Ittihadyya/adyya-flake
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: Ittihadyya:b2b63474850cb1b40c12a6ec152c90258ef77464
Branches Tags
Ittihadyya:trunk
Ittihadyya:ntfy
...
compare: Ittihadyya:8d5d3f3eb1efbf0cd20662f5edc2a4e261230b1e
Branches Tags
Ittihadyya:trunk
Ittihadyya:ntfy

25 commits
b2b6347485 ... 8d5d3f3eb1

Author SHA1 Message Date
Ittihadyya
8d5d3f3eb1 Merge pull request 'monitoring' (#1) from monitoring into trunk
Some checks failed
/ Check formatting (push) Failing after 1s
Details 
Reviewed-on: #1
 2024-12-20 18:16:41 +02:00
Ittihadyya
883ed7fc12 finish up monitoring branhc
Some checks failed
/ Check formatting (push) Failing after 1s
Details
/ Check formatting (pull_request_target) Failing after 1s
Details
2024-12-20 18:15:40 +02:00
Ittihadyya
6c59595a11 fuck it, no more fancy stuff, just do it like this
Some checks failed
/ Check formatting (push) Failing after 1s
Details
2024-12-20 18:07:15 +02:00
Ittihadyya
20ef619d75 if this works, it's very scuffed
Some checks failed
/ Check formatting (push) Failing after 1s
Details
2024-12-20 18:04:47 +02:00
Ittihadyya
7c96e82f83 uwu please
Some checks failed
/ Check formatting (push) Failing after 1s
Details
2024-12-20 18:01:32 +02:00
Ittihadyya
fdb6de025b hmm ?
Some checks failed
/ Check formatting (push) Failing after 1s
Details
2024-12-20 17:59:33 +02:00
Ittihadyya
c4a0f63369 syntax mishap
Some checks failed
/ Check formatting (push) Failing after 1s
Details
2024-12-20 17:54:52 +02:00
Ittihadyya
f93018a4cf configure grafana further. set up prometheus node export.
Some checks failed
/ Check formatting (push) Failing after 1s
Details
2024-12-20 17:53:08 +02:00
Ittihadyya
8bc83ebd0b added secret key 2024-12-20 17:19:57 +02:00
Ittihadyya
172d3bd0a1 force is not needed.
Some checks failed
/ Check formatting (push) Failing after 1s
Details
2024-12-20 16:59:02 +02:00
Ittihadyya
6892f2d1d6 force is not needed?
Some checks failed
/ Check formatting (push) Failing after 1s
Details
2024-12-20 16:58:35 +02:00
Ittihadyya
2e8ac8030f minor spelling mistake
Some checks failed
/ Check formatting (push) Failing after 1s
Details
2024-12-20 16:57:36 +02:00
Ittihadyya
1fd04521c8 added postgres connection to grafana
Some checks failed
/ Check formatting (push) Failing after 1s
Details
2024-12-20 16:48:19 +02:00
Ittihadyya
4c1917ef24 for some reason it defaulted to admin/admin. I Do Not want that, so i'm trying to change how it gets the path?
Some checks failed
/ Check formatting (push) Failing after 1s
Details
2024-12-20 16:31:45 +02:00
Ittihadyya
4e4b825e61 testing, maybe that isn't needed
Some checks failed
/ Check formatting (push) Failing after 1s
Details
2024-12-20 16:27:14 +02:00
Ittihadyya
22ac7dee6a changed http address, configured connection protocol for grafana
Some checks failed
/ Check formatting (push) Failing after 1s
Details
2024-12-20 16:23:54 +02:00
Ittihadyya
2697607f91 changed secret owner and formatted files
Some checks failed
/ Check formatting (push) Failing after 1s
Details
2024-12-20 16:19:33 +02:00
Ittihadyya
95d419d9e4 added secret handling, so the wireguard network stuff is unnecessary
Some checks failed
/ Check formatting (push) Failing after 1s
Details
2024-12-20 16:10:19 +02:00
Ittihadyya
ec71077ddb further improve caddyfile
Some checks failed
/ Check formatting (push) Failing after 1s
Details
2024-12-20 15:45:33 +02:00
Ittihadyya
bf3dfc7b57 updated Caddyfile logic
Some checks failed
/ Check formatting (push) Failing after 1s
Details
2024-12-20 15:29:14 +02:00
Ittihadyya
b73daed1c9 updated some comments and added grafana to caddyfile, currently restricted to the IP range of the wireguard network.
Some checks failed
/ Check formatting (push) Failing after 1s
Details
2024-12-20 15:19:30 +02:00
Ittihadyya
634b971019 open ports in firewall
Some checks failed
/ Check formatting (push) Failing after 1s
Details
2024-12-20 15:06:32 +02:00
Ittihadyya
a6f6a9235e syntax fumbled
Some checks failed
/ Check formatting (push) Failing after 1s
Details
2024-12-20 14:59:49 +02:00
Ittihadyya
3b3bbb61c3 added prometheus
Some checks failed
/ Check formatting (push) Failing after 1m50s
Details
2024-12-20 13:12:54 +02:00
Ittihadyya
66fe419c0f initial commit for monitoring and formatting
Some checks failed
/ Check formatting (push) Failing after 1s
Details
2024-12-20 12:59:50 +02:00
8 changed files with 126 additions and 7 deletions
Show stats Expand all files Collapse all files

2
adyya-pkgs/adyya_pkgs.mod.nix
View file

@ -66,7 +66,7 @@
{
nixpkgs.overlays = [
(final: prev: {
# beeref = final.callPackage ./beeref.nix {}; # I'M GOING TO TRUNCATE *YOU*, BEEREF.
# beeref = final.callPackage ./beeref.nix {}; # I'M GOING TO TRUNCATE *YOU*, BEEREF.
})
];
}

2
art.mod.nix
View file

@ -18,7 +18,7 @@
darktable
obs-studio
# pureref # not updated on nixpkgs apparently
# beeref # straight up doesn't work
# beeref # straight up doesn't work
];
}
)

8
networking/firewall.mod.nix
View file

@ -23,9 +23,13 @@
networking.firewall = {
allowedTCPPorts = [
64738 # murmur tcp
6700 # grafana
6750 # prometheus
];
allowedUDPPorts = [
64738 # murmur udp
6700 # grafana
6750 # prometheus
];
};
}
@ -36,9 +40,9 @@
services.fail2ban.enable = true;
networking.firewall = {
interfaces.eth0.allowedTCPPorts = [
80
80 # http
222 # forgejo ssh
443
443 # https
64738 # murmur tcp
];
interfaces.eth0.allowedUDPPorts = [

10
secrets.yaml
View file

@ -22,6 +22,10 @@ murmur_welcome_message: ENC[AES256_GCM,data:k05ez0/raIbgBMu90NrAg5O1nkucDibQXdj8
murmur_login_password: ENC[AES256_GCM,data:Fh6XjSxiLEP1jE56D9JRv0TokYOjEafeDkrh9/x5f+Rv4qgH18k54Le4dyl3EzNQ,iv:QbAPJx4xe2DT7AhXbOvQto4M6ICKVlJ/BXoP3ORjd4o=,tag:clHHTrQdi1bzA21gjY7mSg==,type:str]
forgejo_runner_glucose_token: ENC[AES256_GCM,data:UWzKhDUojVrSWbS2sDyX8xdK9albNoHr9PACjbtd1YKhukfjC0W1ig==,iv:13gymOJQlwWrpz7CMweBf++BsLCJvq6XMv4CMdb32gk=,tag:tPgk6x8GLS9HH2VDuwPdvA==,type:str]
forgejo_runner_fructose_token: ENC[AES256_GCM,data:vExgJdEHpqzn6DAsMVnE2e3EmgehZMFnPTAV/VYOGvl6kgTYqYoBhA==,iv:dja9VC4Pr9asl/I4ieg5c718V4Nq+pqvB8c7oQD5Qqc=,tag:ynFs2NQX466ECYnsmeUFzg==,type:str]
grafana_admin_account: ENC[AES256_GCM,data:kDj9o2cpRLmpRVwONBI=,iv:cQfeFhBAVMSysP43J+eDVKAmn1NM+aUN9huraGgpRkY=,tag:AFIr0pwRvHj8ruDAqc2Lww==,type:str]
grafana_admin_pass: ENC[AES256_GCM,data:AnuVrCJcfj1cHP5W2s5eDlRLaJTOc0T7W3sS2/flnA==,iv:EA0SGXxf9kF+ltmNgcd3rGE7Jmg8/+s3Gip0uByEF9o=,tag:Rm+eSe+H1uytm/MMxMuZpw==,type:str]
grafana_db_pass: ENC[AES256_GCM,data:2yVNv62go7Bxgmhoqx6J5WU=,iv:4VGAsT4WR0J/aNKUjts+rUIK5UR8OyHjCln4NXnS0LA=,tag:0KtbBFX+3+5fp6ekDSKGrw==,type:str]
grafana_secret_key: ENC[AES256_GCM,data:w5wrktLlSo8iIfc+r4Rc+XGj5RuXLeRvtTc3iHeGBZclrl+PsjIKf70p,iv:b0NM55wvDCyAtuBebjBgu2Zxio9cPTkFSNusu7veC4o=,tag:3suBUO0tizxjepLgJ1e1mw==,type:str]
sops:
kms: []
gcp_kms: []
@ -37,8 +41,8 @@ sops:
NHg3M2l5MWY2alpHdVhIbE5PQ3VxeW8Kr+o5K2EIrPSfIFBWK68mWl4lWJooZxF/
vKsU99C2iIsbX/eTF2uNQqeDkOqy5egKCG42xikwycGFO/gbnCDIdw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-26T10:35:19Z"
mac: ENC[AES256_GCM,data:sP45NUFj0qRLYj3w1bZN2C5gzOef4O7GFtE7GOkDHm4IQ8YaDJW+rt3DHiAqGt34qAHcP4ahDKpsL9S1ZPs4fw+DFUEdWZROUFAMS1OsTurVQUPt08DzC8mi6t3SH4ud6YZw3l6M8eja80BK7KsEBMD4UfxoP4pgQB4oOSRoJn4=,iv:5WJq42Idwu7oMKBQBGuFp44+Bnh/Ncgkuhq0lPi+Rxc=,tag:9O45IrqkMWVtyXgXBv1bmg==,type:str]
lastmodified: "2024-12-20T15:19:45Z"
mac: ENC[AES256_GCM,data:vDwQ9F9DgTAqdEjA5zDBR6v3ZCLM5VpZZoMpkrOC0baudVqPK7tt8IcyxgfESn9yJ/GGHwkHgmYvQSOSReEjwKtnMjoTjvAl41PBMwG1+5/c7nqliajk0Sx+znXxDoSIKac4XYlWp5J5myK+wln7pTwy0y7/CgKlsyhIOOxOKec=,iv:1hlEIE8rxk74mb6v8Z9wVel01mtF96eOwsPka2os5L8=,tag:PN4soo9Ko5PlUMbI9HeXow==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1
version: 3.9.2

7
services/caddy/Caddyfile
View file

@ -48,4 +48,11 @@ https://cache.collective-conciousness.monster {
encode zstd gzip
reverse_proxy 10.24.1.4:5020
}
https://grf.collective-conciousness.monster {
encode zstd gzip
reverse_proxy 10.24.1.4:6700
}

60
services/monitoring/grafana.mod.nix Normal file
View file

@ -0,0 +1,60 @@
{
glucose.modules = [
({
config,
lib,
...
}: {
services.grafana = {
enable = true;
dataDir = "/var/services/grafana";
# declarativePlugins = null;
settings = {
analytics = {
check_for_plugin_updates = false;
check_for_updates = false;
feedback_links_enabled = false;
reporting_enabled = false;
};
database = {
host = "10.24.1.9:5432";
type = "postgres";
name = "grafanadb";
user = "grafana";
password = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_db_pass.path}}"];
};
# paths = {};
security = {
admin_user = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_admin_account.path}}"];
admin_password = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_admin_pass.path}}"];
secret_key = builtins.concatStringsSep "" ["$__file" "{${config.sops.secrets.grafana_secret_key.path}}"];
disable_gravatar = true;
cookie_secure = true;
};
server = {
root_url = "https://grf.collective-conciousness.monster";
enable_gzip = true;
http_addr = "0.0.0.0";
http_port = 6700;
};
# smtp = {};
users = {
allow_org_create = true;
default_theme = "system";
};
};
/*
provision = {
alerting = {};
dashboards = {};
datasources = {};
};
*/
};
})
];
}

34
services/monitoring/prometheus.mod.nix Normal file
View file

@ -0,0 +1,34 @@
{
universal.modules = [
{
services.prometheus.exporters = {
node = {
enable = true;
enabledCollectors = ["systemd"];
port = 6703;
};
varnish.enable = true;
};
}
];
glucose.modules = [
{
services.prometheus = {
enable = true;
port = 6750;
enableReload = true;
scrapeConfigs = [
{
job_name = "devices";
static_configs = [
{
targets = ["10.24.1.4:6703" "10.24.1.9:6703" "10.24.1.16:6703" "10.24.1.225:6703" "10.24.1.196:6703"];
}
];
}
];
};
}
];
}

10
sops.mod.nix
View file

@ -54,6 +54,16 @@
'';
}
)
({config, ...}: {
sops.secrets.grafana_admin_pass = {};
sops.secrets.grafana_admin_account = {};
sops.secrets.grafana_db_pass = {};
sops.secrets.grafana_secret_key = {};
sops.secrets.grafana_admin_account.owner = "grafana";
sops.secrets.grafana_admin_pass.owner = "grafana";
sops.secrets.grafana_db_pass.owner = "grafana";
sops.secrets.grafana_secret_key.owner = "grafana";
})
(
{config, ...}: {
sops.secrets.murmur_login_password = {};