noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-04-24 22:02:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: noah:60e779085e760688e0af675587a8733dd0a767cb
Branches Tags
noah:master
noah:platform
noah:home-manager-fix
noah:immich-proxy
noah:microcode
noah:nixd
noah:eblume-mole
noah:language-checks
noah:keyd-2.4.3
noah:sway
noah:nixosmodules
noah:unfree-predicate-by-pkgs
noah:darwin-ssl
noah:pre-platform
noah:begin-nixos
noah:begin-nix
noah:neovim-lua
noah:pre-nix
noah:legacy
..
compare: noah:d85e4b1593ed562bea891c67682bb2536bb8c04f
Branches Tags
noah:master
noah:platform
noah:home-manager-fix
noah:immich-proxy
noah:microcode
noah:nixd
noah:eblume-mole
noah:language-checks
noah:keyd-2.4.3
noah:sway
noah:nixosmodules
noah:unfree-predicate-by-pkgs
noah:darwin-ssl
noah:pre-platform
noah:begin-nixos
noah:begin-nix
noah:neovim-lua
noah:pre-nix
noah:legacy

2 Commits
60e779085e ... d85e4b1593

Author SHA1 Message Date
Noah Masur
d85e4b1593 fix: caddy denylist and jellyfin prometheus 2023-07-16 21:04:07 +00:00
Noah Masur
6ea99eca5d enable caddy prometheus metrics 2023-07-16 20:13:41 +00:00
4 changed files with 29 additions and 9 deletions
Show Stats Expand all files Collapse all files

3
modules/nixos/services/caddy.nix
View File

@ -30,6 +30,7 @@
errors.routes = config.caddy.blocks;
# logs = { }; # Uncomment to collect access logs
};
apps.http.servers.metrics = { }; # Enables Prometheus metrics
apps.tls.automation.policies = config.caddy.tlsPolicies;
logging.logs.main = {
encoder = { format = "console"; };
@ -47,6 +48,8 @@
networking.firewall.allowedTCPPorts = [ 80 443 ];
networking.firewall.allowedUDPPorts = [ 443 ];
prometheus.scrapeTargets = [ "127.0.0.1:2019" ];
};
}

4
modules/nixos/services/cloudflare.nix
View File

@ -41,11 +41,11 @@ in {
config = lib.mkIf config.cloudflare.enable {
# Forces Caddy to error if coming from a non-Cloudflare IP
caddy.blocks = [{
caddy.routes = [{
match = [{ not = [{ remote_ip.ranges = cloudflareIpRanges; }]; }];
handle = [{
handler = "static_response";
abort = true;
status_code = "403";
}];
}];

29
modules/nixos/services/jellyfin.nix
View File

@ -5,13 +5,25 @@
services.jellyfin.group = "media";
users.users.jellyfin = { isSystemUser = true; };
caddy.routes = [{
match = [{ host = [ config.hostnames.stream ]; }];
handle = [{
handler = "reverse_proxy";
upstreams = [{ dial = "localhost:8096"; }];
}];
}];
caddy.routes = [
{
match = [{
host = [ config.hostnames.stream ];
path = [ "/metrics*" ];
}];
handle = [{
handler = "static_response";
status_code = "403";
}];
}
{
match = [{ host = [ config.hostnames.stream ]; }];
handle = [{
handler = "reverse_proxy";
upstreams = [{ dial = "localhost:8096"; }];
}];
}
];
# Create videos directory, allow anyone in Jellyfin group to manage it
systemd.tmpfiles.rules = [
@ -35,6 +47,9 @@
users.users.jellyfin.extraGroups =
[ "render" "video" ]; # Access to /dev/dri
# Requires MetricsEnable is true in /var/lib/jellyfin/config/system.xml
prometheus.scrapeTargets = [ "127.0.0.1:8096" ];
};
}

2
modules/nixos/services/prometheus.nix
View File

@ -38,6 +38,8 @@
services.prometheus = {
exporters.node.enable = config.prometheus.exporters.enable;
exporters.node.enabledCollectors = [ ];
exporters.node.disabledCollectors = [ "cpufreq" ];
exporters.systemd.enable = config.prometheus.exporters.enable;
exporters.process.enable = config.prometheus.exporters.enable;
exporters.process.settings.process_names = [