diff --git a/hosts/vps-monitor/default.nix b/hosts/vps-monitor/default.nix index 0d751cd..554782f 100644 --- a/hosts/vps-monitor/default.nix +++ b/hosts/vps-monitor/default.nix @@ -26,8 +26,6 @@ onlyCleanRoots = true; }; - tailscale.enable = true; - nebula.node = { enable = true; address = "10.254.250.5"; @@ -40,12 +38,12 @@ web-services = let - tailscaleDomain = config.custom.services.tailscale.domain; + privateDomain = config.custom.services.nebula.network.domain; in { gatus = { enable = true; - domain = "status.${tailscaleDomain}"; + domain = "status.${privateDomain}"; generateDefaultEndpoints = true; endpoints."alerts" = { path = "/v1/health"; @@ -55,12 +53,12 @@ ntfy = { enable = true; - domain = "alerts.${tailscaleDomain}"; + domain = "alerts.${privateDomain}"; }; grafana = { enable = true; - domain = "grafana.${tailscaleDomain}"; + domain = "grafana.${privateDomain}"; datasources = { prometheus.enable = true; victoriametrics.enable = true; @@ -76,17 +74,17 @@ victoriametrics = { enable = true; - domain = "metrics.${tailscaleDomain}"; + domain = "metrics.${privateDomain}"; }; victorialogs = { enable = true; - domain = "logs.${tailscaleDomain}"; + domain = "logs.${privateDomain}"; }; alloy = { enable = true; - domain = "alloy-${config.networking.hostName}.${tailscaleDomain}"; + domain = "alloy.${config.networking.hostName}.${privateDomain}"; }; }; }; diff --git a/hosts/vps-monitor/secrets.json b/hosts/vps-monitor/secrets.json index 1d0ce79..67c6123 100644 --- a/hosts/vps-monitor/secrets.json +++ b/hosts/vps-monitor/secrets.json @@ -13,6 +13,10 @@ "nebula": { "host-key": "ENC[AES256_GCM,data:usSLqYOvDAAs7z1xo+gccDqgUE78upK+k522ldKcPoFKKBH87Us7gi6+XAOMDQ79U6i8j4l1lAE8kRdqDuvasodESHVSW9gSnnv5E73MVr0d1Snh7tAewVzneac+2R2R8tUzKzwzWM5SyyvJSoKGBg8WmGzdGT8UqC623utlYQ==,iv:NoZ2u8IK4g1Kwb6uZZ1jXJH4eFO9Jj5Phi5hPM4K72o=,tag:9mOv6oSESH+8r2ZC4yUE+w==,type:str]" }, + "porkbun": { + "api-key": "ENC[AES256_GCM,data:oqnAPVfLU8CG64+TsRijZ/2Wzy11bt3PvoEqbpWZbcXIE2aM0oZtUUtCxt0DiWp8Uyta6AO40V8+EGkzeqL4O6VLxU4=,iv:KaEwSmoG5zYxsWjUxwqbfe77Iiv03IAnFaIjQ5YoYkc=,tag:ilzXSYElARjnWkOcBKZBdA==,type:str]", + "secret-api-key": "ENC[AES256_GCM,data:dGOAsu3kPJmDwhddZGgrY8KrDJeS7PiEPjEVh/h8BgSygRKLInow/7PIaHcy8gIlsGFvU2CYORY7Vmf3QCxYbRTkdIQ=,iv:otDnIv0B1h1H6usJqSNVqv9UUcmx9r5Cn18Q6DFwBME=,tag:O2O3V33TmalVuL6y4V9ufw==,type:str]" + }, "sops": { "age": [ { @@ -24,8 +28,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTVmV4dkZEaWVDNHMxUFdr\nYnhuVWpReXBNSEhhZkltQTE4bEpzSlBzL0VJCk15UFlwa0haWTZNaE1DVzVZVFBI\nd0QzcUptYmQ3dmhhdjhFV0xDSWdmMGMKLS0tIFhWamx6SXJleFFSVUFkRmw2VFZy\nOVVhNm9NSE0yRGFMQjNrM1B6cDVxSXMKrhAkDcWqutgSmQI5O+5i8fcwuTh2/XKr\nljK/Vn8EvGr8qEUeHzOBI1b5VtgngJkVJyfM9G/Q0lZvQF7ZZ5YCgQ==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-01-03T15:47:25Z", - "mac": "ENC[AES256_GCM,data:fEtJdI0I7Tiv21n30ZcxMdOsf4emevkouRmMW+100GEY19rL/VtAIXkvaaygdz/sGXXzLeANReLjo5Ryp93x8854eravT4nQ8IXpNlCgdBXmq7QgUD/nc5kaOj0//3neAxE+ht5MPWm+AbfO4kYDKTmF9GFoLRZMfyvrWXTVv4M=,iv:h4RUkWkr6PABpj0yp+YRhgJ/0X6kwpMyB30qVMbO2to=,tag:8a+w96TwPXk15GZdryWneQ==,type:str]", + "lastmodified": "2026-01-10T22:31:10Z", + "mac": "ENC[AES256_GCM,data:REnbW+tps2KV+VtPOHAJFVuYAs4lRAp/n/Vui7AYYv3KLux97bOCg/ltlxSL8bGGKrcHtlFqI1a7ZGe/bQaFCGxrg+iQahokR7c+Lfz+ffc5bXue1P00UXBi2O+eBlpVwZ5CeMh5TIYLAyxEXR88PVqSrhkhXAphDTP73leqsvA=,iv:1MMZwjg9zdLwKpn8JllURaodm8fSInNgwNty7DwGKq0=,tag:WmnMzR9MvGs2Odap8sXLgw==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.11.0" } diff --git a/modules/system/web-services/alloy.nix b/modules/system/web-services/alloy.nix index 854077a..e0bc827 100644 --- a/modules/system/web-services/alloy.nix +++ b/modules/system/web-services/alloy.nix @@ -15,11 +15,11 @@ in }; metricsEndpoint = lib.mkOption { type = lib.types.nonEmptyStr; - default = "https://metrics.${config.custom.services.tailscale.domain}/prometheus/api/v1/write"; + default = "https://metrics.${config.custom.services.nebula.network.domain}/prometheus/api/v1/write"; }; logsEndpoint = lib.mkOption { type = lib.types.nonEmptyStr; - default = "https://logs.${config.custom.services.tailscale.domain}/insert/loki/api/v1/push"; + default = "https://logs.${config.custom.services.nebula.network.domain}/insert/loki/api/v1/push"; }; collect = { metrics = { diff --git a/modules/system/web-services/gatus.nix b/modules/system/web-services/gatus.nix index 6dff1f0..0cda068 100644 --- a/modules/system/web-services/gatus.nix +++ b/modules/system/web-services/gatus.nix @@ -113,7 +113,7 @@ in connectivity.checker.target = "1.1.1.1:53"; # Cloudflare DNS alerting.ntfy = { topic = "uptime"; - url = "https://alerts.${config.custom.services.tailscale.domain}"; + url = "https://alerts.${config.custom.services.nebula.network.domain}"; click = "https://${cfg.domain}"; default-alert = { enable = true; diff --git a/modules/system/web-services/grafana.nix b/modules/system/web-services/grafana.nix index 88134ea..155674c 100644 --- a/modules/system/web-services/grafana.nix +++ b/modules/system/web-services/grafana.nix @@ -23,21 +23,21 @@ in enable = lib.mkEnableOption ""; url = lib.mkOption { type = lib.types.nonEmptyStr; - default = "https://metrics.${config.custom.services.tailscale.domain}"; + default = "https://metrics.${config.custom.services.nebula.network.domain}"; }; }; victoriametrics = { enable = lib.mkEnableOption ""; url = lib.mkOption { type = lib.types.nonEmptyStr; - default = "https://metrics.${config.custom.services.tailscale.domain}"; + default = "https://metrics.${config.custom.services.nebula.network.domain}"; }; }; victorialogs = { enable = lib.mkEnableOption ""; url = lib.mkOption { type = lib.types.nonEmptyStr; - default = "https://logs.${config.custom.services.tailscale.domain}"; + default = "https://logs.${config.custom.services.nebula.network.domain}"; }; }; };