Compare commits

...

3 commits

7 changed files with 259 additions and 98 deletions

View file

@ -8,103 +8,138 @@
[
(modulesPath + "/installer/scan/not-detected.nix")
];
config = {
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/439a1beb-1443-495b-9891-012605819803";
fsType = "ext4";
};
fileSystems."/" =
{
device = "/dev/disk/by-uuid/439a1beb-1443-495b-9891-012605819803";
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/47A1-0296";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
};
fileSystems."/nas" = {
device = "/dev/disk/by-label/WD_RED_4T_1";
fsType = "ext4";
};
fileSystems."/nas/public/Music" = {
device = "/nas/Syncthing/Sync/Music";
fsType = "auto";
options = [
"defaults"
"nofail"
"nobootwait"
"bind"
];
};
fileSystems."/nas/public/Public" = {
device = "/nas/Syncthing/Sync/Public";
fsType = "auto";
options = [
"defaults"
"nofail"
"nobootwait"
"bind"
];
};
fileSystems = {
"/nas/telemetry/grafana" = lib.mkIf config.profile.services.telemetry.grafana.enable {
device = "/var/lib/grafana";
fsType = "auto";
options = [
"defaults"
"nofail"
"nobootwait"
"bind"
];
};
fileSystems."/boot" =
{
device = "/dev/disk/by-uuid/47A1-0296";
fsType = "vfat";
options = [ "fmask=0022" "dmask=0022" ];
"/nas/telemetry/loki" = lib.mkIf config.profile.services.telemetry.loki.enable {
device = "/var/lib/loki";
fsType = "auto";
options = [
"defaults"
"nofail"
"nobootwait"
"bind"
];
};
"/nas/telemetry/tempo" = lib.mkIf config.profile.services.telemetry.tempo.enable {
device = "/var/lib/tempo";
fsType = "auto";
options = [
"defaults"
"nofail"
"nobootwait"
"bind"
];
};
};
fileSystems."/nas" = {
device = "/dev/disk/by-label/WD_RED_4T_1";
fsType = "ext4";
};
fileSystems."/nas/public/Music" = {
device = "/nas/Syncthing/Sync/Music";
fsType = "auto";
options = [
"defaults"
"nofail"
"nobootwait"
"bind"
];
};
fileSystems."/nas/public/Public" = {
device = "/nas/Syncthing/Sync/Public";
fsType = "auto";
options = [
"defaults"
"nofail"
"nobootwait"
"bind"
];
};
swapDevices = [ ];
swapDevices = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
networking.defaultGateway = "192.168.100.1";
networking.interfaces.enp9s0 = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.100.3";
prefixLength = 24;
}
{
address = "192.168.100.4";
prefixLength = 24;
}
{
address = "192.168.100.5";
prefixLength = 24;
}
];
};
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
networking.defaultGateway = "192.168.100.1";
networking.interfaces.enp9s0 = {
useDHCP = false;
ipv4.addresses = [
{
address = "192.168.100.3";
prefixLength = 24;
}
{
address = "192.168.100.4";
prefixLength = 24;
}
{
address = "192.168.100.5";
prefixLength = 24;
}
];
};
services.caddy.virtualHosts."public.tigor.web.id".extraConfig = /*caddy*/ ''
file_server browse
root * /nas/public
'';
services.caddy.virtualHosts."public.tigor.web.id".extraConfig = /*caddy*/ ''
file_server browse
root * /nas/public
'';
systemd.tmpfiles.settings = {
"100-nas-public-dir" = {
"/nas/public" = {
d = {
group = config.profile.user.name;
mode = "0777";
user = config.profile.user.name;
systemd.tmpfiles.settings = {
"100-nas-public-dir" = {
"/nas/public" = {
d = {
group = config.profile.user.name;
mode = "0777";
user = config.profile.user.name;
};
};
};
};
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.enableAllFirmware = true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
intel-vaapi-driver
libvdpau-va-gl
];
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.enableAllFirmware = true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.opengl = {
enable = true;
extraPackages = with pkgs; [
intel-media-driver
intel-vaapi-driver
libvdpau-va-gl
];
};
environment.sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; }; # Force intel-media-driver
};
environment.sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; }; # Force intel-media-driver
}

View file

@ -14,18 +14,18 @@ in
}
listener {
timeout = 600
timeout = ${toString cfg.hypridle.lockTimeout}
on-timeout = "hyprlock"
}
listener {
timeout = 660
timeout = ${toString cfg.hypridle.dpmsTimeout}
on-timeout = hyprctl dispatch dpms off
on-resume = hyprctl dispatch dpms on
}
listener {
timeout = 1800
timeout = ${toString cfg.hypridle.suspendTimeout}
on-timeout = systemctl suspend
}
'';

View file

@ -1,4 +1,4 @@
{ lib, ... }:
{ lib, config, ... }:
let
types = lib.types;
in
@ -49,6 +49,24 @@ in
};
};
hypridle = {
lockTimeout = lib.mkOption {
type = lib.types.int;
default = 600;
description = ''Time in seconds before the screen locks'';
};
dpmsTimeout = lib.mkOption {
type = lib.types.int;
default = config.profile.hyprland.hypridle.lockTimeout + 60;
description = ''Time in seconds before the screen turns off. default is lockTimeout + 60'';
};
suspendTimeout = lib.mkOption {
type = lib.types.int;
default = 1800;
description = ''Time in seconds before the system suspends. default is 30 minutes (1800 seconds)'';
};
};
dunst.monitor = lib.mkOption {
type = lib.types.str;
default = "0";

View file

@ -9,6 +9,12 @@ loki:
username: ENC[AES256_GCM,data:MRwky3O8LGS/4w==,iv:CUHjGRNc8NU5FqhqvpqbATmVE3Kg9Z0jMBFlzsAwON0=,tag:uZlxw9skd0VNLfZTJ/6ZSQ==,type:str]
#ENC[AES256_GCM,data:t+u4g7nvpq2U27CHgmu1xi2Ppwv7cJf1s6Et,iv:LtwoPoxsQn1MujHRoD6SqDLm8uN4uBpuIVmn23DDgjI=,tag:PKOHF5vcQzHszpp1sfuU0Q==,type:comment]
password: ENC[AES256_GCM,data:GcQ6x8ewxInmAcQwhhwJgXMHxd/ygkscsp2vg7PILEeaOv1heBX0fTHb0sRyAfhLxwKDH84LtGb37656,iv:UEQ7dgqNEKisalpPXFffsVzn6kXDt9DmJP6ec3LOHRE=,tag:CyPPqG2Vf8eeSVzAASintQ==,type:str]
tempo:
caddy:
basic_auth:
username: ENC[AES256_GCM,data:B+8IkRh/MQ1f8g==,iv:0pmiHofPm+SvavQ1UsxOZcjdkWFuPpOs6cejTfkYH98=,tag:GiPPWqIKxhcxmnp709qyRg==,type:str]
#ENC[AES256_GCM,data:7/lgFtPiBjVhWba7cByCXNP2kmtdXTjqCEq6,iv:BAwTjTxXFy3vSxNaPRD9NsraMznrPFcjAQwtO0joOE8=,tag:7HqKeGXpGvT+Du3NoZskGQ==,type:comment]
password: ENC[AES256_GCM,data:tx/6SEqOxsStAKov6rZ83WJbO6CckvOw+tFkGSE0Co6ppSJB8CW4KiNGsUj9K6p+NjHalR1+48S32Bik,iv:MIJH6y2m3m+rks4+vwJAi6FrHqE8wv8aF30yvAHVTPM=,tag:uq/yUvoP/7KO0Z0jBEfYhw==,type:str]
sops:
kms: []
gcp_kms: []
@ -24,8 +30,8 @@ sops:
bzYzSEQrRkN6WVVmN254a2NCcUxGVFkK4aHv8tiFiNEnd7I5LB0Jd/4upkEEEXis
9A5hdTn20EqL62QuHeYRav1TRu42dp+R4iZAlVl9cRzThkzZKJdHlg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-29T05:57:46Z"
mac: ENC[AES256_GCM,data:JGrZUe8PLjlcHULvVa8Yi8ORAW5bMKOMxSGbJ2UFji9byRGu+JHaU7gdF45lrR5XKxJZLmZesWI9fRjsnlEd9WDTEroiwFo965mYFcdmbrJb37BIRO6Thy6C77GXMNcOVW2hBgcVDckNIbAk3qgvVG2QOZ5VKwxPLVQPsfWfCFs=,iv:Do05RY+cgahdv8/Nk6RIOxBA6x28GxyErrgSQRoIR80=,tag:HoqhdhZmcS3QxXGfZyxfFw==,type:str]
lastmodified: "2024-09-02T09:51:05Z"
mac: ENC[AES256_GCM,data:VsbdOVWBk49kiSS+3WXzJ209UENXkGqq4lRr0ETczp5PZAYbrUPzVlBrrqtvyxXMWZI+Q/J2vpoJmEQypyhwodtDp1NMbbiu5Nh0z5GQ1XVo6PBVUyIpCEaKkusWKzWmcWEP7HAvRzNdMEmlaRIaT07x0Ea8xLq79AeA0PZDT6A=,iv:JRIWfCZnO/9O458se670g5ei4xqXk9nEOTEV82bfGoc=,tag:LgX+9xgy5qPQ6EWhQCcFoA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -3,5 +3,6 @@
imports = [
./grafana.nix
./loki.nix
./tempo.nix
];
}

View file

@ -3,10 +3,10 @@ let
cfg = config.profile.services.telemetry.loki;
inherit (lib) mkIf;
lokiDomain = "loki.tigor.web.id";
server = config.services.loki.configuration.server;
in
{
config = mkIf cfg.enable {
sops =
let
usernameKey = "loki/caddy/basic_auth/username";
@ -36,7 +36,7 @@ in
basicauth {
{$LOKI_USERNAME} {$LOKI_PASSWORD}
}
reverse_proxy ${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}
reverse_proxy ${server.http_listen_address}:${toString server.http_listen_port}
'';
services.loki =
@ -90,17 +90,14 @@ in
{
name = "Loki";
type = "loki";
uid = "loki";
access = "proxy";
url = "http://${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}";
basicAuth = true;
basicAuthUser = "$__file{${config.sops.secrets."loki/caddy/basic_auth/username".path}}";
url = "http://${server.http_listen_address}:${toString server.http_listen_port}";
basicAuth = false;
jsonData = {
timeout = 60;
maxLines = 1000;
};
secureJsonData = {
basicAuthPassword = "$__file{${config.sops.secrets."loki/caddy/basic_auth/password".path}}";
};
}
];
};

View file

@ -0,0 +1,104 @@
{ config, lib, ... }:
let
cfg = config.profile.services.telemetry.tempo;
inherit (lib) mkIf;
domain = "tempo.tigor.web.id";
basic_auth = {
username = "tempo/caddy/basic_auth/username";
password = "tempo/caddy/basic_auth/password";
template = "tempo/caddy/basic_auth";
};
server = config.services.tempo.settings.server;
in
{
config = mkIf cfg.enable {
sops = {
secrets =
let
opts = { sopsFile = ../../../secrets/telemetry.yaml; owner = "grafana"; };
in
{
${basic_auth.username} = opts;
${basic_auth.password} = opts;
};
templates = {
${basic_auth.template}.content = /*sh*/ ''
TEMPO_USERNAME=${config.sops.placeholder.${basic_auth.username}}
TEMPO_PASSWORD=${config.sops.placeholder.${basic_auth.password}}
'';
};
};
systemd.services."caddy".serviceConfig = {
EnvironmentFile = [ config.sops.templates.${basic_auth.template}.path ];
};
services.caddy.virtualHosts.${domain}.extraConfig = ''
basicauth {
{$TEMPO_USERNAME} {$TEMPO_PASSWORD}
}
reverse_proxy ${server.http_listen_address}:${toString server.http_listen_port}
'';
services.tempo = {
enable = true;
settings = {
server = {
http_listen_address = "0.0.0.0";
http_listen_port = 3200;
grpc_listen_port = 9096;
};
distributor = {
receivers = {
otlp = {
protocols = {
http = { };
};
};
};
};
storage.trace = {
backend = "local";
local.path = "/var/lib/tempo/traces";
wal.path = "/var/lib/tempo/wal";
};
ingester = {
lifecycler.ring.replication_factor = 1;
};
};
};
services.grafana.provision.datasources.settings.datasources = [
{
name = "Tempo";
type = "tempo";
access = "proxy";
url = "http://${server.http_listen_address}:${toString server.http_listen_port}";
basicAuth = false;
jsonData = {
nodeGraph.enabled = true;
search.hide = false;
traceQuery = {
timeShiftEnabled = true;
spanStartTimeShift = "1h";
spanEndTimeShift = "1h";
};
spanBar = {
type = "Tag";
tag = "http.path";
};
tracesToLogsV2 = mkIf config.profile.services.telemetry.loki.enable {
datasourceUid = "loki";
spanStartTimeShift = "-1h";
spanEndTimeShift = "1h";
tags = [ "job" "instance" "pod" "namespace" ];
filterByTraceID = false;
filterBySpanID = false;
customQuery = true;
query = ''method="$''${__span.tags.method}"'';
};
};
}
];
};
}