mirror of
https://git.gay/xqtc/nixos-config
synced 2024-11-25 12:13:54 +01:00
Monitoring stuff
This commit is contained in:
parent
4a6483b6b3
commit
61b7336380
|
@ -34,6 +34,8 @@ in {
|
||||||
|
|
||||||
pkgs.catppuccin-kde
|
pkgs.catppuccin-kde
|
||||||
|
|
||||||
|
pkgs.typst
|
||||||
|
|
||||||
pkgs.anki
|
pkgs.anki
|
||||||
|
|
||||||
pkgs.openvpn
|
pkgs.openvpn
|
||||||
|
|
|
@ -6,25 +6,25 @@
|
||||||
}: {
|
}: {
|
||||||
#
|
#
|
||||||
# BACKUP
|
# BACKUP
|
||||||
# Check via nix-shell -p borgbackup --run "borg info --rsh 'ssh -p 23 -i /home/moe/.ssh/storagebox_nextcloud_data' u409248-sub1@u409248-sub1.your-storagebox.de:nextcloud_data_backups"
|
# Check via nix-shell -p borgbackup --run "borg info --rsh 'ssh -p 23 -i /home/moe/.ssh/storagebox_nextcloud_data' u410986-sub1@u410986-sub1.your-storagebox.de:nx-data"
|
||||||
# 0. Add subaccount on storagebox
|
# 0. Add subaccount on storagebox
|
||||||
# 1. ssh-keygen -t ed25519 -f ~/.ssh/storagebox_nextcloud_data
|
# 1. ssh-keygen -t ed25519 -f ~/.ssh/storagebox_nextcloud_data
|
||||||
# 2. pwgen 128
|
# 2. pwgen 128
|
||||||
# 3. Add private key as secret
|
# 3. Add private key as secret
|
||||||
# 4. add passphrase as secret
|
# 4. add passphrase as secret
|
||||||
# 5. add ssh public key to subaccount on storagebox!
|
# 5. add ssh public key to subaccount on storagebox!
|
||||||
# ssh -p 23 u409248-sub1@u409248-sub1.your-storagebox.de
|
# ssh -p 23 u410986-sub1@u410986-sub1.your-storagebox.de
|
||||||
# 6. set permissions
|
# 6. set permissions
|
||||||
# .ssh 0700
|
# .ssh 0700
|
||||||
# .ssh/authorized_keys 0600
|
# .ssh/authorized_keys 0600
|
||||||
#
|
#
|
||||||
|
|
||||||
# Retrieve via 'ssh-keyscan -p 23 u409248-sub1.your-storagebox.de'
|
# Retrieve via 'ssh-keyscan -p 23 u410986-sub1.your-storagebox.de'
|
||||||
programs.ssh.knownHosts = {
|
programs.ssh.knownHosts = {
|
||||||
"storagebox" = {
|
"storagebox" = {
|
||||||
hostNames = [
|
hostNames = [
|
||||||
"[u409248-sub1.your-storagebox.de]:23"
|
"[u410986-sub1.your-storagebox.de]:23"
|
||||||
"[u409248-sub2.your-storagebox.de]:23"
|
"[u410986-sub2.your-storagebox.de]:23"
|
||||||
];
|
];
|
||||||
publicKey = ''
|
publicKey = ''
|
||||||
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==
|
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA5EB5p/5Hp3hGW1oHok+PIOH9Pbn7cnUiGmUEBrCVjnAw+HrKyN8bYVV0dIGllswYXwkG/+bgiBlE6IVIBAq+JwVWu1Sss3KarHY3OvFJUXZoZyRRg/Gc/+LRCE7lyKpwWQ70dbelGRyyJFH36eNv6ySXoUYtGkwlU5IVaHPApOxe4LHPZa/qhSRbPo2hwoh0orCtgejRebNtW5nlx00DNFgsvn8Svz2cIYLxsPVzKgUxs8Zxsxgn+Q/UvR7uq4AbAhyBMLxv7DjJ1pc7PJocuTno2Rw9uMZi1gkjbnmiOh6TTXIEWbnroyIhwc8555uto9melEUmWNQ+C+PwAK+MPw==
|
||||||
|
@ -45,13 +45,13 @@
|
||||||
postHook = ''
|
postHook = ''
|
||||||
${config.services.nextcloud.occ}/bin/nextcloud-occ maintenance:mode --off
|
${config.services.nextcloud.occ}/bin/nextcloud-occ maintenance:mode --off
|
||||||
'';
|
'';
|
||||||
repo = "u409248-sub1@u409248-sub1.your-storagebox.de:nextcloud_data_backups";
|
repo = "u410986-sub1@u410986-sub1.your-storagebox.de:nx-data";
|
||||||
encryption = {
|
encryption = {
|
||||||
mode = "repokey-blake2";
|
mode = "repokey-blake2";
|
||||||
passCommand = "cat ${config.age.secrets.backup_nextcloud_data_passphrase.path}";
|
passCommand = "cat ${config.sops.secrets.backup_nextcloud_data_passphrase.path}";
|
||||||
};
|
};
|
||||||
environment = {
|
environment = {
|
||||||
BORG_RSH = "ssh -p 23 -i ${config.age.secrets.backup_nextcloud_data_ssh.path}";
|
BORG_RSH = "ssh -p 23 -i ${config.sops.secrets.backup_nextcloud_data_ssh.path}";
|
||||||
};
|
};
|
||||||
compression = "auto,lzma";
|
compression = "auto,lzma";
|
||||||
startAt = "Mon *-*-* 00:00:00"; # Monday at 00:00; Storagebox does a snapshot Fridays at 00:00
|
startAt = "Mon *-*-* 00:00:00"; # Monday at 00:00; Storagebox does a snapshot Fridays at 00:00
|
||||||
|
@ -68,13 +68,13 @@
|
||||||
postHook = ''
|
postHook = ''
|
||||||
${config.services.nextcloud.occ}/bin/nextcloud-occ maintenance:mode --off
|
${config.services.nextcloud.occ}/bin/nextcloud-occ maintenance:mode --off
|
||||||
'';
|
'';
|
||||||
repo = "u409248-sub2@u409248-sub2.your-storagebox.de:nextcloud_database_backups";
|
repo = "u410986-sub2@u410986-sub2.your-storagebox.de:nx-db";
|
||||||
encryption = {
|
encryption = {
|
||||||
mode = "repokey-blake2";
|
mode = "repokey-blake2";
|
||||||
passCommand = "cat ${config.age.secrets.backup_nextcloud_database_passphrase.path}";
|
passCommand = "cat ${config.sops.secrets.backup_nextcloud_database_passphrase.path}";
|
||||||
};
|
};
|
||||||
environment = {
|
environment = {
|
||||||
BORG_RSH = "ssh -p 23 -i ${config.age.secrets.backup_nextcloud_database_ssh.path}";
|
BORG_RSH = "ssh -p 23 -i ${config.sops.secrets.backup_nextcloud_database_ssh.path}";
|
||||||
};
|
};
|
||||||
compression = "auto,lzma";
|
compression = "auto,lzma";
|
||||||
startAt = "Mon *-*-* 01:00:00"; # Monday at 01:00; Storagebox does a snapshot Fridays at 00:00
|
startAt = "Mon *-*-* 01:00:00"; # Monday at 01:00; Storagebox does a snapshot Fridays at 00:00
|
||||||
|
|
|
@ -19,6 +19,7 @@ with lib; {
|
||||||
./nextcloud.nix
|
./nextcloud.nix
|
||||||
./paperless.nix
|
./paperless.nix
|
||||||
./docker.nix
|
./docker.nix
|
||||||
|
# ./borg.nix
|
||||||
# ./nfs.nix
|
# ./nfs.nix
|
||||||
../../gc.nix
|
../../gc.nix
|
||||||
../../../common
|
../../../common
|
||||||
|
@ -97,6 +98,7 @@ with lib; {
|
||||||
"jellyfin.heroin.trade" = {
|
"jellyfin.heroin.trade" = {
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
reverse_proxy http://127.0.0.1:8096
|
reverse_proxy http://127.0.0.1:8096
|
||||||
|
redir /metrics* /
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
"calibre.heroin.trade" = {
|
"calibre.heroin.trade" = {
|
||||||
|
@ -119,6 +121,11 @@ with lib; {
|
||||||
reverse_proxy http://127.0.0.1:28981
|
reverse_proxy http://127.0.0.1:28981
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
"servers" = {
|
||||||
|
extraConfig = ''
|
||||||
|
metrics
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -3,6 +3,11 @@
|
||||||
pkgs,
|
pkgs,
|
||||||
...
|
...
|
||||||
}: {
|
}: {
|
||||||
|
sops.secrets.nextcloud_user_password = {
|
||||||
|
path = "/etc/nx_user_pass";
|
||||||
|
owner = "nextcloud";
|
||||||
|
group = "nextcloud";
|
||||||
|
};
|
||||||
networking.firewall.allowedTCPPorts = [80 443 9001];
|
networking.firewall.allowedTCPPorts = [80 443 9001];
|
||||||
services.grafana = {
|
services.grafana = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
@ -40,6 +45,13 @@
|
||||||
wireguard = {
|
wireguard = {
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
|
nextcloud = {
|
||||||
|
enable = true;
|
||||||
|
user = "nextcloud";
|
||||||
|
username = "xqtc";
|
||||||
|
passwordFile = config.sops.secrets.nextcloud_user_password.path;
|
||||||
|
url = "https://${toString config.services.nextcloud.hostName}";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
scrapeConfigs = [
|
scrapeConfigs = [
|
||||||
{
|
{
|
||||||
|
@ -48,7 +60,27 @@
|
||||||
{
|
{
|
||||||
targets = [
|
targets = [
|
||||||
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
|
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
|
||||||
# "127.0.0.1:${toString config.services.prometheus.exporters.wireguard.port}"
|
"127.0.0.1:${toString config.services.prometheus.exporters.nextcloud.port}"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
job_name = "jellyfin";
|
||||||
|
static_configs = [
|
||||||
|
{
|
||||||
|
targets = [
|
||||||
|
"127.0.0.1:8096"
|
||||||
|
];
|
||||||
|
}
|
||||||
|
];
|
||||||
|
}
|
||||||
|
{
|
||||||
|
job_name = "caddy";
|
||||||
|
static_configs = [
|
||||||
|
{
|
||||||
|
targets = [
|
||||||
|
"127.0.0.1:2019"
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
|
@ -3,6 +3,7 @@ private_keys:
|
||||||
public_keys:
|
public_keys:
|
||||||
xqtc: ENC[AES256_GCM,data:bQ39+TS67ww01qfkhv//AfE3h4od4QgOUMATwKoeI7D7JHzCpM38jZudNlJixbyR8bLOKsBohqB3Pad6Q27dnXLCyZ/XtyZMLyhZuaOBVkx8+4ow1SWEyDxHM/N3WPZxjgM=,iv:FKHKaOknTYKzel3R6AUOb4RvXH04rQd4bHospGrsrUA=,tag:yCtxIdfWdIFjPiFbrFuPKg==,type:str]
|
xqtc: ENC[AES256_GCM,data:bQ39+TS67ww01qfkhv//AfE3h4od4QgOUMATwKoeI7D7JHzCpM38jZudNlJixbyR8bLOKsBohqB3Pad6Q27dnXLCyZ/XtyZMLyhZuaOBVkx8+4ow1SWEyDxHM/N3WPZxjgM=,iv:FKHKaOknTYKzel3R6AUOb4RvXH04rQd4bHospGrsrUA=,tag:yCtxIdfWdIFjPiFbrFuPKg==,type:str]
|
||||||
nextcloud_password: ENC[AES256_GCM,data:lwqQio1I1xTv07bLRyrvig1HRyCxcueSPgDpPRhXBqCi8d42OJt7rA==,iv:R0JxpCJz9zycph9p7Ewwt4QTEXQxaxJ691aWCXfEsFE=,tag:Qz3dD2cOkmneEWP7tI54Dg==,type:str]
|
nextcloud_password: ENC[AES256_GCM,data:lwqQio1I1xTv07bLRyrvig1HRyCxcueSPgDpPRhXBqCi8d42OJt7rA==,iv:R0JxpCJz9zycph9p7Ewwt4QTEXQxaxJ691aWCXfEsFE=,tag:Qz3dD2cOkmneEWP7tI54Dg==,type:str]
|
||||||
|
nextcloud_user_password: ENC[AES256_GCM,data:fkX/1pOgRLvhHTtoK9i5F0kO+mRKj40BH2s7VD7ifPEnyJhWqy5mvg==,iv:iEnW4Z8vCY9oapOpVZNuLMa50SXT01clYaScUN+q/k8=,tag:0G0Y8XCSj+dBAy6Cw8YOHg==,type:str]
|
||||||
paperless_password: ENC[AES256_GCM,data:OCrc00vUb+lgel8TmFm+9Ee4QJZZV7W6+Jl9+R7AfjfDh6v590ibvw==,iv:emM7g0JRcEH4xuYdvZN64drOhduXyQy6HwF1xByaLvE=,tag:D2O1qAeKtYWGf+Zd3RuBTQ==,type:str]
|
paperless_password: ENC[AES256_GCM,data:OCrc00vUb+lgel8TmFm+9Ee4QJZZV7W6+Jl9+R7AfjfDh6v590ibvw==,iv:emM7g0JRcEH4xuYdvZN64drOhduXyQy6HwF1xByaLvE=,tag:D2O1qAeKtYWGf+Zd3RuBTQ==,type:str]
|
||||||
sops:
|
sops:
|
||||||
kms: []
|
kms: []
|
||||||
|
@ -55,8 +56,8 @@ sops:
|
||||||
a2ZHZmQ0dEVMZFlJRENmU2lGejFuMzAKOO3kTP/VWRYn5CrwPyjUIGS7kjxPvNYZ
|
a2ZHZmQ0dEVMZFlJRENmU2lGejFuMzAKOO3kTP/VWRYn5CrwPyjUIGS7kjxPvNYZ
|
||||||
HMt+cCG9FYeJdqPpHWiM0TeHYUG0h7XlltIMg7KhE4Qj/GARegmuZQ==
|
HMt+cCG9FYeJdqPpHWiM0TeHYUG0h7XlltIMg7KhE4Qj/GARegmuZQ==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-07-03T14:48:29Z"
|
lastmodified: "2024-07-05T15:42:51Z"
|
||||||
mac: ENC[AES256_GCM,data:LHH3qUI92p9PFkheFlHV4EwfMebLnHyrEr6iyMCOPWLh+vyai039gFHP/qZuKO51qgQdWiNYagwTNGwh/wCPUsXqmrT6/zyUVRzY+qM8ei0mTsyATPT2N/nFurb0HUueSO1rNzkYFbb6Io+5KdkQQbgbXoKxVV3xaWPB0FvB5cg=,iv:YmO2DvOP+5XUFs+r2ywn3mS8igxwhdoMB4VmtFsxVDU=,tag:udN3POCZVJvh2MircwckKQ==,type:str]
|
mac: ENC[AES256_GCM,data:HKjqJxfseQcrP/hViiY933NQdZQpTYS+wHigWlIOKDUhW4HOjVcRPc/lcbtb/41RBXl5xPKJyYSNzj3AdSM6kMznE0USEmYU9+XHFDd845n1YVg6qRHYUH/fFKsdDF2L5tEZ9DPEZQ6mW2EpxW+9AVVlU1L7wNsm7rtpcPTPcb4=,iv:arNw7DvxMfMBALJjp63bwNrsBedohhVWRJZFboXaZpI=,tag:OKQNf28nm/LrgUueOtwDsg==,type:str]
|
||||||
pgp: []
|
pgp: []
|
||||||
unencrypted_suffix: _unencrypted
|
unencrypted_suffix: _unencrypted
|
||||||
version: 3.8.1
|
version: 3.8.1
|
||||||
|
|
Loading…
Reference in a new issue