xqtc/nixos-config
1
0
Fork 0
mirror of https://git.gay/xqtc/nixos-config synced 2024-11-21 21:30:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Monitoring stuff

Browse source
This commit is contained in:
xqtc161 2024-07-05 20:44:42 +02:00
parent 4a6483b6b3
commit 61b7336380
5 changed files with 59 additions and 17 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
home/modules/home-pkgs.nix
View file

@ -34,6 +34,8 @@ in {
pkgs.catppuccin-kde
pkgs.typst
pkgs.anki
pkgs.openvpn

28
hosts/x86_64-linux/beleth/borg.nix
View file

@ -6,30 +6,30 @@
}: {
#
# BACKUP
# Check via nix-shell -p borgbackup --run "borg info --rsh 'ssh -p 23 -i /home/moe/.ssh/storagebox_nextcloud_data' u409248-sub1@u409248-sub1.your-storagebox.de:nextcloud_data_backups"
# Check via nix-shell -p borgbackup --run "borg info --rsh 'ssh -p 23 -i /home/moe/.ssh/storagebox_nextcloud_data' u410986-sub1@u410986-sub1.your-storagebox.de:nx-data"
# 0. Add subaccount on storagebox
# 1. ssh-keygen -t ed25519 -f ~/.ssh/storagebox_nextcloud_data
# 2. pwgen 128
# 3. Add private key as secret
# 4. add passphrase as secret
# 5. add ssh public key to subaccount on storagebox!
# ssh -p 23 u409248-sub1@u409248-sub1.your-storagebox.de
# ssh -p 23 u410986-sub1@u410986-sub1.your-storagebox.de
# 6. set permissions
# .ssh 0700
# .ssh/authorized_keys 0600
#
# Retrieve via 'ssh-keyscan -p 23 u409248-sub1.your-storagebox.de'
# Retrieve via 'ssh-keyscan -p 23 u410986-sub1.your-storagebox.de'
programs.ssh.knownHosts = {
"storagebox" = {
hostNames = [
"[u409248-sub1.your-storagebox.de]:23"
"[u409248-sub2.your-storagebox.de]:23"
"[u410986-sub1.your-storagebox.de]:23"
"[u410986-sub2.your-storagebox.de]:23"
];
publicKey = ''
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==
ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGK0po6usux4Qv2d8zKZN1dDvbWjxKkGsx7XwFdSUCnF19Q8psHEUWR7C/LtSQ5crU/g+tQVRBtSgoUcE8T+FWp5wBxKvWG2X9gD+s9/4zRmDeSJR77W6gSA/+hpOZoSE+4KgNdnbYSNtbZH/dN74EG7GLb/gcIpbUUzPNXpfKl7mQitw==
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==
ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAGK0po6usux4Qv2d8zKZN1dDvbWjxKkGsx7XwFdSUCnF19Q8psHEUWR7C/LtSQ5crU/g+tQVRBtSgoUcE8T+FWp5wBxKvWG2X9gD+s9/4zRmDeSJR77W6gSA/+hpOZoSE+4KgNdnbYSNtbZH/dN74EG7GLb/gcIpbUUzPNXpfKl7mQitw==
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIICf9svRenC/PLKIL9nk6K/pxQgoiFC41wTNvoIncOxs
'';
};
};
@ -45,13 +45,13 @@
postHook = ''
${config.services.nextcloud.occ}/bin/nextcloud-occ maintenance:mode --off
'';
repo = "u409248-sub1@u409248-sub1.your-storagebox.de:nextcloud_data_backups";
repo = "u410986-sub1@u410986-sub1.your-storagebox.de:nx-data";
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.age.secrets.backup_nextcloud_data_passphrase.path}";
passCommand = "cat ${config.sops.secrets.backup_nextcloud_data_passphrase.path}";
};
environment = {
BORG_RSH = "ssh -p 23 -i ${config.age.secrets.backup_nextcloud_data_ssh.path}";
BORG_RSH = "ssh -p 23 -i ${config.sops.secrets.backup_nextcloud_data_ssh.path}";
};
compression = "auto,lzma";
startAt = "Mon *-*-* 00:00:00"; # Monday at 00:00; Storagebox does a snapshot Fridays at 00:00
@ -68,13 +68,13 @@
postHook = ''
${config.services.nextcloud.occ}/bin/nextcloud-occ maintenance:mode --off
'';
repo = "u409248-sub2@u409248-sub2.your-storagebox.de:nextcloud_database_backups";
repo = "u410986-sub2@u410986-sub2.your-storagebox.de:nx-db";
encryption = {
mode = "repokey-blake2";
passCommand = "cat ${config.age.secrets.backup_nextcloud_database_passphrase.path}";
passCommand = "cat ${config.sops.secrets.backup_nextcloud_database_passphrase.path}";
};
environment = {
BORG_RSH = "ssh -p 23 -i ${config.age.secrets.backup_nextcloud_database_ssh.path}";
BORG_RSH = "ssh -p 23 -i ${config.sops.secrets.backup_nextcloud_database_ssh.path}";
};
compression = "auto,lzma";
startAt = "Mon *-*-* 01:00:00"; # Monday at 01:00; Storagebox does a snapshot Fridays at 00:00

7
hosts/x86_64-linux/beleth/default.nix
View file

@ -19,6 +19,7 @@ with lib; {
./nextcloud.nix
./paperless.nix
./docker.nix
# ./borg.nix
# ./nfs.nix
../../gc.nix
../../../common
@ -97,6 +98,7 @@ with lib; {
"jellyfin.heroin.trade" = {
extraConfig = ''
reverse_proxy http://127.0.0.1:8096
redir /metrics* /
'';
};
"calibre.heroin.trade" = {
@ -119,6 +121,11 @@ with lib; {
reverse_proxy http://127.0.0.1:28981
'';
};
"servers" = {
extraConfig = ''
metrics
'';
};
};
};

34
hosts/x86_64-linux/beleth/monitoring.nix
View file

@ -3,6 +3,11 @@
pkgs,
...
}: {
sops.secrets.nextcloud_user_password = {
path = "/etc/nx_user_pass";
owner = "nextcloud";
group = "nextcloud";
};
networking.firewall.allowedTCPPorts = [80 443 9001];
services.grafana = {
enable = true;
@ -40,6 +45,13 @@
wireguard = {
enable = true;
};
nextcloud = {
enable = true;
user = "nextcloud";
username = "xqtc";
passwordFile = config.sops.secrets.nextcloud_user_password.path;
url = "https://${toString config.services.nextcloud.hostName}";
};
};
scrapeConfigs = [
{
@ -48,7 +60,27 @@
{
targets = [
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
# "127.0.0.1:${toString config.services.prometheus.exporters.wireguard.port}"
"127.0.0.1:${toString config.services.prometheus.exporters.nextcloud.port}"
];
}
];
}
{
job_name = "jellyfin";
static_configs = [
{
targets = [
"127.0.0.1:8096"
];
}
];
}
{
job_name = "caddy";
static_configs = [
{
targets = [
"127.0.0.1:2019"
];
}
];

5
secrets.yaml
View file

@ -3,6 +3,7 @@ private_keys:
public_keys:
xqtc: ENC[AES256_GCM,data:bQ39+TS67ww01qfkhv//AfE3h4od4QgOUMATwKoeI7D7JHzCpM38jZudNlJixbyR8bLOKsBohqB3Pad6Q27dnXLCyZ/XtyZMLyhZuaOBVkx8+4ow1SWEyDxHM/N3WPZxjgM=,iv:FKHKaOknTYKzel3R6AUOb4RvXH04rQd4bHospGrsrUA=,tag:yCtxIdfWdIFjPiFbrFuPKg==,type:str]
nextcloud_password: ENC[AES256_GCM,data:lwqQio1I1xTv07bLRyrvig1HRyCxcueSPgDpPRhXBqCi8d42OJt7rA==,iv:R0JxpCJz9zycph9p7Ewwt4QTEXQxaxJ691aWCXfEsFE=,tag:Qz3dD2cOkmneEWP7tI54Dg==,type:str]
nextcloud_user_password: ENC[AES256_GCM,data:fkX/1pOgRLvhHTtoK9i5F0kO+mRKj40BH2s7VD7ifPEnyJhWqy5mvg==,iv:iEnW4Z8vCY9oapOpVZNuLMa50SXT01clYaScUN+q/k8=,tag:0G0Y8XCSj+dBAy6Cw8YOHg==,type:str]
paperless_password: ENC[AES256_GCM,data:OCrc00vUb+lgel8TmFm+9Ee4QJZZV7W6+Jl9+R7AfjfDh6v590ibvw==,iv:emM7g0JRcEH4xuYdvZN64drOhduXyQy6HwF1xByaLvE=,tag:D2O1qAeKtYWGf+Zd3RuBTQ==,type:str]
sops:
kms: []
@ -55,8 +56,8 @@ sops:
a2ZHZmQ0dEVMZFlJRENmU2lGejFuMzAKOO3kTP/VWRYn5CrwPyjUIGS7kjxPvNYZ
HMt+cCG9FYeJdqPpHWiM0TeHYUG0h7XlltIMg7KhE4Qj/GARegmuZQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-03T14:48:29Z"
mac: ENC[AES256_GCM,data:LHH3qUI92p9PFkheFlHV4EwfMebLnHyrEr6iyMCOPWLh+vyai039gFHP/qZuKO51qgQdWiNYagwTNGwh/wCPUsXqmrT6/zyUVRzY+qM8ei0mTsyATPT2N/nFurb0HUueSO1rNzkYFbb6Io+5KdkQQbgbXoKxVV3xaWPB0FvB5cg=,iv:YmO2DvOP+5XUFs+r2ywn3mS8igxwhdoMB4VmtFsxVDU=,tag:udN3POCZVJvh2MircwckKQ==,type:str]
lastmodified: "2024-07-05T15:42:51Z"
mac: ENC[AES256_GCM,data:HKjqJxfseQcrP/hViiY933NQdZQpTYS+wHigWlIOKDUhW4HOjVcRPc/lcbtb/41RBXl5xPKJyYSNzj3AdSM6kMznE0USEmYU9+XHFDd845n1YVg6qRHYUH/fFKsdDF2L5tEZ9DPEZQ6mW2EpxW+9AVVlU1L7wNsm7rtpcPTPcb4=,iv:arNw7DvxMfMBALJjp63bwNrsBedohhVWRJZFboXaZpI=,tag:OKQNf28nm/LrgUueOtwDsg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1