From 344d447b8eb88cc71cda3caed087e25aa8ad375d Mon Sep 17 00:00:00 2001 From: Felix Albrigtsen Date: Tue, 25 Jul 2023 19:15:19 +0200 Subject: [PATCH] Add worf keys and zfs-exporter --- .sops.yaml | 5 +++- base.nix | 1 + hosts/voyager/filesystems.nix | 1 + hosts/voyager/services/metrics/prometheus.nix | 6 ++++ secrets/voyager/voyager.yaml | 29 ++++++++++++------- 5 files changed, 31 insertions(+), 11 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index e23962b..26b50bb 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,5 +1,6 @@ keys: - - &user_felixalb age1n6j9umxfn5ekvmsrqngdhux0y994yh72sd5xdt6sxec86k4dyu9shsgjkw + - &user_felixalb_old age1n6j9umxfn5ekvmsrqngdhux0y994yh72sd5xdt6sxec86k4dyu9shsgjkw + - &user_felixalb age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf - &host_voyager age14jzavfeg47pgnrstea6yzvh3s3a578nj8hkk8g79vxyzpn86gslscp23qu creation_rules: @@ -7,6 +8,7 @@ creation_rules: - path_regex: secrets/[^/]+\.yaml$ key_groups: - age: + - *user_felixalb_old - *user_felixalb # Host specific secrets @@ -14,4 +16,5 @@ creation_rules: key_groups: - age: - *host_voyager + - *user_felixalb_old - *user_felixalb diff --git a/base.nix b/base.nix index 9b9e049..5e11c0a 100644 --- a/base.nix +++ b/base.nix @@ -66,6 +66,7 @@ uid = 1000; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDKzPICGew7uN0cmvRmbwkwTCodTBUgEhkoftQnZuO4Q felixalbrigtsen@gmail.com" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBTXSL0w7OUcz1LzEt1T3I3K5RgyNV+MYz0x/1RbpDHQ felixalb@worf" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHkLmJIkBM6AMbYM/hYm27Flgya81UiGqh9/owYWmrbZ home.feal.no" ]; }; diff --git a/hosts/voyager/filesystems.nix b/hosts/voyager/filesystems.nix index d852fc7..c53ff3b 100644 --- a/hosts/voyager/filesystems.nix +++ b/hosts/voyager/filesystems.nix @@ -11,6 +11,7 @@ kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages; }; services.zfs.autoScrub.enable = true; + services.prometheus.exporters.zfs.enable = true; # Network mounts (import) fileSystems = { diff --git a/hosts/voyager/services/metrics/prometheus.nix b/hosts/voyager/services/metrics/prometheus.nix index 0ee6fd0..4cf871b 100644 --- a/hosts/voyager/services/metrics/prometheus.nix +++ b/hosts/voyager/services/metrics/prometheus.nix @@ -55,6 +55,12 @@ in { } ]; } + { + job_name = "zfs"; + static_configs = [ + { targets = ["127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}"]; } + ]; + } ]; }; } diff --git a/secrets/voyager/voyager.yaml b/secrets/voyager/voyager.yaml index dfb7340..0d4b0a8 100644 --- a/secrets/voyager/voyager.yaml +++ b/secrets/voyager/voyager.yaml @@ -30,20 +30,29 @@ sops: - recipient: age14jzavfeg47pgnrstea6yzvh3s3a578nj8hkk8g79vxyzpn86gslscp23qu enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOZml2bXBjSUYrMW5RcnFl - MTRzM1p2L1JMTGJCamk1RHczOStQUjlFSDFzCmdGTDYrYUhJUjAyYWdkclgwazNt - UWVqY0JxYXh3cXVyNjlSZ2h6c0R4REEKLS0tIDZHY0F6M0lOZ1JRelp3Umx0aW4x - cjRUa2szZGZuSnhjd3hCNmYvV0tXTmMKlYuaUIvwTv8NpaoBYVva4jbRemkFTdfU - yP4J5RyUry83aVlHFQ2f7neBpWc6A2rePl3XuEQxSggl13hh71H+nw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCOUxoemtPaURCdGdhSmc4 + RWZKNlduSVQxTmJPQ29YVDFIUHQ0bTkvdVJJCjgySTFKd1kvVk1pbnJCbi9JWENW + MmxhVGVtanNWNGppZ1dPcjJSdmhYdXcKLS0tIGRTSGxvelZwbE9sR0JpeExSaStE + dytwYnN5bkt5b0lla0ljcW15bU1NMWsKimYSeyPLuqVE2hTh8PNZwI1+Rq/cR10i + nJuRRCuL01ACJVypn57k6/wakLO84/+dyjazrjleUsEpQB2K3wBAkg== -----END AGE ENCRYPTED FILE----- - recipient: age1n6j9umxfn5ekvmsrqngdhux0y994yh72sd5xdt6sxec86k4dyu9shsgjkw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOOG5GSDd4R09mZ2QvT0dy - YnIxMWNBL3huMXNmcjV0a1VlS0FxS1JtSFVjCmthenVlYytjZklxNk43YlR5NExG - aVQ2K1ZsbHdWTm91d1JvNDVsYW1FSEkKLS0tIFpTeG1zcVRpWWlWUE1abllKR1BW - THFRNjZXc0RsS0xKK1BkeEU1UzA4MW8KgOIQyL6A9u+Ii8zYkHJDWVAG/EEc61Qh - u+VFyGB7esTG56G19u1aCHB/NUxG5HYMG/DEqH/SyCyKUvHrXjEF4g== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXZ1RDeDE3UytQWlhJcStD + djVTM09UK3FBQThhc1BvWVhBeEVPU2RTdUcwCnNQcnlScnhUUmpSV2tnWGZSam1H + cTdIZ0tiR3lvaWUzSVE2OUI0Q1FGYVEKLS0tIDlRdkpmSGk2UFRxclQ5b2lJRG5y + b3BLS0o4WXQxdW1PR0dPa0NLamJOTEEKY66UiTF6+hJtfMB8tPge8Xaz9riB2veK + WEsq72StufeZDjGxkhAGOTZHg9poG6YgBFnt+PMbe9DACfVbAfPP2Q== + -----END AGE ENCRYPTED FILE----- + - recipient: age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1NXBlZk5DbW1VSHBPZVBq + UmVDNU9tMkdHMW04aloyQlpCUHdCS1JYcWpzCmRXNnFzSnFNZ2ZIVXJRMGJvaVV6 + WitBeGorNU5Mb2VWRE5WTkx6dzQ5QUkKLS0tIHhVM1lmbkNBWXExUlBXd0pzTHVD + NENEM2VLRDBzTWM0ckdPVThaeE0xL2MKTAvsDKgaoj0Fz9CoNbP6s1kROlDbbXtB + 4rFRGN+WZJrBioz5nN4kR7mVFKa4w6z6Pu3D5WLyK7UQQkZJ64avdw== -----END AGE ENCRYPTED FILE----- lastmodified: "2023-06-08T21:22:10Z" mac: ENC[AES256_GCM,data:l7sZPbR3pihdoWEtfAB8yHAVtGfvnz+7dFos6b3TyBRhJmKlnd/zux9Lpw+KFh7y16KQDwE0rJlGf4+gkwM5SyMSHl3L4U430DeXhbcTLTGSFq7WLk5bnJgOYHv9t8zqHI8qsHJKarYca0KhtzLUFQG8U4wbJCzAJajGp9bVEyE=,iv:2xm1vi+GPt1Of5t9iWeyzcuzqFWiFjDk8juL+AnsiM8=,tag:BHLjw12RzORzUL2jI8+kdw==,type:str]