From e127c668f65918e5204ed86e8e98a4f5fafc12da Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 8 Jun 2024 23:52:08 +0200 Subject: [PATCH 1/4] metronom, tankstelle: cleanup for SSH only via wireguard --- hosts/metronom/networking.nix | 3 --- hosts/tankstelle/networking.nix | 3 --- hosts/tankstelle/wireguard.nix | 20 ++++++++++---------- 3 files changed, 10 insertions(+), 16 deletions(-) diff --git a/hosts/metronom/networking.nix b/hosts/metronom/networking.nix index b309ec32..380c2207 100644 --- a/hosts/metronom/networking.nix +++ b/hosts/metronom/networking.nix @@ -16,7 +16,4 @@ networking.enableIPv6 = true; networking.useDHCP = false; networking.interfaces."enp1s0".useDHCP = true; - - # TODO: ssh via wireguard only - services.openssh.openFirewall = true; } diff --git a/hosts/tankstelle/networking.nix b/hosts/tankstelle/networking.nix index 1ef2e26a..8e893923 100644 --- a/hosts/tankstelle/networking.nix +++ b/hosts/tankstelle/networking.nix @@ -35,7 +35,4 @@ ]; }; }; - - # TODO: ssh via wireguard only - services.openssh.openFirewall = true; } diff --git a/hosts/tankstelle/wireguard.nix b/hosts/tankstelle/wireguard.nix index d8979eba..ceb430b1 100644 --- a/hosts/tankstelle/wireguard.nix +++ b/hosts/tankstelle/wireguard.nix @@ -41,14 +41,14 @@ }; }; - #services.openssh.listenAddresses = [ - # { - # addr = "10.7.6.4"; - # port = 22; - # } - # { - # addr = "[fd00:fae:fae:fae:fae:4::]"; - # port = 22; - # } - #]; + services.openssh.listenAddresses = [ + { + addr = "10.7.6.4"; + port = 22; + } + { + addr = "[fd00:fae:fae:fae:fae:4::]"; + port = 22; + } + ]; } From d8866860d5efc4a2af9c6bf9987c8e77abf4cddf Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 8 Jun 2024 23:52:53 +0200 Subject: [PATCH 2/4] prometheus-node-exporter: use version 1.8.1 to fix error message spamming logs --- overlays/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/overlays/default.nix b/overlays/default.nix index 5807ce88..d137603e 100644 --- a/overlays/default.nix +++ b/overlays/default.nix @@ -13,6 +13,7 @@ in { forgejo-runner = unstable.forgejo-runner; + prometheus-node-exporter = unstable.prometheus-node-exporter; element-themes = prev.callPackage ./pkgs/element-themes { inherit (inputs) element-themes; }; element-stickerpicker = prev.callPackage ./pkgs/element-stickerpicker { inherit (inputs) element-stickers maunium-stickerpicker; From d3fedd84e9eb9019ecd6cc4f53045f51bbe21325 Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 8 Jun 2024 23:53:43 +0200 Subject: [PATCH 3/4] loki: tune settings, enable cache --- modules/loki/default.nix | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/modules/loki/default.nix b/modules/loki/default.nix index bd28afe8..0c3ea193 100644 --- a/modules/loki/default.nix +++ b/modules/loki/default.nix @@ -33,9 +33,36 @@ }; }; }; + ingester = { + chunk_encoding = "snappy"; + chunk_idle_period = "1h"; + }; + query_range = { + results_cache = { + cache = { + embedded_cache = { + enabled = true; + max_size_mb = 500; + }; + }; + }; + }; + chunk_store_config = { + max_look_back_period = "0s"; + chunk_cache_config = { + embedded_cache = { + enabled = true; + max_size_mb = 500; + ttl = "24h"; + }; + }; + }; # Keep logs for 4 weeks # https://grafana.com/docs/loki/latest/operations/storage/retention/ - limits_config.retention_period = "4w"; + limits_config = { + retention_period = "4w"; + split_queries_by_interval = "0"; + }; compactor = { shared_store = "filesystem"; compaction_interval = "10m"; From e2691988bf1c802148ec03decb2ae6241cad234d Mon Sep 17 00:00:00 2001 From: teutat3s Date: Sat, 8 Jun 2024 23:54:05 +0200 Subject: [PATCH 4/4] nextcloud: use port 465 and TLS/SSL for mail transfer --- modules/nextcloud/default.nix | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/nextcloud/default.nix b/modules/nextcloud/default.nix index 64f194a6..dba197c3 100644 --- a/modules/nextcloud/default.nix +++ b/modules/nextcloud/default.nix @@ -61,10 +61,10 @@ mail_smtpauthtype = "PLAIN"; mail_domain = "pub.solar"; mail_smtpname = "admins@pub.solar"; - mail_smtpsecure = "tls"; - mail_smtpauth = 1; + mail_smtpsecure = "ssl"; + mail_smtpauth = true; mail_smtphost = "mail.pub.solar"; - mail_smtpport = "587"; + mail_smtpport = "465"; # This is to allow connections to collabora and keycloak, among other services # running on the same host