2025-04-24 20:52:24 +00:00
5 changed files with 55 additions and 57 deletions
--- a/flake.lock
+++ b/flake.lock
@ -93,9 +93,7 @@
    },
    "firefox-darwin": {
      "inputs": {
-        "nixpkgs": [
-          "nixpkgs"
-        ]
+        "nixpkgs": "nixpkgs"
      },
      "locked": {
        "lastModified": 1687568341,
@ -202,9 +200,7 @@
    "nil": {
      "inputs": {
        "flake-utils": "flake-utils",
-        "nixpkgs": [
-          "nixpkgs"
-        ],
+        "nixpkgs": "nixpkgs_2",
        "rust-overlay": "rust-overlay"
      },
      "locked": {
@ -280,6 +276,38 @@
      }
    },
    "nixpkgs": {
+      "locked": {
+        "lastModified": 1639237670,
+        "narHash": "sha256-RTdL4rEQcgaZGpvtDgkp3oK/V+1LM3I53n0ACPSroAQ=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "edfb969386ebe6c3cf8f878775a7975cd88f926d",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "master",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_2": {
+      "locked": {
+        "lastModified": 1680487167,
+        "narHash": "sha256-9FNIqrxDZgSliGGN2XJJSvcDYmQbgOANaZA4UWnTdg4=",
+        "owner": "nixos",
+        "repo": "nixpkgs",
+        "rev": "53dad94e874c9586e71decf82d972dfb640ef044",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nixos",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs_3": {
      "locked": {
        "lastModified": 1687502512,
        "narHash": "sha256-dBL/01TayOSZYxtY4cMXuNCBk8UMLoqRZA+94xiFpJA=",
@ -295,7 +323,7 @@
        "type": "github"
      }
    },
-    "nixpkgs_2": {
+    "nixpkgs_4": {
      "locked": {
        "lastModified": 1686929285,
        "narHash": "sha256-WGtVzn+vGMPTXDO0DMNKVFtf+zUSqeW+KKk4Y/Ae99I=",
@ -404,7 +432,7 @@
        "nil": "nil",
        "nix2vim": "nix2vim",
        "nixos-generators": "nixos-generators",
-        "nixpkgs": "nixpkgs",
+        "nixpkgs": "nixpkgs_3",
        "null-ls-nvim-src": "null-ls-nvim-src",
        "nur": "nur",
        "nvim-lspconfig-src": "nvim-lspconfig-src",
@ -542,7 +570,7 @@
      "inputs": {
        "flake-compat": "flake-compat",
        "flake-utils": "flake-utils_3",
-        "nixpkgs": "nixpkgs_2"
+        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
        "lastModified": 1687279045,
--- a/flake.nix
+++ b/flake.nix
@ -20,17 +20,14 @@
    home-manager = {
      url = "github:nix-community/home-manager/master";
      inputs.nixpkgs.follows =
-        "nixpkgs"; # Use system packages list for their inputs
+        "nixpkgs"; # Use system packages list where available
    };

    # Community packages; used for Firefox extensions
    nur.url = "github:nix-community/nur";

    # Use official Firefox binary for macOS
-    firefox-darwin = {
-      url = "github:bandithedoge/nixpkgs-firefox-darwin";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
+    firefox-darwin.url = "github:bandithedoge/nixpkgs-firefox-darwin";

    # Manage disk format and partitioning
    disko = {
@ -57,10 +54,7 @@
    };

    # Nix language server
-    nil = {
-      url = "github:oxalica/nil/2023-04-03";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
+    nil.url = "github:oxalica/nil/2023-04-03";

    # Neovim plugins
    nvim-lspconfig-src = {
@ -165,7 +159,7 @@
          import ./hosts/lookingglass { inherit inputs globals overlays; };
      };

-      # For quickly applying home-manager settings with:
+      # For quickly applying local settings with:
      # home-manager switch --flake .#tempest
      homeConfigurations = {
        tempest =
--- a/hosts/tempest/default.nix
+++ b/hosts/tempest/default.nix
@ -92,14 +92,6 @@ inputs.nixpkgs.lib.nixosSystem {
        ryujinx.enable = true;
      };

-      cloudflareTunnel = {
-        enable = true;
-        id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
-        credentialsFile = ../../private/cloudflared-tempest.age;
-        ca =
-          "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
-      };
-
    }
  ];
 }
--- a/modules/nixos/services/prometheus.nix
+++ b/modules/nixos/services/prometheus.nix
@ -6,13 +6,10 @@
    default = null;
  };

-  config = let
+  # If hosting Grafana, host local Prometheus and listen for inbound jobs.
+  # If not hosting Grafana, send remote Prometheus writes to primary host

-    # If hosting Grafana, host local Prometheus and listen for inbound jobs. If
-    # not hosting Grafana, send remote Prometheus writes to primary host.
-    isServer = config.services.grafana.enable;
-
-  in lib.mkIf config.services.prometheus.enable {
+  config = lib.mkIf config.services.prometheus.enable {

    services.prometheus = {
      exporters.node.enable = true;
@ -20,9 +17,10 @@
        job_name = "local";
        static_configs = [{ targets = [ "127.0.0.1:9100" ]; }];
      }];
-      webExternalUrl = lib.mkIf isServer "https://${config.prometheusServer}";
+      webExternalUrl = lib.mkIf config.services.grafana.enable
+        "https://${config.prometheusServer}";
      # Web config file: https://prometheus.io/docs/prometheus/latest/configuration/https/
-      webConfigFile = lib.mkIf isServer
+      webConfigFile = lib.mkIf config.services.grafana.enable
        ((pkgs.formats.yaml { }).generate "webconfig.yml" {
          basic_auth_users = {
            # Generate password: htpasswd -nBC 10 "" | tr -d ':\n'
@ -31,7 +29,7 @@
              "$2y$10$r7FWHLHTGPAY312PdhkPEuvb05aGn9Nk1IO7qtUUUjmaDl35l6sLa";
          };
        });
-      remoteWrite = lib.mkIf (!isServer) [{
+      remoteWrite = lib.mkIf (!config.services.grafana.enable) [{
        name = config.networking.hostName;
        url = "https://${config.prometheusServer}";
        basic_auth = {
@ -43,19 +41,20 @@
    };

    # Create credentials file for remote Prometheus push
-    secrets.prometheus = lib.mkIf (!isServer) {
+    secrets.prometheus = lib.mkIf (!config.services.grafana.enable) {
      source = ../../../private/prometheus.age;
      dest = "${config.secretsDirectory}/prometheus";
      owner = "prometheus";
      group = "prometheus";
      permissions = "0440";
    };
-    systemd.services.prometheus-secret = lib.mkIf (!isServer) {
-      requiredBy = [ "prometheus.service" ];
-      before = [ "prometheus.service" ];
-    };
+    systemd.services.prometheus-secret =
+      lib.mkIf (!config.services.grafana.enable) {
+        requiredBy = [ "prometheus.service" ];
+        before = [ "prometheus.service" ];
+      };

-    caddy.routes = lib.mkIf isServer [{
+    caddy.routes = lib.mkIf config.services.grafana.enable [{
      match = [{ host = [ config.prometheusServer ]; }];
      handle = [{
        handler = "reverse_proxy";
--- a/private/cloudflared-tempest.age
+++ b/private/cloudflared-tempest.age
@ -1,15 +0,0 @@
-----BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyB1VnBt
-RTV5eWc3RDNUR2lOWFRaMlgzREQyMlcvUFNxV0N2Vm9lVVZKOUZ3ClJjaWtYZjR5
-ZTB4L2M4MFB0UThaMzlRT3JkUEE1N3RrSUlpZnRFbmFDdWcKLT4gc3NoLWVkMjU1
-MTkgWXlTVU1RIE5iTUs1ak9VZjRIRGpLMWtDcVB0RjVFRW8vOENQZlkzeGhsYmFB
-QzJ6Z00KZmcvZ0hYMjN1bGZwY3NvMjlCbnpHUWVjdVU4cnBGcDQxTU8wZ0EyQXdU
-MAotPiBzc2gtZWQyNTUxOSBuanZYNUEgazRzK2ZnSUZNWURoKzZMZmM4VTlDbVBh
-WGc4MlE5TGFiN1MzV01FT1oyQQppRUhUNjdlQURNQm8rR0JOOUJFNm9vaXhPTXFW
-U2lJU09jWVA0TDRrVHY4Ci0tLSBudWJTclRTek1RWHYzYzA4aTduODB0NUNWbVVP
-cUIyVzJncWhDS053d25nCneJhp1QT1v+dAguW9wAKDgWST59KNBgbY01jkf1IqXc
-FbmkctPIMggim3uCBqjzBboYvf+dtt0Fcu9aiB+4YmGUeQNb+9mdPweXoHmVrego
-XygVsbuSP4xKWtIJhBJ/3/jEK9LqBtv+owdUIxbw5Ci6A0JvSu+tnUj5oAgMyT2z
-YrGRK9plQZteeUkMcd6+anSEUpP45lzfz/T7loD9ViCbPHRuUFgwkwUcRGjQStm3
-pnx9bi8N4ac599f4KqInm5gd
-----END AGE ENCRYPTED FILE-----