felixalb/nixos-config
felixalb/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

remove host: chapel

Browse Source
This commit is contained in:
Felix Albrigtsen 2023-10-14 00:11:53 +02:00
parent f749bb42a2
commit 3595e6132b
15 changed files with 2 additions and 37693 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -7,9 +7,9 @@ Notice, these things might be missing:
### Build:
- Build locally on another machine (verify)
```
nix --extra-experimental-features "nix-command flakes" build ".#nixosConfigurations.chapel.config.system.build.toplevel"
nix --extra-experimental-features "nix-command flakes" build ".#nixosConfigurations.sarek.config.system.build.toplevel"
```
(replace "chapel" with the hostname)
(replace "sarek" with the hostname)
- Build, install and switch on the actual target
```

10
flake.nix
View File

@ -83,16 +83,6 @@
}
];
};
chapel = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {
inherit inputs;
};
modules = [
./hosts/chapel/configuration.nix
sops-nix.nixosModules.sops
];
};
redshirt = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = {

79
hosts/chapel/configuration.nix
View File

@ -1,79 +0,0 @@
{ config, pkgs, ... }:
{
imports =
[
../../base.nix
../../common/metrics-exporters.nix
./hardware-configuration.nix
./services/nginx.nix
./services/metrics
./services/cloudflared.nix
];
networking = {
hostName = "chapel";
defaultGateway = "192.168.10.1";
interfaces.eth0.ipv4 = {
addresses = [
{ address = "192.168.10.100"; prefixLength = 24; }
];
};
};
environment.variables = { EDITOR = "vim"; };
environment.systemPackages = with pkgs; [
((vim_configurable.override { }).customize{
name = "vim";
vimrcConfig.packages.myplugins = with pkgs.vimPlugins; {
start = [ vim-nix vim-lastplace ];
opt = [];
};
vimrcConfig.customRC = ''
" your custom vimrc
set number
set relativenumber
set nu rnu
set signcolumn=number
set hlsearch
set smartcase
set incsearch
set autoindent
set expandtab
set shiftwidth=2
set tabstop=2
set smartindent
set smarttab
set ruler
set undolevels=1000
set nocompatible
set backspace=indent,eol,start
" Turn on syntax highlighting by default
syntax on
" ...
'';
}
)
];
networking.firewall.allowedTCPPorts = [ 80 3100 ];
# system.copySystemConfiguration = true;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "22.05"; # Did you read the comment?
}

36
hosts/chapel/hardware-configuration.nix
View File

@ -1,36 +0,0 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[ (modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{ device = "/dev/disk/by-uuid/f7086b7c-581e-40d4-90c0-47cb767395c7";
fsType = "ext4";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/4303-A70F";
fsType = "vfat";
};
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.ens18.useDHCP = lib.mkDefault true;
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

24
hosts/chapel/services/cloudflared.nix
View File

@ -1,24 +0,0 @@
{ config, pkgs, ... }:
{
users.users.cloudflared = {
group = "cloudflared";
isSystemUser = true;
};
users.groups.cloudflared = { };
environment.systemPackages = [
pkgs.cloudflared
];
systemd.services.cloudflared_tunnel = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
serviceConfig = {
ExecStart = "${pkgs.cloudflared}/bin/cloudflared tunnel --no-autoupdate run --token=TODO_FIXSECRETS";
Restart = "always";
User = "cloudflared";
Group = "cloudflared";
};
};
}

22
hosts/chapel/services/hedgedoc.nix
View File

@ -1,22 +0,0 @@
{ config, pkgs, ... }:
{
services.hedgedoc = {
enable = true;
settings = {
port = 3031;
allowFreeURL = true;
};
config = {
domain = "md.feal.no";
db = {
dialect = "mysql";
host = "mysql.home.feal.no";
port = 3306;
database = "hedgedoc";
username = "hedgedoc";
password = "DummyPasswordPlzSops";
};
};
};
}

23147
hosts/chapel/services/metrics/dashboards/node-exporter-full.json
View File

File diff suppressed because it is too large Load Diff

7019
hosts/chapel/services/metrics/dashboards/openwrt.json
View File

File diff suppressed because it is too large Load Diff

7114
hosts/chapel/services/metrics/dashboards/synology-nas-details.json
View File

File diff suppressed because it is too large Load Diff

10
hosts/chapel/services/metrics/default.nix
View File

@ -1,10 +0,0 @@
{ config, pkgs, ... }:
{
imports = [
./prometheus.nix
./grafana.nix
./loki.nix
./snmp-exporter.nix
];
}

64
hosts/chapel/services/metrics/grafana.nix
View File

@ -1,64 +0,0 @@
{ config, pkgs, ... }:
let
cfg = config.services.grafana;
in {
services.grafana = {
enable = true;
settings.server = {
domain = "grafana.feal.no";
http_port = 2342;
http_addr = "127.0.0.1";
};
provision = {
enable = true;
datasources.settings.datasources = [
{
name = "Prometheus";
type = "prometheus";
url = ("http://${config.services.prometheus.listenAddress}:${toString config.services.prometheus.port}");
isDefault = true;
}
{
name = "Loki";
type = "loki";
url = ("http://${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}");
}
];
dashboards.settings.providers = [
{
name = "Node Exporter Full";
type = "file";
url = "https://grafana.com/api/dashboards/1860/revisions/29/download";
options.path = dashboards/node-exporter-full.json;
}
{
name = "Synology NAS Details";
type = "file";
url = "https://grafana.com/api/dashboards/14284/revisions/9/download";
options.path = dashboards/synology-nas-details.json;
}
{
name = "OpenWRT";
type = "file";
url = "https://grafana.com/api/dashboards/11147/revisions/1/download";
options.path = dashboards/openwrt.json;
}
];
};
};
services.nginx.virtualHosts.${cfg.settings.server.domain} = {
locations = {
"/" = {
proxyPass = "http://127.0.0.1:${toString cfg.settings.server.http_port}";
proxyWebsockets = true;
extraConfig = ''
proxy_buffers 8 1024k;
proxy_buffer_size 1024k;
'';
};
};
};
}

75
hosts/chapel/services/metrics/loki.nix
View File

@ -1,75 +0,0 @@
{ config, pkgs, ... }:
let
cfg = config.services.loki;
in {
services.loki = {
enable = true;
configuration = {
auth_enabled = false;
server = {
http_listen_port = 3100;
http_listen_address = "0.0.0.0";
grpc_listen_port = 9096;
};
ingester = {
wal = {
enabled = true;
dir = "/var/lib/loki/wal";
};
lifecycler = {
address = "127.0.0.1";
ring = {
kvstore = {
store = "inmemory";
};
replication_factor = 1;
};
final_sleep = "0s";
};
chunk_idle_period = "1h";
};
schema_config = {
configs = [
{
from = "2022-12-01";
store = "boltdb-shipper";
object_store = "filesystem";
schema = "v11";
index = {
prefix = "index_";
period = "24h";
};
}
];
};
storage_config = {
boltdb_shipper = {
active_index_directory = "/var/lib/loki/boltdb-shipper-index";
cache_location = "/var/lib/loki/boltdb-shipper-cache";
shared_store = "filesystem";
cache_ttl = "24h";
};
filesystem = {
directory = "/var/lib/loki/chunks";
};
};
limits_config = {
enforce_metric_name = false;
reject_old_samples = true;
reject_old_samples_max_age = "72h";
};
compactor = {
working_directory = "/var/lib/loki/compactor";
shared_store = "filesystem";
};
};
};
networking.firewall.allowedTCPPorts = [ cfg.configuration.server.http_listen_port ];
}

60
hosts/chapel/services/metrics/prometheus.nix
View File

@ -1,60 +0,0 @@
{ config, pkgs, ... }:
let
cfg = config.services.prometheus;
in {
services.prometheus = {
enable = true;
listenAddress = "127.0.0.1";
port = 9001;
scrapeConfigs = [
{
job_name = "node";
static_configs = [
{
targets = [
"chapel.home.feal.no:${toString cfg.exporters.node.port}"
"sulu.home.feal.no:9100"
"mccoy.home.feal.no:9100"
"borg.home.feal.no:9100"
"troi.home.feal.no:9100"
"dlink-feal.home.feal.no:9100"
];
}
];
}
{
job_name = "openwrt";
static_configs = [
{ targets = ["dlink-feal.home.feal.no:9100"]; }
];
}
{
job_name = "snmp";
static_configs = [{
targets = [
"feal-syn1.home.feal.no"
"feal-syn2.home.feal.no"
];
}];
metrics_path = "/snmp";
params.module = ["synology"];
relabel_configs = [
{
source_labels = ["__address__"];
target_label = "__param_target";
}
{
source_labels = ["__param_target"];
target_label = "instance";
}
{
target_label = "__address__";
replacement = "127.0.0.1:9116";
}
];
}
];
};
}

20
hosts/chapel/services/metrics/snmp-exporter.nix
View File

@ -1,20 +0,0 @@
{ config, pkgs, ... }:
{
environment.systemPackages = [
pkgs.prometheus-snmp-exporter
];
systemd.services.prometheus-snmp-exporter = {
enable = true;
description = "Gather data from SNMP devices and expose them as Prometheus metrics";
unitConfig = {
Type = "simple";
};
serviceConfig = {
ExecStart = "${pkgs.prometheus-snmp-exporter}/bin/snmp_exporter --config.file='/var/prometheus/snmp.yml'";
# TODO: Fix this conf file!
};
wantedBy = [ "multi-user.target" ];
};
}

11
hosts/chapel/services/nginx.nix
View File

@ -1,11 +0,0 @@
{ config, pkgs, ... }:
{
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
}