adtya/configuration.nix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

rico0: remove stuff already moved to rico1

Browse source
This commit is contained in:
Adithya 2024-10-27 19:06:04 +05:30
parent e5fdd52581
commit 00748475d1
Signed by: adtya
GPG key ID: B8857BFBA2C47B9C
7 changed files with 0 additions and 420 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
hosts/rico0/services/apps/alertmanager.nix
View file

@ -1,49 +0,0 @@
_:
let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
domainName = "alertmanager.labs.adtya.xyz";
in
{
services = {
caddy = {
virtualHosts."${domainName}" = {
logFormat = logFormat "${domainName}";
extraConfig = ''
reverse_proxy 127.0.0.1:9093
'';
};
};
prometheus.alertmanager = {
enable = true;
listenAddress = "127.0.0.1";
port = 9093;
webExternalUrl = "https://${domainName}/";
configuration = {
route = {
group_by = [ "alertname" ];
group_wait = "30s";
group_interval = "5m";
repeat_interval = "1h";
receiver = "web.hook";
};
receivers = [
{
name = "web.hook";
webhook_configs = [
{ url = "http://127.0.0.1:5001/"; }
];
}
];
inhibit_rules = [
{
source_match =
{ severity = "critical"; };
target_match =
{ severity = "warning"; };
equal = [ "alertname" "dev" "instance" ];
}
];
};
};
};
}

138
hosts/rico0/services/apps/blocky.nix
View file

@ -1,138 +0,0 @@
{ pkgs, ... }:
let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
domainName = "blocky.labs.adtya.xyz";
in
{
networking = {
firewall = {
allowedTCPPorts = [
53 #DNS
];
allowedUDPPorts = [
53 #DNS
];
};
};
systemd.services.blocky.unitConfig.After = [ "network-online.target" "wireguard-wg0.service" ];
services = {
caddy = {
virtualHosts."${domainName}" = {
logFormat = logFormat domainName;
extraConfig = ''
reverse_proxy 127.0.0.1:8080
'';
};
};
blocky = {
enable = true;
settings = {
bootstrapDns = [ "tcp+udp:1.1.1.1" ];
upstreams = {
init.strategy = "blocking";
groups = {
default = [
# Cloudflare
"tcp+udp:1.1.1.1"
# Google
"tcp+udp:8.8.8.8"
"tcp+udp:8.8.4.4"
# Quad9
"tcp+udp:9.9.9.9"
"tcp+udp:149.112.112.112"
"tcp-tls:dns.quad9.net:853"
"https://dns.quad9.net/dns-query"
];
};
strategy = "parallel_best";
timeout = "2s";
userAgent = "Praise the DNS overlords!";
};
connectIPVersion = "v4";
customDNS = {
customTTL = "1h";
filterUnmappedTypes = true;
mapping = {
"gateway.local.adtya.xyz" = "192.168.0.1";
"ap1.local.adtya.xyz" = "192.168.1.1";
"ap2.local.adtya.xyz" = "192.168.1.2";
"switch.local.adtya.xyz" = "192.168.1.3";
"gateway.labs.adtya.xyz" = "10.10.10.10";
"ap1.labs.adtya.xyz" = "10.10.10.10";
"ap2.labs.adtya.xyz" = "10.10.10.10";
"switch.labs.adtya.xyz" = "10.10.10.10";
"proxy.labs.adtya.xyz" = "10.10.10.1";
"skipper.labs.adtya.xyz" = "10.10.10.2";
"rico0.labs.adtya.xyz" = "10.10.10.10";
"rico1.labs.adtya.xyz" = "10.10.10.11";
"rico2.labs.adtya.xyz" = "10.10.10.12";
"wynne.labs.adtya.xyz" = "10.10.10.13";
"layne.labs.adtya.xyz" = "10.10.10.14";
"alertmanager.labs.adtya.xyz" = "10.10.10.10";
"blocky.labs.adtya.xyz" = "10.10.10.10";
"frp.labs.adtya.xyz" = "10.10.10.10";
"grafana.labs.adtya.xyz" = "10.10.10.10";
"loki.labs.adtya.xyz" = "10.10.10.10";
"prometheus.labs.adtya.xyz" = "10.10.10.10";
"transmission.labs.adtya.xyz" = "10.10.10.14";
"jellyfin.labs.adtya.xyz" = "10.10.10.14";
"radarr.labs.adtya.xyz" = "10.10.10.14";
"sonarr.labs.adtya.xyz" = "10.10.10.14";
"readarr.labs.adtya.xyz" = "10.10.10.14";
"jackett.labs.adtya.xyz" = "10.10.10.14";
"jellyfin.local.adtya.xyz" = "192.168.1.14";
};
};
conditional = {
fallbackUpstream = false;
mapping = {
"local.adtya.xyz" = "192.168.1.1";
"1.168.192.in-addr.arpa" = "192.168.1.1";
};
};
blocking = {
denylists = {
ads = [
"https://raw.githubusercontent.com/blocklistproject/Lists/master/ads.txt"
];
pihole = [
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
];
};
allowlists = {
pihole = [
(pkgs.writeText "allowlist.txt" ''
s.youtube.com
'')
];
};
clientGroupsBlock = {
default = [ "ads" "pihole" ];
};
};
clientLookup = {
upstream = "192.168.1.1";
singleNameOrder = [ 2 1 ];
};
prometheus = {
enable = true;
path = "/metrics";
};
ports = {
dns = "192.168.1.10:53,10.10.10.10:53";
tls = "192.168.1.10:853,10.10.10.10:853";
http = "127.0.0.1:8080";
};
log = {
level = "warn";
format = "json";
timestamp = true;
privacy = true;
};
};
};
};
}

5
hosts/rico0/services/apps/default.nix
View file

@ -1,10 +1,5 @@
_: { _: {
imports = [ imports = [
./alertmanager.nix
./blocky.nix
./grafana.nix
./loki.nix
./prometheus.nix
../../../shared/prometheus-exporters.nix ../../../shared/prometheus-exporters.nix
../../../shared/promtail.nix ../../../shared/promtail.nix
]; ];

33
hosts/rico0/services/apps/grafana.nix
View file

@ -1,33 +0,0 @@
_:
let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
domainName = "grafana.labs.adtya.xyz";
in
{
services = {
caddy = {
virtualHosts."${domainName}" = {
logFormat = logFormat domainName;
extraConfig = ''
reverse_proxy 127.0.0.1:9091
'';
};
};
grafana = {
enable = true;
settings = {
server = {
domain = domainName;
http_addr = "127.0.0.1";
http_port = 9091;
};
analytics = {
enable = false;
};
panels = {
disable_sanitize_html = true;
};
};
};
};
}

58
hosts/rico0/services/apps/loki-config.yaml
View file

@ -1,58 +0,0 @@
auth_enabled: false
server:
http_listen_port: 3100
grpc_listen_port: 9096
log_level: info
grpc_server_max_concurrent_streams: 1000
common:
instance_addr: 127.0.0.1
path_prefix: /mnt/data/loki
storage:
filesystem:
chunks_directory: /mnt/data/loki/chunks
rules_directory: /mnt/data/loki/rules
replication_factor: 1
ring:
kvstore:
store: inmemory
query_range:
results_cache:
cache:
embedded_cache:
enabled: true
max_size_mb: 100
schema_config:
configs:
- from: 2020-10-24
store: tsdb
object_store: filesystem
schema: v13
index:
prefix: index_
period: 24h
pattern_ingester:
enabled: true
ruler:
alertmanager_url: https://alertmanager.labs.adtya.xyz
frontend:
encoding: protobuf
# By default, Loki will send anonymous, but uniquely-identifiable usage and configuration
# analytics to Grafana Labs. These statistics are sent to https://stats.grafana.org/
#
# Statistics help us better understand how Loki is used, and they show us performance
# levels for most users. This helps us prioritize features and documentation.
# For more information on what's sent, look at
# https://github.com/grafana/loki/blob/main/pkg/analytics/stats.go
# Refer to the buildReport method to see what goes into a report.
#
# If you would like to disable reporting, uncomment the following lines:
analytics:
reporting_enabled: false

23
hosts/rico0/services/apps/loki.nix
View file

@ -1,23 +0,0 @@
_:
let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
domainName = "loki.labs.adtya.xyz";
in
{
services = {
caddy = {
virtualHosts."${domainName}" = {
logFormat = logFormat domainName;
extraConfig = ''
reverse_proxy 127.0.0.1:3100
'';
};
};
loki = {
enable = true;
dataDir = "/mnt/data/loki";
configFile = ./loki-config.yaml;
};
};
systemd.services.loki.unitConfig.RequiresMountsFor = [ "/mnt/data" ];
}

114
hosts/rico0/services/apps/prometheus.nix
View file

@ -1,114 +0,0 @@
_:
let
inherit (import ../../../shared/caddy-helpers.nix) logFormat;
domainName = "prometheus.labs.adtya.xyz";
in
{
services = {
caddy = {
virtualHosts."${domainName}" = {
logFormat = logFormat domainName;
extraConfig = ''
reverse_proxy 127.0.0.1:9090
'';
};
};
prometheus = {
enable = true;
listenAddress = "127.0.0.1";
port = 9090;
globalConfig = {
evaluation_interval = "15s";
scrape_interval = "15s";
};
alertmanagers = [
{
scheme = "https";
static_configs = [
{ targets = [ "alertmanager.labs.adtya.xyz" ]; }
];
}
];
scrapeConfigs = [
{
job_name = "ntfy";
scheme = "https";
metrics_path = "/ntfy-metrics";
static_configs = [
{ targets = [ "wynne.labs.adtya.xyz" ]; }
];
}
{
job_name = "caddy";
scheme = "https";
metrics_path = "/caddy-metrics";
static_configs = [
{ targets = [ "rico0.labs.adtya.xyz" ]; }
{ targets = [ "rico1.labs.adtya.xyz" ]; }
{ targets = [ "rico2.labs.adtya.xyz" ]; }
{ targets = [ "wynne.labs.adtya.xyz" ]; }
{ targets = [ "layne.labs.adtya.xyz" ]; }
];
}
{
job_name = "postgres";
scheme = "https";
metrics_path = "/postgres-metrics";
static_configs = [
{ targets = [ "wynne.labs.adtya.xyz" ]; }
];
}
{
job_name = "systemd";
scheme = "https";
metrics_path = "/systemd-metrics";
static_configs = [
{ targets = [ "rico0.labs.adtya.xyz" ]; }
{ targets = [ "rico1.labs.adtya.xyz" ]; }
{ targets = [ "rico2.labs.adtya.xyz" ]; }
{ targets = [ "wynne.labs.adtya.xyz" ]; }
{ targets = [ "layne.labs.adtya.xyz" ]; }
];
}
{
job_name = "smartctl";
scheme = "https";
metrics_path = "/smartctl-metrics";
static_configs = [
{ targets = [ "rico0.labs.adtya.xyz" ]; }
{ targets = [ "rico1.labs.adtya.xyz" ]; }
{ targets = [ "rico2.labs.adtya.xyz" ]; }
{ targets = [ "wynne.labs.adtya.xyz" ]; }
{ targets = [ "wynne.labs.adtya.xyz" ]; }
{ targets = [ "layne.labs.adtya.xyz" ]; }
];
}
{
job_name = "node";
scheme = "https";
static_configs = [
{ targets = [ "rico0.labs.adtya.xyz" ]; }
{ targets = [ "rico1.labs.adtya.xyz" ]; }
{ targets = [ "rico2.labs.adtya.xyz" ]; }
{ targets = [ "wynne.labs.adtya.xyz" ]; }
{ targets = [ "layne.labs.adtya.xyz" ]; }
];
}
{
job_name = "frp";
scheme = "https";
static_configs = [
{ targets = [ "frp.labs.adtya.xyz" ]; }
];
}
{
job_name = "blocky";
scheme = "https";
static_configs = [
{ targets = [ "blocky.labs.adtya.xyz" ]; }
];
}
];
};
};
}