Add Grafana & Loki & Promtail monitoring stack

2023-06-26 20:05:48 -05:00
parent 6081557b6b
commit db6195695e
18 changed files with 454 additions and 30 deletions
--- a/system/age-configuration.nix
+++ b/system/age-configuration.nix
@ -0,0 +1,17 @@
+{ ... }: {
+  age = {
+    secrets = {
+      cache-key.file = ../secrets/cache-key.age;
+      graf-email = {
+        file = ../secrets/graf-email.age;
+        mode = "770";
+        owner = "grafana";
+        group = "grafana";
+      };
+      htpasswd-dock.file = ../secrets/htpasswd-dock.age;
+      keys.file = ../secrets/keys.age;
+      sezycei.file = ../secrets/sezycei.age;
+    };
+    identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  };
+}
--- a/system/containers.nix
+++ b/system/containers.nix
@ -1,97 +0,0 @@
-{
-  virtualisation.oci-containers = {
-    containers = {
-      bind = {
-        image = "sameersbn/bind:latest";
-        ports =
-          [ "0.0.0.0:53:53/tcp" "0.0.0.0:53:53/udp" "0.0.0.0:5053:10000/tcp" ];
-        volumes = [ "/home/sezycei/srv/containerdata/bind/bind:/data" ];
-        environmentFiles = [ /home/sezycei/srv/containerdata/bind/.env ];
-      };
-      jellyfin = {
-        image = "linuxserver/jellyfin";
-        ports = [ "0.0.0.0:8096:8096" "0.0.0.0:8920:8920" ];
-        volumes = [
-          "/home/sezycei/srv/containerdata/jellyfin/config:/config"
-          "/home/torrent/data/completed:/data/unsorted"
-          "/home/torrent/data/TV:/data/tvshows"
-          "/home/torrent/data/Movies:/data/movies"
-          "/home/torrent/data/transcode:/data/transcode"
-          "/home/torrent/data/Music:/data/music"
-        ];
-        environment = {
-          PGID = "1000";
-          PUID = "1000";
-          TZ = "America/Chicago";
-          UMASK_SET = "022";
-        };
-      };
-      legit = {
-        image = "docker.matri.cx/legit";
-        ports = [ "0.0.0.0:5121:8080" ];
-        volumes = [
-          "/home/sezycei/srv/containerdata/legit/static:/static"
-          "/home/sezycei/srv/containerdata/legit/templates:/templates"
-          "/home/sezycei/srv/containerdata/legit/legit.yml:/legit.yml"
-          "/home/sezycei/srv/containerdata/legit/repos:/var/www/git"
-        ];
-        environment = { };
-      };
-      murmur = {
-        image = "goofball222/murmur";
-        ports = [ "0.0.0.0:64738:64738" "0.0.0.0:64738:64738/udp" ];
-        volumes = [
-          "/home/sezycei/srv/containerdata/registry/registry/data:/var/lib/registry"
-          "/home/sezycei/srv/containerdata/registry/registry/certs:/certs"
-          "/home/sezycei/srv/containerdata/registry/registry/auth:/auth"
-        ];
-        environment = { };
-      };
-      nginx = {
-        image = "nginx:alpine";
-        ports = [ "0.0.0.0:80:80" "0.0.0.0:443:443" "0.0.0.0:20222:20222" ];
-        volumes = [
-          "/home/sezycei/srv/web/www:/var/www/"
-          "/home/sezycei/srv/web/configuration/nginx.conf:/etc/nginx/nginx.conf"
-          "/home/sezycei/srv/web/configuration/htpasswd:/etc/nginx/htpasswd"
-          "/home/sezycei/srv/web/configuration/htpasswd-dock:/etc/nginx/htpasswd-dock"
-          "/home/sezycei/srv/web/configuration/sites-available:/etc/nginx/sites-enabled"
-          "/home/sezycei/srv/web/ssl/letsencrypt:/etc/letsencrypt"
-          "/home/sezycei/srv/web/ssl/dhparam.pem:/etc/ssl/certs/dhparam.pem"
-        ];
-        environment = { };
-      };
-      purr = {
-        image = "docker.matri.cx/purr";
-        ports = [ "0.0.0.0:5195:3000" ];
-        volumes = [
-          "/home/sezycei/dev/purr/data/Purr.sqlite:/app/data/Purr.sqlite"
-          "/home/sezycei/dev/purr/config.dhall:/app/config.dhall"
-        ];
-        environment = { };
-      };
-      registry = {
-        image = "registry:2";
-        ports = [ "0.0.0.0:3001:5000" ];
-        volumes = [
-          "/home/sezycei/srv/containerdata/registry/registry/data:/var/lib/registry"
-          "/home/sezycei/srv/containerdata/registry/registry/certs:/certs"
-          "/home/sezycei/srv/containerdata/registry/registry/auth:/auth"
-        ];
-        environment = { };
-      };
-      transmission = {
-        image = "haugene/transmission-openvpn";
-        ports = [ "0.0.0.0:9091:9091" ];
-        volumes = [
-          "/home/sezycei/srv/scripts/transmission/settings.json:/etc/transmission-daemon/settings.json"
-          "/etc/localtime:/etc/localtime:ro"
-          "/home/torrent/data:/data"
-        ];
-        environmentFiles =
-          [ /home/sezycei/srv/containerdata/transmission/.env ];
-        extraOptions = [ "--cap-add=NET_ADMIN" "--privileged" ];
-      };
-    };
-  };
-}
--- a/system/security.nix
+++ b/system/security.nix
@ -1 +1,9 @@
-{ ... }: { security.sudo.wheelNeedsPassword = false; }
+{ ... }: {
+  security = {
+    sudo.wheelNeedsPassword = false;
+    acme = {
+      acceptTerms = true;
+      defaults.email = "james@eversole.co";
+    };
+  };
+}
--- a/system/services.nix
+++ b/system/services.nix
@ -1,4 +1,4 @@
-{ ... }: {
+{ config, ... }: {
  services = {
    openssh = { enable = true; };

@ -18,5 +18,10 @@
      notificationSender = "hydra@matri.cx";
      buildMachinesFiles = [ ];
    };
+
+    nix-serve = {
+      enable = true;
+      secretKeyFile = config.age.secrets.cache-key.path;
+    };
  };
 }
--- a/system/system.nix
+++ b/system/system.nix
@ -9,7 +9,7 @@
  networking = {
    hostName = "eve-psr-nix0";
    firewall = {
-      allowedTCPPorts = [ 22 80 443 3034 ];
+      allowedTCPPorts = [ 22 80 443 ];
      allowedUDPPorts = [ 22 80 443 ];
    };
  };