xun/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: xun:71153b4e28da5e524450dc9d8f44989953a71d34
Branches Tags
xun:master
..
compare: xun:1e5b58bb318a4dd51036c2e16f96d5f7c898cce0
Branches Tags
xun:master

No commits in common. "71153b4e28da5e524450dc9d8f44989953a71d34" and "1e5b58bb318a4dd51036c2e16f96d5f7c898cce0" have entirely different histories.
71153b4e28 ... 1e5b58bb31

10 changed files with 19 additions and 69 deletions
Download patch file Download diff file Expand all files Collapse all files

5
hosts/hopper/default.nix
View file

@ -45,8 +45,6 @@
nix.nix
nix.gc
services.flatpak
network.tailscale
network.avahi
network.networkd
@ -57,6 +55,9 @@
builtins.elem (lib.getName pkg) [
"nvidia-x11"
"nvidia-settings"
"stremio-shell"
"stremio-server"
];
};

1
hosts/hopper/home.nix
View file

@ -29,6 +29,7 @@
pwvucontrol
qpwgraph
stremio
moonlight-qt
];

4
hosts/hopper/profiles/lab/caddy.nix
View file

@ -21,9 +21,7 @@ in {
services.caddy = {
enable = true;
globalConfig = ''
metrics {
per_host
}
metrics
servers {
trusted_proxies static 10.0.0.1
}

32
hosts/hopper/profiles/lab/prometheus.nix
View file

@ -10,16 +10,9 @@
scrapeConfigs = [
{
job_name = "node";
static_configs = [
{
targets = ["127.0.0.1:9100"];
labels.alias = "hopper";
}
{
targets = ["rackserv:9100"];
labels.alias = "rackserv";
}
];
static_configs = lib.singleton {
targets = ["127.0.0.1:${toString config.services.prometheus.exporters.node.port}"];
};
}
{
job_name = "tailscale_client";
@ -29,16 +22,9 @@
}
{
job_name = "caddy";
static_configs = [
{
targets = ["${config.vpnNamespaces."wg".namespaceAddress}:2019"];
labels.alias = "hopper";
}
{
targets = ["rackserv:2019"];
labels.alias = "rackserv";
}
];
static_configs = lib.singleton {
targets = ["${config.vpnNamespaces."wg".namespaceAddress}:2019"];
};
}
{
job_name = "slskd";
@ -51,12 +37,6 @@
action = "drop";
};
}
{
job_name = "forgejo";
static_configs = lib.singleton {
targets = ["rackserv:9615"];
};
}
];
};

3
hosts/nixdesk/default.nix
View file

@ -118,6 +118,9 @@
"idea-ultimate"
"android-studio-stable"
"krunker"
"stremio-shell"
"stremio-server"
];
android_sdk.accept_license = true;
};

1
hosts/nixdesk/home.nix
View file

@ -144,6 +144,7 @@
picard
# media
stremio
feishin
foliate

1
hosts/rackserv/default.nix
View file

@ -14,7 +14,6 @@
./profiles/backups.nix
./profiles/caddy.nix
./profiles/forgejo.nix
./profiles/prometheus.nix
]
++ (with systemProfiles; [
core.security

28
hosts/rackserv/profiles/caddy.nix
View file

@ -22,20 +22,9 @@ in {
};
};
# systemd.services.caddy.environment.CADDY_ADMIN = "${vars.tailnet.rackserv}:2019";
services.caddy = {
enable = true;
globalConfig = ''
metrics {
per_host
}
admin :2019 {
origins 127.0.0.1 100.64.0.0/10
}
'';
virtualHosts = let
forgejoPort = toString config.services.forgejo.settings.server.HTTP_PORT;
in {
virtualHosts = {
misc = {
hostName = "${domain}";
serverAliases = ["*.${domain}"];
@ -48,21 +37,12 @@ in {
hostName = "git.${domain}";
useACMEHost = domain;
extraConfig = ''
respond /metrics 403
reverse_proxy localhost:${forgejoPort}
reverse_proxy localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}
'';
};
forgejoMetrics = {
hostName = ":9615";
other = {
extraConfig = ''
@blocked {
not {
client_ip ${vars.tailnet.hopper}
path /metrics
}
}
respond @blocked 403
reverse_proxy localhost:${forgejoPort}
respond 404
'';
};
};

5
hosts/rackserv/profiles/forgejo.nix
View file

@ -11,11 +11,6 @@
HTTP_PORT = 3000;
HTTP_ADDR = "127.0.0.1";
};
metrics = {
ENABLED = true;
ENABLED_ISSUE_BY_LABEL = true;
ENABLED_ISSUE_BY_REPOSITORY = true;
};
service.DISABLE_REGISTRATION = true;
};
};

8
hosts/rackserv/profiles/prometheus.nix
View file

@ -1,8 +0,0 @@
{
services.prometheus.exporters = {
node = {
enable = true;
enabledCollectors = ["systemd"];
};
};
}