felix/nixos
1
0
Fork 0
mirror of https://github.com/Stunkymonkey/nixos.git synced 2025-05-24 09:54:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

treewide: avoid repetitive keys in attrSets

Browse source
This commit is contained in:
Felix Buehler 2023-11-12 23:36:30 +01:00
parent 2a3f606557
commit 4b21221569
19 changed files with 994 additions and 947 deletions
Download patch file Download diff file Expand all files Collapse all files

28
images/yubikey-installer.nix
View file

@ -65,13 +65,15 @@ let
# Uncomment this to disable compression and speed up image creation time # Uncomment this to disable compression and speed up image creation time
#isoImage.squashfsCompression = "gzip -Xcompression-level 1"; #isoImage.squashfsCompression = "gzip -Xcompression-level 1";
boot.kernelPackages = linuxPackages_latest; boot = {
kernelPackages = linuxPackages_latest;
# Always copytoram so that, if the image is booted from, e.g., a # Always copytoram so that, if the image is booted from, e.g., a
# USB stick, nothing is mistakenly written to persistent storage. # USB stick, nothing is mistakenly written to persistent storage.
boot.kernelParams = [ "copytoram" ]; kernelParams = [ "copytoram" ];
# Secure defaults # Secure defaults
boot.tmp.cleanOnBoot = true; tmp.cleanOnBoot = true;
boot.kernel.sysctl = { "kernel.unprivileged_bpf_disabled" = 1; }; kernel.sysctl = { "kernel.unprivileged_bpf_disabled" = 1; };
};
services.pcscd.enable = true; services.pcscd.enable = true;
services.udev.packages = [ yubikey-personalization ]; services.udev.packages = [ yubikey-personalization ];
@ -121,14 +123,16 @@ let
# Disable networking so the system is air-gapped # Disable networking so the system is air-gapped
# Comment all of these lines out if you'll need internet access # Comment all of these lines out if you'll need internet access
boot.initrd.network.enable = false; boot.initrd.network.enable = false;
networking.dhcpcd.enable = false; networking = {
networking.dhcpcd.allowInterfaces = [ ]; dhcpcd.enable = false;
networking.interfaces = { }; dhcpcd.allowInterfaces = [ ];
networking.firewall.enable = true; interfaces = { };
networking.useDHCP = false; firewall.enable = true;
networking.useNetworkd = false; useDHCP = false;
networking.wireless.enable = false; useNetworkd = false;
networking.networkmanager.enable = lib.mkForce false; wireless.enable = false;
networkmanager.enable = lib.mkForce false;
};
# Unset history so it's never stored # Unset history so it's never stored
# Set GNUPGHOME to an ephemeral location and configure GPG with the # Set GNUPGHOME to an ephemeral location and configure GPG with the

28
machines/newton/services.nix
View file

@ -4,29 +4,31 @@ let
inherit (config.sops) secrets; inherit (config.sops) secrets;
in in
{ {
sops.secrets."acme/inwx" = { }; sops.secrets = {
sops.secrets."borgbackup/password" = { }; "acme/inwx" = { };
sops.secrets."borgbackup/ssh_key" = { }; "borgbackup/password" = { };
sops.secrets."sso/auth-key" = { }; "borgbackup/ssh_key" = { };
sops.secrets."sso/felix/password-hash" = { }; "sso/auth-key" = { };
sops.secrets."sso/felix/totp-secret" = { }; "sso/felix/password-hash" = { };
sops.secrets."paperless/password" = { }; "sso/felix/totp-secret" = { };
sops.secrets."nextcloud/password" = { "paperless/password" = { };
"nextcloud/password" = {
owner = config.users.users.nextcloud.name; owner = config.users.users.nextcloud.name;
}; };
sops.secrets."nextcloud-exporter/password" = { "nextcloud-exporter/password" = {
owner = config.users.users.nextcloud-exporter.name; owner = config.users.users.nextcloud-exporter.name;
}; };
sops.secrets."freshrss/password" = { "freshrss/password" = {
owner = config.users.users.freshrss.name; owner = config.users.users.freshrss.name;
}; };
sops.secrets."photoprism/password" = { }; "photoprism/password" = { };
sops.secrets."grafana/password" = { "grafana/password" = {
owner = config.users.users.grafana.name; owner = config.users.users.grafana.name;
}; };
sops.secrets."matrix-bot/password" = { "matrix-bot/password" = {
owner = config.systemd.services.go-neb.serviceConfig.User; owner = config.systemd.services.go-neb.serviceConfig.User;
}; };
};
# List services that you want to enable: # List services that you want to enable:
my.services = { my.services = {

22
machines/serverle/services.nix
View file

@ -4,16 +4,18 @@ let
inherit (config.sops) secrets; inherit (config.sops) secrets;
in in
{ {
sops.secrets."acme/inwx" = { }; sops.secrets = {
sops.secrets."borgbackup/password" = { }; "acme/inwx" = { };
sops.secrets."borgbackup/ssh_key" = { }; "borgbackup/password" = { };
sops.secrets."dyndns/password" = { }; "borgbackup/ssh_key" = { };
sops.secrets."sso/auth-key" = { }; "dyndns/password" = { };
sops.secrets."sso/felix/password-hash" = { }; "sso/auth-key" = { };
sops.secrets."sso/felix/totp-secret" = { }; "sso/felix/password-hash" = { };
sops.secrets."prowlarr/apikey" = { }; "sso/felix/totp-secret" = { };
sops.secrets."radarr/apikey" = { }; "prowlarr/apikey" = { };
sops.secrets."sonarr/apikey" = { }; "radarr/apikey" = { };
"sonarr/apikey" = { };
};
# List services that you want to enable: # List services that you want to enable:
my.services = { my.services = {

12
modules/services/alertmanager/default.nix
View file

@ -25,7 +25,8 @@ in
} }
]; ];
services.prometheus = { services = {
prometheus = {
alertmanager = { alertmanager = {
enable = true; enable = true;
listenAddress = "127.0.0.1"; listenAddress = "127.0.0.1";
@ -58,7 +59,7 @@ in
]; ];
}; };
services.grafana.provision = { grafana.provision = {
datasources.settings.datasources = [ datasources.settings.datasources = [
{ {
name = "Alertmanager"; name = "Alertmanager";
@ -72,7 +73,7 @@ in
]; ];
}; };
services.grafana.provision = { grafana.provision = {
dashboards.settings.providers = [ dashboards.settings.providers = [
{ {
name = "Alertmanager"; name = "Alertmanager";
@ -83,9 +84,9 @@ in
}; };
# for mail delivery # for mail delivery
services.postfix.enable = true; postfix.enable = true;
services.go-neb.config.services = [ go-neb.config.services = [
{ {
ID = "alertmanager_service"; ID = "alertmanager_service";
Type = "alertmanager"; Type = "alertmanager";
@ -127,6 +128,7 @@ in
}; };
} }
]; ];
};
my.services.prometheus.rules = { my.services.prometheus.rules = {
alerts_silences_changed = { alerts_silences_changed = {

20
modules/services/blackbox/default.nix
View file

@ -42,13 +42,14 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.prometheus.exporters.blackbox = { services = {
prometheus.exporters.blackbox = {
enable = true; enable = true;
configFile = pkgs.writeText "blackbox-config.yml" (builtins.toJSON blackBoxConfig); configFile = pkgs.writeText "blackbox-config.yml" (builtins.toJSON blackBoxConfig);
}; };
# relabels as in https://github.com/prometheus/blackbox_exporter#prometheus-configuration # relabels as in https://github.com/prometheus/blackbox_exporter#prometheus-configuration
services.prometheus = { prometheus = {
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "blackbox"; job_name = "blackbox";
@ -79,6 +80,14 @@ in
} }
]; ];
}; };
grafana.provision.dashboards.settings.providers = [
{
name = "Blackbox";
options.path = pkgs.grafana-dashboards.blackbox;
disableDeletion = true;
}
];
};
my.services.prometheus.rules = { my.services.prometheus.rules = {
BlackboxProbeFailed = { BlackboxProbeFailed = {
@ -143,12 +152,5 @@ in
}; };
}; };
}; };
services.grafana.provision.dashboards.settings.providers = [
{
name = "Blackbox";
options.path = pkgs.grafana-dashboards.blackbox;
disableDeletion = true;
}
];
}; };
} }

8
modules/services/blocky/default.nix
View file

@ -27,7 +27,8 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.blocky = { services = {
blocky = {
enable = true; enable = true;
settings = { settings = {
@ -46,7 +47,7 @@ in
} // cfg.settings; } // cfg.settings;
}; };
services.prometheus.scrapeConfigs = [ prometheus.scrapeConfigs = [
{ {
job_name = "blocky"; job_name = "blocky";
static_configs = [ static_configs = [
@ -61,7 +62,7 @@ in
]; ];
# untested # untested
services.grafana.provision.dashboards.settings.providers = [ grafana.provision.dashboards.settings.providers = [
{ {
name = "Blocky"; name = "Blocky";
options.path = pkgs.grafana-dashboards.blocky; options.path = pkgs.grafana-dashboards.blocky;
@ -69,4 +70,5 @@ in
} }
]; ];
}; };
};
} }

42
modules/services/gitea/default.nix
View file

@ -16,7 +16,8 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.gitea = { services = {
gitea = {
enable = true; enable = true;
settings = { settings = {
server = { server = {
@ -32,22 +33,7 @@ in
lfs.enable = true; lfs.enable = true;
}; };
# Proxy to Gitea prometheus = {
my.services.nginx.virtualHosts = [
{
subdomain = "code";
inherit (cfg) port;
}
];
my.services.backup = {
paths = [
config.services.gitea.lfs.contentDir
config.services.gitea.repositoryRoot
];
};
services.prometheus = {
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "gitea"; job_name = "gitea";
@ -62,7 +48,7 @@ in
} }
]; ];
}; };
services.grafana.provision = { grafana.provision = {
dashboards.settings.providers = [ dashboards.settings.providers = [
{ {
name = "Gitea"; name = "Gitea";
@ -71,13 +57,31 @@ in
} }
]; ];
}; };
};
my.services.prometheus.rules = { # Proxy to Gitea
my.services = {
nginx.virtualHosts = [
{
subdomain = "code";
inherit (cfg) port;
}
];
backup = {
paths = [
config.services.gitea.lfs.contentDir
config.services.gitea.repositoryRoot
];
};
prometheus.rules = {
gitea = { gitea = {
condition = ''rate(promhttp_metric_handler_requests_total{job="gitea", code="500"}[5m]) > 3''; condition = ''rate(promhttp_metric_handler_requests_total{job="gitea", code="500"}[5m]) > 3'';
description = "{{$labels.instance}}: gitea instances error rate went up: {{$value}} errors in 5 minutes"; description = "{{$labels.instance}}: gitea instances error rate went up: {{$value}} errors in 5 minutes";
}; };
}; };
};
webapps.apps.gitea = { webapps.apps.gitea = {
dashboard = { dashboard = {

17
modules/services/hedgedoc/default.nix
View file

@ -31,7 +31,8 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.hedgedoc = { services = {
hedgedoc = {
enable = true; enable = true;
settings = { settings = {
@ -46,11 +47,7 @@ in
} // cfg.settings; } // cfg.settings;
}; };
# temporary fix for: https://github.com/NixOS/nixpkgs/issues/198250 prometheus = {
#systemd.services.hedgedoc.serviceConfig.StateDirectory = lib.mkForce "/var/lib/hedgedoc";
systemd.services.hedgedoc.serviceConfig.StateDirectory = lib.mkForce "hedgedoc";
services.prometheus = {
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "hedgedoc"; job_name = "hedgedoc";
@ -66,13 +63,19 @@ in
]; ];
}; };
services.grafana.provision.dashboards.settings.providers = [ grafana.provision.dashboards.settings.providers = [
{ {
name = "Hedgedoc"; name = "Hedgedoc";
options.path = pkgs.grafana-dashboards.hedgedoc; options.path = pkgs.grafana-dashboards.hedgedoc;
disableDeletion = true; disableDeletion = true;
} }
]; ];
};
# TODO remove for 23.11
# temporary fix for: https://github.com/NixOS/nixpkgs/issues/198250
#systemd.services.hedgedoc.serviceConfig.StateDirectory = lib.mkForce "/var/lib/hedgedoc";
systemd.services.hedgedoc.serviceConfig.StateDirectory = lib.mkForce "hedgedoc";
my.services.nginx.virtualHosts = [ my.services.nginx.virtualHosts = [
{ {

14
modules/services/homer/config.nix
View file

@ -37,7 +37,8 @@
type = lib.types.attrsOf type = lib.types.attrsOf
(lib.types.submodule { (lib.types.submodule {
options = { options = {
dashboard.url = lib.mkOption { dashboard = {
url = lib.mkOption {
type = lib.types.nullOr lib.types.str; type = lib.types.nullOr lib.types.str;
description = '' description = ''
Url to webapp Url to webapp
@ -45,7 +46,7 @@
example = "http://192.168.1.10:1234"; example = "http://192.168.1.10:1234";
default = null; default = null;
}; };
dashboard.name = lib.mkOption { name = lib.mkOption {
type = lib.types.nullOr lib.types.str; type = lib.types.nullOr lib.types.str;
description = '' description = ''
Application name. Application name.
@ -53,7 +54,7 @@
example = "App"; example = "App";
default = null; default = null;
}; };
dashboard.category = lib.mkOption { category = lib.mkOption {
type = lib.types.nullOr lib.types.str; type = lib.types.nullOr lib.types.str;
description = '' description = ''
App category tag. App category tag.
@ -61,7 +62,7 @@
example = "app"; example = "app";
default = null; default = null;
}; };
dashboard.icon = lib.mkOption { icon = lib.mkOption {
type = lib.types.nullOr lib.types.str; type = lib.types.nullOr lib.types.str;
description = '' description = ''
Font Awesome application icon. Font Awesome application icon.
@ -69,7 +70,7 @@
example = "rss"; example = "rss";
default = null; default = null;
}; };
dashboard.type = lib.mkOption { type = lib.mkOption {
type = lib.types.nullOr lib.types.str; type = lib.types.nullOr lib.types.str;
description = '' description = ''
application type. application type.
@ -77,7 +78,7 @@
example = "Ping"; example = "Ping";
default = "Ping"; default = "Ping";
}; };
dashboard.method = lib.mkOption { method = lib.mkOption {
type = lib.types.enum [ "get" "head" ]; type = lib.types.enum [ "get" "head" ];
description = '' description = ''
method of request used method of request used
@ -86,6 +87,7 @@
default = "head"; default = "head";
}; };
}; };
};
}); });
description = '' description = ''
Defines a web application. Defines a web application.

22
modules/services/loki/default.nix
View file

@ -62,7 +62,8 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.loki = { services = {
loki = {
enable = true; enable = true;
configuration = { configuration = {
server = { server = {
@ -120,7 +121,7 @@ in
}; };
}; };
services.grafana.provision = { grafana.provision = {
datasources.settings.datasources = [ datasources.settings.datasources = [
{ {
name = "Loki"; name = "Loki";
@ -138,14 +139,7 @@ in
]; ];
}; };
my.services.loki.rules = { prometheus = {
loki_highLogRate = {
condition = ''sum by (host) (rate({unit="loki.service"}[1m])) > 60'';
description = "Loki has a high logging rate";
};
};
services.prometheus = {
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "loki"; job_name = "loki";
@ -161,4 +155,12 @@ in
]; ];
}; };
}; };
my.services.loki.rules = {
loki_highLogRate = {
condition = ''sum by (host) (rate({unit="loki.service"}[1m])) > 60'';
description = "Loki has a high logging rate";
};
};
};
} }

22
modules/services/navidrome/default.nix
View file

@ -39,7 +39,8 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.navidrome = { services = {
navidrome = {
enable = true; enable = true;
settings = cfg.settings // { settings = cfg.settings // {
@ -51,14 +52,7 @@ in
}; };
}; };
my.services.nginx.virtualHosts = [ prometheus = {
{
subdomain = "music";
inherit (cfg) port;
}
];
services.prometheus = {
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "navidrome"; job_name = "navidrome";
@ -73,7 +67,7 @@ in
} }
]; ];
}; };
services.grafana.provision = { grafana.provision = {
dashboards.settings.providers = [ dashboards.settings.providers = [
{ {
name = "Navidrome"; name = "Navidrome";
@ -82,6 +76,7 @@ in
} }
]; ];
}; };
};
my.services.prometheus.rules = { my.services.prometheus.rules = {
navidrome_not_enough_albums = { navidrome_not_enough_albums = {
@ -90,6 +85,13 @@ in
}; };
}; };
my.services.nginx.virtualHosts = [
{
subdomain = "music";
inherit (cfg) port;
}
];
webapps.apps.navidrome = { webapps.apps.navidrome = {
dashboard = { dashboard = {
name = "Music"; name = "Music";

38
modules/services/nextcloud/default.nix
View file

@ -51,7 +51,8 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.nextcloud = { services = {
nextcloud = {
enable = true; enable = true;
package = pkgs.nextcloud27; package = pkgs.nextcloud27;
hostName = "cloud.${domain}"; hostName = "cloud.${domain}";
@ -88,7 +89,7 @@ in
}; };
}; };
#services.postgresql = { #postgresql = {
# enable = true; # enable = true;
# ensureDatabases = [ "nextcloud" ]; # ensureDatabases = [ "nextcloud" ];
# ensureUsers = [ # ensureUsers = [
@ -99,13 +100,8 @@ in
# ]; # ];
#}; #};
#systemd.services."nextcloud-setup" = {
# requires = [ "postgresql.service" ];
# after = [ "postgresql.service" ];
#};
# The service above configures the domain, no need for my wrapper # The service above configures the domain, no need for my wrapper
services.nginx.virtualHosts."cloud.${domain}" = { nginx.virtualHosts."cloud.${domain}" = {
forceSSL = true; forceSSL = true;
useACMEHost = domain; useACMEHost = domain;
@ -115,14 +111,7 @@ in
''; '';
}; };
my.services.backup = { prometheus.exporters.nextcloud = {
exclude = [
# image previews can take up a lot of space
"${config.services.nextcloud.home}/data/appdata_*/preview"
];
};
services.prometheus.exporters.nextcloud = {
enable = true; enable = true;
url = "https://cloud.${domain}"; url = "https://cloud.${domain}";
username = cfg.admin; username = cfg.admin;
@ -130,7 +119,7 @@ in
port = cfg.exporterPort; port = cfg.exporterPort;
}; };
services.prometheus.scrapeConfigs = [ prometheus.scrapeConfigs = [
{ {
job_name = "nextcloud"; job_name = "nextcloud";
static_configs = [ static_configs = [
@ -143,7 +132,7 @@ in
]; ];
} }
]; ];
services.grafana.provision = { grafana.provision = {
dashboards.settings.providers = [ dashboards.settings.providers = [
{ {
name = "Nextcloud"; name = "Nextcloud";
@ -152,6 +141,19 @@ in
} }
]; ];
}; };
};
#systemd.services."nextcloud-setup" = {
# requires = [ "postgresql.service" ];
# after = [ "postgresql.service" ];
#};
my.services.backup = {
exclude = [
# image previews can take up a lot of space
"${config.services.nextcloud.home}/data/appdata_*/preview"
];
};
webapps.apps.nextcloud = { webapps.apps.nextcloud = {
dashboard = { dashboard = {

78
modules/services/nginx/default.nix
View file

@ -153,8 +153,7 @@ in
}; };
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
assertions = [ ] assertions = lib.flip builtins.map cfg.virtualHosts ({ subdomain, ... } @ args:
++ (lib.flip builtins.map cfg.virtualHosts ({ subdomain, ... } @ args:
let let
conflicts = [ "port" "root" ]; conflicts = [ "port" "root" ];
optionsNotNull = builtins.map (v: args.${v} != null) conflicts; optionsNotNull = builtins.map (v: args.${v} != null) conflicts;
@ -167,7 +166,7 @@ in
lib.concatStringsSep ", " (builtins.map (v: "'${v}'") conflicts) lib.concatStringsSep ", " (builtins.map (v: "'${v}'") conflicts)
} configured. } configured.
''; '';
})) })
# ++ ( # ++ (
# let # let
# ports = lib.my.mapFilter # ports = lib.my.mapFilter
@ -201,7 +200,8 @@ in
# map mkAssertion nonUniques # map mkAssertion nonUniques
# ) # )
; ;
services.nginx = { services = {
nginx = {
enable = true; enable = true;
statusPage = true; # For monitoring scraping. statusPage = true; # For monitoring scraping.
@ -277,10 +277,11 @@ in
extraConfig = (args.extraConfig.extraConfig or "") + '' extraConfig = (args.extraConfig.extraConfig or "") + ''
error_page 401 = @error401; error_page 401 = @error401;
''; '';
locations."@error401".return = '' locations = {
"@error401".return = ''
302 https://${cfg.sso.subdomain}.${config.networking.domain}/login?go=$scheme://$http_host$request_uri 302 https://${cfg.sso.subdomain}.${config.networking.domain}/login?go=$scheme://$http_host$request_uri
''; '';
locations."/" = { "/" = {
extraConfig = extraConfig =
(args.extraConfig.locations."/".extraConfig or "") + '' (args.extraConfig.locations."/".extraConfig or "") + ''
# Use SSO # Use SSO
@ -293,7 +294,7 @@ in
add_header Set-Cookie $cookie; add_header Set-Cookie $cookie;
''; '';
}; };
locations."/sso-auth" = { "/sso-auth" = {
proxyPass = "http://localhost:${toString cfg.sso.port}/auth"; proxyPass = "http://localhost:${toString cfg.sso.port}/auth";
extraConfig = '' extraConfig = ''
# Do not allow requests from outside # Do not allow requests from outside
@ -307,6 +308,7 @@ in
proxy_set_header X-Origin-URI $request_uri; proxy_set_header X-Origin-URI $request_uri;
''; '';
}; };
};
}) })
]) ])
; ;
@ -379,6 +381,38 @@ in
}; };
}; };
}; };
# services.prometheus = lib.mkIf cfg.monitoring.enable {
prometheus = {
exporters.nginx = {
enable = true;
listenAddress = "127.0.0.1";
};
scrapeConfigs = [
{
job_name = "nginx";
static_configs = [
{
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.nginx.port}" ];
labels = {
instance = config.networking.hostName;
};
}
];
}
];
};
grafana.provision = {
dashboards.settings.providers = [
{
name = "Nginx";
options.path = pkgs.grafana-dashboards.nginx;
disableDeletion = true;
}
];
};
};
my.services.nginx.virtualHosts = [ my.services.nginx.virtualHosts = [
{ {
subdomain = "login"; subdomain = "login";
@ -407,35 +441,5 @@ in
}; };
}; };
}; };
# services.prometheus = lib.mkIf cfg.monitoring.enable {
services.prometheus = {
exporters.nginx = {
enable = true;
listenAddress = "127.0.0.1";
};
scrapeConfigs = [
{
job_name = "nginx";
static_configs = [
{
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.nginx.port}" ];
labels = {
instance = config.networking.hostName;
};
}
];
}
];
};
services.grafana.provision = {
dashboards.settings.providers = [
{
name = "Nginx";
options.path = pkgs.grafana-dashboards.nginx;
disableDeletion = true;
}
];
};
}; };
} }

16
modules/services/prometheus/default.nix
View file

@ -78,7 +78,8 @@ in
}; };
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
services.prometheus = { services = {
prometheus = {
enable = true; enable = true;
webExternalUrl = "https://monitor.${domain}"; webExternalUrl = "https://monitor.${domain}";
inherit (cfg) port; inherit (cfg) port;
@ -125,9 +126,7 @@ in
]; ];
}; };
my.services.node-exporter.enable = true; grafana.provision = {
services.grafana.provision = {
datasources.settings.datasources = [ datasources.settings.datasources = [
{ {
name = "Prometheus"; name = "Prometheus";
@ -149,8 +148,12 @@ in
} }
]; ];
}; };
};
my.services.prometheus.rules = { my.services = {
node-exporter.enable = true;
prometheus.rules = {
prometheus_too_many_restarts = { prometheus_too_many_restarts = {
condition = ''changes(process_start_time_seconds{job=~"prometheus|alertmanager"}[15m]) > 2''; condition = ''changes(process_start_time_seconds{job=~"prometheus|alertmanager"}[15m]) > 2'';
description = "Prometheus has restarted more than twice in the last 15 minutes. It might be crashlooping"; description = "Prometheus has restarted more than twice in the last 15 minutes. It might be crashlooping";
@ -178,12 +181,13 @@ in
}; };
}; };
my.services.nginx.virtualHosts = [ nginx.virtualHosts = [
{ {
subdomain = "monitor"; subdomain = "monitor";
inherit (cfg) port; inherit (cfg) port;
} }
]; ];
};
webapps.apps = { webapps.apps = {
prometheus.dashboard = { prometheus.dashboard = {

8
modules/system/docker/default.nix
View file

@ -19,9 +19,10 @@ in
autoPrune.enable = true; autoPrune.enable = true;
}; };
services.cadvisor.enable = config.services.prometheus.enable; services = {
cadvisor.enable = config.services.prometheus.enable;
services.prometheus = { prometheus = {
scrapeConfigs = [ scrapeConfigs = [
{ {
job_name = "docker"; job_name = "docker";
@ -37,7 +38,7 @@ in
]; ];
}; };
# dashboard untested # dashboard untested
services.grafana.provision = { grafana.provision = {
dashboards.settings.providers = [ dashboards.settings.providers = [
{ {
name = "Docker"; name = "Docker";
@ -47,4 +48,5 @@ in
]; ];
}; };
}; };
};
} }

8
profiles/gaming/default.nix
View file

@ -24,8 +24,10 @@ in
programs.steam.enable = true; programs.steam.enable = true;
hardware.opengl.driSupport32Bit = true; hardware = {
hardware.opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ]; opengl.driSupport32Bit = true;
hardware.pulseaudio.support32Bit = true; opengl.extraPackages32 = with pkgs.pkgsi686Linux; [ libva ];
pulseaudio.support32Bit = true;
};
}; };
} }

10
profiles/gnome/default.nix
View file

@ -9,7 +9,6 @@ in
config = lib.mkIf cfg.enable { config = lib.mkIf cfg.enable {
programs.gnome-disks.enable = true; programs.gnome-disks.enable = true;
services.udisks2.enable = true;
xdg.mime.enable = true; xdg.mime.enable = true;
@ -17,9 +16,12 @@ in
programs.dconf.enable = true; programs.dconf.enable = true;
# gnome services # gnome services
services.dbus.packages = [ pkgs.dconf ]; services = {
services.udev.packages = [ pkgs.gnome.gnome-settings-daemon ]; udisks2.enable = true;
services.gnome.gnome-keyring.enable = true; dbus.packages = [ pkgs.dconf ];
udev.packages = [ pkgs.gnome.gnome-settings-daemon ];
gnome.gnome-keyring.enable = true;
};
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
glib glib

14
profiles/nautilus/default.nix
View file

@ -14,18 +14,14 @@ in
# enable trash & network-mount # enable trash & network-mount
services.gvfs.enable = true; services.gvfs.enable = true;
environment.sessionVariables.NAUTILUS_4_EXTENSION_DIR = "${config.system.path}/lib/nautilus/extensions-4";
environment.pathsToLink = [
"/share/nautilus-python/extensions"
];
services.gnome.glib-networking.enable = true; # network-mount services.gnome.glib-networking.enable = true; # network-mount
# default-programs # default-programs
xdg.mime.enable = true; xdg.mime.enable = true;
xdg.icons.enable = true; xdg.icons.enable = true;
environment.systemPackages = with pkgs; [ environment = {
systemPackages = with pkgs; [
gnome.nautilus gnome.nautilus
ffmpegthumbnailer # thumbnails ffmpegthumbnailer # thumbnails
@ -33,5 +29,11 @@ in
gst_all_1.gst-libav # thumbnails gst_all_1.gst-libav # thumbnails
nautilus-open-any-terminal # terminal-context-entry nautilus-open-any-terminal # terminal-context-entry
]; ];
sessionVariables.NAUTILUS_4_EXTENSION_DIR = "${config.system.path}/lib/nautilus/extensions-4";
pathsToLink = [
"/share/nautilus-python/extensions"
];
};
}; };
} }

8
profiles/sway/default.nix
View file

@ -28,10 +28,11 @@ in
]; ];
environment.pathsToLink = [ "/libexec" ]; environment.pathsToLink = [ "/libexec" ];
programs.wshowkeys.enable = true; programs = {
programs.light.enable = true; wshowkeys.enable = true;
light.enable = true;
programs.sway = { sway = {
enable = true; enable = true;
wrapperFeatures = { wrapperFeatures = {
gtk = true; gtk = true;
@ -72,4 +73,5 @@ in
''; '';
}; };
}; };
};
} }