From 81a08c60a03d07fb571d23c9b06cabca8bf16d3f Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Mon, 12 Jan 2026 20:38:15 +0100 Subject: [PATCH 1/3] vps-monitor: Disable grafana's crowdsec dashboard --- hosts/vps-monitor/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/hosts/vps-monitor/default.nix b/hosts/vps-monitor/default.nix index 6cc1550..56e9488 100644 --- a/hosts/vps-monitor/default.nix +++ b/hosts/vps-monitor/default.nix @@ -74,7 +74,6 @@ nodeExporter.enable = true; victoriametrics.enable = true; victorialogs.enable = true; - crowdsec.enable = true; }; }; From 2ae08dc9c5d0fa08342004ab18a15b0538cfb490 Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Mon, 12 Jan 2026 20:45:34 +0100 Subject: [PATCH 2/3] grafana: Enable datasources and dashboards intelligently --- hosts/vps-monitor/default.nix | 10 -------- modules/system/web-services/grafana.nix | 34 +++++++++++++++++-------- 2 files changed, 24 insertions(+), 20 deletions(-) diff --git a/hosts/vps-monitor/default.nix b/hosts/vps-monitor/default.nix index 56e9488..a86ae4f 100644 --- a/hosts/vps-monitor/default.nix +++ b/hosts/vps-monitor/default.nix @@ -65,16 +65,6 @@ grafana = { enable = true; domain = "grafana.${privateDomain}"; - datasources = { - prometheus.enable = true; - victoriametrics.enable = true; - victorialogs.enable = true; - }; - dashboards = { - nodeExporter.enable = true; - victoriametrics.enable = true; - victorialogs.enable = true; - }; }; victoriametrics = { diff --git a/modules/system/web-services/grafana.nix b/modules/system/web-services/grafana.nix index a0c64b7..c5ed60e 100644 --- a/modules/system/web-services/grafana.nix +++ b/modules/system/web-services/grafana.nix @@ -20,32 +20,46 @@ in }; datasources = { prometheus = { - enable = lib.mkEnableOption ""; + enable = lib.mkEnableOption "" // { + default = config.custom.web-services.victoriametrics.enable; + }; url = lib.mkOption { type = lib.types.nonEmptyStr; - default = "https://metrics.${config.custom.networking.overlay.domain}"; + default = "https://${config.custom.web-services.victoriametrics.domain}"; }; }; victoriametrics = { - enable = lib.mkEnableOption ""; + enable = lib.mkEnableOption "" // { + default = config.custom.web-services.victoriametrics.enable; + }; url = lib.mkOption { type = lib.types.nonEmptyStr; - default = "https://metrics.${config.custom.networking.overlay.domain}"; + default = "https://${config.custom.web-services.victoriametrics.domain}"; }; }; victorialogs = { - enable = lib.mkEnableOption ""; + enable = lib.mkEnableOption "" // { + default = config.custom.web-services.victorialogs.enable; + }; url = lib.mkOption { type = lib.types.nonEmptyStr; - default = "https://logs.${config.custom.networking.overlay.domain}"; + default = "https://${config.custom.web-services.victorialogs.domain}"; }; }; }; dashboards = { - nodeExporter.enable = lib.mkEnableOption ""; - victoriametrics.enable = lib.mkEnableOption ""; - victorialogs.enable = lib.mkEnableOption ""; - crowdsec.enable = lib.mkEnableOption ""; + nodeExporter.enable = lib.mkEnableOption "" // { + default = true; + }; + victoriametrics.enable = lib.mkEnableOption "" // { + default = config.custom.web-services.victoriametrics.enable; + }; + victorialogs.enable = lib.mkEnableOption "" // { + default = config.custom.web-services.victorialogs.enable; + }; + crowdsec.enable = lib.mkEnableOption "" // { + default = config.custom.services.crowdsec.enable; + }; }; }; From f3ad654ad3518fc01f72065b70e6399d6f5a9ec7 Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Mon, 12 Jan 2026 20:59:32 +0100 Subject: [PATCH 3/3] vps-public: Remove unneeded crowdsec secret --- hosts/vps-public/secrets.json | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/hosts/vps-public/secrets.json b/hosts/vps-public/secrets.json index c3019ae..aef409a 100644 --- a/hosts/vps-public/secrets.json +++ b/hosts/vps-public/secrets.json @@ -10,9 +10,6 @@ "healthchecks": { "ping-key": "ENC[AES256_GCM,data:MqH/4hAk9cjWW5DCw19MvCo/jXNtLQ==,iv:3pfIJ4LhgOw2hHm75OiWdrqcBTD8h5yCwik50tXDp4E=,tag:OTXLGvjn1q4ffLEskmnGpg==,type:str]" }, - "crowdsec": { - "enrollment-key": "ENC[AES256_GCM,data:TNT76VMrHjEfSgP/qTO94vJW5Tz6aQkN/g==,iv:ZLz/3LXSYVXQtcyPZ62qOuslexdXh7jvX0MzoXjlRgM=,tag:WOpTktMO8O8mqV5KK6087w==,type:str]" - }, "outline": { "gitlab-auth-secret": "ENC[AES256_GCM,data:fNxlI0sJdoY9hFxiJz4OdGLv1NyZbMchW/df5VuLBHqeQG19Seul0R1J0Fl+NBFfAAiyHA6oGzXerYLt6KsNDwFmK2ODuw==,iv:TfFyC+JUvb2GaeE8rh9Knj4fPkmoyWvymG9YAN/dpNA=,tag:PXn6uYXtFfV0N5+2fYyCZQ==,type:str]" }, @@ -34,8 +31,8 @@ "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvVnphWlNaTUU0QytIdnEv\nQnNzelN4MUMreXZrME5KZStFMDg2V1VFd21rCkk2Uy9ITEF3SjlRVEdMMXlPdHhG\nam1PNnp3emtnMnczeFFSSStJaHF6TkkKLS0tIEJKbFRzbmNqMjk5NXVHZnhlWWZ3\nYng5L1F5YUJGOTg3TTJCK281SG9Id3MKsmH2yj19ig2g+KzBGLD9dWkdvr6TLdSd\nuuDC+frhj7wWrEomOOjIoYtWHXkUtTSAnCEZhrhfyupYhEvlFfWRlw==\n-----END AGE ENCRYPTED FILE-----\n" } ], - "lastmodified": "2026-01-10T23:14:22Z", - "mac": "ENC[AES256_GCM,data:oQ8weypJMM2sm5XzRzn80IE6VQ7zKiJdkujLTfZbiUHXhPSpmNJqsXnAMREtKGAxxm6p9aTeZMbkX1xN1FGf38909/W0Bk/I0trpo1Q6bxLwlo/8eLvA5CAqrgQIgJz3jpIEDpXGsvTDVDxNQeFPH4HZHInwmF4Z6snVBuv8UZI=,iv:D3qt1rhAdMRRnBzlaKf8hGU+f7isjIKPyGM1MCnhoBs=,tag:6ihR9KXKsr8SVPceVlB1Cg==,type:str]", + "lastmodified": "2026-01-12T19:58:55Z", + "mac": "ENC[AES256_GCM,data:w+OB5d3TPpWPbnMEQfRVCm8yxVSebtbSTnH5Z9O1Z6oKcz34zlfxvmvDsn8FARs7lI9DT7nt3+McizqCbSSovaRsIrT03USSll6TnC08nsXzQoo7OC5UIpv5P1RCu+9TMk3hlWKLiiJe4U8UQgUTPufXQEIfgCOQ5nxv7/lEw7o=,iv:NUZV0EVgQegKd/dnXAV859v4Nb1SbK6pQSPHmJJs4Fw=,tag:EfDDvP2Sag8TQaNcp5AFNg==,type:str]", "unencrypted_suffix": "_unencrypted", "version": "3.11.0" }