Compare commits
63 Commits
feature/cl
...
main
Author | SHA1 | Date |
---|---|---|
Ingolf Wagner | 3e17996965 | |
Ingolf Wagner | 8866476c9d | |
Ingolf Wagner | fda2ea3119 | |
Ingolf Wagner | ab4a870d0f | |
Ingolf Wagner | e825dfd9d1 | |
Ingolf Wagner | 67840babe4 | |
Ingolf Wagner | b890a69e30 | |
Ingolf Wagner | 3a4ed070f2 | |
Ingolf Wagner | 09138dc3a4 | |
Ingolf Wagner | 1b37948192 | |
Ingolf Wagner | 325f07bdd8 | |
Ingolf Wagner | 2ba782a204 | |
Ingolf Wagner | 73e8b6e77b | |
Ingolf Wagner | ded4be9f5d | |
Ingolf Wagner | 9160b34178 | |
Ingolf Wagner | a5234a2a84 | |
Ingolf Wagner | 9f6d63cabe | |
Ingolf Wagner | 5fbe52eb11 | |
Ingolf Wagner | f328d740e0 | |
Ingolf Wagner | e69fdc44d9 | |
Ingolf Wagner | 4903ab6fd9 | |
Ingolf Wagner | a7f72610d4 | |
Ingolf Wagner | 6f527173d9 | |
Ingolf Wagner | 661c350544 | |
Ingolf Wagner | fce4a39b94 | |
Ingolf Wagner | 7016ef880a | |
Ingolf Wagner | 0521dce440 | |
Ingolf Wagner | 9f3e7b698a | |
Ingolf Wagner | 4857e6a766 | |
Ingolf Wagner | 285b1a1963 | |
Ingolf Wagner | 60422a1900 | |
Ingolf Wagner | 424d9e4224 | |
Ingolf Wagner | 2859b2747d | |
Ingolf Wagner | 0aac16e831 | |
Ingolf Wagner | 2a96cc02d3 | |
Ingolf Wagner | 60140abca2 | |
Ingolf Wagner | ff2ac19279 | |
Ingolf Wagner | 4c6f37ed89 | |
Ingolf Wagner | 94dfd5c8b6 | |
Ingolf Wagner | 99dda7fc86 | |
Ingolf Wagner | 518ca37253 | |
Ingolf Wagner | 98fcb131ea | |
Ingolf Wagner | 708e93b9ba | |
Ingolf Wagner | 670ce72ce9 | |
Ingolf Wagner | 43127e2660 | |
Ingolf Wagner | 4b10d4a813 | |
Ingolf Wagner | d55efba45d | |
Ingolf Wagner | c8d75a912a | |
Ingolf Wagner | db3634eb5e | |
Ingolf Wagner | e163d452d9 | |
Ingolf Wagner | 65eac0b41c | |
Ingolf Wagner | 57771e1147 | |
Ingolf Wagner | 467a0daa6a | |
Ingolf Wagner | 0d36555a4e | |
Ingolf Wagner | 3fdec0d307 | |
Ingolf Wagner | b6d15321d2 | |
Ingolf Wagner | 81039c1f8e | |
Ingolf Wagner | 6fe2d22fc8 | |
Ingolf Wagner | fdf68b1382 | |
Ingolf Wagner | d1c723d077 | |
Ingolf Wagner | 86d22b1559 | |
Ingolf Wagner | 8da88a8ea5 | |
Ingolf Wagner | 353cb14efa |
106
flake.lock
106
flake.lock
|
@ -173,11 +173,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1711934712,
|
||||
"narHash": "sha256-sBDe+QmX/QohlnKeSEzrftcXyZL5FY09OMjZ59Rpyy4=",
|
||||
"lastModified": 1715217706,
|
||||
"narHash": "sha256-yEB5SEHc+o3WJpUPw455OdLy9A+gffvCJX8DZ7NCkuo=",
|
||||
"owner": "nix-community",
|
||||
"repo": "disko",
|
||||
"rev": "611c9ea53250f7bb22286b3d26872280a0e608f9",
|
||||
"rev": "8eb1b315eef89f3bdc5c9814d1b207c6d64f0046",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -732,11 +732,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1710888565,
|
||||
"narHash": "sha256-s9Hi4RHhc6yut4EcYD50sZWRDKsugBJHSbON8KFwoTw=",
|
||||
"lastModified": 1714043624,
|
||||
"narHash": "sha256-Xn2r0Jv95TswvPlvamCC46wwNo8ALjRCMBJbGykdhcM=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "f33900124c23c4eca5831b9b5eb32ea5894375ce",
|
||||
"rev": "86853e31dc1b62c6eeed11c667e8cdd0285d4411",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -774,11 +774,11 @@
|
|||
},
|
||||
"locked": {
|
||||
"dir": "nix",
|
||||
"lastModified": 1707655140,
|
||||
"narHash": "sha256-CP7Te/8N0ETEmxX08assyFzwymNR7FjoWJOLh7VRfEU=",
|
||||
"lastModified": 1715058553,
|
||||
"narHash": "sha256-5y87n9v8WJ921Q6hMFGIYq1g/HaZHoopTuzDk4SvrfQ=",
|
||||
"owner": "kmonad",
|
||||
"repo": "kmonad",
|
||||
"rev": "70a5e97518c87ff52be4b403d774e88c5c61e3c1",
|
||||
"rev": "8efcc8f7f7369a5e684d201c0263416db2a5df60",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -794,11 +794,11 @@
|
|||
"nixpkgs": "nixpkgs_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1669559123,
|
||||
"narHash": "sha256-Iek82mEI2kk2fTJbFHvPcMl0oOscBPhFjU9mMaCSWiw=",
|
||||
"lastModified": 1709213960,
|
||||
"narHash": "sha256-8j4E+jKw5pHiGlEXKxRBauZ14AWhnPE70+BKMkgCy+k=",
|
||||
"owner": "mrVanDalo",
|
||||
"repo": "landingpage",
|
||||
"rev": "2b46eb76d16988eb92daa1afc8849bde1002dc4b",
|
||||
"rev": "300490e475978c0418ecfe995538e58527fdadf8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -851,11 +851,11 @@
|
|||
"treefmt-nix": "treefmt-nix"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1711099355,
|
||||
"narHash": "sha256-01tynRAW0yMboJfgwgZFLBjnD6e8OiCuNRoxGn62axE=",
|
||||
"lastModified": 1715150548,
|
||||
"narHash": "sha256-pb2xIGuzzkPOjUlZnBahpfQWVvtCSOcW8vLL7rQUiEY=",
|
||||
"owner": "nix-community",
|
||||
"repo": "nixos-anywhere",
|
||||
"rev": "c34fd217b1765c9e92845051069f49560a52b8d6",
|
||||
"rev": "242444d228636b1f0e89d3681f04a75254c29f66",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -866,11 +866,11 @@
|
|||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1711352745,
|
||||
"narHash": "sha256-luvqik+i3HTvCbXQZgB6uggvEcxI9uae0nmrgtXJ17U=",
|
||||
"lastModified": 1715148395,
|
||||
"narHash": "sha256-lRxjTxY3103LGMjWdVqntKZHhlmMX12QUjeFrQMmGaE=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "9a763a7acc4cfbb8603bb0231fec3eda864f81c0",
|
||||
"rev": "a4e2b7909fc1bdf30c30ef21d388fde0b5cdde4a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -1023,11 +1023,11 @@
|
|||
},
|
||||
"nixpkgs-stable": {
|
||||
"locked": {
|
||||
"lastModified": 1711819797,
|
||||
"narHash": "sha256-tNeB6emxj74Y6ctwmsjtMlzUMn458sBmwnD35U5KIM4=",
|
||||
"lastModified": 1714858427,
|
||||
"narHash": "sha256-tCxeDP4C1pWe2rYY3IIhdA40Ujz32Ufd4tcrHPSKx2M=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "2b4e3ca0091049c6fbb4908c66b05b77eaef9f0c",
|
||||
"rev": "b980b91038fc4b09067ef97bbe5ad07eecca1e76",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -1039,11 +1039,11 @@
|
|||
},
|
||||
"nixpkgs-unstable": {
|
||||
"locked": {
|
||||
"lastModified": 1711703276,
|
||||
"narHash": "sha256-iMUFArF0WCatKK6RzfUJknjem0H9m4KgorO/p3Dopkk=",
|
||||
"lastModified": 1715266358,
|
||||
"narHash": "sha256-doPgfj+7FFe9rfzWo1siAV2mVCasW+Bh8I1cToAXEE4=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "d8fe5e6c92d0d190646fb9f1056741a229980089",
|
||||
"rev": "f1010e0469db743d14519a1efd37e23f8513d714",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -1102,11 +1102,11 @@
|
|||
},
|
||||
"nixpkgs_5": {
|
||||
"locked": {
|
||||
"lastModified": 1711668574,
|
||||
"narHash": "sha256-u1dfs0ASQIEr1icTVrsKwg2xToIpn7ZXxW3RHfHxshg=",
|
||||
"lastModified": 1715218190,
|
||||
"narHash": "sha256-R98WOBHkk8wIi103JUVQF3ei3oui4HvoZcz9tYOAwlk=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "219951b495fc2eac67b1456824cc1ec1fd2ee659",
|
||||
"rev": "9a9960b98418f8c385f52de3b09a63f9c561427a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -1148,11 +1148,11 @@
|
|||
},
|
||||
"nixpkgs_8": {
|
||||
"locked": {
|
||||
"lastModified": 1711715736,
|
||||
"narHash": "sha256-9slQ609YqT9bT/MNX9+5k5jltL9zgpn36DpFB7TkttM=",
|
||||
"lastModified": 1714809261,
|
||||
"narHash": "sha256-hfBmnYFyz9I1mdrC3tX1A+dF9cOUcds5PIMPxrT+cRk=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "807c549feabce7eddbf259dbdcec9e0600a0660d",
|
||||
"rev": "d32560238207b8e26d88b265207b216ee46b8450",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -1164,11 +1164,11 @@
|
|||
},
|
||||
"nixpkgs_9": {
|
||||
"locked": {
|
||||
"lastModified": 1711853880,
|
||||
"narHash": "sha256-5SBhzEHQW8RxQ+hjHvVXGB7dIYykLYkMtV0yZdJiObc=",
|
||||
"lastModified": 1715142527,
|
||||
"narHash": "sha256-8OCDTDZzmkhoJ0HzZd/wkUfdAES9e0Jsp3qb5sM/Jys=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "cd1c70d941d69d8d6425984ff8aefca9b28e861a",
|
||||
"rev": "0efaf283bd6e3b9ecf6e961d2305bf2e1a9f49c9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -1271,12 +1271,12 @@
|
|||
"rev": "13176fcd5b4689d1b15f1f9d19e946fff45dc3c3",
|
||||
"revCount": 28,
|
||||
"type": "git",
|
||||
"url": "ssh://gitea@git.ingolf-wagner.de/palo/overviewer.git"
|
||||
"url": "ssh://forgejo@git.ingolf-wagner.de/palo/overviewer.git"
|
||||
},
|
||||
"original": {
|
||||
"ref": "main",
|
||||
"type": "git",
|
||||
"url": "ssh://gitea@git.ingolf-wagner.de/palo/overviewer.git"
|
||||
"url": "ssh://forgejo@git.ingolf-wagner.de/palo/overviewer.git"
|
||||
}
|
||||
},
|
||||
"pandoc_template": {
|
||||
|
@ -1352,18 +1352,18 @@
|
|||
},
|
||||
"private_assets": {
|
||||
"locked": {
|
||||
"lastModified": 1702625488,
|
||||
"narHash": "sha256-IPSyCKFKk6y/lEpzZKd5YiQuzZRqZKBqDS8/EyJXdHU=",
|
||||
"lastModified": 1715197334,
|
||||
"narHash": "sha256-8rVZd6msm8rvU49XdAmj0rN/ZRBo/tk72RI+k49PitI=",
|
||||
"ref": "main",
|
||||
"rev": "a80acb46535c5efa69a0aa982d92e2efd1f1f377",
|
||||
"revCount": 18,
|
||||
"rev": "0ec2e8c4fbc36151811f5b9e68f59cdccc5a26eb",
|
||||
"revCount": 21,
|
||||
"type": "git",
|
||||
"url": "ssh://gitea@git.ingolf-wagner.de/palo/nixos-private-assets.git"
|
||||
"url": "ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-assets.git"
|
||||
},
|
||||
"original": {
|
||||
"ref": "main",
|
||||
"type": "git",
|
||||
"url": "ssh://gitea@git.ingolf-wagner.de/palo/nixos-private-assets.git"
|
||||
"url": "ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-assets.git"
|
||||
}
|
||||
},
|
||||
"retiolum": {
|
||||
|
@ -1470,18 +1470,18 @@
|
|||
"secrets": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
"lastModified": 1710548525,
|
||||
"narHash": "sha256-eUaVC7nx4SyC50bVFkSzasxpN7SEnlCDqrn990BbimM=",
|
||||
"lastModified": 1712505515,
|
||||
"narHash": "sha256-XvuG5hC5EKAcie8dycZ7x5myPrObCkrCfUNkH/rsiTE=",
|
||||
"ref": "main",
|
||||
"rev": "f169cfe831df94a9b6eacb3c310f89d469e32b53",
|
||||
"revCount": 65,
|
||||
"rev": "edb5928f4d18aa58856b695139fc20a77c8763d5",
|
||||
"revCount": 66,
|
||||
"type": "git",
|
||||
"url": "ssh://gitea@git.ingolf-wagner.de/palo/nixos-secrets.git"
|
||||
"url": "ssh://forgejo@git.ingolf-wagner.de/palo/nixos-secrets.git"
|
||||
},
|
||||
"original": {
|
||||
"ref": "main",
|
||||
"type": "git",
|
||||
"url": "ssh://gitea@git.ingolf-wagner.de/palo/nixos-secrets.git"
|
||||
"url": "ssh://forgejo@git.ingolf-wagner.de/palo/nixos-secrets.git"
|
||||
}
|
||||
},
|
||||
"sln-mode": {
|
||||
|
@ -1529,11 +1529,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1711855048,
|
||||
"narHash": "sha256-HxegAPnQJSC4cbEbF4Iq3YTlFHZKLiNTk8147EbLdGg=",
|
||||
"lastModified": 1715244550,
|
||||
"narHash": "sha256-ffOZL3eaZz5Y1nQ9muC36wBCWwS1hSRLhUzlA9hV2oI=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "99b1e37f9fc0960d064a7862eb7adfb92e64fa10",
|
||||
"rev": "0dc50257c00ee3c65fef3a255f6564cfbfe6eb7f",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -1547,11 +1547,11 @@
|
|||
"nixpkgs": "nixpkgs_9"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1711932894,
|
||||
"narHash": "sha256-aiMc4JHJU72cbkeHPDBE8pQEOel/RrW8YkGXelRvFn8=",
|
||||
"lastModified": 1715216666,
|
||||
"narHash": "sha256-0aTe4zSO5t6Wn+gaW5Bwr+84INd7htOdn3sdmE6/uC0=",
|
||||
"owner": "nix-community",
|
||||
"repo": "srvos",
|
||||
"rev": "e5a5f15acaff9daa69e7ef5596f6985ec695685f",
|
||||
"rev": "65d83b87b55c9618cf02aa9b9c08ec8adaa08c9d",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
18
flake.nix
18
flake.nix
|
@ -2,7 +2,7 @@
|
|||
inputs = {
|
||||
|
||||
secrets = {
|
||||
url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-secrets.git?ref=main";
|
||||
url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-secrets.git?ref=main";
|
||||
flake = false;
|
||||
};
|
||||
nixpkgs.url = "github:nixos/nixpkgs/nixos-23.11";
|
||||
|
@ -46,7 +46,7 @@
|
|||
};
|
||||
private_assets = {
|
||||
#url = "git+file:///home/palo/dev/nixos/nixos-private-assets";
|
||||
url = "git+ssh://gitea@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main";
|
||||
url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/nixos-private-assets.git?ref=main";
|
||||
flake = true;
|
||||
};
|
||||
retiolum = {
|
||||
|
@ -86,7 +86,7 @@
|
|||
url = "github:mrvandalo/taskshell";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
overviewer.url = "git+ssh://gitea@git.ingolf-wagner.de/palo/overviewer.git?ref=main";
|
||||
overviewer.url = "git+ssh://forgejo@git.ingolf-wagner.de/palo/overviewer.git?ref=main";
|
||||
};
|
||||
|
||||
outputs =
|
||||
|
@ -152,7 +152,6 @@
|
|||
legacy_2305 = nixpkgs-legacy_2105 { inherit system; };
|
||||
polygon-art = polygon-art.packages.${system};
|
||||
landingpage = landingpage.packages.${system}.plain;
|
||||
trilium-server = nixpkgs-unstable.legacyPackages.${system}.trilium-server;
|
||||
kmonad = kmonad.packages.${system}.kmonad;
|
||||
tasksh = taskshell.packages.${system}.tasksh;
|
||||
overviewer = overviewer.packages.${system}.overviewer;
|
||||
|
@ -197,7 +196,8 @@
|
|||
sshUser = "root";
|
||||
buildOn = "remote"; # valid args are "local" or "remote"
|
||||
substituteOnTarget = false; # if buildOn is "local" then it will substitute on the target, "-s"
|
||||
hermetic = false;
|
||||
#hermetic = false; # ??? don't know what this is
|
||||
nixOptions = [ "--max-jobs 1" ];
|
||||
};
|
||||
}
|
||||
{
|
||||
|
@ -266,8 +266,13 @@
|
|||
package = pkgs.noto-fonts-emoji;
|
||||
name = "Noto Color Emoji";
|
||||
};
|
||||
sizes.popups = 15;
|
||||
};
|
||||
|
||||
home-manager.extraSpecialArgs = {
|
||||
inherit private_assets;
|
||||
assets = ./nixos/assets;
|
||||
};
|
||||
home-manager.useGlobalPkgs = true;
|
||||
home-manager.useUserPackages = true;
|
||||
home-manager.sharedModules = [
|
||||
|
@ -333,7 +338,7 @@
|
|||
modules = [
|
||||
nixos-hardware.nixosModules.framework-12th-gen-intel
|
||||
retiolum.nixosModules.retiolum
|
||||
private_assets.nixosModules.jobrad
|
||||
private_assets.nixosModules.cream
|
||||
homeManagerModules
|
||||
{ home-manager.users.mainUser.gui.enable = true; }
|
||||
{
|
||||
|
@ -359,6 +364,7 @@
|
|||
modules = [
|
||||
homeManagerModules
|
||||
retiolum.nixosModules.retiolum
|
||||
private_assets.nixosModules.chungus
|
||||
{
|
||||
home-manager.users.mainUser = import ./nixos/homes/palo;
|
||||
home-manager.users.root = import ./nixos/homes/root;
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
From b75e6fd3159896966dce2cf3af5b5be7e286ce1a Mon Sep 17 00:00:00 2001
|
||||
From 4797a2f62ab3d2716d313aa4a3170ba9672a93b6 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?J=C3=B6rg=20Thalheim?= <joerg@thalheim.io>
|
||||
Date: Mon, 6 Nov 2023 15:56:26 +0100
|
||||
Date: Fri, 22 Mar 2024 08:46:07 +0100
|
||||
Subject: [PATCH] make atuin on zfs fast again
|
||||
MIME-Version: 1.0
|
||||
Content-Type: text/plain; charset=UTF-8
|
||||
|
@ -8,38 +8,38 @@ Content-Transfer-Encoding: 8bit
|
|||
|
||||
Signed-off-by: Jörg Thalheim <joerg@thalheim.io>
|
||||
---
|
||||
atuin-client/src/database.rs | 3 ++-
|
||||
atuin-client/src/record/sqlite_store.rs | 3 ++-
|
||||
atuin-client/src/database.rs | 4 ++--
|
||||
atuin-client/src/record/sqlite_store.rs | 2 ++
|
||||
2 files changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/atuin-client/src/database.rs b/atuin-client/src/database.rs
|
||||
index c4b45302..29006d59 100644
|
||||
index b0bcae31..d8db492b 100644
|
||||
--- a/atuin-client/src/database.rs
|
||||
+++ b/atuin-client/src/database.rs
|
||||
@@ -130,7 +130,8 @@ pub async fn new(path: impl AsRef<Path>) -> Result<Self> {
|
||||
@@ -137,9 +137,9 @@ pub async fn new(path: impl AsRef<Path>, timeout: f64) -> Result<Self> {
|
||||
}
|
||||
|
||||
|
||||
let opts = SqliteConnectOptions::from_str(path.as_os_str().to_str().unwrap())?
|
||||
- .journal_mode(SqliteJournalMode::Wal)
|
||||
+ .journal_mode(SqliteJournalMode::Memory)
|
||||
.optimize_on_close(true, None)
|
||||
- .synchronous(SqliteSynchronous::Normal)
|
||||
+ .synchronous(sqlx::sqlite::SqliteSynchronous::Off)
|
||||
.with_regexp()
|
||||
.create_if_missing(true);
|
||||
|
||||
let pool = SqlitePoolOptions::new().connect_with(opts).await?;
|
||||
|
||||
diff --git a/atuin-client/src/record/sqlite_store.rs b/atuin-client/src/record/sqlite_store.rs
|
||||
index db709f20..eaed6f7a 100644
|
||||
index 6333bb27..1f25a55b 100644
|
||||
--- a/atuin-client/src/record/sqlite_store.rs
|
||||
+++ b/atuin-client/src/record/sqlite_store.rs
|
||||
@@ -37,7 +37,8 @@ pub async fn new(path: impl AsRef<Path>) -> Result<Self> {
|
||||
}
|
||||
|
||||
@@ -42,6 +42,8 @@ pub async fn new(path: impl AsRef<Path>, timeout: f64) -> Result<Self> {
|
||||
|
||||
let opts = SqliteConnectOptions::from_str(path.as_os_str().to_str().unwrap())?
|
||||
- .journal_mode(SqliteJournalMode::Wal)
|
||||
.journal_mode(SqliteJournalMode::Wal)
|
||||
+ .journal_mode(SqliteJournalMode::Memory)
|
||||
+ .synchronous(sqlx::sqlite::SqliteSynchronous::Off)
|
||||
.foreign_keys(true)
|
||||
.create_if_missing(true);
|
||||
|
||||
let pool = SqlitePoolOptions::new().connect_with(opts).await?;
|
||||
--
|
||||
2.42.0
|
||||
|
||||
--
|
||||
2.43.1
|
|
@ -19,6 +19,7 @@ with lib;
|
|||
./suspend.nix
|
||||
./taskwarrior.nix
|
||||
./vscode.nix
|
||||
./wayland.nix
|
||||
./xorg
|
||||
];
|
||||
|
||||
|
|
|
@ -81,7 +81,7 @@
|
|||
{
|
||||
nativ = keyboard "/dev/input/by-path/platform-i8042-serio-0-event-kbd" [ "lctl" "lmet" "lalt" ];
|
||||
dasKeyboard = keyboard "/dev/input/by-id/usb-Metadot_-_Das_Keyboard_Das_Keyboard-event-kbd" [ "lctl" "lmet" "lalt" ];
|
||||
uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-if01-event-kbd" [ "lctl" "lmet" "lalt" ];
|
||||
uhk = keyboard "/dev/input/by-id/usb-Ultimate_Gadget_Laboratories_UHK_60_v2-event-kbd" [ "lctl" "lmet" "lalt" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -63,7 +63,7 @@ in
|
|||
${pkgs.khal}/bin/ikhal
|
||||
'')
|
||||
|
||||
# todo : before deleting this, put it in trilium
|
||||
# todo : before deleting this, put it in logseq
|
||||
(python3Packages.bugwarrior.overrideAttrs (old: {
|
||||
version = "develop";
|
||||
src = pkgs.fetchFromGitHub {
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
with lib;
|
||||
{
|
||||
|
||||
options.components.gui.wayland.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = ! config.components.gui.xorg.enable;
|
||||
};
|
||||
|
||||
config = mkIf config.components.gui.wayland.enable {
|
||||
programs.hyprland.enable = true;
|
||||
};
|
||||
}
|
|
@ -4,7 +4,13 @@ with lib;
|
|||
|
||||
imports = [ ./xlock.nix ];
|
||||
|
||||
config = mkIf config.components.gui.enable {
|
||||
options.components.gui.xorg.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.gui.enable;
|
||||
};
|
||||
|
||||
|
||||
config = mkIf config.components.gui.xorg.enable {
|
||||
|
||||
# system.custom.fonts.enable = true;
|
||||
|
||||
|
@ -19,14 +25,8 @@ with lib;
|
|||
lightdm.enable = lib.mkDefault true;
|
||||
};
|
||||
|
||||
desktopManager = {
|
||||
xterm.enable = false;
|
||||
};
|
||||
windowManager = {
|
||||
xmonad.enable = true;
|
||||
xmonad.enableContribAndExtras = true;
|
||||
i3.enable = true;
|
||||
};
|
||||
desktopManager.xterm.enable = false;
|
||||
windowManager.i3.enable = true;
|
||||
|
||||
# mouse/touchpad
|
||||
# --------------
|
||||
|
|
|
@ -11,7 +11,7 @@ let
|
|||
|
||||
in
|
||||
{
|
||||
config = mkIf config.components.gui.enable {
|
||||
config = mkIf config.components.gui.xorg.enable {
|
||||
environment.systemPackages = [
|
||||
lockProgram
|
||||
(pkgs.makeDesktopItem {
|
||||
|
|
|
@ -0,0 +1,15 @@
|
|||
{ lib, config, ... }:
|
||||
with lib;
|
||||
with types;
|
||||
{
|
||||
imports = [ ./default.nix ];
|
||||
|
||||
config = {
|
||||
components.monitor.enable = mkDefault true;
|
||||
components.monitor.metrics.enable = mkDefault false;
|
||||
components.monitor.opentelemetry.enable = false;
|
||||
|
||||
services.journald.extraConfig = "SystemMaxUse=1G";
|
||||
};
|
||||
|
||||
}
|
|
@ -1,20 +1,32 @@
|
|||
{ lib, ... }:
|
||||
{ lib, config, ... }:
|
||||
with lib;
|
||||
with types;
|
||||
{
|
||||
|
||||
|
||||
options.components.monitor = {
|
||||
enable = mkOption {
|
||||
type = bool;
|
||||
default = true;
|
||||
};
|
||||
metrics.enable = mkOption {
|
||||
type = bool;
|
||||
default = config.components.monitor.enable;
|
||||
};
|
||||
logs.enable = mkOption {
|
||||
type = bool;
|
||||
default = config.components.monitor.enable;
|
||||
};
|
||||
};
|
||||
|
||||
imports = [
|
||||
./netdata.nix
|
||||
./logs-promtail.nix
|
||||
./metrics-export-zfs.nix
|
||||
./metrics-netdata.nix
|
||||
./metrics-prometheus.nix
|
||||
./metrics-telegraf.nix
|
||||
./opentelemetry.nix
|
||||
];
|
||||
|
||||
|
||||
config = mkIf config.components.monitor.enable { };
|
||||
|
||||
}
|
||||
|
|
|
@ -0,0 +1,178 @@
|
|||
{ config, lib, ... }:
|
||||
with lib;
|
||||
with types;
|
||||
let
|
||||
cfg = config.components.monitor.promtail;
|
||||
in
|
||||
{
|
||||
options.components.monitor.promtail = {
|
||||
enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.monitor.logs.enable;
|
||||
};
|
||||
port = mkOption {
|
||||
type = int;
|
||||
default = 3500;
|
||||
description = "port to provide promtail export";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkMerge [
|
||||
|
||||
(mkIf config.components.monitor.opentelemetry.enable {
|
||||
services.opentelemetry-collector.settings = {
|
||||
receivers.loki = {
|
||||
protocols.http.endpoint = "127.0.0.1:${toString cfg.port}";
|
||||
use_incoming_timestamp = true;
|
||||
};
|
||||
service.pipelines.logs.receivers = [ "loki" ];
|
||||
};
|
||||
})
|
||||
|
||||
(mkIf config.components.monitor.promtail.enable {
|
||||
services.promtail = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
server. disable = true;
|
||||
positions.filename = "/var/cache/promtail/positions.yaml";
|
||||
|
||||
clients = [
|
||||
{ url = "http://127.0.0.1:${toString cfg.port}/loki/api/v1/push"; }
|
||||
];
|
||||
|
||||
scrape_configs =
|
||||
|
||||
let
|
||||
_replace = index: replacement: ''{{ Replace .Value "${toString index}" "${replacement}" 1 }}'';
|
||||
_elseif = index: ''{{ else if eq .Value "${toString index}" }}'';
|
||||
_if = index: ''{{ if eq .Value "${toString index}" }}'';
|
||||
_end = ''{{ end }}'';
|
||||
elseblock = index: replacement: "${_elseif index}${_replace index replacement}";
|
||||
ifblock = index: replacement: "${_if index}${_replace index replacement}";
|
||||
createTemplateLine = list: "${concatStrings (imap0 (index: replacement: if index == 0 then ifblock index replacement else elseblock index replacement) list)}${_end}";
|
||||
in
|
||||
[
|
||||
{
|
||||
job_name = "journal";
|
||||
journal = {
|
||||
json = true;
|
||||
max_age = "12h";
|
||||
labels.job = "systemd-journal";
|
||||
};
|
||||
pipeline_stages = [
|
||||
{
|
||||
# Set of key/value pairs of JMESPath expressions. The key will be
|
||||
# the key in the extracted data while the expression will be the value,
|
||||
# evaluated as a JMESPath from the source data.
|
||||
json.expressions = {
|
||||
# journalctl -o json | jq and you'll see these
|
||||
boot_id = "_BOOT_ID";
|
||||
facility = "SYSLOG_FACILITY";
|
||||
facility_label = "SYSLOG_FACILITY";
|
||||
instance = "_HOSTNAME";
|
||||
msg = "MESSAGE";
|
||||
priority = "PRIORITY";
|
||||
priority_label = "PRIORITY";
|
||||
transport = "_TRANSPORT";
|
||||
unit = "_SYSTEMD_UNIT";
|
||||
# coredump
|
||||
#coredump_cgroup = "COREDUMP_CGROUP";
|
||||
#coredump_exe = "COREDUMP_EXE";
|
||||
#coredump_cmdline = "COREDUMP_CMDLINE";
|
||||
#coredump_uid = "COREDUMP_UID";
|
||||
#coredump_gid = "COREDUMP_GID";
|
||||
};
|
||||
}
|
||||
{
|
||||
# Set the unit (defaulting to the transport like audit and kernel)
|
||||
template = {
|
||||
source = "unit";
|
||||
template = "{{if .unit}}{{.unit}}{{else}}{{.transport}}{{end}}";
|
||||
};
|
||||
}
|
||||
{
|
||||
# Normalize session IDs (session-1234.scope -> session.scope) to limit number of label values
|
||||
replace = {
|
||||
source = "unit";
|
||||
expression = "^(session-\\d+.scope)$";
|
||||
replace = "session.scope";
|
||||
};
|
||||
}
|
||||
{
|
||||
# Map priority to human readable
|
||||
template = {
|
||||
source = "priority_label";
|
||||
#template = ''{{ if eq .Value "0" }}{{ Replace .Value "0" "emerg" 1 }}{{ else if eq .Value "1" }}{{ Replace .Value "1" "alert" 1 }}{{ else if eq .Value "2" }}{{ Replace .Value "2" "crit" 1 }}{{ else if eq .Value "3" }}{{ Replace .Value "3" "err" 1 }}{{ else if eq .Value "4" }}{{ Replace .Value "4" "warning" 1 }}{{ else if eq .Value "5" }}{{ Replace .Value "5" "notice" 1 }}{{ else if eq .Value "6" }}{{ Replace .Value "6" "info" 1 }}{{ else if eq .Value "7" }}{{ Replace .Value "7" "debug" 1 }}{{ end }}'';
|
||||
template = createTemplateLine [
|
||||
"emergency"
|
||||
"alert"
|
||||
"critical"
|
||||
"error"
|
||||
"warning"
|
||||
"notice"
|
||||
"info"
|
||||
"debug"
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
# Map facility to human readable
|
||||
template =
|
||||
{
|
||||
source = "facility_label";
|
||||
template = createTemplateLine [
|
||||
"kern" # Kernel messages
|
||||
"user" # User-level messages
|
||||
"mail" # Mail system Archaic POSIX still supported and sometimes used (for more mail(1))
|
||||
"daemon" # System daemons All daemons, including systemd and its subsystems
|
||||
"auth" # Security/authorization messages Also watch for different facility 10
|
||||
"syslog" # Messages generated internally by syslogd For syslogd implementations (not used by systemd, see facility 3)
|
||||
"lpr" # Line printer subsystem (archaic subsystem)
|
||||
"news" # Network news subsystem (archaic subsystem)
|
||||
"uucp" # UUCP subsystem (archaic subsystem)
|
||||
"clock" # Clock daemon systemd-timesyncd
|
||||
"authpriv" # Security/authorization messages Also watch for different facility 4
|
||||
"ftp" # FTP daemon
|
||||
"-" # NTP subsystem
|
||||
"-" # Log audit
|
||||
"-" # Log alert
|
||||
"cron" # Scheduling daemon
|
||||
"local0" # Local use 0 (local0)
|
||||
"local1" # Local use 1 (local1)
|
||||
"local2" # Local use 2 (local2)
|
||||
"local3" # Local use 3 (local3)
|
||||
"local4" # Local use 4 (local4)
|
||||
"local5" # Local use 5 (local5)
|
||||
"local6" # Local use 6 (local6)
|
||||
"local7" # Local use 7 (local7)
|
||||
];
|
||||
};
|
||||
}
|
||||
{
|
||||
# Key is REQUIRED and the name for the label that will be created.
|
||||
# Value is optional and will be the name from extracted data whose value
|
||||
# will be used for the value of the label. If empty, the value will be
|
||||
# inferred to be the same as the key.
|
||||
labels = {
|
||||
boot_id = "";
|
||||
facility = "";
|
||||
facility_label = "";
|
||||
instance = "";
|
||||
priority = "";
|
||||
priority_label = "";
|
||||
transport = "";
|
||||
unit = "";
|
||||
};
|
||||
}
|
||||
{
|
||||
# Write the proper message instead of JSON
|
||||
output.source = "msg";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
})
|
||||
];
|
||||
}
|
|
@ -0,0 +1,32 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
with lib;
|
||||
with types;
|
||||
{
|
||||
options.components.monitor.exporters.zfs.enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.monitor.metrics.enable;
|
||||
};
|
||||
|
||||
config = mkMerge [
|
||||
(mkIf config.components.monitor.exporters.zfs.enable {
|
||||
|
||||
services.telegraf.extraConfig.inputs.zfs = { };
|
||||
|
||||
services.prometheus.exporters.zfs.enable = true;
|
||||
services.opentelemetry-collector.settings = {
|
||||
receivers.prometheus.config.scrape_configs = [
|
||||
{
|
||||
job_name = "zfs";
|
||||
scrape_interval = "10s";
|
||||
static_configs = [{
|
||||
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.zfs.port}" ];
|
||||
}];
|
||||
}
|
||||
];
|
||||
service.pipelines.metrics.receivers = [ "prometheus" ];
|
||||
};
|
||||
|
||||
})
|
||||
];
|
||||
|
||||
}
|
|
@ -0,0 +1,35 @@
|
|||
{ lib, pkgs, config, ... }:
|
||||
with lib;
|
||||
with types;
|
||||
{
|
||||
options.components.monitor.netdata = {
|
||||
enable = mkOption {
|
||||
type = bool;
|
||||
default = config.components.monitor.metrics.enable;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf config.components.monitor.netdata.enable {
|
||||
|
||||
# netdata sink
|
||||
services.opentelemetry-collector.settings.receivers.prometheus.config.scrape_configs = [
|
||||
{
|
||||
job_name = "netdata";
|
||||
scrape_interval = "10s";
|
||||
metrics_path = "/api/v1/allmetrics";
|
||||
params.format = [ "prometheus" ];
|
||||
static_configs = [{ targets = [ "127.0.0.1:19999" ]; }];
|
||||
}
|
||||
];
|
||||
|
||||
# https://docs.netdata.cloud/daemon/config/
|
||||
services.netdata = {
|
||||
enable = lib.mkDefault true;
|
||||
config = {
|
||||
global = {
|
||||
"memory mode" = "ram";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,45 @@
|
|||
{ config, lib, ... }:
|
||||
with lib;
|
||||
with types;
|
||||
let
|
||||
cfg = config.components.monitor.prometheus;
|
||||
in
|
||||
{
|
||||
options.components.monitor.prometheus = {
|
||||
enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.monitor.metrics.enable;
|
||||
};
|
||||
port = mkOption {
|
||||
type = int;
|
||||
default = 8090;
|
||||
description = "port to provide Prometheus export";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkMerge [
|
||||
|
||||
(mkIf config.components.monitor.prometheus.enable {
|
||||
services.prometheus = {
|
||||
checkConfig = "syntax-only";
|
||||
enable = true;
|
||||
};
|
||||
})
|
||||
|
||||
(mkIf config.components.monitor.prometheus.enable {
|
||||
services.opentelemetry-collector.settings = {
|
||||
exporters.prometheus.endpoint = "127.0.0.1:${toString cfg.port}";
|
||||
service.pipelines.metrics.exporters = [ "prometheus" ];
|
||||
};
|
||||
services.prometheus.scrapeConfigs = [
|
||||
{
|
||||
job_name = "opentelemetry";
|
||||
metrics_path = "/metrics";
|
||||
scrape_interval = "10s";
|
||||
static_configs = [{ targets = [ "localhost:${toString cfg.port}" ]; }];
|
||||
}
|
||||
];
|
||||
})
|
||||
|
||||
];
|
||||
}
|
|
@ -0,0 +1,50 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
with lib;
|
||||
with types;
|
||||
let
|
||||
cfg = config.components.monitor.telegraf;
|
||||
in
|
||||
{
|
||||
options.components.monitor.telegraf = {
|
||||
enable = mkOption {
|
||||
type = lib.types.bool;
|
||||
default = config.components.monitor.metrics.enable;
|
||||
};
|
||||
influxDBPort = mkOption {
|
||||
type = int;
|
||||
default = 8088;
|
||||
description = "Port to listen on influxDB input";
|
||||
};
|
||||
};
|
||||
|
||||
config = lib.mkMerge [
|
||||
(mkIf config.components.monitor.telegraf.enable {
|
||||
# opentelemetry wireing
|
||||
services.opentelemetry-collector.settings = {
|
||||
receivers.influxdb.endpoint = "127.0.0.1:${toString cfg.influxDBPort}";
|
||||
service.pipelines.metrics.receivers = [ "influxdb" ];
|
||||
};
|
||||
services.telegraf.extraConfig.outputs.influxdb_v2.urls = [ "http://127.0.0.1:${toString cfg.influxDBPort}" ];
|
||||
})
|
||||
|
||||
(mkIf config.components.monitor.telegraf.enable {
|
||||
|
||||
systemd.services.telegraf.path = [ pkgs.inetutils ];
|
||||
|
||||
services.telegraf = {
|
||||
enable = true;
|
||||
extraConfig = {
|
||||
# https://github.com/influxdata/telegraf/tree/master/plugins/inputs < all them plugins
|
||||
inputs = {
|
||||
cpu = { };
|
||||
diskio = { };
|
||||
processes = { };
|
||||
system = { };
|
||||
systemd_units = { };
|
||||
ping = [{ urls = [ "10.100.0.1" ]; }]; # actually important to make machine visible over wireguard
|
||||
};
|
||||
};
|
||||
};
|
||||
})
|
||||
];
|
||||
}
|
|
@ -1,33 +0,0 @@
|
|||
{ lib, pkgs, config, ... }:
|
||||
with lib;
|
||||
with types;
|
||||
{
|
||||
|
||||
config = lib.mkIf config.components.monitor.enable {
|
||||
|
||||
services.netdata = {
|
||||
enable = lib.mkDefault true;
|
||||
# https://docs.netdata.cloud/daemon/config/
|
||||
config = {
|
||||
global = {
|
||||
"memory mode" = "ram";
|
||||
};
|
||||
};
|
||||
#configDir."python.d.conf" = pkgs.writeText "python.d.conf" ''
|
||||
# example: yes
|
||||
# default_run: no
|
||||
# samba: yes
|
||||
#'';
|
||||
};
|
||||
|
||||
# add samba to path of python plugin
|
||||
#systemd.services.netdata.path = [ pkgs.sudo pkgs.samba ];
|
||||
#systemd.services.netdata.serviceConfig.CapabilityBoundingSet = [ "~" ];
|
||||
#security.sudo.extraConfig = ''
|
||||
# netdata ALL=(root) NOPASSWD: ${pkgs.samba}/bin/smbstatus
|
||||
# netdata ALL=(root) NOPASSWD: /run/current-system/sw/bin/smbstatus
|
||||
#'';
|
||||
|
||||
|
||||
};
|
||||
}
|
|
@ -0,0 +1,205 @@
|
|||
{ pkgs, config, lib, ... }:
|
||||
with lib;
|
||||
with types;
|
||||
let
|
||||
cfg = config.components.monitor.opentelemetry;
|
||||
in
|
||||
{
|
||||
options.components.monitor.opentelemetry = {
|
||||
enable = mkOption {
|
||||
type = bool;
|
||||
default = config.components.monitor.enable;
|
||||
description = "weather or not to use opentelemetry";
|
||||
};
|
||||
receiver.endpoint = mkOption {
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = "endpoint to receive the opentelementry data from other collectors";
|
||||
};
|
||||
exporter.endpoint = mkOption {
|
||||
type = nullOr str;
|
||||
default = null;
|
||||
description = "endpoint to ship opentelementry data too";
|
||||
};
|
||||
exporter.debug = mkOption {
|
||||
type = nullOr (enum [ "logs" "metrics" ]);
|
||||
default = null;
|
||||
description = "enable debug exporter.";
|
||||
};
|
||||
metrics.endpoint = mkOption {
|
||||
type = str;
|
||||
default = "127.0.0.1:8100";
|
||||
description = "endpoint on where to provide opentelementry metrics";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkMerge [
|
||||
|
||||
(mkIf config.components.monitor.opentelemetry.enable {
|
||||
services.opentelemetry-collector = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.opentelemetry-collector-contrib;
|
||||
};
|
||||
})
|
||||
|
||||
# add default tags to metrics
|
||||
# todo : make sure we filter out metrics from otlp receivers
|
||||
(mkIf config.components.monitor.enable {
|
||||
services.opentelemetry-collector.settings = {
|
||||
|
||||
processors = {
|
||||
|
||||
# https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/main/processor/resourcedetectionprocessor/README.md
|
||||
"resourcedetection/system" = {
|
||||
detectors = [ "system" ];
|
||||
override = false;
|
||||
system.hostname_sources = [ "os" ];
|
||||
};
|
||||
|
||||
metricstransform.transforms = [
|
||||
{
|
||||
include = ".*";
|
||||
match_type = "regexp";
|
||||
action = "update";
|
||||
operations = [{
|
||||
action = "add_label";
|
||||
new_label = "machine";
|
||||
new_value = config.networking.hostName;
|
||||
}];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
})
|
||||
(mkIf config.components.monitor.metrics.enable {
|
||||
services.opentelemetry-collector.settings = {
|
||||
service.pipelines.metrics.processors = [
|
||||
"metricstransform"
|
||||
"resourcedetection/system"
|
||||
];
|
||||
};
|
||||
})
|
||||
(mkIf config.components.monitor.logs.enable {
|
||||
services.opentelemetry-collector.settings = {
|
||||
service.pipelines.logs.processors = [ "resourcedetection/system" ];
|
||||
};
|
||||
})
|
||||
|
||||
|
||||
(mkIf (config.components.monitor.opentelemetry.exporter.debug != null) {
|
||||
services.opentelemetry-collector.settings = {
|
||||
exporters.debug = {
|
||||
verbosity = "detailed";
|
||||
sampling_initial = 5;
|
||||
sampling_thereafter = 200;
|
||||
};
|
||||
service.pipelines.${config.components.monitor.opentelemetry.exporter.debug} = {
|
||||
exporters = [ "debug" ];
|
||||
};
|
||||
|
||||
};
|
||||
})
|
||||
|
||||
# ship to next instance
|
||||
(mkIf (config.components.monitor.opentelemetry.exporter.endpoint != null) {
|
||||
services.opentelemetry-collector.settings = {
|
||||
exporters.otlp = {
|
||||
endpoint = cfg.exporter.endpoint;
|
||||
tls.insecure = true;
|
||||
};
|
||||
};
|
||||
})
|
||||
(mkIf
|
||||
(
|
||||
config.components.monitor.opentelemetry.exporter.endpoint != null &&
|
||||
config.components.monitor.logs.enable
|
||||
)
|
||||
{
|
||||
services.opentelemetry-collector.settings = {
|
||||
service.pipelines.logs.exporters = [ "otlp" ];
|
||||
};
|
||||
})
|
||||
(mkIf
|
||||
(
|
||||
config.components.monitor.opentelemetry.exporter.endpoint != null &&
|
||||
config.components.monitor.metrics.enable
|
||||
)
|
||||
{
|
||||
services.opentelemetry-collector.settings = {
|
||||
service.pipelines.metrics.exporters = [ "otlp" ];
|
||||
};
|
||||
})
|
||||
|
||||
# ship from other instance
|
||||
(mkIf (config.components.monitor.opentelemetry.receiver.endpoint != null) {
|
||||
services.opentelemetry-collector.settings = {
|
||||
receivers.otlp.protocols.grpc.endpoint = cfg.receiver.endpoint;
|
||||
};
|
||||
})
|
||||
(mkIf
|
||||
(
|
||||
config.components.monitor.opentelemetry.receiver.endpoint != null &&
|
||||
config.components.monitor.logs.enable
|
||||
)
|
||||
{
|
||||
services.opentelemetry-collector.settings = {
|
||||
service.pipelines.logs.receivers = [ "otlp" ];
|
||||
};
|
||||
})
|
||||
(mkIf
|
||||
(
|
||||
config.components.monitor.opentelemetry.receiver.endpoint != null &&
|
||||
config.components.monitor.metrics.enable
|
||||
)
|
||||
{
|
||||
services.opentelemetry-collector.settings = {
|
||||
service.pipelines.metrics.receivers = [ "otlp" ];
|
||||
};
|
||||
})
|
||||
|
||||
|
||||
|
||||
# scrape opentelemetry-colectors metrics
|
||||
# todo: this should be collected another way (opentelemetry internal?)
|
||||
# todo : enable me only when metrics.endpoint is set.
|
||||
(mkIf config.components.monitor.metrics.enable {
|
||||
services.opentelemetry-collector.settings = {
|
||||
receivers = {
|
||||
prometheus.config.scrape_configs = [
|
||||
{
|
||||
job_name = "otelcol";
|
||||
scrape_interval = "10s";
|
||||
static_configs = [{
|
||||
targets = [ cfg.metrics.endpoint ];
|
||||
}];
|
||||
metric_relabel_configs = [
|
||||
{
|
||||
source_labels = [ "__name__" ];
|
||||
regex = ".*grpc_io.*";
|
||||
action = "drop";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
service = {
|
||||
pipelines.metrics = {
|
||||
receivers = [ "prometheus" ];
|
||||
};
|
||||
|
||||
# todo : this should be automatically be collected
|
||||
# open telemetries own metrics?
|
||||
telemetry.metrics.address = cfg.metrics.endpoint;
|
||||
};
|
||||
|
||||
};
|
||||
})
|
||||
(mkIf (! config.components.monitor.metrics.enable) {
|
||||
services.opentelemetry-collector.settings = {
|
||||
service.telemetry.metrics.level = "none";
|
||||
};
|
||||
})
|
||||
];
|
||||
|
||||
}
|
|
@ -33,23 +33,37 @@ with lib;
|
|||
|
||||
# for loki logging
|
||||
commonHttpConfig = ''
|
||||
log_format logfmt escape=json 'timestamp=$time_iso8601 '
|
||||
'facility=nginx '
|
||||
'src_addr=$remote_addr '
|
||||
'body_bytes_sent=$body_bytes_sent '
|
||||
'request_time=$request_time '
|
||||
'response_status=$status '
|
||||
'request="$request" '
|
||||
log_format logfmt
|
||||
'timestamp="$time_iso8601" '
|
||||
'facility="nginx" '
|
||||
'src_addr="$remote_addr" '
|
||||
'body_bytes_sent="$body_bytes_sent" '
|
||||
'request_time="$request_time" '
|
||||
'response_status="$status" '
|
||||
'request_method="$request_method" '
|
||||
'request="$request" '
|
||||
'host="$host" '
|
||||
'upstream_cache_status="$upstream_cache_status" '
|
||||
'upstream_addr="$upstream_addr" '
|
||||
'http_x_forwarded_for="$http_x_forwarded_for" '
|
||||
'http_referrer="$http_referer" '
|
||||
'http_user_agent="$http_user_agent"';
|
||||
'http_user_agent="$http_user_agent" ';
|
||||
|
||||
log_format json_combined escape=json
|
||||
'{'
|
||||
'"time_local":"$time_local",'
|
||||
'"remote_addr":"$remote_addr",'
|
||||
'"remote_user":"$remote_user",'
|
||||
'"request":"$request",'
|
||||
'"status": "$status",'
|
||||
'"body_bytes_sent":"$body_bytes_sent",'
|
||||
'"request_time":"$request_time",'
|
||||
'"http_referrer":"$http_referer",'
|
||||
'"http_user_agent":"$http_user_agent"'
|
||||
'}';
|
||||
|
||||
# log to local journald
|
||||
access_log syslog:server=unix:/dev/log logfmt;
|
||||
access_log syslog:server=unix:/dev/log,nohostname logfmt;
|
||||
'';
|
||||
|
||||
};
|
||||
|
|
|
@ -31,6 +31,8 @@ with lib; {
|
|||
// (device "cream" "MQVKATH-THTPET5-KYAT7XX-BOIIIBA-P7OOF7Y-IWAUN53-S2VNVOY-BZWTGQK")
|
||||
// (device "cherry" "WX2HZQ7-WAOL6YR-QJYFS2L-SVUJQB4-SKHZHVE-J7XCWLQ-6GRATXX-VJUMOAH")
|
||||
// (device "chungus" "GZGW2YW-6RRUPDN-LFAOATC-56FS7LH-YC7R32N-LVA5JUX-3LSBYOX-BFR67QZ")
|
||||
// (device "iPhone" "APFS6SA-VVTARXU-3WHHRZG-TE5N3T4-X4IC76V-T67EKZ6-NLGP3TW-EZYXYAH")
|
||||
// (device "iPad" "JDDNVYD-H3WMSSS-WZ745KL-7QEGN6O-ZSGQLQU-YBR2L42-7FO7KJ4-BXPYDA5")
|
||||
// {
|
||||
bumba = {
|
||||
name = "windows-bumba";
|
||||
|
@ -49,6 +51,11 @@ with lib; {
|
|||
|
||||
# needs to be on encrypted drives
|
||||
# -------------------------------
|
||||
oscar_cpap = {
|
||||
enable = lib.mkDefault false;
|
||||
path = lib.mkDefault "/tmp/oscar_cpap";
|
||||
devices = [ "chungus" "cream" "cherry" ];
|
||||
};
|
||||
audiobooks = {
|
||||
enable = lib.mkDefault false;
|
||||
path = lib.mkDefault "/tmp/audiobooks";
|
||||
|
@ -57,7 +64,7 @@ with lib; {
|
|||
logseq = {
|
||||
enable = lib.mkDefault false;
|
||||
path = lib.mkDefault "/tmp/logseq";
|
||||
devices = [ "chungus" "cream" "cherry" ];
|
||||
devices = [ "chungus" "cream" "cherry" "iPhone" "iPad" ];
|
||||
};
|
||||
lectures = {
|
||||
enable = lib.mkDefault false;
|
||||
|
|
|
@ -24,6 +24,7 @@ let
|
|||
"sonarr.orbi" = hosts.orbi;
|
||||
"radarr.orbi" = hosts.orbi;
|
||||
"prowlarr.orbi" = hosts.orbi;
|
||||
"photoprism.orbi" = hosts.orbi;
|
||||
# robi
|
||||
"grafana.robi" = hosts.robi;
|
||||
"loki.robi" = hosts.robi;
|
||||
|
@ -49,11 +50,8 @@ let
|
|||
"minio.chungus" = hosts.chungus;
|
||||
"sync.chungus" = hosts.chungus;
|
||||
"tdarr.chungus" = hosts.chungus;
|
||||
"trilium.chungus" = hosts.chungus;
|
||||
"tts.chungus" = hosts.chungus;
|
||||
"paperless.chungus" = hosts.chungus;
|
||||
# cream
|
||||
"trilium.cream" = hosts.cream;
|
||||
};
|
||||
network = "private";
|
||||
in
|
||||
|
|
|
@ -11,5 +11,17 @@ with lib;
|
|||
};
|
||||
};
|
||||
|
||||
# todo: use networking.wireguard instead of networking wg-quick
|
||||
# with dynamicEndpointRefreshSeconds
|
||||
#config = {
|
||||
# systemd.services.wg-quick-wg0.serviceConfig = {
|
||||
# Restart = "always";
|
||||
# RestartSec = 50;
|
||||
# Type = mkForce "simple";
|
||||
# RemainAfterExit = mkForce false;
|
||||
# };
|
||||
#};
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -3,6 +3,7 @@
|
|||
imports = [
|
||||
./packages.nix
|
||||
./terminal.nix
|
||||
./zfs.nix
|
||||
];
|
||||
options.gui.enable = lib.mkEnableOption "should GUI packages be anabled?";
|
||||
}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, pkgs, ... }:
|
||||
{ lib, pkgs, assets, ... }:
|
||||
{
|
||||
|
||||
programs.zsh = {
|
||||
|
@ -36,12 +36,11 @@
|
|||
enable = true;
|
||||
enableBashIntegration = true;
|
||||
enableZshIntegration = true;
|
||||
package = pkgs.unstable.atuin;
|
||||
# todo not needed anymore
|
||||
#package = pkgs.unstable.atuin.overrideAttrs (_old: {
|
||||
# # as cursed as doing mitigations=off in the kernel command line
|
||||
# patches = [ ./0001-make-atuin-on-zfs-fast-again.patch ];
|
||||
#});
|
||||
#package = pkgs.unstable.atuin;
|
||||
package = pkgs.unstable.atuin.overrideAttrs (_old: {
|
||||
# as cursed as doing mitigations=off in the kernel command line
|
||||
patches = [ "${assets}/0001-make-atuin-on-zfs-fast-again.patch" ];
|
||||
});
|
||||
settings = {
|
||||
auto_sync = true;
|
||||
sync_frequency = "5m";
|
||||
|
|
|
@ -0,0 +1,27 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
with pkgs;
|
||||
with lib;
|
||||
{
|
||||
config = mkMerge [
|
||||
{
|
||||
home.packages = [
|
||||
(
|
||||
let
|
||||
options = [
|
||||
"name"
|
||||
"mountpoint"
|
||||
"compression"
|
||||
"com.sun:auto-snapshot:yearly"
|
||||
"com.sun:auto-snapshot:monthly"
|
||||
"com.sun:auto-snapshot:daily"
|
||||
"com.sun:auto-snapshot:hourly"
|
||||
];
|
||||
in
|
||||
pkgs.writers.writeBashBin "zfs-overview" ''
|
||||
${pkgs.zfs}/bin/zfs list -o ${concatStringsSep "," options} "$@"
|
||||
''
|
||||
)
|
||||
];
|
||||
}
|
||||
];
|
||||
}
|
|
@ -3,6 +3,7 @@
|
|||
imports = [
|
||||
../common
|
||||
./doom-emacs.nix
|
||||
./editor.nix
|
||||
./git.nix
|
||||
./gpg.nix
|
||||
./i3.nix
|
||||
|
@ -10,9 +11,9 @@
|
|||
./ssh.nix
|
||||
./stylix.nix
|
||||
./tmux.nix
|
||||
./vim.nix
|
||||
./yubikey.nix
|
||||
./zellij.nix
|
||||
./hyperland.nix
|
||||
];
|
||||
|
||||
home.stateVersion = "22.11";
|
||||
|
|
|
@ -0,0 +1,11 @@
|
|||
{
|
||||
programs.vim = {
|
||||
enable = true;
|
||||
defaultEditor = true;
|
||||
};
|
||||
|
||||
programs.helix = {
|
||||
enable = true;
|
||||
# defaultEditor = true;
|
||||
};
|
||||
}
|
|
@ -0,0 +1,161 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
|
||||
home.file.".config/hypr/hyperland.conf".text = ''
|
||||
autogenerated = 1 # remove this line to remove the warning
|
||||
# See https://wiki.hyprland.org/Configuring/Monitors/
|
||||
monitor=,preferred,auto,auto
|
||||
|
||||
# Some default env vars.
|
||||
env = XCURSOR_SIZE,24
|
||||
|
||||
# For all categories, see https://wiki.hyprland.org/Configuring/Variables/
|
||||
input {
|
||||
kb_layout = us
|
||||
kb_variant =
|
||||
kb_model =
|
||||
kb_options =
|
||||
kb_rules =
|
||||
|
||||
follow_mouse = 1
|
||||
|
||||
touchpad {
|
||||
natural_scroll = no
|
||||
}
|
||||
|
||||
sensitivity = 0 # -1.0 - 1.0, 0 means no modification.
|
||||
}
|
||||
|
||||
general {
|
||||
# See https://wiki.hyprland.org/Configuring/Variables/ for more
|
||||
|
||||
gaps_in = 5
|
||||
gaps_out = 20
|
||||
border_size = 2
|
||||
col.active_border = rgba(33ccffee) rgba(00ff99ee) 45deg
|
||||
col.inactive_border = rgba(595959aa)
|
||||
|
||||
layout = dwindle
|
||||
|
||||
# Please see https://wiki.hyprland.org/Configuring/Tearing/ before you turn this on
|
||||
allow_tearing = false
|
||||
}
|
||||
|
||||
decoration {
|
||||
# See https://wiki.hyprland.org/Configuring/Variables/ for more
|
||||
|
||||
rounding = 10
|
||||
|
||||
blur {
|
||||
enabled = true
|
||||
size = 3
|
||||
passes = 1
|
||||
}
|
||||
|
||||
drop_shadow = yes
|
||||
shadow_range = 4
|
||||
shadow_render_power = 3
|
||||
col.shadow = rgba(1a1a1aee)
|
||||
}
|
||||
|
||||
animations {
|
||||
enabled = yes
|
||||
|
||||
# Some default animations, see https://wiki.hyprland.org/Configuring/Animations/ for more
|
||||
|
||||
bezier = myBezier, 0.05, 0.9, 0.1, 1.05
|
||||
|
||||
animation = windows, 1, 7, myBezier
|
||||
animation = windowsOut, 1, 7, default, popin 80%
|
||||
animation = border, 1, 10, default
|
||||
animation = borderangle, 1, 8, default
|
||||
animation = fade, 1, 7, default
|
||||
animation = workspaces, 1, 6, default
|
||||
}
|
||||
|
||||
dwindle {
|
||||
# See https://wiki.hyprland.org/Configuring/Dwindle-Layout/ for more
|
||||
pseudotile = yes # master switch for pseudotiling. Enabling is bound to mainMod + P in the keybinds section below
|
||||
preserve_split = yes # you probably want this
|
||||
}
|
||||
|
||||
master {
|
||||
# See https://wiki.hyprland.org/Configuring/Master-Layout/ for more
|
||||
new_is_master = true
|
||||
}
|
||||
|
||||
gestures {
|
||||
# See https://wiki.hyprland.org/Configuring/Variables/ for more
|
||||
workspace_swipe = off
|
||||
}
|
||||
|
||||
misc {
|
||||
# See https://wiki.hyprland.org/Configuring/Variables/ for more
|
||||
force_default_wallpaper = -1 # Set to 0 to disable the anime mascot wallpapers
|
||||
}
|
||||
|
||||
# Example per-device config
|
||||
# See https://wiki.hyprland.org/Configuring/Keywords/#executing for more
|
||||
device:epic-mouse-v1 {
|
||||
sensitivity = -0.5
|
||||
}
|
||||
|
||||
# See https://wiki.hyprland.org/Configuring/Keywords/ for more
|
||||
$mainMod = SUPER
|
||||
|
||||
# Example binds, see https://wiki.hyprland.org/Configuring/Binds/ for more
|
||||
bind = $mainMod, enter, exec, alacritty
|
||||
bind = $mainMod, C, killactive,
|
||||
bind = $mainMod, Q, exit,
|
||||
bind = $mainMod, E, exec, dolphin
|
||||
bind = $mainMod, V, togglefloating,
|
||||
bind = $mainMod, R, exec, wofi --show drun
|
||||
bind = $mainMod, P, pseudo, # dwindle
|
||||
bind = $mainMod, J, togglesplit, # dwindle
|
||||
|
||||
# Move focus with mainMod + arrow keys
|
||||
bind = $mainMod, left, movefocus, l
|
||||
bind = $mainMod, right, movefocus, r
|
||||
bind = $mainMod, up, movefocus, u
|
||||
bind = $mainMod, down, movefocus, d
|
||||
|
||||
# Switch workspaces with mainMod + [0-9]
|
||||
bind = $mainMod, 1, workspace, 1
|
||||
bind = $mainMod, 2, workspace, 2
|
||||
bind = $mainMod, 3, workspace, 3
|
||||
bind = $mainMod, 4, workspace, 4
|
||||
bind = $mainMod, 5, workspace, 5
|
||||
bind = $mainMod, 6, workspace, 6
|
||||
bind = $mainMod, 7, workspace, 7
|
||||
bind = $mainMod, 8, workspace, 8
|
||||
bind = $mainMod, 9, workspace, 9
|
||||
bind = $mainMod, 0, workspace, 10
|
||||
|
||||
# Move active window to a workspace with mainMod + SHIFT + [0-9]
|
||||
bind = $mainMod SHIFT, 1, movetoworkspace, 1
|
||||
bind = $mainMod SHIFT, 2, movetoworkspace, 2
|
||||
bind = $mainMod SHIFT, 3, movetoworkspace, 3
|
||||
bind = $mainMod SHIFT, 4, movetoworkspace, 4
|
||||
bind = $mainMod SHIFT, 5, movetoworkspace, 5
|
||||
bind = $mainMod SHIFT, 6, movetoworkspace, 6
|
||||
bind = $mainMod SHIFT, 7, movetoworkspace, 7
|
||||
bind = $mainMod SHIFT, 8, movetoworkspace, 8
|
||||
bind = $mainMod SHIFT, 9, movetoworkspace, 9
|
||||
bind = $mainMod SHIFT, 0, movetoworkspace, 10
|
||||
|
||||
# Example special workspace (scratchpad)
|
||||
bind = $mainMod, S, togglespecialworkspace, magic
|
||||
bind = $mainMod SHIFT, S, movetoworkspace, special:magic
|
||||
|
||||
# Scroll through existing workspaces with mainMod + scroll
|
||||
bind = $mainMod, mouse_down, workspace, e+1
|
||||
bind = $mainMod, mouse_up, workspace, e-1
|
||||
|
||||
# Move/resize windows with mainMod + LMB/RMB and dragging
|
||||
bindm = $mainMod, mouse:272, movewindow
|
||||
bindm = $mainMod, mouse:273, resizewindow
|
||||
|
||||
'';
|
||||
|
||||
}
|
||||
|
|
@ -3,6 +3,8 @@ let
|
|||
|
||||
cfg = config.xsession.windowManager.i3;
|
||||
|
||||
rofi = pkgs.rofi.override { plugins = [ pkgs.rofi-emoji pkgs.rofi-calc pkgs.xdotool ]; };
|
||||
|
||||
backgroundCommand = pkgs.writers.writeDash "background" ''
|
||||
${pkgs.xorg.xrandr}/bin/xrandr | grep " connected" | grep "primary" | \
|
||||
${pkgs.gnused}/bin/sed -E "s/primary //" | \
|
||||
|
@ -37,6 +39,7 @@ in
|
|||
fixXhost
|
||||
pkgs.autorandr
|
||||
pkgs.polygon-art.polygon-art
|
||||
pkgs.xdotool # needed for rofi-emoji
|
||||
];
|
||||
|
||||
|
||||
|
@ -154,7 +157,7 @@ in
|
|||
};
|
||||
startup =
|
||||
[
|
||||
{ command = "${pkgs.albert}/bin/albert"; always = true; }
|
||||
#{ command = "${pkgs.albert}/bin/albert"; always = true; }
|
||||
{ command = toString backgroundCommand; always = true; }
|
||||
{
|
||||
command = toString (pkgs.writers.writeDash "xsettings" ''
|
||||
|
@ -258,7 +261,7 @@ in
|
|||
set -o pipefail
|
||||
${pkgs.i3}/bin/i3-msg -t get_workspaces | \
|
||||
${pkgs.jq}/bin/jq --raw-output '.[] | .name' | \
|
||||
${pkgs.rofi}/bin/rofi -dmenu -p 'Select Workspace' | \
|
||||
${rofi}/bin/rofi -dmenu -p 'Select Workspace ' | \
|
||||
while read line
|
||||
do
|
||||
${pkgs.i3}/bin/i3-msg workspace "$line"
|
||||
|
@ -274,7 +277,7 @@ in
|
|||
set -o pipefail
|
||||
${pkgs.i3}/bin/i3-msg -t get_workspaces | \
|
||||
${pkgs.jq}/bin/jq --raw-output '.[] | .name' | \
|
||||
${pkgs.rofi}/bin/rofi -dmenu -p 'Move to Workspace' | \
|
||||
${rofi}/bin/rofi -dmenu -p 'Move to Workspace ' | \
|
||||
while read line
|
||||
do
|
||||
${pkgs.i3}/bin/i3-msg move container to workspace "$line"
|
||||
|
@ -283,6 +286,7 @@ in
|
|||
in
|
||||
"exec ${script}";
|
||||
|
||||
"${cfg.config.modifier}+space" = "exec ${rofi}/bin/rofi -show drun -display-drun ''";
|
||||
"${cfg.config.modifier}+Shift+c" = "reload";
|
||||
"${cfg.config.modifier}+Shift+r" = "restart";
|
||||
"${cfg.config.modifier}+Shift+e" = "exec i3-nagbar -t warning -m 'Do you want to exit i3?' -b 'Yes' 'i3-msg exit'";
|
||||
|
@ -476,6 +480,19 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
# rofi > albert
|
||||
programs.rofi = {
|
||||
enable = true;
|
||||
cycle = true;
|
||||
package = rofi;
|
||||
# pass.enable = true;
|
||||
extraConfig = {
|
||||
modi = "drun,calc,emoji,combi";
|
||||
show-icons = true;
|
||||
terminal = "alacritty";
|
||||
};
|
||||
};
|
||||
|
||||
xdg.configFile."albert/albert.conf".text = ''
|
||||
[General]
|
||||
hotkey=Meta+Space
|
||||
|
|
|
@ -40,6 +40,14 @@ with lib;
|
|||
|
||||
mermaid-cli
|
||||
|
||||
# terminal code to image/movie renderer
|
||||
vhs
|
||||
carbon-now-cli
|
||||
asciinema
|
||||
asciinema-scenario
|
||||
asciinema
|
||||
|
||||
marp-cli # markdown to presentation framework
|
||||
];
|
||||
})
|
||||
{
|
||||
|
|
|
@ -16,12 +16,15 @@ with lib;
|
|||
blender
|
||||
lightburn
|
||||
darktable
|
||||
colorpicker
|
||||
|
||||
# CAD & 3D Plotting
|
||||
openscad
|
||||
freecad
|
||||
cura
|
||||
|
||||
qrencode
|
||||
|
||||
];
|
||||
|
||||
};
|
||||
|
|
|
@ -4,7 +4,7 @@ with lib;
|
|||
{
|
||||
config = mkIf config.gui.enable {
|
||||
home.packages = [
|
||||
unstable.logseq
|
||||
logseq
|
||||
];
|
||||
home.file.".config/Logseq/Preferences".source = (pkgs.formats.json { }).generate "LogseqPreferences.json"
|
||||
{
|
||||
|
|
|
@ -40,12 +40,15 @@ with lib;
|
|||
bitwarden
|
||||
rbw
|
||||
|
||||
unstable.trilium-desktop # old (use logseq now)
|
||||
|
||||
nginx-config-formatter
|
||||
|
||||
unstable.yt-dlp
|
||||
|
||||
OSCAR
|
||||
|
||||
# office
|
||||
pdfarranger
|
||||
|
||||
];
|
||||
|
||||
};
|
||||
|
|
|
@ -1,6 +0,0 @@
|
|||
{
|
||||
programs.vim = {
|
||||
enable = true;
|
||||
defaultEditor = true;
|
||||
};
|
||||
}
|
|
@ -31,8 +31,8 @@
|
|||
};
|
||||
};
|
||||
|
||||
networking.firewall.interfaces.wq0.allowedTCPPorts = [ 8266 ];
|
||||
networking.firewall.interfaces.wq0.allowedUDPPorts = [ 8266 ];
|
||||
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 8266 ];
|
||||
networking.firewall.interfaces.wg0.allowedUDPPorts = [ 8266 ];
|
||||
|
||||
networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 8266 ];
|
||||
networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ 8266 ];
|
||||
|
|
|
@ -20,8 +20,8 @@
|
|||
};
|
||||
};
|
||||
|
||||
#networking.firewall.interfaces.wq0.allowedTCPPorts = [ 8266 ];
|
||||
#networking.firewall.interfaces.wq0.allowedUDPPorts = [ 8266 ];
|
||||
#networking.firewall.interfaces.wg0.allowedTCPPorts = [ 8266 ];
|
||||
#networking.firewall.interfaces.wg0.allowedUDPPorts = [ 8266 ];
|
||||
|
||||
#networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 8266 ];
|
||||
#networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ 8266 ];
|
||||
|
|
|
@ -31,6 +31,10 @@
|
|||
components.network.wifi.enable = true;
|
||||
components.terminal.enable = true;
|
||||
|
||||
components.monitor.enable = true;
|
||||
components.monitor.opentelemetry.exporter.endpoint = "10.100.0.1:4317"; # orbi
|
||||
#components.monitor.opentelemetry.exporter.debug = "logs";
|
||||
|
||||
home-manager.users.mainUser.home.sessionPath = [ "$HOME/.timewarrior/scripts" ];
|
||||
|
||||
sops.secrets.yubikey_u2fAuthFile = { };
|
||||
|
|
|
@ -16,6 +16,10 @@
|
|||
|
||||
# on encrypted drive
|
||||
# ------------------
|
||||
oscar_cpap = {
|
||||
enable = true;
|
||||
path = "/home/palo/Documents/OSCAR_Data";
|
||||
};
|
||||
password-store = {
|
||||
enable = true;
|
||||
path = "/home/palo/.password-store";
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
networking.firewall.allowedUDPPorts = [ 51820 ];
|
||||
#networking.firewall.allowedUDPPorts = [ 51820 ];
|
||||
sops.secrets.wireguard_private = { };
|
||||
|
||||
# Enable WireGuard
|
||||
|
@ -18,7 +18,8 @@
|
|||
# robi
|
||||
publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
|
||||
allowedIPs = [ "10.100.0.1/24" ];
|
||||
endpoint = "ingolf-wagner.de:51820";
|
||||
#endpoint = "ingolf-wagner.de:51820";
|
||||
endpoint = "95.216.66.212:51820";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
|
|
@ -1,8 +0,0 @@
|
|||
{ config, ... }: {
|
||||
services.atuin = {
|
||||
enable = true;
|
||||
host = "0.0.0.0";
|
||||
maxHistoryLength = 999999;
|
||||
openRegistration = false;
|
||||
};
|
||||
}
|
|
@ -1,13 +0,0 @@
|
|||
{ ... }:
|
||||
{
|
||||
services.nix-serve = {
|
||||
enable = true;
|
||||
|
||||
# needed if i want to trust my own build packages and dirivations
|
||||
# nix-store --generate-binary-cache-key key-name secret-key-file public-key-file
|
||||
# secretKeyFile = sops.nixServeSecretKeyFile.path
|
||||
|
||||
};
|
||||
|
||||
|
||||
}
|
|
@ -10,59 +10,41 @@
|
|||
|
||||
./hardware-configuration
|
||||
|
||||
./disko-syncoid.nix
|
||||
./packages.nix
|
||||
|
||||
./network-wireguard.nix
|
||||
./network-tinc.nix
|
||||
./network-tinc-retiolum.nix # make sure no service is open for this vpn!
|
||||
./network-tinc.nix
|
||||
./network-wireguard.nix
|
||||
|
||||
./hass.nix
|
||||
./hass-zigbee2mqtt.nix
|
||||
./hass-mqtt.nix
|
||||
#./hass-wifi.nix
|
||||
./hass-zigbee2mqtt.nix
|
||||
./hass.nix
|
||||
|
||||
#./mail-fetcher.nix
|
||||
|
||||
#./borg.nix
|
||||
./taskwarrior-autotag.nix
|
||||
|
||||
./media-share.nix
|
||||
./media-audiobookshelf.nix
|
||||
./media-jellyfin.nix
|
||||
./media-youtube.nix
|
||||
./media-castget.nix
|
||||
./media-curl.nix
|
||||
./media-jellyfin.nix
|
||||
./media-share.nix
|
||||
./media-syncthing.nix
|
||||
./media-youtube.nix
|
||||
|
||||
# logging
|
||||
./loki.nix
|
||||
./loki-promtail.nix
|
||||
./prometheus.nix
|
||||
./grafana.nix
|
||||
./telegraf.nix
|
||||
./telegraf-smart.nix
|
||||
./telemetry/grafana.nix
|
||||
./telemetry/telegraf-smart.nix
|
||||
./telemetry/telegraf.nix
|
||||
#./telemetry/opentelemetry-hass.nix
|
||||
./telemetry/prometheus.nix
|
||||
./telemetry/loki.nix
|
||||
|
||||
#./home-display.nix
|
||||
|
||||
./rbackup.nix
|
||||
./sync-torrent.nix
|
||||
./sync-script.nix
|
||||
./sync-rbackup.nix
|
||||
./sync-syncoid.nix
|
||||
|
||||
./service-atuin.nix
|
||||
./service-paperless.nix
|
||||
./services-forgejo.nix
|
||||
./services-s3.nix
|
||||
|
||||
#./kiosk.nix
|
||||
./trilium.nix
|
||||
./gitea.nix
|
||||
./atuin.nix
|
||||
|
||||
./cache.nix
|
||||
|
||||
./vault.nix
|
||||
|
||||
./docker-registry.nix
|
||||
|
||||
./paperless.nix
|
||||
./services-vault.nix
|
||||
|
||||
];
|
||||
|
||||
|
@ -73,8 +55,12 @@
|
|||
components.network.wifi.enable = false;
|
||||
components.terminal.enable = true;
|
||||
|
||||
services.printing.enable = false;
|
||||
components.monitor.enable = true;
|
||||
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 4317 ];
|
||||
networking.firewall.interfaces.wg0.allowedUDPPorts = [ 4317 ];
|
||||
components.monitor.opentelemetry.receiver.endpoint = "0.0.0.0:4317";
|
||||
|
||||
services.printing.enable = false;
|
||||
|
||||
#virtualisation.containers.storage.settings = {
|
||||
# # fixes: Error: 'overlay' is not supported over zfs, a mount_program is required: backing file system is unsupported for this graph driver
|
||||
|
|
|
@ -1,23 +0,0 @@
|
|||
{ ... }:
|
||||
{
|
||||
services.syncoid = {
|
||||
enable = true;
|
||||
commands.service2 = {
|
||||
source = "zroot/services2";
|
||||
target = "zraid/mirror/services2"; # should not be created up front!
|
||||
};
|
||||
commands.paperless = {
|
||||
source = "zroot/paperless";
|
||||
target = "zraid/mirror/paperless"; # should not be created up front!
|
||||
};
|
||||
commands.postgresql = {
|
||||
source = "zroot/postgresql";
|
||||
target = "zraid/mirror/postgresql"; # should not be created up front!
|
||||
};
|
||||
commonArgs = [
|
||||
# Does not create new snapshot, only transfers existing
|
||||
"--no-sync-snap"
|
||||
];
|
||||
};
|
||||
|
||||
}
|
|
@ -1,3 +0,0 @@
|
|||
{
|
||||
services.dockerRegistry.enable = true;
|
||||
}
|
|
@ -11,6 +11,6 @@
|
|||
|
||||
# open for tasmota
|
||||
networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 1883 ];
|
||||
networking.firewall.interfaces.wq0.allowedTCPPorts = [ 1883 ];
|
||||
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 1883 ];
|
||||
|
||||
}
|
||||
|
|
|
@ -1,41 +0,0 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
services.promtail = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
server = {
|
||||
http_listen_port = 28183;
|
||||
grpc_listen_port = 0;
|
||||
};
|
||||
positions.filename = "/tmp/positions.yaml";
|
||||
clients = [
|
||||
{ url = "http://127.0.0.1:3100/loki/api/v1/push"; }
|
||||
];
|
||||
|
||||
scrape_configs = [
|
||||
{
|
||||
job_name = "journal";
|
||||
journal = {
|
||||
max_age = "12h";
|
||||
labels = {
|
||||
job = "systemd-journal";
|
||||
host = config.networking.hostName;
|
||||
};
|
||||
};
|
||||
relabel_configs = [
|
||||
{
|
||||
source_labels = [ "__journal__systemd_unit" ];
|
||||
target_label = "unit";
|
||||
}
|
||||
{
|
||||
source_labels = [ "__journal__transport" ];
|
||||
target_label = "transport";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
}
|
|
@ -1,99 +0,0 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
|
||||
services.loki = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
server = {
|
||||
http_listen_port = 3100;
|
||||
log_level = "warn";
|
||||
};
|
||||
auth_enabled = false;
|
||||
|
||||
ingester = {
|
||||
lifecycler = {
|
||||
address = "127.0.0.1";
|
||||
ring = {
|
||||
kvstore = {
|
||||
store = "inmemory";
|
||||
};
|
||||
replication_factor = 1;
|
||||
};
|
||||
};
|
||||
chunk_idle_period = "1h";
|
||||
max_chunk_age = "1h";
|
||||
chunk_target_size = 999999;
|
||||
chunk_retain_period = "30s";
|
||||
max_transfer_retries = 0;
|
||||
};
|
||||
|
||||
schema_config = {
|
||||
configs = [{
|
||||
from = "2022-06-06";
|
||||
store = "boltdb-shipper";
|
||||
object_store = "filesystem";
|
||||
schema = "v11";
|
||||
index = {
|
||||
prefix = "index_";
|
||||
period = "24h";
|
||||
};
|
||||
}];
|
||||
};
|
||||
|
||||
storage_config = {
|
||||
boltdb_shipper = {
|
||||
active_index_directory = "/var/lib/loki/boltdb-shipper-active";
|
||||
cache_location = "/var/lib/loki/boltdb-shipper-cache";
|
||||
cache_ttl = "24h";
|
||||
shared_store = "filesystem";
|
||||
};
|
||||
|
||||
filesystem = {
|
||||
directory = "/var/lib/loki/chunks";
|
||||
};
|
||||
};
|
||||
|
||||
limits_config = {
|
||||
reject_old_samples = true;
|
||||
reject_old_samples_max_age = "168h";
|
||||
};
|
||||
|
||||
chunk_store_config = {
|
||||
max_look_back_period = "0s";
|
||||
};
|
||||
|
||||
table_manager = {
|
||||
retention_deletes_enabled = false;
|
||||
retention_period = "0s";
|
||||
};
|
||||
|
||||
compactor = {
|
||||
working_directory = "/var/lib/loki";
|
||||
shared_store = "filesystem";
|
||||
compactor_ring = {
|
||||
kvstore = {
|
||||
store = "inmemory";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
# user, group, dataDir, extraFlags, (configFile)
|
||||
};
|
||||
|
||||
#services.nginx = {
|
||||
# enable = true;
|
||||
# virtualHosts.loki = {
|
||||
# serverName = "loki.pepe.private";
|
||||
# locations."/" = {
|
||||
# proxyWebsockets = true;
|
||||
# proxyPass = "http://127.0.0.1:3100";
|
||||
# #extraConfig = ''
|
||||
# # access_log off;
|
||||
# # allow ${config.tinc.private.subnet};
|
||||
# # deny all;
|
||||
# #'';
|
||||
# };
|
||||
# };
|
||||
#};
|
||||
|
||||
}
|
|
@ -2,19 +2,22 @@
|
|||
with lib;
|
||||
let
|
||||
configuration = {
|
||||
Chaospott37C3Tickets = rec {
|
||||
url = "https://md.chaospott.de/171s8-_cQCyX_tUca_Jxqw/download";
|
||||
target = "/media/curl/37C3";
|
||||
options = [
|
||||
"-o $( date +%H:%M:%S )-TicketPlaning.md"
|
||||
];
|
||||
};
|
||||
|
||||
#Chaospott37C3Tickets = rec {
|
||||
# url = "https://md.chaospott.de/171s8-_cQCyX_tUca_Jxqw/download";
|
||||
# target = "/media/curl/37C3";
|
||||
# options = [
|
||||
# "-o $( date +%H:%M:%S )-TicketPlaning.md"
|
||||
# ];
|
||||
#};
|
||||
|
||||
StableConfussion = {
|
||||
url = "http://stable-confusion.r/outputs/";
|
||||
target = "/media/curl/stable-confusion";
|
||||
options = [ "--mirror" ];
|
||||
options = [ "--mirror" "--quiet" ];
|
||||
command = "wget";
|
||||
};
|
||||
|
||||
};
|
||||
|
||||
downloadScript =
|
||||
|
|
|
@ -7,13 +7,12 @@
|
|||
group = "media";
|
||||
# make some folders send only
|
||||
settings.folders = {
|
||||
audiobooks.type = "sendonly";
|
||||
lost-fotos.type = "sendonly";
|
||||
lectures.type = "sendonly";
|
||||
};
|
||||
folders = {
|
||||
# on encrypted drive
|
||||
# ------------------
|
||||
oscar_cpap = {
|
||||
enable = true;
|
||||
path = "/syncthing/oscar_cpap";
|
||||
};
|
||||
logseq = {
|
||||
enable = true;
|
||||
path = "/syncthing/logseq";
|
||||
|
@ -48,6 +47,7 @@
|
|||
};
|
||||
lost-fotos = {
|
||||
enable = true;
|
||||
type = "sendonly";
|
||||
path = "/syncthing/lost-fotos.ct";
|
||||
};
|
||||
music-projects = {
|
||||
|
@ -56,10 +56,12 @@
|
|||
};
|
||||
audiobooks = {
|
||||
enable = true;
|
||||
type = "sendonly";
|
||||
path = "/media/audio-books";
|
||||
};
|
||||
lectures = {
|
||||
enable = true;
|
||||
type = "sendonly";
|
||||
path = "/media/lectures";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -21,7 +21,8 @@
|
|||
# orbi
|
||||
publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
|
||||
allowedIPs = [ "10.100.0.1/24" ];
|
||||
endpoint = "ingolf-wagner.de:51820";
|
||||
#endpoint = "ingolf-wagner.de:51820";
|
||||
endpoint = "95.216.66.212:51820";
|
||||
persistentKeepalive = 25;
|
||||
}
|
||||
];
|
||||
|
|
|
@ -1,121 +0,0 @@
|
|||
{ config, pkgs, lib, ... }: {
|
||||
|
||||
sops.secrets.hass_long_term_token.owner = "prometheus";
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
statusPage = true;
|
||||
virtualHosts = {
|
||||
"prometheus.${config.networking.hostName}.private" = {
|
||||
extraConfig = ''
|
||||
allow ${config.tinc.private.subnet};
|
||||
deny all;
|
||||
'';
|
||||
locations."/" = { proxyPass = "http://localhost:${toString config.services.prometheus.port}"; };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.prometheus = {
|
||||
checkConfig = "syntax-only";
|
||||
enable = true;
|
||||
# keep data for 30 days
|
||||
extraFlags = [ "--storage.tsdb.retention.time=90d" ];
|
||||
|
||||
ruleFiles = [
|
||||
(pkgs.writeText "prometheus-rules.yml" (builtins.toJSON {
|
||||
groups = [
|
||||
{
|
||||
name = "core";
|
||||
rules = [
|
||||
{
|
||||
alert = "InstanceDown";
|
||||
expr = "up == 0";
|
||||
for = "5m";
|
||||
labels.severity = "page";
|
||||
annotations = {
|
||||
summary = "Instance {{ $labels.instance }} down";
|
||||
description = "{{ $labels.instance }} of job {{ $labels.job }} has been down for more than 5 minutes.";
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
name = "home-assistant";
|
||||
rules = [
|
||||
{
|
||||
record = "home_open_window_sum";
|
||||
expr = ''sum( homeassistant_binary_sensor_state{entity=~"binary_sensor\\.window_02_contact|binary_sensor\\.window_03_contact|binary_sensor\\.window_04_contact|binary_sensor\\.window_05_contact|binary_sensor\\.window_06_contact|binary_sensor\\.window_07_contact"} )'';
|
||||
}
|
||||
] ++ (map
|
||||
(number:
|
||||
{
|
||||
record = "home_at_least_n_windows_open";
|
||||
expr = ''home_open_window_sum >= bool ${toString number}'';
|
||||
labels.n = number;
|
||||
}) [ 1 2 3 ]);
|
||||
}
|
||||
];
|
||||
}))
|
||||
];
|
||||
|
||||
|
||||
|
||||
|
||||
#alertmanager = {
|
||||
# enable = true;
|
||||
# configuration = {
|
||||
#};
|
||||
#};
|
||||
|
||||
exporters = {
|
||||
node = {
|
||||
enable = true;
|
||||
enabledCollectors = [ "systemd" ];
|
||||
port = 9002;
|
||||
};
|
||||
};
|
||||
|
||||
scrapeConfigs = [
|
||||
{
|
||||
job_name = "netdata";
|
||||
metrics_path = "/api/v1/allmetrics";
|
||||
params.format = [ "prometheus" ];
|
||||
scrape_interval = "5s";
|
||||
static_configs = [
|
||||
{
|
||||
targets = [ "localhost:19999" ];
|
||||
labels = {
|
||||
service = "netdata";
|
||||
server = config.networking.hostName;
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
job_name = "node";
|
||||
static_configs = [{
|
||||
targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ];
|
||||
labels = {
|
||||
service = "node-exporter";
|
||||
server = config.networking.hostName;
|
||||
};
|
||||
}];
|
||||
}
|
||||
{
|
||||
# see https://www.home-assistant.io/integrations/prometheus/
|
||||
job_name = "home-assistant";
|
||||
scrape_interval = "60s";
|
||||
metrics_path = "/api/prometheus";
|
||||
bearer_token_file = toString config.sops.secrets.hass_long_term_token.path;
|
||||
static_configs = [{
|
||||
targets = [ "localhost:8123" ];
|
||||
labels = {
|
||||
service = "hass";
|
||||
server = config.networking.hostName;
|
||||
};
|
||||
}];
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
|
@ -0,0 +1,12 @@
|
|||
{ config, pkgs, assets, ... }: {
|
||||
services.atuin = {
|
||||
enable = true;
|
||||
package = pkgs.unstable.atuin.overrideAttrs (_old: {
|
||||
# as cursed as doing mitigations=off in the kernel command line
|
||||
patches = [ "${assets}/0001-make-atuin-on-zfs-fast-again.patch" ];
|
||||
});
|
||||
host = "0.0.0.0";
|
||||
maxHistoryLength = 999999;
|
||||
openRegistration = false;
|
||||
};
|
||||
}
|
|
@ -8,10 +8,18 @@
|
|||
PAPERLESS_OCR_LANGUAGE = "deu+eng";
|
||||
PAPERLESS_APP_TITLE = "paperless.chungus.private";
|
||||
PAPERLESS_CONSUMER_IGNORE_PATTERN = builtins.toJSON [ ".DS_STORE/*" "desktop.ini" ];
|
||||
PAPERLESS_EMAIL_TASK_CRON = "0 */8 * * *"; # “At minute 0 past every 8th hour.”
|
||||
#PAPERLESS_CONSUMER_DELETE_DUPLICATES = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.permown."/var/lib/paperless/consume" = {
|
||||
owner = "paperless";
|
||||
group = "paperless";
|
||||
directory-mode = "755";
|
||||
file-mode = "640";
|
||||
};
|
||||
|
||||
networking.firewall.interfaces.wg0.allowedTCPPorts = [ config.services.paperless.port ];
|
||||
|
||||
services.nginx.virtualHosts."paperless.${config.networking.hostName}.private" = {
|
||||
|
@ -20,6 +28,9 @@
|
|||
deny all;
|
||||
'';
|
||||
locations."/" = {
|
||||
extraConfig = ''
|
||||
client_max_body_size 500M;
|
||||
'';
|
||||
proxyPass = "http://localhost:${toString config.services.paperless.port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
|
@ -11,18 +11,17 @@
|
|||
deny all;
|
||||
'';
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString config.services.gogs.httpPort}";
|
||||
proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.gitea = {
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
appName = "git.chungus.private";
|
||||
package = pkgs.forgejo;
|
||||
stateDir = "/srv/gitea";
|
||||
stateDir = "/srv/forgejo";
|
||||
settings = {
|
||||
DEFAULT.APP_NAME = "git.chungus.private";
|
||||
server.ROOT_URL = "http://git.chungus.private/";
|
||||
server.DOMAIN = "git.chungus.private";
|
||||
service.DISABLE_REGISTRATION = false;
|
||||
|
@ -34,6 +33,4 @@
|
|||
};
|
||||
};
|
||||
|
||||
# backup.dirs = [ "/srv/gitea" ];
|
||||
|
||||
}
|
|
@ -1,6 +1,8 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
services.vault = {
|
||||
enable = true;
|
||||
#adress = "chungus.private:8200";
|
||||
package = pkgs.unstable.vault;
|
||||
};
|
||||
}
|
|
@ -2,12 +2,8 @@
|
|||
{
|
||||
sops.secrets.rsync_private_key = { };
|
||||
|
||||
# todo : replace all of them with syncoid
|
||||
rbackup.plans = {
|
||||
nextcloud = {
|
||||
sshKeyPath = config.sops.secrets.rsync_private_key.path;
|
||||
src = "root@orbi:/var/lib/nixos-containers/nextcloud";
|
||||
dst = "/mirror/nextcloud";
|
||||
};
|
||||
git = {
|
||||
sshKeyPath = config.sops.secrets.rsync_private_key.path;
|
||||
src = "root@orbi:/var/lib/forgejo/";
|
||||
|
@ -23,11 +19,6 @@
|
|||
src = "root@orbi:/var/lib/bitwarden_rs/";
|
||||
dst = "/mirror/vaultwarden";
|
||||
};
|
||||
matrix-terranix = {
|
||||
sshKeyPath = config.sops.secrets.rsync_private_key.path;
|
||||
src = "root@orbi:/var/lib/nixos-containers/matrix-terranix";
|
||||
dst = "/mirror/matrix-terranix";
|
||||
};
|
||||
radarr = {
|
||||
sshKeyPath = config.sops.secrets.rsync_private_key.path;
|
||||
src = "root@orbi:/media/arr/radarr";
|
|
@ -0,0 +1,48 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
|
||||
sops.secrets.syncoid_private_key = {
|
||||
key = "rsync_private_key";
|
||||
owner = config.services.syncoid.user;
|
||||
};
|
||||
|
||||
services.syncoid = {
|
||||
enable = true;
|
||||
|
||||
# local
|
||||
commands.service2 = {
|
||||
source = "zroot/services2";
|
||||
target = "zraid/mirror/services2"; # should not be created up front!
|
||||
};
|
||||
commands.paperless = {
|
||||
source = "zroot/paperless";
|
||||
target = "zraid/mirror/paperless"; # should not be created up front!
|
||||
};
|
||||
commands.postgresql = {
|
||||
source = "zroot/postgresql";
|
||||
target = "zraid/mirror/postgresql"; # should not be created up front!
|
||||
};
|
||||
|
||||
# remote
|
||||
commands.matrix-terranix = {
|
||||
sshKey = config.sops.secrets.syncoid_private_key.path;
|
||||
source = "root@orbi:zroot/matrix-terranix";
|
||||
target = "zraid/mirror/matrix-terranix"; # should not be created up front!
|
||||
};
|
||||
commands.nextcloud = {
|
||||
sshKey = config.sops.secrets.syncoid_private_key.path;
|
||||
source = "root@orbi:zroot/nextcloud";
|
||||
target = "zraid/mirror/nextcloud"; # should not be created up front!
|
||||
};
|
||||
commands.photoprism = {
|
||||
sshKey = config.sops.secrets.syncoid_private_key.path;
|
||||
source = "root@orbi:zmedia/photoprism";
|
||||
target = "zraid/mirror/photoprism"; # should not be created up front!
|
||||
};
|
||||
commonArgs = [
|
||||
# Does not create new snapshot, only transfers existing
|
||||
"--no-sync-snap"
|
||||
];
|
||||
};
|
||||
|
||||
}
|
|
@ -1,96 +0,0 @@
|
|||
{ config, pkgs, ... }:
|
||||
let
|
||||
urls = [
|
||||
{ url = "https://bitwarden.ingolf-wagner.de"; path = ""; }
|
||||
{ url = "https://flix.ingolf-wagner.de"; path = "web/index.html"; }
|
||||
{ url = "https://git.ingolf-wagner.de"; path = ""; }
|
||||
{ url = "https://ingolf-wagner.de"; path = ""; }
|
||||
{ url = "https://nextcloud.ingolf-wagner.de"; path = "login"; }
|
||||
{ url = "https://tech.ingolf-wagner.de"; path = ""; }
|
||||
{ url = "https://matrix.ingolf-wagner.de"; path = ""; }
|
||||
];
|
||||
|
||||
in
|
||||
{
|
||||
systemd.services.telegraf.path = [ pkgs.inetutils ];
|
||||
|
||||
services.telegraf = {
|
||||
enable = true;
|
||||
extraConfig = {
|
||||
outputs.prometheus_client = {
|
||||
listen = ":9273";
|
||||
metric_version = 2;
|
||||
};
|
||||
# https://github.com/influxdata/telegraf/tree/master/plugins/inputs < all them plugins
|
||||
inputs = {
|
||||
cpu = { };
|
||||
diskio = { };
|
||||
smart.attributes = true;
|
||||
x509_cert = [{
|
||||
sources = (map (url: "${url.url}:443") urls);
|
||||
interval = "30m"; # agent.interval = "10s" is default
|
||||
}];
|
||||
http_response =
|
||||
let fullUrls = map ({ url, path }: "${url}/${path}") urls;
|
||||
in [{ urls = fullUrls; }];
|
||||
processes = { };
|
||||
system = { };
|
||||
systemd_units = { };
|
||||
internet_speed.interval = "10m";
|
||||
nginx.urls = [ "http://localhost/nginx_status" ];
|
||||
ping = [{ urls = [ "10.100.0.1" ]; }]; # actually important to make pepe visible over wireguard
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.prometheus.scrapeConfigs = [
|
||||
{
|
||||
# see https://www.home-assistant.io/integrations/prometheus/
|
||||
job_name = "telgraf";
|
||||
metrics_path = "/metrics";
|
||||
static_configs = [{
|
||||
targets = [ "localhost:9273" ];
|
||||
labels = {
|
||||
service = "telegraf";
|
||||
server = config.networking.hostName;
|
||||
};
|
||||
}];
|
||||
}
|
||||
];
|
||||
|
||||
services.prometheus.ruleFiles = [
|
||||
(pkgs.writeText "telegraf.yml" (builtins.toJSON {
|
||||
groups = [
|
||||
{
|
||||
name = "telegraf";
|
||||
rules = [
|
||||
{
|
||||
alert = "HttpResponseNotOk";
|
||||
expr = "0 * (http_response_http_response_code != 200) + 1";
|
||||
for = "5m";
|
||||
labels.severity = "page";
|
||||
annotations = {
|
||||
summary = "{{ $labels.exported_server }} does not return Ok";
|
||||
description = "{{ $labels.exported_server }} does not return Ok for more than 5 minutes";
|
||||
};
|
||||
}
|
||||
{
|
||||
alert = "CertificatExpires";
|
||||
expr = ''x509_cert_expiry{issuer_common_name="R3"} < ${toString (60 * 60 * 24 * 5)}'';
|
||||
for = "1d";
|
||||
labels.severity = "page";
|
||||
annotations = {
|
||||
summary = "{{ $labels.san }} does Expire Soon";
|
||||
description = "{{ $labels.san }} does expire in less than 5 days";
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
}))
|
||||
];
|
||||
|
||||
|
||||
|
||||
|
||||
}
|
|
@ -0,0 +1,145 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
|
||||
services.opentelemetry-collector.settings = {
|
||||
exporters.loki = {
|
||||
endpoint = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
|
||||
default_labels_enabled = {
|
||||
exporter = true;
|
||||
job = true;
|
||||
instance = true;
|
||||
level = true;
|
||||
};
|
||||
};
|
||||
processors = {
|
||||
attributes.actions = [
|
||||
{
|
||||
action = "insert";
|
||||
key = "loki.attribute.labels";
|
||||
value = "job, unit, boot_id, instance, facility, facility_label, priority, priority_label";
|
||||
}
|
||||
];
|
||||
resource.attributes = [
|
||||
{
|
||||
action = "insert";
|
||||
key = "loki.resource.labels";
|
||||
value = "host.name";
|
||||
}
|
||||
{
|
||||
action = "insert";
|
||||
key = "loki.format";
|
||||
value = "raw";
|
||||
}
|
||||
];
|
||||
};
|
||||
service.pipelines.logs.exporters = [ "loki" ];
|
||||
service.pipelines.logs.processors = [ "resource" "attributes" ];
|
||||
};
|
||||
|
||||
services.loki = {
|
||||
enable = true;
|
||||
# https://grafana.com/docs/loki/latest/configure/#supported-contents-and-default-values-of-lokiyaml
|
||||
configuration = {
|
||||
|
||||
server = {
|
||||
http_listen_port = 3100;
|
||||
log_level = "warn";
|
||||
};
|
||||
auth_enabled = false;
|
||||
|
||||
ingester = {
|
||||
lifecycler = {
|
||||
address = "127.0.0.1";
|
||||
ring = {
|
||||
kvstore = {
|
||||
store = "inmemory";
|
||||
};
|
||||
replication_factor = 1;
|
||||
};
|
||||
};
|
||||
chunk_idle_period = "1h";
|
||||
max_chunk_age = "1h";
|
||||
chunk_target_size = 999999;
|
||||
chunk_retain_period = "30s";
|
||||
max_transfer_retries = 0;
|
||||
};
|
||||
|
||||
schema_config = {
|
||||
configs = [{
|
||||
from = "2022-06-06";
|
||||
store = "boltdb-shipper";
|
||||
object_store = "filesystem";
|
||||
schema = "v11";
|
||||
index = {
|
||||
prefix = "index_";
|
||||
period = "24h";
|
||||
};
|
||||
}];
|
||||
};
|
||||
|
||||
storage_config = {
|
||||
boltdb_shipper = {
|
||||
active_index_directory = "/var/lib/loki/boltdb-shipper-active";
|
||||
cache_location = "/var/lib/loki/boltdb-shipper-cache";
|
||||
cache_ttl = "24h";
|
||||
shared_store = "filesystem";
|
||||
};
|
||||
|
||||
filesystem = {
|
||||
directory = "/var/lib/loki/chunks";
|
||||
};
|
||||
};
|
||||
|
||||
limits_config = {
|
||||
reject_old_samples = true;
|
||||
reject_old_samples_max_age = "168h";
|
||||
};
|
||||
|
||||
chunk_store_config = {
|
||||
max_look_back_period = "0s";
|
||||
};
|
||||
|
||||
table_manager = {
|
||||
retention_deletes_enabled = false;
|
||||
retention_period = "0s";
|
||||
};
|
||||
|
||||
compactor = {
|
||||
working_directory = "/var/lib/loki";
|
||||
shared_store = "filesystem";
|
||||
compactor_ring = {
|
||||
kvstore = {
|
||||
store = "inmemory";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# The query_range block configures the query splitting and caching in the Loki query-frontend.
|
||||
query_range = {
|
||||
# Perform query parallelisations based on storage sharding configuration and
|
||||
# query ASTs. This feature is supported only by the chunks storage engine.
|
||||
parallelise_shardable_queries = false; # false because of https://github.com/grafana/loki/issues/7649#issuecomment-1625645403
|
||||
};
|
||||
};
|
||||
|
||||
# user, group, dataDir, extraFlags, (configFile)
|
||||
};
|
||||
|
||||
# https://grafana.com/docs/grafana/latest/datasources/loki/#provision-the-loki-data-source
|
||||
services.grafana.provision.datasources.settings = {
|
||||
apiVersion = 1;
|
||||
datasources = [
|
||||
{
|
||||
name = "Loki";
|
||||
type = "loki";
|
||||
uid = "loki01";
|
||||
url = "http://localhost:${toString config.services.loki.configuration.server.http_listen_port}";
|
||||
jsonData = {
|
||||
timeout = 360;
|
||||
maxLines = 1000;
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
}
|
|
@ -0,0 +1,38 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
|
||||
#{
|
||||
# name = "home-assistant";
|
||||
# rules = [
|
||||
# {
|
||||
# record = "home_open_window_sum";
|
||||
# expr = ''sum( homeassistant_binary_sensor_state{entity=~"binary_sensor\\.window_02_contact|binary_sensor\\.window_03_contact|binary_sensor\\.window_04_contact|binary_sensor\\.window_05_contact|binary_sensor\\.window_06_contact|binary_sensor\\.window_07_contact"} )'';
|
||||
# }
|
||||
# ] ++ (map
|
||||
# (number:
|
||||
# {
|
||||
# record = "home_at_least_n_windows_open";
|
||||
# expr = ''home_open_window_sum >= bool ${toString number}'';
|
||||
# labels.n = number;
|
||||
# }) [ 1 2 3 ]);
|
||||
#};
|
||||
|
||||
sops.secrets.hass_long_term_token.owner = "prometheus";
|
||||
|
||||
services.opentelemetry-collector.settings = {
|
||||
service.pipelines.metrics.receivers = [ "prometheus" ];
|
||||
receivers.prometheus.config.scrape_configs = [
|
||||
{
|
||||
# see https://www.home-assistant.io/integrations/prometheus/
|
||||
job_name = "home-assistant";
|
||||
scrape_interval = "60s";
|
||||
metrics_path = "/api/prometheus";
|
||||
bearer_token_file = toString config.sops.secrets.hass_long_term_token.path;
|
||||
static_configs = [{
|
||||
targets = [ "127.0.0.1:8123" ];
|
||||
}];
|
||||
}
|
||||
];
|
||||
|
||||
};
|
||||
}
|
|
@ -0,0 +1,36 @@
|
|||
{ config, pkgs, lib, ... }: {
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
statusPage = true;
|
||||
virtualHosts = {
|
||||
"prometheus.${config.networking.hostName}.private" = {
|
||||
extraConfig = ''
|
||||
allow ${config.tinc.private.subnet};
|
||||
deny all;
|
||||
'';
|
||||
locations."/" = { proxyPass = "http://localhost:${toString config.services.prometheus.port}"; };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.prometheus = {
|
||||
checkConfig = "syntax-only";
|
||||
enable = true;
|
||||
# keep data for 30 days
|
||||
extraFlags = [ "--storage.tsdb.retention.time=90d" ];
|
||||
};
|
||||
|
||||
services.grafana.provision.datasources.settings = {
|
||||
apiVersion = 1;
|
||||
datasources = [
|
||||
{
|
||||
name = "Prometheus";
|
||||
type = "prometheus";
|
||||
uid = "prometheus01";
|
||||
url = "http://localhost:${toString config.services.prometheus.port}";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
}
|
|
@ -1,15 +1,14 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
|
||||
services.smartd.enable = true;
|
||||
environment.systemPackages = [ pkgs.smartmontools pkgs.nvme-cli ];
|
||||
|
||||
services.telegraf = {
|
||||
enable = true;
|
||||
extraConfig.inputs.smart = {
|
||||
attributes = true;
|
||||
use_sudo = true;
|
||||
};
|
||||
services.telegraf.extraConfig.inputs.smart = {
|
||||
attributes = true;
|
||||
use_sudo = true;
|
||||
};
|
||||
|
||||
systemd.services.telegraf.path = [ pkgs.smartmontools pkgs.nvme-cli "/run/wrappers" ];
|
||||
|
||||
security.sudo.configFile = ''
|
|
@ -0,0 +1,31 @@
|
|||
{ config, pkgs, ... }:
|
||||
let
|
||||
urls = [
|
||||
{ url = "https://bitwarden.ingolf-wagner.de"; path = ""; }
|
||||
{ url = "https://flix.ingolf-wagner.de"; path = "web/index.html"; }
|
||||
{ url = "https://git.ingolf-wagner.de"; path = ""; }
|
||||
{ url = "https://ingolf-wagner.de"; path = ""; }
|
||||
{ url = "https://nextcloud.ingolf-wagner.de"; path = "login"; }
|
||||
{ url = "https://tech.ingolf-wagner.de"; path = ""; }
|
||||
{ url = "https://matrix.ingolf-wagner.de"; path = ""; }
|
||||
];
|
||||
in
|
||||
{
|
||||
services.telegraf = {
|
||||
extraConfig = {
|
||||
# https://github.com/influxdata/telegraf/tree/master/plugins/inputs < all them plugins
|
||||
inputs = {
|
||||
x509_cert = [{
|
||||
sources = (map (url: "${url.url}:443") urls);
|
||||
interval = "30m"; # agent.interval = "10s" is default
|
||||
}];
|
||||
http_response =
|
||||
let fullUrls = map ({ url, path }: "${url}/${path}") urls;
|
||||
in [{ urls = fullUrls; }];
|
||||
internet_speed.interval = "10m";
|
||||
nginx.urls = [ "http://localhost/nginx_status" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
|
@ -28,6 +28,8 @@
|
|||
boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)
|
||||
|
||||
components.gui.enable = true;
|
||||
components.gui.xorg.enable = true;
|
||||
components.gui.wayland.enable = false;
|
||||
components.mainUser.enable = true;
|
||||
components.media.enable = true;
|
||||
components.media.tts-client.enable = false;
|
||||
|
@ -35,6 +37,10 @@
|
|||
components.network.wifi.enable = true;
|
||||
components.terminal.enable = true;
|
||||
|
||||
components.monitor.enable = true;
|
||||
components.monitor.opentelemetry.exporter.endpoint = "10.100.0.1:4317"; # orbi
|
||||
components.monitor.exporters.zfs.enable = false;
|
||||
|
||||
home-manager.users.mainUser.home.sessionPath = [ "$HOME/.timewarrior/scripts" ];
|
||||
|
||||
sops.secrets.yubikey_u2fAuthFile = { };
|
||||
|
|
|
@ -16,6 +16,10 @@
|
|||
|
||||
# on encrypted drive
|
||||
# ------------------
|
||||
oscar_cpap = {
|
||||
enable = true;
|
||||
path = "/home/palo/Documents/OSCAR_Data";
|
||||
};
|
||||
password-store = {
|
||||
enable = true;
|
||||
path = "/home/palo/.password-store";
|
||||
|
|
|
@ -18,7 +18,8 @@
|
|||
# robi
|
||||
publicKey = "uWR93xJe5oEbX3DsAYpOS9CuSg1VmXEQxJzdlJpe3DU=";
|
||||
allowedIPs = [ "10.100.0.1/24" ];
|
||||
endpoint = "ingolf-wagner.de:51820";
|
||||
#endpoint = "ingolf-wagner.de:51820";
|
||||
endpoint = "95.216.66.212:51820";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
|
|
@ -1,13 +0,0 @@
|
|||
{ ... }:
|
||||
{
|
||||
services.nix-serve = {
|
||||
enable = true;
|
||||
|
||||
# needed if i want to trust my own build packages and dirivations
|
||||
# nix-store --generate-binary-cache-key key-name secret-key-file public-key-file
|
||||
# secretKeyFile = sops.nixServeSecretKeyFile.path
|
||||
|
||||
};
|
||||
|
||||
|
||||
}
|
|
@ -8,11 +8,11 @@
|
|||
../../components
|
||||
../../modules
|
||||
|
||||
|
||||
./service-hedgedoc.nix
|
||||
./service-forgejo.nix
|
||||
./service-vaultwarden.nix
|
||||
./service-hedgedoc.nix
|
||||
./service-photoprism.nix
|
||||
./service-taskserver.nix
|
||||
./service-vaultwarden.nix
|
||||
|
||||
./nginx-ingolf-wagner-de.nix
|
||||
./nginx-wkd.nix
|
||||
|
@ -20,30 +20,16 @@
|
|||
./network-tinc.nix
|
||||
./network-wireguard.nix
|
||||
|
||||
./media-share.nix
|
||||
|
||||
./media-syncthing.nix
|
||||
#./media-transmission.nix
|
||||
./media-transmission2.nix
|
||||
./media-jellyfin.nix
|
||||
./media-arr.nix
|
||||
./media-jellyfin.nix
|
||||
./media-nextcloud.nix
|
||||
./media-share.nix
|
||||
./media-syncthing.nix
|
||||
./media-transmission2.nix
|
||||
|
||||
./social-jitsi.nix
|
||||
./social-matrix-terranix.nix
|
||||
|
||||
#./sync-opentracker.nix
|
||||
#./sync-torrent.nix
|
||||
|
||||
# telemetry
|
||||
# ---------
|
||||
#./loki.nix
|
||||
#./loki-promtail.nix
|
||||
##./prometheus.nix
|
||||
#./grafana.nix
|
||||
./telegraf.nix
|
||||
|
||||
#./cache.nix
|
||||
];
|
||||
|
||||
networking.hostName = "orbi";
|
||||
|
@ -55,6 +41,12 @@
|
|||
components.network.nginx.landingpage.enable = false;
|
||||
components.network.wifi.enable = false;
|
||||
|
||||
components.monitor.enable = true;
|
||||
networking.firewall.interfaces.wg0.allowedTCPPorts = [ 4317 ];
|
||||
networking.firewall.interfaces.wg0.allowedUDPPorts = [ 4317 ];
|
||||
components.monitor.opentelemetry.receiver.endpoint = "0.0.0.0:4317";
|
||||
components.monitor.opentelemetry.exporter.endpoint = "10.100.0.2:4317"; # chnungus
|
||||
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.defaults.email = "contact@ingolf-wagner.de";
|
||||
|
||||
|
@ -63,4 +55,11 @@
|
|||
# chungus rsync
|
||||
users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJkqVvuJSvRMO5pG2CHNNBxjB7HlJudK4TQs3BhbOWOD" ];
|
||||
|
||||
# todo : need this for syncoid
|
||||
environment.systemPackages = [
|
||||
pkgs.mbuffer
|
||||
pkgs.lzop
|
||||
pkgs.gzip
|
||||
];
|
||||
|
||||
}
|
||||
|
|
|
@ -1,58 +0,0 @@
|
|||
{ lib, config, pkgs, ... }:
|
||||
let
|
||||
|
||||
# find symbols with
|
||||
# https://www.alphavantage.co/query?function=SYMBOL_SEARCH&apikey=<api_key>&keywords=<keywords>
|
||||
# as described here : https://www.alphavantage.co/documentation/#symbolsearch
|
||||
#
|
||||
# example:
|
||||
# --------
|
||||
# stocks = [
|
||||
# {
|
||||
# friendly_name = "google";
|
||||
# symbol = "GOOGL.DEX";
|
||||
# name = "google";
|
||||
# currency = "$";
|
||||
# }
|
||||
# ];
|
||||
# results in
|
||||
# P 2020-01-30 GOOGL $123
|
||||
stocks = import ../../private_assets/finance/stocks;
|
||||
stocksFile = toString /home/syncthing/finance/hledger/stocks.journal;
|
||||
|
||||
in
|
||||
{
|
||||
|
||||
systemd.services.pull_stocks = {
|
||||
enable = true;
|
||||
description = "pull stocks for hledger";
|
||||
serviceConfig = {
|
||||
User = "syncthing";
|
||||
Type = "oneshot";
|
||||
};
|
||||
|
||||
script =
|
||||
let
|
||||
command = { symbol, name, currency, ... }: ''
|
||||
APIKEY=${lib.fileContents ../../private_assets/finance/alphavantage/apiKey}
|
||||
SYMBOL="${symbol}"
|
||||
${pkgs.curl}/bin/curl --location --silent \
|
||||
"https://www.alphavantage.co/query?function=GLOBAL_QUOTE&symbol=$SYMBOL&apikey=$APIKEY" \
|
||||
| ${pkgs.jq}/bin/jq --raw-output '.["Global Quote"]
|
||||
| "P \(.["07. latest trading day"]) ${name} ${currency}\(.["05. price"] | tonumber)"' \
|
||||
>> ${stocksFile}
|
||||
sleep 1
|
||||
'';
|
||||
in
|
||||
lib.concatStringsSep "\n" (map command stocks);
|
||||
};
|
||||
|
||||
systemd.timers.pull_stocks = {
|
||||
enable = true;
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
timerConfig = {
|
||||
OnCalendar = "weekly";
|
||||
Persistent = "true";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,24 +0,0 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
|
||||
services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = {
|
||||
extraConfig = ''
|
||||
allow ${config.tinc.private.subnet};
|
||||
deny all;
|
||||
'';
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
settings.server = {
|
||||
domain = "grafana.robi.private";
|
||||
http_port = 2342;
|
||||
http_addr = "localhost";
|
||||
};
|
||||
};
|
||||
|
||||
}
|
|
@ -1,130 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let port = 9000;
|
||||
in {
|
||||
# configure nginx
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"graylog.workhorse.private" = {
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString port}";
|
||||
extraConfig = ''
|
||||
proxy_set_header Host $host:$server_port;
|
||||
proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header X-Forwarded-Proto $scheme;
|
||||
proxy_read_timeout 90;
|
||||
proxy_redirect http://localhost:${
|
||||
toString port
|
||||
} https://graylog.workhorse.private/;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.mongodb.enable = true;
|
||||
services.elasticsearch = {
|
||||
enable = true;
|
||||
listenAddress = "${config.networking.hostName}.private";
|
||||
extraJavaOptions = [ "-Des.http.cname_in_publish_address=true" ];
|
||||
};
|
||||
|
||||
services.graylog.enable = true;
|
||||
services.graylog.elasticsearchHosts =
|
||||
[ "http://${config.services.elasticsearch.listenAddress}:9200" ];
|
||||
|
||||
# https://docs.graylog.org/en/3.0/pages/configuration/server.conf.html
|
||||
services.graylog.extraConfig = ''
|
||||
http_bind_address = 0.0.0.0:${toString port}
|
||||
http_publish_uri = http://workhorse.private:${toString port}/
|
||||
'';
|
||||
|
||||
# other wise this does not work
|
||||
services.graylog.nodeIdFile = "/var/lib/graylog/node-id";
|
||||
|
||||
# pwgen -N 1 -s 96
|
||||
services.graylog.passwordSecret =
|
||||
lib.fileContents ../../private_assets/graylog/password-secret;
|
||||
|
||||
# echo -n yourpassword | shasum -a 256
|
||||
services.graylog.rootPasswordSha2 =
|
||||
lib.fileContents ../../private_assets/graylog/root-password-hash;
|
||||
|
||||
services.graylog.plugins = [ pkgs.graylogPlugins.slack ];
|
||||
|
||||
# not working at the moment
|
||||
#services.geoip-updater.enable = true;
|
||||
|
||||
# https://wiki.splunk.com/Http_status.csv
|
||||
environment.etc."graylog/server/httpCodes.csv" = {
|
||||
enable = true;
|
||||
text = ''
|
||||
status,status_description,status_type
|
||||
100,Continue,Informational
|
||||
101,Switching Protocols,Informational
|
||||
200,OK,Successful
|
||||
201,Created,Successful
|
||||
202,Accepted,Successful
|
||||
203,Non-Authoritative Information,Successful
|
||||
204,No Content,Successful
|
||||
205,Reset Content,Successful
|
||||
206,Partial Content,Successful
|
||||
300,Multiple Choices,Redirection
|
||||
301,Moved Permanently,Redirection
|
||||
302,Found,Redirection
|
||||
303,See Other,Redirection
|
||||
304,Not Modified,Redirection
|
||||
305,Use Proxy,Redirection
|
||||
307,Temporary Redirect,Redirection
|
||||
400,Bad Request,Client Error
|
||||
401,Unauthorized,Client Error
|
||||
402,Payment Required,Client Error
|
||||
403,Forbidden,Client Error
|
||||
404,Not Found,Client Error
|
||||
405,Method Not Allowed,Client Error
|
||||
406,Not Acceptable,Client Error
|
||||
407,Proxy Authentication Required,Client Error
|
||||
408,Request Timeout,Client Error
|
||||
409,Conflict,Client Error
|
||||
410,Gone,Client Error
|
||||
411,Length Required,Client Error
|
||||
412,Precondition Failed,Client Error
|
||||
413,Request Entity Too Large,Client Error
|
||||
414,Request-URI Too Long,Client Error
|
||||
415,Unsupported Media Type,Client Error
|
||||
416,Requested Range Not Satisfiable,Client Error
|
||||
417,Expectation Failed,Client Error
|
||||
500,Internal Server Error,Server Error
|
||||
501,Not Implemented,Server Error
|
||||
502,Bad Gateway,Server Error
|
||||
503,Service Unavailable,Server Error
|
||||
504,Gateway Timeout,Server Error
|
||||
505,HTTP Version Not Supported,Server Error
|
||||
'';
|
||||
};
|
||||
|
||||
environment.etc."graylog/server/known_servers.csv" = {
|
||||
enable = true;
|
||||
text = ''
|
||||
"ip","host_name"
|
||||
"95.216.1.150","lassul.us"
|
||||
'';
|
||||
};
|
||||
|
||||
environment.etc."graylog/systemd/loglevel.csv" = {
|
||||
enable = true;
|
||||
text = ''
|
||||
"value","Servity","Description"
|
||||
"0","emergency","System is unusable"
|
||||
"1","alert","Should be corrected immediately"
|
||||
"2","cirtical","Critical conditions"
|
||||
"3","error","Error Condition"
|
||||
"4","warning","May indicate that an error will occur if action is not taken."
|
||||
"5","notice","Events that are unusual, but not error conditions."
|
||||
"6","info","Normal operational messages that require no action."
|
||||
"7","debug","Information useful to developers for debugging the application."
|
||||
'';
|
||||
};
|
||||
|
||||
}
|
|
@ -1,16 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
|
||||
{
|
||||
services.grocy = {
|
||||
enable = true;
|
||||
settings = {
|
||||
culture = "de";
|
||||
currency = "EUR";
|
||||
};
|
||||
hostName = "grocy.ingolf-wagner.de";
|
||||
nginx.enableSSL = true;
|
||||
};
|
||||
|
||||
backup.dirs = [ config.services.grocy.dataDir ];
|
||||
|
||||
}
|
|
@ -112,6 +112,18 @@ in
|
|||
#"com.sun:auto-snapshot:monthly" = false;
|
||||
};
|
||||
};
|
||||
"matrix-terranix" = {
|
||||
type = "zfs_fs";
|
||||
mountpoint = "/var/lib/nixos-containers/matrix-terranix";
|
||||
options = {
|
||||
mountpoint = "legacy";
|
||||
compression = "lz4";
|
||||
"com.sun:auto-snapshot:hourly" = toString true;
|
||||
"com.sun:auto-snapshot:daily" = toString true;
|
||||
#"com.sun:auto-snapshot:weekly" = false;
|
||||
#"com.sun:auto-snapshot:monthly" = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
@ -123,7 +135,7 @@ in
|
|||
canmount = "off";
|
||||
};
|
||||
datasets = {
|
||||
"media" = {
|
||||
media = {
|
||||
type = "zfs_fs";
|
||||
mountpoint = "/media";
|
||||
options = {
|
||||
|
@ -134,6 +146,18 @@ in
|
|||
#"com.sun:auto-snapshot:monthly" = false;
|
||||
};
|
||||
};
|
||||
photoprism = {
|
||||
type = "zfs_fs";
|
||||
mountpoint = "/var/lib/nixos-containers/photoprism";
|
||||
options = {
|
||||
mountpoint = "legacy";
|
||||
compression = "lz4";
|
||||
"com.sun:auto-snapshot:hourly" = toString true;
|
||||
"com.sun:auto-snapshot:daily" = toString true;
|
||||
#"com.sun:auto-snapshot:weekly" = false;
|
||||
#"com.sun:auto-snapshot:monthly" = false;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
|
|
|
@ -1,25 +0,0 @@
|
|||
{ config, ... }: {
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
statusPage = true;
|
||||
virtualHosts = {
|
||||
"kibana.${config.networking.hostName}.private" = {
|
||||
serverAliases = [ ];
|
||||
locations."/" = {
|
||||
proxyPass = "http://${config.networking.hostName}.private:${
|
||||
toString config.services.kibana.port
|
||||
}";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.elasticsearch.enable = true;
|
||||
services.elasticsearch.listenAddress = "workhorse.private";
|
||||
|
||||
services.kibana.enable = true;
|
||||
services.kibana.elasticsearch.hosts = [ "http://workhorse.private:9200" ];
|
||||
services.kibana.listenAddress = "workhorse.private";
|
||||
services.kibana.port = 5601;
|
||||
|
||||
}
|
|
@ -1,41 +0,0 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
services.promtail = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
server = {
|
||||
http_listen_port = 28183;
|
||||
grpc_listen_port = 0;
|
||||
};
|
||||
positions.filename = "/tmp/positions.yaml";
|
||||
clients = [
|
||||
{ url = "http://127.0.0.1:3100/loki/api/v1/push"; }
|
||||
];
|
||||
|
||||
scrape_configs = [
|
||||
{
|
||||
job_name = "journal";
|
||||
journal = {
|
||||
max_age = "12h";
|
||||
labels = {
|
||||
job = "systemd-journal";
|
||||
host = config.networking.hostName;
|
||||
};
|
||||
};
|
||||
relabel_configs = [
|
||||
{
|
||||
source_labels = [ "__journal__systemd_unit" ];
|
||||
target_label = "unit";
|
||||
}
|
||||
{
|
||||
source_labels = [ "__journal__transport" ];
|
||||
target_label = "transport";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
};
|
||||
|
||||
};
|
||||
}
|
|
@ -1,99 +0,0 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
|
||||
services.loki = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
server = {
|
||||
http_listen_port = 3100;
|
||||
log_level = "warn";
|
||||
};
|
||||
auth_enabled = false;
|
||||
|
||||
ingester = {
|
||||
lifecycler = {
|
||||
address = "127.0.0.1";
|
||||
ring = {
|
||||
kvstore = {
|
||||
store = "inmemory";
|
||||
};
|
||||
replication_factor = 1;
|
||||
};
|
||||
};
|
||||
chunk_idle_period = "1h";
|
||||
max_chunk_age = "1h";
|
||||
chunk_target_size = 999999;
|
||||
chunk_retain_period = "30s";
|
||||
max_transfer_retries = 0;
|
||||
};
|
||||
|
||||
schema_config = {
|
||||
configs = [{
|
||||
from = "2022-06-06";
|
||||
store = "boltdb-shipper";
|
||||
object_store = "filesystem";
|
||||
schema = "v11";
|
||||
index = {
|
||||
prefix = "index_";
|
||||
period = "24h";
|
||||
};
|
||||
}];
|
||||
};
|
||||
|
||||
storage_config = {
|
||||
boltdb_shipper = {
|
||||
active_index_directory = "/var/lib/loki/boltdb-shipper-active";
|
||||
cache_location = "/var/lib/loki/boltdb-shipper-cache";
|
||||
cache_ttl = "24h";
|
||||
shared_store = "filesystem";
|
||||
};
|
||||
|
||||
filesystem = {
|
||||
directory = "/var/lib/loki/chunks";
|
||||
};
|
||||
};
|
||||
|
||||
limits_config = {
|
||||
reject_old_samples = true;
|
||||
reject_old_samples_max_age = "168h";
|
||||
};
|
||||
|
||||
chunk_store_config = {
|
||||
max_look_back_period = "0s";
|
||||
};
|
||||
|
||||
table_manager = {
|
||||
retention_deletes_enabled = false;
|
||||
retention_period = "0s";
|
||||
};
|
||||
|
||||
compactor = {
|
||||
working_directory = "/var/lib/loki";
|
||||
shared_store = "filesystem";
|
||||
compactor_ring = {
|
||||
kvstore = {
|
||||
store = "inmemory";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
# user, group, dataDir, extraFlags, (configFile)
|
||||
};
|
||||
|
||||
#services.nginx = {
|
||||
# enable = true;
|
||||
# virtualHosts.loki = {
|
||||
# serverName = "loki.pepe.private";
|
||||
# locations."/" = {
|
||||
# proxyWebsockets = true;
|
||||
# proxyPass = "http://127.0.0.1:3100";
|
||||
# #extraConfig = ''
|
||||
# # access_log off;
|
||||
# # allow ${config.tinc.private.subnet};
|
||||
# # deny all;
|
||||
# #'';
|
||||
# };
|
||||
# };
|
||||
#};
|
||||
|
||||
}
|
|
@ -1,663 +0,0 @@
|
|||
# fetches mails for me
|
||||
{ lib, pkgs, config, ... }:
|
||||
let
|
||||
junk_filter = [
|
||||
"from:booking.com"
|
||||
"subject:Gewinn"
|
||||
"from:brompton.com"
|
||||
"from:circleci.com OR (from:noreply@github.com AND to:audio-overlay@googlegroups.com)"
|
||||
"from:codepen.io"
|
||||
"from:congstarnews.de"
|
||||
"from:cronullasurfingacademy.com"
|
||||
"from:cryptohopper.com"
|
||||
"from:digitalo.de"
|
||||
"from:facebook.com OR from:facebookmail.com"
|
||||
"from:fitnessfirst.de"
|
||||
"from:flixbus.de"
|
||||
"from:getdigital.de"
|
||||
"from:getpocket.com"
|
||||
"from:ghostinspector.com"
|
||||
"from:globetrotter.de"
|
||||
"from:hackster.io"
|
||||
"from:hostelworld.com"
|
||||
"from:immobilienscout24.de"
|
||||
"from:kvraudio.com"
|
||||
"from:letterboxd.com"
|
||||
"from:linkedin.com"
|
||||
"from:magix.net"
|
||||
"from:mailings.gmx.net"
|
||||
"from:mailings.web.de"
|
||||
"from:matrix.org"
|
||||
"from:menospese.com"
|
||||
"from:microsoftstoreemail.com"
|
||||
"from:mixcloudmail.com AND subject:Weekly Update"
|
||||
"from:oknotify2.com AND NOT subject:New message"
|
||||
"from:paulaschoice.com"
|
||||
"from:puppet.com"
|
||||
"from:runtastic.com"
|
||||
"from:samplemagic.com OR from:wavealchemy.co.uk OR from:creators.gumroad.com"
|
||||
"from:ticketmaster.de"
|
||||
"from:trade4less.de"
|
||||
"from:tumblr.com"
|
||||
"from:turners.co.nz"
|
||||
"from:twitch.tv"
|
||||
"from:vstbuzz.com"
|
||||
];
|
||||
filters = [
|
||||
{
|
||||
query = "from:hv-geelen.de";
|
||||
tags = [ "+wohnung" ];
|
||||
}
|
||||
{
|
||||
query = "from:computerfutures.com OR from:computerfutures.de";
|
||||
tags = [ "+jobs" "-inbox" ];
|
||||
}
|
||||
{
|
||||
query = "from:seek.com.au or from:seek.co.nz";
|
||||
tags = [ "+jobs" ];
|
||||
}
|
||||
{
|
||||
query = "from:xing.com";
|
||||
tags = [ "+jobs" "-inbox" ];
|
||||
}
|
||||
{
|
||||
query = "from:no-reply@backtrace.io OR to:sononym@noreply.github.com";
|
||||
tags = [ "+sononym" "-inbox" ];
|
||||
}
|
||||
{
|
||||
query = "from:ebay.com OR from:ebay.de OR from:ebay.net";
|
||||
tags = [ "+ebay" "+shop" "+billing" ];
|
||||
}
|
||||
{
|
||||
query = "from:bahn.de";
|
||||
tags = [ "+billing" "+bahn" ];
|
||||
}
|
||||
{
|
||||
query =
|
||||
"from:fysitech.atlassian.net OR to:engiadina-pwa@noreply.github.com";
|
||||
tags = [ "+mia" "+work" "-unread" "-inbox" ];
|
||||
}
|
||||
{
|
||||
query =
|
||||
"from:space-left.org OR to:space-left.org OR subject:/\\[space-left\\]/";
|
||||
tags = [ "+spaceleft" "+space-left" ];
|
||||
}
|
||||
{
|
||||
query = "from:landr.com";
|
||||
tags = [ "+landr" "+music" ];
|
||||
}
|
||||
{
|
||||
query = "tag:landr and tag:billing";
|
||||
tags = [ "+billing" ];
|
||||
}
|
||||
{
|
||||
query = "from:oknotify2.com";
|
||||
tags = [ "+okcupid" ];
|
||||
}
|
||||
{
|
||||
query = "from:taxback.de OR to:taxback.de";
|
||||
tags = [ "+steuer" ];
|
||||
}
|
||||
{
|
||||
query = "from:campact.de";
|
||||
tags = [ "+campact" "+politics" ];
|
||||
}
|
||||
{
|
||||
query = "from:aliexpress.com";
|
||||
tags = [ "+shop" "+aliexpress" ];
|
||||
}
|
||||
{
|
||||
query = "from:congstar.de";
|
||||
tags = [ "+billing" "+congstar" "-inbox" "-unread" ];
|
||||
}
|
||||
{
|
||||
query =
|
||||
"from:steampowered.com AND NOT ( subject:purchase OR subject:received )";
|
||||
tags = [ "-inbox" "-unread" ];
|
||||
}
|
||||
{
|
||||
query =
|
||||
"from:steampowered.com AND ( subject:purchase OR subject:received )";
|
||||
tags = [ "+billing" "+steam" ];
|
||||
}
|
||||
{
|
||||
query = "from:gog.com AND NOT subject:Bestellung";
|
||||
tags = [ "-inbox" "-unread" ];
|
||||
}
|
||||
{
|
||||
query = "from:gog.com AND subject:Bestellung";
|
||||
tags = [ "+billing" "+gog" ];
|
||||
}
|
||||
{
|
||||
query = "from:stadtmobil.de";
|
||||
tags = [ "+billing" "+stadtmobil" "-inbox" "-unread" ];
|
||||
}
|
||||
{
|
||||
query = "from:drive-now.com";
|
||||
tags = [ "+billing" "+drivenow" "-inbox" "-unread" ];
|
||||
}
|
||||
{
|
||||
query = "from:data-treuhand.de";
|
||||
tags = [ "+mindcurv" "+work" "-inbox" "-unread" "-junk" ];
|
||||
}
|
||||
{
|
||||
query = "from:immocation.de";
|
||||
tags = [ "+immobilien" "-inbox" ];
|
||||
}
|
||||
{
|
||||
query = "from:tinc-vpn.org";
|
||||
tags = [ "+tinc" ];
|
||||
}
|
||||
{
|
||||
query = "from:mindfactory.de";
|
||||
tags = [ "+shop" "+billing" ];
|
||||
}
|
||||
{
|
||||
query = "from:zalando.de";
|
||||
tags = [ "+shop" "+billing" "+zalando" ];
|
||||
}
|
||||
{
|
||||
query = "from:ing.de";
|
||||
tags = [ "+bank" "+ingdiba" ];
|
||||
}
|
||||
{
|
||||
query = "from:nab.com.au";
|
||||
tags = [ "+bank" "+nab" "-inbox" "-unread" ];
|
||||
}
|
||||
{
|
||||
query = "from:dkb.de";
|
||||
tags = [ "+bank" "+dkb" ];
|
||||
}
|
||||
{
|
||||
query = "from:o2online.de";
|
||||
tags = [ "+billing" "+o2" ];
|
||||
}
|
||||
{
|
||||
query = "from:betfair.com";
|
||||
tags = [ "+work" "+betfair" ];
|
||||
}
|
||||
{
|
||||
query = "from:notifications@github.com";
|
||||
tags = [ "+github" ];
|
||||
}
|
||||
{
|
||||
query = "to:NUR@noreply.github.com";
|
||||
tags = [ "+nur" "+nixos" "+list" ];
|
||||
}
|
||||
{
|
||||
query = "to:nixpkgs@noreply.github.com";
|
||||
tags = [ "+nixpkgs" "+nixos" "+list" ];
|
||||
}
|
||||
{
|
||||
query = "from:travis-ci.org AND subject:mrVanDalo/navi";
|
||||
tags = [ "+development" "+navi" ];
|
||||
}
|
||||
{
|
||||
query = "from:travis-ci.org AND subject:nur-packages";
|
||||
tags = [ "+development" "+nixos" "+nur-packages" ];
|
||||
}
|
||||
{
|
||||
query = "from:travis-ci.org AND subject:csv-to-qif";
|
||||
tags = [ "+development" "+csv-to-qif" ];
|
||||
}
|
||||
{
|
||||
query = "to:proaudio@lists.tuxfamily.org";
|
||||
tags = [ "-inbox" "-unread" ];
|
||||
}
|
||||
{
|
||||
query = "from:nixos1@discoursemail.com";
|
||||
tags = [ "+nixos" "+discourse" "+list" ];
|
||||
}
|
||||
{
|
||||
query = "from:nixos1@discoursemail.com AND subject:Development";
|
||||
tags = [ "+nixos" "+discourse" "+development" ];
|
||||
}
|
||||
{
|
||||
query = "from:nixos1@discoursemail.com AND subject:Français";
|
||||
tags = [ "+nixos" "+discourse" "-inbox" "-unread" ];
|
||||
}
|
||||
{
|
||||
query = "from:nixos1@discoursemail.com AND subject:Announcements";
|
||||
tags = [ "+nixos" "+discourse" "+announcements" ];
|
||||
}
|
||||
{
|
||||
query = "from:nixos1@discoursemail.com AND subject:Links";
|
||||
tags = [ "+nixos" "+discourse" "+links" ];
|
||||
}
|
||||
{
|
||||
query = "from:nixos1@discoursemail.com AND subject:Games";
|
||||
tags = [ "+nixos" "+discourse" "+games" ];
|
||||
}
|
||||
{
|
||||
query = "from:nixos1@discoursemail.com AND subject:Meta";
|
||||
tags = [ "+nixos" "+discourse" "+meta" ];
|
||||
}
|
||||
{
|
||||
query = "from:nixos1@discoursemail.com AND subject:Events";
|
||||
tags = [ "+nixos" "+discourse" "+events" ];
|
||||
}
|
||||
{
|
||||
query = "from:limebike.com AND (subject:Funds OR subject:Receipt)";
|
||||
tags = [ "-inbox" "-unread" "+billing" "+limebike" ];
|
||||
}
|
||||
{
|
||||
query = "from:freemusicarchive.org";
|
||||
tags = [ "+FMA" ];
|
||||
}
|
||||
{
|
||||
query = "from:namecheap.com and subject:auto-renewal";
|
||||
tags = [ "+namecheap" "+billing" ];
|
||||
}
|
||||
{
|
||||
query = "from:namecheap.com and subject:order";
|
||||
tags = [ "+namecheap" "+billing" ];
|
||||
}
|
||||
{
|
||||
query = "tag:namecheap.com and tag:billing and body:gaykraft.com";
|
||||
tags = [ "+namecheap" "+billing" ];
|
||||
}
|
||||
{
|
||||
query = "from:nintendo.com";
|
||||
tags = [ "+nintendo" "+billing" ];
|
||||
}
|
||||
{
|
||||
query = "from:oculus.com AND subject:receipt";
|
||||
tags = [ "+oculus" "+billing" ];
|
||||
}
|
||||
{
|
||||
query = "from:car2go.com";
|
||||
tags = [ "-inbox" "-unread" ];
|
||||
}
|
||||
{
|
||||
query = "from:sixt.de";
|
||||
tags = [ "-inbox" "-unread" ];
|
||||
}
|
||||
{
|
||||
query = "from:meetup.com";
|
||||
tags = [ "-inbox" "-unread" "+meetup" ];
|
||||
}
|
||||
{
|
||||
query = "from:slack.com";
|
||||
tags = [ "+slack" ];
|
||||
}
|
||||
{
|
||||
query = "from:keybase.io";
|
||||
tags = [ "+keybase" ];
|
||||
}
|
||||
{
|
||||
query = "from:jobs2web.com";
|
||||
tags = [ "+newzealand" "+jobs" "-inbox" ];
|
||||
}
|
||||
{
|
||||
query = "from:paypal.de AND subject:Bestätigung";
|
||||
tags = [ "-unread" "+paypal" "+billing" ];
|
||||
}
|
||||
{
|
||||
query = "to:c-base.org";
|
||||
tags = [ "+cbase" "+list" ];
|
||||
}
|
||||
{
|
||||
query = "to:c-base.org AND subject=[auto-report]";
|
||||
tags = [ "-unread" "-inbox" ];
|
||||
}
|
||||
{
|
||||
query = "from:browserstack.com";
|
||||
tags = [ "+browserstack" ];
|
||||
}
|
||||
{
|
||||
query =
|
||||
"to:renoise@ingolf-wagner.de OR to:root@renoise.com OR from:renoise.com OR to:admin@renoise.com";
|
||||
tags = [ "+renoise" ];
|
||||
}
|
||||
{
|
||||
query = "from:amazon.de OR from:amazon.com AND NOT to:renoise.com";
|
||||
tags = [ "+shop" "+amazon" "+billing" ];
|
||||
}
|
||||
{
|
||||
query = "from:hetzner.com OR from:hetzner.de";
|
||||
tags = [ "+hetzner" ];
|
||||
}
|
||||
{
|
||||
query =
|
||||
"to:renoise.com AND NOT ( from:renoise.com OR from:root OR from:hetzner.com OR from:hetzner.de OR from:amazon.com OR from:gmail.com )";
|
||||
tags = [ "-inbox" "-unread" "+junk" "+renoise" ];
|
||||
}
|
||||
{
|
||||
query = "tag:hetzner and subject:Invoice";
|
||||
tags = [ "+billing" ];
|
||||
}
|
||||
# final rules to make imap sync stuff easier
|
||||
# there can only be one output folder tag, and theses rules are prioritized
|
||||
{
|
||||
query = "tag:fraud";
|
||||
tags = [ "-inbox" "-archive" "-junk" "-unread" ];
|
||||
message = "clean up tag fraud";
|
||||
}
|
||||
{
|
||||
query = "tag:junk";
|
||||
tags = [ "-inbox" "-archive" "-fraud" "-unread" ];
|
||||
message = "clean up tag junk";
|
||||
}
|
||||
{
|
||||
query = "tag:archive";
|
||||
tags = [ "-inbox" "-junk" "-fraud" "-unread" ];
|
||||
message = "clean up tag archive";
|
||||
}
|
||||
{
|
||||
query = "tag:inbox";
|
||||
tags = [ "-archive" "-junk" "-fraud" ];
|
||||
message = "clean up inbox";
|
||||
}
|
||||
{
|
||||
query = "tag:killed";
|
||||
tags = [ "-inbox" "-unread" ];
|
||||
message = "clean up tag killed";
|
||||
}
|
||||
{
|
||||
query = "tag:muted";
|
||||
tags = [ "-inbox" "-unread" ];
|
||||
}
|
||||
# remove new tag at the end
|
||||
{
|
||||
query = "tag:new";
|
||||
tags = [ "-new" ];
|
||||
message = "remove new tag at the end";
|
||||
}
|
||||
];
|
||||
|
||||
notmuchTagging =
|
||||
let
|
||||
|
||||
template = index:
|
||||
{ tags, query, message ? "generic", ... }:
|
||||
let
|
||||
command = ''
|
||||
${pkgs.notmuch}/bin/notmuch tag ${lib.concatStringsSep " " tags} -- "${query}"
|
||||
'';
|
||||
in
|
||||
''
|
||||
echo '${command}'
|
||||
${command}
|
||||
'';
|
||||
junk_template = index: query:
|
||||
template index {
|
||||
tags = [ "+junk" "-unread" "-inbox" ];
|
||||
query = query;
|
||||
message = "generic junk filter";
|
||||
};
|
||||
|
||||
in
|
||||
pkgs.writers.writeBash "notmuch-tagging" (lib.concatStringsSep "\n"
|
||||
((lib.imap0 junk_template junk_filter) ++ (lib.imap0 template filters)));
|
||||
|
||||
notmuchTaggingNew =
|
||||
let
|
||||
|
||||
template = index:
|
||||
{ tags, query, message ? "generic", ... }:
|
||||
let
|
||||
command = ''
|
||||
${pkgs.notmuch}/bin/notmuch tag ${
|
||||
lib.concatStringsSep " " tags
|
||||
} -- "${query} AND tag:new"
|
||||
'';
|
||||
in
|
||||
''
|
||||
echo '${command}'
|
||||
${command}
|
||||
'';
|
||||
|
||||
junk_template = index: query:
|
||||
template index {
|
||||
tags = [ "+junk" "-unread" "-inbox" ];
|
||||
query = query;
|
||||
message = "generic junk filter";
|
||||
};
|
||||
in
|
||||
pkgs.writers.writeBash "notmuch-tagging-new" (lib.concatStringsSep "\n"
|
||||
((lib.imap0 junk_template junk_filter) ++ (lib.imap0 template filters)));
|
||||
|
||||
in
|
||||
{
|
||||
|
||||
backup.dirs = [ "/home/mailfetcher" ];
|
||||
|
||||
users.users.mailUser = {
|
||||
isNormalUser = true;
|
||||
description = "collects mails for me";
|
||||
hashedPassword = "!";
|
||||
name = "mailfetcher";
|
||||
home = "/home/mailfetcher";
|
||||
openssh.authorizedKeys.keyFiles =
|
||||
config.users.users.root.openssh.authorizedKeys.keyFiles;
|
||||
group = "mailfetcher";
|
||||
};
|
||||
|
||||
users.groups.mailUser = {
|
||||
name = "mailfetcher";
|
||||
};
|
||||
|
||||
sops.secrets.mail_terranix = {
|
||||
owner = config.users.users.mailUser.name;
|
||||
group = config.users.users.mailUser.group;
|
||||
};
|
||||
sops.secrets.mail_gmail = {
|
||||
owner = config.users.users.mailUser.name;
|
||||
group = config.users.users.mailUser.group;
|
||||
};
|
||||
sops.secrets.mail_gmx_palo = {
|
||||
owner = config.users.users.mailUser.name;
|
||||
group = config.users.users.mailUser.group;
|
||||
};
|
||||
sops.secrets.mail_gmx_ingolf = {
|
||||
owner = config.users.users.mailUser.name;
|
||||
group = config.users.users.mailUser.group;
|
||||
};
|
||||
sops.secrets.mail_web = {
|
||||
owner = config.users.users.mailUser.name;
|
||||
group = config.users.users.mailUser.group;
|
||||
};
|
||||
sops.secrets.mail_siteground = {
|
||||
owner = config.users.users.mailUser.name;
|
||||
group = config.users.users.mailUser.group;
|
||||
};
|
||||
|
||||
environment.systemPackages = [ pkgs.muchsync ];
|
||||
|
||||
# configure accounts
|
||||
home-manager.users.mailUser.accounts.email = {
|
||||
accounts = {
|
||||
|
||||
palo_van_dalo-gmx = {
|
||||
primary = false;
|
||||
address = "palo_van_dalo@gmx.de";
|
||||
aliases = [ ];
|
||||
realName = "Ingolf Wagner";
|
||||
userName = "palo_van_dalo@gmx.de";
|
||||
passwordCommand =
|
||||
"cat ${toString config.sops.secrets.mail_gmx_palo.path }";
|
||||
imap = {
|
||||
host = "imap.gmx.net";
|
||||
tls.enable = true;
|
||||
port = 993;
|
||||
};
|
||||
mbsync = {
|
||||
enable = true;
|
||||
create = "both";
|
||||
};
|
||||
notmuch.enable = true;
|
||||
};
|
||||
|
||||
ingolf-wagner-gmx = {
|
||||
primary = false;
|
||||
address = "ingolf.wagner@gmx.de";
|
||||
aliases = [ ];
|
||||
realName = "Ingolf Wagner";
|
||||
userName = "ingolf.wagner@gmx.de";
|
||||
passwordCommand =
|
||||
"cat ${toString config.sops.secrets.mail_gmx_ingolf.path }";
|
||||
imap = {
|
||||
host = "imap.gmx.net";
|
||||
tls.enable = true;
|
||||
port = 993;
|
||||
};
|
||||
mbsync = {
|
||||
enable = true;
|
||||
create = "both";
|
||||
};
|
||||
notmuch.enable = true;
|
||||
};
|
||||
|
||||
pali_palo = {
|
||||
primary = false;
|
||||
address = "pali_palo@web.de";
|
||||
aliases = [ ];
|
||||
realName = "Ingolf Wagner";
|
||||
userName = "pali_palo@web.de";
|
||||
passwordCommand =
|
||||
"cat ${toString config.sops.secrets.mail_web.path }";
|
||||
imap = {
|
||||
host = "imap.web.de";
|
||||
tls.enable = true;
|
||||
port = 993;
|
||||
};
|
||||
mbsync = {
|
||||
enable = true;
|
||||
create = "both";
|
||||
};
|
||||
notmuch.enable = true;
|
||||
};
|
||||
|
||||
gmail = {
|
||||
# for google accounts you have to allow 'less secure apps' in accounts.google.com
|
||||
primary = true;
|
||||
address = "palipalo9@googlemail.com";
|
||||
aliases = [ ];
|
||||
realName = "Ingolf Wagner";
|
||||
userName = "palipalo9@googlemail.com";
|
||||
passwordCommand =
|
||||
"cat ${toString config.sops.secrets.mail_gmail.path }";
|
||||
imap = {
|
||||
host = "imap.gmail.com";
|
||||
tls.enable = true;
|
||||
port = 993;
|
||||
};
|
||||
mbsync = {
|
||||
enable = true;
|
||||
create = "both";
|
||||
};
|
||||
notmuch.enable = true;
|
||||
};
|
||||
|
||||
terranix_org = {
|
||||
primary = false;
|
||||
address = "palo@terranix.org";
|
||||
aliases = [ ];
|
||||
realName = "Ingolf Wagner";
|
||||
userName = "palo@terranix.org";
|
||||
passwordCommand = "cat ${toString config.sops.secrets.mail_terranix.path }";
|
||||
imap = {
|
||||
host = "mail.privateemail.com";
|
||||
tls.enable = true;
|
||||
port = 993;
|
||||
};
|
||||
mbsync = {
|
||||
enable = true;
|
||||
create = "both";
|
||||
};
|
||||
notmuch.enable = true;
|
||||
};
|
||||
|
||||
ingolf-wagner-de = {
|
||||
primary = false;
|
||||
address = "contact@ingolf-wagner.de";
|
||||
aliases = [ ];
|
||||
realName = "Ingolf Wagner";
|
||||
userName = "contact@ingolf-wagner.de";
|
||||
passwordCommand =
|
||||
"cat ${toString config.sops.secrets.mail_siteground.path }";
|
||||
imap = {
|
||||
host = "securees5.sgcpanel.com";
|
||||
port = 993;
|
||||
tls.enable = true;
|
||||
#tls.useStartTls = true;
|
||||
};
|
||||
# make sure the upstream mail is deleted
|
||||
getmail = {
|
||||
enable = true;
|
||||
delete = true;
|
||||
readAll = false;
|
||||
mailboxes = [ "ALL" ];
|
||||
};
|
||||
notmuch.enable = true;
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
home-manager.users.mailUser.home.stateVersion = "22.11";
|
||||
|
||||
# configure mbsync
|
||||
home-manager.users.mailUser.programs.mbsync.enable = true;
|
||||
|
||||
# re-tag everything once a day
|
||||
systemd.services.retagmail = {
|
||||
enable = true;
|
||||
serviceConfig = { User = config.users.users.mailUser.name; };
|
||||
environment.NOTMUCH_CONFIG =
|
||||
"${config.users.users.mailUser.home}/.config/notmuch/notmuchrc";
|
||||
script = "${notmuchTagging}";
|
||||
};
|
||||
systemd.timers.retagmail = {
|
||||
enable = true;
|
||||
timerConfig = {
|
||||
OnCalendar = "daily";
|
||||
Persistent = "true";
|
||||
};
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
|
||||
# fetch mails every 10 minutes
|
||||
systemd.services.fetchmail =
|
||||
let
|
||||
threadTag = tag: ''
|
||||
echo "tag threads with ${tag}"
|
||||
${pkgs.notmuch}/bin/notmuch tag +${tag} $(${pkgs.notmuch}/bin/notmuch search --output=threads tag:${tag})
|
||||
'';
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
serviceConfig = { User = config.users.users.mailUser.name; };
|
||||
environment.NOTMUCH_CONFIG =
|
||||
"${config.users.users.mailUser.home}/.config/notmuch/notmuchrc";
|
||||
script = ''
|
||||
echo "run mbsync"
|
||||
${pkgs.isync}/bin/mbsync \
|
||||
--all
|
||||
echo "run getmail"
|
||||
${pkgs.getmail}/bin/getmail \
|
||||
--quiet \
|
||||
--rcfile getmailingolf-wagner-de
|
||||
|
||||
echo "run notmuch"
|
||||
${pkgs.notmuch}/bin/notmuch new
|
||||
${notmuchTaggingNew}
|
||||
${threadTag "muted"}
|
||||
${threadTag "wohnung"}
|
||||
${threadTag "flagged"}
|
||||
'';
|
||||
};
|
||||
systemd.timers.fetchmail = {
|
||||
enable = true;
|
||||
# timerConfig.OnCalendar = " *-*-* *:00:00";
|
||||
timerConfig.OnCalendar = "*:0/10";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
};
|
||||
|
||||
# configure notmuch
|
||||
home-manager.users.mailUser.programs.notmuch = {
|
||||
enable = true;
|
||||
new.tags = [ "unread" "inbox" "new" ];
|
||||
};
|
||||
|
||||
}
|
|
@ -86,14 +86,17 @@ in
|
|||
privateNetwork = false;
|
||||
autoStart = true;
|
||||
|
||||
config = { config, pkgs, lib, ... }: {
|
||||
|
||||
config = { config, lib, ... }: {
|
||||
nixpkgs.pkgs = pkgs;
|
||||
imports = [ ../../components/monitor/container.nix ];
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
# Configuring nameservers for containers is currently broken.
|
||||
# Therefore in some cases internet connectivity can be broken inside the containers.
|
||||
# A temporary workaround is to manually write the /etc/nixos/resolv.conf file like this:
|
||||
#environment.etc."resolv.conf".text = "nameserver 8.8.8.8";
|
||||
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
users.users.nextcloud.uid = nextcloudUid;
|
||||
|
||||
|
|
|
@ -1,54 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
|
||||
# https://docs.tdarr.io/docs/installation/docker/run-compose
|
||||
virtualisation.oci-containers = {
|
||||
containers.tdarr = {
|
||||
volumes = [
|
||||
"/media/arr/tdarr/server:/app/server"
|
||||
"/media/arr/tdarr/configs:/app/configs"
|
||||
"/media/arr/tdarr/logs:/app/logs"
|
||||
"/media/arr/tdarr/transcode_cache:/temp"
|
||||
"/media:/media"
|
||||
];
|
||||
environment = {
|
||||
serverIP = "0.0.0.0";
|
||||
serverPort = "8266";
|
||||
webUIPort = "8265";
|
||||
internalNode = "true";
|
||||
inContainer = "true";
|
||||
nodeName = "robi";
|
||||
TZ = "Europe/Berlin";
|
||||
PUID = toString config.users.users.media.uid;
|
||||
PGID = toString config.users.groups.media.gid;
|
||||
};
|
||||
ports = [
|
||||
"127.0.0.1:8265:8265" # WebUI
|
||||
# "8266:8266" # server port
|
||||
];
|
||||
image = "ghcr.io/haveagitgat/tdarr:latest"; # Warning: if the tag does not change, the image will not be updated
|
||||
extraOptions = [
|
||||
#"--network=bridge"
|
||||
#"--privileged"
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
#networking.firewall.interfaces.wq0.allowedTCPPorts = [ 8266 ];
|
||||
#networking.firewall.interfaces.wq0.allowedUDPPorts = [ 8266 ];
|
||||
|
||||
#networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 8266 ];
|
||||
#networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ 8266 ];
|
||||
|
||||
services.nginx.virtualHosts."tdarr.${config.networking.hostName}.private" = {
|
||||
extraConfig = ''
|
||||
allow ${config.tinc.private.subnet};
|
||||
deny all;
|
||||
'';
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:8265";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
}
|
|
@ -23,10 +23,10 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
config = { config, pkgs, lib, ... }: {
|
||||
|
||||
config = { config, lib, ... }: {
|
||||
nixpkgs.pkgs = pkgs;
|
||||
imports = [ ../../components/monitor/container.nix ];
|
||||
system.stateVersion = "21.05";
|
||||
services.journald.extraConfig = "SystemMaxUse=1G";
|
||||
|
||||
# allow transmission to write in syncthing folders
|
||||
users.groups.syncthing = {
|
||||
|
|
|
@ -1,40 +0,0 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
{
|
||||
|
||||
virtualisation.oci-containers = {
|
||||
containers.unmanic = {
|
||||
volumes = [
|
||||
"/media/arr/unmanic/config:/config"
|
||||
#"/media/arr/unmanic/library:/library"
|
||||
"/media/arr/unmanic/tmp:/tmp/unmanic"
|
||||
"/media:/library"
|
||||
];
|
||||
environment = {
|
||||
PUID = toString config.users.users.media.uid;
|
||||
PGID = toString config.users.groups.media.gid;
|
||||
};
|
||||
ports = [
|
||||
"127.0.0.1:8889:8888"
|
||||
];
|
||||
image = "josh5/unmanic:latest";
|
||||
};
|
||||
};
|
||||
|
||||
#networking.firewall.interfaces.wq0.allowedTCPPorts = [ 8266 ];
|
||||
#networking.firewall.interfaces.wq0.allowedUDPPorts = [ 8266 ];
|
||||
|
||||
#networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 8266 ];
|
||||
#networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ 8266 ];
|
||||
|
||||
services.nginx.virtualHosts."unmanic.${config.networking.hostName}.private" = {
|
||||
extraConfig = ''
|
||||
allow ${config.tinc.private.subnet};
|
||||
deny all;
|
||||
'';
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:8889";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
}
|
|
@ -1,20 +0,0 @@
|
|||
{ pkgs, lib, config, ... }: {
|
||||
|
||||
services.mysql = {
|
||||
enable = true;
|
||||
package = pkgs.mysql80;
|
||||
initialScript = pkgs.writeText "initScript" ''
|
||||
CREATE USER 'admin'@'%' IDENTIFIED BY 'admin';
|
||||
GRANT ALL PRIVILEGES ON * . * TO 'admin'@'%';
|
||||
'';
|
||||
};
|
||||
|
||||
services.mysqlBackup = {
|
||||
enable = true;
|
||||
databases = [ "property" ];
|
||||
#user = "admin";
|
||||
};
|
||||
|
||||
backup.dirs = [ config.services.mysqlBackup.location ];
|
||||
|
||||
}
|
|
@ -53,6 +53,16 @@
|
|||
publicKey = "ZNnlmPdxAGYtaUvOU2V47tcEhcB06LBCXkSxIvWZL2k=";
|
||||
allowedIPs = [ "10.100.0.7/32" ];
|
||||
}
|
||||
{
|
||||
# ipad
|
||||
publicKey = "E8TJTPQT0jK9vzDrwqX4fIGQtM640gc6qALVTZgmfRo=";
|
||||
allowedIPs = [ "10.100.0.8/32" ];
|
||||
}
|
||||
{
|
||||
# ipad tina
|
||||
publicKey = "aOlfGT2c/4v7U7faLXyCyiCHe8iSAOedblKgbJONxnM=";
|
||||
allowedIPs = [ "10.100.0.9/32" ];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,70 +0,0 @@
|
|||
{ config, pkgs, lib, ... }: {
|
||||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
statusPage = true;
|
||||
virtualHosts = {
|
||||
"prometheus.robi.private" = {
|
||||
extraConfig = ''
|
||||
allow ${config.tinc.private.subnet};
|
||||
deny all;
|
||||
'';
|
||||
locations."/" = { proxyPass = "http://localhost:${toString config.services.prometheus.port}"; };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.prometheus = {
|
||||
enable = true;
|
||||
# keep data for 30 days
|
||||
extraFlags = [ "--storage.tsdb.retention.time=30d" ];
|
||||
|
||||
exporters = {
|
||||
node = {
|
||||
enable = true;
|
||||
enabledCollectors = [ "systemd" ];
|
||||
port = 9002;
|
||||
};
|
||||
};
|
||||
|
||||
scrapeConfigs = [
|
||||
{
|
||||
job_name = "netdata";
|
||||
metrics_path = "/api/v1/allmetrics";
|
||||
params.format = [ "prometheus" ];
|
||||
scrape_interval = "5s";
|
||||
static_configs = [
|
||||
{
|
||||
targets = [ "localhost:19999" ];
|
||||
labels = {
|
||||
service = "netdata";
|
||||
server = "robi";
|
||||
};
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
job_name = "systemd";
|
||||
static_configs = [{
|
||||
targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ];
|
||||
labels = {
|
||||
service = "node-exporter";
|
||||
server = "robi";
|
||||
};
|
||||
}];
|
||||
}
|
||||
{
|
||||
# see https://www.home-assistant.io/integrations/prometheus/
|
||||
job_name = "telgraf";
|
||||
metrics_path = "/metrics";
|
||||
static_configs = [{
|
||||
targets = [ "localhost:9273" ];
|
||||
labels = {
|
||||
service = "telegraf";
|
||||
server = "robi";
|
||||
};
|
||||
}];
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
|
@ -9,7 +9,7 @@
|
|||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString config.services.forgejo.httpPort}";
|
||||
proxyPass = "http://localhost:${toString config.services.forgejo.settings.server.HTTP_PORT}";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -17,12 +17,10 @@
|
|||
|
||||
services.forgejo = {
|
||||
enable = true;
|
||||
appName = "git.ingolf-wagner.de";
|
||||
#cookieSecure = true;
|
||||
#disableRegistration = true;
|
||||
settings = {
|
||||
server.ROOT_URL = "https://git.ingolf-wagner.de/";
|
||||
server.DOMAIN = "git.ingolf-wagner.de";
|
||||
DEFAULT.APP_NAME = "git.ingolf-wagner.de";
|
||||
service.DISABLE_REGISTRATION = true;
|
||||
session.COOKIE_SECURE = true;
|
||||
log.LEVEL = "Warn";
|
||||
|
|
|
@ -0,0 +1,68 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
mySQLPackage = pkgs.mysql;
|
||||
photoprismPort = 2342;
|
||||
mysqlPort = 3336;
|
||||
in
|
||||
{
|
||||
|
||||
networking.firewall.interfaces.wg0.allowedTCPPorts = [ photoprismPort ];
|
||||
# networking.firewall.interfaces.wg0.allowedUDPPorts = [ photoprismPort ];
|
||||
|
||||
containers.photoprism = {
|
||||
privateNetwork = false;
|
||||
autoStart = true;
|
||||
|
||||
config = { config, lib, ... }: {
|
||||
nixpkgs.pkgs = pkgs;
|
||||
imports = [ ../../components/monitor/container.nix ];
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
# Photoprism
|
||||
# ----------
|
||||
services.photoprism = {
|
||||
enable = true;
|
||||
port = photoprismPort;
|
||||
originalsPath = "/var/lib/private/photoprism/originals";
|
||||
address = "0.0.0.0";
|
||||
settings = {
|
||||
PHOTOPRISM_ADMIN_USER = "admin";
|
||||
PHOTOPRISM_ADMIN_PASSWORD = "...";
|
||||
PHOTOPRISM_DEFAULT_LOCALE = "en";
|
||||
PHOTOPRISM_DATABASE_DRIVER = "mysql";
|
||||
PHOTOPRISM_DATABASE_NAME = "photoprism";
|
||||
PHOTOPRISM_DATABASE_SERVER = "/run/mysqld/mysqld.sock";
|
||||
PHOTOPRISM_DATABASE_USER = "photoprism";
|
||||
PHOTOPRISM_SITE_URL = "http://photoprism.orbi.private:${toString photoprismPort}";
|
||||
PHOTOPRISM_SITE_TITLE = "PhotoPrism";
|
||||
};
|
||||
};
|
||||
|
||||
# MySQL Database
|
||||
# --------------
|
||||
services.mysql = {
|
||||
enable = true;
|
||||
package = mySQLPackage;
|
||||
settings.mysqld.port = mysqlPort;
|
||||
ensureDatabases = [ "photoprism" ];
|
||||
ensureUsers = [{
|
||||
name = "photoprism";
|
||||
ensurePermissions = {
|
||||
"photoprism.*" = "ALL PRIVILEGES";
|
||||
};
|
||||
}];
|
||||
};
|
||||
|
||||
# Backup Database
|
||||
# ---------------
|
||||
services.mysqlBackup = {
|
||||
enable = true;
|
||||
databases = config.services.mysql.ensureDatabases;
|
||||
singleTransaction = true;
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
}
|
|
@ -19,6 +19,9 @@
|
|||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
extraConfig = ''
|
||||
client_max_body_size 500M;
|
||||
'';
|
||||
proxyPass = "http://localhost:${
|
||||
toString config.services.vaultwarden.config.rocketPort
|
||||
}";
|
||||
|
|
|
@ -68,7 +68,9 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
config = { config, pkgs, lib, ... }: {
|
||||
config = { config, lib, ... }: {
|
||||
nixpkgs.pkgs = pkgs;
|
||||
imports = [ ../../components/monitor/container.nix ];
|
||||
system.stateVersion = "23.11";
|
||||
|
||||
services.postgresql = {
|
||||
|
|
|
@ -1,5 +0,0 @@
|
|||
{
|
||||
services.opentracker = {
|
||||
enable = true;
|
||||
};
|
||||
}
|
|
@ -1,111 +0,0 @@
|
|||
{ lib, pkgs, config, ... }:
|
||||
let
|
||||
uiPort = 9099;
|
||||
announceIp = "10.23.42.111";
|
||||
peerPort = 51433;
|
||||
in
|
||||
{
|
||||
|
||||
containers.sync-torrent = {
|
||||
|
||||
# mount host folders
|
||||
bindMounts = {
|
||||
media = {
|
||||
hostPath = "/media/new";
|
||||
mountPoint = "/media"; # must be here otherwise transmission can't see the folder
|
||||
isReadOnly = false;
|
||||
};
|
||||
lib = {
|
||||
hostPath = "/srv/sync-torrent";
|
||||
mountPoint = "/var/lib/transmission";
|
||||
isReadOnly = false;
|
||||
};
|
||||
};
|
||||
|
||||
autoStart = true;
|
||||
|
||||
config = { config, pkgs, lib, ... }: {
|
||||
|
||||
system.stateVersion = "22.11";
|
||||
services.journald.extraConfig = "SystemMaxUse=1G";
|
||||
|
||||
services.transmission = {
|
||||
enable = true;
|
||||
settings = {
|
||||
download-dir = "/media";
|
||||
incomplete-dir = "/var/lib/transmission/incomplete"; # todo put this somewhere with frequent snapshots but low keep.
|
||||
incomplete-dir-enabled = true;
|
||||
message-level = 1;
|
||||
umask = 2;
|
||||
rpc-whitelist-enabled = false;
|
||||
rpc-host-whitelist-enabled = false;
|
||||
rpc-port = uiPort;
|
||||
rpc-enable = true;
|
||||
rpc-bind-address = "0.0.0.0";
|
||||
|
||||
# "normal" speed limits
|
||||
speed-limit-down-enabled = false;
|
||||
speed-limit-down = 800;
|
||||
speed-limit-up-enabled = true;
|
||||
speed-limit-up = 3000;
|
||||
upload-slots-per-torrent = 8;
|
||||
# Queuing
|
||||
# When true, Transmission will only download
|
||||
# download-queue-size non-stalled torrents at once.
|
||||
download-queue-enabled = true;
|
||||
download-queue-size = 3;
|
||||
|
||||
# When true, torrents that have not shared data for
|
||||
# queue-stalled-minutes are treated as 'stalled'
|
||||
# and are not counted against the queue-download-size
|
||||
# and seed-queue-size limits.
|
||||
queue-stalled-enabled = true;
|
||||
queue-stalled-minutes = 60;
|
||||
|
||||
# When true. Transmission will only seed seed-queue-size
|
||||
# non-stalled torrents at once.
|
||||
seed-queue-enabled = false;
|
||||
seed-queue-size = 10;
|
||||
|
||||
# Enable UPnP or NAT-PMP.
|
||||
peer-port = peerPort;
|
||||
port-forwarding-enabled = false;
|
||||
announce-ip = announceIp;
|
||||
announce-ip-enabled = true;
|
||||
|
||||
# Start torrents as soon as they are added
|
||||
start-added-torrents = true;
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
# open ports for logging
|
||||
#networking.firewall.interfaces."ve-torrent".allowedTCPPorts =
|
||||
# [ 5044 12304 12305 ];
|
||||
#networking.firewall.interfaces."ve-torrent".allowedUDPPorts =
|
||||
# [ 5044 12304 12305 ];
|
||||
|
||||
# host nginx setup
|
||||
# ----------------
|
||||
# curl -H "Host: sync.robi.private" https://robi.private/ < will work
|
||||
# curl -H "Host: sync.robi.private" https://144.76.13.147/ < wont work
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
recommendedProxySettings = true;
|
||||
virtualHosts = {
|
||||
"sync.${config.networking.hostName}.private" = {
|
||||
extraConfig = ''
|
||||
allow ${config.tinc.private.subnet};
|
||||
deny all;
|
||||
'';
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${toString uiPort}";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
}
|
|
@ -1,28 +0,0 @@
|
|||
{
|
||||
services.telegraf = {
|
||||
enable = true;
|
||||
extraConfig = {
|
||||
outputs.prometheus_client = {
|
||||
listen = ":9273";
|
||||
metric_version = 2;
|
||||
};
|
||||
# https://github.com/influxdata/telegraf/tree/master/plugins/inputs < all them plugins
|
||||
inputs = {
|
||||
cpu = {
|
||||
percpu = true;
|
||||
totalcpu = true;
|
||||
};
|
||||
disk = { };
|
||||
diskio = { };
|
||||
kernel = { };
|
||||
mem = { };
|
||||
processes = { };
|
||||
netstat = { };
|
||||
net = { };
|
||||
system = { };
|
||||
systemd_units = { };
|
||||
nginx.urls = [ "http://localhost/nginx_status" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,45 +0,0 @@
|
|||
{ config, pkgs, ... }:
|
||||
# To create a sign at the door
|
||||
# "Sorry Doorbell is broken, please scan this QR Code
|
||||
#
|
||||
# create QR Code with:
|
||||
# qrencode -o ./test.png http://ring.ingolf-wagner.de
|
||||
#
|
||||
# for secure urls check
|
||||
# https://www.nginx.com/blog/securing-urls-secure-link-module-nginx-plus/
|
||||
{
|
||||
|
||||
sops.secrets.ringPushover = {
|
||||
owner = config.services.webhook.user;
|
||||
};
|
||||
|
||||
services.webhook = {
|
||||
enable = true;
|
||||
hooks = {
|
||||
ring = {
|
||||
execute-command =
|
||||
let
|
||||
script = pkgs.writers.writeBash "ring-script" ''
|
||||
. ${config.sops.secrets.ringPushover.path}
|
||||
${pkgs.curl}/bin/curl -s \
|
||||
--form-string "token=$API_KEY" \
|
||||
--form-string "user=$USER_KEY" \
|
||||
--form-string "title=Klingeling" \
|
||||
--form-string "message=Jemand an der Tür" \
|
||||
https://api.pushover.net/1/messages.json
|
||||
'';
|
||||
in
|
||||
toString script;
|
||||
response-message = "It's ringing";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."ring.ingolf-wagner.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:${toString config.services.webhook.port}/${config.services.webhook.urlPrefix}/ring";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,38 +0,0 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
|
||||
# how to setup a relay
|
||||
# * ssh on the maching
|
||||
# * sudo -u weechat screen -r
|
||||
# /set relay.network.password "mypassword"
|
||||
# /relay add weechat 10000
|
||||
|
||||
{
|
||||
|
||||
# configure weechat
|
||||
services.weechat = { enable = true; };
|
||||
|
||||
# configure bitlbee
|
||||
services.bitlbee = {
|
||||
enable = true;
|
||||
libpurple_plugins = [
|
||||
#pkgs.pidgin-otr
|
||||
#pkgs.purple-facebook
|
||||
#pkgs.purple-discord
|
||||
#pkgs.purple-matrix
|
||||
#pkgs.purple-hangouts
|
||||
#pkgs.pidgin-latex
|
||||
#pkgs.pidgin-opensteamworks
|
||||
#pkgs.pidgin-skypeweb
|
||||
pkgs.telegram-purple
|
||||
#pkgs.purple-lurch
|
||||
];
|
||||
plugins =
|
||||
[ pkgs.bitlbee-facebook pkgs.bitlbee-steam pkgs.bitlbee-mastodon ];
|
||||
};
|
||||
|
||||
# otherwise xterm is the only thing that works
|
||||
environment.systemPackages = [ pkgs.rxvt_unicode ];
|
||||
|
||||
backup.dirs = [ config.services.weechat.root ];
|
||||
|
||||
}
|
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue