gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

Removed defunct modules + services. README update. Monitoring fix.

Browse source
This commit is contained in:
kat witch 2021-08-29 04:54:47 +01:00
parent 47e625ef14
commit 90cf5d1ff9
No known key found for this signature in database
GPG key ID: 1B477797DCA5EC72
7 changed files with 67 additions and 279 deletions
Download patch file Download diff file Expand all files Collapse all files

53
README.md
View file

@ -9,6 +9,8 @@ These are the NixOS configurations for my systems. I run nothing other than NixO
* [Nodes](#nodes)
* [Profiles](#profiles)
* [User Profiles](#user-profiles)
* [Services](#services)
* [Modules](#modules)
* [CI](#ci)
* [Dependencies](#dependencies)
* [Commands](#commands)
@ -45,6 +47,57 @@ These are the NixOS configurations for my systems. I run nothing other than NixO
| [services](config/users/kat/services) | User services. weechat and mpd are provided. |
| [sway](config/users/kat/sway) | sway, i3gopher, swayidle, swaylock-effects, screenshot tool, [kittywitch/konawall-rs](https://github.com/kittywitch/konawall-rs), mako, wofi, waybar and xkb (custom layout o:) configuration. |
## Services
| Service | Description |
| --- | --- |
| [filehost](config/services/filehost/default.nix) | I sling things in here via SSH/SCP. |
| [fusionpbx](config/services/fusionpbx/default.nix) | FusionPBX. Fancy PBX. |
| [gitea](config/services/gitea/default.nix) | Self-hosted git with mail support. |
| [jellyfin](config/services/jellyfin/default.nix) | HTPC/NAS stuff. |
| [katsplash](config/services/katsplash/default.nix) | A splash screen for some hosts. |
| [kattv-ingest](config/services/kattv-ingest/default.nix) | Takes data from kattv, slings to RTMP. |
| [kattv](config/services/kattv/default.nix) | Takes data from a webcam, slings to kattv-ingest. |
| [logrotate](config/services/logrotate/default.nix) | Rotates logs! |
| [mail](config/services/mail/default.nix) | [nixos-mailserver](https://gitlab.com/simple-nixos-mailserver/nixos-mailserver). |
| [matrix](config/services/matrix/default.nix) | Synapse and some appservices. Need to migrate the appservice configs in. |
| [murmur](config/services/murmur/default.nix) | Mumble! |
| [nfs](config/services/nfs/default.nix) | Network filesy stuff. |
| [nginx](config/services/nginx/default.nix) | Our NGINX preset configs. |
| [postgres](config/services/postgres/default.nix) | Database of choice. |
| [radicale](config/services/radicale/default.nix) | CalDAV, integrated with the mail service. |
| [restic](config/services/restic/default.nix) | Backups! |
| [syncplay](config/services/syncplay/default.nix) | Watching videos with friends and lovers. Usually, lovers. |
| [taskserver](config/services/taskserver/default.nix) | Taskwarrior server. |
| [transmission](config/services/transmission/default.nix) | Linux distros, I swear. |
| [tvheadend](config/services/tvheadend/default.nix) | DVB-T ingest for Jellyfin and so on! |
| [vaultwarden](config/services/vaultwarden/default.nix) | Passwords! |
| [website](config/services/website/default.nix) | Our personal website. |
| [xmpp](config/services/xmpp/default.nix) | Prosody. |
| [zfs](config/services/zfs/default.nix) | ZFS snapshot settings. |
| [znc](config/services/znc/default.nix) | IRC bouncer! |
## Modules
This list will include the modules provided by [kittywitch/nixexprs](https://github.com/kittywitch/nixexprs) as "katexprs".
| Module | Domain | Description |
| --- | --- | --- |
| [arcnmx/nixexprs](https://github.com/arcnmx/nixexprs) | NixOS + home-manager | We use... a lot of these. Syncplay, modprobe, base16, i3gopher, weechat, konawall, shell and probably more. |
| [arcnmx/tf-nix](https://github.com/arcnmx/tf-nix) | Meta + NixOS + home-manager | Deployment, secrets and terraform. |
| [nix-community/impermanence](https://github.com/nix-community/impermanence) | NixOS + home-manager | Erase your darlings. |
| katexprs/nftables | NixOS | Uses nftables for the NixOS firewall module. |
| katexprs/firewall | NixOS + home-manager | Per-"domain" (private, public) -> interface abstractions for the firewall. Easier to remember. |
| katexprs/network (WIP) | NixOS + home-manager | Network abstractions. Handles DNS + certs, among virtualHosts. |
| katexprs/fusionpbx (WIP) | NixOS | FusionPBX. |
| nixfiles/secrets | Meta + NixOS + home-manager | Helper for tf-nix's secrets. |
| nixfiles/deploy | Meta + NixOS + home-manager | tf-nix deployment integration |
| nixfiles/network | Meta | Enables node to host config assignment & NixOS module. |
| nixfiles/dyndns | NixOS | Dynamic DNS using [glauca.digital](https://glauca.digital). |
| nixfiles/monitoring | NixOS | Grafana, Prometheus, Loki, node-exporter, netdata, promtail, ... |
| nixfiles/theme | home-manager | Abstractions for themes. SASS templating. |
| hexchen/yggdrasil | NixOS | Yggdrasil ease of use module. |
## CI
CI for this repository uses [arcnmx/ci](https://github.com/arcnmx/ci) and aims to achieve two goals:

9
config/hosts/athame/nixos.nix
View file

@ -33,6 +33,15 @@ with lib;
server.enable = true;
};
services.prometheus = {
scrapeConfigs = [
{
job_name = "boline";
static_configs = [{ targets = [ "boline.${config.network.addresses.yggdrasil.prefix}.${config.network.dns.domain}:8002" ]; }];
}
];
};
# Terraform
deploy.tf = {

2
config/modules/home/default.nix
View file

@ -6,8 +6,6 @@
(import (sources.arcexprs + "/modules")).home-manager
(import (sources.katexprs + "/modules")).home
(import (sources.impermanence + "/home-manager.nix"))
./vim.nix
./fvwm.nix
./deploy.nix
./theme.nix
./secrets.nix

9
config/modules/home/fvwm.nix
View file

@ -1,9 +0,0 @@
{ config, lib, ... }:
with lib;
{
options.programs.fvwm = {
enable = mkEnableOption "Enable FVWM";
};
}

201
config/modules/home/vim.nix
View file

@ -1,201 +0,0 @@
{ config, lib, pkgs, ... }:
/*
This module:
* is from an unmerged PR from home-manager.
See: https://github.com/nix-community/home-manager/pull/1745
*/
with lib;
let
cfg = config.programs.vim;
defaultPlugins = [ pkgs.vimPlugins.vim-sensible ];
knownSettings = {
background = types.enum [ "dark" "light" ];
backupdir = types.listOf types.str;
copyindent = types.bool;
directory = types.listOf types.str;
expandtab = types.bool;
hidden = types.bool;
history = types.int;
ignorecase = types.bool;
modeline = types.bool;
mouse = types.enum [ "n" "v" "i" "c" "h" "a" "r" ];
mousefocus = types.bool;
mousehide = types.bool;
mousemodel = types.enum [ "extend" "popup" "popup_setpos" ];
number = types.bool;
relativenumber = types.bool;
shiftwidth = types.int;
smartcase = types.bool;
tabstop = types.int;
undodir = types.listOf types.str;
undofile = types.bool;
};
vimSettingsType = types.submodule {
options =
let
opt = name: type:
mkOption {
type = types.nullOr type;
default = null;
visible = false;
};
in
mapAttrs opt knownSettings;
};
setExpr = name: value:
let
v =
if isBool value then
(if value then "" else "no") + name
else
"${name}=${
if isList value then concatStringsSep "," value else toString value
}";
in
optionalString (value != null) ("set " + v);
plugins =
let
vpkgs = pkgs.vimPlugins;
getPkg = p:
if isDerivation p then
[ p ]
else
optional (isString p && hasAttr p vpkgs) vpkgs.${p};
in
concatMap getPkg cfg.plugins;
in
{
options = {
programs.vim = {
enable = mkEnableOption "Vim";
package = mkOption {
type = types.package;
default = pkgs.vim_configurable;
defaultText = literalExample "pkgs.vim_configurable";
description = "The package to use for the vim binary.";
};
finalPackage = mkOption {
type = types.package;
visible = false;
readOnly = true;
description = "Resulting customized vim package.";
};
plugins = mkOption {
type = with types; listOf (either str package);
default = defaultPlugins;
example = literalExample "[ pkgs.vimPlugins.YankRing ]";
description = ''
List of vim plugins to install. To get a list of supported plugins run:
<command>nix-env -f '&lt;nixpkgs&gt;' -qaP -A vimPlugins</command>.
</para><para>
Note: String values are deprecated, please use actual packages.
'';
};
settings = mkOption {
type = vimSettingsType;
default = { };
example = literalExample ''
{
expandtab = true;
history = 1000;
background = "dark";
}
'';
description = ''
At attribute set of Vim settings. The attribute names and
corresponding values must be among the following supported
options.
<informaltable frame="none"><tgroup cols="1"><tbody>
${concatStringsSep "\n" (mapAttrsToList (n: v: ''
<row>
<entry><varname>${n}</varname></entry>
<entry>${v.description}</entry>
</row>
'') knownSettings)}
</tbody></tgroup></informaltable>
See the Vim documentation for detailed descriptions of these
options. Note, use <varname>extraConfig</varname> to
manually set any options not listed above.
'';
};
extraConfig = mkOption {
type = types.lines;
default = "";
example = ''
set nocompatible
set nobackup
'';
description = "Custom .vimrc lines";
};
};
};
config = (
let
customRC = ''
${concatStringsSep "\n" (filter (v: v != "") (mapAttrsToList setExpr
(builtins.intersectAttrs knownSettings cfg.settings)))}
${cfg.extraConfig}
'';
vim = cfg.package.customize {
name = "vim";
vimrcConfig = {
inherit customRC;
packages.home-manager.start = plugins;
};
};
in
mkIf cfg.enable {
assertions =
let
packagesNotFound =
filter (p: isString p && (!hasAttr p pkgs.vimPlugins)) cfg.plugins;
in
[{
assertion = packagesNotFound == [ ];
message = "Following VIM plugin not found in pkgs.vimPlugins: ${
concatMapStringsSep ", " (p: ''"${p}"'') packagesNotFound
}";
}];
warnings =
let stringPlugins = filter isString cfg.plugins;
in
optional (stringPlugins != [ ]) ''
Specifying VIM plugins using strings is deprecated, found ${
concatMapStringsSep ", " (p: ''"${p}"'') stringPlugins
} as strings.
'';
home.packages = [ cfg.finalPackage ];
programs.vim = {
finalPackage = vim;
plugins = defaultPlugins;
};
}
);
}

10
config/modules/nixos/monitoring.nix
View file

@ -27,7 +27,7 @@ in
};
config = mkMerge [
({
kw.monitoring.server.domainPrefix = ".${config.network.addresses.yggdrasil.prefix}.${config.network.dns.domain}:19999";
kw.monitoring.server.domainPrefix = ".${config.network.addresses.yggdrasil.prefix}.${config.network.dns.domain}";
})
(mkIf cfg.server.loki {
network.firewall.private.tcp.ports = [ 3100 ];
@ -89,7 +89,7 @@ in
};
})
(mkIf cfg.server.enable {
network.firewall.private.tcp.ports = [ 9002 ];
network.firewall.private.tcp.ports = [ 9090 ];
kw.secrets = [
"grafana-admin-pass"
@ -145,20 +145,20 @@ in
metrics_path = "/api/v1/allmetrics";
honor_labels = true;
params = { format = [ "prometheus" ]; };
static_configs = singleton { targets = singleton "${hostName}.${cfg.server.domainPrefix}:19999"; };
static_configs = singleton { targets = singleton "${hostName}${cfg.server.domainPrefix}:19999"; };
})
nd_configs ++ mapAttrsToList
(hostName: prom: {
job_name = hostName;
static_configs = singleton {
targets = [ "${hostName}.${cfg.server.domainPrefix}:${toString prom.port}" ];
targets = [ "${hostName}${cfg.server.domainPrefix}:${toString prom.port}" ];
};
})
prom_configs;
};
})
(mkIf cfg.client.enable {
network.firewall.private.tcp.ports = [ 19999 ];
network.firewall.private.tcp.ports = [ 19999 9002 ];
services.netdata.enable = true;

62
config/services/loki/default.nix
View file

@ -1,62 +0,0 @@
{ config, pkgs, ... }:
{
#network.firewall.private.tcp.ports = [ 3100 ];
services.loki = {
enable = false;
configuration = {
auth_enabled = false;
chunk_store_config = { max_look_back_period = "0s"; };
ingester = {
chunk_idle_period = "1h";
chunk_retain_period = "30s";
chunk_target_size = 1048576;
lifecycler = {
address = "0.0.0.0";
final_sleep = "0s";
ring = {
kvstore = { store = "inmemory"; };
replication_factor = 1;
};
};
max_chunk_age = "1h";
max_transfer_retries = 0;
};
limits_config = {
reject_old_samples = true;
reject_old_samples_max_age = "168h";
};
schema_config = {
configs = [{
from = "2020-10-24";
index = {
period = "24h";
prefix = "index_";
};
object_store = "filesystem";
schema = "v11";
store = "boltdb-shipper";
}];
};
compactor = {
working_directory = "/tmp/loki-compactor-boltdb";
shared_store = "filesystem";
};
server = { http_listen_port = 3100; };
storage_config = {
boltdb_shipper = {
active_index_directory = "/var/lib/loki/boltdb-shipper-active";
cache_location = "/var/lib/loki/boltdb-shipper-cache";
cache_ttl = "24h";
shared_store = "filesystem";
};
filesystem = { directory = "/var/lib/loki/chunks"; };
};
table_manager = {
retention_deletes_enabled = false;
retention_period = "0s";
};
};
};
}