Compare commits
9 Commits
bfec11bb29
...
27a209c1d5
Author | SHA1 | Date |
---|---|---|
Simon Bruder | 27a209c1d5 | |
Simon Bruder | e897207daa | |
Simon Bruder | 1dc5b83380 | |
Simon Bruder | 74ae72d161 | |
Simon Bruder | 0055de1c26 | |
Simon Bruder | 4f536a00d2 | |
Simon Bruder | 82d26cc548 | |
Simon Bruder | c705221f71 | |
Simon Bruder | af1d41ffda |
|
@ -29,7 +29,7 @@ in
|
|||
hardware.common-pc-ssd
|
||||
];
|
||||
|
||||
targetHost = "fuuko.home.sbruder.de";
|
||||
targetHost = "fuuko.lan.shinonome-lab.de";
|
||||
};
|
||||
mayushii = {
|
||||
system = "x86_64-linux";
|
||||
|
@ -60,7 +60,7 @@ in
|
|||
hardware.common-pc-ssd
|
||||
];
|
||||
|
||||
targetHost = "shinobu.home.sbruder.de";
|
||||
targetHost = "shinobu.lan.shinonome-lab.de";
|
||||
};
|
||||
nazuna = {
|
||||
system = "x86_64-linux";
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
./hardware-configuration.nix
|
||||
../../modules
|
||||
|
||||
./services/maggus.bayern.nix
|
||||
./services/proxy.nix
|
||||
];
|
||||
|
||||
|
|
|
@ -0,0 +1,32 @@
|
|||
{ pkgs, ... }:
|
||||
|
||||
{
|
||||
users.users.maggus = {
|
||||
isSystemUser = true;
|
||||
group = "maggus";
|
||||
shell = "/bin/sh";
|
||||
|
||||
openssh.authorizedKeys.keys = map (key: "command=\"${pkgs.rrsync}/bin/rrsync -wo /var/www/maggus.bayern/\",no-agent-forwarding,no-port-forwarding,no-pty,no-user-rc,no-X11-forwarding ${key}") [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAWGXaMijpnm3RSH/PIVxkBRDIi1f5nMW/aS26g3b71M nils"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJEF8o2ezSEXwWoAcdoeJs+wsZM/u8x+vtRNU3FXOMIT nils"
|
||||
];
|
||||
};
|
||||
users.groups.maggus = { };
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /var/www/maggus.bayern 0755 maggus root -"
|
||||
];
|
||||
|
||||
services.nginx.virtualHosts = {
|
||||
"maggus.bayern" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
root = "/var/www/maggus.bayern";
|
||||
};
|
||||
"www.maggus.bayern" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
globalRedirect = "maggus.bayern";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -103,7 +103,7 @@ in
|
|||
static_configs = mkStaticTarget "shinobu.vpn.sbruder.de:${toString config.services.prometheus.exporters.dnsmasq.port}";
|
||||
relabel_configs = lib.singleton {
|
||||
target_label = "instance";
|
||||
replacement = "shinobu.home.sbruder.de";
|
||||
replacement = "shinobu";
|
||||
};
|
||||
}
|
||||
{
|
||||
|
@ -123,6 +123,42 @@ in
|
|||
replacement = "vueko.sbruder.de";
|
||||
};
|
||||
}
|
||||
{
|
||||
job_name = "knot";
|
||||
static_configs = mkStaticTargets [
|
||||
"okarin.vpn.sbruder.de:9433"
|
||||
"vueko.vpn.sbruder.de:9433"
|
||||
];
|
||||
relabel_configs = lib.singleton {
|
||||
target_label = "instance";
|
||||
source_labels = lib.singleton "__address__";
|
||||
regex = "(.*)\\.vpn\\.sbruder\\.de:9433";
|
||||
};
|
||||
}
|
||||
{
|
||||
job_name = "snmp";
|
||||
metrics_path = "/snmp";
|
||||
params = {
|
||||
module = [ "if_mib" ];
|
||||
};
|
||||
static_configs = mkStaticTargets [
|
||||
"karibik.management.shinonome-lab.de"
|
||||
];
|
||||
relabel_configs = [
|
||||
{
|
||||
source_labels = lib.singleton "__address__";
|
||||
target_label = "__param_target";
|
||||
}
|
||||
{
|
||||
source_labels = lib.singleton "__param_target";
|
||||
target_label = "instance";
|
||||
}
|
||||
{
|
||||
target_label = "__address__";
|
||||
replacement = "shinobu.vpn.sbruder.de:9116";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
rules =
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
|
||||
./services/co2_exporter.nix
|
||||
./services/router
|
||||
./services/snmp-exporter.nix
|
||||
];
|
||||
|
||||
sbruder = {
|
||||
|
|
|
@ -32,22 +32,22 @@ in
|
|||
lan = {
|
||||
id = 10;
|
||||
subnet = mkSubnet "10.80.1.0/24" "fd00:80:1::/64";
|
||||
domain = "home.sbruder.de";
|
||||
domain = "lan.shinonome-lab.de";
|
||||
};
|
||||
management = {
|
||||
id = 20;
|
||||
subnet = mkSubnet "10.80.2.0/24" "fd00:80:2::/64";
|
||||
domain = "management.sbruder.de";
|
||||
domain = "management.shinonome-lab.de";
|
||||
};
|
||||
guest = {
|
||||
id = 30;
|
||||
subnet = mkSubnet "10.80.3.0/24" "fd00:80:3::/64";
|
||||
domain = "guest.sbruder.de";
|
||||
domain = "guest.shinonome-lab.de";
|
||||
};
|
||||
iot = {
|
||||
id = 40;
|
||||
subnet = mkSubnet "10.80.4.0/24" "fd00:80:4::/64";
|
||||
domain = "iot.sbruder.de";
|
||||
domain = "iot.shinonome-lab.de";
|
||||
};
|
||||
};
|
||||
tc = {
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
services.prometheus.exporters.snmp = {
|
||||
enable = true;
|
||||
listenAddress = config.sbruder.wireguard.home.address;
|
||||
configurationPath = "${pkgs.prometheus-snmp-exporter.src}/snmp.yml";
|
||||
};
|
||||
}
|
|
@ -23,6 +23,7 @@
|
|||
"jufeli.de"
|
||||
"kegelschiene.net"
|
||||
"psycho-power-papagei.de"
|
||||
"salespointframework.org"
|
||||
"sbruder.de"
|
||||
];
|
||||
autoconfig.enable = true;
|
||||
|
|
Binary file not shown.
|
@ -40,7 +40,18 @@ in
|
|||
|
||||
log:
|
||||
- target: syslog
|
||||
any: info
|
||||
server: info
|
||||
control: warning # otherwise stats gets logged every scrape
|
||||
zone: info
|
||||
|
||||
mod-stats:
|
||||
- id: custom
|
||||
edns-presence: on
|
||||
flag-presence: on
|
||||
query-size: on
|
||||
query-type: on
|
||||
reply-size: on
|
||||
|
||||
remote:
|
||||
${lib.concatStrings (lib.mapAttrsToList (host: hostAddresses: ''
|
||||
- id: ${host}
|
||||
|
@ -70,6 +81,8 @@ in
|
|||
# dnssec
|
||||
dnssec-signing: on
|
||||
dnssec-policy: default
|
||||
# stats
|
||||
module: mod-stats/custom
|
||||
- id: nix-generated
|
||||
storage: /var/lib/knot/nix-zones/
|
||||
semantic-checks: on
|
||||
|
@ -77,6 +90,8 @@ in
|
|||
zonefile-sync: -1
|
||||
zonefile-load: difference-no-serial
|
||||
journal-content: all
|
||||
# stats
|
||||
module: mod-stats/custom
|
||||
|
||||
zone:
|
||||
${lib.concatMapStrings (domain: ''
|
||||
|
@ -93,6 +108,8 @@ in
|
|||
- id: default
|
||||
master: [${primaryHost}]
|
||||
acl: [primary_notify]
|
||||
# stats
|
||||
module: mod-stats/custom
|
||||
'');
|
||||
};
|
||||
|
||||
|
@ -167,6 +184,11 @@ in
|
|||
allowedUDPPorts = [ 53 ];
|
||||
};
|
||||
|
||||
services.prometheus.exporters.knot = {
|
||||
enable = true;
|
||||
listenAddress = config.sbruder.wireguard.home.address;
|
||||
};
|
||||
|
||||
assertions = [
|
||||
{
|
||||
assertion = isPrimaryHost -> (lib.hasAttr "vpn.sbruder.de" cfg.generated-zones);
|
||||
|
|
|
@ -41,8 +41,8 @@ lib.mkIf config.sbruder.gui.enable {
|
|||
system.fsPackages = with pkgs; [ sshfs ];
|
||||
|
||||
fileSystems = {
|
||||
"/home/simon/mounts/media" = mkMount "media@fuuko.home.sbruder.de:/data/cold/media" { };
|
||||
"/home/simon/mounts/torrent" = mkMount "media@fuuko.home.sbruder.de:/data/hot/torrent" { };
|
||||
"/home/simon/mounts/media" = mkMount "media@fuuko.lan.shinonome-lab.de:/data/cold/media" { };
|
||||
"/home/simon/mounts/torrent" = mkMount "media@fuuko.lan.shinonome-lab.de:/data/hot/torrent" { };
|
||||
"/home/simon/mounts/storagebox" = mkMount "u313368@personal.storagebox.sbruder.de:" {
|
||||
port = 23;
|
||||
ro = false;
|
||||
|
|
|
@ -13,6 +13,7 @@ lib.mkIf config.sbruder.gui.enable {
|
|||
enable = true;
|
||||
support32Bit = true;
|
||||
};
|
||||
jack.enable = true;
|
||||
};
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
|
|
|
@ -19,7 +19,7 @@
|
|||
};
|
||||
|
||||
hitagi = {
|
||||
hostNames = [ "hitagi" "hitagi.home.sbruder.de" "hitagi.vpn.sbruder.de" ];
|
||||
hostNames = [ "hitagi" "hitagi.lan.shinonome-lab.de" "hitagi.vpn.sbruder.de" ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIg/622wS8SFlzS29TPW9li3pNdbdHNjlGb4XTyXR0QR";
|
||||
};
|
||||
# TODO: replace with vueko!
|
||||
|
@ -32,15 +32,15 @@
|
|||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDWuJy00S4eoLsuu29HR/T1RkFs4ujqe5e4tFiEINcWn vueko";
|
||||
};
|
||||
fuuko = {
|
||||
hostNames = [ "fuuko" "fuuko.home.sbruder.de" "fuuko.sbruder.de" "fuuko.vpn.sbruder.de" ];
|
||||
hostNames = [ "fuuko" "fuuko.lan.shinonome-lab.de" "fuuko.sbruder.de" "fuuko.vpn.sbruder.de" ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMIrUqI2CZh2ipzDNVCTNdBen8IdhbddgwQzEMWoQzNB";
|
||||
};
|
||||
fuuko-initrd = {
|
||||
hostNames = [ "[fuuko.home.sbruder.de]:2222" ];
|
||||
hostNames = [ "[fuuko.lan.shinonome-lab.de]:2222" ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJxqaJgDOZ8FdY68o/r1YNlGvNatFtP86QoqV147g3Lb";
|
||||
};
|
||||
mayushii = {
|
||||
hostNames = [ "mayushii" "mayushii.home.sbruder.de" "maushii.vpn.sbruder.de" ];
|
||||
hostNames = [ "mayushii" "mayushii.lan.shinonome-lab.de" "maushii.vpn.sbruder.de" ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKa53rGEQtBYyjGspeS8x2OZFPjLpFgm2C7+lttEKm60";
|
||||
};
|
||||
renge = {
|
||||
|
@ -52,7 +52,7 @@
|
|||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIE5HmxGDJO1jkVoUdiKEC3yXrkJ1ZWn4FurGyt2UgzYu";
|
||||
};
|
||||
nunotaba = {
|
||||
hostNames = [ "nunotaba" "nunotaba.home.sbruder.de" "nunotaba.vpn.sbruder.de" ];
|
||||
hostNames = [ "nunotaba" "nunotaba.lan.shinonome-lab.de" "nunotaba.vpn.sbruder.de" ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHUEVBJcEibRdQzp0bDXpPqLGQ8vtQTKTcpGZU07W4eo";
|
||||
};
|
||||
okarin = {
|
||||
|
@ -64,7 +64,7 @@
|
|||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINJbp0kZJEXf1gSVcBsef1Bihd5iCzhzSbjgyrC1SXXT";
|
||||
};
|
||||
shinobu = {
|
||||
hostNames = [ "shinobu" "shinobu.home.sbruder.de" "shinobu.vpn.sbruder.de" ];
|
||||
hostNames = [ "shinobu" "shinobu.lan.shinonome-lab.de" "shinobu.vpn.sbruder.de" ];
|
||||
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJJNZPT2Mmys2nw/ovX6Z1Cb4WDAaWBWanycNwF9IEjl";
|
||||
};
|
||||
nazuna = {
|
||||
|
|
|
@ -63,5 +63,8 @@
|
|||
|
||||
# eye candy
|
||||
ccze # log coloriser
|
||||
|
||||
# helpers
|
||||
rlwrap # readline wrapper
|
||||
];
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue