about summary refs log tree commit diff
path: root/modules/nixos
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2023-11-16 01:47:45 +0300
committerAzat Bahawi <azat@bahawi.net>2023-11-16 01:47:45 +0300
commit1b39cfb14b608f374208a9483db661ccd1a43230 (patch)
treebe2fefbe6c50f4598a1eb22f8b0a9260726b2c0a /modules/nixos
parent2023-11-13 (diff)
2023-11-16
Diffstat (limited to 'modules/nixos')
-rw-r--r--modules/nixos/git/default.nix2
-rw-r--r--modules/nixos/grafana.nix2
-rw-r--r--modules/nixos/ipfs.nix2
-rw-r--r--modules/nixos/loki.nix2
-rw-r--r--modules/nixos/monitoring/default.nix402
-rw-r--r--modules/nixos/plausible.nix194
-rw-r--r--modules/nixos/podman.nix2
-rw-r--r--modules/nixos/prometheus.nix2
-rw-r--r--modules/nixos/radicale.nix2
-rw-r--r--modules/nixos/syncthing.nix2
-rw-r--r--modules/nixos/victoriametrics.nix2
11 files changed, 301 insertions, 313 deletions
diff --git a/modules/nixos/git/default.nix b/modules/nixos/git/default.nix
index 67cc07b..cbe14bd 100644
--- a/modules/nixos/git/default.nix
+++ b/modules/nixos/git/default.nix
@@ -1,8 +1,8 @@
 {
   config,
+  lib,
   libNginx,
   libPlausible,
-  lib,
   pkgs,
   ...
 }:
diff --git a/modules/nixos/grafana.nix b/modules/nixos/grafana.nix
index ae79d17..ddf7f67 100644
--- a/modules/nixos/grafana.nix
+++ b/modules/nixos/grafana.nix
@@ -1,8 +1,8 @@
 {
   config,
-  libNginx,
   inputs,
   lib,
+  libNginx,
   ...
 }:
 with lib; let
diff --git a/modules/nixos/ipfs.nix b/modules/nixos/ipfs.nix
index bf93a3c..99ce6c9 100644
--- a/modules/nixos/ipfs.nix
+++ b/modules/nixos/ipfs.nix
@@ -1,7 +1,7 @@
 {
   config,
-  libNginx,
   lib,
+  libNginx,
   this,
   ...
 }:
diff --git a/modules/nixos/loki.nix b/modules/nixos/loki.nix
index c5194e1..c213832 100644
--- a/modules/nixos/loki.nix
+++ b/modules/nixos/loki.nix
@@ -1,7 +1,7 @@
 {
   config,
-  libNginx,
   lib,
+  libNginx,
   pkgs,
   ...
 }:
diff --git a/modules/nixos/monitoring/default.nix b/modules/nixos/monitoring/default.nix
index a09b7e7..57adf1c 100644
--- a/modules/nixos/monitoring/default.nix
+++ b/modules/nixos/monitoring/default.nix
@@ -6,223 +6,217 @@
 }:
 with lib; let
   cfg = config.nixfiles.modules.monitoring;
-in
-  {
-    options.nixfiles.modules.monitoring.enable = mkEnableOption ''
-      a glue to provision a monitoring stack
-    '';
+in {
+  options.nixfiles.modules.monitoring.enable = mkEnableOption ''
+    a glue to provision a monitoring stack
+  '';
 
-    config = mkIf cfg.enable {
-      nixfiles.modules = {
-        alertmanager.enable = true;
-        grafana.enable = true;
-        loki.enable = true;
-        prometheus.enable = true;
-      };
+  config = mkIf cfg.enable {
+    nixfiles.modules = {
+      alertmanager.enable = true;
+      grafana.enable = true;
+      loki.enable = true;
+      prometheus.enable = true;
+    };
 
-      services = {
-        grafana = {
-          declarativePlugins = with pkgs.grafanaPlugins; [
-            redis-app
-            redis-datasource
-            redis-explorer-app
-          ];
+    services = {
+      grafana = {
+        declarativePlugins = with pkgs.grafanaPlugins; [
+          redis-app
+          redis-datasource
+          redis-explorer-app
+        ];
 
-          provision = {
-            enable = true;
+        provision = {
+          enable = true;
 
-            # https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources
-            datasources.settings.datasources = with config.nixfiles.modules; [
-              {
-                name = "Alertmanager";
-                type = "alertmanager";
-                access = "proxy";
-                jsonData.implementation = "prometheus";
-                url = "https://${alertmanager.domain}";
-              }
-              {
-                name = "Loki";
-                type = "loki";
-                access = "proxy";
-                url = "https://${loki.domain}";
-                isDefault = true;
-              }
-              {
-                name = "Prometheus";
-                type = "prometheus";
-                access = "proxy";
-                url = "https://${prometheus.domain}";
-              }
-              (mkIf config.nixfiles.modules.redis.enable {
-                name = "Redis";
-                type = "redis-datasource";
-                access = "proxy";
-                url = with config.services.redis.servers.default; "redis://${bind}:${toString port}";
-                jsonData.client = "standalone";
-              })
-            ];
-            datasources.settings.deleteDatasources = [
-              {
-                name = "PostgreSQL";
-                orgId = 1;
-              }
-            ];
+          # https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources
+          datasources.settings.datasources = with config.nixfiles.modules; [
+            {
+              name = "Alertmanager";
+              type = "alertmanager";
+              access = "proxy";
+              jsonData.implementation = "prometheus";
+              url = "https://${alertmanager.domain}";
+            }
+            {
+              name = "Loki";
+              type = "loki";
+              access = "proxy";
+              url = "https://${loki.domain}";
+              isDefault = true;
+            }
+            {
+              name = "Prometheus";
+              type = "prometheus";
+              access = "proxy";
+              url = "https://${prometheus.domain}";
+            }
+            (mkIf config.nixfiles.modules.redis.enable {
+              name = "Redis";
+              type = "redis-datasource";
+              access = "proxy";
+              url = with config.services.redis.servers.default; "redis://${bind}:${toString port}";
+              jsonData.client = "standalone";
+            })
+          ];
+          datasources.settings.deleteDatasources = [
+            {
+              name = "PostgreSQL";
+              orgId = 1;
+            }
+          ];
 
-            # https://grafana.com/docs/grafana/latest/administration/provisioning/#dashboards
-            dashboards.settings.providers = [
-              {
-                name = "node";
-                options.path = ./dashboards/node.json;
-              }
-              {
-                name = "ntfy";
-                options.path = ./dashboards/ntfy.json;
-              }
-              {
-                name = "endlessh";
-                options.path = ./dashboards/endlessh.json;
-              }
-              {
-                name = "unbound";
-                options.path = ./dashboards/unbound.json;
-              }
-              {
-                name = "nginx";
-                options.path = ./dashboards/nginx.json;
-              }
-              {
-                name = "postgersql";
-                options.path = ./dashboards/postgresql.json;
-              }
-              {
-                name = "redis";
-                options.path = ./dashboards/redis.json;
-              }
-              {
-                name = "redis-streaming";
-                options.path = ./dashboards/redis-streaming.json;
-              }
-            ];
+          # https://grafana.com/docs/grafana/latest/administration/provisioning/#dashboards
+          dashboards.settings.providers = [
+            {
+              name = "node";
+              options.path = ./dashboards/node.json;
+            }
+            {
+              name = "ntfy";
+              options.path = ./dashboards/ntfy.json;
+            }
+            {
+              name = "endlessh";
+              options.path = ./dashboards/endlessh.json;
+            }
+            {
+              name = "unbound";
+              options.path = ./dashboards/unbound.json;
+            }
+            {
+              name = "nginx";
+              options.path = ./dashboards/nginx.json;
+            }
+            {
+              name = "postgersql";
+              options.path = ./dashboards/postgresql.json;
+            }
+            {
+              name = "redis";
+              options.path = ./dashboards/redis.json;
+            }
+            {
+              name = "redis-streaming";
+              options.path = ./dashboards/redis-streaming.json;
+            }
+          ];
 
-            # https://grafana.com/docs/grafana/latest/administration/provisioning/#alerting
-            alerting.contactPoints.settings.contactPoints = [
-              {
-                name = "Alertmanager";
-                receivers = [
-                  {
-                    uid = 1;
-                    type = "prometheus-alertmanager";
-                    settings.url = "https://${config.nixfiles.modules.alertmanager.domain}";
-                  }
-                ];
-              }
-            ];
-          };
+          # https://grafana.com/docs/grafana/latest/administration/provisioning/#alerting
+          alerting.contactPoints.settings.contactPoints = [
+            {
+              name = "Alertmanager";
+              receivers = [
+                {
+                  uid = 1;
+                  type = "prometheus-alertmanager";
+                  settings.url = "https://${config.nixfiles.modules.alertmanager.domain}";
+                }
+              ];
+            }
+          ];
         };
+      };
 
-        loki.configuration.ruler.alertmanager_url = "https://${config.nixfiles.modules.alertmanager.domain}";
+      loki.configuration.ruler.alertmanager_url = "https://${config.nixfiles.modules.alertmanager.domain}";
 
-        prometheus = {
-          scrapeConfigs = with my.configurations;
-            mapAttrsToList
-            (
-              name: value: {
-                job_name = name;
-                static_configs = [
+      prometheus = {
+        scrapeConfigs = with my.configurations;
+          mapAttrsToList
+          (
+            name: value: {
+              job_name = name;
+              static_configs = [
+                {
+                  targets = with value;
+                    map (host:
+                      concatStringsSep ":" [
+                        (
+                          if isAttrs host
+                          then host.hostname
+                          else host
+                        )
+                        (toString port)
+                      ])
+                    hosts;
+                }
+              ];
+              relabel_configs =
+                [
                   {
-                    targets = with value;
-                      map (host:
-                        concatStringsSep ":" [
-                          (
-                            if isAttrs host
-                            then host.hostname
-                            else host
-                          )
-                          (toString port)
-                        ])
-                      hosts;
+                    source_labels = ["__address__"];
+                    regex = "([^:]+):\\d+";
+                    target_label = "instance";
                   }
-                ];
-                relabel_configs =
-                  [
-                    {
-                      source_labels = ["__address__"];
-                      regex = "([^:]+):\\d+";
-                      target_label = "instance";
-                    }
-                  ]
-                  ++ optionals (hasAttr "relabel" value) value.relabel;
-              }
-            )
-            {
-              promtail = {
-                hosts = [manwe varda yavanna];
-                inherit (config.nixfiles.modules.promtail) port;
-              };
-              ntfy = {
-                hosts = [manwe];
-                inherit (config.nixfiles.modules.ntfy.prometheus) port;
-              };
-              soju = {
-                hosts = ["127.0.0.1"];
-                inherit (config.nixfiles.modules.soju.prometheus) port;
-              };
-              endlessh-go = {
-                hosts = [manwe varda yavanna];
-                inherit (config.services.endlessh-go.prometheus) port;
-              };
-              nginx = {
-                hosts = [manwe yavanna];
-                inherit (config.services.prometheus.exporters.nginx) port;
-              };
-              node = {
-                hosts = [manwe varda yavanna];
-                inherit (config.services.prometheus.exporters.node) port;
-              };
-              postgres = {
-                hosts = [manwe];
-                inherit (config.services.prometheus.exporters.postgres) port;
-              };
-              redis = {
-                hosts = [manwe];
-                inherit (config.services.prometheus.exporters.redis) port;
-              };
-              unbound = {
-                hosts = [manwe];
-                inherit (config.services.prometheus.exporters.unbound) port;
-              };
-              wireguard = {
-                hosts = [manwe];
-                inherit (config.services.prometheus.exporters.wireguard) port;
-              };
-              # TODO Wait for https://github.com/NixOS/nixpkgs/pull/265696
-              exportarr-lidarr = {
-                hosts = [yavanna];
-                port = 9708;
-              };
+                ]
+                ++ optionals (hasAttr "relabel" value) value.relabel;
+            }
+          )
+          {
+            promtail = {
+              hosts = [manwe varda yavanna];
+              inherit (config.nixfiles.modules.promtail) port;
+            };
+            ntfy = {
+              hosts = [manwe];
+              inherit (config.nixfiles.modules.ntfy.prometheus) port;
+            };
+            soju = {
+              hosts = ["127.0.0.1"];
+              inherit (config.nixfiles.modules.soju.prometheus) port;
+            };
+            endlessh-go = {
+              hosts = [manwe varda yavanna];
+              inherit (config.services.endlessh-go.prometheus) port;
             };
+            nginx = {
+              hosts = [manwe yavanna];
+              inherit (config.services.prometheus.exporters.nginx) port;
+            };
+            node = {
+              hosts = [manwe varda yavanna];
+              inherit (config.services.prometheus.exporters.node) port;
+            };
+            postgres = {
+              hosts = [manwe];
+              inherit (config.services.prometheus.exporters.postgres) port;
+            };
+            redis = {
+              hosts = [manwe];
+              inherit (config.services.prometheus.exporters.redis) port;
+            };
+            unbound = {
+              hosts = [manwe];
+              inherit (config.services.prometheus.exporters.unbound) port;
+            };
+            wireguard = {
+              hosts = [manwe];
+              inherit (config.services.prometheus.exporters.wireguard) port;
+            };
+            # TODO Wait for https://github.com/NixOS/nixpkgs/pull/265696
+            exportarr-lidarr = {
+              hosts = [yavanna];
+              port = 9708;
+            };
+          };
 
-          ruleFiles = [
-            ./rules/nginx.yaml
-            ./rules/node.yaml
-            ./rules/postgres.yaml
-            ./rules/redis.yaml
-          ];
+        ruleFiles = [
+          ./rules/nginx.yaml
+          ./rules/node.yaml
+          ./rules/postgres.yaml
+          ./rules/redis.yaml
+        ];
 
-          alertmanagers = [
-            {
-              scheme = "https";
-              static_configs = [
-                {targets = [config.nixfiles.modules.alertmanager.domain];}
-              ];
-            }
-          ];
-        };
+        alertmanagers = [
+          {
+            scheme = "https";
+            static_configs = [
+              {targets = [config.nixfiles.modules.alertmanager.domain];}
+            ];
+          }
+        ];
       };
     };
-  }
-  # FIXME https://nixpk.gs/pr-tracker.html?pr=265696
-  // lib.moduleFromRef
-  "services/monitoring/prometheus/exporters.nix"
-  "Stunkymonkey:nixos-exportarr"
-  "0c9n3dc8l64bshynpbzaplvxhi2f0ihh6wcslh42y9kilwjp2zjv"
+  };
+}
diff --git a/modules/nixos/plausible.nix b/modules/nixos/plausible.nix
index 172da3f..d346bde 100644
--- a/modules/nixos/plausible.nix
+++ b/modules/nixos/plausible.nix
@@ -6,125 +6,119 @@
 }:
 with lib; let
   cfg = config.nixfiles.modules.plausible;
-in
-  {
-    options.nixfiles.modules.plausible = {
-      enable = mkEnableOption "Plausible Analytics";
+in {
+  options.nixfiles.modules.plausible = {
+    enable = mkEnableOption "Plausible Analytics";
 
-      port = mkOption {
-        description = "Port.";
-        type = with types; port;
-        default = 8000;
-      };
+    port = mkOption {
+      description = "Port.";
+      type = with types; port;
+      default = 8000;
+    };
 
-      domain = mkOption {
-        description = "Domain name sans protocol scheme.";
-        type = with types; nullOr str;
-        default = "plausible.${config.networking.domain}";
-      };
+    domain = mkOption {
+      description = "Domain name sans protocol scheme.";
+      type = with types; nullOr str;
+      default = "plausible.${config.networking.domain}";
     };
+  };
 
-    config = let
-      db = "plausible";
-    in
-      mkIf cfg.enable {
-        _module.args.libPlausible = {
-          htmlPlausibleScript = {
-            domain ? "$host",
-            src ? "https://${cfg.domain}/js/script.js",
-          }: ''<script defer data-domain="${domain}" src="${src}"></script>'';
-        };
+  config = let
+    db = "plausible";
+  in
+    mkIf cfg.enable {
+      _module.args.libPlausible = {
+        htmlPlausibleScript = {
+          domain ? "$host",
+          src ? "https://${cfg.domain}/js/script.js",
+        }: ''<script defer data-domain="${domain}" src="${src}"></script>'';
+      };
 
-        secrets = {
-          plausible-key.file = "${inputs.self}/secrets/plausible-key";
-          plausible-admin-password.file = "${inputs.self}/secrets/plausible-admin-password";
-          plausible-smtp-password.file = "${inputs.self}/secrets/smtp-password";
-        };
+      secrets = {
+        plausible-key.file = "${inputs.self}/secrets/plausible-key";
+        plausible-admin-password.file = "${inputs.self}/secrets/plausible-admin-password";
+        plausible-smtp-password.file = "${inputs.self}/secrets/smtp-password";
+      };
 
-        nixfiles.modules = {
-          nginx = {
-            enable = true;
-            upstreams.plausible.servers."127.0.0.1:${toString cfg.port}" = {};
-            virtualHosts.${cfg.domain}.locations."/" = {
-              proxyPass = "http://plausible";
-              proxyWebsockets = true;
-            };
-          };
-          postgresql = {
-            enable = true;
-            extraPostStart = [
-              ''
-                $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"'
-                $PSQL "${db}" -tAc 'CREATE EXTENSION IF NOT EXISTS citext'
-              ''
-            ];
+      nixfiles.modules = {
+        nginx = {
+          enable = true;
+          upstreams.plausible.servers."127.0.0.1:${toString cfg.port}" = {};
+          virtualHosts.${cfg.domain}.locations."/" = {
+            proxyPass = "http://plausible";
+            proxyWebsockets = true;
           };
-          clickhouse.enable = true;
         };
-
-        services.postgresql = {
-          ensureDatabases = [db];
-          ensureUsers = [
-            {
-              name = db;
-              ensurePermissions."DATABASE \"${db}\"" = "ALL";
-            }
+        postgresql = {
+          enable = true;
+          extraPostStart = [
+            ''
+              $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"'
+              $PSQL "${db}" -tAc 'CREATE EXTENSION IF NOT EXISTS citext'
+            ''
           ];
         };
+        clickhouse.enable = true;
+      };
 
-        services.plausible = {
-          enable = true;
+      services.postgresql = {
+        ensureDatabases = [db];
+        ensureUsers = [
+          {
+            name = db;
+            ensurePermissions."DATABASE \"${db}\"" = "ALL";
+          }
+        ];
+      };
 
-          adminUser = {
-            name = "admin";
-            email = "admin@${my.domain.shire}";
-            passwordFile = config.secrets.plausible-admin-password.path;
-            activate = false;
-          };
+      services.plausible = {
+        enable = true;
 
-          mail = {
-            email = "admin+plausible@${my.domain.shire}";
-            smtp = {
-              hostAddr = my.domain.shire;
-              hostPort = 465;
-              enableSSL = true;
-              user = "azahi@${my.domain.shire}";
-              passwordFile = config.secrets.plausible-smtp-password.path;
-            };
-          };
+        adminUser = {
+          name = "admin";
+          email = "admin@${my.domain.shire}";
+          passwordFile = config.secrets.plausible-admin-password.path;
+          activate = false;
+        };
 
-          database = {
-            clickhouse = {
-              setup = false;
-              url = "http://127.0.0.1:8123/default";
-            };
+        mail = {
+          email = "admin+plausible@${my.domain.shire}";
+          smtp = {
+            hostAddr = my.domain.shire;
+            hostPort = 465;
+            enableSSL = true;
+            user = "azahi@${my.domain.shire}";
+            passwordFile = config.secrets.plausible-smtp-password.path;
+          };
+        };
 
-            postgres = {
-              setup = true;
-              dbname = db;
-            };
+        database = {
+          clickhouse = {
+            setup = false;
+            url = "http://127.0.0.1:8123/default";
           };
 
-          server = {
-            baseUrl = "https://${cfg.domain}";
-            disableRegistration = true;
-            listenAddress = "127.0.0.1";
-            inherit (cfg) port;
-            secretKeybaseFile = config.secrets.plausible-key.path;
+          postgres = {
+            setup = true;
+            dbname = db;
           };
         };
 
-        systemd.services.plausible = rec {
-          after = [
-            "postgresql.service"
-            "clickhouse.service"
-          ];
-          requires = after;
+        server = {
+          baseUrl = "https://${cfg.domain}";
+          disableRegistration = true;
+          listenAddress = "127.0.0.1";
+          inherit (cfg) port;
+          secretKeybaseFile = config.secrets.plausible-key.path;
         };
       };
-  }
-  # FIXME https://nixpk.gs/pr-tracker.html?pr=266702
-  // lib.moduleFromRef
-  "services/web-apps/plausible.nix"
-  "nh2:plausible-listen-address-no-distributed-erlang"
-  "080c1rdz99xj8y876cw1p3zxmmaqq75jhrpf9f5z1da8v7yvs078"
+
+      systemd.services.plausible = rec {
+        after = [
+          "postgresql.service"
+          "clickhouse.service"
+        ];
+        requires = after;
+      };
+    };
+}
diff --git a/modules/nixos/podman.nix b/modules/nixos/podman.nix
index ceb748b..ec9b346 100644
--- a/modules/nixos/podman.nix
+++ b/modules/nixos/podman.nix
@@ -1,7 +1,7 @@
 {
   config,
-  lib,
   inputs,
+  lib,
   pkgs,
   ...
 }:
diff --git a/modules/nixos/prometheus.nix b/modules/nixos/prometheus.nix
index 5e61e73..0320e82 100644
--- a/modules/nixos/prometheus.nix
+++ b/modules/nixos/prometheus.nix
@@ -1,7 +1,7 @@
 {
   config,
-  libNginx,
   lib,
+  libNginx,
   ...
 }:
 with lib; let
diff --git a/modules/nixos/radicale.nix b/modules/nixos/radicale.nix
index 3c6a230..588ed51 100644
--- a/modules/nixos/radicale.nix
+++ b/modules/nixos/radicale.nix
@@ -1,8 +1,8 @@
 {
-  libNginx,
   config,
   inputs,
   lib,
+  libNginx,
   ...
 }:
 with lib; let
diff --git a/modules/nixos/syncthing.nix b/modules/nixos/syncthing.nix
index 755e2db..39579f8 100644
--- a/modules/nixos/syncthing.nix
+++ b/modules/nixos/syncthing.nix
@@ -1,8 +1,8 @@
 {
   config,
-  libNginx,
   inputs,
   lib,
+  libNginx,
   this,
   ...
 }:
diff --git a/modules/nixos/victoriametrics.nix b/modules/nixos/victoriametrics.nix
index 89d3ddb..6b037b9 100644
--- a/modules/nixos/victoriametrics.nix
+++ b/modules/nixos/victoriametrics.nix
@@ -1,7 +1,7 @@
 {
   config,
-  libNginx,
   lib,
+  libNginx,
   ...
 }:
 with lib; let

Consider giving Nix/NixOS a try! <3