This commit is contained in:
parent
003b5516fe
commit
11e159c7c9
2 changed files with 73 additions and 4 deletions
|
@ -448,7 +448,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
|
||||||
{
|
{
|
||||||
# family storage
|
# family storage
|
||||||
systemd.tmpfiles.settings = {
|
systemd.tmpfiles.settings = {
|
||||||
"10-backups" = {
|
"10-family" = {
|
||||||
"/storage/family" = {
|
"/storage/family" = {
|
||||||
"d" = {
|
"d" = {
|
||||||
mode = "0770";
|
mode = "0770";
|
||||||
|
@ -479,7 +479,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
|
||||||
{
|
{
|
||||||
# daniel augments
|
# daniel augments
|
||||||
systemd.tmpfiles.settings = {
|
systemd.tmpfiles.settings = {
|
||||||
"10-backups" = {
|
"10-daniel" = {
|
||||||
"/storage/daniel" = {
|
"/storage/daniel" = {
|
||||||
"d" = {
|
"d" = {
|
||||||
mode = "0700";
|
mode = "0700";
|
||||||
|
@ -586,7 +586,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
systemd.tmpfiles.settings = {
|
systemd.tmpfiles.settings = {
|
||||||
"10-backups" = {
|
"10-postgres" = {
|
||||||
"/storage/postgres" = {
|
"/storage/postgres" = {
|
||||||
"d" = {
|
"d" = {
|
||||||
mode = "0750";
|
mode = "0750";
|
||||||
|
@ -676,7 +676,7 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
|
||||||
openssh.authorizedKeys.keys = [] ++ config.users.users.daniel.openssh.authorizedKeys.keys;
|
openssh.authorizedKeys.keys = [] ++ config.users.users.daniel.openssh.authorizedKeys.keys;
|
||||||
};
|
};
|
||||||
systemd.tmpfiles.settings = {
|
systemd.tmpfiles.settings = {
|
||||||
"10-caddy" = {
|
"10-backups-local" = {
|
||||||
"/storage/backups/local" = {
|
"/storage/backups/local" = {
|
||||||
"d" = {
|
"d" = {
|
||||||
mode = "0750";
|
mode = "0750";
|
||||||
|
@ -1441,6 +1441,73 @@ sudo nix run nixpkgs#ipmitool -- raw 0x30 0x30 0x02 0xff 0x00
|
||||||
extraConfig = ''reverse_proxy :${toString config.services.audiobookshelf.port}'';
|
extraConfig = ''reverse_proxy :${toString config.services.audiobookshelf.port}'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
{
|
||||||
|
# prometheus
|
||||||
|
services.restic.commonPaths = [
|
||||||
|
# TODO: do I want this backed up?
|
||||||
|
# "/var/lib/prometheus"
|
||||||
|
];
|
||||||
|
services.prometheus = {
|
||||||
|
enable = true;
|
||||||
|
checkConfig = true;
|
||||||
|
listenAddress = "127.0.0.1";
|
||||||
|
port = 9090;
|
||||||
|
exporters = {
|
||||||
|
postgres = {
|
||||||
|
enable = true;
|
||||||
|
# runAsLocalSuperUser = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
# alertmanager.enable = true; # grafana for alerts?
|
||||||
|
};
|
||||||
|
# services.node-exporter.enable = true; # TODO: node-exporter?
|
||||||
|
# TODO: exporters.zfs?
|
||||||
|
# TODO: promtail?
|
||||||
|
# idrac exporter?
|
||||||
|
# restic exporter?
|
||||||
|
# smartctl exporter?
|
||||||
|
# systemd exporter?
|
||||||
|
# NOTE: we probably don't want this exposed
|
||||||
|
# services.caddy.virtualHosts."prometheus.h.lyte.dev" = {
|
||||||
|
# extraConfig = ''reverse_proxy :${toString config.services.prometheus.port}'';
|
||||||
|
# };
|
||||||
|
}
|
||||||
|
{
|
||||||
|
# grafana
|
||||||
|
systemd.tmpfiles.settings = {
|
||||||
|
"10-grafana" = {
|
||||||
|
"/storage/grafana" = {
|
||||||
|
"d" = {
|
||||||
|
mode = "0750";
|
||||||
|
user = "root";
|
||||||
|
group = "family";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
services.restic.commonPaths = [
|
||||||
|
# TODO: do I want this backed up?
|
||||||
|
# "/storage/grafana"
|
||||||
|
];
|
||||||
|
services.grafana = {
|
||||||
|
enable = true;
|
||||||
|
dataDir = "/storage/grafana";
|
||||||
|
provision = {
|
||||||
|
enable = true;
|
||||||
|
};
|
||||||
|
settings = {
|
||||||
|
server = {
|
||||||
|
http_port = 3814;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
networking.firewall.allowedTCPPorts = [
|
||||||
|
9000
|
||||||
|
];
|
||||||
|
services.caddy.virtualHosts."grafana.h.lyte.dev" = {
|
||||||
|
extraConfig = ''reverse_proxy :${toString config.services.grafana.settings.server.http_port}'';
|
||||||
|
};
|
||||||
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
# TODO: non-root processes and services that access secrets need to be part of
|
# TODO: non-root processes and services that access secrets need to be part of
|
||||||
|
|
|
@ -55,6 +55,8 @@
|
||||||
"files.lyte.dev"
|
"files.lyte.dev"
|
||||||
"vpn.h.lyte.dev"
|
"vpn.h.lyte.dev"
|
||||||
"atuin.h.lyte.dev"
|
"atuin.h.lyte.dev"
|
||||||
|
"grafana.h.lyte.dev"
|
||||||
|
"prometheus.h.lyte.dev"
|
||||||
"a.lyte.dev"
|
"a.lyte.dev"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
Loading…
Reference in a new issue