From 2621dfa7f5175052d600180f755a8fb7ccbe6889 Mon Sep 17 00:00:00 2001 From: xunuwu Date: Thu, 19 Jun 2025 04:48:05 +0200 Subject: [PATCH 1/2] remove stremio (switch to flatpak version for 5.0 beta) --- hosts/hopper/default.nix | 5 ++--- hosts/hopper/home.nix | 1 - hosts/nixdesk/default.nix | 3 --- hosts/nixdesk/home.nix | 1 - 4 files changed, 2 insertions(+), 8 deletions(-) diff --git a/hosts/hopper/default.nix b/hosts/hopper/default.nix index 1d4a01f..c1c295f 100644 --- a/hosts/hopper/default.nix +++ b/hosts/hopper/default.nix @@ -45,6 +45,8 @@ nix.nix nix.gc + services.flatpak + network.tailscale network.avahi network.networkd @@ -55,9 +57,6 @@ builtins.elem (lib.getName pkg) [ "nvidia-x11" "nvidia-settings" - - "stremio-shell" - "stremio-server" ]; }; diff --git a/hosts/hopper/home.nix b/hosts/hopper/home.nix index 2657e9f..e9e4539 100644 --- a/hosts/hopper/home.nix +++ b/hosts/hopper/home.nix @@ -29,7 +29,6 @@ pwvucontrol qpwgraph - stremio moonlight-qt ]; diff --git a/hosts/nixdesk/default.nix b/hosts/nixdesk/default.nix index c3e0f4f..9cb67d9 100644 --- a/hosts/nixdesk/default.nix +++ b/hosts/nixdesk/default.nix @@ -118,9 +118,6 @@ "idea-ultimate" "android-studio-stable" "krunker" - - "stremio-shell" - "stremio-server" ]; android_sdk.accept_license = true; }; diff --git a/hosts/nixdesk/home.nix b/hosts/nixdesk/home.nix index cee21fd..9342a95 100644 --- a/hosts/nixdesk/home.nix +++ b/hosts/nixdesk/home.nix @@ -144,7 +144,6 @@ picard # media - stremio feishin foliate From 71153b4e28da5e524450dc9d8f44989953a71d34 Mon Sep 17 00:00:00 2001 From: xunuwu Date: Thu, 19 Jun 2025 04:48:05 +0200 Subject: [PATCH 2/2] more metrics for prometheus --- hosts/hopper/profiles/lab/caddy.nix | 4 ++- hosts/hopper/profiles/lab/prometheus.nix | 32 +++++++++++++++++++----- hosts/rackserv/default.nix | 1 + hosts/rackserv/profiles/caddy.nix | 28 ++++++++++++++++++--- hosts/rackserv/profiles/forgejo.nix | 5 ++++ hosts/rackserv/profiles/prometheus.nix | 8 ++++++ 6 files changed, 67 insertions(+), 11 deletions(-) create mode 100644 hosts/rackserv/profiles/prometheus.nix diff --git a/hosts/hopper/profiles/lab/caddy.nix b/hosts/hopper/profiles/lab/caddy.nix index 979412f..f58fc12 100644 --- a/hosts/hopper/profiles/lab/caddy.nix +++ b/hosts/hopper/profiles/lab/caddy.nix @@ -21,7 +21,9 @@ in { services.caddy = { enable = true; globalConfig = '' - metrics + metrics { + per_host + } servers { trusted_proxies static 10.0.0.1 } diff --git a/hosts/hopper/profiles/lab/prometheus.nix b/hosts/hopper/profiles/lab/prometheus.nix index 4d9a650..fdff915 100644 --- a/hosts/hopper/profiles/lab/prometheus.nix +++ b/hosts/hopper/profiles/lab/prometheus.nix @@ -10,9 +10,16 @@ scrapeConfigs = [ { job_name = "node"; - static_configs = lib.singleton { - targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"]; - }; + static_configs = [ + { + targets = ["127.0.0.1:9100"]; + labels.alias = "hopper"; + } + { + targets = ["rackserv:9100"]; + labels.alias = "rackserv"; + } + ]; } { job_name = "tailscale_client"; @@ -22,9 +29,16 @@ } { job_name = "caddy"; - static_configs = lib.singleton { - targets = ["${config.vpnNamespaces."wg".namespaceAddress}:2019"]; - }; + static_configs = [ + { + targets = ["${config.vpnNamespaces."wg".namespaceAddress}:2019"]; + labels.alias = "hopper"; + } + { + targets = ["rackserv:2019"]; + labels.alias = "rackserv"; + } + ]; } { job_name = "slskd"; @@ -37,6 +51,12 @@ action = "drop"; }; } + { + job_name = "forgejo"; + static_configs = lib.singleton { + targets = ["rackserv:9615"]; + }; + } ]; }; diff --git a/hosts/rackserv/default.nix b/hosts/rackserv/default.nix index 4090f52..a5959a4 100644 --- a/hosts/rackserv/default.nix +++ b/hosts/rackserv/default.nix @@ -14,6 +14,7 @@ ./profiles/backups.nix ./profiles/caddy.nix ./profiles/forgejo.nix + ./profiles/prometheus.nix ] ++ (with systemProfiles; [ core.security diff --git a/hosts/rackserv/profiles/caddy.nix b/hosts/rackserv/profiles/caddy.nix index 2074587..561ef96 100644 --- a/hosts/rackserv/profiles/caddy.nix +++ b/hosts/rackserv/profiles/caddy.nix @@ -22,9 +22,20 @@ in { }; }; + # systemd.services.caddy.environment.CADDY_ADMIN = "${vars.tailnet.rackserv}:2019"; services.caddy = { enable = true; - virtualHosts = { + globalConfig = '' + metrics { + per_host + } + admin :2019 { + origins 127.0.0.1 100.64.0.0/10 + } + ''; + virtualHosts = let + forgejoPort = toString config.services.forgejo.settings.server.HTTP_PORT; + in { misc = { hostName = "${domain}"; serverAliases = ["*.${domain}"]; @@ -37,12 +48,21 @@ in { hostName = "git.${domain}"; useACMEHost = domain; extraConfig = '' - reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT} + respond /metrics 403 + reverse_proxy localhost:${forgejoPort} ''; }; - other = { + forgejoMetrics = { + hostName = ":9615"; extraConfig = '' - respond 404 + @blocked { + not { + client_ip ${vars.tailnet.hopper} + path /metrics + } + } + respond @blocked 403 + reverse_proxy localhost:${forgejoPort} ''; }; }; diff --git a/hosts/rackserv/profiles/forgejo.nix b/hosts/rackserv/profiles/forgejo.nix index c0a24fa..ef2cbb8 100644 --- a/hosts/rackserv/profiles/forgejo.nix +++ b/hosts/rackserv/profiles/forgejo.nix @@ -11,6 +11,11 @@ HTTP_PORT = 3000; HTTP_ADDR = "127.0.0.1"; }; + metrics = { + ENABLED = true; + ENABLED_ISSUE_BY_LABEL = true; + ENABLED_ISSUE_BY_REPOSITORY = true; + }; service.DISABLE_REGISTRATION = true; }; }; diff --git a/hosts/rackserv/profiles/prometheus.nix b/hosts/rackserv/profiles/prometheus.nix new file mode 100644 index 0000000..1bd185c --- /dev/null +++ b/hosts/rackserv/profiles/prometheus.nix @@ -0,0 +1,8 @@ +{ + services.prometheus.exporters = { + node = { + enable = true; + enabledCollectors = ["systemd"]; + }; + }; +}