loki tuning, lock down SSH for tankstelle, tweak nextcloud SMTP settings #205
|
@ -16,7 +16,4 @@
|
||||||
networking.enableIPv6 = true;
|
networking.enableIPv6 = true;
|
||||||
networking.useDHCP = false;
|
networking.useDHCP = false;
|
||||||
networking.interfaces."enp1s0".useDHCP = true;
|
networking.interfaces."enp1s0".useDHCP = true;
|
||||||
|
|
||||||
# TODO: ssh via wireguard only
|
|
||||||
services.openssh.openFirewall = true;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -35,7 +35,4 @@
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO: ssh via wireguard only
|
|
||||||
services.openssh.openFirewall = true;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -41,14 +41,14 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
#services.openssh.listenAddresses = [
|
services.openssh.listenAddresses = [
|
||||||
# {
|
{
|
||||||
# addr = "10.7.6.4";
|
addr = "10.7.6.4";
|
||||||
# port = 22;
|
port = 22;
|
||||||
# }
|
}
|
||||||
# {
|
{
|
||||||
# addr = "[fd00:fae:fae:fae:fae:4::]";
|
addr = "[fd00:fae:fae:fae:fae:4::]";
|
||||||
# port = 22;
|
port = 22;
|
||||||
# }
|
}
|
||||||
#];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -33,9 +33,36 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
ingester = {
|
||||||
|
chunk_encoding = "snappy";
|
||||||
|
chunk_idle_period = "1h";
|
||||||
|
};
|
||||||
|
query_range = {
|
||||||
|
results_cache = {
|
||||||
|
cache = {
|
||||||
|
embedded_cache = {
|
||||||
|
enabled = true;
|
||||||
|
max_size_mb = 500;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
chunk_store_config = {
|
||||||
|
max_look_back_period = "0s";
|
||||||
|
chunk_cache_config = {
|
||||||
|
embedded_cache = {
|
||||||
|
enabled = true;
|
||||||
|
max_size_mb = 500;
|
||||||
|
ttl = "24h";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
# Keep logs for 4 weeks
|
# Keep logs for 4 weeks
|
||||||
# https://grafana.com/docs/loki/latest/operations/storage/retention/
|
# https://grafana.com/docs/loki/latest/operations/storage/retention/
|
||||||
limits_config.retention_period = "4w";
|
limits_config = {
|
||||||
|
retention_period = "4w";
|
||||||
|
split_queries_by_interval = "0";
|
||||||
|
};
|
||||||
compactor = {
|
compactor = {
|
||||||
shared_store = "filesystem";
|
shared_store = "filesystem";
|
||||||
compaction_interval = "10m";
|
compaction_interval = "10m";
|
||||||
|
|
|
@ -61,10 +61,10 @@
|
||||||
mail_smtpauthtype = "PLAIN";
|
mail_smtpauthtype = "PLAIN";
|
||||||
mail_domain = "pub.solar";
|
mail_domain = "pub.solar";
|
||||||
mail_smtpname = "admins@pub.solar";
|
mail_smtpname = "admins@pub.solar";
|
||||||
mail_smtpsecure = "tls";
|
mail_smtpsecure = "ssl";
|
||||||
mail_smtpauth = 1;
|
mail_smtpauth = true;
|
||||||
mail_smtphost = "mail.pub.solar";
|
mail_smtphost = "mail.pub.solar";
|
||||||
mail_smtpport = "587";
|
mail_smtpport = "465";
|
||||||
|
|
||||||
# This is to allow connections to collabora and keycloak, among other services
|
# This is to allow connections to collabora and keycloak, among other services
|
||||||
# running on the same host
|
# running on the same host
|
||||||
|
|
|
@ -13,6 +13,7 @@
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
forgejo-runner = unstable.forgejo-runner;
|
forgejo-runner = unstable.forgejo-runner;
|
||||||
|
prometheus-node-exporter = unstable.prometheus-node-exporter;
|
||||||
element-themes = prev.callPackage ./pkgs/element-themes { inherit (inputs) element-themes; };
|
element-themes = prev.callPackage ./pkgs/element-themes { inherit (inputs) element-themes; };
|
||||||
element-stickerpicker = prev.callPackage ./pkgs/element-stickerpicker {
|
element-stickerpicker = prev.callPackage ./pkgs/element-stickerpicker {
|
||||||
inherit (inputs) element-stickers maunium-stickerpicker;
|
inherit (inputs) element-stickers maunium-stickerpicker;
|
||||||
|
|
Loading…
Reference in a new issue