noah/dotfiles
1
0
Fork 0
mirror of https://github.com/nmasur/dotfiles synced 2025-04-24 20:52:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: noah:ffe867e6a8527cdbd10fab758035506881a5cad5
Branches Tags
noah:master
noah:platform
noah:home-manager-fix
noah:immich-proxy
noah:microcode
noah:nixd
noah:eblume-mole
noah:language-checks
noah:keyd-2.4.3
noah:sway
noah:nixosmodules
noah:unfree-predicate-by-pkgs
noah:darwin-ssl
noah:pre-platform
noah:begin-nixos
noah:begin-nix
noah:neovim-lua
noah:pre-nix
noah:legacy
...
compare: noah:38480e0c0c0d8f8598a7ca1d86df06e1a7e7a8ff
Branches Tags
noah:master
noah:platform
noah:home-manager-fix
noah:immich-proxy
noah:microcode
noah:nixd
noah:eblume-mole
noah:language-checks
noah:keyd-2.4.3
noah:sway
noah:nixosmodules
noah:unfree-predicate-by-pkgs
noah:darwin-ssl
noah:pre-platform
noah:begin-nixos
noah:begin-nix
noah:neovim-lua
noah:pre-nix
noah:legacy

3 Commits
ffe867e6a8 ... 38480e0c0c

Author SHA1 Message Date
Noah Masur
38480e0c0c remove extraneous nixpkgs inputs 2023-07-05 14:23:19 -06:00
Noah Masur
ee58f7a4ee abstract grafana in prometheus config 2023-07-05 14:19:54 -06:00
Noah Masur
4c4e250fa1 add cloudflare tunnel to tempest 2023-07-05 14:18:59 -06:00
5 changed files with 57 additions and 55 deletions
Show Stats Expand all files Collapse all files

46
flake.lock generated
View File

@ -93,7 +93,9 @@
}, },
"firefox-darwin": { "firefox-darwin": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs" "nixpkgs": [
"nixpkgs"
]
}, },
"locked": { "locked": {
"lastModified": 1687568341, "lastModified": 1687568341,
@ -200,7 +202,9 @@
"nil": { "nil": {
"inputs": { "inputs": {
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"nixpkgs": "nixpkgs_2", "nixpkgs": [
"nixpkgs"
],
"rust-overlay": "rust-overlay" "rust-overlay": "rust-overlay"
}, },
"locked": { "locked": {
@ -276,38 +280,6 @@
} }
}, },
"nixpkgs": { "nixpkgs": {
"locked": {
"lastModified": 1639237670,
"narHash": "sha256-RTdL4rEQcgaZGpvtDgkp3oK/V+1LM3I53n0ACPSroAQ=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "edfb969386ebe6c3cf8f878775a7975cd88f926d",
"type": "github"
},
"original": {
"owner": "NixOS",
"ref": "master",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": {
"locked": {
"lastModified": 1680487167,
"narHash": "sha256-9FNIqrxDZgSliGGN2XJJSvcDYmQbgOANaZA4UWnTdg4=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "53dad94e874c9586e71decf82d972dfb640ef044",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixpkgs-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1687502512, "lastModified": 1687502512,
"narHash": "sha256-dBL/01TayOSZYxtY4cMXuNCBk8UMLoqRZA+94xiFpJA=", "narHash": "sha256-dBL/01TayOSZYxtY4cMXuNCBk8UMLoqRZA+94xiFpJA=",
@ -323,7 +295,7 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_4": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1686929285, "lastModified": 1686929285,
"narHash": "sha256-WGtVzn+vGMPTXDO0DMNKVFtf+zUSqeW+KKk4Y/Ae99I=", "narHash": "sha256-WGtVzn+vGMPTXDO0DMNKVFtf+zUSqeW+KKk4Y/Ae99I=",
@ -432,7 +404,7 @@
"nil": "nil", "nil": "nil",
"nix2vim": "nix2vim", "nix2vim": "nix2vim",
"nixos-generators": "nixos-generators", "nixos-generators": "nixos-generators",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs",
"null-ls-nvim-src": "null-ls-nvim-src", "null-ls-nvim-src": "null-ls-nvim-src",
"nur": "nur", "nur": "nur",
"nvim-lspconfig-src": "nvim-lspconfig-src", "nvim-lspconfig-src": "nvim-lspconfig-src",
@ -570,7 +542,7 @@
"inputs": { "inputs": {
"flake-compat": "flake-compat", "flake-compat": "flake-compat",
"flake-utils": "flake-utils_3", "flake-utils": "flake-utils_3",
"nixpkgs": "nixpkgs_4" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1687279045, "lastModified": 1687279045,

14
flake.nix
View File

@ -20,14 +20,17 @@
home-manager = { home-manager = {
url = "github:nix-community/home-manager/master"; url = "github:nix-community/home-manager/master";
inputs.nixpkgs.follows = inputs.nixpkgs.follows =
"nixpkgs"; # Use system packages list where available "nixpkgs"; # Use system packages list for their inputs
}; };
# Community packages; used for Firefox extensions # Community packages; used for Firefox extensions
nur.url = "github:nix-community/nur"; nur.url = "github:nix-community/nur";
# Use official Firefox binary for macOS # Use official Firefox binary for macOS
firefox-darwin.url = "github:bandithedoge/nixpkgs-firefox-darwin"; firefox-darwin = {
url = "github:bandithedoge/nixpkgs-firefox-darwin";
inputs.nixpkgs.follows = "nixpkgs";
};
# Manage disk format and partitioning # Manage disk format and partitioning
disko = { disko = {
@ -54,7 +57,10 @@
}; };
# Nix language server # Nix language server
nil.url = "github:oxalica/nil/2023-04-03"; nil = {
url = "github:oxalica/nil/2023-04-03";
inputs.nixpkgs.follows = "nixpkgs";
};
# Neovim plugins # Neovim plugins
nvim-lspconfig-src = { nvim-lspconfig-src = {
@ -159,7 +165,7 @@
import ./hosts/lookingglass { inherit inputs globals overlays; }; import ./hosts/lookingglass { inherit inputs globals overlays; };
}; };
# For quickly applying local settings with: # For quickly applying home-manager settings with:
# home-manager switch --flake .#tempest # home-manager switch --flake .#tempest
homeConfigurations = { homeConfigurations = {
tempest = tempest =

8
hosts/tempest/default.nix
View File

@ -92,6 +92,14 @@ inputs.nixpkgs.lib.nixosSystem {
ryujinx.enable = true; ryujinx.enable = true;
}; };
cloudflareTunnel = {
enable = true;
id = "ac133a82-31fb-480c-942a-cdbcd4c58173";
credentialsFile = ../../private/cloudflared-tempest.age;
ca =
"ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBPY6C0HmdFCaxYtJxFr3qV4/1X4Q8KrYQ1hlme3u1hJXK+xW+lc9Y9glWHrhiTKilB7carYTB80US0O47gI5yU4= open-ssh-ca@cloudflareaccess.org";
};
} }
]; ];
} }

29
modules/nixos/services/prometheus.nix
View File

@ -6,10 +6,13 @@
default = null; default = null;
}; };
# If hosting Grafana, host local Prometheus and listen for inbound jobs. config = let
# If not hosting Grafana, send remote Prometheus writes to primary host
config = lib.mkIf config.services.prometheus.enable { # If hosting Grafana, host local Prometheus and listen for inbound jobs. If
# not hosting Grafana, send remote Prometheus writes to primary host.
isServer = config.services.grafana.enable;
in lib.mkIf config.services.prometheus.enable {
services.prometheus = { services.prometheus = {
exporters.node.enable = true; exporters.node.enable = true;
@ -17,10 +20,9 @@
job_name = "local"; job_name = "local";
static_configs = [{ targets = [ "127.0.0.1:9100" ]; }]; static_configs = [{ targets = [ "127.0.0.1:9100" ]; }];
}]; }];
webExternalUrl = lib.mkIf config.services.grafana.enable webExternalUrl = lib.mkIf isServer "https://${config.prometheusServer}";
"https://${config.prometheusServer}";
# Web config file: https://prometheus.io/docs/prometheus/latest/configuration/https/ # Web config file: https://prometheus.io/docs/prometheus/latest/configuration/https/
webConfigFile = lib.mkIf config.services.grafana.enable webConfigFile = lib.mkIf isServer
((pkgs.formats.yaml { }).generate "webconfig.yml" { ((pkgs.formats.yaml { }).generate "webconfig.yml" {
basic_auth_users = { basic_auth_users = {
# Generate password: htpasswd -nBC 10 "" | tr -d ':\n' # Generate password: htpasswd -nBC 10 "" | tr -d ':\n'
@ -29,7 +31,7 @@
"$2y$10$r7FWHLHTGPAY312PdhkPEuvb05aGn9Nk1IO7qtUUUjmaDl35l6sLa"; "$2y$10$r7FWHLHTGPAY312PdhkPEuvb05aGn9Nk1IO7qtUUUjmaDl35l6sLa";
}; };
}); });
remoteWrite = lib.mkIf (!config.services.grafana.enable) [{ remoteWrite = lib.mkIf (!isServer) [{
name = config.networking.hostName; name = config.networking.hostName;
url = "https://${config.prometheusServer}"; url = "https://${config.prometheusServer}";
basic_auth = { basic_auth = {
@ -41,20 +43,19 @@
}; };
# Create credentials file for remote Prometheus push # Create credentials file for remote Prometheus push
secrets.prometheus = lib.mkIf (!config.services.grafana.enable) { secrets.prometheus = lib.mkIf (!isServer) {
source = ../../../private/prometheus.age; source = ../../../private/prometheus.age;
dest = "${config.secretsDirectory}/prometheus"; dest = "${config.secretsDirectory}/prometheus";
owner = "prometheus"; owner = "prometheus";
group = "prometheus"; group = "prometheus";
permissions = "0440"; permissions = "0440";
}; };
systemd.services.prometheus-secret = systemd.services.prometheus-secret = lib.mkIf (!isServer) {
lib.mkIf (!config.services.grafana.enable) { requiredBy = [ "prometheus.service" ];
requiredBy = [ "prometheus.service" ]; before = [ "prometheus.service" ];
before = [ "prometheus.service" ]; };
};
caddy.routes = lib.mkIf config.services.grafana.enable [{ caddy.routes = lib.mkIf isServer [{
match = [{ host = [ config.prometheusServer ]; }]; match = [{ host = [ config.prometheusServer ]; }];
handle = [{ handle = [{
handler = "reverse_proxy"; handler = "reverse_proxy";

15
private/cloudflared-tempest.age Normal file
View File

@ -0,0 +1,15 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE1nSGFPdyB1VnBt
RTV5eWc3RDNUR2lOWFRaMlgzREQyMlcvUFNxV0N2Vm9lVVZKOUZ3ClJjaWtYZjR5
ZTB4L2M4MFB0UThaMzlRT3JkUEE1N3RrSUlpZnRFbmFDdWcKLT4gc3NoLWVkMjU1
MTkgWXlTVU1RIE5iTUs1ak9VZjRIRGpLMWtDcVB0RjVFRW8vOENQZlkzeGhsYmFB
QzJ6Z00KZmcvZ0hYMjN1bGZwY3NvMjlCbnpHUWVjdVU4cnBGcDQxTU8wZ0EyQXdU
MAotPiBzc2gtZWQyNTUxOSBuanZYNUEgazRzK2ZnSUZNWURoKzZMZmM4VTlDbVBh
WGc4MlE5TGFiN1MzV01FT1oyQQppRUhUNjdlQURNQm8rR0JOOUJFNm9vaXhPTXFW
U2lJU09jWVA0TDRrVHY4Ci0tLSBudWJTclRTek1RWHYzYzA4aTduODB0NUNWbVVP
cUIyVzJncWhDS053d25nCneJhp1QT1v+dAguW9wAKDgWST59KNBgbY01jkf1IqXc
FbmkctPIMggim3uCBqjzBboYvf+dtt0Fcu9aiB+4YmGUeQNb+9mdPweXoHmVrego
XygVsbuSP4xKWtIJhBJ/3/jEK9LqBtv+owdUIxbw5Ci6A0JvSu+tnUj5oAgMyT2z
YrGRK9plQZteeUkMcd6+anSEUpP45lzfz/T7loD9ViCbPHRuUFgwkwUcRGjQStm3
pnx9bi8N4ac599f4KqInm5gd
-----END AGE ENCRYPTED FILE-----