SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-22 00:21:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

hosts/srv-monitor: Reinstall with new hostname and larger nix partiiton

Browse source
This commit is contained in:
SebastianStork 2025-09-16 21:19:02 +02:00
parent 697eae282e
commit 4f826e8370
5 changed files with 5 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

82
hosts/srv-monitor/default.nix Normal file
View file

@ -0,0 +1,82 @@
{ config, ... }:
{
system.stateVersion = "25.05";
meta = {
domains.validate = true;
ports.validate = true;
};
custom = {
impermanence.enable = true;
sops = {
enable = true;
agePublicKey = "age1zrm4vtlgv3vtq3w8jjl5zkpz7jatgscxp8mel5emzvu44s5u2uasajq8mu";
};
boot.loader.grub.enable = true;
services = {
resolved.enable = true;
tailscale = {
enable = true;
ssh.enable = true;
};
gatus = {
enable = true;
domain = "status.${config.custom.services.tailscale.domain}";
domainsToMonitor = config.meta.domains.globalList;
endpoints = {
"alerts" = {
group = "Monitoring";
path = "/v1/health";
extraConditions = [ "[BODY].healthy == true" ];
};
"grafana".group = "Monitoring";
"logs".group = "Monitoring";
"git ssh" = {
protocol = "ssh";
domain = "git.sstork.dev";
};
"speedtest".protocol = "http";
};
};
ntfy = {
enable = true;
domain = "alerts.${config.custom.services.tailscale.domain}";
};
grafana = {
enable = true;
domain = "grafana.${config.custom.services.tailscale.domain}";
};
victorialogs = {
enable = true;
domain = "logs.${config.custom.services.tailscale.domain}";
};
caddy.virtualHosts =
let
inherit (config.custom) services;
in
{
gatus = {
inherit (services.gatus) domain port;
};
ntfy = {
inherit (services.ntfy) domain port;
};
grafana = {
inherit (services.grafana) domain port;
};
victorialogs = {
inherit (services.victorialogs) domain port;
};
};
};
};
}

52
hosts/srv-monitor/disko.nix Normal file
View file

@ -0,0 +1,52 @@
{
disko.devices = {
disk.main = {
device = "/dev/sda";
type = "disk";
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
type = "EF02";
};
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
nix = {
size = "15G";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/nix";
mountOptions = [ "noatime" ];
};
};
persist = {
size = "100%";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/persist";
mountOptions = [ "noatime" ];
};
};
};
};
};
nodev."/" = {
fsType = "tmpfs";
mountOptions = [
"defaults"
"mode=755"
];
};
};
}

47
hosts/srv-monitor/hardware.nix Normal file
View file

@ -0,0 +1,47 @@
{ modulesPath, inputs, ... }:
{
imports = [
inputs.disko.nixosModules.default
"${modulesPath}/profiles/qemu-guest.nix"
];
nixpkgs.hostPlatform = "x86_64-linux";
boot.initrd.availableKernelModules = [
"ahci"
"xhci_pci"
"virtio_pci"
"virtio_scsi"
"sd_mod"
"sr_mod"
];
zramSwap.enable = true;
networking.useDHCP = false;
systemd.network = {
enable = true;
networks."10-enp1s0" = {
matchConfig.Name = "enp1s0";
linkConfig.RequiredForOnline = "routable";
networkConfig.DHCP = "no";
address = [
"49.13.231.235/32"
"2a01:4f8:1c1e:76fe::1/64"
];
routes = [
{
Gateway = "172.31.1.1";
GatewayOnLink = true;
}
{ Gateway = "fe80::1"; }
];
dns = [
"1.1.1.1"
"8.8.8.8"
"2606:4700:4700::1111"
"2001:4860:4860::8888"
];
};
};
}

29
hosts/srv-monitor/secrets.json Normal file
View file

@ -0,0 +1,29 @@
{
"seb-password": "ENC[AES256_GCM,data:laGJomW5c5TB3alpPgZKElQ3Y46OBxPrA0AxVNgx/09oSuG0EM63cnnkwZkrTeZxqjBH2UOryLqCr9DUr9mhZsovqNtZ2t8Uzg==,iv:GpBQNm1jspU8PCN+SzfAUKSps3YySg6JJVYOLOFetOI=,tag:2nARGI9XwzLfJFRhDyGBSw==,type:str]",
"tailscale": {
"auth-key": "ENC[AES256_GCM,data:UYOACjPi7HKh3qB0yD5N8PlzvTXfzNr7qNfmLrj/KbBb4S0KDTI5xIFHpk3wkTwc+0d2RMMfpoJEnM68x5c=,iv:o36k4vtsnSThDQNIMIPBQHJ92WodbIyVC42L1t8Fvzg=,tag:6RqIP+fAv/ByYhxF12P4qg==,type:str]",
"service-auth-key": "ENC[AES256_GCM,data:2CO5QN0SSwzD6IIxjRNyUdG8n7kaNbpCVvvZh0ZXBNRC2x+smXWXCv9vPMYB8R3VCcWFTpF17J/8njqyfH4=,iv:e55ow3YQh6hd7FkTu09fMN8XgBk5ZsuHCtRDb5Q2sDI=,tag:zXXdoe1HD8Kl+kJ9NueT5A==,type:str]"
},
"healthchecks": {
"ping-key": "ENC[AES256_GCM,data:wlrgEbJ9B57kjmB+0hof/fJOBb4tcA==,iv:ibMBpcrSocLBhtumsSV00+KVN6Pi4SzE7soCkZcU4fY=,tag:wqYBB0Bi3M+UYinhd8pY+w==,type:str]"
},
"grafana": {
"admin-password": "ENC[AES256_GCM,data:VXM9heVazDBVltWvzlMrKTjeSmpArPvz9ZhTlPs=,iv:owHyuoupNQO09aRBgU2phIwxg22U1rUqKyYbw2193m4=,tag:EPiRny2k2Gw2kONyyzLpug==,type:str]"
},
"sops": {
"age": [
{
"recipient": "age1mpq8m4p7dnxh5ze3fh7etd2k6sp85zdnmp9te3e9chcw4pw07pcq960zh5",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjWXM0ZWEwY05jVFlRYUVh\nVkRPQmRJOVRLN0I3WmJmR1RFTEk5ZWxIajFBCk1rWDdXYWljTDZGVWZCS3NmWW40\nK1liV0tNUkdRbUw3eW94RnY1bEVjb00KLS0tIDBTR3hNSmhpM3pTT2RpMmNEdllG\najdQRm9Bb1ZMKzFTbHhHa1Q1ZVQ2Z1UKb2izTRYK3/9JPFj55yVCD2ZZVnRxQXhR\nvtFjF1+rQPhJgBF/D2BD83PzFGKHgv0K7Ktf0Qq9TuXl/LV5ZJk0wA==\n-----END AGE ENCRYPTED FILE-----\n"
},
{
"recipient": "age1zrm4vtlgv3vtq3w8jjl5zkpz7jatgscxp8mel5emzvu44s5u2uasajq8mu",
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB3QktmcjY1dEJrNDNuUzhz\nanNKc3RQTHp4VVdPOUhzS3pNaE9MTjZLLzFjCnpUTTYwMHZySGZhb3BONEEvZ2Rr\naktpVmdML3M5MGlyR2pSZEhzOUdvOFUKLS0tIEVWL1kxVE9HZ0hweGlUNXdSWWt5\nRFJNcVQ5V0xhMHc4NGhYbTNwMTBjL2cKSgup9OtVwlIRU73vy6uKpdkR/j1wN7/F\nIpKs0MiHZjkJ/yUHFBDkahVSfj6IvRdZ7tuumI4jCn25LEj4L9B8Dw==\n-----END AGE ENCRYPTED FILE-----\n"
}
],
"lastmodified": "2025-09-07T21:04:40Z",
"mac": "ENC[AES256_GCM,data:nXUfYEqhNL3BKbrI/MqJ0Vi5f+pWwzZkkw8cCFDuFcYK8C4e8LNUp+rnzQE71QIsxmqaEEnZqyb/eBZOxZgoM4f7lh9PgDdb8btq5PGIkDk2JkKaJYEVHzjmkYnlegrptEWtntm6aYbzsO4NEhXsa3ub7R9jpPvJOH/XEpsLWXI=,iv:Z3FPPegOn732fYexsv5jQDRm0vpYJT/ArQCK/PnQa5g=,tag:uE+pSxZmTFPEXNEJOseMtA==,type:str]",
"unencrypted_suffix": "_unencrypted",
"version": "3.10.2"
}
}