Compare commits
8 commits
4b5b41b05a
...
d9a7b3d48c
| Author | SHA1 | Date | |
|---|---|---|---|
d9a7b3d48c
|
|||
|
4169513ead
|
|||
|
bd4d7b5217
|
|||
|
bf74a01049
|
|||
|
83f7700949
|
|||
|
5b6f6ce735
|
|||
|
bd9f66238e
|
|||
|
68852681f7
|
25 changed files with 666 additions and 210 deletions
|
|
@ -15,6 +15,7 @@ creation_rules:
|
||||||
- age:
|
- age:
|
||||||
- *xin
|
- *xin
|
||||||
- *host-calcite
|
- *host-calcite
|
||||||
|
- *host-weilite
|
||||||
- *host-massicot
|
- *host-massicot
|
||||||
- *host-thorite
|
- *host-thorite
|
||||||
- *host-biotite
|
- *host-biotite
|
||||||
|
|
|
||||||
131
flake.lock
generated
131
flake.lock
generated
|
|
@ -2,11 +2,11 @@
|
||||||
"nodes": {
|
"nodes": {
|
||||||
"catppuccin": {
|
"catppuccin": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731232837,
|
"lastModified": 1733001911,
|
||||||
"narHash": "sha256-0aIwr/RC/oe7rYkfJb47xjdEQDSNcqpFGsEa+EPlDEs=",
|
"narHash": "sha256-uX/9m0TbdhEzuWA0muM5mI/AaWcLiDLjCCyu5Qr9MRk=",
|
||||||
"owner": "catppuccin",
|
"owner": "catppuccin",
|
||||||
"repo": "nix",
|
"repo": "nix",
|
||||||
"rev": "32359bf226fe874d3b7a0a5753d291a4da9616fe",
|
"rev": "a817009ebfd2cca7f70a77884e5098d0a8c83f8e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -68,11 +68,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1732645828,
|
"lastModified": 1732988076,
|
||||||
"narHash": "sha256-+4U2I2653JvPFxcux837ulwYS864QvEueIljUkwytsk=",
|
"narHash": "sha256-2uMaVAZn7fiyTUGhKgleuLYe5+EAAYB/diKxrM7g3as=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "disko",
|
"repo": "disko",
|
||||||
"rev": "869ba3a87486289a4197b52a6c9e7222edf00b3e",
|
"rev": "2814a5224a47ca19e858e027f7e8bff74a8ea9f1",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -238,11 +238,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730302582,
|
"lastModified": 1730814269,
|
||||||
"narHash": "sha256-W1MIJpADXQCgosJZT8qBYLRuZls2KSiKdpnTVdKBuvU=",
|
"narHash": "sha256-fWPHyhYE6xvMI1eGY3pwBTq85wcy1YXqdzTZF+06nOg=",
|
||||||
"owner": "cachix",
|
"owner": "cachix",
|
||||||
"repo": "git-hooks.nix",
|
"repo": "git-hooks.nix",
|
||||||
"rev": "af8a16fe5c264f5e9e18bcee2859b40a656876cf",
|
"rev": "d70155fdc00df4628446352fc58adc640cd705c2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -281,11 +281,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731786860,
|
"lastModified": 1733085484,
|
||||||
"narHash": "sha256-130gQ5k8kZlxjBEeLpE+SvWFgSOFgQFeZlqIik7KgtQ=",
|
"narHash": "sha256-dVmNuUajnU18oHzBQWZm1BQtANCHaqNuxTHZQ+GN0r8=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "1bd5616e33c0c54d7a5b37db94160635a9b27aeb",
|
"rev": "c1fee8d4a60b89cae12b288ba9dbc608ff298163",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -303,11 +303,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730490306,
|
"lastModified": 1731235328,
|
||||||
"narHash": "sha256-AvCVDswOUM9D368HxYD25RsSKp+5o0L0/JHADjLoD38=",
|
"narHash": "sha256-NjavpgE9/bMe/ABvZpyHIUeYF1mqR5lhaep3wB79ucs=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "1743615b61c7285976f85b303a36cdf88a556503",
|
"rev": "60bb110917844d354f3c18e05450606a435d2d10",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -332,16 +332,16 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1729544999,
|
"lastModified": 1729958008,
|
||||||
"narHash": "sha256-YcyJLvTmN6uLEBGCvYoMLwsinblXMkoYkNLEO4WnKus=",
|
"narHash": "sha256-EiOq8jF4Z/zQe0QYVc3+qSKxRK//CFHMB84aYrYGwEs=",
|
||||||
"owner": "NuschtOS",
|
"owner": "NuschtOS",
|
||||||
"repo": "ixx",
|
"repo": "ixx",
|
||||||
"rev": "65c207c92befec93e22086da9456d3906a4e999c",
|
"rev": "9fd01aad037f345350eab2cd45e1946cc66da4eb",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "NuschtOS",
|
"owner": "NuschtOS",
|
||||||
"ref": "v0.0.5",
|
"ref": "v0.0.6",
|
||||||
"repo": "ixx",
|
"repo": "ixx",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
|
@ -355,11 +355,11 @@
|
||||||
"nixvim": "nixvim"
|
"nixvim": "nixvim"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730642581,
|
"lastModified": 1732936640,
|
||||||
"narHash": "sha256-Tcq+RnctJTm+TUr1fN3ivqYNcd1pJnHYzLDQdgUCX70=",
|
"narHash": "sha256-NcluA0L+ZV5MUj3UuQhlkGCj8KoEhX/ObWlMHZ/F/ac=",
|
||||||
"ref": "refs/heads/master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "a09d2b94efb5e2d801275a244eedaab0816f3702",
|
"rev": "a3709a89797ea094f82d38edeb4a538c07c8c3fa",
|
||||||
"revCount": 18,
|
"revCount": 20,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.xinyang.life/xin/nixvim"
|
"url": "https://git.xinyang.life/xin/nixvim"
|
||||||
},
|
},
|
||||||
|
|
@ -377,11 +377,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730448474,
|
"lastModified": 1731153869,
|
||||||
"narHash": "sha256-qE/cYKBhzxHMtKtLK3hlSR3uzO1pWPGLrBuQK7r0CHc=",
|
"narHash": "sha256-3Ftf9oqOypcEyyrWJ0baVkRpvQqroK/SVBFLvU3nPuc=",
|
||||||
"owner": "lnl7",
|
"owner": "lnl7",
|
||||||
"repo": "nix-darwin",
|
"repo": "nix-darwin",
|
||||||
"rev": "683d0c4cd1102dcccfa3f835565378c7f3cbe05e",
|
"rev": "5c74ab862c8070cbf6400128a1b56abb213656da",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -418,11 +418,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731814505,
|
"lastModified": 1733024876,
|
||||||
"narHash": "sha256-l9ryrx1Twh08a+gxrMGM9O/aZKEimZfa6sZVyPCImgI=",
|
"narHash": "sha256-vy9Q41hBE7Zg0yakF79neVgb3i3PQMSMR7uHPpPywFE=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "nix-index-database",
|
"repo": "nix-index-database",
|
||||||
"rev": "bdba246946fb079b87b4cada4df9b1cdf1c06132",
|
"rev": "6e0b7f81367069589a480b91603a10bcf71f3103",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -442,11 +442,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731808759,
|
"lastModified": 1733104664,
|
||||||
"narHash": "sha256-WwJqguc/5Q7HEwHlgDzDT8mtd8ZxInxZM2neJKC1oh8=",
|
"narHash": "sha256-UhlyYYO84s36aSj0/xZdclY6CgwJSWPYtTHTOBuHodM=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nix-vscode-extensions",
|
"repo": "nix-vscode-extensions",
|
||||||
"rev": "5cf92678e6799ce45442dee4c9cb8094843c7cfa",
|
"rev": "e3a9b717e8327886d4ab6115f6989f4d1ef44e51",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -457,11 +457,11 @@
|
||||||
},
|
},
|
||||||
"nixos-hardware": {
|
"nixos-hardware": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731797098,
|
"lastModified": 1733066523,
|
||||||
"narHash": "sha256-UhWmEZhwJZmVZ1jfHZFzCg+ZLO9Tb/v3Y6LC0UNyeTo=",
|
"narHash": "sha256-aQorWITXZu7b095UwnpUvcGt9dNJie/GO9r4hZfe2sU=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixos-hardware",
|
"repo": "nixos-hardware",
|
||||||
"rev": "672ac2ac86f7dff2f6f3406405bddecf960e0db6",
|
"rev": "fe01780d356d70fd119a19277bff71d3e78dad00",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -473,11 +473,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730200266,
|
"lastModified": 1731139594,
|
||||||
"narHash": "sha256-l253w0XMT8nWHGXuXqyiIC/bMvh1VRszGXgdpQlfhvU=",
|
"narHash": "sha256-IigrKK3vYRpUu+HEjPL/phrfh7Ox881er1UEsZvw9Q4=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "807e9154dcb16384b1b765ebe9cd2bba2ac287fd",
|
"rev": "76612b17c0ce71689921ca12d9ffdc9c23ce40b2",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -501,11 +501,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731652201,
|
"lastModified": 1733016324,
|
||||||
"narHash": "sha256-XUO0JKP1hlww0d7mm3kpmIr4hhtR4zicg5Wwes9cPMg=",
|
"narHash": "sha256-8qwPSE2g1othR1u4uP86NXxm6i7E9nHPyJX3m3lx7Q4=",
|
||||||
"owner": "nixos",
|
"owner": "nixos",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "c21b77913ea840f8bcf9adf4c41cecc2abffd38d",
|
"rev": "7e1ca67996afd8233d9033edd26e442836cc2ad6",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -515,29 +515,13 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs-stable_2": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1731797254,
|
|
||||||
"narHash": "sha256-df3dJApLPhd11AlueuoN0Q4fHo/hagP75LlM5K1sz9g=",
|
|
||||||
"owner": "NixOS",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"rev": "e8c38b73aeb218e27163376a2d617e61a2ad9b59",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "NixOS",
|
|
||||||
"ref": "release-24.05",
|
|
||||||
"repo": "nixpkgs",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731819057,
|
"lastModified": 1733128666,
|
||||||
"narHash": "sha256-nfqKsQhFCakM+eIKGf/JWu/g56rOPoGny10EZN8q7R0=",
|
"narHash": "sha256-JOIhbU0EPRXwFv1wCXGTkUZ9KnIcLxChvCqeV9hh63U=",
|
||||||
"owner": "xinyangli",
|
"owner": "xinyangli",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "b2644ed7258502987ad4a70cf8959bf5a26ce26d",
|
"rev": "6273ca0a0fd51ac708a71e380c0cda97a72bbb07",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -560,11 +544,11 @@
|
||||||
"treefmt-nix": "treefmt-nix"
|
"treefmt-nix": "treefmt-nix"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730569492,
|
"lastModified": 1731527733,
|
||||||
"narHash": "sha256-NByr7l7JetL9kIrdCOcRqBu+lAkruYXETp1DMiDHNQs=",
|
"narHash": "sha256-12OpSgbLDiKmxvBXwVracIfGI9FpjFyHpa1r0Ho+NFA=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nixvim",
|
"repo": "nixvim",
|
||||||
"rev": "6f210158b03b01a1fd44bf3968165e6da80635ce",
|
"rev": "f11a877bcc1d66cc8bd7990c704f91c1e99c7d08",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -575,11 +559,11 @@
|
||||||
},
|
},
|
||||||
"nur": {
|
"nur": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731819675,
|
"lastModified": 1733125101,
|
||||||
"narHash": "sha256-GGp/rEfxRdi1BD9TlHoXxp2g9IuKDp0Jk7wYh1LacP8=",
|
"narHash": "sha256-C8f6ekiZ4kP84JWLDrMigvnSK6RXQoxLEDoteXMx1yc=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "NUR",
|
"repo": "NUR",
|
||||||
"rev": "59740d792bea5caa547c9bc7ce366802ecfafb7f",
|
"rev": "1844924bf1e7e5a98198eca17b6c27cc9a363b05",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -599,11 +583,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1730515563,
|
"lastModified": 1731060242,
|
||||||
"narHash": "sha256-8lklUZRV7nwkPLF3roxzi4C2oyLydDXyAzAnDvjkOms=",
|
"narHash": "sha256-43yLsOm/wxBbfYSNDWVJeVv5Ij+23X3BIjFUfsdx/6M=",
|
||||||
"owner": "NuschtOS",
|
"owner": "NuschtOS",
|
||||||
"repo": "search",
|
"repo": "search",
|
||||||
"rev": "9e22bd742480916ff5d0ab20ca2522eaa3fa061e",
|
"rev": "ef493352f9e1f051e01a55c062731503a6b36b4e",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
@ -633,15 +617,14 @@
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
],
|
]
|
||||||
"nixpkgs-stable": "nixpkgs-stable_2"
|
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1731814239,
|
"lastModified": 1733128155,
|
||||||
"narHash": "sha256-TGnMXCeXS924w9W6CvRFtUCUFr8E/RK138lHxU3vcw8=",
|
"narHash": "sha256-m6/qwJAJYcidGMEdLqjKzRIjapK4nUfMq7rDCTmZajc=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "47fc1d8c72dbd69b32ecb2019b5b648da3dd20ce",
|
"rev": "c6134b6fff6bda95a1ac872a2a9d5f32e3c37856",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
||||||
|
|
@ -125,7 +125,8 @@ in
|
||||||
profiles.default = {
|
profiles.default = {
|
||||||
isDefault = true;
|
isDefault = true;
|
||||||
userChrome = ''
|
userChrome = ''
|
||||||
#titlebar {
|
|
||||||
|
#TabsToolbar {
|
||||||
display: none;
|
display: none;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -136,7 +137,7 @@ in
|
||||||
[titlepreface*="."] #sidebar-header {
|
[titlepreface*="."] #sidebar-header {
|
||||||
visibility: collapse !important;
|
visibility: collapse !important;
|
||||||
}
|
}
|
||||||
[titlepreface*="."] #titlebar {
|
[titlepreface*="."] #TabsToolbar {
|
||||||
visibility: collapse;
|
visibility: collapse;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -148,7 +149,7 @@ in
|
||||||
min-width: var(--uc-sidebar-width) !important;
|
min-width: var(--uc-sidebar-width) !important;
|
||||||
width: var(--uc-sidebar-width) !important;
|
width: var(--uc-sidebar-width) !important;
|
||||||
max-width: var(--uc-sidebar-width) !important;
|
max-width: var(--uc-sidebar-width) !important;
|
||||||
z-index:1;
|
z-index: calc(var(--browser-area-z-index-tabbox) + 1);
|
||||||
}
|
}
|
||||||
|
|
||||||
#sidebar-box[positionend]{ direction: rtl }
|
#sidebar-box[positionend]{ direction: rtl }
|
||||||
|
|
@ -190,12 +191,12 @@ in
|
||||||
transition-delay: 0ms !important;
|
transition-delay: 0ms !important;
|
||||||
}
|
}
|
||||||
|
|
||||||
.sidebar-panel{
|
.sidebar-placeTree {
|
||||||
background-color: transparent !important;
|
/* background-color: transparent !important; */
|
||||||
color: var(--newtab-text-primary-color) !important;
|
color: var(--newtab-text-primary-color) !important;
|
||||||
}
|
}
|
||||||
|
|
||||||
.sidebar-panel #search-box{
|
.sidebar-placeTree #search-box{
|
||||||
-moz-appearance: none !important;
|
-moz-appearance: none !important;
|
||||||
background-color: rgba(249,249,250,0.1) !important;
|
background-color: rgba(249,249,250,0.1) !important;
|
||||||
color: inherit !important;
|
color: inherit !important;
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,5 @@
|
||||||
{
|
{
|
||||||
|
pkgs,
|
||||||
lib,
|
lib,
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
|
|
@ -7,6 +8,8 @@
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configurations.nix
|
./hardware-configurations.nix
|
||||||
./services/gotosocial.nix
|
./services/gotosocial.nix
|
||||||
|
./services/synapse.nix
|
||||||
|
./services/restic.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.hostName = "biotite";
|
networking.hostName = "biotite";
|
||||||
|
|
@ -43,6 +46,37 @@
|
||||||
services.caddy.enable = true;
|
services.caddy.enable = true;
|
||||||
services.tailscale.enable = true;
|
services.tailscale.enable = true;
|
||||||
|
|
||||||
|
services.postgresql = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.postgresql_17;
|
||||||
|
settings = {
|
||||||
|
allow_alter_system = false;
|
||||||
|
# DB Version: 17
|
||||||
|
# OS Type: linux
|
||||||
|
# DB Type: mixed
|
||||||
|
# Total Memory (RAM): 8 GB
|
||||||
|
# CPUs num: 4
|
||||||
|
# Data Storage: ssd
|
||||||
|
max_connections = 100;
|
||||||
|
shared_buffers = "2GB";
|
||||||
|
effective_cache_size = "6GB";
|
||||||
|
maintenance_work_mem = "512MB";
|
||||||
|
checkpoint_completion_target = 0.9;
|
||||||
|
wal_buffers = "16MB";
|
||||||
|
default_statistics_target = 100;
|
||||||
|
random_page_cost = 1.1;
|
||||||
|
effective_io_concurrency = 200;
|
||||||
|
work_mem = "5242kB";
|
||||||
|
huge_pages = "off";
|
||||||
|
min_wal_size = "1GB";
|
||||||
|
max_wal_size = "4GB";
|
||||||
|
max_worker_processes = 4;
|
||||||
|
max_parallel_workers_per_gather = 2;
|
||||||
|
max_parallel_workers = 4;
|
||||||
|
max_parallel_maintenance_workers = 2;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
users.users.root.hashedPassword = "$y$j9T$NToEZWJBONjSgRnMd9Ur9/$o6n7a9b8eUILQz4d37oiHCCVnDJ8hZTZt.c.37zFfU.";
|
users.users.root.hashedPassword = "$y$j9T$NToEZWJBONjSgRnMd9Ur9/$o6n7a9b8eUILQz4d37oiHCCVnDJ8hZTZt.c.37zFfU.";
|
||||||
|
|
||||||
system.stateVersion = "24.11";
|
system.stateVersion = "24.11";
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,10 @@
|
||||||
gotosocial:
|
gotosocial:
|
||||||
oidc_client_secret: ENC[AES256_GCM,data:KVQxzs67sohax2h0Y/jjhnbY4fetrdVvWhBGbqgDSGgBC7QazrOmTA++BSRzMmVv,iv:HIRMc56aLanqQRTWH9E0wzzXymImi0pxK/ccPEP8Fcc=,tag:PMhOLeE3mKIIQveRdfpgpA==,type:str]
|
oidc_client_secret: ENC[AES256_GCM,data:KVQxzs67sohax2h0Y/jjhnbY4fetrdVvWhBGbqgDSGgBC7QazrOmTA++BSRzMmVv,iv:HIRMc56aLanqQRTWH9E0wzzXymImi0pxK/ccPEP8Fcc=,tag:PMhOLeE3mKIIQveRdfpgpA==,type:str]
|
||||||
|
synapse:
|
||||||
|
oidc_client_secret: ENC[AES256_GCM,data:TdZF8Bo+h34fn03sPpt7JEqmP8Cwm8V++q9VDvaapMBc3rlkrVu3iDUhQE2DvJri,iv:/QNX+aYUPpDKIqWZ13TLAznR3ZpUPI8rQHrJuqv7R+g=,tag:lcBIpeWiIXK/NV84uuxNiA==,type:str]
|
||||||
|
restic:
|
||||||
|
repo_url: ENC[AES256_GCM,data:ZcBMqwEsyc7zyEftJZj4XkKBzUHwlqd6cjX8xVDn9m26jBL7aP5atpnXDRE9FXY4CuAllFyQZyAOQ2L61Nfx+iplL2ADbSoH,iv:fhNODiyoOlZEqYR2O/GsH2IWTPDr3rXSJgWC/EFDLSA=,tag:nZdKKnpiszSiXxdZI1KQ/A==,type:str]
|
||||||
|
repo_password: ENC[AES256_GCM,data:9YDOz1tiyykz6zSXboWtIg==,iv:j96mRLXGuD4NZcC0Nv1yXFbtOlr6UborqclefZ7J94w=,tag:MqhSewK2NuckTJBf7xu+lA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
|
@ -24,8 +29,8 @@ sops:
|
||||||
RzBMVDNjS29SUkdRK3dIV01sU0hYR3cK1SbvKAM6Gpsffv3HIi/WtWnCZUBic0AT
|
RzBMVDNjS29SUkdRK3dIV01sU0hYR3cK1SbvKAM6Gpsffv3HIi/WtWnCZUBic0AT
|
||||||
ZRv4pvJBx1oxWsKIHW0t6VrqWMQ+suup8p6dW+h5HE8Z4ciIMrXLEg==
|
ZRv4pvJBx1oxWsKIHW0t6VrqWMQ+suup8p6dW+h5HE8Z4ciIMrXLEg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-12-02T05:10:32Z"
|
lastmodified: "2024-12-03T07:38:24Z"
|
||||||
mac: ENC[AES256_GCM,data:ZAdFsjVuk1Fiv+DKmHrc1yu1XQpRDmRHaQhu5hduSZUa1W1cXdTlChvIW5vADFg5tVCjuYptuLvCMW+ZSQeqqG2ntHHZ+IkuovZzKFuc+BIiL/jF2ZzbyJ7X4Wj1GziCScHVxx98dgbpFoufHe6N3wCaHmngo1RYsY5N1RRbRdU=,iv:5IMQ0kOX9UAOm8bcsQRyu6zu8GJjvnHFufCNjY0s9UI=,tag:zBEPSR9DZDpwbCaIka8mXA==,type:str]
|
mac: ENC[AES256_GCM,data:KMKdwgu9+3DjG1lrQYQEz/jYWsHUBK6RgHRyRKzWG0jTDg30owRpCgnSnX5gHzygmSYSnVRtcTOWzqm5bI7/KJkXBivaqkLqCh6EHnTj+pnAHmeEOAjoOVLOMSCEYvHMf/EuJIL199Hf2G12LtulDJV7Wi5r5Jy8L9odVlYuM9g=,iv:WTeqWdIztScZnXc2hzI7JHO/4ySgqycOp2eN9EPTQpw=,tag:lTMrE5JVVFCIDehXCxJZoQ==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.1
|
version: 3.9.1
|
||||||
|
|
|
||||||
|
|
@ -27,13 +27,13 @@
|
||||||
oidc-client-id = "gotosocial";
|
oidc-client-id = "gotosocial";
|
||||||
oidc-link-existing = true;
|
oidc-link-existing = true;
|
||||||
};
|
};
|
||||||
|
setupPostgresqlDB = true;
|
||||||
environmentFile = config.sops.templates."gotosocial.env".path;
|
environmentFile = config.sops.templates."gotosocial.env".path;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.caddy = {
|
services.caddy = {
|
||||||
virtualHosts."https://gts.xiny.li".extraConfig = ''
|
virtualHosts."https://gts.xiny.li".extraConfig = ''
|
||||||
encode zstd gzip
|
reverse_proxy http://${config.services.gotosocial.settings.bind-address}:${toString config.services.gotosocial.settings.port} {
|
||||||
reverse_proxy * http://${config.services.gotosocial.settings.bind-address}:${toString config.services.gotosocial.settings.port} {
|
|
||||||
flush_interval -1
|
flush_interval -1
|
||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
|
|
|
||||||
55
machines/biotite/services/restic.nix
Normal file
55
machines/biotite/services/restic.nix
Normal file
|
|
@ -0,0 +1,55 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
sqliteBackup = fromPath: toPath: file: ''
|
||||||
|
mkdir -p ${toPath}
|
||||||
|
${lib.getExe pkgs.sqlite} ${fromPath} ".backup '${toPath}/${file}'"
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
{
|
||||||
|
sops.secrets = {
|
||||||
|
"restic/repo_url" = {
|
||||||
|
sopsFile = ../secrets.yaml;
|
||||||
|
};
|
||||||
|
"restic/repo_password" = {
|
||||||
|
sopsFile = ../secrets.yaml;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
custom.restic = {
|
||||||
|
enable = true;
|
||||||
|
paths = [
|
||||||
|
"/backup/db"
|
||||||
|
"/backup/var/lib"
|
||||||
|
];
|
||||||
|
backupPrepareCommand = [
|
||||||
|
''
|
||||||
|
mkdir -p /backup/var
|
||||||
|
${pkgs.btrfs-progs}/bin/btrfs subvolume snapshot -r /var/lib /backup/var/lib
|
||||||
|
''
|
||||||
|
];
|
||||||
|
backupCleanupCommand = [
|
||||||
|
''
|
||||||
|
${pkgs.btrfs-progs}/bin/btrfs subvolume delete /backup/var/lib
|
||||||
|
''
|
||||||
|
];
|
||||||
|
btrfsRoots = [ ];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.postgresqlBackup = {
|
||||||
|
enable = true;
|
||||||
|
compression = "zstd";
|
||||||
|
compressionLevel = 9;
|
||||||
|
location = "/backup/db/postgresql";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.restic.backups.${config.networking.hostName} = {
|
||||||
|
extraBackupArgs = [
|
||||||
|
"--limit-upload=1024"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
||||||
113
machines/biotite/services/synapse.nix
Normal file
113
machines/biotite/services/synapse.nix
Normal file
|
|
@ -0,0 +1,113 @@
|
||||||
|
{ config, pkgs, ... }:
|
||||||
|
let
|
||||||
|
port-synapse = 6823;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
sops.secrets."synapse/oidc_client_secret" = {
|
||||||
|
owner = "matrix-synapse";
|
||||||
|
};
|
||||||
|
|
||||||
|
nixpkgs.config.permittedInsecurePackages = [
|
||||||
|
"olm-3.2.16"
|
||||||
|
];
|
||||||
|
|
||||||
|
services.postgresql = {
|
||||||
|
# Not using ensure here because LC_COLLATE and LC_CTYPE must be provided
|
||||||
|
# at db creation
|
||||||
|
initialScript = pkgs.writeText "synapse-init.sql" ''
|
||||||
|
CREATE ROLE "matrix-synapse" WITH LOGIN PASSWORD 'synapse';
|
||||||
|
CREATE DATABASE "matrix-synapse" WITH OWNER "matrix-synapse"
|
||||||
|
TEMPLATE template0
|
||||||
|
LC_COLLATE = "C"
|
||||||
|
LC_CTYPE = "C";
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
services.matrix-synapse = {
|
||||||
|
enable = true;
|
||||||
|
settings = {
|
||||||
|
server_name = "xiny.li";
|
||||||
|
public_baseurl = "https://synapse.xiny.li";
|
||||||
|
database = {
|
||||||
|
name = "psycopg2";
|
||||||
|
args = {
|
||||||
|
user = "matrix-synapse";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
listeners = [
|
||||||
|
{
|
||||||
|
bind_addresses = [
|
||||||
|
"127.0.0.1"
|
||||||
|
];
|
||||||
|
port = port-synapse;
|
||||||
|
resources = [
|
||||||
|
{
|
||||||
|
compress = true;
|
||||||
|
names = [
|
||||||
|
"client"
|
||||||
|
"federation"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
tls = false;
|
||||||
|
type = "http";
|
||||||
|
x_forwarded = true;
|
||||||
|
}
|
||||||
|
];
|
||||||
|
experimental_features = {
|
||||||
|
# Room summary api
|
||||||
|
msc3266_enabled = true;
|
||||||
|
# Removing account data
|
||||||
|
msc3391_enabled = true;
|
||||||
|
# Thread notifications
|
||||||
|
msc3773_enabled = true;
|
||||||
|
# Remotely toggle push notifications for another client
|
||||||
|
msc3881_enabled = true;
|
||||||
|
# Remotely silence local notifications
|
||||||
|
msc3890_enabled = true;
|
||||||
|
# Remove legacy mentions
|
||||||
|
msc4210_enabled = true;
|
||||||
|
};
|
||||||
|
oidc_providers = [
|
||||||
|
{
|
||||||
|
idp_id = "Kanidm";
|
||||||
|
idp_name = "auth.xinyang.life";
|
||||||
|
issuer = "https://auth.xinyang.life/oauth2/openid/synapse";
|
||||||
|
authorization_endpoint = "https://auth.xinyang.life/ui/oauth2";
|
||||||
|
token_endpoint = "https://auth.xinyang.life/oauth2/token";
|
||||||
|
userinfo_endpoint = "https://auth.xinyang.life/oauth2/openid/synapse/userinfo";
|
||||||
|
client_id = "synapse";
|
||||||
|
client_secret_path = config.sops.secrets."synapse/oidc_client_secret".path;
|
||||||
|
scopes = [
|
||||||
|
"openid"
|
||||||
|
"profile"
|
||||||
|
];
|
||||||
|
allow_existing_users = true;
|
||||||
|
backchannel_logout_enabled = true;
|
||||||
|
user_mapping_provider.config = {
|
||||||
|
confirm_localpart = true;
|
||||||
|
localpart_template = "{{ user.preferred_username }}";
|
||||||
|
display_name_template = "{{ user.name }}";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.caddy = {
|
||||||
|
virtualHosts."https://xiny.li".extraConfig = ''
|
||||||
|
header /.well-known/matrix/* Content-Type application/json
|
||||||
|
header /.well-known/matrix/* Access-Control-Allow-Origin *
|
||||||
|
respond /.well-known/matrix/server `{"m.server":"synapse.xiny.li:443"}`
|
||||||
|
respond /.well-known/matrix/client `{"m.homeserver":{"base_url":"https://synapse.xiny.li/"}}`
|
||||||
|
'';
|
||||||
|
virtualHosts."https://synapse.xiny.li".extraConfig = ''
|
||||||
|
reverse_proxy /_matrix/* 127.0.0.1:${toString port-synapse}
|
||||||
|
reverse_proxy /_synapse/client/* 127.0.0.1:${toString port-synapse}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [
|
||||||
|
443
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
@ -78,6 +78,7 @@ in
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
programs.vim.enable = true;
|
||||||
programs.vim.defaultEditor = true;
|
programs.vim.defaultEditor = true;
|
||||||
|
|
||||||
# Keep this even if enabled in home manager
|
# Keep this even if enabled in home manager
|
||||||
|
|
@ -307,13 +308,7 @@ in
|
||||||
bitwarden
|
bitwarden
|
||||||
|
|
||||||
# Browser
|
# Browser
|
||||||
(chromium.override {
|
chromium
|
||||||
commandLineArgs = [
|
|
||||||
"--ozone-platform-hint=auto"
|
|
||||||
"--enable-wayland-ime"
|
|
||||||
];
|
|
||||||
})
|
|
||||||
brave
|
|
||||||
|
|
||||||
# Writting
|
# Writting
|
||||||
zotero
|
zotero
|
||||||
|
|
@ -379,15 +374,12 @@ in
|
||||||
# Fonts
|
# Fonts
|
||||||
fonts = {
|
fonts = {
|
||||||
packages = with pkgs; [
|
packages = with pkgs; [
|
||||||
(nerdfonts.override {
|
nerd-fonts.ubuntu-sans
|
||||||
fonts = [
|
nerd-fonts.ubuntu
|
||||||
"FiraCode"
|
nerd-fonts.fira-code
|
||||||
"FiraMono"
|
nerd-fonts.fira-mono
|
||||||
"JetBrainsMono"
|
nerd-fonts.jetbrains-mono
|
||||||
"RobotoMono"
|
nerd-fonts.roboto-mono
|
||||||
"Ubuntu"
|
|
||||||
];
|
|
||||||
})
|
|
||||||
noto-fonts
|
noto-fonts
|
||||||
noto-fonts-emoji
|
noto-fonts-emoji
|
||||||
liberation_ttf
|
liberation_ttf
|
||||||
|
|
|
||||||
|
|
@ -45,6 +45,9 @@
|
||||||
miniflux-users = {
|
miniflux-users = {
|
||||||
members = [ "xin" ];
|
members = [ "xin" ];
|
||||||
};
|
};
|
||||||
|
synapse-users = {
|
||||||
|
members = [ "xin" ];
|
||||||
|
};
|
||||||
idm_people_self_mail_write = {
|
idm_people_self_mail_write = {
|
||||||
members = [ ];
|
members = [ ];
|
||||||
};
|
};
|
||||||
|
|
@ -211,6 +214,17 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
synapse = {
|
||||||
|
displayName = "Synapse";
|
||||||
|
originUrl = "https://synapse.xiny.li/_synapse/client/oidc/callback";
|
||||||
|
originLanding = "https://synapse.xiny.li/";
|
||||||
|
scopeMaps = {
|
||||||
|
synapse-users = [
|
||||||
|
"openid"
|
||||||
|
"profile"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -10,74 +10,83 @@ sops:
|
||||||
- recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c
|
- recipient: age1uw059wcwfvd9xuj0hpqzqpeg7qemecspjrsatg37wc7rs2pumfdsgken0c
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwMHB1bFQ3dWJIU3NiOVVP
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5SjAzOEozUzh1bzVvaHgr
|
||||||
Yi9LZE1PTVdMY1BqS1JHV3VPLzZIY0hGK0NZClNlclVXKzBvNTBrTlhiR0VsaVoz
|
T2xsVUszTHVSdWIyM3B5TFhtUEFMeVZlYzNrCk5IOWFNbTErbTVkQnNlVllMZWlV
|
||||||
RlVLNVBEVDgzSXB5ZGxDd3hqNDh2V2MKLS0tIEhBZHFUY3c2VXJBVEVKamZ6TzBa
|
Q2lHZXRIdzBiRFRSZnNUVWd2NXVXVGcKLS0tIERhcjh3VVlqSGxHUHpnc1JzVksv
|
||||||
MlFsNnVEV0xCdlJoRnBhUHF2MmswUEUKNYD9zssGBy9SaKeOMvTz71B6KMPW87cM
|
VXpQVVVCUC9xR3crWm9rTk13LzVhK1EKwiuvwx3ZhcDE+9w7/dR4PrZSSoJMvklT
|
||||||
tFJzgnQceEQF658lVa5cCzG1gzraCgBtQU15XzC7e8zWI9CHquRRlQ==
|
m7I32dMRk0o9zcl5KYU5L9Hwb+z+EBE34raoGKBF5K4aQcbZQUX3Cw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1ytwfqfeez3dqtazyjltn7mznccwx3ua8djhned7n8mxqhw4p6e5s97skfa
|
- recipient: age1ytwfqfeez3dqtazyjltn7mznccwx3ua8djhned7n8mxqhw4p6e5s97skfa
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTTnZLTlZQRzc1enVEa1BN
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5R1ZIRlN2b3M2OUQ0T2cw
|
||||||
SHdoSi9oOXk4UTV0SlRZS2tLS2FFL3VjNzNNClVWTTNKekF6T0RTUzdEeWhLbHoz
|
eE5DTm9KY1NUY1p5eDhLNG4xMDVkVjRyWDNRClp3MTRWeGJMYTczcC9YQTNZdkxx
|
||||||
WFZKaHJEaVBWa04zRWRiVnJZRjU0YVEKLS0tIFJVL0FEemowS3V6MmsxbWJMU2I1
|
ejJ3QnhjcUcyUldUNEVqVUh6Z2grd00KLS0tIDVvbDZWbmZPZVhDNHM1K1kzaE95
|
||||||
U2NnUnVKdFlRSGVzUFQ4ZFcwL0lWTlkKz1t3yqjgIdMWS/Nsy2nq3oCjOhGDP+UT
|
aHJqSU16dlJiRGl0VWNMVXVYMmhPb2MKMboq9ShGIJMFVENgLPlQdwdtTOjVb0CC
|
||||||
L+LAuFExJPV0qlsOG/kCGB/WtCJfnBvcp6vPDBLqjK8NllIX/iPI5g==
|
4ttM3xWnYkf8416a0OYFrda5l1kfJJzQakbk/tbGcTu1yTcd+6lOtA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age17r3fxfmt6hgwe984w4lds9u0cnkf5ttq8hnqt800ayfmx7t8t5gqjddyml
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVby8wYS9pa0szTlVUS3FI
|
||||||
|
VWhjaCtyUzNLbkw2VXRlWkVMZlRkeXJMZGlRCnBTWklnZ0Uzd2lTMGt1M2wxZ0px
|
||||||
|
NFl2RW5hSUZVdHI0aVFRMHJtMFQ3ODAKLS0tIFlYOHVRYVFGbkcvUWRmQitQQnI5
|
||||||
|
bG5vemMvcWdpOEtxNGRpS0doQmtuUFkK8Hxl//kOtbEw3jf96ZZ4G1Yb94f4Jeb4
|
||||||
|
TfPs7O/ESJY8ovNsoXRQEt99vOR5D1wBzyZBY9E3f2ZzY/uBmup0cw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1jle2auermhswqtehww9gqada8car5aczrx43ztzqf9wtcld0sfmqzaecta
|
- recipient: age1jle2auermhswqtehww9gqada8car5aczrx43ztzqf9wtcld0sfmqzaecta
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBETWpkcjhINktqeGxjdWxz
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPSmRYMkNIdERJZVBxV1p1
|
||||||
UTVVNC9kalorcVJOdHpJSkZJNXlGUHZ2VUdrCjRCclBTZnJEZ3JGOVpqS1Y0b0dt
|
emlqOTBpN3l2WXkzNjRRcFI5NUZDZnQ1WXdnCkRVbm8xais5aGVCTmtSTGxaTXlT
|
||||||
eldFMS91WUc2Y1FnWWZoN0grc01pT0UKLS0tIC96TjlEaVBGRkZhZ0hac2lmbEdI
|
L2ZWQ0p5WFZNRWl5SWVkRUYwc2R3b1UKLS0tIEZEck4yMmJUQWVvNHRJQnpCQTBo
|
||||||
eHMzTFhsQ0FqY05uUEZSbExCcmdscEkKdxITlc0V5ayq+9fmj77SnEMFxKJhOOta
|
cDJsaG83MTdXWVd2NUpLczhjWTBBZVUK5BxBIYVqkqVLw9LTbnJ8SQWN2i4USdI8
|
||||||
RfJhOQUv8g3nCN+SsuaOy0TitUCiDWh5XoB0DufEQPcS/kzGZN1Inw==
|
8m/hZFXTJ4GI0f795DEmbcZq9xET14aQqta0wSASqwP/5Ld1mo0a0w==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age12ng08vjx5jde5ncqutwkd5vm4ygfwy33mzhzwe0lkxzglulgpqusc89r96
|
- recipient: age12ng08vjx5jde5ncqutwkd5vm4ygfwy33mzhzwe0lkxzglulgpqusc89r96
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBydlQ4S1duQU53Wk1nd21K
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwSkhjRTdBWklZUEpUanM0
|
||||||
d2RqM1F0VDFJVXB2aGRTZ2hxczI2V1lndVdrCjArVlE2N0RGZ0htUEZYdVlQMlU5
|
Wjl4b2c3K0g0ZUxxMlRrUFhhZzhNRXhPVnpvCmpNWVBNTXNYczV3aWhCd05FOGJ0
|
||||||
SWIwWHVCaWxaQTJMNzg3WC8xRS9IYzgKLS0tIDRvSS8ybVlrSy9zYjQ2NXBaMlZk
|
YlNobFhWdStGbDRZV2NlUWV6ZFRVNEkKLS0tIGd1RUR4K21GOEQ0aWtqRi9RREpE
|
||||||
Ulg4cUFBejRoS3VEWkRaZEUxMExUeWMKNeq6TN1gaBNU9vAitGttcU+8HmFQipdm
|
RXBXcXFYUDVXVzN4Q25zSklFU21wbFkKQuTHkgFC5HRPO7/PuVhJzbbHOTPaFXvN
|
||||||
LPwo4/toyf27emb4KGs0AV0Dm4Sxj9S3Xvrv1B+qvhfT638/RIUm2w==
|
+Y31AK3OAVdUETMEuJ2mk50Bi5BiiUeOnnv1bZ6O+iX0o20ysUseTg==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1v5h946jfke6ae8pcgz52mhj26cacqcpl9dmmrrkf37x55rnq2v3szqctvv
|
- recipient: age1v5h946jfke6ae8pcgz52mhj26cacqcpl9dmmrrkf37x55rnq2v3szqctvv
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB4YXpyOXE3MFovWEQvMVRr
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBnc3NOZFRYT1VnaVZSaTRi
|
||||||
TGVST3U0N2dCVDJGT1A3eUtlRis3bFEvTHlFClZHQ2xRWklMMCtER01QNEVHaVYr
|
WnluSEk4d1U5TWx2REZRZ3VCRVp2ZzlKY0NvCjNlUnIwdWVqSnlQOWp1dlJ5THlW
|
||||||
MC94V3R4MVdNdUU3eXQ2RGFFVGo4VFEKLS0tIDQ4b2ZuMy9URUswWUZqNHlxandU
|
c2xTNHhnaE94a2ZTeXJjQTVxeGRLTmsKLS0tIFV4c2NZK1ZnL2xtUlVvSksxNi9o
|
||||||
OFducVVzdGZGY0tnbFFBZDdjVzVkaUEKN8qAbbrd4pAHRGIN8O64fl7bQ6hx6Isr
|
L3dodkJXVjZrekVldTVsRFRxSFlrTmMKiokjgIRIsI8D2aFP/Qem4iGzC4yr5lm2
|
||||||
Qx0xKeuhJCVXgtE8xc7xmnEhqrcONlflJ/XUnYV9jOkB71zSBJxruA==
|
ZwggC/UfD56ysTEqrVaDnR7f5fSqZLWdstPJn7I/vr5CwKRMbMPYSA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1p2dlc8gfgyrvtta6mty2pezjycn244gmvh456qd3wvkfwesp253qnwyta9
|
- recipient: age1p2dlc8gfgyrvtta6mty2pezjycn244gmvh456qd3wvkfwesp253qnwyta9
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzczdPMDdWU1ZtckJRQm5j
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBpN0llOTBJU1pNNVFxVWxt
|
||||||
UWJub0Yzd3NzOEh4YWdId01nYWI1YVY3dng0ClpEYXBJV2cvWEdjdXcwUFI3Y0NG
|
aFdKdStKL1ZlZ0p6WFRQbHpGNnpmdlJXdG1FCkx5eDhZWWJvQ2xSWEJqWnZ6NmNt
|
||||||
MDgvTmNZOXRQQndyVmRHamNRbzVaVU0KLS0tIGFKVTI4TkE2UjhDUSsxQTlNQ0Vk
|
Y0MzNDg5QzVSbEZteW1LNlFyRFg5Q0EKLS0tIDBrT0dEZlBoTExYcGRNZjZ5Znpz
|
||||||
QmFMNnlqbnhScC90T012K1QxRnRUOHcKAV7NxUn0CMcjKwK8zrocoLO1P9jc22uG
|
cnE4YWRTMmRsTENhOTl5R2dYSzQwazAKvnTvZz842Mg5AVlIoYHI2BG+0/hO5zIv
|
||||||
eG+vdJ6xzA99UX51aPxQOeEJgdFPEd3y1QJszQmRzThvid7y4lv0Cw==
|
jRVJri98fgGterXADTPmeoY3p+fFQggTPhs/5s5GSQxd5aiX8vvvrA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age18u4mqrhqkrpcytxfxfex6aeap04u38emhy6u4wrp5k62sz2vae4qm5jj7s
|
- recipient: age18u4mqrhqkrpcytxfxfex6aeap04u38emhy6u4wrp5k62sz2vae4qm5jj7s
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsVmpzenRvWE5EK2wzRFkx
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPQWljdGg4VTlDdGhoblpk
|
||||||
SERZV0s1Rkt0ZnZ1U3JQSFNhdGVvaWhWcTA4CjVxK0Z0MHI0ZnMrUS9YYWhTTG1z
|
LytxK2FnQVI1dzB2bnFaWUtoUVNGS3lpU3prCnRwUTNnZVVXTnZ6eCtScTk5YzI3
|
||||||
L2lVS1Q2UkVQd2x5b1E1eWpQVGp2ZHMKLS0tIHNLOGhTYjkzWkFEM05wYkRZeXFQ
|
TGM2MmNhaHQ3NXAzMk0rcnJoTlp5STQKLS0tIEp2U3YvUUhXTkt3VFczY3J1LzMv
|
||||||
SXNTSGZZSFE2bFhybXdIc1FUb1ZBd0kKkYzflPRk6GrE6t9oVGOzc8xcyZDxiIw8
|
ZzM0VHpqamRIZVROS2lQdXFhQTNBekEKEySldC+VvZvPY398ZVkB5s73bT3QbuLh
|
||||||
9SVXIgV0WVpY4lnFKYKH2i4+1sIm6tKOpizlQxTg5VgmmrTtfazWAA==
|
IqTv+wbkbjlvZJUavVyycY5SwMXkSX3ge9W/64mt/RDs88gSXFS+Sw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
- recipient: age1fw2sqaa5s9c8ml6ncsexkj8ar4288387ju92ytjys4awf9aw6smqqz94dh
|
- recipient: age1fw2sqaa5s9c8ml6ncsexkj8ar4288387ju92ytjys4awf9aw6smqqz94dh
|
||||||
enc: |
|
enc: |
|
||||||
-----BEGIN AGE ENCRYPTED FILE-----
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0NHpkOTFHaXRhVGNua0dV
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4bGppem15NlVod2hCRkM5
|
||||||
alRieWJ6WG5ZNzlvcTR2aTVUeWFBVGVVUUNZCnY2VUZUOWVlNGY1ZldyVGE2bkpi
|
MzY1aUZOdEVzRzdEYTRNakdMQWJlRkk0eEZzClRLSnRrQUoreU5MVG40KzRKSGcw
|
||||||
VXVtQ3IyK0kyV1cyMU5nN1lYaW1oOUkKLS0tIFRVRGFCNWlGendSVEhHY0w0QTl6
|
bUU4ZnpLU0VtOWxXVllrSW5lN0NWb0kKLS0tIE1iemRlVVpieEhxRnlIb2dFUHZr
|
||||||
emJEQkQ3QlU0TFVWaW1uQytaUndmQlEKKahqJpX8vI+PASOzzod/sFvXSkQFnJ9O
|
am04NVRtU2N6SThYZWdXVE5RZ1B2aE0KVcHvB5k2Gcu/St0P8WPFzlCtuZthZTKo
|
||||||
YmnmiFxm5WZDPLHwkgVx8FgCq9RfAad4HybhsMjYPKXJ/fNa/WVZRA==
|
hwVc0lC6Xxt25hriaUFinwnyvcjxrLCx0Nq7f9Zn16nJcza5kev1nQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-11-30T06:31:42Z"
|
lastmodified: "2024-11-30T06:31:42Z"
|
||||||
mac: ENC[AES256_GCM,data:xh8x9IrQ01ZzdcCTIfBrifIGduMYVmSSP52BkTyr/bx7AgQAz2WeA7LFrccxIayCGHrQKfMQDLUKJ/EBamG/6p8AX6QqZBTfqFD688ZhmRfxgpj7fYR9jPYnhb/9XHI9R2jTaJWwrorXvu3pa+Gy/hWB3Kb+WZc3fslmIuKuLH0=,iv:GDrHSFZxPbpACdusVDPHXEjeEusYfk53N/KGHtdvrYo=,tag:ap38sCSTZVDQ0ZazXM3vlg==,type:str]
|
mac: ENC[AES256_GCM,data:xh8x9IrQ01ZzdcCTIfBrifIGduMYVmSSP52BkTyr/bx7AgQAz2WeA7LFrccxIayCGHrQKfMQDLUKJ/EBamG/6p8AX6QqZBTfqFD688ZhmRfxgpj7fYR9jPYnhb/9XHI9R2jTaJWwrorXvu3pa+Gy/hWB3Kb+WZc3fslmIuKuLH0=,iv:GDrHSFZxPbpACdusVDPHXEjeEusYfk53N/KGHtdvrYo=,tag:ap38sCSTZVDQ0ZazXM3vlg==,type:str]
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@
|
||||||
imports = [
|
imports = [
|
||||||
./hardware-configurations.nix
|
./hardware-configurations.nix
|
||||||
./monitoring.nix
|
./monitoring.nix
|
||||||
|
./restic.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
|
|
|
||||||
|
|
@ -14,7 +14,19 @@ with my-lib;
|
||||||
|
|
||||||
custom.monitoring = {
|
custom.monitoring = {
|
||||||
grafana.enable = true;
|
grafana.enable = true;
|
||||||
loki.enable = true;
|
loki = {
|
||||||
|
enable = true;
|
||||||
|
rules = {
|
||||||
|
sshd_closed = {
|
||||||
|
condition = ''count_over_time({unit="sshd.service"} |~ "Connection closed by authenticating user" [15m]) > 25'';
|
||||||
|
description = "More then 25 users have tried logging in the last 15 min without success";
|
||||||
|
};
|
||||||
|
unusual_log_volume = {
|
||||||
|
condition = ''sum by (unit) (rate({unit=~".+"}[5m])) > 80'';
|
||||||
|
description = "Unit {{ $labels.unit }} is logging at an unusually high rate";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
promtail.enable = true;
|
promtail.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
@ -30,7 +42,10 @@ with my-lib;
|
||||||
blackbox.enable = true;
|
blackbox.enable = true;
|
||||||
node.enable = true;
|
node.enable = true;
|
||||||
};
|
};
|
||||||
ruleModules = (mkCaddyRules [ { host = "thorite"; } ]) ++ (mkNodeRules [ { host = "thorite"; } ]);
|
ruleModules =
|
||||||
|
(mkCaddyRules [ { host = "thorite"; } ])
|
||||||
|
++ (mkNodeRules [ { host = "thorite"; } ])
|
||||||
|
++ (mkBlackboxRules [ { host = "thorite"; } ]);
|
||||||
};
|
};
|
||||||
|
|
||||||
services.prometheus.scrapeConfigs =
|
services.prometheus.scrapeConfigs =
|
||||||
|
|
@ -39,8 +54,6 @@ with my-lib;
|
||||||
"la-00.video.namely.icu:8080"
|
"la-00.video.namely.icu:8080"
|
||||||
"fre-00.video.namely.icu:8080"
|
"fre-00.video.namely.icu:8080"
|
||||||
"hk-00.video.namely.icu:8080"
|
"hk-00.video.namely.icu:8080"
|
||||||
"49.13.13.122:443"
|
|
||||||
"45.142.178.32:22"
|
|
||||||
"home.xinyang.life:8000"
|
"home.xinyang.life:8000"
|
||||||
];
|
];
|
||||||
passwordFile = config.sops.secrets."prometheus/metrics_password".path;
|
passwordFile = config.sops.secrets."prometheus/metrics_password".path;
|
||||||
|
|
@ -52,6 +65,11 @@ with my-lib;
|
||||||
address = "weilite.coho-tet.ts.net";
|
address = "weilite.coho-tet.ts.net";
|
||||||
port = 8082;
|
port = 8082;
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
name = "restic_rest_server";
|
||||||
|
address = "backup.xinyang.life";
|
||||||
|
port = 8443;
|
||||||
|
}
|
||||||
{
|
{
|
||||||
inherit passwordFile;
|
inherit passwordFile;
|
||||||
name = "gotosocial";
|
name = "gotosocial";
|
||||||
|
|
@ -70,6 +88,12 @@ with my-lib;
|
||||||
name = "grafana-eu";
|
name = "grafana-eu";
|
||||||
address = "grafana.xinyang.life";
|
address = "grafana.xinyang.life";
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
name = "loki";
|
||||||
|
scheme = "http";
|
||||||
|
address = "thorite.coho-tet.ts.net";
|
||||||
|
port = 3100;
|
||||||
|
}
|
||||||
])
|
])
|
||||||
++ (mkCaddyScrapes [
|
++ (mkCaddyScrapes [
|
||||||
{ address = "thorite.coho-tet.ts.net"; }
|
{ address = "thorite.coho-tet.ts.net"; }
|
||||||
|
|
@ -85,11 +109,11 @@ with my-lib;
|
||||||
++ (mkBlackboxScrapes [
|
++ (mkBlackboxScrapes [
|
||||||
{
|
{
|
||||||
hostAddress = "thorite.coho-tet.ts.net";
|
hostAddress = "thorite.coho-tet.ts.net";
|
||||||
targetAddresses = probeList;
|
targetAddresses = probeList ++ [ "49.13.13.122:22" ];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
hostAddress = "massicot.coho-tet.ts.net";
|
hostAddress = "massicot.coho-tet.ts.net";
|
||||||
targetAddresses = probeList;
|
targetAddresses = probeList ++ [ "45.142.178.32:22" ];
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
hostAddress = "weilite.coho-tet.ts.net";
|
hostAddress = "weilite.coho-tet.ts.net";
|
||||||
|
|
|
||||||
51
machines/thorite/restic.nix
Normal file
51
machines/thorite/restic.nix
Normal file
|
|
@ -0,0 +1,51 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
pkgs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
sqliteBackup = fromPath: toPath: file: ''
|
||||||
|
mkdir -p ${toPath}
|
||||||
|
${lib.getExe pkgs.sqlite} ${fromPath} ".backup '${toPath}/${file}'"
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
{
|
||||||
|
sops.secrets = {
|
||||||
|
"restic/repo_url" = { };
|
||||||
|
"restic/repo_password" = { };
|
||||||
|
};
|
||||||
|
|
||||||
|
custom.restic = {
|
||||||
|
enable = true;
|
||||||
|
paths = [
|
||||||
|
"/backup/db"
|
||||||
|
"/backup/var/lib"
|
||||||
|
];
|
||||||
|
backupPrepareCommand = [
|
||||||
|
''
|
||||||
|
mkdir -p /backup/var
|
||||||
|
${pkgs.btrfs-progs}/bin/btrfs subvolume snapshot -r /var/lib /backup/var/lib
|
||||||
|
''
|
||||||
|
];
|
||||||
|
backupCleanupCommand = [
|
||||||
|
''
|
||||||
|
${pkgs.btrfs-progs}/bin/btrfs subvolume delete /backup/var/lib
|
||||||
|
''
|
||||||
|
];
|
||||||
|
btrfsRoots = [ ];
|
||||||
|
};
|
||||||
|
|
||||||
|
services.postgresqlBackup = {
|
||||||
|
enable = true;
|
||||||
|
compression = "zstd";
|
||||||
|
compressionLevel = 9;
|
||||||
|
location = "/backup/db/postgresql";
|
||||||
|
};
|
||||||
|
|
||||||
|
services.restic.backups.${config.networking.hostName} = {
|
||||||
|
extraBackupArgs = [
|
||||||
|
"--limit-upload=1024"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
@ -1,5 +1,8 @@
|
||||||
grafana:
|
grafana:
|
||||||
oauth_secret: ENC[AES256_GCM,data:angZR3sl8vGcbAXyKFBvCSm+YhF5OooCcxRiSxR2zBoXMz5wv5/uMJFynwOTRVI6,iv:hVpOlM89lNbK6AsGf4Is/tLv3xPfg/XdtA8vuEK52L8=,tag:zCER+IdRnTcG2WHQ/AhxZA==,type:str]
|
oauth_secret: ENC[AES256_GCM,data:angZR3sl8vGcbAXyKFBvCSm+YhF5OooCcxRiSxR2zBoXMz5wv5/uMJFynwOTRVI6,iv:hVpOlM89lNbK6AsGf4Is/tLv3xPfg/XdtA8vuEK52L8=,tag:zCER+IdRnTcG2WHQ/AhxZA==,type:str]
|
||||||
|
restic:
|
||||||
|
repo_url: ENC[AES256_GCM,data:tc7wYRN20sHxATTZYEBpf6tNafzq9vcvqdUHYJDmJIArxprNd6WiyqPXowzbksZcEi5JwSwwJH/MYminnPGtrR8erWZg8OB3,iv:/z7mF58tMAviscFWHd4NJw7UZlq7Bzz+LU88J+kE9qg=,tag:i97FP4SmmNXOuxylkHhYCA==,type:str]
|
||||||
|
repo_password: ENC[AES256_GCM,data:o3MbXJRwR5UE9uCELN2ejQ==,iv:cYPNjJAV7H2BNCuFLDJoJvPk+CFvagXJwW9LRAGc0G0=,tag:qF6Di2W+8kESCRAphC/c0g==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
|
@ -24,8 +27,8 @@ sops:
|
||||||
M2pqMUJoMGlBZnpBaVBUTFFRZUMzb2sKrlWy26Cv55/8XQEl9hee8P29uj582sIx
|
M2pqMUJoMGlBZnpBaVBUTFFRZUMzb2sKrlWy26Cv55/8XQEl9hee8P29uj582sIx
|
||||||
mUjaYE0U2qOP9bklXUQyyzQjfkBLWTLc1PTX9BjqOOsqXwkRQIYppA==
|
mUjaYE0U2qOP9bklXUQyyzQjfkBLWTLc1PTX9BjqOOsqXwkRQIYppA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-11-28T17:02:03Z"
|
lastmodified: "2024-12-03T08:18:54Z"
|
||||||
mac: ENC[AES256_GCM,data:14FOUXuKP+8+sad1UlhBW37fWzmutpyn6d4q2qKtBiOyT5ivHunFHJfHrtX83X2fLDmUfiD42bXf+rYfdtKzVUmQ6vutCUQk+Hal8NElhjcq5Ns5kT4VZRKG7/ya9+eNEEkajtq/7OFEM5KOQKTKjyOBqBq/AdYQ+ni9r45c1sM=,iv:WrdWSfrZrGalZO4WGk3JpgACY7W0odt3vP+pRkMXHfA=,tag:jeRBfR2QYjLBylOLHxU3hQ==,type:str]
|
mac: ENC[AES256_GCM,data:jqSt34avoMfL9g3LmvjrPTzW4xGLgX70CXI8qk4isaLbZ8FkxjVU8QY1ot9GZnFEQWUkReSuGD4gFxi8TjetlNdx0zDPcv6zGJUSfcYpyKDCqGdyL/2x8xnYtI2pWINBZxR/2XxT3cus39FJdXVcz3l7KX4DvYvm8t/D9+r4ef0=,iv:KY/OTbDOOD/bBDTIuIk1ck7wDxLogo2EKeSOfOe4j5o=,tag:B17iF5O32KDZfctubpXCng==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.1
|
version: 3.9.1
|
||||||
|
|
|
||||||
|
|
@ -56,6 +56,9 @@
|
||||||
owner = "immich";
|
owner = "immich";
|
||||||
mode = "400";
|
mode = "400";
|
||||||
};
|
};
|
||||||
|
"restic/localpass" = {
|
||||||
|
owner = "restic";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,8 @@ cloudflare_dns_token: ENC[AES256_GCM,data:m4euSkxxJmiMk9UPyeni/hwpl1W9A4MM0ssg71
|
||||||
dnspod_dns_token: ENC[AES256_GCM,data:uZfr3g103amywxh3NMU+AkwuYb61svzyavvQ4rxJijIMIbfPvERrVNcyivoOrFWYXHpPWkhZFdU=,iv:mArVAcebW9i+u26GmQmfmJTsFkR4ZRMIisTqjpMYan8=,tag:Zsmv1Wzfi3+PHigjReToHQ==,type:str]
|
dnspod_dns_token: ENC[AES256_GCM,data:uZfr3g103amywxh3NMU+AkwuYb61svzyavvQ4rxJijIMIbfPvERrVNcyivoOrFWYXHpPWkhZFdU=,iv:mArVAcebW9i+u26GmQmfmJTsFkR4ZRMIisTqjpMYan8=,tag:Zsmv1Wzfi3+PHigjReToHQ==,type:str]
|
||||||
immich:
|
immich:
|
||||||
oauth_client_secret: ENC[AES256_GCM,data:EFs2hPjGMj0idwY3oQVIDTOIWkdwoAoAVjDQE9Z2eAKzUDH3grmYpYE+33V8d/Ux,iv:A9cjwFr/ZqltG62/N8MQ1LhdDbSIVVAqIPVB492zYJw=,tag:VTTtE697BZTVsI32UF53/w==,type:str]
|
oauth_client_secret: ENC[AES256_GCM,data:EFs2hPjGMj0idwY3oQVIDTOIWkdwoAoAVjDQE9Z2eAKzUDH3grmYpYE+33V8d/Ux,iv:A9cjwFr/ZqltG62/N8MQ1LhdDbSIVVAqIPVB492zYJw=,tag:VTTtE697BZTVsI32UF53/w==,type:str]
|
||||||
|
restic:
|
||||||
|
localpass: ENC[AES256_GCM,data:GIQAmkpDmGu4+sSG5/b5yQ==,iv:dcu6F8NnVjeQzEG2vM3fOV5owI0PWc86ts20UP3vN18=,tag:vsG8x062FG1pH5YNcAajeg==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
|
@ -26,8 +28,8 @@ sops:
|
||||||
V0thRjU4WGpQRGFpcnoxSjZTZHhTTkUKzNMHh9p7GUY3hL5XZ9S4x20CwaItsXFV
|
V0thRjU4WGpQRGFpcnoxSjZTZHhTTkUKzNMHh9p7GUY3hL5XZ9S4x20CwaItsXFV
|
||||||
RKujsFVVBd8Kuq/jyOCBTRCscuHI4LW/wYeZYHFEZFSTK2liAqspgw==
|
RKujsFVVBd8Kuq/jyOCBTRCscuHI4LW/wYeZYHFEZFSTK2liAqspgw==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-09-13T12:02:54Z"
|
lastmodified: "2024-12-03T05:59:51Z"
|
||||||
mac: ENC[AES256_GCM,data:c5p+B2mPCDyS/Q4QH4MkzCww6jFDhP8RfHqrKLf4e/8XuNEGfNmPKaeliZG26j1YQWRvFHiGQX3AMnQ3Q+fSRUQCVi5KV+KW7fADNIB3TiTT5hAFuynhiWWQSmIrWP0GGek3GDGi7OJ1PrFbxWP9bwaf+zBegiaUcWoTorJg7No=,iv:6MohNgPpq80eTUlf3RvPKsxdx69V0jl+/hrMxAPpPQE=,tag:BtWp1FChP2hdclbGl5W+vQ==,type:str]
|
mac: ENC[AES256_GCM,data:0dLbfkm7fJvH5Mmct0/qHulg2AtDCeeeOgWMXfeGRUaX3GlLDiLga0zW4uNPDuahVecdh6ofvYfBOxFaGUdBCHk9vq5GzrwrzBNhqObWQ3AqVuq5rjqSxEKoFM4Eb5qoqaOefFzT/9qC94NDETTsHhjiEeIgd4fgSr2dazNiFPE=,iv:Ggw0FHzkrhKh5Uzo3seHGwwHsWW/tTAgAl0iIq9PVk4=,tag:rJvUI5/wsLJ01XyKmkRghw==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.9.0
|
version: 3.9.1
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,13 @@
|
||||||
openFirewall = false;
|
openFirewall = false;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
nixpkgs.config.permittedInsecurePackages = [
|
||||||
|
"aspnetcore-runtime-6.0.36"
|
||||||
|
"aspnetcore-runtime-wrapped-6.0.36"
|
||||||
|
"dotnet-sdk-6.0.428"
|
||||||
|
"dotnet-sdk-wrapped-6.0.428"
|
||||||
|
];
|
||||||
|
|
||||||
services.sonarr = {
|
services.sonarr = {
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -35,6 +35,8 @@ in
|
||||||
services.restic.backups = builtins.listToAttrs [
|
services.restic.backups = builtins.listToAttrs [
|
||||||
(mkPrune "xin" "calcite")
|
(mkPrune "xin" "calcite")
|
||||||
(mkPrune "xin" "massicot")
|
(mkPrune "xin" "massicot")
|
||||||
|
(mkPrune "xin" "biotite")
|
||||||
|
(mkPrune "xin" "thorite")
|
||||||
];
|
];
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 8443 ];
|
networking.firewall.allowedTCPPorts = [ 8443 ];
|
||||||
|
|
|
||||||
|
|
@ -71,7 +71,7 @@ in
|
||||||
|
|
||||||
services.restic.server.prometheus = true;
|
services.restic.server.prometheus = true;
|
||||||
|
|
||||||
# miniflux
|
# miniflux
|
||||||
sops.templates."miniflux_metrics_env" = {
|
sops.templates."miniflux_metrics_env" = {
|
||||||
content = ''
|
content = ''
|
||||||
METRICS_COLLECTOR=1
|
METRICS_COLLECTOR=1
|
||||||
|
|
|
||||||
|
|
@ -1,68 +1,158 @@
|
||||||
{
|
{
|
||||||
|
pkgs,
|
||||||
config,
|
config,
|
||||||
lib,
|
lib,
|
||||||
|
my-lib,
|
||||||
...
|
...
|
||||||
}:
|
}:
|
||||||
let
|
let
|
||||||
inherit (lib)
|
inherit (lib)
|
||||||
|
mkOption
|
||||||
mkEnableOption
|
mkEnableOption
|
||||||
mkIf
|
mkIf
|
||||||
mkMerge
|
mkMerge
|
||||||
|
types
|
||||||
|
literalExpression
|
||||||
|
;
|
||||||
|
inherit (my-lib.settings)
|
||||||
|
alertmanagerPort
|
||||||
;
|
;
|
||||||
cfg = config.custom.monitoring;
|
cfg = config.custom.monitoring;
|
||||||
port-loki = 3100;
|
lokiPort = 3100;
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
custom.monitoring = {
|
custom.monitoring = {
|
||||||
loki.enable = mkEnableOption "loki";
|
loki = {
|
||||||
|
enable = mkEnableOption "loki";
|
||||||
|
rules = mkOption {
|
||||||
|
type = types.attrsOf (
|
||||||
|
types.submodule {
|
||||||
|
options = {
|
||||||
|
condition = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
Loki alert expression.
|
||||||
|
'';
|
||||||
|
example = ''count_over_time({job=~"secure"} |="sshd[" |~": Failed|: Invalid|: Connection closed by authenticating user" | __error__="" [15m]) > 15'';
|
||||||
|
default = null;
|
||||||
|
};
|
||||||
|
description = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
Loki alert message.
|
||||||
|
'';
|
||||||
|
example = "Prometheus encountered value {{ $value }} with {{ $labels }}";
|
||||||
|
default = null;
|
||||||
|
};
|
||||||
|
labels = mkOption {
|
||||||
|
type = types.nullOr (types.attrsOf types.str);
|
||||||
|
description = ''
|
||||||
|
Additional alert labels.
|
||||||
|
'';
|
||||||
|
example = literalExpression ''
|
||||||
|
{ severity = "page" };
|
||||||
|
'';
|
||||||
|
default = { };
|
||||||
|
};
|
||||||
|
time = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
description = ''
|
||||||
|
Time until the alert is fired.
|
||||||
|
'';
|
||||||
|
example = "5m";
|
||||||
|
default = "2m";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
);
|
||||||
|
description = ''
|
||||||
|
Defines the loki rules.
|
||||||
|
'';
|
||||||
|
default = { };
|
||||||
|
};
|
||||||
|
};
|
||||||
promtail.enable = mkEnableOption "promtail";
|
promtail.enable = mkEnableOption "promtail";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkMerge [
|
config = mkMerge [
|
||||||
(mkIf cfg.loki.enable {
|
(
|
||||||
services.loki = {
|
let
|
||||||
enable = true;
|
rulerConfig = {
|
||||||
configuration = {
|
groups = [
|
||||||
auth_enabled = false;
|
|
||||||
server.http_listen_address = "${config.networking.hostName}.coho-tet.ts.net";
|
|
||||||
server.http_listen_port = port-loki;
|
|
||||||
|
|
||||||
common = {
|
|
||||||
ring = {
|
|
||||||
instance_addr = "${config.networking.hostName}.coho-tet.ts.net";
|
|
||||||
kvstore.store = "inmemory";
|
|
||||||
};
|
|
||||||
replication_factor = 1;
|
|
||||||
path_prefix = "/var/lib/loki";
|
|
||||||
};
|
|
||||||
|
|
||||||
schema_config.configs = [
|
|
||||||
{
|
{
|
||||||
from = "2024-12-01";
|
name = "alerting-rules";
|
||||||
store = "boltdb-shipper";
|
rules = lib.mapAttrsToList (name: opts: {
|
||||||
object_store = "filesystem";
|
alert = name;
|
||||||
schema = "v13";
|
inherit (opts) condition labels;
|
||||||
index = {
|
for = opts.time;
|
||||||
prefix = "index_";
|
annotations.description = opts.description;
|
||||||
period = "24h";
|
}) cfg.loki.rules;
|
||||||
};
|
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
};
|
||||||
|
rulerFile = pkgs.writeText "ruler.yml" (builtins.toJSON rulerConfig);
|
||||||
|
in
|
||||||
|
mkIf cfg.loki.enable {
|
||||||
|
services.loki = {
|
||||||
|
enable = true;
|
||||||
|
configuration = {
|
||||||
|
auth_enabled = false;
|
||||||
|
server.http_listen_address = "${config.networking.hostName}.coho-tet.ts.net";
|
||||||
|
server.http_listen_port = lokiPort;
|
||||||
|
|
||||||
storage_config = {
|
common = {
|
||||||
filesystem.directory = "/var/lib/loki/chunks";
|
ring = {
|
||||||
};
|
instance_addr = "${config.networking.hostName}.coho-tet.ts.net";
|
||||||
|
kvstore.store = "inmemory";
|
||||||
|
};
|
||||||
|
replication_factor = 1;
|
||||||
|
path_prefix = "/var/lib/loki";
|
||||||
|
};
|
||||||
|
|
||||||
limits_config = {
|
schema_config.configs = [
|
||||||
reject_old_samples = true;
|
{
|
||||||
reject_old_samples_max_age = "168h";
|
from = "2024-12-01";
|
||||||
allow_structured_metadata = false;
|
store = "boltdb-shipper";
|
||||||
|
object_store = "filesystem";
|
||||||
|
schema = "v13";
|
||||||
|
index = {
|
||||||
|
prefix = "index_";
|
||||||
|
period = "24h";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
|
||||||
|
storage_config = {
|
||||||
|
filesystem.directory = "/var/lib/loki/chunks";
|
||||||
|
};
|
||||||
|
|
||||||
|
limits_config = {
|
||||||
|
reject_old_samples = true;
|
||||||
|
reject_old_samples_max_age = "168h";
|
||||||
|
allow_structured_metadata = false;
|
||||||
|
};
|
||||||
|
|
||||||
|
ruler = {
|
||||||
|
storage = {
|
||||||
|
type = "local";
|
||||||
|
local.directory = "${config.services.loki.dataDir}/ruler";
|
||||||
|
};
|
||||||
|
rule_path = "${config.services.loki.dataDir}/rules";
|
||||||
|
alertmanager_url = "http://127.0.0.1:${toString alertmanagerPort}";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
systemd.tmpfiles.rules = [
|
||||||
})
|
"d /var/lib/loki 0700 loki loki - -"
|
||||||
|
"d /var/lib/loki/ruler 0700 loki loki - -"
|
||||||
|
"d /var/lib/loki/rules 0700 loki loki - -"
|
||||||
|
"L /var/lib/loki/ruler/ruler.yml - - - - ${rulerFile}"
|
||||||
|
];
|
||||||
|
systemd.services.loki.reloadTriggers = [ rulerFile ];
|
||||||
|
}
|
||||||
|
)
|
||||||
(mkIf cfg.promtail.enable {
|
(mkIf cfg.promtail.enable {
|
||||||
services.promtail = {
|
services.promtail = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
@ -78,7 +168,7 @@ in
|
||||||
|
|
||||||
clients = [
|
clients = [
|
||||||
{
|
{
|
||||||
url = "http://thorite.coho-tet.ts.net:${toString port-loki}/loki/api/v1/push";
|
url = "http://thorite.coho-tet.ts.net:${toString lokiPort}/loki/api/v1/push";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -39,7 +39,7 @@ let
|
||||||
echo "Creating snapshot for ${rootDir}"
|
echo "Creating snapshot for ${rootDir}"
|
||||||
subvolumes=$(${pkgs.btrfs-progs}/bin/btrfs subvolume list -o "${rootDir}" | ${awk} '{print $NF}')
|
subvolumes=$(${pkgs.btrfs-progs}/bin/btrfs subvolume list -o "${rootDir}" | ${awk} '{print $NF}')
|
||||||
mkdir -p "${backupDir}"
|
mkdir -p "${backupDir}"
|
||||||
${pkgs.btrfs-progs}/bin/btrfs subvolume snapshot -r "${rootDir}" "${backupDir}/rootfs"
|
${pkgs.btrfs-progs}/bin/btrfs subvolume snapshot -r "${rootDir}" "${backupDir}/rootDirectory"
|
||||||
for subvol in $subvolumes; do
|
for subvol in $subvolumes; do
|
||||||
${continueIfInExclude}
|
${continueIfInExclude}
|
||||||
[[ /"$subvol" == "${backupDir}"* ]] && continue
|
[[ /"$subvol" == "${backupDir}"* ]] && continue
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,11 @@
|
||||||
{
|
{
|
||||||
|
mkSystemdDebug =
|
||||||
|
{ lib, pkgs }:
|
||||||
|
{
|
||||||
|
ExecStart = lib.mkForce "${pkgs.tmux}/bin/tmux -S /tmp/tmux.socket new-session -s my-session -d";
|
||||||
|
ExecStop = lib.mkForce "${pkgs.tmux}/bin/tmux -S /tmp/tmux.socket kill-session -t my-session";
|
||||||
|
Type = "forking";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
// (import ./prometheus.nix)
|
// (import ./prometheus.nix)
|
||||||
|
// (import ./settings.nix)
|
||||||
|
|
|
||||||
|
|
@ -108,22 +108,10 @@ in
|
||||||
description = "The 1-minute load average ({{ $value }}) exceeds 80% the number of CPUs.";
|
description = "The 1-minute load average ({{ $value }}) exceeds 80% the number of CPUs.";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
|
||||||
alert = "HighTransmitTraffic";
|
|
||||||
expr = "rate(node_network_transmit_bytes_total{device!=\"lo\"}[5m]) > 100000000";
|
|
||||||
for = "1m";
|
|
||||||
labels = {
|
|
||||||
severity = "warning";
|
|
||||||
};
|
|
||||||
annotations = {
|
|
||||||
summary = "High network transmit traffic on {{ $labels.instance }} ({{ $labels.device }})";
|
|
||||||
description = "The network interface {{ $labels.device }} on {{ $labels.instance }} is transmitting data at a rate exceeding 100 MB/s for the last 1 minute.";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
{
|
{
|
||||||
alert = "NetworkTrafficExceedLimit";
|
alert = "NetworkTrafficExceedLimit";
|
||||||
expr = ''increase(node_network_transmit_bytes_total{device!="lo",device!~"tailscale.*",device!~"wg.*",device!~"br.*"}[30d]) > 322122547200'';
|
expr = ''sum by(instance) (increase(node_network_transmit_bytes_total{device!="lo", device!~"tailscale.*", device!~"wg.*", device!~"br.*"}[30d])) > 322122547200'';
|
||||||
for = "0m";
|
for = "1m";
|
||||||
labels = {
|
labels = {
|
||||||
severity = "critical";
|
severity = "critical";
|
||||||
};
|
};
|
||||||
|
|
@ -131,6 +119,66 @@ in
|
||||||
summary = "Outbound network traffic exceed 300GB for last 30 day";
|
summary = "Outbound network traffic exceed 300GB for last 30 day";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
alert = "HighDiskUsage";
|
||||||
|
expr = ''(1 - node_filesystem_free_bytes{fstype!~"vfat|ramfs"} / node_filesystem_size_bytes) * 100 > 85'';
|
||||||
|
for = "5m";
|
||||||
|
labels = {
|
||||||
|
severity = "warning";
|
||||||
|
};
|
||||||
|
annotations = {
|
||||||
|
summary = "High disk usage on {{ $labels.instance }}";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
alert = "DiskWillFull";
|
||||||
|
expr = ''predict_linear(node_filesystem_free_bytes{fstype!~"vfat|ramfs"}[1h], 12 * 3600) < (node_filesystem_size_bytes * 0.05)'';
|
||||||
|
|
||||||
|
for = "3m";
|
||||||
|
labels = {
|
||||||
|
severity = "critical";
|
||||||
|
};
|
||||||
|
annotations = {
|
||||||
|
summary = "Disk usage will exceed 95% in 12 hours on {{ $labels.instance }}";
|
||||||
|
description = "Disk {{ $labels.mountpoint }} is predicted to exceed 92% usage within 12 hours at current growth rate";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
alert = "HighSwapUsage";
|
||||||
|
expr = ''(1 - (node_memory_SwapFree_bytes / node_memory_SwapTotal_bytes)) * 100 > 80'';
|
||||||
|
for = "5m";
|
||||||
|
labels = {
|
||||||
|
severity = "warning";
|
||||||
|
};
|
||||||
|
annotations = {
|
||||||
|
summary = "High swap usage on {{ $labels.instance }}";
|
||||||
|
description = "Swap usage is above 80% for 5 minutes\n Current value: {{ $value }}%";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
alert = "OOMKillDetected";
|
||||||
|
expr = ''increase(node_vmstat_oom_kill[5m]) > 0'';
|
||||||
|
for = "1m";
|
||||||
|
labels = {
|
||||||
|
severity = "critical";
|
||||||
|
};
|
||||||
|
annotations = {
|
||||||
|
summary = "OOM kill detected on {{ $labels.instance }}";
|
||||||
|
description = "Out of memory killer was triggered in the last 5 minutes";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
{
|
||||||
|
alert = "HighMemoryUsage";
|
||||||
|
expr = ''(1 - (node_memory_MemAvailable_bytes / node_memory_MemTotal_bytes)) * 100 > 90'';
|
||||||
|
for = "5m";
|
||||||
|
labels = {
|
||||||
|
severity = "warning";
|
||||||
|
};
|
||||||
|
annotations = {
|
||||||
|
summary = "High memory usage on {{ $labels.instance }}";
|
||||||
|
description = "Memory usage is above 90% for 5 minutes\n Current value: {{ $value }}%";
|
||||||
|
};
|
||||||
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
|
@ -152,6 +200,9 @@ in
|
||||||
static_configs = [
|
static_configs = [
|
||||||
{
|
{
|
||||||
targets = targetAddresses;
|
targets = targetAddresses;
|
||||||
|
labels = {
|
||||||
|
from = hostAddress;
|
||||||
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
relabel_configs = [
|
relabel_configs = [
|
||||||
|
|
@ -187,23 +238,25 @@ in
|
||||||
severity = "warning";
|
severity = "warning";
|
||||||
};
|
};
|
||||||
annotations = {
|
annotations = {
|
||||||
summary = "High request latency on {{ $labels.instance }}";
|
summary = "High request latency from {{ $labels.from }} to {{ $labels.instance }}";
|
||||||
description = "Request latency is above 0.5 seconds for the last 3 minutes.";
|
description = "Request latency is above 0.5 seconds for the last 2 minutes.";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
alert = "VeryHighProbeLatency";
|
alert = "VeryHighProbeLatency";
|
||||||
expr = "probe_duration_seconds > 1";
|
expr = "probe_duration_seconds > 2";
|
||||||
for = "3m";
|
for = "3m";
|
||||||
labels = {
|
labels = {
|
||||||
severity = "critical";
|
severity = "critical";
|
||||||
};
|
};
|
||||||
annotations = {
|
annotations = {
|
||||||
summary = "High request latency on {{ $labels.instance }}";
|
summary = "Very high request latency from {{ $labels.from }} to {{ $labels.instance }}";
|
||||||
description = "Request latency is above 0.5 seconds for the last 3 minutes.";
|
description = "Request latency is above 2 seconds for the last 2 minutes.";
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
|
||||||
|
# mkResticScrapes = mkFunction () ;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
5
overlays/my-lib/settings.nix
Normal file
5
overlays/my-lib/settings.nix
Normal file
|
|
@ -0,0 +1,5 @@
|
||||||
|
{
|
||||||
|
settings = {
|
||||||
|
alertmanagerPort = 9093;
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
Add table
Reference in a new issue