nix fmt
This commit is contained in:
parent
200063fcb1
commit
7a6510a4e6
196 changed files with 3111 additions and 1771 deletions
|
@ -1,18 +1,15 @@
|
|||
name: Build all NixOS Configurations
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- "**"
|
||||
schedule:
|
||||
- cron: "30 2/6 * * *" # not to frequent, GitHub only allows a few pulls per hour
|
||||
|
||||
jobs:
|
||||
nix build:
|
||||
runs-on: native
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
- name: update nix flakes
|
||||
if: ${{ github.event_name == 'schedule' }}
|
||||
# we need to use our ssh key here because we need access to private flakes
|
||||
|
@ -30,7 +27,6 @@ jobs:
|
|||
echo $SSH_AGENT_PID
|
||||
kill $SSH_AGENT_PID
|
||||
rm .ssh_key
|
||||
|
||||
- name: nix flake archive/check
|
||||
# we need to use our ssh key here because we need access to private flakes
|
||||
run: |
|
||||
|
@ -48,22 +44,16 @@ jobs:
|
|||
echo $SSH_AGENT_PID
|
||||
kill $SSH_AGENT_PID
|
||||
rm .ssh_key
|
||||
|
||||
- name: nix build orbi
|
||||
run: nix build .#nixosConfigurations.orbi.config.system.build.toplevel
|
||||
|
||||
- name: nix build cream
|
||||
run: nix build .#nixosConfigurations.cream.config.system.build.toplevel
|
||||
|
||||
- name: nix build cherry
|
||||
run: nix build .#nixosConfigurations.cherry.config.system.build.toplevel
|
||||
|
||||
- name: nix build chungus
|
||||
run: nix build .#nixosConfigurations.chungus.config.system.build.toplevel
|
||||
|
||||
- name: nix build usbstick
|
||||
run: nix build .#nixosConfigurations.usbstick.config.system.build.toplevel
|
||||
|
||||
- name: commit & push
|
||||
if: ${{ github.event_name == 'schedule' }}
|
||||
# only if all nix builds are fine we update our branch
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
{
|
||||
|
||||
|
|
|
@ -14,5 +14,4 @@
|
|||
./yubikey.nix
|
||||
];
|
||||
|
||||
|
||||
}
|
||||
|
|
|
@ -1,5 +1,10 @@
|
|||
# TODO test `alsactl init` after suspend to reinit mic
|
||||
{ pkgs, config, lib, ... }:
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
{
|
||||
options.components.gui.audio.enable = mkOption {
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
{
|
||||
options.components.gui = {
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
{
|
||||
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
{
|
||||
|
||||
options.components.gui.kmonad.enable = lib.mkOption {
|
||||
|
@ -79,9 +84,21 @@
|
|||
|
||||
in
|
||||
{
|
||||
nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [ "lctl" "lmet" "lalt" ];
|
||||
dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [ "lctl" "lmet" "lalt" ];
|
||||
uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [ "lctl" "lmet" "lalt" ];
|
||||
nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [
|
||||
"lctl"
|
||||
"lmet"
|
||||
"lalt"
|
||||
];
|
||||
dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [
|
||||
"lctl"
|
||||
"lmet"
|
||||
"lalt"
|
||||
];
|
||||
uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [
|
||||
"lctl"
|
||||
"lmet"
|
||||
"lalt"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,6 +1,11 @@
|
|||
# notify me when a command is finished
|
||||
# todo : secret managment is shit
|
||||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
{
|
||||
options.components.gui.noti.enable = mkOption {
|
||||
|
|
|
@ -1,11 +1,17 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
let
|
||||
|
||||
# desktop file
|
||||
# ------------
|
||||
# makes it possible to be used by other programs
|
||||
desktopFile = name: bin:
|
||||
desktopFile =
|
||||
name: bin:
|
||||
pkgs.writeTextFile {
|
||||
name = "${name}.desktop";
|
||||
destination = "/share/applications/${name}.desktop";
|
||||
|
@ -34,7 +40,9 @@ in
|
|||
environment.systemPackages = [
|
||||
(pkgs.pass.withExtensions (ext: [ ext.pass-otp ]))
|
||||
# todo : use upstream desktop file creator
|
||||
(desktopFile "passmenu" "${pkgs.pass.withExtensions (ext: [ext.pass-otp])}/bin/passmenu --type -l 10")
|
||||
(desktopFile "passmenu" "${
|
||||
pkgs.pass.withExtensions (ext: [ ext.pass-otp ])
|
||||
}/bin/passmenu --type -l 10")
|
||||
|
||||
pkgs.otpmenu
|
||||
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
{
|
||||
options.components.gui.steam.enable = mkOption {
|
||||
|
@ -22,7 +27,12 @@ with lib;
|
|||
isSystemUser = true;
|
||||
home = "/home/steam";
|
||||
createHome = true;
|
||||
extraGroups = [ "audio" "input" "video" "pipewire" ];
|
||||
extraGroups = [
|
||||
"audio"
|
||||
"input"
|
||||
"video"
|
||||
"pipewire"
|
||||
];
|
||||
group = "steam";
|
||||
shell = pkgs.bashInteractive;
|
||||
};
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
{
|
||||
options.components.gui.suspend.enable = mkOption {
|
||||
|
@ -13,13 +18,11 @@ with lib;
|
|||
requiredBy = [ "sleep.target" ];
|
||||
environment =
|
||||
let
|
||||
display =
|
||||
if (config.services.xserver.display != null) then
|
||||
config.services.xserver.display
|
||||
else
|
||||
0;
|
||||
display = if (config.services.xserver.display != null) then config.services.xserver.display else 0;
|
||||
in
|
||||
{ DISPLAY = ":${toString display}"; };
|
||||
{
|
||||
DISPLAY = ":${toString display}";
|
||||
};
|
||||
script = ''
|
||||
${pkgs.xlockmore}/bin/xlock -mode life1d -size 1 &
|
||||
sleep 1
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
{
|
||||
options.components.gui.vscode.enable = mkOption {
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
{
|
||||
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
{
|
||||
|
||||
|
@ -78,4 +83,3 @@ with lib;
|
|||
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ lib, pkgs, config, ... }:
|
||||
{
|
||||
lib,
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
let
|
||||
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
with types;
|
||||
let
|
||||
|
@ -6,15 +11,10 @@ let
|
|||
cfg = config.components.mainUser;
|
||||
|
||||
# todo : use optionalList
|
||||
dockerGroup =
|
||||
if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
|
||||
dockerGroup = if (config.virtualisation.docker.enable) then [ "docker" ] else [ ];
|
||||
|
||||
# todo : use optionalList
|
||||
vboxGroup =
|
||||
if (config.virtualisation.virtualbox.host.enable) then
|
||||
[ "vboxusers" ]
|
||||
else
|
||||
[ ];
|
||||
vboxGroup = if (config.virtualisation.virtualbox.host.enable) then [ "vboxusers" ] else [ ];
|
||||
|
||||
in
|
||||
{
|
||||
|
@ -73,8 +73,16 @@ in
|
|||
uid = cfg.uid;
|
||||
home = "/home/${cfg.userName}";
|
||||
initialPassword = cfg.userName;
|
||||
extraGroups = [ "wheel" "networkmanager" "transmission" "wireshark" "audio" "pipewire" "input" "dialout" ]
|
||||
++ dockerGroup ++ vboxGroup ++ cfg.extraGroups;
|
||||
extraGroups = [
|
||||
"wheel"
|
||||
"networkmanager"
|
||||
"transmission"
|
||||
"wireshark"
|
||||
"audio"
|
||||
"pipewire"
|
||||
"input"
|
||||
"dialout"
|
||||
] ++ dockerGroup ++ vboxGroup ++ cfg.extraGroups;
|
||||
openssh.authorizedKeys.keyFiles = cfg.authorizedKeyFiles;
|
||||
group = config.users.groups.mainUser.name;
|
||||
};
|
||||
|
|
|
@ -4,7 +4,12 @@
|
|||
# * connect via mixxx to it.
|
||||
# * add the podcast to mpd in the same network
|
||||
# --------------------------------------------------
|
||||
{ pkgs, config, lib, ... }:
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
|
||||
let
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
{
|
||||
|
||||
|
|
|
@ -1,31 +1,35 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
|
||||
with lib;
|
||||
|
||||
let
|
||||
obs-cmd = pkgs.rustPlatform.buildRustPackage
|
||||
rec {
|
||||
pname = "obs-cmd";
|
||||
version = "v0.15.2";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "grigio";
|
||||
repo = "obs-cmd";
|
||||
rev = version;
|
||||
sha256 = "sha256-RRkP0QLWcJLKv8oqESjMgHGW1QScANG7+fzR/rwSyDI=";
|
||||
};
|
||||
|
||||
cargoSha256 = "sha256-JqR7MAt2VNEnZGbn+hExtFG6F7X0KhFM1n7GZ+QaHc0=";
|
||||
#cargoSha256 = fakeSha256;
|
||||
|
||||
meta = with lib; {
|
||||
description = "a minimal obs CLI for obs-websocket v5";
|
||||
homepage = "https://github.com/grigio/obs-cmd";
|
||||
license = licenses.mit;
|
||||
maintainers = [ maintainers.mrVanDalo ];
|
||||
platforms = platforms.all;
|
||||
};
|
||||
obs-cmd = pkgs.rustPlatform.buildRustPackage rec {
|
||||
pname = "obs-cmd";
|
||||
version = "v0.15.2";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "grigio";
|
||||
repo = "obs-cmd";
|
||||
rev = version;
|
||||
sha256 = "sha256-RRkP0QLWcJLKv8oqESjMgHGW1QScANG7+fzR/rwSyDI=";
|
||||
};
|
||||
|
||||
cargoSha256 = "sha256-JqR7MAt2VNEnZGbn+hExtFG6F7X0KhFM1n7GZ+QaHc0=";
|
||||
#cargoSha256 = fakeSha256;
|
||||
|
||||
meta = with lib; {
|
||||
description = "a minimal obs CLI for obs-websocket v5";
|
||||
homepage = "https://github.com/grigio/obs-cmd";
|
||||
license = licenses.mit;
|
||||
maintainers = [ maintainers.mrVanDalo ];
|
||||
platforms = platforms.all;
|
||||
};
|
||||
};
|
||||
|
||||
# Lassulus streaming setup
|
||||
# -------------------------
|
||||
# ffmpeg \
|
||||
|
@ -53,7 +57,12 @@ let
|
|||
name = "screen-keys";
|
||||
paths =
|
||||
let
|
||||
screenKeyScript = { position ? "bottom", size ? "small", ... }:
|
||||
screenKeyScript =
|
||||
{
|
||||
position ? "bottom",
|
||||
size ? "small",
|
||||
...
|
||||
}:
|
||||
pkgs.writeShellScriptBin "screenkeys-${position}-${size}" # sh
|
||||
''
|
||||
${pkgs.screenkey}/bin/screenkey \
|
||||
|
@ -65,27 +74,41 @@ let
|
|||
"$@"
|
||||
'';
|
||||
in
|
||||
lib.flatten (lib.flip map [ "large" "small" "medium" ] (size:
|
||||
lib.flip map [ "top" "center" "bottom" ]
|
||||
(position: screenKeyScript { inherit size position; })));
|
||||
lib.flatten (
|
||||
lib.flip map
|
||||
[
|
||||
"large"
|
||||
"small"
|
||||
"medium"
|
||||
]
|
||||
(
|
||||
size:
|
||||
lib.flip map [
|
||||
"top"
|
||||
"center"
|
||||
"bottom"
|
||||
] (position: screenKeyScript { inherit size position; })
|
||||
)
|
||||
);
|
||||
};
|
||||
|
||||
|
||||
mpvReview =
|
||||
let
|
||||
moveToDir = key: dir: pkgs.writeText "move-with-${key}.lua" ''
|
||||
tmp_dir = "${dir}"
|
||||
moveToDir =
|
||||
key: dir:
|
||||
pkgs.writeText "move-with-${key}.lua" ''
|
||||
tmp_dir = "${dir}"
|
||||
|
||||
function move_current_track_${key}()
|
||||
track = mp.get_property("path")
|
||||
os.execute("mkdir -p '" .. tmp_dir .. "'")
|
||||
os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
|
||||
print("moved '" .. track .. "' to " .. tmp_dir)
|
||||
mp.command("playlist-next")
|
||||
end
|
||||
function move_current_track_${key}()
|
||||
track = mp.get_property("path")
|
||||
os.execute("mkdir -p '" .. tmp_dir .. "'")
|
||||
os.execute("mv '" .. track .. "' '" .. tmp_dir .. "'")
|
||||
print("moved '" .. track .. "' to " .. tmp_dir)
|
||||
mp.command("playlist-next")
|
||||
end
|
||||
|
||||
mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
|
||||
'';
|
||||
mp.add_key_binding("${key}", "move_current_track_${key}", move_current_track_${key})
|
||||
'';
|
||||
delete = moveToDir "D" "./.graveyard";
|
||||
good = moveToDir "G" "./.good";
|
||||
in
|
||||
|
@ -110,7 +133,6 @@ in
|
|||
|
||||
config = mkIf (config.components.media.video.enable) {
|
||||
|
||||
|
||||
home-manager.sharedModules = [
|
||||
{
|
||||
programs.obs-studio = {
|
||||
|
@ -123,7 +145,6 @@ in
|
|||
}
|
||||
];
|
||||
|
||||
|
||||
boot.kernelModules = [ "v4l2loopback" ];
|
||||
boot.extraModulePackages = [ pkgs.linuxPackages.v4l2loopback ];
|
||||
|
||||
|
@ -137,7 +158,6 @@ in
|
|||
alphaSafe
|
||||
sanitizeFolder
|
||||
|
||||
|
||||
# obs studio stuff
|
||||
obs-cli
|
||||
v4l-utils
|
||||
|
@ -154,8 +174,6 @@ in
|
|||
handbrake
|
||||
ffmpeg-full
|
||||
|
||||
|
||||
];
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -33,7 +33,7 @@ in
|
|||
services.promtail = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
server. disable = true;
|
||||
server.disable = true;
|
||||
positions.filename = "/var/cache/promtail/positions.yaml";
|
||||
|
||||
clients = [
|
||||
|
@ -49,7 +49,15 @@ in
|
|||
_end = ''{{ end }}'';
|
||||
elseblock = index: replacement: "${_elseif index}${_replace index replacement}";
|
||||
ifblock = index: replacement: "${_if index}${_replace index replacement}";
|
||||
createTemplateLine = list: "${concatStrings (imap0 (index: replacement: if index == 0 then ifblock index replacement else elseblock index replacement) list)}${_end}";
|
||||
createTemplateLine =
|
||||
list:
|
||||
"${
|
||||
concatStrings (
|
||||
imap0 (
|
||||
index: replacement: if index == 0 then ifblock index replacement else elseblock index replacement
|
||||
) list
|
||||
)
|
||||
}${_end}";
|
||||
in
|
||||
[
|
||||
{
|
||||
|
@ -117,36 +125,35 @@ in
|
|||
}
|
||||
{
|
||||
# Map facility to human readable
|
||||
template =
|
||||
{
|
||||
source = "facility_label";
|
||||
template = createTemplateLine [
|
||||
"kern" # Kernel messages
|
||||
"user" # User-level messages
|
||||
"mail" # Mail system Archaic POSIX still supported and sometimes used (for more mail(1))
|
||||
"daemon" # System daemons All daemons, including systemd and its subsystems
|
||||
"auth" # Security/authorization messages Also watch for different facility 10
|
||||
"syslog" # Messages generated internally by syslogd For syslogd implementations (not used by systemd, see facility 3)
|
||||
"lpr" # Line printer subsystem (archaic subsystem)
|
||||
"news" # Network news subsystem (archaic subsystem)
|
||||
"uucp" # UUCP subsystem (archaic subsystem)
|
||||
"clock" # Clock daemon systemd-timesyncd
|
||||
"authpriv" # Security/authorization messages Also watch for different facility 4
|
||||
"ftp" # FTP daemon
|
||||
"-" # NTP subsystem
|
||||
"-" # Log audit
|
||||
"-" # Log alert
|
||||
"cron" # Scheduling daemon
|
||||
"local0" # Local use 0 (local0)
|
||||
"local1" # Local use 1 (local1)
|
||||
"local2" # Local use 2 (local2)
|
||||
"local3" # Local use 3 (local3)
|
||||
"local4" # Local use 4 (local4)
|
||||
"local5" # Local use 5 (local5)
|
||||
"local6" # Local use 6 (local6)
|
||||
"local7" # Local use 7 (local7)
|
||||
];
|
||||
};
|
||||
template = {
|
||||
source = "facility_label";
|
||||
template = createTemplateLine [
|
||||
"kern" # Kernel messages
|
||||
"user" # User-level messages
|
||||
"mail" # Mail system Archaic POSIX still supported and sometimes used (for more mail(1))
|
||||
"daemon" # System daemons All daemons, including systemd and its subsystems
|
||||
"auth" # Security/authorization messages Also watch for different facility 10
|
||||
"syslog" # Messages generated internally by syslogd For syslogd implementations (not used by systemd, see facility 3)
|
||||
"lpr" # Line printer subsystem (archaic subsystem)
|
||||
"news" # Network news subsystem (archaic subsystem)
|
||||
"uucp" # UUCP subsystem (archaic subsystem)
|
||||
"clock" # Clock daemon systemd-timesyncd
|
||||
"authpriv" # Security/authorization messages Also watch for different facility 4
|
||||
"ftp" # FTP daemon
|
||||
"-" # NTP subsystem
|
||||
"-" # Log audit
|
||||
"-" # Log alert
|
||||
"cron" # Scheduling daemon
|
||||
"local0" # Local use 0 (local0)
|
||||
"local1" # Local use 1 (local1)
|
||||
"local2" # Local use 2 (local2)
|
||||
"local3" # Local use 3 (local3)
|
||||
"local4" # Local use 4 (local4)
|
||||
"local5" # Local use 5 (local5)
|
||||
"local6" # Local use 6 (local6)
|
||||
"local7" # Local use 7 (local7)
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
# Key is REQUIRED and the name for the label that will be created.
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
with types;
|
||||
{
|
||||
|
@ -18,9 +23,11 @@ with types;
|
|||
{
|
||||
job_name = "zfs";
|
||||
scrape_interval = "10s";
|
||||
static_configs = [{
|
||||
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" ];
|
||||
}];
|
||||
static_configs = [
|
||||
{
|
||||
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" ];
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
service.pipelines.metrics.receivers = [ "prometheus" ];
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ lib, pkgs, config, ... }:
|
||||
{
|
||||
lib,
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
with types;
|
||||
{
|
||||
|
@ -18,7 +23,7 @@ with types;
|
|||
scrape_interval = "10s";
|
||||
metrics_path = "/api/v1/allmetrics";
|
||||
params.format = [ "prometheus" ];
|
||||
static_configs = [{ targets = [ "127.0.0.1:19999" ]; }];
|
||||
static_configs = [ { targets = [ "127.0.0.1:19999" ]; } ];
|
||||
}
|
||||
];
|
||||
|
||||
|
|
|
@ -36,7 +36,7 @@ in
|
|||
job_name = "opentelemetry";
|
||||
metrics_path = "/metrics";
|
||||
scrape_interval = "10s";
|
||||
static_configs = [{ targets = [ "localhost:${toString cfg.port}" ]; }];
|
||||
static_configs = [ { targets = [ "localhost:${toString cfg.port}" ]; } ];
|
||||
}
|
||||
];
|
||||
})
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
with types;
|
||||
let
|
||||
|
@ -24,7 +29,9 @@ in
|
|||
receivers.influxdb.endpoint = "127.0.0.1:${toString cfg.influxDBPort}";
|
||||
service.pipelines.metrics.receivers = [ "influxdb" ];
|
||||
};
|
||||
services.telegraf.extraConfig.outputs.influxdb_v2.urls = [ "http://127.0.0.1:${toString cfg.influxDBPort}" ];
|
||||
services.telegraf.extraConfig.outputs.influxdb_v2.urls = [
|
||||
"http://127.0.0.1:${toString cfg.influxDBPort}"
|
||||
];
|
||||
})
|
||||
|
||||
(mkIf config.components.monitor.telegraf.enable {
|
||||
|
@ -41,7 +48,7 @@ in
|
|||
processes = { };
|
||||
system = { };
|
||||
systemd_units = { };
|
||||
ping = [{ urls = [ "10.100.0.1" ]; }]; # actually important to make machine visible over wireguard
|
||||
ping = [ { urls = [ "10.100.0.1" ]; } ]; # actually important to make machine visible over wireguard
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
with types;
|
||||
let
|
||||
|
@ -22,7 +27,10 @@ in
|
|||
description = "endpoint to ship opentelementry data too";
|
||||
};
|
||||
exporter.debug = mkOption {
|
||||
type = nullOr (enum [ "logs" "metrics" ]);
|
||||
type = nullOr (enum [
|
||||
"logs"
|
||||
"metrics"
|
||||
]);
|
||||
default = null;
|
||||
description = "enable debug exporter.";
|
||||
};
|
||||
|
@ -61,11 +69,13 @@ in
|
|||
include = ".*";
|
||||
match_type = "regexp";
|
||||
action = "update";
|
||||
operations = [{
|
||||
action = "add_label";
|
||||
new_label = "machine";
|
||||
new_value = config.networking.hostName;
|
||||
}];
|
||||
operations = [
|
||||
{
|
||||
action = "add_label";
|
||||
new_label = "machine";
|
||||
new_value = config.networking.hostName;
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
@ -85,7 +95,6 @@ in
|
|||
};
|
||||
})
|
||||
|
||||
|
||||
(mkIf (config.components.monitor.opentelemetry.exporter.debug != null) {
|
||||
services.opentelemetry-collector.settings = {
|
||||
exporters.debug = {
|
||||
|
@ -111,24 +120,26 @@ in
|
|||
})
|
||||
(mkIf
|
||||
(
|
||||
config.components.monitor.opentelemetry.exporter.endpoint != null &&
|
||||
config.components.monitor.logs.enable
|
||||
config.components.monitor.opentelemetry.exporter.endpoint != null
|
||||
&& config.components.monitor.logs.enable
|
||||
)
|
||||
{
|
||||
services.opentelemetry-collector.settings = {
|
||||
service.pipelines.logs.exporters = [ "otlp" ];
|
||||
};
|
||||
})
|
||||
}
|
||||
)
|
||||
(mkIf
|
||||
(
|
||||
config.components.monitor.opentelemetry.exporter.endpoint != null &&
|
||||
config.components.monitor.metrics.enable
|
||||
config.components.monitor.opentelemetry.exporter.endpoint != null
|
||||
&& config.components.monitor.metrics.enable
|
||||
)
|
||||
{
|
||||
services.opentelemetry-collector.settings = {
|
||||
service.pipelines.metrics.exporters = [ "otlp" ];
|
||||
};
|
||||
})
|
||||
}
|
||||
)
|
||||
|
||||
# ship from other instance
|
||||
(mkIf (config.components.monitor.opentelemetry.receiver.endpoint != null) {
|
||||
|
@ -138,26 +149,26 @@ in
|
|||
})
|
||||
(mkIf
|
||||
(
|
||||
config.components.monitor.opentelemetry.receiver.endpoint != null &&
|
||||
config.components.monitor.logs.enable
|
||||
config.components.monitor.opentelemetry.receiver.endpoint != null
|
||||
&& config.components.monitor.logs.enable
|
||||
)
|
||||
{
|
||||
services.opentelemetry-collector.settings = {
|
||||
service.pipelines.logs.receivers = [ "otlp" ];
|
||||
};
|
||||
})
|
||||
}
|
||||
)
|
||||
(mkIf
|
||||
(
|
||||
config.components.monitor.opentelemetry.receiver.endpoint != null &&
|
||||
config.components.monitor.metrics.enable
|
||||
config.components.monitor.opentelemetry.receiver.endpoint != null
|
||||
&& config.components.monitor.metrics.enable
|
||||
)
|
||||
{
|
||||
services.opentelemetry-collector.settings = {
|
||||
service.pipelines.metrics.receivers = [ "otlp" ];
|
||||
};
|
||||
})
|
||||
|
||||
|
||||
}
|
||||
)
|
||||
|
||||
# scrape opentelemetry-colectors metrics
|
||||
# todo: this should be collected another way (opentelemetry internal?)
|
||||
|
@ -169,9 +180,11 @@ in
|
|||
{
|
||||
job_name = "otelcol";
|
||||
scrape_interval = "10s";
|
||||
static_configs = [{
|
||||
targets = [ cfg.metrics.endpoint ];
|
||||
}];
|
||||
static_configs = [
|
||||
{
|
||||
targets = [ cfg.metrics.endpoint ];
|
||||
}
|
||||
];
|
||||
metric_relabel_configs = [
|
||||
{
|
||||
source_labels = [ "__name__" ];
|
||||
|
@ -195,7 +208,7 @@ in
|
|||
|
||||
};
|
||||
})
|
||||
(mkIf (! config.components.monitor.metrics.enable) {
|
||||
(mkIf (!config.components.monitor.metrics.enable) {
|
||||
services.opentelemetry-collector.settings = {
|
||||
service.telemetry.metrics.level = "none";
|
||||
};
|
||||
|
|
|
@ -1,4 +1,10 @@
|
|||
{ config, lib, pkgs, assets, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
assets,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
{
|
||||
options.components.network.nginx.enable = mkOption {
|
||||
|
@ -16,8 +22,13 @@ with lib;
|
|||
|
||||
environment.systemPackages = [
|
||||
pkgs.nginx-config-formatter
|
||||
(pkgs.writers.writePython3Bin "nginx-show-config" { flakeIgnore = [ "E265" "E225" "W292" ]; }
|
||||
(lib.fileContents "${assets}/nginx-show-config.py"))
|
||||
(pkgs.writers.writePython3Bin "nginx-show-config" {
|
||||
flakeIgnore = [
|
||||
"E265"
|
||||
"E225"
|
||||
"W292"
|
||||
];
|
||||
} (lib.fileContents "${assets}/nginx-show-config.py"))
|
||||
];
|
||||
|
||||
security.acme.defaults.email = "contact@ingolf-wagner.de";
|
||||
|
@ -85,7 +96,11 @@ with lib;
|
|||
root = pkgs.landingpage.override {
|
||||
jsonConfig =
|
||||
let
|
||||
entry = { machine, items ? [ ] }:
|
||||
entry =
|
||||
{
|
||||
machine,
|
||||
items ? [ ],
|
||||
}:
|
||||
{
|
||||
text = machine;
|
||||
items = [
|
||||
|
@ -174,14 +189,12 @@ with lib;
|
|||
{
|
||||
label = "Hetzner Cloud";
|
||||
href = "https://console.hetzner.cloud/projects";
|
||||
image =
|
||||
"https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
|
||||
image = "https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "Cups";
|
||||
href = "http://localhost:631/";
|
||||
image =
|
||||
"https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif";
|
||||
image = "https://media.giphy.com/media/7hU7x4GPurk2c/giphy.gif";
|
||||
}
|
||||
];
|
||||
}
|
||||
|
@ -191,52 +204,42 @@ with lib;
|
|||
{
|
||||
label = "NixOS Manual";
|
||||
href = "https://nixos.org/nixos/manual/";
|
||||
image =
|
||||
"https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
|
||||
image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "Nixpkgs Manual";
|
||||
href = "https://nixos.org/nixpkgs/manual/";
|
||||
image =
|
||||
"https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
|
||||
image = "https://media.giphy.com/media/dsdVyKkSqccEzoPufX/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "NixOS Reference";
|
||||
href =
|
||||
"https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library";
|
||||
image =
|
||||
"https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
|
||||
href = "https://storage.googleapis.com/files.tazj.in/nixdoc/manual.html#sec-functions-library";
|
||||
image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "Nix Packages";
|
||||
href = "https://nixos.org/nixos/packages.html";
|
||||
image =
|
||||
"https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
|
||||
image = "https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "NixOS Language specific helpers";
|
||||
href =
|
||||
"https://nixos.wiki/wiki/Language-specific_package_helpers";
|
||||
image =
|
||||
"https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
|
||||
href = "https://nixos.wiki/wiki/Language-specific_package_helpers";
|
||||
image = "https://media.giphy.com/media/LkjlH3rVETgsg/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "NixOS Weekly";
|
||||
href = "https://weekly.nixos.org/";
|
||||
image =
|
||||
"https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif";
|
||||
image = "https://media.giphy.com/media/lXiRLb0xFzmreM8k8/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "NixOS Security";
|
||||
href = "https://broken.sh/";
|
||||
image =
|
||||
"https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif";
|
||||
image = "https://media.giphy.com/media/BqILAHjH1Ttm0/giphy.gif";
|
||||
}
|
||||
{
|
||||
label = "NixOS RFCs";
|
||||
href = "https://github.com/NixOS/rfcs/";
|
||||
image =
|
||||
"https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif";
|
||||
image = "https://media.giphy.com/media/Uq9bGjGKg08M0/giphy.gif";
|
||||
}
|
||||
];
|
||||
}
|
||||
|
|
|
@ -1,4 +1,10 @@
|
|||
{ pkgs, config, lib, assets, ... }:
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
assets,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
with types;
|
||||
let
|
||||
|
@ -6,8 +12,7 @@ let
|
|||
cfg = config.components.network.sshd;
|
||||
|
||||
# maybe ascii-image-converter is also nice here
|
||||
sshBanner = pkgs.runCommand "ssh-banner"
|
||||
{ nativeBuildInputs = [ pkgs.boxes ]; } ''
|
||||
sshBanner = pkgs.runCommand "ssh-banner" { nativeBuildInputs = [ pkgs.boxes ]; } ''
|
||||
echo "${config.networking.hostName}" | boxes -d ansi -s 80x1 -a r > $out
|
||||
'';
|
||||
|
||||
|
|
|
@ -1,4 +1,10 @@
|
|||
{ pkgs, config, lib, clanLib, ... }:
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
clanLib,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
let
|
||||
publicKey = clanLib.readFact "ssh.id_ed25519.pub";
|
||||
|
|
|
@ -1,4 +1,9 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
{
|
||||
pkgs,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib;
|
||||
{
|
||||
config = mkIf (config.components.network.sshd.enable) {
|
||||
|
@ -28,65 +33,66 @@ with lib;
|
|||
};
|
||||
gitlab = {
|
||||
hostNames = [ "gitlab.com" ];
|
||||
publicKey =
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=";
|
||||
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBFSMqzJeV9rUzU4kWitGjeR4PWSa29SPqJ1fVkhtj3Hw9xjLVXVYrU9QlYWrOLXBpQ6KWjbjTDTdDkoohFzgbEY=";
|
||||
};
|
||||
gitlab-bk = {
|
||||
hostNames = [ "gitlab.bk-bund-berlin.de" "116.203.133.59" ];
|
||||
publicKey =
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw=";
|
||||
hostNames = [
|
||||
"gitlab.bk-bund-berlin.de"
|
||||
"116.203.133.59"
|
||||
];
|
||||
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBCG/sjnOlbrmpUliFtM5fmZTcm2wpUoP5OQEzFrrkkwhstCO9fMty9mp5qnKlezYA9+l78RTd218qFjSKYxTQNw=";
|
||||
};
|
||||
# space-left
|
||||
gitlabSpaceLeft = {
|
||||
hostNames = [ "git.space-left.org" ];
|
||||
publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO";
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAapztj8I3xy6Ea8A1q7Mo5C6zdgsK1bguAXcKUDCRBO";
|
||||
};
|
||||
# c-base
|
||||
"bnd-cbase" = {
|
||||
hostNames = [ "bnd.cbrp3.c-base.org" ];
|
||||
publicKey =
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E=";
|
||||
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBKDknNl4M2WZChp1N/eRIpem2AEOceGIqvjo0ptBuwxUn0w0B8MGTVqoI+pnUVypORJRoNrLPOAkmEVr32BDN3E=";
|
||||
};
|
||||
"shell.cbase" = {
|
||||
hostNames = [ "shell.c-base.org" ];
|
||||
publicKey =
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo";
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOBKBn0mZtG3KWxpFqqcog8zvdIVrZmwj+ARujuNIAfo";
|
||||
};
|
||||
"kgb.cbase" = {
|
||||
hostNames = [ "kgb.cbrp3.c-base.org" ];
|
||||
publicKey =
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8=";
|
||||
publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAdyl7fnnCqomghJ1TDbh5FWFQWFwoO1Y1U/FpmWd8a9RcQvN0Izhg/7A+7ptDxbmpVii8hqfghlqUwtvVy7jo8=";
|
||||
};
|
||||
"cns.cbase" = {
|
||||
hostNames = [ "cns.c-base.org" ];
|
||||
publicKey =
|
||||
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBO |