diff --git a/flake.nix b/flake.nix index 5ffdbc0..37c73d5 100644 --- a/flake.nix +++ b/flake.nix @@ -42,7 +42,6 @@ ./logins ./lib ./overlays - ./modules ./hosts ]; @@ -85,9 +84,20 @@ { inherit username; - checks = builtins.mapAttrs ( - system: deployLib: deployLib.deployChecks self.deploy - ) inputs.deploy-rs.lib; + nixosModules = builtins.listToAttrs ( + map + (x: { + name = x; + value = import (./modules + "/${x}"); + }) + (builtins.attrNames (builtins.readDir ./modules)) + ); + + checks = builtins.mapAttrs + ( + system: deployLib: deployLib.deployChecks self.deploy + ) + inputs.deploy-rs.lib; formatter."x86_64-linux" = inputs.unstable.legacyPackages."x86_64-linux".nixfmt-rfc-style; diff --git a/modules/apps/caddy.nix b/modules/caddy/default.nix similarity index 100% rename from modules/apps/caddy.nix rename to modules/caddy/default.nix diff --git a/modules/apps/collabora.nix b/modules/collabora/default.nix similarity index 100% rename from modules/apps/collabora.nix rename to modules/collabora/default.nix diff --git a/modules/apps/coturn.nix b/modules/coturn/default.nix similarity index 100% rename from modules/apps/coturn.nix rename to modules/coturn/default.nix diff --git a/modules/default.nix b/modules/default.nix deleted file mode 100644 index 093e9b5..0000000 --- a/modules/default.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ self, ... }: -{ - flake = { - nixosModules = rec { - core = import ./core; - - unlock-zfs-on-boot = import ./unlock-zfs-on-boot.nix; - docker = import ./docker.nix; - - caddy = import ./apps/caddy.nix; - collabora = import ./apps/collabora.nix; - coturn = import ./apps/coturn.nix; - drone = import ./apps/drone.nix; - forgejo-actions-runner = import ./apps/forgejo/forgejo-actions-runner.nix; - forgejo = import ./apps/forgejo/forgejo.nix; - grafana = import ./apps/grafana/grafana.nix; - keycloak = import ./apps/keycloak.nix; - loki = import ./apps/loki.nix; - mailman = import ./apps/mailman.nix; - mastodon = import ./apps/mastodon/mastodon.nix; - nginx-mastodon = import ./apps/mastodon/nginx-mastodon.nix; - nginx-mastodon-files = import ./apps/mastodon/nginx-mastodon-files.nix; - matrix = import ./apps/matrix/synapse.nix; - nginx-matrix = import ./apps/matrix/nginx-matrix.nix; - matrix-telegram = import ./apps/matrix/mautrix-telegram.nix; - matrix-irc = import ./apps/matrix/irc.nix; - mediawiki = import ./apps/mediawiki.nix; - nextcloud = import ./apps/nextcloud/nextcloud.nix; - nginx-website-miom = import ./apps/nginx-website-miom.nix; - nginx-website = import ./apps/nginx-website.nix; - nginx = import ./apps/nginx.nix; - obs-portal = import ./apps/obs-portal.nix; - opensearch = import ./apps/opensearch.nix; - owncast = import ./apps/owncast.nix; - postgresql = import ./apps/postgresql.nix; - prometheus = import ./apps/prometheus/prometheus.nix; - prometheus-exporters = import ./apps/prometheus/prometheus-exporters.nix; - nginx-prometheus-exporters = import ./apps/prometheus/nginx-prometheus-exporters.nix; - promtail = import ./apps/promtail.nix; - searx = import ./apps/searx.nix; - tmate = import ./apps/tmate.nix; - }; - }; -} diff --git a/modules/docker.nix b/modules/docker/default.nix similarity index 100% rename from modules/docker.nix rename to modules/docker/default.nix diff --git a/modules/apps/drone.nix b/modules/drone/default.nix similarity index 100% rename from modules/apps/drone.nix rename to modules/drone/default.nix diff --git a/modules/apps/forgejo/forgejo-actions-runner.nix b/modules/forgejo-actions-runner/default.nix similarity index 100% rename from modules/apps/forgejo/forgejo-actions-runner.nix rename to modules/forgejo-actions-runner/default.nix diff --git a/modules/apps/forgejo/forgejo.nix b/modules/forgejo/default.nix similarity index 100% rename from modules/apps/forgejo/forgejo.nix rename to modules/forgejo/default.nix diff --git a/modules/apps/grafana/grafana.nix b/modules/grafana/default.nix similarity index 100% rename from modules/apps/grafana/grafana.nix rename to modules/grafana/default.nix diff --git a/modules/apps/grafana/grafana-dashboards/node-exporter-full_rev33.json b/modules/grafana/grafana-dashboards/node-exporter-full_rev33.json similarity index 100% rename from modules/apps/grafana/grafana-dashboards/node-exporter-full_rev33.json rename to modules/grafana/grafana-dashboards/node-exporter-full_rev33.json diff --git a/modules/apps/grafana/grafana-dashboards/synapse.json b/modules/grafana/grafana-dashboards/synapse.json similarity index 100% rename from modules/apps/grafana/grafana-dashboards/synapse.json rename to modules/grafana/grafana-dashboards/synapse.json diff --git a/modules/apps/keycloak.nix b/modules/keycloak/default.nix similarity index 100% rename from modules/apps/keycloak.nix rename to modules/keycloak/default.nix diff --git a/modules/apps/loki.nix b/modules/loki/default.nix similarity index 100% rename from modules/apps/loki.nix rename to modules/loki/default.nix diff --git a/modules/apps/mailman.nix b/modules/mailman/default.nix similarity index 100% rename from modules/apps/mailman.nix rename to modules/mailman/default.nix diff --git a/modules/apps/mastodon/mastodon.nix b/modules/mastodon/default.nix similarity index 100% rename from modules/apps/mastodon/mastodon.nix rename to modules/mastodon/default.nix diff --git a/modules/apps/matrix/irc.nix b/modules/matrix-irc/default.nix similarity index 100% rename from modules/apps/matrix/irc.nix rename to modules/matrix-irc/default.nix diff --git a/modules/apps/matrix/mautrix-telegram.nix b/modules/matrix-telegram/default.nix similarity index 100% rename from modules/apps/matrix/mautrix-telegram.nix rename to modules/matrix-telegram/default.nix diff --git a/modules/apps/matrix/synapse.nix b/modules/matrix/default.nix similarity index 100% rename from modules/apps/matrix/synapse.nix rename to modules/matrix/default.nix diff --git a/modules/apps/matrix/matrix-log-config.yaml b/modules/matrix/matrix-log-config.yaml similarity index 100% rename from modules/apps/matrix/matrix-log-config.yaml rename to modules/matrix/matrix-log-config.yaml diff --git a/modules/apps/mediawiki.nix b/modules/mediawiki/default.nix similarity index 100% rename from modules/apps/mediawiki.nix rename to modules/mediawiki/default.nix diff --git a/modules/apps/nextcloud/nextcloud.nix b/modules/nextcloud/default.nix similarity index 100% rename from modules/apps/nextcloud/nextcloud.nix rename to modules/nextcloud/default.nix diff --git a/modules/apps/nextcloud/nextcloud-skeleton/Documents/Example.odt b/modules/nextcloud/nextcloud-skeleton/Documents/Example.odt similarity index 100% rename from modules/apps/nextcloud/nextcloud-skeleton/Documents/Example.odt rename to modules/nextcloud/nextcloud-skeleton/Documents/Example.odt diff --git a/modules/apps/nextcloud/nextcloud-skeleton/Pictures/pubsolar.png b/modules/nextcloud/nextcloud-skeleton/Pictures/pubsolar.png similarity index 100% rename from modules/apps/nextcloud/nextcloud-skeleton/Pictures/pubsolar.png rename to modules/nextcloud/nextcloud-skeleton/Pictures/pubsolar.png diff --git a/modules/apps/nextcloud/nextcloud-skeleton/Pictures/pubsolar.svg b/modules/nextcloud/nextcloud-skeleton/Pictures/pubsolar.svg similarity index 100% rename from modules/apps/nextcloud/nextcloud-skeleton/Pictures/pubsolar.svg rename to modules/nextcloud/nextcloud-skeleton/Pictures/pubsolar.svg diff --git a/modules/apps/nextcloud/nextcloud-skeleton/Readme.md b/modules/nextcloud/nextcloud-skeleton/Readme.md similarity index 100% rename from modules/apps/nextcloud/nextcloud-skeleton/Readme.md rename to modules/nextcloud/nextcloud-skeleton/Readme.md diff --git a/modules/apps/mastodon/nginx-mastodon-files.nix b/modules/nginx-mastodon-files/default.nix similarity index 100% rename from modules/apps/mastodon/nginx-mastodon-files.nix rename to modules/nginx-mastodon-files/default.nix diff --git a/modules/apps/mastodon/nginx-mastodon.nix b/modules/nginx-mastodon/default.nix similarity index 100% rename from modules/apps/mastodon/nginx-mastodon.nix rename to modules/nginx-mastodon/default.nix diff --git a/modules/apps/matrix/nginx-matrix.nix b/modules/nginx-matrix/default.nix similarity index 100% rename from modules/apps/matrix/nginx-matrix.nix rename to modules/nginx-matrix/default.nix diff --git a/modules/apps/matrix/element-client-config.nix b/modules/nginx-matrix/element-client-config.nix similarity index 100% rename from modules/apps/matrix/element-client-config.nix rename to modules/nginx-matrix/element-client-config.nix diff --git a/modules/nginx-prometheus-exporters/default.nix b/modules/nginx-prometheus-exporters/default.nix new file mode 100644 index 0000000..af5678c --- /dev/null +++ b/modules/nginx-prometheus-exporters/default.nix @@ -0,0 +1,32 @@ +{ config, flake, lib, ... }: +let + # Find element in list config.services.matrix-synapse.settings.listeners + # that sets type = "metrics" + listenerWithMetrics = lib.findFirst + (listener: + listener.type == "metrics") + (throw "Found no matrix-synapse.settings.listeners.*.type containing string metrics") + config.services.matrix-synapse.settings.listeners + ; + synapseMetricsPort = "${toString listenerWithMetrics.port}"; +in +{ + age.secrets.nachtigall-metrics-nginx-basic-auth = { + file = "${flake.self}/secrets/nachtigall-metrics-nginx-basic-auth.age"; + mode = "600"; + owner = "nginx"; + }; + services.nginx.virtualHosts = { + "nachtigall.pub.solar" = { + enableACME = true; + addSSL = true; + basicAuthFile = "${config.age.secrets.nachtigall-metrics-nginx-basic-auth.path}"; + locations."/metrics" = { + proxyPass = "http://127.0.0.1:${toString(config.services.prometheus.exporters.node.port)}"; + }; + locations."/_synapse/metrics" = { + proxyPass = "http://127.0.0.1:${synapseMetricsPort}"; + }; + }; + }; +} diff --git a/modules/apps/nginx-website-miom.nix b/modules/nginx-website-miom/default.nix similarity index 100% rename from modules/apps/nginx-website-miom.nix rename to modules/nginx-website-miom/default.nix diff --git a/modules/apps/nginx-website.nix b/modules/nginx-website/default.nix similarity index 100% rename from modules/apps/nginx-website.nix rename to modules/nginx-website/default.nix diff --git a/modules/apps/nginx.nix b/modules/nginx/default.nix similarity index 100% rename from modules/apps/nginx.nix rename to modules/nginx/default.nix diff --git a/modules/apps/obs-portal.nix b/modules/obs-portal/default.nix similarity index 100% rename from modules/apps/obs-portal.nix rename to modules/obs-portal/default.nix diff --git a/modules/apps/opensearch.nix b/modules/opensearch/default.nix similarity index 100% rename from modules/apps/opensearch.nix rename to modules/opensearch/default.nix diff --git a/modules/apps/owncast.nix b/modules/owncast/default.nix similarity index 100% rename from modules/apps/owncast.nix rename to modules/owncast/default.nix diff --git a/modules/apps/postgresql.nix b/modules/postgresql/default.nix similarity index 100% rename from modules/apps/postgresql.nix rename to modules/postgresql/default.nix diff --git a/modules/prometheus-exporters/default.nix b/modules/prometheus-exporters/default.nix new file mode 100644 index 0000000..585474a --- /dev/null +++ b/modules/prometheus-exporters/default.nix @@ -0,0 +1,13 @@ +{ config +, ... +}: { + services.prometheus = { + exporters = { + node = { + enable = true; + enabledCollectors = [ "systemd" ]; + port = 9002; + }; + }; + }; +} diff --git a/modules/prometheus/default.nix b/modules/prometheus/default.nix new file mode 100644 index 0000000..11bc0bf --- /dev/null +++ b/modules/prometheus/default.nix @@ -0,0 +1,69 @@ +{ config +, lib +, pkgs +, flake +, ... +}: { + age.secrets.nachtigall-metrics-prometheus-basic-auth-password = { + file = "${flake.self}/secrets/nachtigall-metrics-prometheus-basic-auth-password.age"; + mode = "600"; + owner = "prometheus"; + }; + + services.prometheus = { + enable = true; + port = 9001; + exporters = { + node = { + enable = true; + enabledCollectors = [ "systemd" ]; + port = 9002; + }; + }; + globalConfig = { + scrape_interval = "10s"; + scrape_timeout = "9s"; + }; + scrapeConfigs = [ + { + job_name = "node-exporter-http"; + static_configs = [{ + targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ]; + labels = { + instance = "flora-6"; + }; + }]; + } + { + job_name = "node-exporter-https"; + scheme = "https"; + metrics_path = "/metrics"; + basic_auth = { + username = "hakkonaut"; + password_file = "${config.age.secrets.nachtigall-metrics-prometheus-basic-auth-password.path}"; + }; + static_configs = [{ + targets = [ "nachtigall.pub.solar" ]; + labels = { + instance = "nachtigall"; + }; + }]; + } + { + job_name = "matrix-synapse"; + scheme = "https"; + metrics_path = "/_synapse/metrics"; + basic_auth = { + username = "hakkonaut"; + password_file = "${config.age.secrets.nachtigall-metrics-prometheus-basic-auth-password.path}"; + }; + static_configs = [{ + targets = [ "nachtigall.pub.solar" ]; + labels = { + instance = "nachtigall"; + }; + }]; + } + ]; + }; +} diff --git a/modules/apps/promtail.nix b/modules/promtail/default.nix similarity index 100% rename from modules/apps/promtail.nix rename to modules/promtail/default.nix diff --git a/modules/apps/searx.nix b/modules/searx/default.nix similarity index 100% rename from modules/apps/searx.nix rename to modules/searx/default.nix diff --git a/modules/apps/tmate.nix b/modules/tmate/default.nix similarity index 100% rename from modules/apps/tmate.nix rename to modules/tmate/default.nix diff --git a/modules/unlock-zfs-on-boot.nix b/modules/unlock-zfs-on-boot/default.nix similarity index 100% rename from modules/unlock-zfs-on-boot.nix rename to modules/unlock-zfs-on-boot/default.nix