pub-solar/os
5
0
Fork 2
Code Issues 4 Pull requests Packages Projects 1 Releases Wiki Activity

reset later

Browse source
This commit is contained in:
Hendrik Sokolowski 2023-03-07 16:48:46 +01:00
parent 4a6a9f11e4
commit 645e223aab
26 changed files with 313 additions and 394 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

36
flake.lock
View file

@ -10,11 +10,11 @@
]
},
"locked": {
"lastModified": 1677247280,
"narHash": "sha256-sa+8MtoAOSLsWP9vf0qiJUyMovIEYgDzHE8TkoK04Hk=",
"lastModified": 1677453742,
"narHash": "sha256-/DNOThcCGz21Met/aMhm7NGqughtpxQzrlAqTuq+YZQ=",
"owner": "ryantm",
"repo": "agenix",
"rev": "833f87c8ff574a29aea3e091045cbaed3cf86bc1",
"rev": "4828951d9d05accd244bf8c24706f046b485aceb",
"type": "github"
},
"original": {
@ -221,11 +221,11 @@
"utils": "utils_2"
},
"locked": {
"lastModified": 1676257154,
"narHash": "sha256-eW3jymNLpdxS5fkp9NWKyNtgL0Gqtgg1vCTofKXDF1g=",
"lastModified": 1677757546,
"narHash": "sha256-tA1ukoluctzLVyWRaKtD4KlTwgXbUsGB5vcyni1OJ9I=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "2cb27c79117a2a75ff3416c3199a2dc57af6a527",
"rev": "86bb69b0b1e10d99a30c4352f230f03106dd0f8a",
"type": "github"
},
"original": {
@ -237,11 +237,11 @@
},
"latest": {
"locked": {
"lastModified": 1677063315,
"narHash": "sha256-qiB4ajTeAOVnVSAwCNEEkoybrAlA+cpeiBxLobHndE8=",
"lastModified": 1677587185,
"narHash": "sha256-zYT66MAYwctAQqI5VBw3LbBXiSKdB8vuMAqCGG8onbE=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "988cc958c57ce4350ec248d2d53087777f9e1949",
"rev": "68196a61c26748d3e53a6803de3d2f8c69f27831",
"type": "github"
},
"original": {
@ -258,11 +258,11 @@
]
},
"locked": {
"lastModified": 1676707513,
"narHash": "sha256-Cr8f0zUpjb9T+aiClDFpJKVqfKKa6S/fbxPcSTX8UHI=",
"lastModified": 1677620425,
"narHash": "sha256-ThhVPUEfXtnS6kziQMY2GwcUZard1E16+5TA/UKJBf4=",
"owner": "musnix",
"repo": "musnix",
"rev": "2289b7c353e56ee18270fb6b43965036942b2d0f",
"rev": "eedb1d32ad356877b0888fb8e3ffb32e71f874de",
"type": "github"
},
"original": {
@ -288,11 +288,11 @@
},
"nixos": {
"locked": {
"lastModified": 1677075010,
"narHash": "sha256-X+UmR1AkdR//lPVcShmLy8p1n857IGf7y+cyCArp8bU=",
"lastModified": 1677624842,
"narHash": "sha256-4DF9DbDuK4/+KYx0L6XcPBeDHUFVCtzok2fWtwXtb5w=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "c95bf18beba4290af25c60cbaaceea1110d0f727",
"rev": "d70f5cd5c3bef45f7f52698f39e7cc7a89daa7f0",
"type": "github"
},
"original": {
@ -323,11 +323,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1677232326,
"narHash": "sha256-rAk2/80kLvA3yIMmSV86T1B4kNvwCFMSQ1FxXndaUB0=",
"lastModified": 1677591639,
"narHash": "sha256-DMlAyge+u3K+JOFLA5YfdjqagdAYJf29YGBWpy5izg4=",
"owner": "nixos",
"repo": "nixos-hardware",
"rev": "2d44015779cced4eec9df5b8dab238b9f6312cb2",
"rev": "77de4cd09db4dbee9551ed2853cfcf113d7dc5ce",
"type": "github"
},
"original": {

2
hosts/chonk/chonk.nix
View file

@ -11,6 +11,4 @@ in {
imports = [
./configuration.nix
];
networking.networkmanager.enable = lib.mkForce false;
}

6
hosts/chonk/configuration.nix
View file

@ -20,6 +20,9 @@
./invoiceplane.nix
#./tang.nix
#./whiteboard.nix
./libvirt-container.nix
./monitoring.nix
];
boot.loader.systemd-boot.enable = lib.mkForce false;
@ -32,10 +35,9 @@
networking.nat.internalIPs = ["10.10.42.0/24"];
networking.nat.externalInterface = "eno1";
networking.firewall.enable = lib.mkForce true;
networking.firewall.allowedTCPPorts = [80 443 2222];
networking.firewall.allowedUDPPorts = [51899];
networking.firewall.enable = lib.mkForce true;
system.stateVersion = "21.05"; # Did you read the comment?
}

4
hosts/chonk/hardware-configuration.nix
View file

@ -88,7 +88,9 @@
nameservers = ["95.129.51.51" "80.244.244.244"];
interfaces."bond0" = {
bridges."br0".interfaces = ["bond0"];
interfaces."br0" = {
ipv4.addresses = [
{
address = "80.244.242.2";

4
hosts/chonk/invoiceplane.nix
View file

@ -51,10 +51,6 @@ in {
enable = true;
stateDir = containerStateDir;
extraConfig = ''
ENABLE_DEBUG=true
'';
database = {
user = "invoiceplane";
name = "invoiceplane";

63
hosts/chonk/libvirt-container.nix Normal file
View file

@ -0,0 +1,63 @@
{
config,
pkgs,
...
}: {
networking.firewall.allowedTCPPorts = [4222];
containers."libvirt-container" = {
autoStart = true;
bindMounts."/dev/kvm" = {
hostPath = "/dev/kvm";
isReadOnly = false;
};
allowedDevices = [
{
node = "/dev/kvm";
modifier = "rw";
}
{
node = "/dev/net/tun";
modifier = "rw";
}
{
node = "/dev/vnet*";
modifier = "rw";
}
];
forwardPorts = [
{
hostPort = 4222;
}
];
enableTun = true;
#extraFlags = [ "-U" ];
config = {
config,
pkgs,
...
}: {
networking.firewall.enable = false;
virtualisation.libvirtd.enable = true;
security.polkit.enable = true;
services.openssh = {
enable = true;
ports = [4222];
};
users.users.root = {
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAqkqMYgncrnczcW/0PY+Z+FmNXXpgw6D9JWTTwiainy hensoko@hensoko-tp-work"];
};
system.stateVersion = "22.11";
};
};
}

27
hosts/chonk/monitoring.nix Normal file
View file

@ -0,0 +1,27 @@
{
config,
lib,
self,
...
}: {
pub-solar.monitoring-server.enable = true;
# wireguard exporter
networking.firewall.allowedTCPPorts = [9585];
services.prometheus = {
exporters.wireguard = {
enable = true;
withRemoteIp = true;
};
scrapeConfigs = [
{
job_name = "chonk-wireguard";
static_configs = [
{
targets = ["10.0.1.6:9586"];
}
];
}
];
};
}

9
hosts/chonk/wireguard.nix
View file

@ -24,8 +24,6 @@
privateKeyFile = "/run/agenix/home_controller_wireguard";
peers = [
# For a client configuration, one peer entry for the server will suffice.
{
# giggles
publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg=";
@ -50,7 +48,14 @@
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;
}
{
# norman
publicKey = "FRNg+bJWPn4vAA2Fw8PXYsTpxdEKdVE+b7eTtl8ORxM=";
allowedIPs = ["10.0.1.121/32"];
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;
}
{
# hsha
publicKey = "sC0wWHE/tvNaVYX3QQTHQUmSTTjZMOjkQ5x/qy6qjTc=";

16
hosts/companion/companion.nix
View file

@ -1,18 +1,18 @@
{ config, pkgs, lib, ... }:
with lib;
let
{
config,
pkgs,
lib,
...
}:
with lib; let
psCfg = config.pub-solar;
xdg = config.home-manager.users."${psCfg.user.name}".xdg;
in
{
in {
imports = [
./configuration.nix
];
config = {
nixpkgs.crossSystem.system = "aarch64-linux";
boot.plymouth.enable = lib.mkForce false;
pub-solar.nextcloud.enable = lib.mkForce false;
};
}

51
hosts/companion/home-controller.nix
View file

@ -1,55 +1,16 @@
{ self, config, pkgs, ... }:
{
self,
config,
pkgs,
...
}: {
config = {
#age.secrets.home_controller_k3s_token.file = "${self}/secrets/home_controller_k3s_server_token.age";
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_companion_wireguard_key.age";
pub-solar.home-controller = {
enable = true;
role = "server";
ownIp = "10.0.1.13";
k3s = {
serverAddr = "https://api.kube:6443";
tokenFile = "/run/agenix/home_controller_k3s_token";
enableLocalStorage = true;
enableZfs = true;
};
wireguard = {
privateKeyFile = "/run/agenix/home_controller_wireguard";
peers = [
{
# cube
publicKey = "UVzVK5FwXW/AGNVipudUDT43NgCiNpsunzkzjpTvVnk=";
allowedIPs = [ "10.0.1.5/32" ];
endpoint = "data.gssws.de:51899";
persistentKeepalive = 25;
}
{
# giggles
publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg=";
allowedIPs = [ "10.0.1.11/32" ];
endpoint = "giggles.local:51899";
persistentKeepalive = 25;
}
{
# cox
publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k=";
allowedIPs = [ "10.0.1.12/32" ];
endpoint = "cox.local:51899";
persistentKeepalive = 25;
}
{
# ringo
publicKey = "n4fGufXDjHitgS2HqVjKRdSNw+co1rYEV1Sw+sCCVzw=";
allowedIPs = [ "10.0.1.21/32" ];
endpoint = "ringo.local:51899";
persistentKeepalive = 25;
}
];
};
wireguardPrivateKeyFile = "/run/agenix/home_controller_wireguard";
};
};
}

43
hosts/cox/home-controller.nix
View file

@ -5,54 +5,13 @@
...
}: {
config = {
#age.secrets.home_controller_k3s_token.file = "${self}/secrets/home_controller_k3s_server_token.age";
age.secrets.home_controller_wireguard.file = "${self}/secrets/home_controller_cox_wireguard_key.age";
pub-solar.home-controller = {
enable = true;
role = "server";
ownIp = "10.0.1.12";
k3s = {
serverAddr = "https://api.kube:6443";
tokenFile = "/run/agenix/home_controller_k3s_token";
enableLocalStorage = true;
enableZfs = true;
};
wireguard = {
privateKeyFile = "/run/agenix/home_controller_wireguard";
peers = [
{
# chonk
publicKey = "t1DS0y6eVzyGwomKAEWTWVsHK3xB7M/fNQ3wLgE3+B8=";
allowedIPs = ["10.0.1.6/32"];
endpoint = "data.gssws.de:51899";
persistentKeepalive = 25;
}
{
# giggles
publicKey = "i5kiTSPGR2jrdHl+s/S6D0YWb+xkbPudczG2RWmWwCg=";
allowedIPs = ["10.0.1.11/32"];
endpoint = "giggles.local:51899";
persistentKeepalive = 25;
}
{
# companion
publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0=";
allowedIPs = ["10.0.1.13/32"];
endpoint = "companion.local:51899";
persistentKeepalive = 25;
}
{
# ringo
publicKey = "n4fGufXDjHitgS2HqVjKRdSNw+co1rYEV1Sw+sCCVzw=";
allowedIPs = ["10.0.1.21/32"];
endpoint = "ringo.local:51899";
persistentKeepalive = 25;
}
];
};
wireguardPrivateKeyFile = "/run/agenix/home_controller_wireguard";
};
};
}

40
hosts/giggles/home-controller.nix
View file

@ -9,47 +9,9 @@
pub-solar.home-controller = {
enable = true;
role = "server";
ownIp = "10.0.1.11";
k3s = {
enableLocalStorage = true;
enableZfs = true;
};
wireguard = {
privateKeyFile = "/run/agenix/home_controller_wireguard";
peers = [
{
# chonk
publicKey = "t1DS0y6eVzyGwomKAEWTWVsHK3xB7M/fNQ3wLgE3+B8=";
allowedIPs = ["10.0.1.6/32"];
endpoint = "data.gssws.de:51899";
persistentKeepalive = 25;
}
{
# cox
publicKey = "VogQYYYNdXLhPKY9/P2WAn6gfEX9ojN3VD+DKx4gl0k=";
allowedIPs = ["10.0.1.12/32"];
endpoint = "cox.local:51899";
persistentKeepalive = 25;
}
{
# companion
publicKey = "7EUcSUckw/eLiWFHD+AzfcoKWstjr+cL70SupOJ6zC0=";
allowedIPs = ["10.0.1.13/32"];
endpoint = "companion.local:51899";
persistentKeepalive = 25;
}
{
# ringo
publicKey = "n4fGufXDjHitgS2HqVjKRdSNw+co1rYEV1Sw+sCCVzw=";
allowedIPs = ["10.0.1.21/32"];
endpoint = "ringo.local:51899";
persistentKeepalive = 25;
}
];
};
wireguardPrivateKeyFile = "/run/agenix/home_controller_wireguard";
};
};
}

21
hosts/norman/.config/sway/config.d/screens.conf
View file

@ -1,18 +1,19 @@
set $left 'Dell Inc. DELL S2721DS D0SVQ43'
set $middle 'Eizo Nanao Corporation EV2316W 39117013'
set $right 'Chimei Innolux Corporation 0x14D4'
set $left 'Dell Inc. DELL S3222DGM G1FFT63'
set $right 'Dell Inc. DELL S2721DS D0SVQ43'
set $bottom 'Chimei Innolux Corporation 0x14D4'
output $left {
scale 1
pos 0 0
}
output $middle {
scale 1
pos 2560 770
pos 0 690
}
output $right {
scale 1
pos 1000 1440
pos 2560 0
transform 90
}
output $bottom {
scale 1
pos 0 2130
}

3
hosts/norman/builder.nix
View file

@ -11,7 +11,7 @@
nix.buildMachines = [
{
hostName = "builder";
systems = ["x86_64-linux" "aarch64-linux"];
systems = ["x86_64-linux" "aarch64-linux" "i686-linux"];
maxJobs = 20;
speedFactor = 2;
supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
@ -21,7 +21,6 @@
nix.distributedBuilds = true;
nix.settings = {
substituters = ["ssh-ng://builder"];
trusted-public-keys = ["chonk:1b/yLBRW2ZeL9jErW1ogMRUTq/hidJnZOxopx363JSo="];
builders-use-substitutes = true;
};

2
hosts/norman/hardware-configuration.nix
View file

@ -15,7 +15,7 @@
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.kernelPackages = pkgs.linuxPackages_latest;
boot.kernelPackages = pkgs.linuxPackages_xanmod_latest;
boot.loader.grub.trustedBoot = {
enable = true;
systemHasTPM = "YES_TPM_is_activated";

7
hosts/norman/wireguard.nix
View file

@ -59,7 +59,7 @@
wg1 = {
# Determines the IP address and subnet of the client's end of the tunnel interface.
ips = [
"10.7.0.21"
"10.0.1.121"
];
listenPort = 51821; # to match firewall allowedUDPPorts (without this wg uses random port numbers)
@ -77,13 +77,12 @@
# Public key of the server (not a file path).
publicKey = "t1DS0y6eVzyGwomKAEWTWVsHK3xB7M/fNQ3wLgE3+B8=";
# Forward all the traffic via VPN.
allowedIPs = [
"10.7.0.0/24"
"10.0.1.0/24"
];
# Set this to the server IP and port.
endpoint = "80.244.242.2:51820"; # ToDo: route to endpoint not automatically configured https://wiki.archlinux.org/index.php/WireGuard#Loop_routing https://discourse.nixos.org/t/solved-minimal-firewall-setup-for-wireguard-client/7577
endpoint = "vpn.gssws.de:51899";
# Send keepalives every 25 seconds. Important to keep NAT tables alive.
persistentKeepalive = 25;

9
modules/graphical/default.nix
View file

@ -110,16 +110,7 @@ in {
gnome.nautilus
gnome.yelp
hicolor-icon-theme
wine
toggle-kbd-layout
wcwd
vlc
gimp
];
xdg.configFile."alacritty/alacritty.yml" = {

126
modules/home-controller/default.nix
View file

@ -1,27 +1,21 @@
{ lib, config, pkgs, ... }:
with lib;
let
{
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.home-controller;
in
{
in {
imports = [
#./k3s.nix
./wireguard.nix
./monitoring-client.nix
];
options.pub-solar.home-controller = {
enable = mkEnableOption "Control your home";
role = mkOption {
description = ''
Whether the node should run as a server or agent.
Note that the server, by default, also runs as an agent.
'';
default = "server";
type = types.enum [ "server" "agent" ];
};
ownIp = mkOption {
description = ''
Internal ip in wireguard used for cluster control-plane communication.
@ -29,103 +23,11 @@ in
type = types.str;
};
k3s = {
enableLocalStorage = mkOption {
description = ''
Enable local storage provisioner.
'';
default = false;
type = types.bool;
};
defaultLocalStoragePath = mkOption {
description = ''
Default path to use for local storage provisioner.
'';
default = "/var/lib/rancher/k3s/storage";
type = types.path;
};
flannelBackend = mkOption {
description = ''
Flannel backend to use.
'';
default = "wireguard-native";
type = types.str;
};
serverAddr = mkOption {
description = ''
Set server address of master
'';
default = "";
type = types.str;
example = "https://api.kube:6443";
};
tokenFile = mkOption {
description = ''
Location of token file used to join cluster.
'';
default = "";
type = types.str;
};
enableZfs = mkOption {
description = ''
Enable when k3s should use a ZFS compatible runtime.
'';
default = false;
type = types.bool;
};
zfsPool = mkOption {
description = ''
The ZFS pool to use and create a containerd volume in.
'';
default = "zroot";
type = types.str;
};
};
wireguard = {
privateKeyFile = mkOption {
description = ''
Location of private key file
'';
type = types.path;
};
listenPort = mkOption {
description = ''
Port for wireguard.
'';
default = 51899;
type = types.int;
};
peers = mkOption {
description = ''
Wireguard peers.
'';
type = types.listOf types.attrs;
};
};
};
config = mkIf cfg.enable {
boot.kernelModules = [ "rbd" ];
networking.extraHosts =
''
192.168.42.231 ringo.local
192.168.42.232 giggles.local
192.168.42.234 cox.local
192.168.42.236 companion.local
10.0.1.11 api.kube giggles.kube
10.0.1.12 cox.kube
10.0.1.13 companion.kube
10.0.1.21 ringo.kube
wireguardPrivateKeyFile = mkOption {
description = ''
Location of private key file
'';
type = types.path;
};
};
}

77
modules/home-controller/k3s.nix
View file

@ -1,77 +0,0 @@
{ lib, config, pkgs, ... }:
with lib;
let
psCfg = config.pub-solar;
cfg = config.pub-solar.home-controller;
in
{
config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
kubernetes-helm
];
environment.sessionVariables = lib.mkIf (cfg.role == "server") rec {
KUBECONFIG = "/etc/rancher/k3s/k3s.yaml";
};
networking.firewall.enable = lib.mkForce false;
services.k3s = {
enable = true;
role = cfg.role;
serverAddr = lib.mkIf (cfg.k3s.serverAddr != "") cfg.k3s.serverAddr;
tokenFile = lib.mkIf (cfg.k3s.tokenFile != "") cfg.k3s.tokenFile;
extraFlags = concatStringsSep " " (
[
"--node-ip ${cfg.ownIp}"
"--container-runtime-endpoint unix:///run/containerd/containerd.sock"
"${optionalString (cfg.role == "server") "--disable servicelb"}"
"${optionalString (cfg.role == "server") "--disable traefik"}"
"${optionalString (cfg.role == "server") "--bind-address ${cfg.ownIp}"}"
"${optionalString (cfg.role == "server" && cfg.k3s.flannelBackend != "") "--flannel-backend=${cfg.k3s.flannelBackend}"}"
"${optionalString (cfg.role == "server" && !cfg.k3s.enableLocalStorage) "--disable local-storage"}"
"${optionalString (cfg.role == "server" && cfg.k3s.enableLocalStorage) "--default-local-storage-path ${cfg.k3s.defaultLocalStoragePath}"}"
"${optionalString cfg.k3s.enableZfs "--snapshotter=zfs"}"
]
);
};
systemd.services.containerd = mkIf cfg.k3s.enableZfs {
serviceConfig = {
ExecStartPre = [
"-${pkgs.zfs}/bin/zfs create -o mountpoint=/var/lib/containerd/io.containerd.snapshotter.v1.zfs ${cfg.k3s.zfsPool}/containerd"
];
};
};
systemd.services.k3s = {
after = [ "containerd.service" ];
requisite = [ "containerd.service" ];
};
virtualisation.containerd = {
enable = true;
settings =
let
fullCNIPlugins = pkgs.buildEnv {
name = "full-cni";
paths = with pkgs; [
cni-plugins
cni-plugin-flannel
];
};
in
{
plugins."io.containerd.grpc.v1.cri".cni = {
bin_dir = "${fullCNIPlugins}/bin";
conf_dir = "/var/lib/rancher/k3s/agent/etc/cni/net.d/";
};
};
};
};
}

13
modules/home-controller/monitoring-client.nix Normal file
View file

@ -0,0 +1,13 @@
{
config,
pkgs,
lib,
...
}: let
cfg = config.pub-solar.home-controller;
in {
pub-solar.monitoring-client = lib.mkIf cfg.enable {
enable = true;
listenAddress = cfg.ownIp;
};
}

31
modules/home-controller/wireguard.nix
View file

@ -1,22 +1,33 @@
{ lib, config, pkgs, ... }:
with lib;
let
{
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.home-controller;
in
{
in {
config = mkIf cfg.enable {
systemd.services.wireguard-wghome.serviceConfig.Restart = "on-failure";
systemd.services.wireguard-wghome.serviceConfig.RestartSec = "5s";
networking.firewall.allowedUDPPorts = [ cfg.wireguard.listenPort ];
networking.firewall.allowedUDPPorts = [51899];
networking.wireguard.interfaces = {
wghome = {
ips = [ cfg.ownIp ];
listenPort = cfg.wireguard.listenPort;
privateKeyFile = cfg.wireguard.privateKeyFile;
peers = cfg.wireguard.peers;
ips = [cfg.ownIp];
listenPort = 51899;
privateKeyFile = cfg.wireguardPrivateKeyFile;
peers = [
{
# chonk
publicKey = "t1DS0y6eVzyGwomKAEWTWVsHK3xB7M/fNQ3wLgE3+B8=";
allowedIPs = ["10.0.1.0/24"];
endpoint = "vpn.gssws.de:51899";
persistentKeepalive = 25;
}
];
};
};
};

29
modules/monitoring-client/default.nix Normal file
View file

@ -0,0 +1,29 @@
{
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.monitoring-client;
in {
options.pub-solar.monitoring-client = {
enable = mkEnableOption "Install a monitoring client node";
listenAddress = mkOption {
type = types.str;
};
};
config = mkIf cfg.enable {
services.prometheus.exporters = {
node = {
enable = true;
enabledCollectors = ["systemd"];
port = 9002;
openFirewall = true;
listenAddress = cfg.listenAddress;
};
};
};
}

69
modules/monitoring-server/default.nix Normal file
View file

@ -0,0 +1,69 @@
{
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.monitoring-server;
in {
options.pub-solar.monitoring-server = {
enable = mkEnableOption "Install a monitoring server node";
};
config = mkIf cfg.enable {
networking.firewall.allowedTCPPorts = [2342 9001];
pub-solar.monitoring-client = {
enable = true;
listenAddress = "10.0.1.6";
};
services.grafana = {
enable = true;
port = 2342;
addr = "10.0.1.6";
};
services.prometheus = {
enable = true;
listenAddress = "10.0.1.6";
port = 9001;
scrapeConfigs = [
{
job_name = "chonk";
static_configs = [
{
targets = ["10.0.1.6:9002"];
}
];
}
{
job_name = "giggles";
static_configs = [
{
targets = ["10.0.1.11:9002"];
}
];
}
{
job_name = "cox";
static_configs = [
{
targets = ["10.0.1.12:9002"];
}
];
}
{
job_name = "companion";
static_configs = [
{
targets = ["10.0.1.13:9002"];
}
];
}
];
};
};
}

16
modules/server/default.nix
View file

@ -1,10 +1,13 @@
{ lib, config, pkgs, ... }:
with lib;
let
{
lib,
config,
pkgs,
...
}:
with lib; let
psCfg = config.pub-solar;
cfg = config.pub-solar.server;
in
{
in {
options.pub-solar.server = {
enable = mkEnableOption "Enable server options like sshd";
};
@ -18,5 +21,8 @@ in
passwordAuthentication = true;
openFirewall = true;
};
networking.networkmanager.enable = lib.mkForce false;
pub-solar.nextcloud.enable = lib.mkForce false;
};
}

2
modules/sway/default.nix
View file

@ -82,8 +82,8 @@ in {
sway-launcher
record-screen
import-gtk-settings
s
wcwd
wdisplays
];
programs.waybar.enable = true;

1
users/hensoko/ssh.nix
View file

@ -38,6 +38,7 @@ in {
};
"companion" = {
user = "iot";
hostname = "10.0.1.13";
};
"chonk" = {
hostname = "80.244.242.2";