Merge pull request 'loki tuning, lock down SSH for tankstelle, tweak nextcloud SMTP settings' (#205) from misc-fixes into main

Reviewed-on: pub-solar/infra#205
Reviewed-by: b12f <b12f@noreply.git.pub.solar>
This commit is contained in:
teutat3s 2024-06-10 10:41:57 +00:00
commit 1ae6d9ecfe
Signed by: pub.solar gitea
GPG key ID: F0332B04B7054873
6 changed files with 42 additions and 20 deletions

View file

@ -16,7 +16,4 @@
networking.enableIPv6 = true;
networking.useDHCP = false;
networking.interfaces."enp1s0".useDHCP = true;
# TODO: ssh via wireguard only
services.openssh.openFirewall = true;
}

View file

@ -35,7 +35,4 @@
];
};
};
# TODO: ssh via wireguard only
services.openssh.openFirewall = true;
}

View file

@ -41,14 +41,14 @@
};
};
#services.openssh.listenAddresses = [
# {
# addr = "10.7.6.4";
# port = 22;
# }
# {
# addr = "[fd00:fae:fae:fae:fae:4::]";
# port = 22;
# }
#];
services.openssh.listenAddresses = [
{
addr = "10.7.6.4";
port = 22;
}
{
addr = "[fd00:fae:fae:fae:fae:4::]";
port = 22;
}
];
}

View file

@ -33,9 +33,36 @@
};
};
};
ingester = {
chunk_encoding = "snappy";
chunk_idle_period = "1h";
};
query_range = {
results_cache = {
cache = {
embedded_cache = {
enabled = true;
max_size_mb = 500;
};
};
};
};
chunk_store_config = {
max_look_back_period = "0s";
chunk_cache_config = {
embedded_cache = {
enabled = true;
max_size_mb = 500;
ttl = "24h";
};
};
};
# Keep logs for 4 weeks
# https://grafana.com/docs/loki/latest/operations/storage/retention/
limits_config.retention_period = "4w";
limits_config = {
retention_period = "4w";
split_queries_by_interval = "0";
};
compactor = {
shared_store = "filesystem";
compaction_interval = "10m";

View file

@ -61,10 +61,10 @@
mail_smtpauthtype = "PLAIN";
mail_domain = "pub.solar";
mail_smtpname = "admins@pub.solar";
mail_smtpsecure = "tls";
mail_smtpauth = 1;
mail_smtpsecure = "ssl";
mail_smtpauth = true;
mail_smtphost = "mail.pub.solar";
mail_smtpport = "587";
mail_smtpport = "465";
# This is to allow connections to collabora and keycloak, among other services
# running on the same host

View file

@ -13,6 +13,7 @@
in
{
forgejo-runner = unstable.forgejo-runner;
prometheus-node-exporter = unstable.prometheus-node-exporter;
element-themes = prev.callPackage ./pkgs/element-themes { inherit (inputs) element-themes; };
element-stickerpicker = prev.callPackage ./pkgs/element-stickerpicker {
inherit (inputs) element-stickers maunium-stickerpicker;