From 92aad6ff318d9bb302288f492c2e7ca2b9b7a1c5 Mon Sep 17 00:00:00 2001 From: Seven of Nine Date: Sun, 21 Jul 2024 13:58:18 +0000 Subject: [PATCH 1/3] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/786965e1b1ed3fd2018d78399984f461e2a44689' (2024-07-11) → 'github:nix-community/disko/bec6e3cde912b8acb915fecdc509eda7c973fb42' (2024-07-19) • Updated input 'dream2nix': 'github:nix-community/dream2nix/0c6b5c8ab796f6dfb2aef1133f5b7bb25ce57cb9' (2024-07-10) → 'github:nix-community/dream2nix/4e9fd61a1201f4b3800d6946810a6b4c2ecdcde8' (2024-07-18) • Updated input 'homeManager': 'github:nix-community/home-manager/c085b984ff2808bf322f375b10fea5a415a9c43d' (2024-07-10) → 'github:nix-community/home-manager/635563f245309ef5320f80c7ebcb89b2398d2949' (2024-07-21) • Updated input 'lix': 'git+https://git@git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=014410cbf0bda9c0fcdaf5f894120883cdc805ce' (2024-07-10) → 'git+https://git@git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=94a8e5fe0dcee9b079c7f0658680098a989affa1' (2024-07-21) • Updated input 'lix-module': 'git+https://git.lix.systems/lix-project/nixos-module?ref=refs/heads/main&rev=5d9d94089fb1ca96222a34bfe245ef5c5ebefd37' (2024-06-25) → 'git+https://git.lix.systems/lix-project/nixos-module?ref=refs/heads/main&rev=d70318fb946a0e720dfdd1fb10b0645c14e2a02a' (2024-07-11) • Updated input 'mobile-nixos': 'github:NixOS/mobile-nixos/31704f8a55f5773c9b4e7adb7408a142d142e1f2' (2024-07-11) → 'github:NixOS/mobile-nixos/472073a51745cca03257cf625582252cdd04ec21' (2024-07-17) • Updated input 'nix-on-droid': 'github:nix-community/nix-on-droid/8bcadcef69dcb5ca177bfb6ea3dc6b092cda2b06' (2024-07-10) → 'github:nix-community/nix-on-droid/c00333ee42aa2b4d4825e0388a1049fdeeded6c6' (2024-07-14) • Updated input 'nix-on-droid/nix-formatter-pack/nmd': 'gitlab:rycee/nmd/b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169' (2022-10-19) → follows 'nix-on-droid/nmd' • Updated input 'nixDarwin': 'github:LnL7/nix-darwin/cf297a8d248db6a455b60133f6c0029c04ebe50e' (2024-07-10) → 'github:LnL7/nix-darwin/33bf7df5bbfcbbb49e6559b0c96c9e3b26d14e58' (2024-07-21) • Updated input 'nixd': 'github:nix-community/nixd/60a925008bc353136ba5babce437f42819c1645c' (2024-06-26) → 'github:nix-community/nixd/963dd36863e18f942e90c66b2c76e7c161b61ff9' (2024-07-21) • Updated input 'nixosHardware': 'github:NixOS/nixos-hardware/a111ce6b537df12a39874aa9672caa87f8677eda' (2024-07-09) → 'github:NixOS/nixos-hardware/ab165a8a6cd12781d76fe9cbccb9e975d0fb634f' (2024-07-19) • Updated input 'nixpkgsStable': 'github:NixOS/nixpkgs/7144d6241f02d171d25fba3edeaf15e0f2592105' (2024-07-02) → 'github:NixOS/nixpkgs/205fd4226592cc83fd4c0885a3e4c9c400efabb5' (2024-07-09) • Updated input 'pre-commit-hooks': 'github:cachix/pre-commit-hooks.nix/8d6a17d0cdf411c55f12602624df6368ad86fac1' (2024-07-09) → 'github:cachix/pre-commit-hooks.nix/f451c19376071a90d8c58ab1a953c6e9840527fd' (2024-07-15) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/750dfb555b5abdab4d3266b3f9a05dec6d205c04' (2024-07-10) → 'github:numtide/treefmt-nix/888bfb10a9b091d9ed2f5f8064de8d488f7b7c97' (2024-07-20) --- flake.lock | 105 +++++++++++++++++++++++------------------------------ 1 file changed, 46 insertions(+), 59 deletions(-) diff --git a/flake.lock b/flake.lock index 7b0925b..54b1461 100644 --- a/flake.lock +++ b/flake.lock @@ -104,11 +104,11 @@ ] }, "locked": { - "lastModified": 1720661479, - "narHash": "sha256-nsGgA14vVn0GGiqEfomtVgviRJCuSR3UEopfP8ixW1I=", + "lastModified": 1721417620, + "narHash": "sha256-6q9b1h8fI3hXg2DG6/vrKWCeG8c5Wj2Kvv22RCgedzg=", "owner": "nix-community", "repo": "disko", - "rev": "786965e1b1ed3fd2018d78399984f461e2a44689", + "rev": "bec6e3cde912b8acb915fecdc509eda7c973fb42", "type": "github" }, "original": { @@ -124,11 +124,11 @@ "pyproject-nix": "pyproject-nix" }, "locked": { - "lastModified": 1720605900, - "narHash": "sha256-/BTAC3gj1Ot7o/PINsHS2EGEtGUadI12WZlhowKn18c=", + "lastModified": 1721316623, + "narHash": "sha256-WmPX3r0YtUxvcQmTgvNld2xJooWr4f/+5dURiw7/3zc=", "owner": "nix-community", "repo": "dream2nix", - "rev": "0c6b5c8ab796f6dfb2aef1133f5b7bb25ce57cb9", + "rev": "4e9fd61a1201f4b3800d6946810a6b4c2ecdcde8", "type": "github" }, "original": { @@ -818,11 +818,11 @@ ] }, "locked": { - "lastModified": 1720646128, - "narHash": "sha256-BivO5yIQukDlJL+1875Sqf3GuOPxZDdA48dYDi3PkL8=", + "lastModified": 1721534365, + "narHash": "sha256-XpZOkaSJKdOsz1wU6JfO59Rx2fqtcarQ0y6ndIOKNpI=", "owner": "nix-community", "repo": "home-manager", - "rev": "c085b984ff2808bf322f375b10fea5a415a9c43d", + "rev": "635563f245309ef5320f80c7ebcb89b2398d2949", "type": "github" }, "original": { @@ -887,11 +887,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1720633647, - "narHash": "sha256-CjWvti4wFhRmIHpLduohKAVmU9+wI/PAOhQppCWziK8=", + "lastModified": 1721558553, + "narHash": "sha256-9t5I5t+vKBWaERUi4PMNj9BaPBe6zqr8EWOaC//dlvQ=", "ref": "refs/heads/main", - "rev": "014410cbf0bda9c0fcdaf5f894120883cdc805ce", - "revCount": 15944, + "rev": "94a8e5fe0dcee9b079c7f0658680098a989affa1", + "revCount": 16000, "type": "git", "url": "https://git@git.lix.systems/lix-project/lix" }, @@ -912,11 +912,11 @@ ] }, "locked": { - "lastModified": 1719353937, - "narHash": "sha256-86NBqDxAP20ET/UoKX0WvSItblNQ97czXb2q7lkMrwk=", + "lastModified": 1720695775, + "narHash": "sha256-8Oqzl9QPjEe/n8y0R2tC6+2v/H6xBgABHXOJwxmnBg0=", "ref": "refs/heads/main", - "rev": "5d9d94089fb1ca96222a34bfe245ef5c5ebefd37", - "revCount": 92, + "rev": "d70318fb946a0e720dfdd1fb10b0645c14e2a02a", + "revCount": 94, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -928,11 +928,11 @@ "mobile-nixos": { "flake": false, "locked": { - "lastModified": 1720660935, - "narHash": "sha256-GnDGoVaObUjnYdCHUSIYVE1anMElis+Pq+RY30LFlIk=", + "lastModified": 1721250279, + "narHash": "sha256-S47+MFnArDvR7OFCXU0BQoyLCBwSZws+t+bany7Ol6w=", "owner": "NixOS", "repo": "mobile-nixos", - "rev": "31704f8a55f5773c9b4e7adb7408a142d142e1f2", + "rev": "472073a51745cca03257cf625582252cdd04ec21", "type": "github" }, "original": { @@ -969,7 +969,10 @@ "nix-on-droid", "nixpkgs" ], - "nmd": "nmd", + "nmd": [ + "nix-on-droid", + "nmd" + ], "nmt": "nmt" }, "locked": { @@ -993,14 +996,14 @@ "nixpkgs": "nixpkgs_8", "nixpkgs-docs": "nixpkgs-docs", "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap", - "nmd": "nmd_2" + "nmd": "nmd" }, "locked": { - "lastModified": 1720612508, - "narHash": "sha256-WbjV0gmnh6jG1B292K4KIJwtBacn2sTWhiw1ZMeti9s=", + "lastModified": 1720964831, + "narHash": "sha256-UwVKfjrQ6FWTuqks6lF4+VlzPFDC/GR1Ti/iBKTEQco=", "owner": "nix-community", "repo": "nix-on-droid", - "rev": "8bcadcef69dcb5ca177bfb6ea3dc6b092cda2b06", + "rev": "c00333ee42aa2b4d4825e0388a1049fdeeded6c6", "type": "github" }, "original": { @@ -1016,11 +1019,11 @@ ] }, "locked": { - "lastModified": 1720599442, - "narHash": "sha256-jdm+sKVbBXoyrxcHbVaV0htlpq2iFR+eJw3Xe/DPcDo=", + "lastModified": 1721550066, + "narHash": "sha256-wr6sSb+VpXy8HCvBqU6xvhpaARzWUbEK7uN5tLnqYDg=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "cf297a8d248db6a455b60133f6c0029c04ebe50e", + "rev": "33bf7df5bbfcbbb49e6559b0c96c9e3b26d14e58", "type": "github" }, "original": { @@ -1060,11 +1063,11 @@ "nixpkgs": "nixpkgs_10" }, "locked": { - "lastModified": 1719387257, - "narHash": "sha256-q5nj4TFggEHcyKuETmVEFeGztkAYXl3TDIOfd6swo4U=", + "lastModified": 1721541664, + "narHash": "sha256-hk9g7kuGqDz8TYAbX9R6IvLUDnE5UpxwLR41MZ5uTDU=", "owner": "nix-community", "repo": "nixd", - "rev": "60a925008bc353136ba5babce437f42819c1645c", + "rev": "963dd36863e18f942e90c66b2c76e7c161b61ff9", "type": "github" }, "original": { @@ -1075,11 +1078,11 @@ }, "nixosHardware": { "locked": { - "lastModified": 1720515935, - "narHash": "sha256-8b+fzR4W2hI5axwB+4nBwoA15awPKkck4ghhCt8v39M=", + "lastModified": 1721413321, + "narHash": "sha256-0GdiQScDceUrVGbxYpV819LHesK3szHOhJ09e6sgES4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "a111ce6b537df12a39874aa9672caa87f8677eda", + "rev": "ab165a8a6cd12781d76fe9cbccb9e975d0fb634f", "type": "github" }, "original": { @@ -1260,11 +1263,11 @@ }, "nixpkgsStable": { "locked": { - "lastModified": 1719957072, - "narHash": "sha256-gvFhEf5nszouwLAkT9nWsDzocUTqLWHuL++dvNjMp9I=", + "lastModified": 1720535198, + "narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7144d6241f02d171d25fba3edeaf15e0f2592105", + "rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5", "type": "github" }, "original": { @@ -1466,22 +1469,6 @@ } }, "nmd": { - "flake": false, - "locked": { - "lastModified": 1666190571, - "narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=", - "owner": "rycee", - "repo": "nmd", - "rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169", - "type": "gitlab" - }, - "original": { - "owner": "rycee", - "repo": "nmd", - "type": "gitlab" - } - }, - "nmd_2": { "inputs": { "nixpkgs": [ "nix-on-droid", @@ -1579,11 +1566,11 @@ ] }, "locked": { - "lastModified": 1720524665, - "narHash": "sha256-ni/87oHPZm6Gv0ECYxr1f6uxB0UKBWJ6HvS7lwLU6oY=", + "lastModified": 1721042469, + "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "8d6a17d0cdf411c55f12602624df6368ad86fac1", + "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd", "type": "github" }, "original": { @@ -1836,11 +1823,11 @@ ] }, "locked": { - "lastModified": 1720645794, - "narHash": "sha256-vAeYp+WH7i/DlBM5xNt9QeWiOiqzzf5abO8DYGkbUxg=", + "lastModified": 1721458737, + "narHash": "sha256-wNXLQ/ATs1S4Opg1PmuNoJ+Wamqj93rgZYV3Di7kxkg=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "750dfb555b5abdab4d3266b3f9a05dec6d205c04", + "rev": "888bfb10a9b091d9ed2f5f8064de8d488f7b7c97", "type": "github" }, "original": { From 7f52ad42cd5a11d67eb13d41f6edb8813f549423 Mon Sep 17 00:00:00 2001 From: Andrea Ciceri Date: Sun, 21 Jul 2024 18:18:24 +0200 Subject: [PATCH 2/3] Enable Prometheus/Grafana/Loki --- hosts/default.nix | 2 + hosts/picard/default.nix | 1 + hosts/sisko/default.nix | 8 ++- modules/cloudflare-dyndns/default.nix | 1 + modules/grafana/default.nix | 30 +++++++++++ modules/home-assistant/default.nix | 4 ++ modules/loki/default.nix | 67 ++++++++++++++++++++++++ modules/prometheus-exporters/default.nix | 32 +++++++++++ modules/prometheus/default.nix | 33 ++++++++++++ modules/promtail/default.nix | 54 +++++++++++++++++++ modules/promtail/protmail.yaml | 0 secrets/grafana-password.age | 29 ++++++++++ secrets/home-assistant-token.age | 29 ++++++++++ secrets/secrets.nix | 2 + 14 files changed, 290 insertions(+), 2 deletions(-) create mode 100644 modules/grafana/default.nix create mode 100644 modules/loki/default.nix create mode 100644 modules/prometheus-exporters/default.nix create mode 100644 modules/prometheus/default.nix create mode 100644 modules/promtail/default.nix create mode 100644 modules/promtail/protmail.yaml create mode 100644 secrets/grafana-password.age create mode 100644 secrets/home-assistant-token.age diff --git a/hosts/default.nix b/hosts/default.nix index 8adb65e..27ff71f 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -172,6 +172,8 @@ "hercules-ci-secrets-json".owner = "hercules-ci-agent"; "cachix-personal-token".owner = "ccr"; "home-planimetry".owner = "hass"; + "home-assistant-token".owner = "prometheus"; + "grafana-password".owner = "grafana"; "cloudflare-dyndns-api-token" = {}; "restic-hetzner-password" = {}; # "minio-credentials".owner = "minio"; diff --git a/hosts/picard/default.nix b/hosts/picard/default.nix index 3dc217d..97be64f 100644 --- a/hosts/picard/default.nix +++ b/hosts/picard/default.nix @@ -41,6 +41,7 @@ "mount-rock5b" "adb" "guix" + "prometheus-exporters" ] ++ [ ./disko.nix diff --git a/hosts/sisko/default.nix b/hosts/sisko/default.nix index 6ec4fd2..8aba34a 100644 --- a/hosts/sisko/default.nix +++ b/hosts/sisko/default.nix @@ -29,13 +29,16 @@ "forgejo" # # "jellyfin" # "immich" + "prometheus" + "grafana" + "prometheus-exporters" + "loki" + "promtail" ] ++ [ ./disko.nix ]; - # FIXME why is this needed? - nixpkgs.config.permittedInsecurePackages = ["openssl-1.1.1w"]; # boot.kernelPackages = pkgs.linuxKernel.packages.linux_6_8; # boot.kernelPackages = pkgs.linuxPackagesFor pkgs.linux_testing; boot.kernelPackages = let @@ -94,6 +97,7 @@ "/var/log" "/var/lib/containers" "/var/lib/postgresql" + "/home/${config.ccr.username}/.ssh" ]; files = [ "/etc/machine-id" diff --git a/modules/cloudflare-dyndns/default.nix b/modules/cloudflare-dyndns/default.nix index 0e6be46..10fe6dc 100644 --- a/modules/cloudflare-dyndns/default.nix +++ b/modules/cloudflare-dyndns/default.nix @@ -16,6 +16,7 @@ "syncv3.matrix.aciceri.dev" "jellyfin.aciceri.dev" "photos.aciceri.dev" + "status.aciceri.dev" ]; apiTokenFile = config.age.secrets.cloudflare-dyndns-api-token.path; }; diff --git a/modules/grafana/default.nix b/modules/grafana/default.nix new file mode 100644 index 0000000..98624b8 --- /dev/null +++ b/modules/grafana/default.nix @@ -0,0 +1,30 @@ +{config, ...}: let + cfg = config.services.grafana; +in { + services.grafana = { + enable = true; + settings = { + server = { + domain = "status.aciceri.dev"; + http_addr = "127.0.0.1"; + http_port = 2342; + root_url = "https://${config.services.grafana.settings.server.domain}:443/"; + }; + security = { + admin_user = "andrea"; + admin_password = "$__file{${config.age.secrets.grafana-password.path}}"; + }; + }; + }; + environment.persistence."/persist".directories = [ + cfg.dataDir + ]; + + services.nginx.virtualHosts = { + "status.aciceri.dev" = { + enableACME = true; + forceSSL = true; + locations."/".proxyPass = "http://127.0.0.1:${builtins.toString cfg.settings.server.http_port}"; + }; + }; +} diff --git a/modules/home-assistant/default.nix b/modules/home-assistant/default.nix index b21f37c..e40f0ed 100644 --- a/modules/home-assistant/default.nix +++ b/modules/home-assistant/default.nix @@ -94,6 +94,7 @@ in { "media_player" "wyoming" "wake_on_lan" + "prometheus" ]; extraPackages = python3Packages: with python3Packages; [ @@ -148,6 +149,9 @@ in { ]; shell_command.turn_off_picard = ''${pkgs.openssh}/bin/ssh -i /var/lib/hass/.ssh/id_ed25519 -o StrictHostKeyChecking=no hass@picard.fleet "exec sudo \$(readlink \$(which systemctl)) poweroff"''; # shell_command.turn_off_picard = ''whoami''; + prometheus = { + namespace = "hass"; + }; }; }; diff --git a/modules/loki/default.nix b/modules/loki/default.nix new file mode 100644 index 0000000..79d9738 --- /dev/null +++ b/modules/loki/default.nix @@ -0,0 +1,67 @@ +{config, ...}: let + cfg = config.services.loki; +in { + services.loki = { + enable = true; + configuration = { + # Basic stuff + auth_enabled = false; + server = { + http_listen_port = 3100; + log_level = "warn"; + }; + common = { + path_prefix = config.services.loki.dataDir; + storage.filesystem = { + chunks_directory = "${cfg.dataDir}/chunks"; + rules_directory = "${cfg.dataDir}/rules"; + }; + replication_factor = 1; + ring.kvstore.store = "inmemory"; + ring.instance_addr = "127.0.0.1"; + }; + + ingester.chunk_encoding = "snappy"; + + limits_config = { + retention_period = "120h"; + ingestion_burst_size_mb = 16; + reject_old_samples = true; + reject_old_samples_max_age = "12h"; + }; + + table_manager = { + retention_deletes_enabled = true; + retention_period = "120h"; + }; + + compactor = { + retention_enabled = true; + compaction_interval = "10m"; + working_directory = "${cfg.dataDir}/compactor"; + delete_request_cancel_period = "10m"; # don't wait 24h before processing the delete_request + retention_delete_delay = "2h"; + retention_delete_worker_count = 150; + delete_request_store = "filesystem"; + }; + + schema_config.configs = [ + { + from = "2020-11-08"; + store = "tsdb"; + object_store = "filesystem"; + schema = "v13"; + index.prefix = "index_"; + index.period = "24h"; + } + ]; + + query_range.cache_results = true; + limits_config.split_queries_by_interval = "24h"; + }; + }; + + environment.persistence."/persist".directories = [ + cfg.dataDir + ]; +} diff --git a/modules/prometheus-exporters/default.nix b/modules/prometheus-exporters/default.nix new file mode 100644 index 0000000..ceaab99 --- /dev/null +++ b/modules/prometheus-exporters/default.nix @@ -0,0 +1,32 @@ +{ + config, + pkgs, + ... +}: { + services.prometheus.exporters.node = { + enable = true; + enabledCollectors = [ + "cpu" + "conntrack" + "diskstats" + "entropy" + "filefd" + "filesystem" + "loadavg" + "mdadm" + "meminfo" + "netdev" + "netstat" + "stat" + "time" + "vmstat" + "systemd" + "logind" + "interrupts" + "ksmd" + "textfile" + "pressure" + ]; + extraFlags = ["--collector.ethtool" "--collector.softirqs" "--collector.tcpstat" "--collector.wifi"]; + }; +} diff --git a/modules/prometheus/default.nix b/modules/prometheus/default.nix new file mode 100644 index 0000000..e77b7d6 --- /dev/null +++ b/modules/prometheus/default.nix @@ -0,0 +1,33 @@ +{config, ...}: let + cfg = config.services.prometheus; +in { + services.prometheus = { + enable = true; + checkConfig = false; # Otherwise it will fail because it cannot access bearer_token_file + webExternalUrl = "https://status.aciceri.dev"; + globalConfig.scrape_interval = "10s"; + scrapeConfigs = [ + { + job_name = "hass"; + metrics_path = "/api/prometheus"; + bearer_token_file = config.age.secrets.home-assistant-token.path; + static_configs = [ + { + targets = ["sisko.fleet:${builtins.toString config.services.home-assistant.config.http.server_port}"]; + } + ]; + } + { + job_name = "node"; + static_configs = [ + { + targets = builtins.map (host: "${host}.fleet:9100") ["sisko" "picard"]; + } + ]; + } + ]; + }; + environment.persistence."/persist".directories = [ + "/var/lib/${cfg.stateDir}" + ]; +} diff --git a/modules/promtail/default.nix b/modules/promtail/default.nix new file mode 100644 index 0000000..74f2eec --- /dev/null +++ b/modules/promtail/default.nix @@ -0,0 +1,54 @@ +{ + pkgs, + lib, + config, + ... +}: let + conf = { + server = { + http_listen_port = 28183; + grpc_listen_port = 0; + }; + clients = [ + { + url = "http://sisko.fleet:${builtins.toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push"; + } + ]; + positions = { + filename = "/tmp/positions.yaml"; + }; + scrape_configs = [ + { + job_name = "journal"; + journal = { + max_age = "12h"; + labels = { + job = "systemd-journal"; + host = config.networking.hostName; + }; + }; + relabel_configs = [ + { + source_labels = ["__journal__systemd_unit"]; + target_label = "unit"; + } + ]; + } + ]; + }; + configFile = pkgs.writeTextFile { + name = "promtail.yaml"; + text = lib.generators.toYAML {} conf; + }; +in { + systemd.services.promtail = { + description = "Promtail service for Loki"; + wantedBy = ["multi-user.target"]; + + serviceConfig = { + ExecStart = '' + ${pkgs.grafana-loki}/bin/promtail --config.file ${configFile} + ''; + }; + }; +} diff --git a/modules/promtail/protmail.yaml b/modules/promtail/protmail.yaml new file mode 100644 index 0000000..e69de29 diff --git a/secrets/grafana-password.age b/secrets/grafana-password.age new file mode 100644 index 0000000..b042c07 --- /dev/null +++ b/secrets/grafana-password.age @@ -0,0 +1,29 @@ +age-encryption.org/v1 +-> ssh-rsa /AagBw +TevAEnbonePC8z7uK+0ywO2fOZ2wqerIuF3jS3dGSNJLG3xn+92lHiBbVxc0uza7 +LcetZrcEkqoAqo1CGWnUlvmxm/MYF+bGKsM7wgXoi54XIBXTzcSFiK8Il+htNQsH +l11yN4OfCLlG8YT7Yr/1oZHd/k1sSaDW//3tpM4yftZhjZub/Q5m9LAUYZ3fWbPO +lS7AcDwgYPx0wERlfms9t+n9z62qev3leSuQLvTYwktfgAB7XFEIBI2DHZYIZ7IM +gUVXkBHZbMCrxS08b5IP2R7ajiV4RUz8c36TbZY4WWXId3eUkiV1HERzSDmzxtCH +LqZ+GCQRA33g5kXP/5Lxwknr9J4bdk6sBrFl28nawaUyKz7yCBZBZ7hwrvxXJkjS +zOZ+DLSHKqJXYWD1Juq5QtPhsimTr1FhA9ibm6OtjmtMg+TaJpVwXIR0wWrKXSfs +u+kKUWQMFRB07iA+ho86BRvIkhOt8EsrrwXtAjKXCUVm0D9HPfj6R6tzAMT/5Obb +6SmRmlhiJlNB2eqocaTuZEtiHPVyFNFWlYUqaw4wncogVS+Tc8hEuSuZB6kX9nCt +B473PEsqAl5cjkJOFy6VFIdce0S3gflcRceKd7v6Yzvu+UXZbwCOQC75jidsDoJj +6aBfGDhNtTt5zyvuiktlHXpamOKFd1LJPqMfjzM7ka0 +-> ssh-rsa QHr3/A +J5pKmu/0IK971olnG7abbezq3wC/izp9i1+TRwwRdMIWdJEXIeNDkWbZa8IzOFwM +1Dz+g4PiIJf1Rmfij+8fXodoTIkh0oF3Nr3bx+3IkGmUfV56SRlLXZQBJsT1qQQ6 +ejPhJwvtcOZbbRNECkLeaRErAS6rfNWXc0dn6q9WzBOG8pIXUgFjvP3ak7LpCBz9 +yuJvFF1uExydOf4xM9B17ar72qEdMksWSiCsld8wpAPyxkMeaJpDSXc50sYFt2P9 +tqT8LGS/cHwhlKMzywbYRClp6tXmV5lit+MEucodOQLgFVk/tOySOPeMfjgud++F +yWcYGVZxuine00trnSwuUHTJVvRWJ7xUUdX1Gi/ZPb6SeJaIcWB/VA0e3OvST5J3 +0Zpma/ZqD61ivL6yaj49xiz+sT74tHN8+duPcbiaHMb3DkmjNmptI5x1fJx/k7Dp +WC4Sy4s86tSbrebRrJU3oDGEaXPeJS40QDRhhNTvhOPOOR6K724IWAAFABiHVWOd +o4lXaL3wUaLrgbKIX8f7gwKsGjziMW43HicpnaLOH30OeU4mDtRPRVEboJ5kbsFj +uup5YILnAuhtVjrt+vL0hVbQf0Ll2678jneuu9p816nYj1W58kG6jyGd5n+8jPPi +4g/COiYemaD/qnOvNc51E4vKieV99reaAwZtFV2HwQM +-> ssh-ed25519 +vdRnA yYxNN5g4AFwd+KobTSE6f+ROdXqwBRl9dmq6ZpilmA8 +oEKqsUekQMziv74yx5Y9M5MYy85LoFMFYM5rwUgdcSI +--- sKSqHbosmsAkMN3OUyVWcKMsqAmKkn9fcAi5kdNqDWY + 9WVrn&ю㢹_|Q[CWYذ \ No newline at end of file diff --git a/secrets/home-assistant-token.age b/secrets/home-assistant-token.age new file mode 100644 index 0000000..00542aa --- /dev/null +++ b/secrets/home-assistant-token.age @@ -0,0 +1,29 @@ +age-encryption.org/v1 +-> ssh-rsa /AagBw +Q2vgJ5hIP92ny8yk2gih/ZbmUpz+CdGMeQnX2ekORZAkWSuCQvGnBM9gAvRyhoa2 +2pmPOjP72HaL8fapcdZlcKHZ7IiQuT+3VWekQmIrrMSlSIwVnvasnOBInxA9f91k +hPR4Np6szQJjMLY7jsgwC0FrrUbgkZIVJp+y+zW+Vk09jdVb84vnBX0QFu/T01Qe +B0GfAmyZnWnxaKkNyNZb3afd+dpWZiZ79jnA4qOkjfXhhmiW2Ng23XdkHfjS8ekN +UptlWH8zbBwhzcFCGDkLEMs6/IewozqvzyS4eqmDfwj8saO78ue2R5pE2skNwq/q +EOneH592KqEIWNFgQPS6P4gjmyWtMnJsWm5SvEcg6mDaE1e6acJ7kb/kYI5zyK6y +PF7lzqsoge/+ptvbQxTwlvhhJIGob3Wqf2/soep+o6C4Vh87Wt2zhHmKR7Mt4Nrl +IIs94GU9SDTz1zDOjaBW/msPDagskVpQnu7z3p9iTnBKdxs4WEpugbPZTUVioChA +c3T8PxLy4pzhm88Rz1KNK9h++uTCPIooGOHVQj+WQpUf+ifWEWiwYEdeTbeutjgF +jz3Ntl9YOzm/w1JCzOVdOge7dvfx0J6qAFbf4OkcLhf8bv2ljSL429NH1lp3DCHY +qwN4wlKpOMGThw3pS2SVd6GqINwehrbS4OVobE/kVH8 +-> ssh-rsa QHr3/A +OjdbkVy7w5q3kxFm/4uMbjuIMyVuLSqSWQDvfE1T3vEwkIRJ1w8DOIwahO1qP6CL +oZOH9A5xnS+UcJOSdTqiN4hHC03uuxx1unh/CHPm6zsSksCDHkLvVVhHMaVINvQz +YtV/bek9AWdgT6zMke0pv+zzuCqFGLT7Og1k+aCHtECkF3mB6Etm2P7knggJ2BX3 +L9YzsxSO4jj0PBFGX6nHR71dfq2bctik+mKW8LjS1cQ6plOdEsNHUR7s0bwoslrA +KdD6WOHoEOlxfTLiJmNB0A5pZb+iXJOP+ygrpC6WfJHU8nEWZzglNaVqrv14pieH +uez3nji2ZRsfkeXZI4vQJJ8EQ4LJtNhqki9+AcDYxX8pPUQs3e77ytcMYUMkhZmf +p8rC8eXPP69vS+Ia1xyL2nGqPmggZh7iT1VKOC8kXcHX0UB9WZXcJqPeDtQUO6l9 +cbGFSF9GkWfuVya7tl7rnRQVQs0Ko6XjOAFiOF8WA0YFNACV/2wVawH4rJ6Km48z +Gv+65Zk3yCXP231saE/Ztv3W43XLiJVDuw2RlUFXpJarGqAAZBhSC4qtDAgzHYLU +CxPrRtoIzOMv4iTzQmjJQFpArOBXU0yWZkaVwn57w6jEzk9NyqTZ02Oxb7DwK528 +F/fQOyw1b3GYJY7igv8+KbB+Bup9QQuvHxuxpRaqnek +-> ssh-ed25519 +vdRnA 2bZe+2cbP6T+Aa1g4lWhnOLkJdT7YqfCxTLKZ6wOKhw +i0+UOKIioQz01GfATEmNZVdGeIM2QRIiaUyRdqTgXCM +--- +1qA7qnzAo1u6/yQytQoq7MsZ7owcIa5uAqdg8UQ3tY +q|Ti'ګ^%;^4ǁ‚}+%ϡ ~آE>р0%gEMg.FPWǭ \$Y;2^;LiXM@%\Vࢼs$sXԬ̢|尹\Jܾ3!NC)ƿrQƟAQO0 ã( \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 0e092b5..8f3c4ef 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -17,10 +17,12 @@ in "aws-credentials.age".publicKeys = [ccr-ssh ccr-gpg picard sisko]; "nextcloud-admin-pass.age".publicKeys = [ccr-ssh ccr-gpg sisko]; "home-planimetry.age".publicKeys = [ccr-ssh ccr-gpg sisko]; + "home-assistant-token.age".publicKeys = [ccr-ssh ccr-gpg sisko]; "chatgpt-token.age".publicKeys = [ccr-ssh ccr-gpg kirk mothership picard deltaflyer]; "cloudflare-dyndns-api-token.age".publicKeys = [ccr-ssh ccr-gpg sisko]; "restic-hetzner-password.age".publicKeys = [ccr-ssh ccr-gpg picard sisko kirk]; "hass-ssh-key.age".publicKeys = [ccr-ssh ccr-gpg sisko]; + "grafana-password.age".publicKeys = [ccr-ssh ccr-gpg sisko]; "matrix-registration-shared-secret.age".publicKeys = [ccr-ssh ccr-gpg sisko]; "matrix-sliding-sync-secret.age".publicKeys = [ccr-ssh ccr-gpg sisko]; "forgejo-runners-token.age".publicKeys = [ccr-ssh ccr-gpg picard]; From 1fc860ac11e63d57120de9ec7a0bd29fb7d2bdc8 Mon Sep 17 00:00:00 2001 From: Seven of Nine Date: Mon, 22 Jul 2024 13:02:03 +0000 Subject: [PATCH 3/3] flake.lock: Update MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Flake lock file updates: • Updated input 'disko': 'github:nix-community/disko/786965e1b1ed3fd2018d78399984f461e2a44689' (2024-07-11) → 'github:nix-community/disko/2f5df5dcceb8473dd5715c4ae92f9b0d5f87fff9' (2024-07-22) • Updated input 'dream2nix': 'github:nix-community/dream2nix/0c6b5c8ab796f6dfb2aef1133f5b7bb25ce57cb9' (2024-07-10) → 'github:nix-community/dream2nix/4e9fd61a1201f4b3800d6946810a6b4c2ecdcde8' (2024-07-18) • Updated input 'homeManager': 'github:nix-community/home-manager/c085b984ff2808bf322f375b10fea5a415a9c43d' (2024-07-10) → 'github:nix-community/home-manager/635563f245309ef5320f80c7ebcb89b2398d2949' (2024-07-21) • Updated input 'lix': 'git+https://git@git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=014410cbf0bda9c0fcdaf5f894120883cdc805ce' (2024-07-10) → 'git+https://git@git.lix.systems/lix-project/lix?ref=refs/heads/main&rev=2d4aca25468184fdd2f6be034ab9aa9c28d2839e' (2024-07-21) • Updated input 'lix-module': 'git+https://git.lix.systems/lix-project/nixos-module?ref=refs/heads/main&rev=5d9d94089fb1ca96222a34bfe245ef5c5ebefd37' (2024-06-25) → 'git+https://git.lix.systems/lix-project/nixos-module?ref=refs/heads/main&rev=d70318fb946a0e720dfdd1fb10b0645c14e2a02a' (2024-07-11) • Updated input 'mobile-nixos': 'github:NixOS/mobile-nixos/31704f8a55f5773c9b4e7adb7408a142d142e1f2' (2024-07-11) → 'github:NixOS/mobile-nixos/472073a51745cca03257cf625582252cdd04ec21' (2024-07-17) • Updated input 'nix-on-droid': 'github:nix-community/nix-on-droid/8bcadcef69dcb5ca177bfb6ea3dc6b092cda2b06' (2024-07-10) → 'github:nix-community/nix-on-droid/c00333ee42aa2b4d4825e0388a1049fdeeded6c6' (2024-07-14) • Updated input 'nix-on-droid/nix-formatter-pack/nmd': 'gitlab:rycee/nmd/b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169' (2022-10-19) → follows 'nix-on-droid/nmd' • Updated input 'nixDarwin': 'github:LnL7/nix-darwin/cf297a8d248db6a455b60133f6c0029c04ebe50e' (2024-07-10) → 'github:LnL7/nix-darwin/33bf7df5bbfcbbb49e6559b0c96c9e3b26d14e58' (2024-07-21) • Updated input 'nixd': 'github:nix-community/nixd/60a925008bc353136ba5babce437f42819c1645c' (2024-06-26) → 'github:nix-community/nixd/87135e0dfb3d56262e39de123d5741d2d892dd5e' (2024-07-21) • Updated input 'nixosHardware': 'github:NixOS/nixos-hardware/a111ce6b537df12a39874aa9672caa87f8677eda' (2024-07-09) → 'github:NixOS/nixos-hardware/ab165a8a6cd12781d76fe9cbccb9e975d0fb634f' (2024-07-19) • Updated input 'nixpkgsStable': 'github:NixOS/nixpkgs/7144d6241f02d171d25fba3edeaf15e0f2592105' (2024-07-02) → 'github:NixOS/nixpkgs/205fd4226592cc83fd4c0885a3e4c9c400efabb5' (2024-07-09) • Updated input 'pre-commit-hooks': 'github:cachix/pre-commit-hooks.nix/8d6a17d0cdf411c55f12602624df6368ad86fac1' (2024-07-09) → 'github:cachix/pre-commit-hooks.nix/f451c19376071a90d8c58ab1a953c6e9840527fd' (2024-07-15) • Updated input 'treefmt-nix': 'github:numtide/treefmt-nix/750dfb555b5abdab4d3266b3f9a05dec6d205c04' (2024-07-10) → 'github:numtide/treefmt-nix/888bfb10a9b091d9ed2f5f8064de8d488f7b7c97' (2024-07-20) --- flake.lock | 105 +++++++++++++++++++++++------------------------------ 1 file changed, 46 insertions(+), 59 deletions(-) diff --git a/flake.lock b/flake.lock index 7b0925b..7fcb9a4 100644 --- a/flake.lock +++ b/flake.lock @@ -104,11 +104,11 @@ ] }, "locked": { - "lastModified": 1720661479, - "narHash": "sha256-nsGgA14vVn0GGiqEfomtVgviRJCuSR3UEopfP8ixW1I=", + "lastModified": 1721612107, + "narHash": "sha256-1F2N90WqHV14oIn5RpDfzINj4zMi5gBQOt1BAc34gGM=", "owner": "nix-community", "repo": "disko", - "rev": "786965e1b1ed3fd2018d78399984f461e2a44689", + "rev": "2f5df5dcceb8473dd5715c4ae92f9b0d5f87fff9", "type": "github" }, "original": { @@ -124,11 +124,11 @@ "pyproject-nix": "pyproject-nix" }, "locked": { - "lastModified": 1720605900, - "narHash": "sha256-/BTAC3gj1Ot7o/PINsHS2EGEtGUadI12WZlhowKn18c=", + "lastModified": 1721316623, + "narHash": "sha256-WmPX3r0YtUxvcQmTgvNld2xJooWr4f/+5dURiw7/3zc=", "owner": "nix-community", "repo": "dream2nix", - "rev": "0c6b5c8ab796f6dfb2aef1133f5b7bb25ce57cb9", + "rev": "4e9fd61a1201f4b3800d6946810a6b4c2ecdcde8", "type": "github" }, "original": { @@ -818,11 +818,11 @@ ] }, "locked": { - "lastModified": 1720646128, - "narHash": "sha256-BivO5yIQukDlJL+1875Sqf3GuOPxZDdA48dYDi3PkL8=", + "lastModified": 1721534365, + "narHash": "sha256-XpZOkaSJKdOsz1wU6JfO59Rx2fqtcarQ0y6ndIOKNpI=", "owner": "nix-community", "repo": "home-manager", - "rev": "c085b984ff2808bf322f375b10fea5a415a9c43d", + "rev": "635563f245309ef5320f80c7ebcb89b2398d2949", "type": "github" }, "original": { @@ -887,11 +887,11 @@ "lix": { "flake": false, "locked": { - "lastModified": 1720633647, - "narHash": "sha256-CjWvti4wFhRmIHpLduohKAVmU9+wI/PAOhQppCWziK8=", + "lastModified": 1721559271, + "narHash": "sha256-eUvPvpDLRl6553EsoUmzgNYES8X4CYYoWIJ64hhvfGg=", "ref": "refs/heads/main", - "rev": "014410cbf0bda9c0fcdaf5f894120883cdc805ce", - "revCount": 15944, + "rev": "2d4aca25468184fdd2f6be034ab9aa9c28d2839e", + "revCount": 16001, "type": "git", "url": "https://git@git.lix.systems/lix-project/lix" }, @@ -912,11 +912,11 @@ ] }, "locked": { - "lastModified": 1719353937, - "narHash": "sha256-86NBqDxAP20ET/UoKX0WvSItblNQ97czXb2q7lkMrwk=", + "lastModified": 1720695775, + "narHash": "sha256-8Oqzl9QPjEe/n8y0R2tC6+2v/H6xBgABHXOJwxmnBg0=", "ref": "refs/heads/main", - "rev": "5d9d94089fb1ca96222a34bfe245ef5c5ebefd37", - "revCount": 92, + "rev": "d70318fb946a0e720dfdd1fb10b0645c14e2a02a", + "revCount": 94, "type": "git", "url": "https://git.lix.systems/lix-project/nixos-module" }, @@ -928,11 +928,11 @@ "mobile-nixos": { "flake": false, "locked": { - "lastModified": 1720660935, - "narHash": "sha256-GnDGoVaObUjnYdCHUSIYVE1anMElis+Pq+RY30LFlIk=", + "lastModified": 1721250279, + "narHash": "sha256-S47+MFnArDvR7OFCXU0BQoyLCBwSZws+t+bany7Ol6w=", "owner": "NixOS", "repo": "mobile-nixos", - "rev": "31704f8a55f5773c9b4e7adb7408a142d142e1f2", + "rev": "472073a51745cca03257cf625582252cdd04ec21", "type": "github" }, "original": { @@ -969,7 +969,10 @@ "nix-on-droid", "nixpkgs" ], - "nmd": "nmd", + "nmd": [ + "nix-on-droid", + "nmd" + ], "nmt": "nmt" }, "locked": { @@ -993,14 +996,14 @@ "nixpkgs": "nixpkgs_8", "nixpkgs-docs": "nixpkgs-docs", "nixpkgs-for-bootstrap": "nixpkgs-for-bootstrap", - "nmd": "nmd_2" + "nmd": "nmd" }, "locked": { - "lastModified": 1720612508, - "narHash": "sha256-WbjV0gmnh6jG1B292K4KIJwtBacn2sTWhiw1ZMeti9s=", + "lastModified": 1720964831, + "narHash": "sha256-UwVKfjrQ6FWTuqks6lF4+VlzPFDC/GR1Ti/iBKTEQco=", "owner": "nix-community", "repo": "nix-on-droid", - "rev": "8bcadcef69dcb5ca177bfb6ea3dc6b092cda2b06", + "rev": "c00333ee42aa2b4d4825e0388a1049fdeeded6c6", "type": "github" }, "original": { @@ -1016,11 +1019,11 @@ ] }, "locked": { - "lastModified": 1720599442, - "narHash": "sha256-jdm+sKVbBXoyrxcHbVaV0htlpq2iFR+eJw3Xe/DPcDo=", + "lastModified": 1721550066, + "narHash": "sha256-wr6sSb+VpXy8HCvBqU6xvhpaARzWUbEK7uN5tLnqYDg=", "owner": "LnL7", "repo": "nix-darwin", - "rev": "cf297a8d248db6a455b60133f6c0029c04ebe50e", + "rev": "33bf7df5bbfcbbb49e6559b0c96c9e3b26d14e58", "type": "github" }, "original": { @@ -1060,11 +1063,11 @@ "nixpkgs": "nixpkgs_10" }, "locked": { - "lastModified": 1719387257, - "narHash": "sha256-q5nj4TFggEHcyKuETmVEFeGztkAYXl3TDIOfd6swo4U=", + "lastModified": 1721581528, + "narHash": "sha256-3esP3cMdqotokFJYxcu680r2VaSA78T03A2VwCZuWEw=", "owner": "nix-community", "repo": "nixd", - "rev": "60a925008bc353136ba5babce437f42819c1645c", + "rev": "87135e0dfb3d56262e39de123d5741d2d892dd5e", "type": "github" }, "original": { @@ -1075,11 +1078,11 @@ }, "nixosHardware": { "locked": { - "lastModified": 1720515935, - "narHash": "sha256-8b+fzR4W2hI5axwB+4nBwoA15awPKkck4ghhCt8v39M=", + "lastModified": 1721413321, + "narHash": "sha256-0GdiQScDceUrVGbxYpV819LHesK3szHOhJ09e6sgES4=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "a111ce6b537df12a39874aa9672caa87f8677eda", + "rev": "ab165a8a6cd12781d76fe9cbccb9e975d0fb634f", "type": "github" }, "original": { @@ -1260,11 +1263,11 @@ }, "nixpkgsStable": { "locked": { - "lastModified": 1719957072, - "narHash": "sha256-gvFhEf5nszouwLAkT9nWsDzocUTqLWHuL++dvNjMp9I=", + "lastModified": 1720535198, + "narHash": "sha256-zwVvxrdIzralnSbcpghA92tWu2DV2lwv89xZc8MTrbg=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "7144d6241f02d171d25fba3edeaf15e0f2592105", + "rev": "205fd4226592cc83fd4c0885a3e4c9c400efabb5", "type": "github" }, "original": { @@ -1466,22 +1469,6 @@ } }, "nmd": { - "flake": false, - "locked": { - "lastModified": 1666190571, - "narHash": "sha256-Z1hc7M9X6L+H83o9vOprijpzhTfOBjd0KmUTnpHAVjA=", - "owner": "rycee", - "repo": "nmd", - "rev": "b75d312b4f33bd3294cd8ae5c2ca8c6da2afc169", - "type": "gitlab" - }, - "original": { - "owner": "rycee", - "repo": "nmd", - "type": "gitlab" - } - }, - "nmd_2": { "inputs": { "nixpkgs": [ "nix-on-droid", @@ -1579,11 +1566,11 @@ ] }, "locked": { - "lastModified": 1720524665, - "narHash": "sha256-ni/87oHPZm6Gv0ECYxr1f6uxB0UKBWJ6HvS7lwLU6oY=", + "lastModified": 1721042469, + "narHash": "sha256-6FPUl7HVtvRHCCBQne7Ylp4p+dpP3P/OYuzjztZ4s70=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "8d6a17d0cdf411c55f12602624df6368ad86fac1", + "rev": "f451c19376071a90d8c58ab1a953c6e9840527fd", "type": "github" }, "original": { @@ -1836,11 +1823,11 @@ ] }, "locked": { - "lastModified": 1720645794, - "narHash": "sha256-vAeYp+WH7i/DlBM5xNt9QeWiOiqzzf5abO8DYGkbUxg=", + "lastModified": 1721458737, + "narHash": "sha256-wNXLQ/ATs1S4Opg1PmuNoJ+Wamqj93rgZYV3Di7kxkg=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "750dfb555b5abdab4d3266b3f9a05dec6d205c04", + "rev": "888bfb10a9b091d9ed2f5f8064de8d488f7b7c97", "type": "github" }, "original": {