pub-solar/infra
6
1
Fork 3
Code Issues 24 Pull requests 10 Actions Packages Projects 1 Releases Wiki Activity

loki tuning, lock down SSH for tankstelle, tweak nextcloud SMTP settings #205

Merged
teutat3s merged 4 commits from misc-fixes into main 2024-06-10 10:41:57 +00:00
Conversation 0 Commits 4 Files changed 6 +42 -20
6 changed files with 42 additions and 20 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
hosts/metronom/networking.nix
View file

@ -16,7 +16,4 @@
networking.enableIPv6 = true; networking.enableIPv6 = true;
networking.useDHCP = false; networking.useDHCP = false;
networking.interfaces."enp1s0".useDHCP = true; networking.interfaces."enp1s0".useDHCP = true;
# TODO: ssh via wireguard only
services.openssh.openFirewall = true;
} }

3
hosts/tankstelle/networking.nix
View file

@ -35,7 +35,4 @@
]; ];
}; };
}; };
# TODO: ssh via wireguard only
services.openssh.openFirewall = true;
} }

20
hosts/tankstelle/wireguard.nix
View file

@ -41,14 +41,14 @@
}; };
}; };
#services.openssh.listenAddresses = [ services.openssh.listenAddresses = [
# { {
# addr = "10.7.6.4"; addr = "10.7.6.4";
# port = 22; port = 22;
# } }
# { {
# addr = "[fd00:fae:fae:fae:fae:4::]"; addr = "[fd00:fae:fae:fae:fae:4::]";
# port = 22; port = 22;
# } }
#]; ];
} }

29
modules/loki/default.nix
View file

@ -33,9 +33,36 @@
}; };
}; };
}; };
ingester = {
chunk_encoding = "snappy";
chunk_idle_period = "1h";
};
query_range = {
results_cache = {
cache = {
embedded_cache = {
enabled = true;
max_size_mb = 500;
};
};
};
};
chunk_store_config = {
max_look_back_period = "0s";
chunk_cache_config = {
embedded_cache = {
enabled = true;
max_size_mb = 500;
ttl = "24h";
};
};
};
# Keep logs for 4 weeks # Keep logs for 4 weeks
# https://grafana.com/docs/loki/latest/operations/storage/retention/ # https://grafana.com/docs/loki/latest/operations/storage/retention/
limits_config.retention_period = "4w"; limits_config = {
retention_period = "4w";
split_queries_by_interval = "0";
};
compactor = { compactor = {
shared_store = "filesystem"; shared_store = "filesystem";
compaction_interval = "10m"; compaction_interval = "10m";

6
modules/nextcloud/default.nix
View file

@ -61,10 +61,10 @@
mail_smtpauthtype = "PLAIN"; mail_smtpauthtype = "PLAIN";
mail_domain = "pub.solar"; mail_domain = "pub.solar";
mail_smtpname = "admins@pub.solar"; mail_smtpname = "admins@pub.solar";
mail_smtpsecure = "tls"; mail_smtpsecure = "ssl";
mail_smtpauth = 1; mail_smtpauth = true;
mail_smtphost = "mail.pub.solar"; mail_smtphost = "mail.pub.solar";
mail_smtpport = "587"; mail_smtpport = "465";
# This is to allow connections to collabora and keycloak, among other services # This is to allow connections to collabora and keycloak, among other services
# running on the same host # running on the same host

1
overlays/default.nix
View file

@ -13,6 +13,7 @@
in in
{ {
forgejo-runner = unstable.forgejo-runner; forgejo-runner = unstable.forgejo-runner;
prometheus-node-exporter = unstable.prometheus-node-exporter;
element-themes = prev.callPackage ./pkgs/element-themes { inherit (inputs) element-themes; }; element-themes = prev.callPackage ./pkgs/element-themes { inherit (inputs) element-themes; };
element-stickerpicker = prev.callPackage ./pkgs/element-stickerpicker { element-stickerpicker = prev.callPackage ./pkgs/element-stickerpicker {
inherit (inputs) element-stickers maunium-stickerpicker; inherit (inputs) element-stickers maunium-stickerpicker;