SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 12:51:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

vps-monitor: Switch completely to nebula

Browse source
This commit is contained in:
SebastianStork 2026-01-11 00:07:24 +01:00
parent 6069bd4b06
commit 2acd61d67e
Signed by: SebastianStork
SSH key fingerprint: SHA256:tRrGdjYOwgHxpSc/wTOZQZEjxcb15P0tyXRsbAfd+2Q
5 changed files with 19 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

16
hosts/vps-monitor/default.nix
View file

@ -26,8 +26,6 @@
onlyCleanRoots = true; onlyCleanRoots = true;
}; };
tailscale.enable = true;
nebula.node = { nebula.node = {
enable = true; enable = true;
address = "10.254.250.5"; address = "10.254.250.5";
@ -40,12 +38,12 @@
web-services = web-services =
let let
tailscaleDomain = config.custom.services.tailscale.domain; privateDomain = config.custom.services.nebula.network.domain;
in in
{ {
gatus = { gatus = {
enable = true; enable = true;
domain = "status.${tailscaleDomain}"; domain = "status.${privateDomain}";
generateDefaultEndpoints = true; generateDefaultEndpoints = true;
endpoints."alerts" = { endpoints."alerts" = {
path = "/v1/health"; path = "/v1/health";
@ -55,12 +53,12 @@
ntfy = { ntfy = {
enable = true; enable = true;
domain = "alerts.${tailscaleDomain}"; domain = "alerts.${privateDomain}";
}; };
grafana = { grafana = {
enable = true; enable = true;
domain = "grafana.${tailscaleDomain}"; domain = "grafana.${privateDomain}";
datasources = { datasources = {
prometheus.enable = true; prometheus.enable = true;
victoriametrics.enable = true; victoriametrics.enable = true;
@ -76,17 +74,17 @@
victoriametrics = { victoriametrics = {
enable = true; enable = true;
domain = "metrics.${tailscaleDomain}"; domain = "metrics.${privateDomain}";
}; };
victorialogs = { victorialogs = {
enable = true; enable = true;
domain = "logs.${tailscaleDomain}"; domain = "logs.${privateDomain}";
}; };
alloy = { alloy = {
enable = true; enable = true;
domain = "alloy-${config.networking.hostName}.${tailscaleDomain}"; domain = "alloy.${config.networking.hostName}.${privateDomain}";
}; };
}; };
}; };

8
hosts/vps-monitor/secrets.json
View file

@ -13,6 +13,10 @@
"nebula": { "nebula": {
"host-key": "ENC[AES256_GCM,data:usSLqYOvDAAs7z1xo+gccDqgUE78upK+k522ldKcPoFKKBH87Us7gi6+XAOMDQ79U6i8j4l1lAE8kRdqDuvasodESHVSW9gSnnv5E73MVr0d1Snh7tAewVzneac+2R2R8tUzKzwzWM5SyyvJSoKGBg8WmGzdGT8UqC623utlYQ==,iv:NoZ2u8IK4g1Kwb6uZZ1jXJH4eFO9Jj5Phi5hPM4K72o=,tag:9mOv6oSESH+8r2ZC4yUE+w==,type:str]" "host-key": "ENC[AES256_GCM,data:usSLqYOvDAAs7z1xo+gccDqgUE78upK+k522ldKcPoFKKBH87Us7gi6+XAOMDQ79U6i8j4l1lAE8kRdqDuvasodESHVSW9gSnnv5E73MVr0d1Snh7tAewVzneac+2R2R8tUzKzwzWM5SyyvJSoKGBg8WmGzdGT8UqC623utlYQ==,iv:NoZ2u8IK4g1Kwb6uZZ1jXJH4eFO9Jj5Phi5hPM4K72o=,tag:9mOv6oSESH+8r2ZC4yUE+w==,type:str]"
}, },
"porkbun": {
"api-key": "ENC[AES256_GCM,data:oqnAPVfLU8CG64+TsRijZ/2Wzy11bt3PvoEqbpWZbcXIE2aM0oZtUUtCxt0DiWp8Uyta6AO40V8+EGkzeqL4O6VLxU4=,iv:KaEwSmoG5zYxsWjUxwqbfe77Iiv03IAnFaIjQ5YoYkc=,tag:ilzXSYElARjnWkOcBKZBdA==,type:str]",
"secret-api-key": "ENC[AES256_GCM,data:dGOAsu3kPJmDwhddZGgrY8KrDJeS7PiEPjEVh/h8BgSygRKLInow/7PIaHcy8gIlsGFvU2CYORY7Vmf3QCxYbRTkdIQ=,iv:otDnIv0B1h1H6usJqSNVqv9UUcmx9r5Cn18Q6DFwBME=,tag:O2O3V33TmalVuL6y4V9ufw==,type:str]"
},
"sops": { "sops": {
"age": [ "age": [
{ {
@ -24,8 +28,8 @@
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTVmV4dkZEaWVDNHMxUFdr\nYnhuVWpReXBNSEhhZkltQTE4bEpzSlBzL0VJCk15UFlwa0haWTZNaE1DVzVZVFBI\nd0QzcUptYmQ3dmhhdjhFV0xDSWdmMGMKLS0tIFhWamx6SXJleFFSVUFkRmw2VFZy\nOVVhNm9NSE0yRGFMQjNrM1B6cDVxSXMKrhAkDcWqutgSmQI5O+5i8fcwuTh2/XKr\nljK/Vn8EvGr8qEUeHzOBI1b5VtgngJkVJyfM9G/Q0lZvQF7ZZ5YCgQ==\n-----END AGE ENCRYPTED FILE-----\n" "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBTVmV4dkZEaWVDNHMxUFdr\nYnhuVWpReXBNSEhhZkltQTE4bEpzSlBzL0VJCk15UFlwa0haWTZNaE1DVzVZVFBI\nd0QzcUptYmQ3dmhhdjhFV0xDSWdmMGMKLS0tIFhWamx6SXJleFFSVUFkRmw2VFZy\nOVVhNm9NSE0yRGFMQjNrM1B6cDVxSXMKrhAkDcWqutgSmQI5O+5i8fcwuTh2/XKr\nljK/Vn8EvGr8qEUeHzOBI1b5VtgngJkVJyfM9G/Q0lZvQF7ZZ5YCgQ==\n-----END AGE ENCRYPTED FILE-----\n"
} }
], ],
"lastmodified": "2026-01-03T15:47:25Z", "lastmodified": "2026-01-10T22:31:10Z",
"mac": "ENC[AES256_GCM,data:fEtJdI0I7Tiv21n30ZcxMdOsf4emevkouRmMW+100GEY19rL/VtAIXkvaaygdz/sGXXzLeANReLjo5Ryp93x8854eravT4nQ8IXpNlCgdBXmq7QgUD/nc5kaOj0//3neAxE+ht5MPWm+AbfO4kYDKTmF9GFoLRZMfyvrWXTVv4M=,iv:h4RUkWkr6PABpj0yp+YRhgJ/0X6kwpMyB30qVMbO2to=,tag:8a+w96TwPXk15GZdryWneQ==,type:str]", "mac": "ENC[AES256_GCM,data:REnbW+tps2KV+VtPOHAJFVuYAs4lRAp/n/Vui7AYYv3KLux97bOCg/ltlxSL8bGGKrcHtlFqI1a7ZGe/bQaFCGxrg+iQahokR7c+Lfz+ffc5bXue1P00UXBi2O+eBlpVwZ5CeMh5TIYLAyxEXR88PVqSrhkhXAphDTP73leqsvA=,iv:1MMZwjg9zdLwKpn8JllURaodm8fSInNgwNty7DwGKq0=,tag:WmnMzR9MvGs2Odap8sXLgw==,type:str]",
"unencrypted_suffix": "_unencrypted", "unencrypted_suffix": "_unencrypted",
"version": "3.11.0" "version": "3.11.0"
} }

4
modules/system/web-services/alloy.nix
View file

@ -15,11 +15,11 @@ in
}; };
metricsEndpoint = lib.mkOption { metricsEndpoint = lib.mkOption {
type = lib.types.nonEmptyStr; type = lib.types.nonEmptyStr;
default = "https://metrics.${config.custom.services.tailscale.domain}/prometheus/api/v1/write"; default = "https://metrics.${config.custom.services.nebula.network.domain}/prometheus/api/v1/write";
}; };
logsEndpoint = lib.mkOption { logsEndpoint = lib.mkOption {
type = lib.types.nonEmptyStr; type = lib.types.nonEmptyStr;
default = "https://logs.${config.custom.services.tailscale.domain}/insert/loki/api/v1/push"; default = "https://logs.${config.custom.services.nebula.network.domain}/insert/loki/api/v1/push";
}; };
collect = { collect = {
metrics = { metrics = {

2
modules/system/web-services/gatus.nix
View file

@ -113,7 +113,7 @@ in
connectivity.checker.target = "1.1.1.1:53"; # Cloudflare DNS connectivity.checker.target = "1.1.1.1:53"; # Cloudflare DNS
alerting.ntfy = { alerting.ntfy = {
topic = "uptime"; topic = "uptime";
url = "https://alerts.${config.custom.services.tailscale.domain}"; url = "https://alerts.${config.custom.services.nebula.network.domain}";
click = "https://${cfg.domain}"; click = "https://${cfg.domain}";
default-alert = { default-alert = {
enable = true; enable = true;

6
modules/system/web-services/grafana.nix
View file

@ -23,21 +23,21 @@ in
enable = lib.mkEnableOption ""; enable = lib.mkEnableOption "";
url = lib.mkOption { url = lib.mkOption {
type = lib.types.nonEmptyStr; type = lib.types.nonEmptyStr;
default = "https://metrics.${config.custom.services.tailscale.domain}"; default = "https://metrics.${config.custom.services.nebula.network.domain}";
}; };
}; };
victoriametrics = { victoriametrics = {
enable = lib.mkEnableOption ""; enable = lib.mkEnableOption "";
url = lib.mkOption { url = lib.mkOption {
type = lib.types.nonEmptyStr; type = lib.types.nonEmptyStr;
default = "https://metrics.${config.custom.services.tailscale.domain}"; default = "https://metrics.${config.custom.services.nebula.network.domain}";
}; };
}; };
victorialogs = { victorialogs = {
enable = lib.mkEnableOption ""; enable = lib.mkEnableOption "";
url = lib.mkOption { url = lib.mkOption {
type = lib.types.nonEmptyStr; type = lib.types.nonEmptyStr;
default = "https://logs.${config.custom.services.tailscale.domain}"; default = "https://logs.${config.custom.services.nebula.network.domain}";
}; };
}; };
}; };