This commit is contained in:
parent
0e203b6eca
commit
ccfbd0b477
18
flake.lock
18
flake.lock
|
@ -10,11 +10,11 @@
|
|||
"utils": "utils"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1658094154,
|
||||
"narHash": "sha256-9g9hZ27VxPDqOM+v+JUVV5XkYCjnu7yWrOPV/zIgBYA=",
|
||||
"lastModified": 1659157989,
|
||||
"narHash": "sha256-XHyjblfOAhoHwIDfPxYqAbvYzCO0/XjntULV6Dmavo8=",
|
||||
"owner": "zhaofengli",
|
||||
"repo": "colmena",
|
||||
"rev": "5d2f12851596678316ed1f0b53ff1ec624d5ebac",
|
||||
"rev": "34bb2e46747e69c9a34f94583330ad9a9f5ad20a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -206,11 +206,11 @@
|
|||
"utils": "utils_3"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1659059370,
|
||||
"narHash": "sha256-JrD97kjloTgkuHRCHbvTCFJLnRQTICYwbR4QzXk6nnU=",
|
||||
"lastModified": 1659144434,
|
||||
"narHash": "sha256-FlfgEhzZTG39j+7IoDFFjED8asI3vWcOZSGmz5rpMdk=",
|
||||
"owner": "jyooru",
|
||||
"repo": "nix-minecraft-servers",
|
||||
"rev": "927bd0ae6473b431ccab8aff20eb04eb4323d627",
|
||||
"rev": "65702e6e4bd0d368b8a5f4efd8ea84c5ad9a604c",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -257,11 +257,11 @@
|
|||
},
|
||||
"nixpkgs": {
|
||||
"locked": {
|
||||
"lastModified": 1658985157,
|
||||
"narHash": "sha256-f8JN0mQGSaEfw6HjMST0yViBTln/kzfTxe+qHutzvEI=",
|
||||
"lastModified": 1659077768,
|
||||
"narHash": "sha256-P0XIHBVty6WIuIrk2DZNvLcYev9956y1prT4zL212H8=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "bba87fc2a33618d86233fbdddc6b84971e6b5558",
|
||||
"rev": "2a93ea177c3d7700b934bf95adfe00c435f696b8",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
10
hosts.nix
10
hosts.nix
|
@ -60,11 +60,9 @@
|
|||
mac = "74:40:be:48:85:a4";
|
||||
nix = false;
|
||||
}
|
||||
{
|
||||
hostname = "consul";
|
||||
ip = "10.42.42.14";
|
||||
mac = "D6:DE:07:41:73:81";
|
||||
}
|
||||
# {
|
||||
# ip = "10.42.42.14";
|
||||
# }
|
||||
{
|
||||
hostname = "dns-1";
|
||||
profile = "dns";
|
||||
|
@ -83,7 +81,7 @@
|
|||
mac = "0A:06:5E:E7:9A:0C";
|
||||
}
|
||||
# {
|
||||
# ip = "10.42.42.18";
|
||||
# ip = "10.42.42.18";
|
||||
# }
|
||||
{
|
||||
hostname = "victoriametrics";
|
||||
|
|
|
@ -1,25 +0,0 @@
|
|||
# Edit this configuration file to define what should be installed on
|
||||
# your system. Help is available in the configuration.nix(5) man page
|
||||
# and in the NixOS manual (accessible by running ‘nixos-help’).
|
||||
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
];
|
||||
|
||||
networking.hostName = "consul";
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
# on your system were taken. It‘s perfectly fine and recommended to leave
|
||||
# this value at the release version of the first install of this system.
|
||||
# Before changing this value read the documentation for this option
|
||||
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
|
||||
system.stateVersion = "21.05"; # Did you read the comment?
|
||||
|
||||
# Additional packages
|
||||
environment.systemPackages = with pkgs; [ ];
|
||||
|
||||
networking.firewall.allowedTCPPorts = [ ];
|
||||
}
|
|
@ -41,6 +41,7 @@ in
|
|||
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
statusPage = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
recommendedOptimisation = true;
|
||||
|
@ -119,4 +120,11 @@ in
|
|||
security.acme.defaults.email = "victorheld12@gmail.com";
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.preliminarySelfsigned = true;
|
||||
|
||||
services.prometheus.exporters = {
|
||||
nginx = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -37,11 +37,20 @@ in
|
|||
enable = true;
|
||||
openFirewall = true;
|
||||
prometheusConfig = {
|
||||
global = {
|
||||
global = {
|
||||
scrape_interval = "1m";
|
||||
scrape_timeout = "30s";
|
||||
};
|
||||
scrape_configs = [
|
||||
{
|
||||
job_name = "nginx";
|
||||
static_configs = [
|
||||
{
|
||||
targets = [ "nginx.olympus:9113" ];
|
||||
labels.app = "nginx";
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
job_name = "synapse";
|
||||
metrics_path = "/_synapse/metrics";
|
||||
|
@ -50,6 +59,13 @@ in
|
|||
labels.app = "synapse";
|
||||
}];
|
||||
}
|
||||
{
|
||||
job_name = "wireguard";
|
||||
static_configs = [{
|
||||
targets = [ "wireguard.olympus:9586" ];
|
||||
labels.app = "wireguard";
|
||||
}];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
|
|
@ -22,7 +22,9 @@ let vs = config.vault-secrets.secrets; in
|
|||
|
||||
environment.noXlibs = lib.mkForce false;
|
||||
|
||||
networking.firewall.allowedUDPPorts = [ config.networking.wireguard.interfaces.wg0.listenPort ];
|
||||
networking.firewall.allowedUDPPorts = [
|
||||
config.networking.wireguard.interfaces.wg0.listenPort
|
||||
];
|
||||
|
||||
vault-secrets.secrets.wireguard = {
|
||||
services = [ "wireguard-wg0" ];
|
||||
|
@ -34,6 +36,11 @@ let vs = config.vault-secrets.secrets; in
|
|||
externalInterface = "eth0";
|
||||
};
|
||||
|
||||
services.prometheus.exporters.wireguard = {
|
||||
enable = true;
|
||||
openFirewall = true;
|
||||
};
|
||||
|
||||
networking.wireguard.interfaces.wg0 = {
|
||||
ips = [ "10.100.0.1/24" ];
|
||||
listenPort = 51820;
|
||||
|
|
Loading…
Reference in a new issue