fuuko: Migrate matrix and monitoring to renge
Sadly, they are so interconnected, that it is not easily possible to migrate it in smaller steps. It should be refactored to make them more modularised and independent of each other.pull/64/head
parent
c090a420cf
commit
ebfa0ec16a
GPG Key ID:
8D3C82F9F309F8EC
|
|
@ -7,11 +7,9 @@
|
|||
|
||||
./services/binary-cache.nix
|
||||
./services/dnsmasq.nix
|
||||
./services/grafana.nix
|
||||
./services/matrix
|
||||
./services/fritzbox-exporter.nix
|
||||
./services/media-backup.nix
|
||||
./services/media.nix
|
||||
./services/prometheus.nix
|
||||
./services/scan.nix
|
||||
./services/torrent.nix
|
||||
./services/wordclock-dimmer.nix
|
||||
|
|
@ -47,27 +45,10 @@
|
|||
enableACME = true;
|
||||
forceSSL = true;
|
||||
};
|
||||
|
||||
virtualHosts."sbruder.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
root = pkgs.sbruder.contact;
|
||||
};
|
||||
};
|
||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||
systemd.services.nginx.serviceConfig.SupplementaryGroups = lib.singleton "keys";
|
||||
|
||||
services.postgresqlBackup = {
|
||||
enable = true;
|
||||
startAt = [ ]; # triggered by restic system backup
|
||||
location = "/data/backup/postgresql";
|
||||
};
|
||||
systemd.services.restic-backups-system = {
|
||||
after = [ "postgresqlBackup.service" ];
|
||||
wants = [ "postgresqlBackup.service" ];
|
||||
};
|
||||
|
||||
networking.hostName = "fuuko";
|
||||
|
||||
system.stateVersion = "20.09";
|
||||
|
|
|
|||
|
|
@ -1,11 +1,6 @@
|
|||
go-neb-overrides: ENC[AES256_GCM,data:Ws/2yCNNLLEpa9MbN7mZk6BBBaJxtHN2X9I41baWJylZeUld6/h4WCxyHw4MWzigK7k26E+7CGVGThF5Ucd6AuvuD9dd21uaoOtwsAKJVsCavk6VPQvfAuSqYJcBYY2pSwDpA6KbXbQqhC9OgcktvYQdnvNPbsSffK4zhrDjcFpDYYyBRQWxqHu/ZGh2088ECbhm2OCWeC9/5u/2id8dHutip6tUXBIalFmWObc6zgx4atCJGdq9/bOPgajQzrpWlauV0h3ioMwp0gsulOJl2LuI7Lvbsvm+UWe8hVd9ZLqR+4ZAwC5oCQht68AxekKrLNl02KQ8rM4fmWJpbK4NsR/m8+ifMZhqIe8tqUUhWGvJqbxEI/Rsbqm92ToIHL5x9hNSZ/crm+hF4c2Uh9jnSA3E/tOxjZaMU5hB+2Y4tF83nz61tzFnwhQ32VxFeq6IHyMOhgQzGZkDPAyFg2e4tbG6zp5oMx2lsUlgbaXrSrzBU73CjWiLDiJFNyGLx7ADeZ4aZVsZnvGL6y7K4p0uVuK7KSNzoW0=,iv:tniWSP8RgSDJ8ap+PK83TcPAvRdaXWC/gchF6+8uffs=,tag:SC6RB8zyVmjjbLA73cFb4A==,type:str]
|
||||
hcloud_exporter-environment: ENC[AES256_GCM,data:TPMeNK7uC716PC8UqDCnUKtriueIkg3l1ql9e3lse46Ko3TVvwW1oAQRSbwK8CG5AjuF2s2Y8GJdYcI8PN6Z5kERYF1RL2GDpN4pLSuw/l0YqsFkt0uK,iv:cmB+hZHvbk1p8uRmLDyYdPr6rTsFxKcoTcQVo729sAQ=,tag:nkiSvy7rsoInDN0l+1FOOQ==,type:str]
|
||||
nix-binary-cache-htpasswd: ENC[AES256_GCM,data:IktPHrrvExeZlCPmP82W9AovC59ILPbMQExVDO7U2S9lJ9cQKP14mQPuYwA+yKTycIdA01MwRDbt/SxhVleZ+aKkyOPwx/iG5B0cQX6cVqQWVTNVmxlW2sjupnnwwibcdikU21CIw6YsDKs7pMqRAfC/U2OJ3POo2qH5GgFY,iv:ofzEQ143HQQGZIEVkdWCrcENz0i6JPljLDGmG0A7aJ8=,tag:a557cdgRD25jWHhZeT+CnQ==,type:str]
|
||||
prometheus-htpasswd: ENC[AES256_GCM,data:eJOWrcTC3YISJJLuQV6sxzD0r8Gr8uoUt48D9sSEHhsbNUUy3pDgIPqJHrkG0ek2sIF6NvpWdDGK1kFcduRAL9h7nLxQLOtf7dxsdObGlPH5nwe6CwdR+1wTE/2WzrsmTGnUrMjMiBgLPV2yRiQg3VJ7W1Me8tHPYHrqYhM=,iv:WvgwIoIfxc3vyjF+znyUzOElv+sd/thoYpxWVaIavx0=,tag:9FnRw7ol++1PCbl1c2IyoA==,type:str]
|
||||
restic-password: ENC[AES256_GCM,data:IVFXmuzzvvqDS0T3P0R5ZMIn2wdkbE1AqwDMkWqMpDdCOVMP4/HhP4jF+tEarq22,iv:Eu6Wspzm0rPl0CuSoYTTLz+MmaEtmwCD57nH2JTBuaA=,tag:tKqt5Z7nF7lLcSsDKS4E3A==,type:str]
|
||||
restic-s3: ENC[AES256_GCM,data:VJ/jgYnUSkbsNMb1ciLiCcRVEpuaznsSFf0QkEnPhTRHpFv4Nt0f8ARnNtG5j3iXSIT4+H2+5HWKXEsjhvL85p0XE3xe4h45xGKnvvVO2obF+b/zsMDdceFJtLbcq+APzPBjchYU,iv:W+80GhAvYD/52dNZsNYiEhiLo4dhO8oxkd+GAbk42NU=,tag:Kj9CaGo/xAmYxdoLE/Lo1Q==,type:str]
|
||||
synapse-registration-shared-secret: ENC[AES256_GCM,data:lNzK/7QAk4Scv+lNM8bTTKvowI139c4R4Y7Qpq60n8R61aahlxrnWc/PUEOv85Pdx+8IdBOLnV0kp7OQF6tStGBBCOkAicYmnsLoR36DmuDCvTSKVArryV7BrxL8pv0=,iv:ZT9IIF7W0NHqvnU3lPQclVS5uXXK5HIQUzXNYwYFMIo=,tag:a/sUixOlHEvn5ZOINPwQlg==,type:str]
|
||||
synapse-turn-shared-secret: ENC[AES256_GCM,data:sAvP4/jVma7Uq9TR4W/zEoJA17Stj75uG+G4niYaQ1tflxRhE+/HfrhMn7whnmpSgXDb/ZPtLfVaW1DCfU2jovz3Y9Ij1kveXar2aAjlPSsSVwTbFmei,iv:S7uVlE2rhK7ta2S/eX+KXBMQyc69onHYjfMNro3OCjM=,tag:rvI299PQ9TVfVzQjgfUKww==,type:str]
|
||||
wg-home-private-key: ENC[AES256_GCM,data:6l3CgB4qCsPuyYOWuwU2vNiEeC0D1wl6yZvXGGYVsZfYvdPjRz8j5yV7ekQ=,iv:slB/qr+cxi8r7cnTuZAd8CuzWVnvp24Li6A/AnZaFzo=,tag:ynh1Z2+IELAJcgBbHwFC0A==,type:str]
|
||||
wg-qbittorrent-private-key: ENC[AES256_GCM,data:9sjqTCMXqN0oWS95RQOmfLK0/2dH6V4Rs2LX8ydnYl+7zR55PG5pW3kROH8=,iv:m+4xKthKNCQBOEP9ExOHY5Dg3i+yTgREwrAci4zhqUk=,tag:L0vnwyiGOAoarr7FZFE91A==,type:str]
|
||||
sops:
|
||||
|
|
@ -14,8 +9,8 @@ sops:
|
|||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2022-03-18T21:16:29Z"
|
||||
mac: ENC[AES256_GCM,data:r3wg7jnc9TS5gk4qGtdxbxIJ64tt/C6NehIR9w/RcNs7aF2SVNB2yYhZCPGgAwC7Zi3addlY7wGEGn76vN0ioA09L4JXQ8WfSh3wPZEN5msGzv48Jh7jViagsAn2h6ZchQtEBV8YuxC6lKuJFA29xisf1BBB7Bxw+7wU1LfEF8U=,iv:umLtAlDgc9Kup47e49BjNuCUX/49eiDxZJ4eD5s1jag=,tag:0ivpkGqEDGJyxD+oGJifMw==,type:str]
|
||||
lastmodified: "2022-03-25T20:28:47Z"
|
||||
mac: ENC[AES256_GCM,data:d2zsNwkaBShHUUY7953YKViQQpxw9YB2dNoP9jY8e6yd5vpPhXXmuP8dm4JhjBAeqeuUsKa4Kmd+bg2NqUCA1k3bkRRCMEmt0W4NlSNqVzzCpiPnzZkjP83a/n+b4mAaTK2soh5RXjfGpVosYGrbJ7JrF53xdcwij07CdlMYBa8=,iv:IQxPbQFhM9J0r/xrid3YRl64VGae+tQ/ldXMgvi5T3A=,tag:JeG35fjhnV/X2Ecn1SV/Ew==,type:str]
|
||||
pgp:
|
||||
- created_at: "2021-04-06T11:27:21Z"
|
||||
enc: |
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@
|
|||
|
||||
services.prometheus.exporters.dnsmasq = {
|
||||
enable = true;
|
||||
listenAddress = "127.0.0.1";
|
||||
listenAddress = "0.0.0.0";
|
||||
leasesPath = "/var/lib/dnsmasq/dnsmasq.leases";
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,7 @@
|
|||
{
|
||||
services.prometheus.exporters.fritzbox = {
|
||||
enable = true;
|
||||
gatewayAddress = "192.168.100.1";
|
||||
listenAddress = "0.0.0.0";
|
||||
};
|
||||
}
|
||||
|
|
@ -1,3 +1,5 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
imports = [
|
||||
./hardware-configuration.nix
|
||||
|
|
@ -6,11 +8,14 @@
|
|||
./services/ankisyncd.nix
|
||||
./services/element-web.nix
|
||||
./services/gitea.nix
|
||||
./services/grafana.nix
|
||||
./services/hedgedoc.nix
|
||||
./services/invidious
|
||||
./services/libreddit.nix
|
||||
./services/matrix
|
||||
./services/murmur.nix
|
||||
./services/nitter.nix
|
||||
./services/prometheus.nix
|
||||
./services/sbruder.xyz
|
||||
];
|
||||
|
||||
|
|
@ -33,6 +38,13 @@
|
|||
recommendedOptimisation = true;
|
||||
recommendedProxySettings = true;
|
||||
recommendedTlsSettings = true;
|
||||
|
||||
virtualHosts."sbruder.de" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
root = pkgs.sbruder.contact;
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.allowedTCPPorts = [
|
||||
|
|
|
|||
|
|
@ -1,6 +1,11 @@
|
|||
gitea-mail: ENC[AES256_GCM,data:593Ks8r3W6i7oTsTu7d9NUQpeX64l2bU9/fo6jYHkPU=,iv:NLPh2B85CWmr9n8mbB/XrprG8kfu9AR3v8PqjgEsIjQ=,tag:q2fPoOtuFrEmXIe7Rvfj2Q==,type:str]
|
||||
go-neb-overrides: ENC[AES256_GCM,data:nogN8wqu5U1BXIAZwgKpTFbOvt18lVu/slJiimz0eJXi2UODokkHhCePGmiqaf+O7YUF7TQBriAas0MtwsDpE8MJIM2Y6rI4padW82WUjbUfiYNkqX04w7PO0uLPqApSjKVg6EoVi9Bta/03qBKQovvOnY/nDfuk81rQ3BgNnsuQn7vuNMx0UlsrN+sOryufz5214decJuAbTreMEWE1+9KBPgu2bxtaPrE4Wns5pSDYK6EjmFabe4xufIBxO5F36KzVmUojx2ZBiybYJr+LAy6xhMFE/SLqOClYn4bo7B8yt5v6zamrVTsyliqgs7m8NkJ3v3IkfCXStXgf+niWodKOfpOjEXNEOmV7FeNQurBvGX7cNeRz6wIw/gly/v2VRVz0trZ+A1pFXfmUYyj/yjfQRB7YSt694rgzo3IoDzqEuz28X7hrqdxERSUwnwh8ZdAClnjz3C6gcPHky4iZeLmB59xq/7FZN3wrpBwjNR3VCVFQh4KE3beqKJYEbNquA+NX7JJ1rlmBciIsBtFg4T4ItHr5HsY=,iv:ivOY92kz7Ibtog1drbWYZmcimYJYdCwzxFh2bWSmQx4=,tag:aaz7Kjv2YQqvdm6WGWvuRg==,type:str]
|
||||
hcloud_exporter-environment: ENC[AES256_GCM,data:EtGDTr7bnQeHAx1TjzmMSGFaiuZM7AzGIyDiXhfd2V9mVF7ebuaWnMw3ioN4gbvXT5rrxkFr2xNj6IoVl/oPgjdWxg32zwT862zWMwvbLTRGMYDUUovF,iv:+u9vx4A4IoPLIbwzagm4R31aQ9bJzMWFOc4ui62dgcs=,tag:oh9bOyLGOCBgujZvMJNmQg==,type:str]
|
||||
invidious-extra-settings: ENC[AES256_GCM,data:njAVRilLVlNLgFY5g0FMn7uZsSX3mWK8PnWW/oJoaUj7L0g597eRmL76LfvScz6+pbSYaY2H2Olt+YL0LWY0jt+gM0+FwG2+0ddrtrpjGeGa,iv:rNwvSV9YXqnQqNtzW79hEUKx6c0rddEcC31EVE7qr3w=,tag:iGiDNj5zDHXiO+mhmAwK4Q==,type:str]
|
||||
murmur-superuser: ENC[AES256_GCM,data:Jac1Vs3tiSmL/qLwDhPhSoVzMNT0nAP+cg==,iv:ReUkEjCkEqUJKzHzIKdp77szhHitiDBXaxQnNWKQU9c=,tag:HfVrtSJwDPrHgZlKxcUiuA==,type:str]
|
||||
prometheus-htpasswd: ENC[AES256_GCM,data:glClg69iOdFMKNtQexg38+81aLkxD9EHJMD1IpuwEQlMNuUC4mX9EbRYbRnDE1jY4AeVsF3Xm8RxH65Ga5LYx6V2lOQrQRr+KFSLTLW1bjBnPi+9VoambTL7S3YyR5BnJAghi3mkIegv66DSaezprC+bGROcwgSKvdR/m5U=,iv:VLWlv4cr52VmZAVeXq3GDjoPE11DmiIMJnGek+lNiV4=,tag:WBNYdT+D49qXfPh6R5uXnQ==,type:str]
|
||||
synapse-registration-shared-secret: ENC[AES256_GCM,data:PG50Z6fP5hLJwREosB6t1EqV7qKNpFAi9j1b7pzdSUEGFoOXiW9kDeV3jBjwJdFNRFaOX0lK7+AH5I/BuBvqHDRTi2guFiQPPvX6fo+fBnD9kR5Fy4w9hr0Z3NA0Hhg=,iv:bGP8J+fSgdghtjtjXnL1hXAEFD56zacJhJmJHX0rIFg=,tag:SIUOXU2MvdwIuxkrKqScgg==,type:str]
|
||||
synapse-turn-shared-secret: ENC[AES256_GCM,data:nerJ4Lc9zQSJ2HU6VpO+f7gAviYdQGgOxGqqFapYb1QwvFNlC25yT1SHkY42ZkYy97YBBednXjaoLTnRFbRmzTe80eyWzjlYneouVB33w8zx7xiwzDyk,iv:7vS3whvzi1FDpTAcnDsZZXrr707L9Fo5WAL+k3orMCM=,tag:n11U3bYSzmTCWu9Wg/cmKw==,type:str]
|
||||
wg-home-private-key: ENC[AES256_GCM,data:j+L7Egy3coCajL/LBGcaEbN3WuFzj7aenEQoktcIeKOTMmrA4643bCSDuUE=,iv:gKJQfrMMaeF2muJhtfq0h/GJ7VXGk1axGPtRFccLhHc=,tag:Bsqe3QBNdXo8vWo1p9pxfw==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
|
|
@ -8,8 +13,8 @@ sops:
|
|||
azure_kv: []
|
||||
hc_vault: []
|
||||
age: []
|
||||
lastmodified: "2022-03-23T17:00:11Z"
|
||||
mac: ENC[AES256_GCM,data:JguwJushHrsKc7y5LwRRHJp6+nxo7gJ4IjU5gdvbdWBqWQe2WTO+ZLzl08mh4mnPnGdHSdFlTyGbns8lpBuE/lTvEgQS27Jjc5vS4EltpJ7WM7P13gNKf+jD4gU9tsTs7SomZhB891s6ssTRbrbF/WcMZAMy/4kjFswqiGe476c=,iv:OZAIc2rO69BflOkl94zs6/lzuOEHVZeRVCDa25o7PxE=,tag:3HWMIKqKZDW4CZjN7jaGIw==,type:str]
|
||||
lastmodified: "2022-03-25T20:28:56Z"
|
||||
mac: ENC[AES256_GCM,data:Nu97D0jFTk3l/NxAmCAFnMul1icv/90rPpP38KOOEBGgfm2r9nl5gbsK8iXFe30myFs9TeLB+goe3bwuSQZH9gqbPvoSoftXYpn6Z0qgSrBnEzS+6F09vW65DNg+nyW48dgVKRJ46APtOHBm9Vk5/4IWq1phzWaiEs/SwGM9WNQ=,iv:W+WMyW686Vr0fFA2NkD+wkJIkq9kRQKa5Lhy7TaWuAM=,tag:f5WhJdTRYzr0WgfclKsrIA==,type:str]
|
||||
pgp:
|
||||
- created_at: "2022-03-23T13:59:53Z"
|
||||
enc: |
|
||||
|
|
|
|||
|
|
@ -7,6 +7,7 @@ in
|
|||
enable = true;
|
||||
# grafana supports sockets, but no permission management (always 660 grafana:grafana)
|
||||
addr = "127.0.0.1";
|
||||
port = 3002;
|
||||
domain = "grafana.sbruder.de";
|
||||
rootUrl = "https://%(domain)s/";
|
||||
database = {
|
||||
|
|
@ -35,8 +35,6 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
dataDir = "/data/matrix/synapse";
|
||||
|
||||
turn_uris = [
|
||||
"turns:turn.sbruder.de:5349?transport=udp"
|
||||
"turns:turn.sbruder.de:5349?transport=tcp"
|
||||
|
|
@ -84,7 +84,7 @@ in
|
|||
}
|
||||
{
|
||||
job_name = "fritzbox";
|
||||
static_configs = mkStaticTarget "127.0.0.1:9133";
|
||||
static_configs = mkStaticTarget "fuuko.vpn.sbruder.de:9133";
|
||||
}
|
||||
(
|
||||
let
|
||||
|
|
@ -102,7 +102,7 @@ in
|
|||
)
|
||||
{
|
||||
job_name = "dnsmasq";
|
||||
static_configs = mkStaticTarget (with config.services.prometheus.exporters.dnsmasq; "${listenAddress}:${toString port}");
|
||||
static_configs = mkStaticTarget "fuuko.vpn.sbruder.de:${toString config.services.prometheus.exporters.dnsmasq.port}";
|
||||
relabel_configs = lib.singleton {
|
||||
target_label = "instance";
|
||||
replacement = "fuuko.home.sbruder.de";
|
||||
|
|
@ -158,14 +158,6 @@ in
|
|||
};
|
||||
})
|
||||
];
|
||||
|
||||
exporters = {
|
||||
fritzbox = {
|
||||
enable = true;
|
||||
gatewayAddress = "192.168.100.1";
|
||||
listenAddress = "127.0.0.1";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
# get rid of “could not call action: authorization required” every scrape
|
||||
Loading…
Reference in New Issue