hypridle: add options for lock, dpms and suspend timeouts

telemetry: added tempo service
homeserver: added mount config for loki and grafana
2024-09-02 20:52:27 +07:00 · 2024-09-02 18:17:03 +07:00 · 2024-09-02 14:10:22 +07:00
7 changed files with 259 additions and 98 deletions
--- a/hardware-configuration/homeserver.nix
+++ b/hardware-configuration/homeserver.nix
@ -8,103 +8,138 @@
    [
      (modulesPath + "/installer/scan/not-detected.nix")
    ];
+  config = {
+    boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+    boot.initrd.kernelModules = [ ];
+    boot.kernelModules = [ "kvm-amd" ];
+    boot.extraModulePackages = [ ];

-  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ "kvm-amd" ];
-  boot.extraModulePackages = [ ];
+    fileSystems."/" =
+      {
+        device = "/dev/disk/by-uuid/439a1beb-1443-495b-9891-012605819803";
+        fsType = "ext4";
+      };

-  fileSystems."/" =
-    {
-      device = "/dev/disk/by-uuid/439a1beb-1443-495b-9891-012605819803";
+    fileSystems."/boot" =
+      {
+        device = "/dev/disk/by-uuid/47A1-0296";
+        fsType = "vfat";
+        options = [ "fmask=0022" "dmask=0022" ];
+      };
+
+    fileSystems."/nas" = {
+      device = "/dev/disk/by-label/WD_RED_4T_1";
      fsType = "ext4";
    };
+    fileSystems."/nas/public/Music" = {
+      device = "/nas/Syncthing/Sync/Music";
+      fsType = "auto";
+      options = [
+        "defaults"
+        "nofail"
+        "nobootwait"
+        "bind"
+      ];
+    };
+    fileSystems."/nas/public/Public" = {
+      device = "/nas/Syncthing/Sync/Public";
+      fsType = "auto";
+      options = [
+        "defaults"
+        "nofail"
+        "nobootwait"
+        "bind"
+      ];
+    };
+    fileSystems = {
+      "/nas/telemetry/grafana" = lib.mkIf config.profile.services.telemetry.grafana.enable {
+        device = "/var/lib/grafana";
+        fsType = "auto";
+        options = [
+          "defaults"
+          "nofail"
+          "nobootwait"
+          "bind"
+        ];
+      };

-  fileSystems."/boot" =
-    {
-      device = "/dev/disk/by-uuid/47A1-0296";
-      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
+      "/nas/telemetry/loki" = lib.mkIf config.profile.services.telemetry.loki.enable {
+        device = "/var/lib/loki";
+        fsType = "auto";
+        options = [
+          "defaults"
+          "nofail"
+          "nobootwait"
+          "bind"
+        ];
+      };
+
+      "/nas/telemetry/tempo" = lib.mkIf config.profile.services.telemetry.tempo.enable {
+        device = "/var/lib/tempo";
+        fsType = "auto";
+        options = [
+          "defaults"
+          "nofail"
+          "nobootwait"
+          "bind"
+        ];
+      };
    };

-  fileSystems."/nas" = {
-    device = "/dev/disk/by-label/WD_RED_4T_1";
-    fsType = "ext4";
-  };
-  fileSystems."/nas/public/Music" = {
-    device = "/nas/Syncthing/Sync/Music";
-    fsType = "auto";
-    options = [
-      "defaults"
-      "nofail"
-      "nobootwait"
-      "bind"
-    ];
-  };
-  fileSystems."/nas/public/Public" = {
-    device = "/nas/Syncthing/Sync/Public";
-    fsType = "auto";
-    options = [
-      "defaults"
-      "nofail"
-      "nobootwait"
-      "bind"
-    ];
-  };
+    swapDevices = [ ];

-  swapDevices = [ ];
+    # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+    # (the default) this is the recommended approach. When using systemd-networkd it's
+    # still possible to use this option, but it's recommended to use it in conjunction
+    # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+    networking.useDHCP = lib.mkDefault true;
+    networking.defaultGateway = "192.168.100.1";
+    networking.interfaces.enp9s0 = {
+      useDHCP = false;
+      ipv4.addresses = [
+        {
+          address = "192.168.100.3";
+          prefixLength = 24;
+        }
+        {
+          address = "192.168.100.4";
+          prefixLength = 24;
+        }
+        {
+          address = "192.168.100.5";
+          prefixLength = 24;
+        }
+      ];
+    };

-  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
-  # (the default) this is the recommended approach. When using systemd-networkd it's
-  # still possible to use this option, but it's recommended to use it in conjunction
-  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
-  networking.useDHCP = lib.mkDefault true;
-  networking.defaultGateway = "192.168.100.1";
-  networking.interfaces.enp9s0 = {
-    useDHCP = false;
-    ipv4.addresses = [
-      {
-        address = "192.168.100.3";
-        prefixLength = 24;
-      }
-      {
-        address = "192.168.100.4";
-        prefixLength = 24;
-      }
-      {
-        address = "192.168.100.5";
-        prefixLength = 24;
-      }
-    ];
-  };
+    services.caddy.virtualHosts."public.tigor.web.id".extraConfig = /*caddy*/ ''
+      file_server browse
+      root * /nas/public
+    '';

-  services.caddy.virtualHosts."public.tigor.web.id".extraConfig = /*caddy*/ ''
-    file_server browse
-    root * /nas/public
-  '';
-
-  systemd.tmpfiles.settings = {
-    "100-nas-public-dir" = {
-      "/nas/public" = {
-        d = {
-          group = config.profile.user.name;
-          mode = "0777";
-          user = config.profile.user.name;
+    systemd.tmpfiles.settings = {
+      "100-nas-public-dir" = {
+        "/nas/public" = {
+          d = {
+            group = config.profile.user.name;
+            mode = "0777";
+            user = config.profile.user.name;
+          };
        };
      };
    };
-  };

-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.enableAllFirmware = true;
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-  hardware.opengl = {
-    enable = true;
-    extraPackages = with pkgs; [
-      intel-media-driver
-      intel-vaapi-driver
-      libvdpau-va-gl
-    ];
+    nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+    hardware.enableAllFirmware = true;
+    hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+    hardware.opengl = {
+      enable = true;
+      extraPackages = with pkgs; [
+        intel-media-driver
+        intel-vaapi-driver
+        libvdpau-va-gl
+      ];
+    };
+    environment.sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; }; # Force intel-media-driver
  };
-  environment.sessionVariables = { LIBVA_DRIVER_NAME = "iHD"; }; # Force intel-media-driver
 }
--- a/home/modules/hyprland/hypridle.nix
+++ b/home/modules/hyprland/hypridle.nix
@ -14,18 +14,18 @@ in
      }

      listener {
-        timeout = 600
+        timeout = ${toString cfg.hypridle.lockTimeout}
        on-timeout = "hyprlock"
      }

      listener {
-        timeout = 660
+        timeout = ${toString cfg.hypridle.dpmsTimeout}
        on-timeout = hyprctl dispatch dpms off
        on-resume = hyprctl dispatch dpms on
      }

      listener {
-        timeout = 1800
+        timeout = ${toString cfg.hypridle.suspendTimeout}
        on-timeout = systemctl suspend
      }
    '';
--- a/options/hyprland.nix
+++ b/options/hyprland.nix
@ -1,4 +1,4 @@
-{ lib, ... }:
+{ lib, config, ... }:
 let
  types = lib.types;
 in
@ -49,6 +49,24 @@ in
      };
    };

+    hypridle = {
+      lockTimeout = lib.mkOption {
+        type = lib.types.int;
+        default = 600;
+        description = ''Time in seconds before the screen locks'';
+      };
+      dpmsTimeout = lib.mkOption {
+        type = lib.types.int;
+        default = config.profile.hyprland.hypridle.lockTimeout + 60;
+        description = ''Time in seconds before the screen turns off. default is lockTimeout + 60'';
+      };
+      suspendTimeout = lib.mkOption {
+        type = lib.types.int;
+        default = 1800;
+        description = ''Time in seconds before the system suspends. default is 30 minutes (1800 seconds)'';
+      };
+    };
+
    dunst.monitor = lib.mkOption {
      type = lib.types.str;
      default = "0";
--- a/secrets/telemetry.yaml
+++ b/secrets/telemetry.yaml
@ -9,6 +9,12 @@ loki:
            username: ENC[AES256_GCM,data:MRwky3O8LGS/4w==,iv:CUHjGRNc8NU5FqhqvpqbATmVE3Kg9Z0jMBFlzsAwON0=,tag:uZlxw9skd0VNLfZTJ/6ZSQ==,type:str]
            #ENC[AES256_GCM,data:t+u4g7nvpq2U27CHgmu1xi2Ppwv7cJf1s6Et,iv:LtwoPoxsQn1MujHRoD6SqDLm8uN4uBpuIVmn23DDgjI=,tag:PKOHF5vcQzHszpp1sfuU0Q==,type:comment]
            password: ENC[AES256_GCM,data:GcQ6x8ewxInmAcQwhhwJgXMHxd/ygkscsp2vg7PILEeaOv1heBX0fTHb0sRyAfhLxwKDH84LtGb37656,iv:UEQ7dgqNEKisalpPXFffsVzn6kXDt9DmJP6ec3LOHRE=,tag:CyPPqG2Vf8eeSVzAASintQ==,type:str]
+tempo:
+    caddy:
+        basic_auth:
+            username: ENC[AES256_GCM,data:B+8IkRh/MQ1f8g==,iv:0pmiHofPm+SvavQ1UsxOZcjdkWFuPpOs6cejTfkYH98=,tag:GiPPWqIKxhcxmnp709qyRg==,type:str]
+            #ENC[AES256_GCM,data:7/lgFtPiBjVhWba7cByCXNP2kmtdXTjqCEq6,iv:BAwTjTxXFy3vSxNaPRD9NsraMznrPFcjAQwtO0joOE8=,tag:7HqKeGXpGvT+Du3NoZskGQ==,type:comment]
+            password: ENC[AES256_GCM,data:tx/6SEqOxsStAKov6rZ83WJbO6CckvOw+tFkGSE0Co6ppSJB8CW4KiNGsUj9K6p+NjHalR1+48S32Bik,iv:MIJH6y2m3m+rks4+vwJAi6FrHqE8wv8aF30yvAHVTPM=,tag:uq/yUvoP/7KO0Z0jBEfYhw==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -24,8 +30,8 @@ sops:
            bzYzSEQrRkN6WVVmN254a2NCcUxGVFkK4aHv8tiFiNEnd7I5LB0Jd/4upkEEEXis
            9A5hdTn20EqL62QuHeYRav1TRu42dp+R4iZAlVl9cRzThkzZKJdHlg==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-08-29T05:57:46Z"
-    mac: ENC[AES256_GCM,data:JGrZUe8PLjlcHULvVa8Yi8ORAW5bMKOMxSGbJ2UFji9byRGu+JHaU7gdF45lrR5XKxJZLmZesWI9fRjsnlEd9WDTEroiwFo965mYFcdmbrJb37BIRO6Thy6C77GXMNcOVW2hBgcVDckNIbAk3qgvVG2QOZ5VKwxPLVQPsfWfCFs=,iv:Do05RY+cgahdv8/Nk6RIOxBA6x28GxyErrgSQRoIR80=,tag:HoqhdhZmcS3QxXGfZyxfFw==,type:str]
+    lastmodified: "2024-09-02T09:51:05Z"
+    mac: ENC[AES256_GCM,data:VsbdOVWBk49kiSS+3WXzJ209UENXkGqq4lRr0ETczp5PZAYbrUPzVlBrrqtvyxXMWZI+Q/J2vpoJmEQypyhwodtDp1NMbbiu5Nh0z5GQ1XVo6PBVUyIpCEaKkusWKzWmcWEP7HAvRzNdMEmlaRIaT07x0Ea8xLq79AeA0PZDT6A=,iv:JRIWfCZnO/9O458se670g5ei4xqXk9nEOTEV82bfGoc=,tag:LgX+9xgy5qPQ6EWhQCcFoA==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1
--- a/system/services/telemetry/default.nix
+++ b/system/services/telemetry/default.nix
@ -3,5 +3,6 @@
  imports = [
    ./grafana.nix
    ./loki.nix
+    ./tempo.nix
  ];
 }
--- a/system/services/telemetry/loki.nix
+++ b/system/services/telemetry/loki.nix
@ -3,10 +3,10 @@ let
  cfg = config.profile.services.telemetry.loki;
  inherit (lib) mkIf;
  lokiDomain = "loki.tigor.web.id";
+  server = config.services.loki.configuration.server;
 in
 {
  config = mkIf cfg.enable {
-
    sops =
      let
        usernameKey = "loki/caddy/basic_auth/username";
@ -36,7 +36,7 @@ in
      basicauth {
        {$LOKI_USERNAME} {$LOKI_PASSWORD}
      }
-      reverse_proxy ${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}
+      reverse_proxy ${server.http_listen_address}:${toString server.http_listen_port}
    '';

    services.loki =
@ -90,17 +90,14 @@ in
      {
        name = "Loki";
        type = "loki";
+        uid = "loki";
        access = "proxy";
-        url = "http://${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}";
-        basicAuth = true;
-        basicAuthUser = "$__file{${config.sops.secrets."loki/caddy/basic_auth/username".path}}";
+        url = "http://${server.http_listen_address}:${toString server.http_listen_port}";
+        basicAuth = false;
        jsonData = {
          timeout = 60;
          maxLines = 1000;
        };
-        secureJsonData = {
-          basicAuthPassword = "$__file{${config.sops.secrets."loki/caddy/basic_auth/password".path}}";
-        };
      }
    ];
  };
--- a/system/services/telemetry/tempo.nix
+++ b/system/services/telemetry/tempo.nix
@ -0,0 +1,104 @@
+{ config, lib, ... }:
+let
+  cfg = config.profile.services.telemetry.tempo;
+  inherit (lib) mkIf;
+  domain = "tempo.tigor.web.id";
+  basic_auth = {
+    username = "tempo/caddy/basic_auth/username";
+    password = "tempo/caddy/basic_auth/password";
+    template = "tempo/caddy/basic_auth";
+  };
+  server = config.services.tempo.settings.server;
+in
+{
+  config = mkIf cfg.enable {
+    sops = {
+      secrets =
+        let
+          opts = { sopsFile = ../../../secrets/telemetry.yaml; owner = "grafana"; };
+        in
+        {
+          ${basic_auth.username} = opts;
+          ${basic_auth.password} = opts;
+        };
+      templates = {
+        ${basic_auth.template}.content = /*sh*/ ''
+          TEMPO_USERNAME=${config.sops.placeholder.${basic_auth.username}}
+          TEMPO_PASSWORD=${config.sops.placeholder.${basic_auth.password}}
+        '';
+      };
+    };
+
+    systemd.services."caddy".serviceConfig = {
+      EnvironmentFile = [ config.sops.templates.${basic_auth.template}.path ];
+    };
+
+    services.caddy.virtualHosts.${domain}.extraConfig = ''
+      basicauth {
+          {$TEMPO_USERNAME} {$TEMPO_PASSWORD}
+      }
+
+      reverse_proxy ${server.http_listen_address}:${toString server.http_listen_port}
+    '';
+
+    services.tempo = {
+      enable = true;
+      settings = {
+        server = {
+          http_listen_address = "0.0.0.0";
+          http_listen_port = 3200;
+          grpc_listen_port = 9096;
+        };
+        distributor = {
+          receivers = {
+            otlp = {
+              protocols = {
+                http = { };
+              };
+            };
+          };
+        };
+        storage.trace = {
+          backend = "local";
+          local.path = "/var/lib/tempo/traces";
+          wal.path = "/var/lib/tempo/wal";
+        };
+        ingester = {
+          lifecycler.ring.replication_factor = 1;
+        };
+      };
+    };
+    services.grafana.provision.datasources.settings.datasources = [
+      {
+        name = "Tempo";
+        type = "tempo";
+        access = "proxy";
+        url = "http://${server.http_listen_address}:${toString server.http_listen_port}";
+        basicAuth = false;
+        jsonData = {
+          nodeGraph.enabled = true;
+          search.hide = false;
+          traceQuery = {
+            timeShiftEnabled = true;
+            spanStartTimeShift = "1h";
+            spanEndTimeShift = "1h";
+          };
+          spanBar = {
+            type = "Tag";
+            tag = "http.path";
+          };
+          tracesToLogsV2 = mkIf config.profile.services.telemetry.loki.enable {
+            datasourceUid = "loki";
+            spanStartTimeShift = "-1h";
+            spanEndTimeShift = "1h";
+            tags = [ "job" "instance" "pod" "namespace" ];
+            filterByTraceID = false;
+            filterBySpanID = false;
+            customQuery = true;
+            query = ''method="$''${__span.tags.method}"'';
+          };
+        };
+      }
+    ];
+  };
+}
Author	SHA1	Message	Date
Tigor Hutasuhut	c3bc08a3f0	hypridle: add options for lock, dpms and suspend timeouts	2024-09-02 20:52:27 +07:00
Tigor Hutasuhut	4786f0562b	telemetry: added tempo service	2024-09-02 18:17:03 +07:00
Tigor Hutasuhut	a54dcef036	homeserver: added mount config for loki and grafana	2024-09-02 14:10:22 +07:00