Compare commits
17 commits
ae5b09d7ab
...
3d52e2fbf6
Author | SHA1 | Date | |
---|---|---|---|
Tigor Hutasuhut | 3d52e2fbf6 | ||
Tigor Hutasuhut | 9dde4d9c9b | ||
Tigor Hutasuhut | ed49fe7496 | ||
Tigor Hutasuhut | 0f45241285 | ||
Tigor Hutasuhut | 4da42e98a0 | ||
Tigor Hutasuhut | 9d55bc2bee | ||
Tigor Hutasuhut | b3cf043866 | ||
Tigor Hutasuhut | 7f58e16a39 | ||
Tigor Hutasuhut | cb6479e4a4 | ||
Tigor Hutasuhut | 94a69d6f65 | ||
Tigor Hutasuhut | 49542ac462 | ||
Tigor Hutasuhut | dda26cfc65 | ||
Tigor Hutasuhut | 49bbe6364e | ||
Tigor Hutasuhut | 89c2b3076b | ||
Tigor Hutasuhut | 9706e7f2b3 | ||
Tigor Hutasuhut | e8fc018fb4 | ||
Tigor Hutasuhut | 227e610024 |
86
flake.lock
86
flake.lock
|
@ -121,11 +121,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1724857454,
|
"lastModified": 1725513492,
|
||||||
"narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=",
|
"narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=",
|
||||||
"owner": "cachix",
|
"owner": "cachix",
|
||||||
"repo": "git-hooks.nix",
|
"repo": "git-hooks.nix",
|
||||||
"rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6",
|
"rev": "7570de7b9b504cfe92025dd1be797bf546f66528",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -185,11 +185,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1720042825,
|
"lastModified": 1725703823,
|
||||||
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=",
|
"narHash": "sha256-tDgM4d8mLK0Hd6YMB2w1BqMto1XBXADOzPEaLl10VI4=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "home-manager",
|
"repo": "home-manager",
|
||||||
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073",
|
"rev": "208df2e558b73b6a1f0faec98493cb59a25f62ba",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -240,11 +240,11 @@
|
||||||
"xdph": "xdph"
|
"xdph": "xdph"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1725310138,
|
"lastModified": 1725913740,
|
||||||
"narHash": "sha256-LgX5xG/xdfWxie6ia9M+Fc825EH93kcwu5CFzFqIe5g=",
|
"narHash": "sha256-Fa3hcydGj16itZx7Q8zWfRUz6WZus+ZBXYHj8qAYIuM=",
|
||||||
"ref": "refs/heads/main",
|
"ref": "refs/heads/main",
|
||||||
"rev": "8f9887b0c9443d6c2559feeec411daecb9780a97",
|
"rev": "8237d7e1a4994f70636b2e91584775308f24a584",
|
||||||
"revCount": 5181,
|
"revCount": 5206,
|
||||||
"submodules": true,
|
"submodules": true,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://github.com/hyprwm/Hyprland"
|
"url": "https://github.com/hyprwm/Hyprland"
|
||||||
|
@ -262,11 +262,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1725276753,
|
"lastModified": 1725551787,
|
||||||
"narHash": "sha256-kcV2M7xIoQvLRIrMndysM4E0d2zGSwIDejamT4LKnDg=",
|
"narHash": "sha256-6LgsZHz8w3g4c9bRUwRAR+WIMwFGGf3P1VZQcKNRf2o=",
|
||||||
"owner": "hyprwm",
|
"owner": "hyprwm",
|
||||||
"repo": "contrib",
|
"repo": "contrib",
|
||||||
"rev": "ae618eafa81b596db034c5df1d75d4eddf785824",
|
"rev": "1e531dc49ad36c88b45bf836081a7a2c8927e072",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -391,11 +391,11 @@
|
||||||
"nixpkgs": "nixpkgs_2"
|
"nixpkgs": "nixpkgs_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1725346719,
|
"lastModified": 1725862290,
|
||||||
"narHash": "sha256-+QUffIvhBPdJNPbTUPdheijA1eQeAHlgvJqZ0qMPL34=",
|
"narHash": "sha256-7mj1CbLcPxym+QkQvrZrtgeXubVFNbZSGBQhx4ULEfM=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "neovim-nightly-overlay",
|
"repo": "neovim-nightly-overlay",
|
||||||
"rev": "ce477ade892d794fd21725d0525bc45739fdf64e",
|
"rev": "b43af0a09c285fddfc5352fee7e41b41daef05dd",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -407,11 +407,11 @@
|
||||||
"neovim-src": {
|
"neovim-src": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1725317538,
|
"lastModified": 1725824912,
|
||||||
"narHash": "sha256-tRRSljYBy1GxQGaCvSywtCSJ+OQa6clYilJLMxTe+nM=",
|
"narHash": "sha256-JCniLZOBjDY/H/lmihZ5EhPJF/1aOnEKJ1+XuwdjN/I=",
|
||||||
"owner": "neovim",
|
"owner": "neovim",
|
||||||
"repo": "neovim",
|
"repo": "neovim",
|
||||||
"rev": "ae9674704ac5586438f60c883e918d448ef0e237",
|
"rev": "8a2aec99748229ad9d1e12c1cbc0768d063e8eed",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -442,11 +442,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1725161148,
|
"lastModified": 1725765290,
|
||||||
"narHash": "sha256-WfAHq3Ag3vLNFfWxKHjFBFdPI6JIideWFJod9mx1eoo=",
|
"narHash": "sha256-hwX53i24KyWzp2nWpQsn8lfGQNCP0JoW/bvQmcR1DPY=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "nix-index-database",
|
"repo": "nix-index-database",
|
||||||
"rev": "32058e9138248874773630c846563b1a78ee7a5b",
|
"rev": "642275444c5a9defce57219c944b3179bf2adaa9",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -473,11 +473,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1721524707,
|
"lastModified": 1725762081,
|
||||||
"narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=",
|
"narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "556533a23879fc7e5f98dd2e0b31a6911a213171",
|
"rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -489,11 +489,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-unstable": {
|
"nixpkgs-unstable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1725103162,
|
"lastModified": 1725634671,
|
||||||
"narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=",
|
"narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b",
|
"rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -504,11 +504,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1725194671,
|
"lastModified": 1725816686,
|
||||||
"narHash": "sha256-tLGCFEFTB5TaOKkpfw3iYT9dnk4awTP/q4w+ROpMfuw=",
|
"narHash": "sha256-0Kq2MkQ/sQX1rhWJ/ySBBQlBJBUK8mPMDcuDhhdBkSU=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "b833ff01a0d694b910daca6e2ff4a3f26dee478c",
|
"rev": "add0443ee587a0c44f22793b8c8649a0dbc3bb00",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -520,11 +520,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs_3": {
|
"nixpkgs_3": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1725001927,
|
"lastModified": 1725826545,
|
||||||
"narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=",
|
"narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "6e99f2a27d600612004fbd2c3282d614bfee6421",
|
"rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -535,11 +535,11 @@
|
||||||
},
|
},
|
||||||
"nur": {
|
"nur": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1725346708,
|
"lastModified": 1725937606,
|
||||||
"narHash": "sha256-rhLiFjrLBA+3Dc9NVsa3v3XDGB/Tn780dAttcNY1f9k=",
|
"narHash": "sha256-wGTk7wEfDSdWFtfKHA6xIPw2Yeg38UIZl13AjPfDDXw=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "NUR",
|
"repo": "NUR",
|
||||||
"rev": "079d47b2fe664a1e8b16eac5eb32726bcb2774d1",
|
"rev": "5c4cc0b0b53d20fa71c421f732b902b767dddf63",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -570,11 +570,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1725330199,
|
"lastModified": 1725935143,
|
||||||
"narHash": "sha256-oUkdPJIxP3r3YyVOBLkDVLIJiQV9YlrVqA+jNcdpCvM=",
|
"narHash": "sha256-mVtTVQMlXkydSXVwFClE0ckxHrOQ9nb2DrCjNwW5pUE=",
|
||||||
"owner": "oxalica",
|
"owner": "oxalica",
|
||||||
"repo": "rust-overlay",
|
"repo": "rust-overlay",
|
||||||
"rev": "a562172c72d00350f9f2ff830e6515b6e7bee6d5",
|
"rev": "c3c175c74cd0e8c2c40a0e22bc6e3005c4d28d64",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -591,11 +591,11 @@
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1725201042,
|
"lastModified": 1725922448,
|
||||||
"narHash": "sha256-lj5pxOwidP0W//E7IvyhbhXrnEUW99I07+QpERnzTS4=",
|
"narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=",
|
||||||
"owner": "Mic92",
|
"owner": "Mic92",
|
||||||
"repo": "sops-nix",
|
"repo": "sops-nix",
|
||||||
"rev": "5db5921e40ae382d6716dce591ea23b0a39d96f7",
|
"rev": "cede1a08039178ac12957733e97ab1006c6b6892",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -84,6 +84,17 @@
|
||||||
"bind"
|
"bind"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
"/nas/telemetry/mimir" = lib.mkIf config.profile.services.telemetry.mimir.enable {
|
||||||
|
device = "/var/lib/mimir";
|
||||||
|
fsType = "auto";
|
||||||
|
options = [
|
||||||
|
"defaults"
|
||||||
|
"nofail"
|
||||||
|
"nobootwait"
|
||||||
|
"bind"
|
||||||
|
];
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
swapDevices = [ ];
|
swapDevices = [ ];
|
||||||
|
|
|
@ -17,6 +17,7 @@ in
|
||||||
memos.enable = mkEnableOption "memos podman";
|
memos.enable = mkEnableOption "memos podman";
|
||||||
morphos.enable = mkEnableOption "morphos podman";
|
morphos.enable = mkEnableOption "morphos podman";
|
||||||
soulseek.enable = mkEnableOption "soulseek podman";
|
soulseek.enable = mkEnableOption "soulseek podman";
|
||||||
|
valheim.enable = mkEnableOption "valheim";
|
||||||
|
|
||||||
servarr = {
|
servarr = {
|
||||||
enable = mkEnableOption "servarr group";
|
enable = mkEnableOption "servarr group";
|
||||||
|
|
|
@ -47,7 +47,11 @@ in
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = config.profile.services.telemetry.enable;
|
default = config.profile.services.telemetry.enable;
|
||||||
};
|
};
|
||||||
minio.enable = mkOption {
|
mimir.enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = config.profile.services.telemetry.enable;
|
||||||
|
};
|
||||||
|
alloy.enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = config.profile.services.telemetry.enable;
|
default = config.profile.services.telemetry.enable;
|
||||||
};
|
};
|
||||||
|
|
|
@ -37,10 +37,11 @@
|
||||||
servarr.real-debrid-manager.enable = false;
|
servarr.real-debrid-manager.enable = false;
|
||||||
servarr.rdtclient.enable = true;
|
servarr.rdtclient.enable = true;
|
||||||
openobserve.enable = true;
|
openobserve.enable = true;
|
||||||
minecraft.enable = true;
|
minecraft.enable = false;
|
||||||
memos.enable = true;
|
memos.enable = true;
|
||||||
morphos.enable = true;
|
morphos.enable = true;
|
||||||
soulseek.enable = true;
|
soulseek.enable = true;
|
||||||
|
valheim.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
docker = {
|
docker = {
|
||||||
|
|
|
@ -2,6 +2,9 @@ ntfy:
|
||||||
default:
|
default:
|
||||||
user: ENC[AES256_GCM,data:M9XiXH3/Nr3/3A==,iv:Ealcewpj/GCWU+U6F+7onCfVaraE+f5Wkt63tlitnlQ=,tag:ARwnlFs1VfwcQKlIkeQQeg==,type:str]
|
user: ENC[AES256_GCM,data:M9XiXH3/Nr3/3A==,iv:Ealcewpj/GCWU+U6F+7onCfVaraE+f5Wkt63tlitnlQ=,tag:ARwnlFs1VfwcQKlIkeQQeg==,type:str]
|
||||||
password: ENC[AES256_GCM,data:56el7+jh6TcI9UzeXZW5aa7cUG9ycd8a2mw=,iv:iYpkWG37dpZ4dEN5zjg4P8On969hWqWcumJ7h5hLmjk=,tag:tlGDQmJ0+xl9yO42FTp19w==,type:str]
|
password: ENC[AES256_GCM,data:56el7+jh6TcI9UzeXZW5aa7cUG9ycd8a2mw=,iv:iYpkWG37dpZ4dEN5zjg4P8On969hWqWcumJ7h5hLmjk=,tag:tlGDQmJ0+xl9yO42FTp19w==,type:str]
|
||||||
|
tokens:
|
||||||
|
homeserver: ENC[AES256_GCM,data:nQlSIXKKzTX+Ucums5IPuBcn8va6GlfGQmRZrlQsleU=,iv:KD+PmttUmCt3l6cbjjRgp6IaF5WvfJ6oSHxpzbvtDA8=,tag:ZFSGY8gDu46GTYa59v0K+Q==,type:str]
|
||||||
|
tigor: ENC[AES256_GCM,data:zDFlF8aQFzMdmwKk0xwxMQxnCIXA0sy45jMKEzDNFzs=,iv:KWveN6sbH1NTCMK+XkVUPbIIR7L2e9y6sq/WiFY9bQA=,tag:sTpuFyQ9Hwuzjvem/DO3jw==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
gcp_kms: []
|
gcp_kms: []
|
||||||
|
@ -17,8 +20,8 @@ sops:
|
||||||
VW9lVkh5eTkyLzdtK0RScHlhMTBaR28KHyMRxCQe65ZM1v4iB6mgiQxZ84/sEdr0
|
VW9lVkh5eTkyLzdtK0RScHlhMTBaR28KHyMRxCQe65ZM1v4iB6mgiQxZ84/sEdr0
|
||||||
k0tBwcBlgGK/SF6P9GdCVopFHN8os25YEYMNg8kjAh/qs4N2gTXMEQ==
|
k0tBwcBlgGK/SF6P9GdCVopFHN8os25YEYMNg8kjAh/qs4N2gTXMEQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-09-05T02:52:58Z"
|
lastmodified: "2024-09-07T11:09:18Z"
|
||||||
mac: ENC[AES256_GCM,data:CCLd4p+6V4P2ioE2lKoPctbQ9/d/DcS7m895l3+ty48JT0iZMx32gBubn0TGvdjp6x705uSYZySkM2YACFMhkifuLMxeGLGJu1rBfrXO2bYuHDAhni5fLP/XIsC+FlPbHEOXAnYpAO0y1TLBw7xKz8Tjl3yAC0L00LzIS6URir0=,iv:akFHjwnO9gtZ73NMI8pj0J87q5D6U9SiNLzfRfJUE90=,tag:CMNqOnREytCrEo+bh2l1BA==,type:str]
|
mac: ENC[AES256_GCM,data:CcmQ0JFeuXMZ1VmBiGrLFw/8fiTOLervBtmlXmpl/GvfsDk3JeTTUqPV3RoVmw4yfQ/lCpjpXKrEOrVxO+/oc+NWcuQ9OGRuluDiFg7A2GLk9vniDEtrCbk/0oibL4Hu3P4K8oDcVuJkZhoqgTwN98suk3go7RCA9VhUDtejxTM=,iv:6gVmT1I5suLGG3nS4dX5S1v6bYPzxwZw08/yHkm75pU=,tag:f1wDeoFpFVWTU/HUah3Prw==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
30
secrets/valheim.yaml
Normal file
30
secrets/valheim.yaml
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
valheim:
|
||||||
|
server:
|
||||||
|
password: ENC[AES256_GCM,data:S1bD+TSUxq8=,iv:dFMlNfFuS/1S9lD0uX8ag3hflGpAOyGk77O6CxxTaXM=,tag:KyRrtZIx7yNF5m+qTHafJA==,type:str]
|
||||||
|
admins:
|
||||||
|
#ENC[AES256_GCM,data:1xnixtjNoI/7knh9VA==,iv:8SZ12M5OR/umplY87nDqooc17atVX6fCoxo+eJYidkc=,tag:AuI5bfBrGvXtPzwrwzKV6Q==,type:comment]
|
||||||
|
admin_1: ENC[AES256_GCM,data:9lC1kJDiILyDHrrg9x987jo=,iv:6zu9r9JbFaJ/821H1uEw1LjG7yJZb9x/oj31JW8frRY=,tag:q26AjmbSgQOm8x++U0PLXA==,type:str]
|
||||||
|
#ENC[AES256_GCM,data:Yb0OhTDqdCICgRY=,iv:f/WWOGf2in4w2ZNTyDmulBTHd97zGpeQ6RVVvl7yAmk=,tag:LCsTO/HKXLzIR9OVPSB3tA==,type:comment]
|
||||||
|
admin_2: ENC[AES256_GCM,data:Lg1zqeIgi7biUO6vNeVyl9g=,iv:viJEQ+ow6XbhwvD4FHYMDnyvVupdxA1fHK+WHreOzkc=,tag:VAysj1syU+RCKh/Byrn8LQ==,type:str]
|
||||||
|
#ENC[AES256_GCM,data:VMtru88mMiFgTIiWSvA=,iv:o+76QEXzt9vSx3S3NqgI43QCIDOWdTrTnE4GX6u3mtE=,tag:fuNUkR6zPFcJIYFjRz2dxw==,type:comment]
|
||||||
|
admin_3: ENC[AES256_GCM,data:4roXiJ0cln8S/AGit56/NMQ=,iv:H6Cw16blxUvjM82zYRnTLRRFuo2Os5XQViF5sQ/7WZg=,tag:5YnKrWfMS11HblX52mLXAw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtUjBwVmZ0RXlWMWdaZ3JW
|
||||||
|
WlJUWVI4SGN1THB0NTRmcTdzbFF1THhzR0UwCm1iU1QwNlFncFVSeFpCUzdNKzhw
|
||||||
|
dGlOV3ZyTnZNazhYWUpwVE9xZi9kU1kKLS0tIFlTdy9zWVRYUFkzUmRGQnpDbnRH
|
||||||
|
VGJzK0pkOGpTUElBV09EdURkOGhCYU0KNHqjED8G1HKI/tB9kH/K9ZoSYho26JZ8
|
||||||
|
bobGVyPbPnYsAPmzmFA+F+aw+dslaqHk+5dlKjWwFBguK2r389U3SQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-09-08T12:30:48Z"
|
||||||
|
mac: ENC[AES256_GCM,data:trtu4Foo8E/X/Utxhqf8dmTzVy3ozCq4RlHFhZ9PHvx+3kVX/delZspS2QK81fxehR62hD/aTMGP2Zlxsv4gU/eMV3Iv5h5GbIYtVuDb+ZyFNdEgh2QtZ86rndGMHhdHP5Nv2oQqsrcNkQAlYqlQaeRoz6AjzOmmavEAoIrHd7M=,iv:gyyYXnavN7TvL27E1QuhEN+/NPdCiJi3oYA0vtitAy8=,tag:+Vg6xqOKpy/jUOs43hxFKw==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
|
@ -15,6 +15,9 @@ in
|
||||||
systemd.timers."podman-auto-update" = {
|
systemd.timers."podman-auto-update" = {
|
||||||
enable = true;
|
enable = true;
|
||||||
wantedBy = [ "multi-user.target" ];
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
timerConfig = {
|
||||||
|
OnCalendar = "*-*-* 04:00:00";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
virtualisation.containers.enable = true;
|
virtualisation.containers.enable = true;
|
||||||
virtualisation.oci-containers.backend = "podman";
|
virtualisation.oci-containers.backend = "podman";
|
||||||
|
@ -53,5 +56,6 @@ in
|
||||||
./soulseek.nix
|
./soulseek.nix
|
||||||
./suwayomi.nix
|
./suwayomi.nix
|
||||||
./ytptube.nix
|
./ytptube.nix
|
||||||
|
./valheim.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,10 +1,11 @@
|
||||||
{ config, lib, ... }:
|
{ config, lib, pkgs, ... }:
|
||||||
let
|
let
|
||||||
name = "qbittorrent";
|
name = "qbittorrent";
|
||||||
domain = "${name}.tigor.web.id";
|
domain = "${name}.tigor.web.id";
|
||||||
podman = config.profile.podman;
|
podman = config.profile.podman;
|
||||||
qbittorrent = podman.qbittorrent;
|
qbittorrent = podman.qbittorrent;
|
||||||
inherit (lib) mkIf;
|
inherit (lib) mkIf;
|
||||||
|
inherit (lib.strings) optionalString;
|
||||||
ip = "10.88.0.7";
|
ip = "10.88.0.7";
|
||||||
image = "lscr.io/linuxserver/qbittorrent:latest";
|
image = "lscr.io/linuxserver/qbittorrent:latest";
|
||||||
volume = "/nas/torrents";
|
volume = "/nas/torrents";
|
||||||
|
@ -23,35 +24,91 @@ in
|
||||||
chown ${uid}:${gid} ${volume} ${volume}/{config,downloads,progress,watch}
|
chown ${uid}:${gid} ${volume} ${volume}/{config,downloads,progress,watch}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
virtualisation.oci-containers.containers.${name} = {
|
|
||||||
inherit image;
|
sops = {
|
||||||
hostname = name;
|
secrets =
|
||||||
autoStart = true;
|
let
|
||||||
environment = {
|
opts = { sopsFile = ../../secrets/ntfy.yaml; };
|
||||||
PUID = uid;
|
in
|
||||||
PGID = gid;
|
{
|
||||||
TZ = "Asia/Jakarta";
|
"ntfy/tokens/homeserver" = opts;
|
||||||
WEBUI_PORT = "8080";
|
};
|
||||||
TORRENTING_PORT = "6881";
|
templates = {
|
||||||
};
|
"qbittorrent-ntfy-env".content = /*sh*/ ''
|
||||||
volumes = [
|
NTFY_TOKEN=${config.sops.placeholder."ntfy/tokens/homeserver"}
|
||||||
"${volume}/config:/config"
|
'';
|
||||||
"${volume}/downloads:/downloads"
|
|
||||||
"${volume}/progress:/progress"
|
|
||||||
"${volume}/watch:/watch"
|
|
||||||
];
|
|
||||||
ports = [
|
|
||||||
"6881:6881"
|
|
||||||
"6881:6881/udp"
|
|
||||||
];
|
|
||||||
extraOptions = [
|
|
||||||
"--ip=${ip}"
|
|
||||||
"--network=podman"
|
|
||||||
];
|
|
||||||
labels = {
|
|
||||||
"io.containers.autoupdate" = "registry";
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers.${name} =
|
||||||
|
let
|
||||||
|
finish-notify-script = pkgs.writeScriptBin "notify-finish.sh" (optionalString config.services.ntfy-sh.enable /*sh*/ ''
|
||||||
|
#!/bin/bash
|
||||||
|
# $1 = %N | Torrent Name
|
||||||
|
# $2 = %L | Category
|
||||||
|
# $3 = %G | Tags
|
||||||
|
# $4 = %F | Content Path
|
||||||
|
# $5 = %R | Root Path
|
||||||
|
# $6 = %D | Save Path
|
||||||
|
# $7 = %C | Number of files
|
||||||
|
# $8 = %Z | Torrent Size
|
||||||
|
# $9 = %T | Current Tracker
|
||||||
|
# $10 = %I | Info Hash v1
|
||||||
|
# $11 = %J | Info Hash v2
|
||||||
|
# $12 = %K | Torrent ID
|
||||||
|
|
||||||
|
size=$(echo $8 | numfmt --to=iec)
|
||||||
|
curl -X POST \
|
||||||
|
-H "Authorization: Bearer $NTFY_TOKEN" \
|
||||||
|
-H "X-Title: $1" \
|
||||||
|
-H "X-Tags: white_check_mark,$2" \
|
||||||
|
-d "Number of Files: $7, Size: $size" \
|
||||||
|
https://ntfy.tigor.web.id/qbittorrent
|
||||||
|
'');
|
||||||
|
start-notify-script = pkgs.writeScriptBin "notify-start.sh" (optionalString config.services.ntfy-sh.enable /*sh*/ ''
|
||||||
|
#!/bin/bash
|
||||||
|
curl -X POST \
|
||||||
|
-H "Authorization: Bearer $NTFY_TOKEN" \
|
||||||
|
-H "X-Title: $1" \
|
||||||
|
-H "X-Tags: rocket,$2" \
|
||||||
|
-d "Starts downloading" \
|
||||||
|
https://ntfy.tigor.web.id/qbittorrent
|
||||||
|
'');
|
||||||
|
in
|
||||||
|
{
|
||||||
|
inherit image;
|
||||||
|
hostname = name;
|
||||||
|
autoStart = true;
|
||||||
|
environment = {
|
||||||
|
PUID = uid;
|
||||||
|
PGID = gid;
|
||||||
|
TZ = "Asia/Jakarta";
|
||||||
|
WEBUI_PORT = "8080";
|
||||||
|
TORRENTING_PORT = "6881";
|
||||||
|
};
|
||||||
|
volumes = [
|
||||||
|
"${volume}/config:/config"
|
||||||
|
"${volume}/downloads:/downloads"
|
||||||
|
"${volume}/progress:/progress"
|
||||||
|
"${volume}/watch:/watch"
|
||||||
|
"${finish-notify-script}/bin/notify-finish.sh:/bin/notify-finish"
|
||||||
|
"${start-notify-script}/bin/notify-start.sh:/bin/notify-start"
|
||||||
|
];
|
||||||
|
ports = [
|
||||||
|
"6881:6881"
|
||||||
|
"6881:6881/udp"
|
||||||
|
];
|
||||||
|
extraOptions = [
|
||||||
|
"--ip=${ip}"
|
||||||
|
"--network=podman"
|
||||||
|
];
|
||||||
|
environmentFiles = [
|
||||||
|
config.sops.templates."qbittorrent-ntfy-env".path
|
||||||
|
];
|
||||||
|
labels = {
|
||||||
|
"io.containers.autoupdate" = "registry";
|
||||||
|
};
|
||||||
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -46,10 +46,6 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# systemd.services."caddy".serviceConfig = {
|
|
||||||
# EnvironmentFile = [ config.sops.templates.${basic_auth.template}.path ];
|
|
||||||
# };
|
|
||||||
|
|
||||||
system.activationScripts."podman-${name}" = ''
|
system.activationScripts."podman-${name}" = ''
|
||||||
mkdir -p ${rootVolume}/{config,downloads,incomplete}
|
mkdir -p ${rootVolume}/{config,downloads,incomplete}
|
||||||
chown ${uid}:${gid} ${rootVolume} ${rootVolume}/{config,downloads,incomplete}
|
chown ${uid}:${gid} ${rootVolume} ${rootVolume}/{config,downloads,incomplete}
|
||||||
|
|
82
system/podman/valheim.nix
Normal file
82
system/podman/valheim.nix
Normal file
|
@ -0,0 +1,82 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
name = "valheim";
|
||||||
|
podman = config.profile.podman;
|
||||||
|
inherit (lib) mkIf strings;
|
||||||
|
ip = "10.88.200.10";
|
||||||
|
image = "docker.io/lloesche/valheim-server";
|
||||||
|
domain = "${name}.tigor.web.id";
|
||||||
|
user = config.profile.user;
|
||||||
|
uid = toString user.uid;
|
||||||
|
gid = toString user.gid;
|
||||||
|
base_dir = "/var/lib/${name}";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = mkIf (podman.enable && podman.${name}.enable) {
|
||||||
|
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
||||||
|
reverse_proxy ${ip}:80
|
||||||
|
'';
|
||||||
|
|
||||||
|
sops =
|
||||||
|
let
|
||||||
|
opts = { sopsFile = ../../secrets/valheim.yaml; };
|
||||||
|
in
|
||||||
|
{
|
||||||
|
secrets = {
|
||||||
|
"valheim/server/password" = opts;
|
||||||
|
"valheim/admins/admin_1" = opts;
|
||||||
|
"valheim/admins/admin_2" = opts;
|
||||||
|
"valheim/admins/admin_3" = opts;
|
||||||
|
};
|
||||||
|
|
||||||
|
templates."valheim-env".content =
|
||||||
|
let
|
||||||
|
placeholder = config.sops.placeholder;
|
||||||
|
in
|
||||||
|
/*sh*/ ''
|
||||||
|
SERVER_PASS=${placeholder."valheim/server/password"}
|
||||||
|
ADMINLIST_IDS=${placeholder."valheim/admins/admin_1"} ${placeholder."valheim/admins/admin_2"} ${placeholder."valheim/admins/admin_3"}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.tmpfiles.settings."podman-${name}".${base_dir}.d = {
|
||||||
|
group = config.profile.user.name;
|
||||||
|
mode = "0755";
|
||||||
|
user = config.profile.user.name;
|
||||||
|
};
|
||||||
|
|
||||||
|
virtualisation.oci-containers.containers.${name} =
|
||||||
|
{
|
||||||
|
inherit image;
|
||||||
|
hostname = name;
|
||||||
|
autoStart = true;
|
||||||
|
ports = [
|
||||||
|
"2456:2456/udp"
|
||||||
|
"2457:2457/udp"
|
||||||
|
];
|
||||||
|
volumes = [
|
||||||
|
"${base_dir}/config:/config"
|
||||||
|
"${base_dir}/data:/opt/valheim"
|
||||||
|
];
|
||||||
|
environment = {
|
||||||
|
TZ = "Asia/Jakarta";
|
||||||
|
SERVER_NAME = "Three Musketeers";
|
||||||
|
WORLD_NAME = "Bebas";
|
||||||
|
STATUS_HTTP = "true";
|
||||||
|
PUID = uid;
|
||||||
|
PGID = gid;
|
||||||
|
};
|
||||||
|
extraOptions = [
|
||||||
|
"--network=podman"
|
||||||
|
"--ip=${ip}"
|
||||||
|
"--cap-add=sys_nice"
|
||||||
|
];
|
||||||
|
environmentFiles = [
|
||||||
|
config.sops.templates."valheim-env".path
|
||||||
|
];
|
||||||
|
labels = {
|
||||||
|
"io.containers.autoupdate" = "registry";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -17,29 +17,35 @@ in
|
||||||
reverse_proxy 192.168.100.1
|
reverse_proxy 192.168.100.1
|
||||||
'';
|
'';
|
||||||
|
|
||||||
services.caddy.virtualHosts."hosts.tigor.web.id".extraConfig =
|
services.caddy.virtualHosts."tigor.web.id".extraConfig =
|
||||||
let
|
let
|
||||||
domains = attrsets.mapAttrsToList (name: _: strings.removePrefix "https://" name) config.services.caddy.virtualHosts;
|
domains = attrsets.mapAttrsToList (name: _: strings.removePrefix "https://" name) config.services.caddy.virtualHosts;
|
||||||
sortedDomains = lists.sort (a: b: a < b) domains;
|
sortedDomains = lists.sort (a: b: a < b) domains;
|
||||||
list = map (domain: /*html*/ ''<div class="col col-sm-6 col-md-4 col-lg-3"><a href="https://${domain}">${domain}</a></div>'') sortedDomains;
|
list = map
|
||||||
|
(domain: /*html*/ ''
|
||||||
|
<div class="col-12 col-sm-6 col-md-4 col-lg-3 text-center align-middle">
|
||||||
|
<a href="https://${domain}">${domain}</a>
|
||||||
|
</div>'')
|
||||||
|
sortedDomains;
|
||||||
items = strings.concatStringsSep "\n" list;
|
items = strings.concatStringsSep "\n" list;
|
||||||
html = /*html*/ ''<!DOCTYPE html>
|
html = /*html*/
|
||||||
<html>
|
''<!DOCTYPE html>
|
||||||
<head>
|
<html>
|
||||||
<title>Hosted Sites</title>
|
<head>
|
||||||
<link
|
<title>Hosted Sites</title>
|
||||||
rel="stylesheet"
|
<link
|
||||||
href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css"
|
rel="stylesheet"
|
||||||
integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH"
|
href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css"
|
||||||
crossorigin="anonymous">
|
integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH"
|
||||||
</head>
|
crossorigin="anonymous">
|
||||||
<body class="container">
|
</head>
|
||||||
<h1 class="text-center">Hosted Sites</h1>
|
<body class="container">
|
||||||
<div class="row g-2">
|
<h1 class="text-center">Hosted Sites</h1>
|
||||||
${items}
|
<div class="row g-4">
|
||||||
</div>
|
${items}
|
||||||
</body>
|
</div>
|
||||||
</html>'';
|
</body>
|
||||||
|
</html>'';
|
||||||
in
|
in
|
||||||
''
|
''
|
||||||
header Content-Type text/html
|
header Content-Type text/html
|
||||||
|
|
154
system/services/telemetry/alloy.nix
Normal file
154
system/services/telemetry/alloy.nix
Normal file
|
@ -0,0 +1,154 @@
|
||||||
|
{ config, lib, inputs, unstable, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.profile.services.telemetry.alloy;
|
||||||
|
webguiListenAddress = "0.0.0.0:5319";
|
||||||
|
domain = "alloy.tigor.web.id";
|
||||||
|
inherit (lib.strings) optionalString;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
# Grafana Alloy is still in unstable options.
|
||||||
|
"${inputs.nixpkgs-unstable}/nixos/modules/services/monitoring/alloy.nix"
|
||||||
|
];
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
services.alloy = {
|
||||||
|
enable = true;
|
||||||
|
extraFlags = [
|
||||||
|
''--server.http.listen-addr=${webguiListenAddress}''
|
||||||
|
];
|
||||||
|
package = unstable.grafana-alloy;
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
sops = {
|
||||||
|
secrets =
|
||||||
|
let
|
||||||
|
opts = { };
|
||||||
|
in
|
||||||
|
{
|
||||||
|
"caddy/basic_auth/username" = opts;
|
||||||
|
"caddy/basic_auth/password" = opts;
|
||||||
|
};
|
||||||
|
templates = {
|
||||||
|
"alloy-basic-auth".content = /*sh*/ ''
|
||||||
|
ALLOY_USERNAME=${config.sops.placeholder."caddy/basic_auth/username"}
|
||||||
|
ALLOY_PASSWORD=${config.sops.placeholder."caddy/basic_auth/password"}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
||||||
|
@require_auth not remote_ip private_ranges
|
||||||
|
|
||||||
|
basicauth @require_auth {
|
||||||
|
{$ALLOY_USERNAME} {$ALLOY_PASSWORD}
|
||||||
|
}
|
||||||
|
|
||||||
|
reverse_proxy ${webguiListenAddress}
|
||||||
|
'';
|
||||||
|
|
||||||
|
systemd.services.caddy.serviceConfig.EnvironmentFile = [
|
||||||
|
config.sops.templates."alloy-basic-auth".path
|
||||||
|
];
|
||||||
|
|
||||||
|
|
||||||
|
environment.etc."alloy/config.alloy".text =
|
||||||
|
let
|
||||||
|
lokiConfig = config.services.loki.configuration;
|
||||||
|
tempoServer = config.services.tempo.settings.server;
|
||||||
|
mimirServer = config.services.mimir.configuration.server;
|
||||||
|
in
|
||||||
|
/*hcl*/ ''
|
||||||
|
otelcol.receiver.otlp "homeserver" {
|
||||||
|
grpc {
|
||||||
|
endpoint = "0.0.0.0:5317"
|
||||||
|
}
|
||||||
|
|
||||||
|
http {
|
||||||
|
endpoint = "0.0.0.0:5318"
|
||||||
|
}
|
||||||
|
|
||||||
|
output {
|
||||||
|
metrics = [otelcol.processor.batch.default.input]
|
||||||
|
logs = [otelcol.processor.batch.default.input]
|
||||||
|
traces = [otelcol.processor.batch.default.input]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
otelcol.processor.batch "default" {
|
||||||
|
output {
|
||||||
|
metrics = [otelcol.exporter.prometheus.mimir.input]
|
||||||
|
logs = [otelcol.exporter.loki.default.input]
|
||||||
|
traces = [otelcol.exporter.otlp.tempo.input]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
otelcol.exporter.loki "default" {
|
||||||
|
forward_to = [loki.write.default.receiver]
|
||||||
|
}
|
||||||
|
|
||||||
|
otelcol.exporter.prometheus "mimir" {
|
||||||
|
forward_to = [prometheus.remote_write.mimir.receiver]
|
||||||
|
}
|
||||||
|
|
||||||
|
loki.write "default" {
|
||||||
|
endpoint {
|
||||||
|
url = "http://${lokiConfig.server.http_listen_address}:${toString lokiConfig.server.http_listen_port}/loki/api/v1/push"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
loki.relabel "journal" {
|
||||||
|
forward_to = []
|
||||||
|
rule {
|
||||||
|
source_labels = ["__journal__systemd_unit"]
|
||||||
|
target_label = "unit"
|
||||||
|
}
|
||||||
|
rule {
|
||||||
|
source_labels = ["__journal__hostname"]
|
||||||
|
target_label = "host"
|
||||||
|
}
|
||||||
|
rule {
|
||||||
|
source_labels = [ "__journal__systemd_user_unit" ]
|
||||||
|
target_label = "user_unit"
|
||||||
|
}
|
||||||
|
rule {
|
||||||
|
source_labels = [ "__journal__transport" ]
|
||||||
|
target_label = "transport"
|
||||||
|
}
|
||||||
|
rule {
|
||||||
|
source_labels = [ "__journal_priority_keyword" ]
|
||||||
|
target_label = "severity"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
loki.source.journal "read" {
|
||||||
|
forward_to = [loki.write.default.receiver]
|
||||||
|
relabel_rules = loki.relabel.journal.rules
|
||||||
|
labels = {
|
||||||
|
job = "systemd-journal",
|
||||||
|
component = "loki.source.journal",
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
otelcol.exporter.otlp "tempo" {
|
||||||
|
client {
|
||||||
|
endpoint = "${tempoServer.http_listen_address}:${toString tempoServer.http_listen_port}"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
prometheus.exporter.unix "system" {}
|
||||||
|
|
||||||
|
prometheus.scrape "system" {
|
||||||
|
targets = prometheus.exporter.unix.system.targets
|
||||||
|
forward_to = [prometheus.remote_write.mimir.receiver]
|
||||||
|
}
|
||||||
|
|
||||||
|
prometheus.remote_write "mimir" {
|
||||||
|
endpoint {
|
||||||
|
url = "http://${mimirServer.http_listen_address}:${toString mimirServer.http_listen_port}/api/v1/push"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
|
@ -4,5 +4,7 @@
|
||||||
./grafana.nix
|
./grafana.nix
|
||||||
./loki.nix
|
./loki.nix
|
||||||
./tempo.nix
|
./tempo.nix
|
||||||
|
./alloy.nix
|
||||||
|
./mimir.nix
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -39,74 +39,6 @@ in
|
||||||
reverse_proxy ${server.http_listen_address}:${toString server.http_listen_port}
|
reverse_proxy ${server.http_listen_address}:${toString server.http_listen_port}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
|
|
||||||
systemd.tmpfiles.settings = {
|
|
||||||
"promtail-dir" = {
|
|
||||||
"/var/lib/promtail" = {
|
|
||||||
d = {
|
|
||||||
group = "promtail";
|
|
||||||
mode = "0755";
|
|
||||||
user = "promtail";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.promtail = {
|
|
||||||
enable = true;
|
|
||||||
configuration = {
|
|
||||||
server = {
|
|
||||||
http_listen_port = 3031;
|
|
||||||
grpc_listen_port = 0;
|
|
||||||
};
|
|
||||||
clients = [
|
|
||||||
{
|
|
||||||
url = "http://${server.http_listen_address}:${toString server.http_listen_port}/loki/api/v1/push";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
positions = {
|
|
||||||
filename = "/var/lib/promtail/positions.yaml";
|
|
||||||
};
|
|
||||||
scrape_configs = [
|
|
||||||
{
|
|
||||||
job_name = "systemd-journal";
|
|
||||||
relabel_configs = [
|
|
||||||
{
|
|
||||||
source_labels = [ "__journal__hostname" ];
|
|
||||||
target_label = "host";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
source_labels = [ "__journal__systemd_unit" ];
|
|
||||||
target_label = "systemd_unit";
|
|
||||||
regex = ''(.+)'';
|
|
||||||
}
|
|
||||||
{
|
|
||||||
source_labels = [ "__journal__systemd_user_unit" ];
|
|
||||||
target_label = "systemd_user_unit";
|
|
||||||
regex = ''(.+)'';
|
|
||||||
}
|
|
||||||
{
|
|
||||||
source_labels = [ "__journal__transport" ];
|
|
||||||
target_label = "transport";
|
|
||||||
regex = ''(.+)'';
|
|
||||||
}
|
|
||||||
{
|
|
||||||
source_labels = [ "__journal_priority_keyword" ];
|
|
||||||
target_label = "severity";
|
|
||||||
regex = ''(.+)'';
|
|
||||||
}
|
|
||||||
];
|
|
||||||
journal = {
|
|
||||||
labels = {
|
|
||||||
job = "systemd-journal";
|
|
||||||
};
|
|
||||||
path = "/var/log/journal";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
services.loki =
|
services.loki =
|
||||||
let
|
let
|
||||||
dataDir = config.services.loki.dataDir;
|
dataDir = config.services.loki.dataDir;
|
||||||
|
|
120
system/services/telemetry/mimir.nix
Normal file
120
system/services/telemetry/mimir.nix
Normal file
|
@ -0,0 +1,120 @@
|
||||||
|
{ config, lib, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.profile.services.telemetry.mimir;
|
||||||
|
inherit (lib) mkIf;
|
||||||
|
baseDir = "/var/lib/mimir";
|
||||||
|
domain = "mimir.tigor.web.id";
|
||||||
|
in
|
||||||
|
{
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
sops = {
|
||||||
|
secrets =
|
||||||
|
let
|
||||||
|
opts = { };
|
||||||
|
in
|
||||||
|
{
|
||||||
|
"caddy/basic_auth/username" = opts;
|
||||||
|
"caddy/basic_auth/password" = opts;
|
||||||
|
};
|
||||||
|
templates = {
|
||||||
|
"mimir-basic-auth".content = /*sh*/ ''
|
||||||
|
MIMIR_USERNAME=${config.sops.placeholder."caddy/basic_auth/username"}
|
||||||
|
MIMIR_PASSWORD=${config.sops.placeholder."caddy/basic_auth/password"}
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.services."caddy".serviceConfig = {
|
||||||
|
EnvironmentFile = [ config.sops.templates."mimir-basic-auth".path ];
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
services.caddy.virtualHosts.${domain}.extraConfig =
|
||||||
|
let
|
||||||
|
mimirServerConfig = config.services.mimir.configuration.server;
|
||||||
|
hostAddress = "${mimirServerConfig.http_listen_address}:${toString mimirServerConfig.http_listen_port}";
|
||||||
|
in
|
||||||
|
''
|
||||||
|
@require_auth not remote_ip private_ranges
|
||||||
|
|
||||||
|
basicauth @require_auth {
|
||||||
|
{$ALLOY_USERNAME} {$ALLOY_PASSWORD}
|
||||||
|
}
|
||||||
|
|
||||||
|
reverse_proxy ${hostAddress}
|
||||||
|
'';
|
||||||
|
|
||||||
|
services.mimir = {
|
||||||
|
enable = true;
|
||||||
|
configuration = {
|
||||||
|
multitenancy_enabled = false;
|
||||||
|
server = {
|
||||||
|
http_listen_address = "0.0.0.0";
|
||||||
|
http_listen_port = 4400;
|
||||||
|
grpc_listen_port = 4401;
|
||||||
|
};
|
||||||
|
|
||||||
|
common = {
|
||||||
|
storage = {
|
||||||
|
backend = "filesystem";
|
||||||
|
filesystem.dir = "${baseDir}/metrics";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
blocks_storage = {
|
||||||
|
backend = "filesystem";
|
||||||
|
bucket_store.sync_dir = "${baseDir}/tsdb-sync";
|
||||||
|
filesystem.dir = "${baseDir}/data/tsdb";
|
||||||
|
tsdb.dir = "${baseDir}/tsdb";
|
||||||
|
};
|
||||||
|
|
||||||
|
compactor = {
|
||||||
|
data_dir = "${baseDir}/data/compactor";
|
||||||
|
sharding_ring.kvstore.store = "memberlist";
|
||||||
|
};
|
||||||
|
|
||||||
|
distributor = {
|
||||||
|
ring = {
|
||||||
|
instance_addr = "127.0.0.1";
|
||||||
|
kvstore.store = "memberlist";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
ingester = {
|
||||||
|
ring = {
|
||||||
|
instance_addr = "127.0.0.1";
|
||||||
|
kvstore.store = "memberlist";
|
||||||
|
replication_factor = 1;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
ruler_storage = {
|
||||||
|
backend = "filesystem";
|
||||||
|
filesystem.dir = "${baseDir}/data/rules";
|
||||||
|
};
|
||||||
|
|
||||||
|
store_gateway.sharding_ring.replication_factor = 1;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.grafana.provision.datasources.settings.datasources =
|
||||||
|
let
|
||||||
|
server = config.services.mimir.configuration.server;
|
||||||
|
in
|
||||||
|
[
|
||||||
|
{
|
||||||
|
name = "Mimir";
|
||||||
|
type = "prometheus";
|
||||||
|
uid = "mimir";
|
||||||
|
access = "proxy";
|
||||||
|
url = "http://${server.http_listen_address}:${toString server.http_listen_port}/prometheus";
|
||||||
|
basicAuth = false;
|
||||||
|
jsonData = {
|
||||||
|
httpMethod = "POST";
|
||||||
|
prometheusType = "Mimir";
|
||||||
|
timeout = 30;
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
|
@ -34,11 +34,13 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
||||||
basicauth {
|
@require_auth not remote_ip private_ranges
|
||||||
|
|
||||||
|
basicauth @require_auth {
|
||||||
{$TEMPO_USERNAME} {$TEMPO_PASSWORD}
|
{$TEMPO_USERNAME} {$TEMPO_PASSWORD}
|
||||||
}
|
}
|
||||||
|
|
||||||
reverse_proxy ${server.http_listen_address}:${toString server.http_listen_port}
|
reverse_proxy ${server.http_listen_address}:3200
|
||||||
'';
|
'';
|
||||||
|
|
||||||
services.tempo = {
|
services.tempo = {
|
||||||
|
|
Loading…
Reference in a new issue