style

Signed-off-by: gwg313 <gwg313@pm.me>
2025-07-03 10:34:00 -04:00 · 2025-07-03 10:34:00 -04:00 · bb2fe56082
commit bb2fe56082
parent 4c0e29da8f
40 changed files with 595 additions and 1144 deletions
--- a/hosts/grymforge/configuration.nix
+++ b/hosts/grymforge/configuration.nix
@ -34,6 +34,8 @@
    ./sysctl.nix
    ./earlyoom.nix

+    ./sleep.nix
+
    # Or modules from other flakes (such as nixos-hardware):
    # inputs.hardware.nixosModules.common-cpu-amd
    # inputs.hardware.nixosModules.common-ssd
--- a/hosts/grymforge/sleep.nix
+++ b/hosts/grymforge/sleep.nix
@ -0,0 +1,34 @@
+{ pkgs, ... }:
+{
+  systemd.services.sleep-schedule = {
+    description = "Suspend PC at 10PM and wake at 6:30AM using rtcwake";
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = pkgs.writeShellScript "sleep-schedule" ''
+        WAKE_TIME=$(${pkgs.coreutils}/bin/date +%s -d "tomorrow 06:30")
+        exec ${pkgs.util-linux}/bin/rtcwake -m mem -t "$WAKE_TIME"
+      '';
+    };
+  };
+
+  systemd.timers.sleep-schedule = {
+    description = "Timer to suspend PC at 10PM daily";
+    wantedBy = [ "timers.target" ];
+    timerConfig = {
+      OnCalendar = "daily 22:00";
+      Persistent = true;
+    };
+  };
+
+  security.sudo.extraRules = [
+    {
+      users = [ "root" ];
+      commands = [
+        {
+          command = "/run/current-system/sw/bin/rtcwake";
+          options = [ "NOPASSWD" ];
+        }
+      ];
+    }
+  ];
+}
--- a/hosts/panopticon/configuration.nix
+++ b/hosts/panopticon/configuration.nix
@ -22,7 +22,9 @@
    ./grafana.nix
    ./promtail.nix
    ./loki.nix
+    ./uptime-kuma.nix
    ./prometheus_node_exporter.nix
+    ./traefik.nix
    inputs.sops-nix.nixosModules.sops
  ];

--- a/hosts/panopticon/grafana.nix
+++ b/hosts/panopticon/grafana.nix
@ -1,14 +1,27 @@
-_: {
+{ config, ... }:
+{
+  sops.secrets.grafana_user = {
+    mode = "0440";
+    owner = config.users.users.grafana.name;
+    group = config.users.users.grafana.group;
+  };
+
+  sops.secrets.grafana_password = {
+    mode = "0440";
+    owner = config.users.users.grafana.name;
+    group = config.users.users.grafana.group;
+  };
+
  services.grafana = {
    enable = true;
    settings = {
      server = {
        http_addr = "127.0.0.1";
-        http_port = 3000;
+        http_port = 3001;
      };
      security = {
-        admin_user = "admin";
-        admin_password = "changeme";
+        admin_user = "${config.sops.secrets.grafana_user.path}";
+        admin_password = "${config.sops.secrets.grafana_password.path}";
      };
    };

--- a/hosts/panopticon/loki-config.yaml
+++ b/hosts/panopticon/loki-config.yaml
@ -0,0 +1,30 @@
+
+# This is a complete configuration to deploy Loki backed by the filesystem.
+# The index will be shipped to the storage via tsdb-shipper.
+
+auth_enabled: false
+
+server:
+  http_listen_port: 3100
+
+common:
+  ring:
+    instance_addr: 127.0.0.1
+    kvstore:
+      store: inmemory
+  replication_factor: 1
+  path_prefix: /tmp/loki
+
+schema_config:
+  configs:
+  - from: 2020-05-15
+    store: tsdb
+    object_store: filesystem
+    schema: v13
+    index:
+      prefix: index_
+      period: 24h
+
+storage_config:
+  filesystem:
+    directory: /tmp/loki/chunks
--- a/hosts/panopticon/loki.nix
+++ b/hosts/panopticon/loki.nix
@ -1,53 +1,6 @@
-_: {
+{
  services.loki = {
    enable = true;
-    configuration = {
-      auth_enabled = false;
-      server.http_listen_port = 3100;
-
-      ingester = {
-        lifecycler = {
-          ring = {
-            kvstore = {
-              store = "inmemory";
-            };
-          };
-          final_sleep = "0s";
-        };
-        chunk_idle_period = "5m";
-        max_chunk_age = "1h";
-        chunk_target_size = 1048576;
-      };
-
-      schema_config = {
-        configs = [
-          {
-            from = "2024-01-01";
-            store = "boltdb-shipper";
-            object_store = "filesystem";
-            schema = "v11";
-            index = {
-              prefix = "index_";
-              period = "24h";
-            };
-          }
-        ];
-      };
-
-      storage_config = {
-        boltdb_shipper = {
-          active_index_directory = "/var/lib/loki/index";
-          cache_location = "/var/lib/loki/cache";
-          shared_store = "filesystem";
-        };
-        filesystem = {
-          directory = "/var/lib/loki/chunks";
-        };
-      };
-
-      limits_config = {
-        retention_period = "168h";
-      };
-    };
+    configFile = ./loki-config.yaml;
  };
 }
--- a/hosts/panopticon/promtail.nix
+++ b/hosts/panopticon/promtail.nix
@ -1,9 +1,13 @@
 { config, ... }:
 {
+  systemd.tmpfiles.rules = [
+    "d /var/lib/promtail 0755 promtail promtail -"
+  ];
  services.promtail = {
    enable = true;
    configuration = {
      server.http_listen_port = 9080;
+      server.grpc_listen_port = 0;
      positions = {
        filename = "/var/lib/promtail/positions.yaml";
      };
--- a/hosts/panopticon/routes.nix
+++ b/hosts/panopticon/routes.nix
@ -0,0 +1,36 @@
+{
+  imports = [
+    ./services.nix
+  ];
+  services.traefik = {
+    dynamicConfigOptions = {
+      http = {
+        routers = {
+          uptime_kuma_local = {
+            entryPoints = [ "websecure" ];
+            rule = "Host(`uptime.gwg313.xyz`)";
+            service = "uptime_kuma_local";
+            tls.certResolver = "le";
+            middlewares = [ "headers" ];
+          };
+
+          grafana_local = {
+            entryPoints = [ "websecure" ];
+            rule = "Host(`grafana.gwg313.xyz`)";
+            service = "grafana_local";
+            tls.certResolver = "le";
+            middlewares = [ "headers" ];
+          };
+
+          loki_local = {
+            entryPoints = [ "websecure" ];
+            rule = "Host(`loki.gwg313.xyz`)";
+            service = "loki_local";
+            tls.certResolver = "le";
+            middlewares = [ "headers" ];
+          };
+        };
+      };
+    };
+  };
+}
--- a/hosts/panopticon/services.nix
+++ b/hosts/panopticon/services.nix
@ -0,0 +1,27 @@
+{
+  services.traefik = {
+    dynamicConfigOptions = {
+      http = {
+        services = {
+          uptime_kuma_local.loadBalancer.servers = [
+            {
+              url = "http://127.0.0.1:3030";
+            }
+          ];
+
+          grafana_local.loadBalancer.servers = [
+            {
+              url = "http://127.0.0.1:3001";
+            }
+          ];
+
+          loki_local.loadBalancer.servers = [
+            {
+              url = "http://127.0.0.1:3100";
+            }
+          ];
+        };
+      };
+    };
+  };
+}
--- a/hosts/panopticon/traefik.nix
+++ b/hosts/panopticon/traefik.nix
@ -2,6 +2,7 @@
 { config, ... }:
 {
  imports = [
+    ./routes.nix
  ];
  sops.secrets.cf-api-token = {
    mode = "0440";
@ -60,22 +61,22 @@
          };
        };
      };
-      log = {
-        level = "DEBUG";
-        filePath = "/var/log/traefik/traefik.log";
-      };
-
-      accessLog = {
-        filePath = "/var/log/traefik/access.log";
-        bufferingSize = 0;
-        filters = { };
-        fields = {
-          defaultMode = "keep";
-          names = {
-            StartUTC = "drop";
-          };
-        };
-      };
+      # log = {
+      #   level = "DEBUG";
+      #   filePath = "/var/log/traefik/traefik.log";
+      # };
+      #
+      # accessLog = {
+      #   filePath = "/var/log/traefik/access.log";
+      #   bufferingSize = 0;
+      #   filters = {};
+      #   fields = {
+      #     defaultMode = "keep";
+      #     names = {
+      #       StartUTC = "drop";
+      #     };
+      #   };
+      # };
    };
    dynamicConfigOptions = {
      http = {
--- a/hosts/panopticon/uptime-kuma.nix
+++ b/hosts/panopticon/uptime-kuma.nix
@ -0,0 +1,9 @@
+_: {
+  services.uptime-kuma = {
+    enable = true;
+    settings = {
+      HOST = "127.0.0.1";
+      PORT = "3030";
+    };
+  };
+}
--- a/hosts/seikan/routes.nix
+++ b/hosts/seikan/routes.nix
@ -74,6 +74,12 @@
              url = "https://s3-console.zerotier.gwg313.xyz";
            }
          ];
+
+          uptime_zt.loadBalancer.servers = [
+            {
+              url = "https://uptime.zerotier.gwg313.xyz";
+            }
+          ];
        };

        routers = {
@ -171,6 +177,14 @@
            tls.certResolver = "le";
            middlewares = [ "headers" ];
          };
+
+          uptime_console = {
+            entryPoints = [ "websecure" ];
+            rule = "Host(`uptime.gwg313.xyz`)";
+            service = "s3_console_zt";
+            tls.certResolver = "le";
+            middlewares = [ "headers" ];
+          };
        };
      };
    };
--- a/hosts/waypoint/routes.nix
+++ b/hosts/waypoint/routes.nix
@ -100,6 +100,14 @@
            tls.certResolver = "le";
            middlewares = [ "headers" ];
          };
+
+          uptime = {
+            entryPoints = [ "websecure" ];
+            rule = "Host(`uptime.gwg313.xyz`)";
+            service = "uptime_local";
+            tls.certResolver = "le";
+            middlewares = [ "headers" ];
+          };
        };
      };
    };
--- a/hosts/waypoint/routes_zerotier.nix
+++ b/hosts/waypoint/routes_zerotier.nix
@ -107,6 +107,14 @@
            tls.certResolver = "le";
            middlewares = [ "headers" ];
          };
+
+          uptime_zt = {
+            entryPoints = [ "websecure" ];
+            rule = "Host(`uptime.zerotier.gwg313.xyz`)";
+            service = "uptime_local";
+            tls.certResolver = "le";
+            middlewares = [ "headers" ];
+          };
        };
      };
    };
--- a/hosts/waypoint/services.nix
+++ b/hosts/waypoint/services.nix
@ -34,7 +34,7 @@

          audiobooks_local.loadBalancer.servers = [
            {
-              url = "http://10.1.10.3:30080";
+              url = "https://audiobooks.gwg313.xyz";
            }
          ];

@ -89,6 +89,12 @@
              url = "https://s3-console.gwg313.xyz";
            }
          ];
+
+          uptime_local.loadBalancer.servers = [
+            {
+              url = "https://uptime.gwg313.xyz";
+            }
+          ];
        };
      };
    };