 @@
networking.firewall = { networking.firewall = {
allowedTCPPorts = [ allowedTCPPorts = [
64738 # murmur tcp 64738 # murmur tcp
6700 # grafana
6750 # prometheus
]; ];
allowedUDPPorts = [ allowedUDPPorts = [
64738 # murmur udp 64738 # murmur udp
6700 # grafana
6750 # prometheus
]; ];
}; };
} }
@ -36,9 +40,9 @@
services.fail2ban.enable = true; services.fail2ban.enable = true;
networking.firewall = { networking.firewall = {
interfaces.eth0.allowedTCPPorts = [ interfaces.eth0.allowedTCPPorts = [
80 80 # http
222 # forgejo ssh 222 # forgejo ssh
443 443 # https
64738 # murmur tcp 64738 # murmur tcp
]; ];
interfaces.eth0.allowedUDPPorts = [ interfaces.eth0.allowedUDPPorts = [

10
secrets.yaml
View file

@ -22,6 +22,10 @@ murmur_welcome_message: ENC[AES256_GCM,data:k05ez0/raIbgBMu90NrAg5O1nkucDibQXdj8
murmur_login_password: ENC[AES256_GCM,data:Fh6XjSxiLEP1jE56D9JRv0TokYOjEafeDkrh9/x5f+Rv4qgH18k54Le4dyl3EzNQ,iv:QbAPJx4xe2DT7AhXbOvQto4M6ICKVlJ/BXoP3ORjd4o=,tag:clHHTrQdi1bzA21gjY7mSg==,type:str] murmur_login_password: ENC[AES256_GCM,data:Fh6XjSxiLEP1jE56D9JRv0TokYOjEafeDkrh9/x5f+Rv4qgH18k54Le4dyl3EzNQ,iv:QbAPJx4xe2DT7AhXbOvQto4M6ICKVlJ/BXoP3ORjd4o=,tag:clHHTrQdi1bzA21gjY7mSg==,type:str]
forgejo_runner_glucose_token: ENC[AES256_GCM,data:UWzKhDUojVrSWbS2sDyX8xdK9albNoHr9PACjbtd1YKhukfjC0W1ig==,iv:13gymOJQlwWrpz7CMweBf++BsLCJvq6XMv4CMdb32gk=,tag:tPgk6x8GLS9HH2VDuwPdvA==,type:str] forgejo_runner_glucose_token: ENC[AES256_GCM,data:UWzKhDUojVrSWbS2sDyX8xdK9albNoHr9PACjbtd1YKhukfjC0W1ig==,iv:13gymOJQlwWrpz7CMweBf++BsLCJvq6XMv4CMdb32gk=,tag:tPgk6x8GLS9HH2VDuwPdvA==,type:str]
forgejo_runner_fructose_token: ENC[AES256_GCM,data:vExgJdEHpqzn6DAsMVnE2e3EmgehZMFnPTAV/VYOGvl6kgTYqYoBhA==,iv:dja9VC4Pr9asl/I4ieg5c718V4Nq+pqvB8c7oQD5Qqc=,tag:ynFs2NQX466ECYnsmeUFzg==,type:str] forgejo_runner_fructose_token: ENC[AES256_GCM,data:vExgJdEHpqzn6DAsMVnE2e3EmgehZMFnPTAV/VYOGvl6kgTYqYoBhA==,iv:dja9VC4Pr9asl/I4ieg5c718V4Nq+pqvB8c7oQD5Qqc=,tag:ynFs2NQX466ECYnsmeUFzg==,type:str]
grafana_admin_account: ENC[AES256_GCM,data:kDj9o2cpRLmpRVwONBI=,iv:cQfeFhBAVMSysP43J+eDVKAmn1NM+aUN9huraGgpRkY=,tag:AFIr0pwRvHj8ruDAqc2Lww==,type:str]
grafana_admin_pass: ENC[AES256_GCM,data:AnuVrCJcfj1cHP5W2s5eDlRLaJTOc0T7W3sS2/flnA==,iv:EA0SGXxf9kF+ltmNgcd3rGE7Jmg8/+s3Gip0uByEF9o=,tag:Rm+eSe+H1uytm/MMxMuZpw==,type:str]
grafana_db_pass: ENC[AES256_GCM,data:2yVNv62go7Bxgmhoqx6J5WU=,iv:4VGAsT4WR0J/aNKUjts+rUIK5UR8OyHjCln4NXnS0LA=,tag:0KtbBFX+3+5fp6ekDSKGrw==,type:str]
grafana_secret_key: ENC[AES256_GCM,data:w5wrktLlSo8iIfc+r4Rc+XGj5RuXLeRvtTc3iHeGBZclrl+PsjIKf70p,iv:b0NM55wvDCyAtuBebjBgu2Zxio9cPTkFSNusu7veC4o=,tag:3suBUO0tizxjepLgJ1e1mw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -37,8 +41,8 @@ sops:
NHg3M2l5MWY2alpHdVhIbE5PQ3VxeW8Kr+o5K2EIrPSfIFBWK68mWl4lWJooZxF/ NHg3M2l5MWY2alpHdVhIbE5PQ3VxeW8Kr+o5K2EIrPSfIFBWK68mWl4lWJooZxF/
vKsU99C2iIsbX/eTF2uNQqeDkOqy5egKCG42xikwycGFO/gbnCDIdw== vKsU99C2iIsbX/eTF2uNQqeDkOqy5egKCG42xikwycGFO/gbnCDIdw==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-26T10:35:19Z" lastmodified: "2024-12-20T15:19:45Z"
mac: ENC[AES256_GCM,data:sP45NUFj0qRLYj3w1bZN2C5gzOef4O7GFtE7GOkDHm4IQ8YaDJW+rt3DHiAqGt34qAHcP4ahDKpsL9S1ZPs4fw+DFUEdWZROUFAMS1OsTurVQUPt08DzC8mi6t3SH4ud6YZw3l6M8eja80BK7KsEBMD4UfxoP4pgQB4oOSRoJn4=,iv:5WJq42Idwu7oMKBQBGuFp44+Bnh/Ncgkuhq0lPi+Rxc=,tag:9O45IrqkMWVtyXgXBv1bmg==,type:str] mac: ENC[AES256_GCM,data:vDwQ9F9DgTAqdEjA5zDBR6v3ZCLM5VpZZoMpkrOC0baudVqPK7tt8IcyxgfESn9yJ/GGHwkHgmYvQSOSReEjwKtnMjoTjvAl41PBMwG1+5/c7nqliajk0Sx+znXxDoSIKac4XYlWp5J5myK+wln7pTwy0y7/CgKlsyhIOOxOKec=,iv:1hlEIE8rxk74mb6v8Z9wVel01mtF96eOwsPka2os5L8=,tag:PN4soo9Ko5PlUMbI9HeXow==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.1 version: 3.9.2

7
services/caddy/Caddyfile
View file

@ -48,4 +48,11 @@ https://cache.collective-conciousness.monster {
encode zstd gzip encode zstd gzip
reverse_proxy 10.24.1.4:5020 reverse_proxy 10.24.1.4:5020
}
https://grf.collective-conciousness.monster {
encode zstd gzip
reverse_proxy 10.24.1.4:6700
} }

60
services/monitoring/grafana.mod.nix Normal file
View file

@ -0,0 +1,60 @@
{
glucose.modules = [
({
config,
lib,
...
}: {
services.grafana = {
enable = true;
dataDir = "/var/services/grafana";
# declarativePlugins = null;
settings = {
analytics = {
check_for_plugin_updates = false;
check_for_updates = false;
feedback_links_enabled = false;
reporting_enabled = false;
};
database = {
host = "10.24.1.9:5432";
type = "postgres";
name = "grafanadb";
user = "grafana";
password = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_db_pass.path}}"];
};
# paths = {};
security = {
admin_user = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_admin_account.path}}"];
admin_password = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_admin_pass.path}}"];
secret_key = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_secret_key.path}}"];
disable_gravatar = true;
cookie_secure = true;
};
server = {
root_url = "https://grf.collective-conciousness.monster";
enable_gzip = true;
http_addr = "0.0.0.0";
http_port = 6700;
};
# smtp = {};
users = {
allow_org_create = true;
default_theme = "system";
};
};
/*
provision = {
alerting = {};
dashboards = {};
datasources = {};
};
*/
};
})
];
}

34
services/monitoring/prometheus.mod.nix Normal file
View file

@ -0,0 +1,34 @@
{
universal.modules = [
{
services.prometheus.exporters = {
node = {
enable = true;
enabledCollectors = ["systemd"];
port = 6703;
};
varnish.enable = true;
};
}
];
glucose.modules = [
{
services.prometheus = {
enable = true;
port = 6750;
enableReload = true;
scrapeConfigs = [
{
job_name = "devices";
static_configs = [
{
targets = ["10.24.1.4:6703" "10.24.1.9:6703" "10.24.1.16:6703" "10.24.1.225:6703" "10.24.1.196:6703"];
}
];
}
];
};
}
];
}

10
sops.mod.nix
View file

@ -54,6 +54,16 @@
''; '';
} }
) )
({config, ...}: {
sops.secrets.grafana_admin_pass = {};
sops.secrets.grafana_admin_account = {};
sops.secrets.grafana_db_pass = {};
sops.secrets.grafana_secret_key = {};
sops.secrets.grafana_admin_account.owner = "grafana";
sops.secrets.grafana_admin_pass.owner = "grafana";
sops.secrets.grafana_db_pass.owner = "grafana";
sops.secrets.grafana_secret_key.owner = "grafana";
})
( (
{config, ...}: { {config, ...}: {
sops.secrets.murmur_login_password = {}; sops.secrets.murmur_login_password = {};