From 8f137c28230623259a964484adcf31fe00756594 Mon Sep 17 00:00:00 2001 From: Azat Bahawi Date: Sat, 17 Dec 2022 16:39:09 +0300 Subject: 2022-12-17 --- configurations/default.nix | 87 - configurations/eonwe/default.nix | 84 - configurations/manwe/default.nix | 88 - configurations/manwe/mailserver.nix | 96 - configurations/manwe/webserver.nix | 25 - configurations/melian/default.nix | 134 - configurations/test-headful/default.nix | 19 - configurations/test-headless/default.nix | 13 - configurations/varda/default.nix | 62 - configurations/yavanna/default.nix | 46 - darwinConfigurations/default.nix | 35 + darwinConfigurations/mairon/default.nix | 22 + flake.lock | 198 +- flake.nix | 50 +- lib/default.nix | 2 +- lib/dns.nix | 2 +- lib/my.nix | 49 +- modules/darwin/common/default.nix | 10 + modules/darwin/common/home-manager.nix | 3 + modules/darwin/common/locale.nix | 7 + modules/darwin/common/networking.nix | 10 + modules/darwin/common/nix.nix | 21 + modules/darwin/common/shell.nix | 3 + modules/darwin/common/users.nix | 11 + modules/darwin/default.nix | 10 + modules/darwin/emacs.nix | 15 + modules/darwin/fonts.nix | 12 + modules/darwin/gnupg.nix | 15 + modules/darwin/homebrew.nix | 23 + modules/darwin/profiles/default.nix | 93 + modules/darwin/profiles/headful.nix | 19 + modules/nixfiles/acme.nix | 32 - modules/nixfiles/alacritty.nix | 5 +- modules/nixfiles/alertmanager.nix | 63 - modules/nixfiles/android.nix | 18 - modules/nixfiles/bat.nix | 3 +- modules/nixfiles/bluetooth.nix | 28 - modules/nixfiles/chromium.nix | 2 - modules/nixfiles/common/console.nix | 6 - modules/nixfiles/common/default.nix | 7 - modules/nixfiles/common/documentation.nix | 19 - modules/nixfiles/common/home-manager.nix | 10 +- modules/nixfiles/common/kernel.nix | 33 - modules/nixfiles/common/locale.nix | 29 +- modules/nixfiles/common/networking.nix | 101 +- modules/nixfiles/common/nix/default.nix | 44 +- modules/nixfiles/common/secrets.nix | 47 - modules/nixfiles/common/security.nix | 29 - modules/nixfiles/common/services.nix | 9 - modules/nixfiles/common/shell/default.nix | 152 +- modules/nixfiles/common/systemd.nix | 22 - modules/nixfiles/common/tmp.nix | 18 - modules/nixfiles/common/users.nix | 25 +- modules/nixfiles/common/xdg.nix | 87 - modules/nixfiles/default.nix | 49 +- modules/nixfiles/discord.nix | 22 + modules/nixfiles/docker.nix | 41 - modules/nixfiles/dwm.nix | 159 - modules/nixfiles/emacs/default.nix | 26 +- modules/nixfiles/emacs/doom/init.el | 8 +- modules/nixfiles/endlessh-go.nix | 32 - modules/nixfiles/endlessh.nix | 45 - modules/nixfiles/fail2ban.nix | 32 - modules/nixfiles/firefox/default.nix | 26 +- modules/nixfiles/firefox/userChrome.css | 5 +- modules/nixfiles/fonts.nix | 55 +- modules/nixfiles/games/default.nix | 38 - modules/nixfiles/games/gamemode.nix | 13 - modules/nixfiles/games/gog.nix | 18 - modules/nixfiles/games/lutris.nix | 35 - modules/nixfiles/games/mangohud.nix | 26 - modules/nixfiles/games/minecraft.nix | 54 - modules/nixfiles/games/steam-run.nix | 69 - modules/nixfiles/games/steam.nix | 28 - modules/nixfiles/git.nix | 287 +- modules/nixfiles/gnupg.nix | 120 +- modules/nixfiles/gotify.nix | 75 - modules/nixfiles/grafana.nix | 119 - modules/nixfiles/hydra.nix | 57 - modules/nixfiles/ipfs.nix | 167 -- modules/nixfiles/kde.nix | 49 - modules/nixfiles/libvirtd.nix | 44 - modules/nixfiles/lidarr.nix | 28 - modules/nixfiles/loki.nix | 102 - modules/nixfiles/lxc.nix | 16 - modules/nixfiles/matrix/default.nix | 1 - modules/nixfiles/matrix/dendrite.nix | 157 - modules/nixfiles/matrix/element.nix | 59 - modules/nixfiles/matrix/synapse.nix | 93 - .../nixfiles/monitoring/dashboards/endlessh.json | 1457 --------- modules/nixfiles/monitoring/dashboards/nginx.json | 567 ---- .../nixfiles/monitoring/dashboards/postgresql.json | 3086 -------------------- .../nixfiles/monitoring/dashboards/unbound.json | 2991 ------------------- modules/nixfiles/monitoring/default.nix | 176 -- modules/nixfiles/nextcloud.nix | 133 - modules/nixfiles/nginx.nix | 99 - modules/nixfiles/nmap.nix | 5 - modules/nixfiles/node-exporter.nix | 34 - modules/nixfiles/nsd.nix | 176 -- modules/nixfiles/openssh.nix | 122 +- modules/nixfiles/password-store.nix | 5 +- modules/nixfiles/podman.nix | 41 - modules/nixfiles/postgresql.nix | 87 - modules/nixfiles/profiles/default.nix | 20 +- modules/nixfiles/profiles/dev/containers.nix | 12 +- modules/nixfiles/profiles/dev/default.nix | 19 +- modules/nixfiles/profiles/dev/sql.nix | 6 +- modules/nixfiles/profiles/headful.nix | 80 +- modules/nixfiles/profiles/headless.nix | 30 - modules/nixfiles/prometheus.nix | 49 - modules/nixfiles/promtail.nix | 53 - modules/nixfiles/psd.nix | 60 - modules/nixfiles/qutebrowser.nix | 2 - modules/nixfiles/radarr.nix | 28 - modules/nixfiles/radicale.nix | 52 - modules/nixfiles/rss-bridge.nix | 31 - modules/nixfiles/rtorrent.nix | 297 -- modules/nixfiles/searx.nix | 78 - modules/nixfiles/shadowsocks.nix | 116 - modules/nixfiles/soju.nix | 117 - modules/nixfiles/solaar.nix | 54 - modules/nixfiles/sonarr.nix | 28 - modules/nixfiles/sound.nix | 21 - modules/nixfiles/syncthing.nix | 145 - modules/nixfiles/throttled.nix | 119 - modules/nixfiles/unbound.nix | 197 -- modules/nixfiles/vaultwarden.nix | 134 - modules/nixfiles/vscode.nix | 27 +- modules/nixfiles/wget.nix | 2 +- modules/nixfiles/wireguard.nix | 198 -- modules/nixfiles/x11.nix | 92 - modules/nixfiles/xmonad.nix | 30 - modules/nixos/acme.nix | 32 + modules/nixos/alertmanager.nix | 63 + modules/nixos/android.nix | 18 + modules/nixos/bluetooth.nix | 28 + modules/nixos/common/console.nix | 6 + modules/nixos/common/default.nix | 19 + modules/nixos/common/documentation.nix | 31 + modules/nixos/common/home-manager.nix | 3 + modules/nixos/common/kernel.nix | 39 + modules/nixos/common/locale.nix | 24 + modules/nixos/common/networking.nix | 108 + modules/nixos/common/nix.nix | 39 + modules/nixos/common/secrets.nix | 45 + modules/nixos/common/security.nix | 29 + modules/nixos/common/services.nix | 10 + modules/nixos/common/shell.nix | 3 + modules/nixos/common/systemd.nix | 22 + modules/nixos/common/tmp.nix | 18 + modules/nixos/common/users.nix | 19 + modules/nixos/common/xdg.nix | 87 + modules/nixos/default.nix | 59 + modules/nixos/discord.nix | 22 + modules/nixos/docker.nix | 41 + modules/nixos/dwm.nix | 159 + modules/nixos/emacs.nix | 30 + modules/nixos/endlessh-go.nix | 30 + modules/nixos/endlessh.nix | 24 + modules/nixos/fail2ban.nix | 32 + modules/nixos/fonts.nix | 45 + modules/nixos/games/default.nix | 38 + modules/nixos/games/gamemode.nix | 13 + modules/nixos/games/gog.nix | 18 + modules/nixos/games/lutris.nix | 32 + modules/nixos/games/mangohud.nix | 26 + modules/nixos/games/minecraft.nix | 50 + modules/nixos/games/steam-run.nix | 73 + modules/nixos/games/steam.nix | 25 + modules/nixos/git.nix | 117 + modules/nixos/gnupg.nix | 38 + modules/nixos/gotify.nix | 75 + modules/nixos/grafana.nix | 119 + modules/nixos/hydra.nix | 57 + modules/nixos/ipfs.nix | 167 ++ modules/nixos/kde.nix | 49 + modules/nixos/libvirtd.nix | 44 + modules/nixos/lidarr.nix | 28 + modules/nixos/loki.nix | 102 + modules/nixos/lxc.nix | 16 + modules/nixos/matrix/default.nix | 1 + modules/nixos/matrix/dendrite.nix | 157 + modules/nixos/matrix/element.nix | 59 + modules/nixos/matrix/synapse.nix | 93 + modules/nixos/monitoring/dashboards/endlessh.json | 1457 +++++++++ modules/nixos/monitoring/dashboards/nginx.json | 567 ++++ .../nixos/monitoring/dashboards/postgresql.json | 3086 ++++++++++++++++++++ modules/nixos/monitoring/dashboards/unbound.json | 2991 +++++++++++++++++++ modules/nixos/monitoring/default.nix | 176 ++ modules/nixos/nextcloud.nix | 133 + modules/nixos/nginx.nix | 99 + modules/nixos/node-exporter.nix | 34 + modules/nixos/nsd.nix | 174 ++ modules/nixos/openssh.nix | 34 + modules/nixos/podman.nix | 41 + modules/nixos/postgresql.nix | 87 + modules/nixos/profiles/default.nix | 33 + modules/nixos/profiles/dev/containers.nix | 27 + modules/nixos/profiles/dev/default.nix | 19 + modules/nixos/profiles/headful.nix | 88 + modules/nixos/profiles/headless.nix | 42 + modules/nixos/prometheus.nix | 49 + modules/nixos/promtail.nix | 53 + modules/nixos/psd.nix | 60 + modules/nixos/radarr.nix | 28 + modules/nixos/radicale.nix | 52 + modules/nixos/rss-bridge.nix | 31 + modules/nixos/rtorrent.nix | 297 ++ modules/nixos/searx.nix | 78 + modules/nixos/shadowsocks.nix | 116 + modules/nixos/soju.nix | 117 + modules/nixos/solaar.nix | 54 + modules/nixos/sonarr.nix | 28 + modules/nixos/sound.nix | 21 + modules/nixos/syncthing.nix | 145 + modules/nixos/throttled.nix | 119 + modules/nixos/unbound.nix | 197 ++ modules/nixos/vaultwarden.nix | 134 + modules/nixos/wireguard.nix | 198 ++ modules/nixos/x11.nix | 92 + modules/nixos/xmonad.nix | 28 + nixosConfigurations/default.nix | 96 + nixosConfigurations/eonwe/default.nix | 72 + nixosConfigurations/manwe/default.nix | 88 + nixosConfigurations/manwe/mailserver.nix | 94 + nixosConfigurations/manwe/webserver.nix | 23 + nixosConfigurations/melian/default.nix | 108 + nixosConfigurations/test-headful/default.nix | 19 + nixosConfigurations/test-headless/default.nix | 13 + nixosConfigurations/varda/default.nix | 62 + nixosConfigurations/yavanna/default.nix | 46 + 231 files changed, 14988 insertions(+), 14384 deletions(-) delete mode 100644 configurations/default.nix delete mode 100644 configurations/eonwe/default.nix delete mode 100644 configurations/manwe/default.nix delete mode 100644 configurations/manwe/mailserver.nix delete mode 100644 configurations/manwe/webserver.nix delete mode 100644 configurations/melian/default.nix delete mode 100644 configurations/test-headful/default.nix delete mode 100644 configurations/test-headless/default.nix delete mode 100644 configurations/varda/default.nix delete mode 100644 configurations/yavanna/default.nix create mode 100644 darwinConfigurations/default.nix create mode 100644 darwinConfigurations/mairon/default.nix create mode 100644 modules/darwin/common/default.nix create mode 100644 modules/darwin/common/home-manager.nix create mode 100644 modules/darwin/common/locale.nix create mode 100644 modules/darwin/common/networking.nix create mode 100644 modules/darwin/common/nix.nix create mode 100644 modules/darwin/common/shell.nix create mode 100644 modules/darwin/common/users.nix create mode 100644 modules/darwin/default.nix create mode 100644 modules/darwin/emacs.nix create mode 100644 modules/darwin/fonts.nix create mode 100644 modules/darwin/gnupg.nix create mode 100644 modules/darwin/homebrew.nix create mode 100644 modules/darwin/profiles/default.nix create mode 100644 modules/darwin/profiles/headful.nix delete mode 100644 modules/nixfiles/acme.nix delete mode 100644 modules/nixfiles/alertmanager.nix delete mode 100644 modules/nixfiles/android.nix delete mode 100644 modules/nixfiles/bluetooth.nix delete mode 100644 modules/nixfiles/common/console.nix delete mode 100644 modules/nixfiles/common/kernel.nix delete mode 100644 modules/nixfiles/common/secrets.nix delete mode 100644 modules/nixfiles/common/security.nix delete mode 100644 modules/nixfiles/common/services.nix delete mode 100644 modules/nixfiles/common/systemd.nix delete mode 100644 modules/nixfiles/common/tmp.nix delete mode 100644 modules/nixfiles/common/xdg.nix create mode 100644 modules/nixfiles/discord.nix delete mode 100644 modules/nixfiles/docker.nix delete mode 100644 modules/nixfiles/dwm.nix delete mode 100644 modules/nixfiles/endlessh-go.nix delete mode 100644 modules/nixfiles/endlessh.nix delete mode 100644 modules/nixfiles/fail2ban.nix delete mode 100644 modules/nixfiles/games/default.nix delete mode 100644 modules/nixfiles/games/gamemode.nix delete mode 100644 modules/nixfiles/games/gog.nix delete mode 100644 modules/nixfiles/games/lutris.nix delete mode 100644 modules/nixfiles/games/mangohud.nix delete mode 100644 modules/nixfiles/games/minecraft.nix delete mode 100644 modules/nixfiles/games/steam-run.nix delete mode 100644 modules/nixfiles/games/steam.nix delete mode 100644 modules/nixfiles/gotify.nix delete mode 100644 modules/nixfiles/grafana.nix delete mode 100644 modules/nixfiles/hydra.nix delete mode 100644 modules/nixfiles/ipfs.nix delete mode 100644 modules/nixfiles/kde.nix delete mode 100644 modules/nixfiles/libvirtd.nix delete mode 100644 modules/nixfiles/lidarr.nix delete mode 100644 modules/nixfiles/loki.nix delete mode 100644 modules/nixfiles/lxc.nix delete mode 100644 modules/nixfiles/matrix/default.nix delete mode 100644 modules/nixfiles/matrix/dendrite.nix delete mode 100644 modules/nixfiles/matrix/element.nix delete mode 100644 modules/nixfiles/matrix/synapse.nix delete mode 100644 modules/nixfiles/monitoring/dashboards/endlessh.json delete mode 100644 modules/nixfiles/monitoring/dashboards/nginx.json delete mode 100644 modules/nixfiles/monitoring/dashboards/postgresql.json delete mode 100644 modules/nixfiles/monitoring/dashboards/unbound.json delete mode 100644 modules/nixfiles/monitoring/default.nix delete mode 100644 modules/nixfiles/nextcloud.nix delete mode 100644 modules/nixfiles/nginx.nix delete mode 100644 modules/nixfiles/node-exporter.nix delete mode 100644 modules/nixfiles/nsd.nix delete mode 100644 modules/nixfiles/podman.nix delete mode 100644 modules/nixfiles/postgresql.nix delete mode 100644 modules/nixfiles/prometheus.nix delete mode 100644 modules/nixfiles/promtail.nix delete mode 100644 modules/nixfiles/psd.nix delete mode 100644 modules/nixfiles/radarr.nix delete mode 100644 modules/nixfiles/radicale.nix delete mode 100644 modules/nixfiles/rss-bridge.nix delete mode 100644 modules/nixfiles/rtorrent.nix delete mode 100644 modules/nixfiles/searx.nix delete mode 100644 modules/nixfiles/shadowsocks.nix delete mode 100644 modules/nixfiles/soju.nix delete mode 100644 modules/nixfiles/solaar.nix delete mode 100644 modules/nixfiles/sonarr.nix delete mode 100644 modules/nixfiles/sound.nix delete mode 100644 modules/nixfiles/syncthing.nix delete mode 100644 modules/nixfiles/throttled.nix delete mode 100644 modules/nixfiles/unbound.nix delete mode 100644 modules/nixfiles/vaultwarden.nix delete mode 100644 modules/nixfiles/wireguard.nix delete mode 100644 modules/nixfiles/x11.nix delete mode 100644 modules/nixfiles/xmonad.nix create mode 100644 modules/nixos/acme.nix create mode 100644 modules/nixos/alertmanager.nix create mode 100644 modules/nixos/android.nix create mode 100644 modules/nixos/bluetooth.nix create mode 100644 modules/nixos/common/console.nix create mode 100644 modules/nixos/common/default.nix create mode 100644 modules/nixos/common/documentation.nix create mode 100644 modules/nixos/common/home-manager.nix create mode 100644 modules/nixos/common/kernel.nix create mode 100644 modules/nixos/common/locale.nix create mode 100644 modules/nixos/common/networking.nix create mode 100644 modules/nixos/common/nix.nix create mode 100644 modules/nixos/common/secrets.nix create mode 100644 modules/nixos/common/security.nix create mode 100644 modules/nixos/common/services.nix create mode 100644 modules/nixos/common/shell.nix create mode 100644 modules/nixos/common/systemd.nix create mode 100644 modules/nixos/common/tmp.nix create mode 100644 modules/nixos/common/users.nix create mode 100644 modules/nixos/common/xdg.nix create mode 100644 modules/nixos/default.nix create mode 100644 modules/nixos/discord.nix create mode 100644 modules/nixos/docker.nix create mode 100644 modules/nixos/dwm.nix create mode 100644 modules/nixos/emacs.nix create mode 100644 modules/nixos/endlessh-go.nix create mode 100644 modules/nixos/endlessh.nix create mode 100644 modules/nixos/fail2ban.nix create mode 100644 modules/nixos/fonts.nix create mode 100644 modules/nixos/games/default.nix create mode 100644 modules/nixos/games/gamemode.nix create mode 100644 modules/nixos/games/gog.nix create mode 100644 modules/nixos/games/lutris.nix create mode 100644 modules/nixos/games/mangohud.nix create mode 100644 modules/nixos/games/minecraft.nix create mode 100644 modules/nixos/games/steam-run.nix create mode 100644 modules/nixos/games/steam.nix create mode 100644 modules/nixos/git.nix create mode 100644 modules/nixos/gnupg.nix create mode 100644 modules/nixos/gotify.nix create mode 100644 modules/nixos/grafana.nix create mode 100644 modules/nixos/hydra.nix create mode 100644 modules/nixos/ipfs.nix create mode 100644 modules/nixos/kde.nix create mode 100644 modules/nixos/libvirtd.nix create mode 100644 modules/nixos/lidarr.nix create mode 100644 modules/nixos/loki.nix create mode 100644 modules/nixos/lxc.nix create mode 100644 modules/nixos/matrix/default.nix create mode 100644 modules/nixos/matrix/dendrite.nix create mode 100644 modules/nixos/matrix/element.nix create mode 100644 modules/nixos/matrix/synapse.nix create mode 100644 modules/nixos/monitoring/dashboards/endlessh.json create mode 100644 modules/nixos/monitoring/dashboards/nginx.json create mode 100644 modules/nixos/monitoring/dashboards/postgresql.json create mode 100644 modules/nixos/monitoring/dashboards/unbound.json create mode 100644 modules/nixos/monitoring/default.nix create mode 100644 modules/nixos/nextcloud.nix create mode 100644 modules/nixos/nginx.nix create mode 100644 modules/nixos/node-exporter.nix create mode 100644 modules/nixos/nsd.nix create mode 100644 modules/nixos/openssh.nix create mode 100644 modules/nixos/podman.nix create mode 100644 modules/nixos/postgresql.nix create mode 100644 modules/nixos/profiles/default.nix create mode 100644 modules/nixos/profiles/dev/containers.nix create mode 100644 modules/nixos/profiles/dev/default.nix create mode 100644 modules/nixos/profiles/headful.nix create mode 100644 modules/nixos/profiles/headless.nix create mode 100644 modules/nixos/prometheus.nix create mode 100644 modules/nixos/promtail.nix create mode 100644 modules/nixos/psd.nix create mode 100644 modules/nixos/radarr.nix create mode 100644 modules/nixos/radicale.nix create mode 100644 modules/nixos/rss-bridge.nix create mode 100644 modules/nixos/rtorrent.nix create mode 100644 modules/nixos/searx.nix create mode 100644 modules/nixos/shadowsocks.nix create mode 100644 modules/nixos/soju.nix create mode 100644 modules/nixos/solaar.nix create mode 100644 modules/nixos/sonarr.nix create mode 100644 modules/nixos/sound.nix create mode 100644 modules/nixos/syncthing.nix create mode 100644 modules/nixos/throttled.nix create mode 100644 modules/nixos/unbound.nix create mode 100644 modules/nixos/vaultwarden.nix create mode 100644 modules/nixos/wireguard.nix create mode 100644 modules/nixos/x11.nix create mode 100644 modules/nixos/xmonad.nix create mode 100644 nixosConfigurations/default.nix create mode 100644 nixosConfigurations/eonwe/default.nix create mode 100644 nixosConfigurations/manwe/default.nix create mode 100644 nixosConfigurations/manwe/mailserver.nix create mode 100644 nixosConfigurations/manwe/webserver.nix create mode 100644 nixosConfigurations/melian/default.nix create mode 100644 nixosConfigurations/test-headful/default.nix create mode 100644 nixosConfigurations/test-headless/default.nix create mode 100644 nixosConfigurations/varda/default.nix create mode 100644 nixosConfigurations/yavanna/default.nix diff --git a/configurations/default.nix b/configurations/default.nix deleted file mode 100644 index a488cf1..0000000 --- a/configurations/default.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ - inputs, - lib, -}: -with lib; let - mkConfiguration = name: { - modules ? [], - configuration ? ./${name}, - this ? my.configurations.${name}, - }: - nameValuePair name (nixosSystem { - inherit (this) system; - modules = - attrValues inputs.self.nixosModules - ++ modules - ++ optional (configuration != null) (import configuration); - specialArgs = {inherit inputs lib this;}; - }); -in - mapAttrs' mkConfiguration { - # A dummy configuration to test the "headless" profile. - test-headless = { - modules = with inputs; [ - "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" - nixpkgs.nixosModules.notDetected - ]; - this = { - hostname = "test-headless"; - system = "x86_64-linux"; - isHeadless = true; - isHeadful = false; - }; - }; - - # A dummy configuration to test the "headful" profile. - test-headful = { - modules = with inputs; [ - "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" - nixpkgs.nixosModules.notDetected - ]; - this = { - hostname = "test-headful"; - system = "x86_64-linux"; - isHeadless = false; - isHeadful = true; - }; - }; - - # A beefy desktop PC: 7950x/rx6750xt/128GB. - eonwe.modules = with inputs; [ - nixos-hardware.nixosModules.common-cpu-amd - nixos-hardware.nixosModules.common-gpu-amd - nixos-hardware.nixosModules.common-pc-ssd - nixpkgs.nixosModules.notDetected - ]; - - # ThinkPad T480. - melian.modules = with inputs; [ - nixos-hardware.nixosModules.common-pc-laptop-ssd - nixos-hardware.nixosModules.lenovo-thinkpad-t480 - nixpkgs.nixosModules.notDetected - ]; - - # VPS: Germany - manwe.modules = with inputs; [ - "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" - nixos-hardware.nixosModules.common-cpu-amd - nixos-hardware.nixosModules.common-pc-ssd - nixpkgs.nixosModules.notDetected - ]; - - # VPS: Germany - varda.modules = with inputs; [ - "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" - nixos-hardware.nixosModules.common-cpu-amd - nixos-hardware.nixosModules.common-pc-ssd - nixpkgs.nixosModules.notDetected - ]; - - # VPS: France - yavanna.modules = with inputs; [ - "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" - nixos-hardware.nixosModules.common-cpu-intel - nixos-hardware.nixosModules.common-pc-hdd - nixpkgs.nixosModules.notDetected - ]; - } diff --git a/configurations/eonwe/default.nix b/configurations/eonwe/default.nix deleted file mode 100644 index c9af8e5..0000000 --- a/configurations/eonwe/default.nix +++ /dev/null @@ -1,84 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; { - nixfiles.modules = { - wireguard.client.enable = true; - - syncthing.enable = true; - - openssh.server.enable = true; - - games = { - lutris.enable = true; - steam.enable = true; - }; - android.enable = true; - bluetooth.enable = true; - libvirtd.enable = true; - qutebrowser.enable = true; - }; - - hm.programs = { - firefox.profiles.default.settings."media.ffmpeg.vaapi.enabled" = true; - - mpv.config = { - hwdec = "vdpau"; - vo = "vdpau"; - profile = "gpu-hq"; - }; - }; - - networking = { - interfaces = { - eth0.useDHCP = true; - wlan0.useDHCP = true; - }; - - networkmanager = { - enable = true; - wifi.backend = "iwd"; - }; - - wireless = { - enable = false; - iwd.enable = true; - userControlled.enable = true; - allowAuxiliaryImperativeNetworks = true; - }; - }; - - boot = { - initrd.availableKernelModules = ["ahci" "nvme" "sd_mod" "usb_storage" "usbhid" "xhci_pci"]; - - loader = { - efi.canTouchEfiVariables = true; - - systemd-boot = { - enable = true; - configurationLimit = 10; - }; - }; - }; - - fileSystems = { - "/boot" = { - device = "/dev/disk/by-uuid/FF1E-9CFD"; - fsType = "vfat"; - }; - - "/" = { - device = "/dev/disk/by-uuid/20276c1b-7e46-430b-b741-2f4aeb76bc51"; - fsType = "xfs"; - options = ["noatime"]; - }; - }; - - zramSwap = { - enable = true; - memoryPercent = 25; - }; -} diff --git a/configurations/manwe/default.nix b/configurations/manwe/default.nix deleted file mode 100644 index b8dd324..0000000 --- a/configurations/manwe/default.nix +++ /dev/null @@ -1,88 +0,0 @@ -{ - config, - lib, - this, - ... -}: -with lib; { - imports = [ - ./mailserver.nix - ./webserver.nix - ]; - - nixfiles.modules = { - nsd = { - enable = true; - fqdn = "ns1.${config.networking.domain}"; - }; - unbound.enable = true; - - wireguard.server.enable = true; - - acme.enable = true; - - monitoring.enable = true; - - postgresql.enable = true; - - git.server = { - enable = true; - domain = "git.${my.domain.azahi}"; - }; - - gotify.enable = true; - matrix.dendrite = { - enable = true; - domain = my.domain.azahi; - }; - radicale.enable = true; - rss-bridge.enable = true; - shadowsocks.enable = true; - soju = { - enable = true; - domain = my.domain.azahi; - }; - vaultwarden.enable = true; - }; - - boot = { - loader.grub = { - enable = true; - device = "/dev/sda"; - }; - - initrd.availableKernelModules = [ - "ata_piix" - "sd_mod" - "sr_mod" - "uhci_hcd" - "virtio_pci" - "virtio_scsi" - ]; - }; - - fileSystems = { - "/boot" = { - device = "/dev/sda1"; - fsType = "xfs"; - options = ["noatime"]; - }; - - "/" = { - device = "/dev/sda2"; - fsType = "xfs"; - options = ["noatime"]; - }; - }; - - swapDevices = [ - { - device = "/dev/sda3"; - } - ]; - - zramSwap = { - enable = true; - memoryPercent = 25; - }; -} diff --git a/configurations/manwe/mailserver.nix b/configurations/manwe/mailserver.nix deleted file mode 100644 index 966c21c..0000000 --- a/configurations/manwe/mailserver.nix +++ /dev/null @@ -1,96 +0,0 @@ -{ - config, - inputs, - lib, - ... -}: -with lib; { - imports = [inputs.simple-nixos-mailserver.nixosModule]; - - secrets = { - dkim-key-azahi-cc = { - file = "${inputs.self}/secrets/dkim-key-azahi-cc"; - path = "/var/dkim/${my.domain.azahi}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; - }; - dkim-key-rohan-net = { - file = "${inputs.self}/secrets/dkim-key-rohan-net"; - path = "/var/dkim/${my.domain.rohan}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; - }; - dkim-key-gondor-net = { - file = "${inputs.self}/secrets/dkim-key-gondor-net"; - path = "/var/dkim/${my.domain.gondor}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; - }; - dkim-key-shire-me = { - file = "${inputs.self}/secrets/dkim-key-shire-me"; - path = "/var/dkim/${my.domain.shire}.${config.mailserver.dkimSelector}.key"; - owner = "opendkim"; - group = "opendkim"; - }; - }; - - nixfiles.modules.acme.enable = true; - - mailserver = let - cert = config.certs.${my.domain.shire}; - in { - enable = true; - - fqdn = config.networking.domain; - domains = with my.domain; [azahi gondor rohan shire]; - - localDnsResolver = false; - - certificateScheme = 1; - certificateFile = "${cert.directory}/fullchain.pem"; - keyFile = "${cert.directory}/key.pem"; - - lmtpSaveToDetailMailbox = "no"; - - loginAccounts = with my.domain; { - "azahi@${shire}" = { - hashedPassword = "@HASHED_PASSWORD@"; - aliases = [ - "@${azahi}" - "@${rohan}" - "@${gondor}" - "abuse@${shire}" - "admin@${shire}" - "ceo@${shire}" - "postmaster@${shire}" - ]; - }; - "samwise@${shire}" = { - hashedPassword = "@HASHED_PASSWORD@"; - aliases = ["chad@${shire}"]; - quota = "1G"; - }; - "pippin@${shire}" = { - hashedPassword = "@HASHED_PASSWORD@"; - quota = "1G"; - }; - "meriadoc@${shire}" = { - hashedPassword = "@HASHED_PASSWORD@"; - quota = "1G"; - }; - }; - }; - - services.fail2ban.jails = { - dovecot = '' - enabled = true - mode = aggressive - ''; - postfix = '' - enabled = true - mode = aggressive - ''; - }; - - system.extraDependencies = [inputs.simple-nixos-mailserver]; -} diff --git a/configurations/manwe/webserver.nix b/configurations/manwe/webserver.nix deleted file mode 100644 index e1ee425..0000000 --- a/configurations/manwe/webserver.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ - inputs, - lib, - ... -}: -with lib; { - nixfiles.modules.nginx.virtualHosts = with my.domain; - { - ${shire}.locations."/".return = "301 https://www.youtube.com/watch?v=dQw4w9WgXcQ"; - "git.${shire}".locations."/".return = "301 https://git.${azahi}"; - "bitwarden.${shire}".locations."/".return = "301 https://vaultwarden.${shire}"; - ${azahi} = { - serverAliases = ["frodo.${gondor}" "frodo.${rohan}"]; - locations."/".root = inputs.azahi-cc; - }; - } - // (let - frodo = "301 https://frodo."; - in { - ${gondor}.locations."/".return = concatStrings [frodo gondor]; - ${rohan}.locations."/".return = concatStrings [frodo rohan]; - }); - - system.extraDependencies = [inputs.azahi-cc]; -} diff --git a/configurations/melian/default.nix b/configurations/melian/default.nix deleted file mode 100644 index f296546..0000000 --- a/configurations/melian/default.nix +++ /dev/null @@ -1,134 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; { - nixfiles.modules = { - wireguard.client.enable = true; - - syncthing.enable = true; - - bluetooth.enable = true; - - throttled.enable = true; - }; - - networking = { - interfaces = { - eth0.useDHCP = true; - wlan0.useDHCP = true; - }; - - networkmanager = { - enable = true; - wifi.backend = "iwd"; - }; - - wireless = { - enable = false; - iwd.enable = true; - userControlled.enable = true; - allowAuxiliaryImperativeNetworks = true; - }; - }; - - hardware.trackpoint = { - enable = true; - speed = 500; - sensitivity = 250; - }; - - powerManagement = let - modprobe = "${pkgs.kmod}/bin/modprobe"; - in { - enable = true; - - # This fixes an issue with not being able to suspend or wake up from suspend - # due to a kernel bug[1]. - # - # [1]: https://bbs.archlinux.org/viewtopic.php?id=270964 - # [1]: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/522998 - # [1]: https://bugs.launchpad.net/ubuntu/+source/pm-utils/+bug/562484/comments/3 - # [1]: https://gist.github.com/ioggstream/8f380d398aef989ac455b93b92d42048 - powerDownCommands = "${modprobe} -r xhci_pci"; - powerUpCommands = "${modprobe} xhci_pci"; - }; - - services = { - thinkfan = { - enable = true; - - settings = { - sensors = [ - { - hwmon = "/sys/class/hwmon"; - name = "coretemp"; - indices = [1]; - } - ]; - fans = [{tpacpi = "/proc/acpi/ibm/fan";}]; - levels = [ - ["level auto" 0 50] - ["level disengaged" 50 32767] - ]; - }; - }; - - fwupd.enable = true; - }; - - boot = { - # Speeding up Wi-Fi a bit. - extraModprobeConfig = '' - options iwlwifi 11n_disable=1 - ''; - - initrd = { - availableKernelModules = ["ahci" "nvme" "sd_mod" "usb_storage" "usbhid" "xhci_pci"]; - - luks.devices."root" = { - device = "/dev/disk/by-uuid/c1b46f24-eec0-47d2-a142-75ddfd7bb218"; - allowDiscards = true; - bypassWorkqueues = true; - }; - }; - - loader = { - efi.canTouchEfiVariables = true; - - systemd-boot = { - enable = true; - configurationLimit = 10; - }; - }; - }; - - fileSystems = { - "/boot" = { - device = "/dev/disk/by-uuid/1083-C8A0"; - fsType = "vfat"; - }; - - "/" = { - device = "/dev/disk/by-uuid/bb8b09dc-cc67-47e5-8280-532b17a9e62a"; - fsType = "xfs"; - options = ["noatime"]; - }; - }; - - # NOTE This will make hibernation extremely hard if on an encrypted partition. - # This also could not work on ZFS or Btrfs. - swapDevices = [ - { - device = "/swapfile"; - size = 8 * 1024; - } - ]; - - zramSwap = { - enable = true; - memoryPercent = 25; - }; -} diff --git a/configurations/test-headful/default.nix b/configurations/test-headful/default.nix deleted file mode 100644 index 25db8c7..0000000 --- a/configurations/test-headful/default.nix +++ /dev/null @@ -1,19 +0,0 @@ -{lib, ...}: -with lib; { - nixfiles.modules = { - dwm.enable = true; - kde.enable = false; - xmonad.enable = false; - }; - - boot.loader.systemd-boot.enable = true; - fileSystems."/".device = "/dev/null"; - - documentation = { - enable = mkForce false; - man = { - enable = mkForce false; - man-db.enable = mkForce false; - }; - }; -} diff --git a/configurations/test-headless/default.nix b/configurations/test-headless/default.nix deleted file mode 100644 index 919a436..0000000 --- a/configurations/test-headless/default.nix +++ /dev/null @@ -1,13 +0,0 @@ -{lib, ...}: -with lib; { - nixfiles.modules = { - endlessh-go.enable = mkForce false; - node-exporter.enable = mkForce false; - promtail.enable = mkForce false; - }; - - boot.loader.systemd-boot.enable = true; - fileSystems."/".device = "/dev/null"; - - documentation.enable = mkForce false; -} diff --git a/configurations/varda/default.nix b/configurations/varda/default.nix deleted file mode 100644 index 5e0914e..0000000 --- a/configurations/varda/default.nix +++ /dev/null @@ -1,62 +0,0 @@ -{ - lib, - this, - ... -}: -with lib; { - nixfiles.modules = { - wireguard.client.enable = true; - - acme.enable = true; - - games.minecraft.server = { - enable = false; # Disabled because no one is playing now. - memory = "6G"; - }; - }; - - boot = { - loader = { - efi.canTouchEfiVariables = true; - - systemd-boot = { - enable = true; - configurationLimit = 10; - }; - }; - - initrd.availableKernelModules = [ - "ata_piix" - "sd_mod" - "sr_mod" - "uhci_hcd" - "virtio_pci" - "virtio_scsi" - ]; - }; - - fileSystems = { - "/boot" = { - device = "/dev/disk/by-uuid/03FD-B6C0"; - fsType = "vfat"; - }; - - "/" = { - device = "/dev/disk/by-uuid/b07e8273-915a-424c-8c55-cdc2bd482f49"; - fsType = "xfs"; - options = ["noatime"]; - }; - }; - - swapDevices = [ - { - device = "/swapfile"; - size = 4 * 1024; - } - ]; - - zramSwap = { - enable = true; - memoryPercent = 25; - }; -} diff --git a/configurations/yavanna/default.nix b/configurations/yavanna/default.nix deleted file mode 100644 index e3172a6..0000000 --- a/configurations/yavanna/default.nix +++ /dev/null @@ -1,46 +0,0 @@ -{ - lib, - this, - ... -}: -with lib; { - nixfiles.modules = { - wireguard.client.enable = true; - - syncthing.enable = true; - - acme.enable = true; - - rtorrent.enable = true; - }; - - boot = { - loader.grub = { - enable = true; - device = "/dev/sda"; - }; - - initrd = { - availableKernelModules = ["uhci_hcd" "ahci"]; - kernelModules = ["nvme"]; - }; - }; - - fileSystems."/" = { - device = "/dev/sda1"; - fsType = "ext4"; - options = ["noatime"]; - }; - - swapDevices = [ - { - device = "/swapfile"; - size = 4 * 1024; - } - ]; - - zramSwap = { - enable = true; - memoryPercent = 25; - }; -} diff --git a/darwinConfigurations/default.nix b/darwinConfigurations/default.nix new file mode 100644 index 0000000..612c8b0 --- /dev/null +++ b/darwinConfigurations/default.nix @@ -0,0 +1,35 @@ +{ + inputs, + lib, +}: +with lib; let + mkConfiguration = name: { + modules ? [], + configuration ? ./${name}, + this ? my.configurations.${name}, + extraSpecialArgs ? { + localUsername = my.username; + localHostname = this.hostname; + }, + }: + nameValuePair name (inputs.darwin.lib.darwinSystem { + inherit (this) system; + modules = + modules + ++ attrValues inputs.self.modules + ++ attrValues inputs.self.darwinModules + ++ optional (configuration != null) (import configuration); + specialArgs = + { + inherit inputs lib this; + } + // extraSpecialArgs; + }); +in + mapAttrs' mkConfiguration { + mairon.extraSpecialArgs = { + # These values are managed by my employer. + localUsername = "username"; + localHostname = "hostname"; + }; + } diff --git a/darwinConfigurations/mairon/default.nix b/darwinConfigurations/mairon/default.nix new file mode 100644 index 0000000..d574a08 --- /dev/null +++ b/darwinConfigurations/mairon/default.nix @@ -0,0 +1,22 @@ +{ + config, + lib, + this, + ... +}: +with lib; { + nixfiles.modules.vscode.enable = true; + + # TODO Make this per-directory/per-remote. + hm.programs.git = { + userName = mkForce "Firstname Lastname"; + userEmail = mkForce "username@work.com"; + signing.key = mkForce "@PGP_KEY@"; + extraConfig."url \"git@gitlab.services.work.com:\"".insteadOf = "work:"; + }; + + networking = { + computerName = mkForce this.hostname; + hostName = mkForce null; + }; +} diff --git a/flake.lock b/flake.lock index 085d35e..6d8862f 100644 --- a/flake.lock +++ b/flake.lock @@ -88,16 +88,50 @@ "105.0": { "flake": false, "locked": { - "lastModified": 1664804773, - "narHash": "sha256-cktQJuMbGINAAfSrpln8OxisuyN/o8sPxon0lZ4vM7c=", + "lastModified": 1664904885, + "narHash": "sha256-XUjX+Tno3EU/3IXR/WCn4M5gVR+sKjCzpKcV31dqzWA=", "owner": "arkenfox", "repo": "user.js", - "rev": "11e3c1b8f6676b45b2b35c0b624d15746c70c593", + "rev": "db04bc44f2982ae8e39f10d056bc7cfe7804d4fd", "type": "github" }, "original": { "owner": "arkenfox", - "ref": "refs/pull/1541/head", + "ref": "105.0", + "repo": "user.js", + "type": "github" + } + }, + "106.0": { + "flake": false, + "locked": { + "lastModified": 1667741320, + "narHash": "sha256-WB9w/UoFqp/WyRhe87dNqwbMAXa8lmsK/QCeTzRWmj8=", + "owner": "arkenfox", + "repo": "user.js", + "rev": "8a65c5a7bad0ec764d968b0941ebdf01bdcd2408", + "type": "github" + }, + "original": { + "owner": "arkenfox", + "ref": "106.0", + "repo": "user.js", + "type": "github" + } + }, + "107.0": { + "flake": false, + "locked": { + "lastModified": 1668912908, + "narHash": "sha256-LeSJvxkTU4491rmkznbIm3l/ZiC+876OsLfej2Aj4Ro=", + "owner": "arkenfox", + "repo": "user.js", + "rev": "e8ea7f3f23b9a7f257b61ad7553b4b64b3965ddc", + "type": "github" + }, + "original": { + "owner": "arkenfox", + "ref": "refs/pull/1579/head", "repo": "user.js", "type": "github" } @@ -250,6 +284,8 @@ "103.0": "103.0", "104.0": "104.0", "105.0": "105.0", + "106.0": "106.0", + "107.0": "107.0", "93.0": "93.0", "94.0": "94.0", "95.0": "95.0", @@ -263,11 +299,11 @@ ] }, "locked": { - "lastModified": 1665906177, - "narHash": "sha256-fAPdYYF8AJtczGXFFTwMD8UxECRxPrR+VtHrUZgvxns=", + "lastModified": 1671049694, + "narHash": "sha256-APJajoa7Q4i8LFOHoiyU3G5nJ3Xv2IiI2qY9i0pJnlw=", "owner": "dwarfmaster", "repo": "arkenfox-nixos", - "rev": "83776435c05002a13c9b9f0536cc2041158798a8", + "rev": "99028aef3e9dfa3dc44e51e0d7296cf93d910af8", "type": "github" }, "original": { @@ -310,6 +346,27 @@ "type": "gitlab" } }, + "darwin": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1671196037, + "narHash": "sha256-2+J98SeczFWonbqFLMEAQC7vZEe6I2gM17XYvEmG52I=", + "owner": "LnL7", + "repo": "nix-darwin", + "rev": "adb8ac0453c8b2c40f5bffb578453dbaee838952", + "type": "github" + }, + "original": { + "owner": "LnL7", + "ref": "master", + "repo": "nix-darwin", + "type": "github" + } + }, "dns-nix": { "inputs": { "flake-utils": [ @@ -377,11 +434,11 @@ ] }, "locked": { - "lastModified": 1668836187, - "narHash": "sha256-f38CYfIwYoSUgX2klCm+6v4ViZiVY6DdwdO/rk7GGwg=", + "lastModified": 1671268121, + "narHash": "sha256-LIOLFw5m2mYDjMo7eBB/cxYjhEqBnvQ8dpZvTjR6+Lo=", "owner": "nix-community", "repo": "emacs-overlay", - "rev": "faf39a31bc76f1cd4eb642d79eeab1d25b038e72", + "rev": "249d14bdd55995eea2e0c9cfed8a230525faebde", "type": "github" }, "original": { @@ -499,6 +556,7 @@ }, "original": { "owner": "edolstra", + "ref": "master", "repo": "flake-compat", "type": "github" } @@ -553,6 +611,27 @@ "type": "github" } }, + "gitignore": { + "inputs": { + "nixpkgs": [ + "pre-commit-hooks", + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1660459072, + "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=", + "owner": "hercules-ci", + "repo": "gitignore.nix", + "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73", + "type": "github" + }, + "original": { + "owner": "hercules-ci", + "repo": "gitignore.nix", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -563,11 +642,11 @@ ] }, "locked": { - "lastModified": 1668788863, - "narHash": "sha256-FsdUG+YkRX7JZKZm6T44J2h+0pXB1sWA9AobyiozFK0=", + "lastModified": 1671209729, + "narHash": "sha256-zxn1eA/rMi2DOx43V7q87bGaDzvL7CMVY/Ti7lJ92DQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "948d1f8a5cef55a281d4f5d17f3b79df6c82fce1", + "rev": "7d55a72d4c1df694e87a41a7e6c9a7b6e9a40ca3", "type": "github" }, "original": { @@ -580,11 +659,11 @@ "master": { "flake": false, "locked": { - "lastModified": 1665257885, - "narHash": "sha256-4PNnCRLomAd5OdN4UEbsVSm8eNuteZHKaUqRVvIBvN8=", + "lastModified": 1670682948, + "narHash": "sha256-yFg8U4D+qD9UQXhpAXrl9Ksj16zrCLOgahMtT9QS2Y8=", "owner": "arkenfox", "repo": "user.js", - "rev": "f4187632faef76df4de0cbb0cdc7199f22fadd76", + "rev": "7135907b2fe13fa55eb8ebf162603037f83e353c", "type": "github" }, "original": { @@ -606,7 +685,9 @@ "evil-org-mode": "evil-org-mode", "evil-quick-diff": "evil-quick-diff", "explain-pause-mode": "explain-pause-mode", - "flake-compat": "flake-compat", + "flake-compat": [ + "flake-compat" + ], "flake-utils": [ "flake-utils" ], @@ -628,11 +709,11 @@ "ws-butler": "ws-butler" }, "locked": { - "lastModified": 1668736610, - "narHash": "sha256-qqQ/YspdN7c8o24CZQfvtuCC8I0AzCAwTpDRCdWdgJo=", + "lastModified": 1671154105, + "narHash": "sha256-OI6M2/Kcd1bJuodxV6rV5KtDJMUeewsqKy1B2PLNVys=", "owner": "nix-community", "repo": "nix-doom-emacs", - "rev": "6a37d61c1d8c8586b1140f53b83c164dd2fd7d2d", + "rev": "2150fd40b2110bbd11dcb62fa5f307ec345b0fb0", "type": "github" }, "original": { @@ -660,11 +741,11 @@ }, "nixos-hardware": { "locked": { - "lastModified": 1668334946, - "narHash": "sha256-omMbUj4r5DVBWh7KxkoO/Z/1V1shVR6Ls4jXNB4mr3U=", + "lastModified": 1671228065, + "narHash": "sha256-Az/ig9LVL5xdqtyl4/CVKJIH1G7sP/9Ott2XnNyie0E=", "owner": "NixOS", "repo": "nixos-hardware", - "rev": "e0452b33ab0ef16ffe075e980644ed92a6a200bb", + "rev": "e462a4baf75eeac639b4942481759de08a3bc94e", "type": "github" }, "original": { @@ -676,11 +757,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1668820343, - "narHash": "sha256-CmV7D8XFVhd47FIQx0RvjYP620hWsaG+71Rmmq8Bn/E=", + "lastModified": 1671249438, + "narHash": "sha256-5e+CcnbZA3/i2BRXbnzRS52Ly67MUNdZR+Zpbb2C65k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "75f569b1a573c9736501981b1bd1808d30b37d3d", + "rev": "067bfc6c90a301572cec7da48f09c447a9a8eae0", "type": "github" }, "original": { @@ -692,11 +773,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1668852341, - "narHash": "sha256-p2NNuwH3dkv8ze+ZPqZFWGmr2ULm/1lEnKVY4ojEewo=", + "lastModified": 1671282610, + "narHash": "sha256-B8qHrJjsu2rv2BPlj7EkM0H+ZJvVucaiCOIp5191+xc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "edff760d6125ddf35ea1dcbf03846addc6f900ce", + "rev": "b43f29bdc27e3f14ba0416a2a8492a3f35e6cd58", "type": "github" }, "original": { @@ -708,16 +789,16 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1668766498, - "narHash": "sha256-UjZlIrbHGlL3H3HZNPTxPSwJfr49jIfbPWCYxk0EQm4=", + "lastModified": 1671282711, + "narHash": "sha256-DJknmGMZPIMlJnLqP99A+dZiWOirRVeCZrQK8kn1nug=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f42a45c015f28ac3beeb0df360e50cdbf495d44b", + "rev": "8ac4d14fc64c39707e98421e84ed6a7160c06ecd", "type": "github" }, "original": { "owner": "NixOS", - "ref": "release-22.05", + "ref": "release-22.11", "repo": "nixpkgs", "type": "github" } @@ -725,11 +806,11 @@ "nmap-vulners": { "flake": false, "locked": { - "lastModified": 1632035522, - "narHash": "sha256-Y3THM8cNVZdl4GVLI0d4c/EgAyBZeNLSlDsUMHD9UYk=", + "lastModified": 1671189750, + "narHash": "sha256-WUAAWmwiW0uSTGdBE1rxrbSSWBRhzAMrtcyP4mmwkQ8=", "owner": "vulnersCom", "repo": "nmap-vulners", - "rev": "bbf53dd085f8d810921ee00ccf85bdb329d59514", + "rev": "4899a73532f2d166ba229f6c1e8a4046023623da", "type": "github" }, "original": { @@ -774,11 +855,11 @@ }, "nur": { "locked": { - "lastModified": 1668851908, - "narHash": "sha256-Br1NBRNqZtUYKSP7qhzyUlKDOuWOpl2sVsbxgamL4uM=", + "lastModified": 1671251299, + "narHash": "sha256-QFslNMb6xQdgEoHmbZ+YjyXysCPsiU2dOPpjWp68dYg=", "owner": "nix-community", "repo": "NUR", - "rev": "06c146dad321018b42c92fea1e0b100c989d9b8f", + "rev": "ca8e5a3c87bd533b1c0b0b4195b1191ad23c1c66", "type": "github" }, "original": { @@ -807,11 +888,11 @@ "org": { "flake": false, "locked": { - "lastModified": 1668143941, - "narHash": "sha256-f7nwVd1usk2Zhn9szqdhtU7/czXRl9w2NTQtGpIlugc=", + "lastModified": 1670680538, + "narHash": "sha256-afmN2tOY6Par235bVsqhtFHOSVyw4NBgTxI5Eo6Yk5A=", "owner": "emacs-straight", "repo": "org-mode", - "rev": "f83e45526b5ec4627d601673be3680e2dece1b33", + "rev": "42153ea2fec66f90c1623be25d6774d96ecf8062", "type": "github" }, "original": { @@ -870,19 +951,26 @@ }, "pre-commit-hooks": { "inputs": { + "flake-compat": [ + "flake-compat" + ], "flake-utils": [ "flake-utils" ], + "gitignore": "gitignore", "nixpkgs": [ "nixpkgs" + ], + "nixpkgs-stable": [ + "nixpkgs-stable" ] }, "locked": { - "lastModified": 1667992213, - "narHash": "sha256-8Ens8ozllvlaFMCZBxg6S7oUyynYx2v7yleC5M0jJsE=", + "lastModified": 1671180323, + "narHash": "sha256-qAE390OdYvzSMe58HLpoMZ7llPlp+zIy84pXPnuXqCo=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "ebcbfe09d2bd6d15f68de3a0ebb1e4dcb5cd324b", + "rev": "a49fc91a606dbbb7a916c56bc09776fc67b5c121", "type": "github" }, "original": { @@ -895,11 +983,11 @@ "revealjs": { "flake": false, "locked": { - "lastModified": 1668674340, - "narHash": "sha256-JEXPS67bgKnnRdA37mC18PyGm4EWVQ/BrWeBZLVKPvU=", + "lastModified": 1670408834, + "narHash": "sha256-2LG8/AwMC+caNK9DKDyVGw+EPT2W6ys177xQj7mdKng=", "owner": "hakimel", "repo": "reveal.js", - "rev": "9f1f7789bfbf689d9c1615e523d5c6262771e90f", + "rev": "4fe3946cb43de57f79aaa7b646aee7e78f4bcc75", "type": "github" }, "original": { @@ -913,8 +1001,10 @@ "agenix": "agenix", "arkenfox-nixos": "arkenfox-nixos", "azahi-cc": "azahi-cc", + "darwin": "darwin", "dns-nix": "dns-nix", "emacs-overlay": "emacs-overlay", + "flake-compat": "flake-compat", "flake-registry": "flake-registry", "flake-utils": "flake-utils", "home-manager": "home-manager", @@ -961,11 +1051,11 @@ ] }, "locked": { - "lastModified": 1658267644, - "narHash": "sha256-NJRe1rnlF112eZwxNASlRL8/ghwD8g+lpHIYRkWQxC8=", + "lastModified": 1669807829, + "narHash": "sha256-rgQ8MYV1UD4Ynw0wzfl9hatgsV5GV7X6eM6ioSPKzls=", "owner": "simple-nixos-mailserver", "repo": "nixos-mailserver", - "rev": "004c229ca44c069d93c92abf67ff1619fb508c6a", + "rev": "694e7d34f60028f4877517e1c7c73c9527fad400", "type": "gitlab" }, "original": { @@ -994,11 +1084,11 @@ "ts-fold": { "flake": false, "locked": { - "lastModified": 1663136308, - "narHash": "sha256-FI25RLoHqhcjA2qel75LVmQH4rTkKiAUR2w9QODT1XM=", + "lastModified": 1670681486, + "narHash": "sha256-Ss1FWOq51+0FQpQWXPiSWHmNYU6NurUvI2wAjOGV/kA=", "owner": "jcs-elpa", "repo": "ts-fold", - "rev": "c3da5520b988720f7f6e9e5e11b60746598112e0", + "rev": "85db0117ead108213cc2a4210f72746d8ad8d20a", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 7fcd818..46d1252 100644 --- a/flake.nix +++ b/flake.nix @@ -24,7 +24,7 @@ type = "github"; owner = "NixOS"; repo = "nixpkgs"; - ref = "release-22.05"; + ref = "release-22.11"; }; # For testing PRs and stuff. @@ -47,6 +47,14 @@ ref = "master"; }; + darwin = { + type = "github"; + owner = "LnL7"; + repo = "nix-darwin"; + ref = "master"; + inputs.nixpkgs.follows = "nixpkgs"; + }; + home-manager = { type = "github"; owner = "nix-community"; @@ -83,6 +91,7 @@ repo = "nix-doom-emacs"; ref = "master"; inputs = { + flake-compat.follows = "flake-compat"; emacs-overlay.follows = "emacs-overlay"; flake-utils.follows = "flake-utils"; nixpkgs.follows = "nixpkgs"; @@ -184,8 +193,10 @@ repo = "pre-commit-hooks.nix"; ref = "master"; inputs = { + flake-compat.follows = "flake-compat"; flake-utils.follows = "flake-utils"; nixpkgs.follows = "nixpkgs"; + nixpkgs-stable.follows = "nixpkgs-stable"; }; }; @@ -220,32 +231,20 @@ flake = false; }; - # NOTE These inputs are used indirectly. They are declared explicitly here - # because nested follows is not yet release in a stable version of nix[1]. - # - # [1]: https://github.com/NixOS/nix/issues/5790 - # [1]: https://github.com/NixOS/nix/pull/6621 - # flake-utils-plus = { - # type = "github"; - # owner = "gytis-ivaskevicius"; - # repo = "flake-utils-plus"; - # ref = "master"; - # inputs.flake-utils.follows = "flake-utils"; - # }; - # flake-compat = { - # type = "github"; - # owner = "edolstra"; - # repo = "flake-compat"; - # ref = "master"; - # flake = false; - # }; + flake-compat = { + type = "github"; + owner = "edolstra"; + repo = "flake-compat"; + ref = "master"; + flake = false; + }; }; outputs = inputs: with inputs; let lib = nixpkgs.lib.extend (import ./lib); in - flake-utils.lib.eachSystem ["x86_64-linux" "aarch64-linux"] + flake-utils.lib.eachDefaultSystem (system: let pkgs = import nixpkgs { inherit system; @@ -290,10 +289,15 @@ // { inherit lib; - nixosModules.nixfiles = import ./modules/nixfiles; + modules.nixfiles = import ./modules/nixfiles; + nixosModules.nixfiles = import ./modules/nixos; nixosConfigurations = - import ./configurations {inherit inputs lib;}; + import ./nixosConfigurations {inherit inputs lib;}; + + darwinModules.nixfiles = import ./modules/darwin; + darwinConfigurations = + import ./darwinConfigurations {inherit inputs lib;}; # TODO Make it so that self.packages also can use this. overlays.default = final: _: { diff --git a/lib/default.nix b/lib/default.nix index d121f5e..da4b4d2 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,7 +1,7 @@ lib: _: rec { my = import ./my.nix lib; - dns = import ./dns.nix lib; + dns = import ./dns.nix; isEven = number: assert (builtins.isInt number) || (builtins.isFloat number); diff --git a/lib/dns.nix b/lib/dns.nix index e486f1c..5e1d767 100644 --- a/lib/dns.nix +++ b/lib/dns.nix @@ -1,4 +1,4 @@ -_: { +{ const = { quad9 = { default = ["9.9.9.9" "149.112.112.112" "2620:fe::fe" "2620:fe::9"]; diff --git a/lib/my.nix b/lib/my.nix index f9c6a35..9b999a5 100644 --- a/lib/my.nix +++ b/lib/my.nix @@ -9,23 +9,36 @@ with lib; attrsOf (submodule ({name, ...}: { freeformType = attrs; options = let + mkConfigurationArchOption = type: + mkOption { + description = "Whether the machine's architecture is a ${type} one."; + type = bool; + default = false; + }; + mkConfigurationTypeOption = type: mkOption { - description = "Whether the machine is a ${type} one."; + description = "Whether the machine's functional type is a ${type} one."; type = bool; default = false; }; in { hostname = mkOption { - description = "The machine's hostname"; + description = "The machine's hostname."; type = str; default = name; readOnly = true; }; + system = mkOption { - description = "The machine's system"; - type = enum ["x86_64-linux" "aarch64-linux"]; - default = "x86_64-linux"; + description = "The machine's system."; + type = nullOr (enum [ + "aarch64-darwin" + "aarch64-linux" + "x86_64-darwin" + "x86_64-linux" + ]); + default = null; }; isHeadless = mkConfigurationTypeOption "headless"; @@ -39,12 +52,12 @@ with lib; default = null; }; prefixLength = mkOption { - description = "The machine's IPv4 prefix length."; + description = "The machine's public IPv4 prefix length."; type = nullOr int; default = null; }; gatewayAddress = mkOption { - description = "The machine's IPv4 gateway address."; + description = "The machine's public IPv4 gateway address."; type = nullOr str; default = null; }; @@ -56,12 +69,12 @@ with lib; default = null; }; prefixLength = mkOption { - description = "The machine's IPv6 prefix length."; + description = "The machine's public IPv6 prefix length."; type = nullOr int; default = null; }; gatewayAddress = mkOption { - description = "The machine's IPv6 gateway address."; + description = "The machine's public IPv6 gateway address."; type = nullOr str; default = null; }; @@ -74,7 +87,7 @@ with lib; default = null; }; ipv6.address = mkOption { - description = "The machine's internal IPv4 addresses."; + description = "The machine's internal IPv6 addresses."; type = nullOr str; default = null; }; @@ -93,7 +106,7 @@ with lib; # filtering for actual subdomains. We can remove this option # altogether then. domains = mkOption { - description = "External domains that resovle to this address."; + description = "External domains that resolve to this address."; type = listOf str; default = []; }; @@ -171,7 +184,9 @@ with lib; shire ]; }; + varda = { + system = "x86_64-linux"; isHeadless = true; ipv4 = { gatewayAddress = "@IPV4_ADDRESS@"; @@ -189,7 +204,9 @@ with lib; publicKey = "@PUBLIC_KEY@"; }; }; + yavanna = { + system = "x86_64-linux"; isHeadless = true; ipv4 = { gatewayAddress = "@IPV4_ADDRESS@"; @@ -209,7 +226,9 @@ with lib; domains = with my.domain; ["flood.${shire}"]; syncthing.id = "@SYNCTHING_ID@"; }; + eonwe = { + system = "x86_64-linux"; isHeadful = true; wireguard = { ipv4.address = "10.69.3.1"; @@ -218,7 +237,9 @@ with lib; }; syncthing.id = "@SYNCTHING_ID@"; }; + melian = { + system = "x86_64-linux"; isHeadful = true; wireguard = { ipv4.address = "10.69.4.1"; @@ -227,6 +248,12 @@ with lib; }; syncthing.id = "@SYNCTHING_ID@"; }; + + mairon = { + system = "aarch64-darwin"; + isHeadful = true; + }; + gothmog = { isOther = true; wireguard = { diff --git a/modules/darwin/common/default.nix b/modules/darwin/common/default.nix new file mode 100644 index 0000000..149b2d6 --- /dev/null +++ b/modules/darwin/common/default.nix @@ -0,0 +1,10 @@ +_: { + imports = [ + ./home-manager.nix + ./locale.nix + ./networking.nix + ./nix.nix + ./shell.nix + ./users.nix + ]; +} diff --git a/modules/darwin/common/home-manager.nix b/modules/darwin/common/home-manager.nix new file mode 100644 index 0000000..4fc6cbe --- /dev/null +++ b/modules/darwin/common/home-manager.nix @@ -0,0 +1,3 @@ +{inputs, ...}: { + imports = [inputs.home-manager.darwinModule]; +} diff --git a/modules/darwin/common/locale.nix b/modules/darwin/common/locale.nix new file mode 100644 index 0000000..1ecf6fe --- /dev/null +++ b/modules/darwin/common/locale.nix @@ -0,0 +1,7 @@ +{lib, ...}: +with lib; { + environment.variables.LANG = "en_GB.UTF-8"; + + # TODO https://daiderd.com/nix-darwin/manual/index.html#opt-system.keyboard.enableKeyMapping + system.keyboard = {}; +} diff --git a/modules/darwin/common/networking.nix b/modules/darwin/common/networking.nix new file mode 100644 index 0000000..6c503bc --- /dev/null +++ b/modules/darwin/common/networking.nix @@ -0,0 +1,10 @@ +{ + this, + localHostname ? this.hostname, + ... +}: { + networking = { + computerName = localHostname; + hostName = localHostname; + }; +} diff --git a/modules/darwin/common/nix.nix b/modules/darwin/common/nix.nix new file mode 100644 index 0000000..a522cb0 --- /dev/null +++ b/modules/darwin/common/nix.nix @@ -0,0 +1,21 @@ +{ + lib, + this, + ... +}: +with lib; { + nix = { + daemonIOLowPriority = false; + daemonProcessType = "Standard"; + + extraOptions = optionalString (this.system == "aarch64-darwin") '' + extra-platforms = x86_64-darwin aarch64-darwin + ''; + + settings.trusted-users = ["@admin"]; + }; + + services.nix-daemon.enable = true; + + system.stateVersion = 4; +} diff --git a/modules/darwin/common/shell.nix b/modules/darwin/common/shell.nix new file mode 100644 index 0000000..5985f50 --- /dev/null +++ b/modules/darwin/common/shell.nix @@ -0,0 +1,3 @@ +{pkgs, ...}: { + environment.shells = with pkgs; [bashInteractive]; +} diff --git a/modules/darwin/common/users.nix b/modules/darwin/common/users.nix new file mode 100644 index 0000000..957e50c --- /dev/null +++ b/modules/darwin/common/users.nix @@ -0,0 +1,11 @@ +{ + lib, + localUsername ? lib.my.username, + ... +}: +with lib; { + # The only MacOS machine I'm currently using has a pre-configured domain user + # account that I have to login as. I may accidentally break something if I + # change options here so this section is left practically untouched. + users.users.${localUsername}.home = "/Users/${localUsername}"; +} diff --git a/modules/darwin/default.nix b/modules/darwin/default.nix new file mode 100644 index 0000000..153c857 --- /dev/null +++ b/modules/darwin/default.nix @@ -0,0 +1,10 @@ +_: { + imports = [ + ./common + ./emacs.nix + ./fonts.nix + ./gnupg.nix + ./homebrew.nix + ./profiles + ]; +} diff --git a/modules/darwin/emacs.nix b/modules/darwin/emacs.nix new file mode 100644 index 0000000..02bfb83 --- /dev/null +++ b/modules/darwin/emacs.nix @@ -0,0 +1,15 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.emacs; +in { + config = mkIf cfg.enable { + # services.emacs = { + # enable = true; + # package = config.hm.programs.doom-emacs.package; + # }; + }; +} diff --git a/modules/darwin/fonts.nix b/modules/darwin/fonts.nix new file mode 100644 index 0000000..741fdc8 --- /dev/null +++ b/modules/darwin/fonts.nix @@ -0,0 +1,12 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.fonts; +in { + config = mkIf cfg.enable { + fonts.fontDir.enable = true; + }; +} diff --git a/modules/darwin/gnupg.nix b/modules/darwin/gnupg.nix new file mode 100644 index 0000000..073d3b1 --- /dev/null +++ b/modules/darwin/gnupg.nix @@ -0,0 +1,15 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.gnupg; +in { + config = mkIf cfg.enable { + programs.gnupg.agent = { + enable = true; + enableSSHSupport = true; + }; + }; +} diff --git a/modules/darwin/homebrew.nix b/modules/darwin/homebrew.nix new file mode 100644 index 0000000..35e8e77 --- /dev/null +++ b/modules/darwin/homebrew.nix @@ -0,0 +1,23 @@ +{ + config, + inputs, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.homebrew; +in { + options.nixfiles.modules.homebrew.enable = mkEnableOption "Homebrew"; + + config = mkIf cfg.enable { + # This option requires an installed Homebrew[1]. + # + # [1]: https://daiderd.com/nix-darwin/manual/index.html#opt-homebrew.enable + # [1]: https://brew.sh + homebrew = { + enable = true; + taps = []; + }; + }; +} diff --git a/modules/darwin/profiles/default.nix b/modules/darwin/profiles/default.nix new file mode 100644 index 0000000..f42647a --- /dev/null +++ b/modules/darwin/profiles/default.nix @@ -0,0 +1,93 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.profiles.default; +in { + imports = [ + ./headful.nix + ]; + + config = mkIf cfg.enable { + hm.home.packages = with pkgs; [m-cli]; + + system = { + defaults = { + CustomUserPreferences = {}; + + ActivityMonitor = {}; + + NSGlobalDomain = { + AppleEnableMouseSwipeNavigateWithScrolls = true; + AppleEnableSwipeNavigateWithScrolls = true; + + AppleInterfaceStyle = "Dark"; + + AppleShowAllExtensions = true; + AppleShowAllFiles = true; + + InitialKeyRepeat = 15; + KeyRepeat = 2; + + NSAutomaticCapitalizationEnabled = false; + NSAutomaticDashSubstitutionEnabled = false; + NSAutomaticPeriodSubstitutionEnabled = false; + NSAutomaticQuoteSubstitutionEnabled = false; + NSAutomaticSpellingCorrectionEnabled = false; + + # Make function keys to work as they should. + "com.apple.keyboard.fnState" = true; + + # Disable the absolutely retarded "natural" scrolling. + "com.apple.swipescrolldirection" = false; + }; + + dock = { + orientation = "bottom"; + tilesize = 18; + + show-recents = false; + static-only = false; + + # Disable hot corners. + wvous-bl-corner = 1; + wvous-br-corner = 1; + wvous-tl-corner = 1; + wvous-tr-corner = 1; + }; + + finder = { + AppleShowAllExtensions = true; + AppleShowAllFiles = true; + + CreateDesktop = true; + + FXDefaultSearchScope = "SCcf"; + FXEnableExtensionChangeWarning = false; + FXPreferredViewStyle = "clmv"; + + ShowStatusBar = false; + ShowPathbar = true; + _FXShowPosixPathInTitle = true; + }; + + trackpad = { + Clicking = true; + Dragging = false; + }; + }; + + keyboard = { + enableKeyMapping = true; + nonUS.remapTilde = true; + remapCapsLockToControl = false; + remapCapsLockToEscape = true; + swapLeftCommandAndLeftAlt = false; + }; + }; + }; +} diff --git a/modules/darwin/profiles/headful.nix b/modules/darwin/profiles/headful.nix new file mode 100644 index 0000000..44695f6 --- /dev/null +++ b/modules/darwin/profiles/headful.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.profiles.headful; +in { + config = mkIf cfg.enable { + nixfiles.modules.homebrew.enable = true; + + homebrew.casks = [ + {name = "firefox";} + {name = "telegram-desktop";} + ]; + }; +} diff --git a/modules/nixfiles/acme.nix b/modules/nixfiles/acme.nix deleted file mode 100644 index d3ad661..0000000 --- a/modules/nixfiles/acme.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; let - cfg = config.nixfiles.modules.acme; -in { - imports = [ - (mkAliasOptionModule ["certs"] ["security" "acme" "certs"]) - ]; - - options.nixfiles.modules.acme = { - enable = mkEnableOption "ACME"; - - email = mkOption { - description = "Email for notifications."; - type = with types; str; - default = "admin+acme@${my.domain.shire}"; - }; - }; - - config = mkIf cfg.enable { - security.acme = { - acceptTerms = true; - defaults = { - inherit (cfg) email; - validMinDays = 60; - }; - }; - }; -} diff --git a/modules/nixfiles/alacritty.nix b/modules/nixfiles/alacritty.nix index 5f8833a..142f6c5 100644 --- a/modules/nixfiles/alacritty.nix +++ b/modules/nixfiles/alacritty.nix @@ -19,10 +19,7 @@ in { y = size; }; dynamic_padding = false; - decorations = - if kde.enable - then "full" - else "none"; + decorations = "full"; }; font = with config.fontScheme.monospaceFont; { normal = { diff --git a/modules/nixfiles/alertmanager.nix b/modules/nixfiles/alertmanager.nix deleted file mode 100644 index 871b0c4..0000000 --- a/modules/nixfiles/alertmanager.nix +++ /dev/null @@ -1,63 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; let - cfg = config.nixfiles.modules.alertmanager; -in { - options.nixfiles.modules.alertmanager = { - enable = mkEnableOption "Alertmanager"; - - port = mkOption { - description = "Port."; - type = with types; port; - default = 30112; - }; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; nullOr str; - default = "alertmanager.${config.networking.domain}"; - }; - }; - - config = mkIf cfg.enable { - nixfiles.modules.nginx = with cfg; { - enable = true; - upstreams.alertmanager.servers."127.0.0.1:${toString cfg.port}" = {}; - virtualHosts.${cfg.domain} = { - locations."/".proxyPass = "http://alertmanager"; - extraConfig = nginxInternalOnly; - }; - }; - - services.prometheus.alertmanager = { - enable = true; - - listenAddress = "127.0.0.1"; - inherit (cfg) port; - - extraFlags = ["--web.external-url=https://${cfg.domain}"]; - - configuration = { - global = { - smtp_from = "alertmanager@${my.domain.shire}"; - smtp_smarthost = "${my.domain.shire}:584"; - }; - - route = { - receiver = my.username; - group_by = ["alertname"]; - }; - - receivers = [ - { - name = my.username; - email_configs = [{to = "${my.username}+alert@${my.domain.shire}";}]; - } - ]; - }; - }; - }; -} diff --git a/modules/nixfiles/android.nix b/modules/nixfiles/android.nix deleted file mode 100644 index 307490a..0000000 --- a/modules/nixfiles/android.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - config, - lib, - inputs, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.android; -in { - options.nixfiles.modules.android.enable = mkEnableOption "support for Android devices"; - - config = mkIf cfg.enable { - programs.adb.enable = true; - - my.extraGroups = ["adbusers"]; - }; -} diff --git a/modules/nixfiles/bat.nix b/modules/nixfiles/bat.nix index 4a98f99..2b31d16 100644 --- a/modules/nixfiles/bat.nix +++ b/modules/nixfiles/bat.nix @@ -7,7 +7,8 @@ with lib; let cfg = config.nixfiles.modules.bat; in { - options.nixfiles.modules.bat.enable = mkEnableOption "bat, an alternative to cat"; + options.nixfiles.modules.bat.enable = + mkEnableOption "bat, an alternative to cat"; config = mkIf cfg.enable { hm.programs = { diff --git a/modules/nixfiles/bluetooth.nix b/modules/nixfiles/bluetooth.nix deleted file mode 100644 index 8347361..0000000 --- a/modules/nixfiles/bluetooth.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.bluetooth; -in { - options.nixfiles.modules.bluetooth.enable = - mkEnableOption "Bluetooth support"; - - config = mkIf cfg.enable { - hardware.bluetooth = { - enable = true; - settings.General.FastConnectable = true; - }; - - environment = { - etc."bluetooth/input.conf".text = generators.toINI {} { - General = { - IdleTimeout = 15; - UserspaceHID = true; - }; - }; - }; - }; -} diff --git a/modules/nixfiles/chromium.nix b/modules/nixfiles/chromium.nix index 6a7c771..4f0ae12 100644 --- a/modules/nixfiles/chromium.nix +++ b/modules/nixfiles/chromium.nix @@ -23,7 +23,5 @@ in { ]; }; }; - - services.psd.enable = true; }; } diff --git a/modules/nixfiles/common/console.nix b/modules/nixfiles/common/console.nix deleted file mode 100644 index 3c73695..0000000 --- a/modules/nixfiles/common/console.nix +++ /dev/null @@ -1,6 +0,0 @@ -{config, ...}: { - console = { - earlySetup = true; - useXkbConfig = config.services.xserver.enable; - }; -} diff --git a/modules/nixfiles/common/default.nix b/modules/nixfiles/common/default.nix index 4f7a6c1..2bfe7e8 100644 --- a/modules/nixfiles/common/default.nix +++ b/modules/nixfiles/common/default.nix @@ -2,17 +2,10 @@ _: { imports = [ ./documentation.nix ./home-manager.nix - ./kernel.nix ./locale.nix ./networking.nix ./nix - ./secrets.nix - ./security.nix - ./services.nix ./shell - ./systemd.nix - ./tmp.nix ./users.nix - ./xdg.nix ]; } diff --git a/modules/nixfiles/common/documentation.nix b/modules/nixfiles/common/documentation.nix index 46ec9a5..55f6138 100644 --- a/modules/nixfiles/common/documentation.nix +++ b/modules/nixfiles/common/documentation.nix @@ -16,27 +16,8 @@ with lib; { documentation = { enable = true; - - dev.enable = true; doc.enable = false; info.enable = false; - nixos.enable = true; - - man.man-db.manualPages = - (pkgs.buildEnv { - name = "man-paths"; - paths = with config; - environment.systemPackages ++ hm.home.packages; - pathsToLink = ["/share/man"]; - extraOutputsToInstall = ["man"]; - ignoreCollisions = true; - }) - .overrideAttrs (_: _: {__contentAddressed = true;}); - }; - - environment.sessionVariables = { - MANOPT = "--no-hyphenation"; - MANPAGER = "${pkgs.less}/bin/less -+F"; }; }) (mkIf this.isHeadless { diff --git a/modules/nixfiles/common/home-manager.nix b/modules/nixfiles/common/home-manager.nix index 7ce872b..b28260a 100644 --- a/modules/nixfiles/common/home-manager.nix +++ b/modules/nixfiles/common/home-manager.nix @@ -1,18 +1,18 @@ { - config, inputs, lib, + localUsername ? lib.my.username, ... }: with lib; { imports = [ - inputs.home-manager.nixosModules.home-manager - (mkAliasOptionModule ["hm"] ["home-manager" "users" my.username]) + (mkAliasOptionModule ["hm"] ["home-manager" "users" localUsername]) ]; hm = { news.display = "silent"; - home = {inherit (config.system) stateVersion;}; + home.stateVersion = with builtins; + head (split "\n" (readFile "${inputs.nixpkgs}/.version")); }; home-manager = { @@ -21,6 +21,4 @@ with lib; { useGlobalPkgs = true; verbose = true; }; - - system.extraDependencies = [inputs.home-manager]; } diff --git a/modules/nixfiles/common/kernel.nix b/modules/nixfiles/common/kernel.nix deleted file mode 100644 index 2fdfeeb..0000000 --- a/modules/nixfiles/common/kernel.nix +++ /dev/null @@ -1,33 +0,0 @@ -{lib, ...}: -with lib; { - boot = { - # I don't use it even on laptops. - kernelParams = ["hibernate=no"]; - - kernel.sysctl = { - "fs.file-max" = pow 2 17; - "fs.inotify.max_user_watches" = pow 2 19; - "fs.suid_dumpable" = 0; - "kernel.core_uses_pid" = 1; - "kernel.exec-shield" = 1; - "kernel.kptr_restrict" = 1; - "kernel.maps_protect" = 1; - "kernel.msgmax" = pow 2 16; - "kernel.msgmnb" = pow 2 16; - "kernel.pid_max" = pow 2 16; - "kernel.randomize_va_space" = 2; - "kernel.shmall" = pow 2 28; - "kernel.shmmax" = pow 2 28; - "kernel.sysrq" = 0; - "vm.dirty_background_bytes" = pow 2 22; - "vm.dirty_background_ratio" = 5; - "vm.dirty_bytes" = pow 2 22; - "vm.dirty_ratio" = 30; - "vm.min_free_kbytes" = pow 2 16; - "vm.mmap_min_addr" = pow 2 12; - "vm.overcommit_memory" = mkDefault 0; - "vm.overcommit_ratio" = mkDefault 50; - "vm.vfs_cache_pressure" = 50; - }; - }; -} diff --git a/modules/nixfiles/common/locale.nix b/modules/nixfiles/common/locale.nix index 5f0d5ae..bcb577a 100644 --- a/modules/nixfiles/common/locale.nix +++ b/modules/nixfiles/common/locale.nix @@ -1,27 +1,6 @@ -{lib, ...}: -with lib; { - i18n = { - defaultLocale = mkDefault "en_GB.UTF-8"; - supportedLocales = [ - "C.UTF-8/UTF-8" - "en_GB.UTF-8/UTF-8" - "en_US.UTF-8/UTF-8" - "ja_JP.UTF-8/UTF-8" - "ru_RU.UTF-8/UTF-8" - ]; - }; - - time.timeZone = mkDefault "Europe/Moscow"; - - # TODO Fcitx or UIM as a Japanese IME. - services.xserver = { - layout = comcat ["us" "ru"]; - xkbVariant = comcat ["" "phonetic"]; - xkbOptions = comcat [ - "terminate:ctrl_alt_bksp" - "caps:escape" - "compose:menu" - "grp:win_space_toggle" - ]; +_: { + hm.home.language = { + collate = "C"; + messages = "C"; }; } diff --git a/modules/nixfiles/common/networking.nix b/modules/nixfiles/common/networking.nix index 8512d78..e5d27d8 100644 --- a/modules/nixfiles/common/networking.nix +++ b/modules/nixfiles/common/networking.nix @@ -1,100 +1,3 @@ -{ - config, - lib, - pkgs, - this, - ... -}: -with lib; { - hm.home.file.".digrc".text = '' - +answer - +multiline - +recurse - ''; - - # TODO Support multiple interfaces and IP addresses. - networking = mkMerge [ - { - domain = my.domain.shire; - - hostName = this.hostname; - hostId = substring 0 8 (builtins.hashString "md5" this.hostname); - - # Remove default hostname mappings. This is required at least by the current - # implementation of the montoring module. - hosts = { - "127.0.0.2" = mkForce []; - "::1" = mkForce []; - }; - - nameservers = mkDefault dns.const.quad9.default; - - useDHCP = false; - - firewall = { - enable = true; - - rejectPackets = false; - - allowPing = true; - pingLimit = "--limit 1/minute --limit-burst 5"; - - logRefusedConnections = false; - logRefusedPackets = false; - logRefusedUnicastsOnly = false; - logReversePathDrops = false; - }; - } - (let - interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. - in - mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) { - usePredictableInterfaceNames = false; # NOTE This can break something! - interfaces.${interface} = { - ipv4.addresses = with this.ipv4; - optional (isString address && isInt prefixLength) { - inherit address prefixLength; - }; - - ipv6.addresses = with this.ipv6; - optional (isString address && isInt prefixLength) { - inherit address prefixLength; - }; - }; - defaultGateway = with this.ipv4; - mkIf (isString gatewayAddress) { - inherit interface; - address = gatewayAddress; - }; - defaultGateway6 = with this.ipv6; - mkIf (isString gatewayAddress) { - inherit interface; - address = gatewayAddress; - }; - }) - ]; - - environment = { - systemPackages = with pkgs; [myip]; - - shellAliases = listToAttrs (map - ({ - name, - value, - }: - nameValuePair name "${pkgs.iproute2}/bin/${value}") [ - { - name = "bridge"; - value = "bridge -color=always"; - } - { - name = "ip"; - value = "ip -color=always"; - } - { - name = "tc"; - value = "tc -color=always"; - } - ]); - }; +{pkgs, ...}: { + environment.systemPackages = with pkgs; [myip]; } diff --git a/modules/nixfiles/common/nix/default.nix b/modules/nixfiles/common/nix/default.nix index c9d3b04..aeb25bd 100644 --- a/modules/nixfiles/common/nix/default.nix +++ b/modules/nixfiles/common/nix/default.nix @@ -2,12 +2,8 @@ config, inputs, lib, + localUsername ? lib.my.username, pkgs, - pkgsLocal, - pkgsMaster, - pkgsPR, - pkgsRev, - pkgsStabe, this, ... }: @@ -62,10 +58,11 @@ with lib; { // {nixfiles.flake = inputs.self;}; settings = { - trusted-users = ["root" "@wheel"]; + trusted-users = ["root" localUsername]; substituters = [ "https://azahi.cachix.org" + "https://cache.iog.io" "https://cachix.cachix.org" "https://nix-community.cachix.org" "https://pre-commit-hooks.cachix.org" @@ -73,6 +70,7 @@ with lib; { trusted-public-keys = [ "azahi.cachix.org-1:2bayb+iWYMAVw3ZdEpVg+NPOHCXncw7WMQ0ElX1GO3s=" "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" + "hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "pre-commit-hooks.cachix.org-1:Pkk3Panw5AW24TOv6kz3PvLhlH8puAsJTBbOPmBo7Rc=" ]; @@ -114,45 +112,25 @@ with lib; { inherit (np) yaml-language-server; json-language-server = np.vscode-json-languageserver-bin; k3d = kube3d; + kubelogin = kubelogin-oidc; lua-language-server = sumneko-lua-language-server; nix-language-server = rnix-lsp; omnisharp = omnisharp-roslyn; + telepresence = telepresence2; tor-browser = tor-browser-bundle-bin; })) - agenix.overlay emacs-overlay.overlay # nil.overlays.default - # nix-minecraft-servers.overlays.default nur.overlay # pollymc.overlay - xmonad-ng.overlays.default ]; - system = { - stateVersion = builtins.readFile "${inputs.nixpkgs}/.version"; - - extraDependencies = with inputs; [ - nixos-hardware - nixpkgs - nixpkgs-master - nixpkgs-stable - nur + environment.systemPackages = with pkgs; + optionals this.isHeadful [ + nix-du + nix-top + nix-tree ]; - }; - - environment = { - sessionVariables.NIX_SHELL_PRESERVE_PROMPT = "1"; - - localBinInPath = true; - - defaultPackages = []; - systemPackages = with pkgs; - optionals this.isHeadful [ - nix-du - nix-top - nix-tree - ]; - }; hm.home = { packages = with pkgs; [nix-index]; diff --git a/modules/nixfiles/common/secrets.nix b/modules/nixfiles/common/secrets.nix deleted file mode 100644 index 9e59716..0000000 --- a/modules/nixfiles/common/secrets.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - this, - ... -}: -with lib; { - imports = [ - inputs.agenix.nixosModule - (mkAliasOptionModule ["secrets"] ["age" "secrets"]) - ]; - - config = { - age = { - identityPaths = - if this.isHeadful - then ["${config.my.home}/.ssh/id_${my.ssh.type}"] - else - map (attr: attr.path) (filter (attr: attr.type == my.ssh.type) - config.services.openssh.hostKeys); - - # This can be used to auto-add all secrets, thus eleminating the need to - # specify path to each envrypted file. The drawback is that this will - # expose *all* secrets to all machines and try to decrypt them all even on - # machines where the secret will not be used. - # - # secrets = - # let - # secretsSourceDir = "${inputs.self}/age"; - # in - # mapAttrs' - # (name: _: - # nameValuePair name { - # file = "${secretsSourceDir}/${name}"; - # owner = mkDefault my.username; - # group = mkDefault config.my.group; - # }) - # (builtins.readDir secretsSourceDir); - }; - - environment.systemPackages = with pkgs; [agenix]; - - system.extraDependencies = [inputs.agenix]; - }; -} diff --git a/modules/nixfiles/common/security.nix b/modules/nixfiles/common/security.nix deleted file mode 100644 index 09c5da1..0000000 --- a/modules/nixfiles/common/security.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - inputs, - lib, - ... -}: -with lib; { - security = { - sudo = { - enable = true; - execWheelOnly = true; - wheelNeedsPassword = false; - # https://mwl.io/archives/1000 - extraConfig = '' - Defaults env_keep += "SSH_CLIENT SSH_CONNECTION SSH_TTY SSH_AUTH_SOCK" - ''; - }; - - polkit = { - enable = true; - # https://wiki.archlinux.org/title/Polkit#Bypass_password_prompt - extraConfig = '' - polkit.addRule(function (action, subject) { - if (subject.isInGroup('wheel')) - return polkit.Result.YES; - }); - ''; - }; - }; -} diff --git a/modules/nixfiles/common/services.nix b/modules/nixfiles/common/services.nix deleted file mode 100644 index 376c87d..0000000 --- a/modules/nixfiles/common/services.nix +++ /dev/null @@ -1,9 +0,0 @@ -_: { - services = { - earlyoom.enable = true; - haveged.enable = true; - irqbalance.enable = true; - }; - - hardware.ksm.enable = true; -} diff --git a/modules/nixfiles/common/shell/default.nix b/modules/nixfiles/common/shell/default.nix index 8ed2e99..9425578 100644 --- a/modules/nixfiles/common/shell/default.nix +++ b/modules/nixfiles/common/shell/default.nix @@ -40,6 +40,72 @@ with lib; { fi ''; + shellAliases = + listToAttrs + (map + ({ + name, + value, + }: + nameValuePair name (with pkgs; let + pkg = + if this.isHeadful + then + (coreutils.overrideAttrs (_: super: { + patches = + super.patches + ++ [ + (fetchpatch { + url = "https://raw.githubusercontent.com/jarun/advcpmv/ea268d870b475edd5960dcd55d5378abc9705958/advcpmv-0.9-9.1.patch"; + hash = "sha256-d+SRT/R4xmfHLAdOr7m4R3WFiW64P5ZH6iqDvErYCyg="; + }) + ]; + })) + else coreutils; + in "${pkg}/bin/coreutils --coreutils-prog=${value}")) + ( + let + mkAlias = { + name ? head command, + command, + }: { + inherit name; + value = concatStringsSep " " command; + }; + + progressBar = optionalString this.isHeadful "--progress-bar"; + in [ + (mkAlias { + command = ["cp" "--interactive" "--recursive" progressBar]; + }) + (mkAlias {command = ["mv" "--interactive" progressBar];}) + (mkAlias {command = ["rm" "--interactive=once"];}) + (mkAlias {command = ["ln" "--interactive"];}) + (mkAlias {command = ["mkdir" "--parents"];}) + (mkAlias {command = ["rmdir" "--parents"];}) + (mkAlias { + name = "lower"; + command = ["tr" "'[:upper:]'" "'[:lower:]'"]; + }) + (mkAlias { + name = "upper"; + command = ["tr" "'[:lower:]'" "'[:upper:]'"]; + }) + (mkAlias { + name = "disk"; + command = [ + "df" + "--human-readable" + "--exclude-type=tmpfs" + "--exclude-type=devtmpfs" + "2>/dev/null" + ]; + }) + ] + )) + // genAttrs ["grep" "egrep" "fgrep"] + (name: "${pkgs.gnugrep}/bin/${name} --color=always"); + historyControl = ["ignoredups" "ignorespace"]; }; @@ -51,82 +117,12 @@ with lib; { home.packages = with pkgs; [grc]; }; - programs.command-not-found.enable = false; - - environment = { - shellAliases = - listToAttrs - (map - ({ - name, - value, - }: - nameValuePair name (with pkgs; let - pkg = - if this.isHeadful - then - (coreutils.overrideAttrs (_: super: { - patches = - super.patches - ++ [ - (fetchpatch { - url = "https://raw.githubusercontent.com/jarun/advcpmv/ea268d870b475edd5960dcd55d5378abc9705958/advcpmv-0.9-9.1.patch"; - hash = "sha256-d+SRT/R4xmfHLAdOr7m4R3WFiW64P5ZH6iqDvErYCyg="; - }) - ]; - })) - else coreutils; - in "${pkg}/bin/coreutils --coreutils-prog=${value}")) - ( - let - mkAlias = { - name ? head command, - command, - }: { - inherit name; - value = concatStringsSep " " command; - }; - - progressBar = optionalString this.isHeadful "--progress-bar"; - in [ - (mkAlias { - command = ["cp" "--interactive" "--recursive" progressBar]; - }) - (mkAlias {command = ["mv" "--interactive" progressBar];}) - (mkAlias {command = ["rm" "--interactive=once"];}) - (mkAlias {command = ["ln" "--interactive"];}) - (mkAlias {command = ["mkdir" "--parents"];}) - (mkAlias {command = ["rmdir" "--parents"];}) - (mkAlias { - name = "lower"; - command = ["tr" "'[:upper:]'" "'[:lower:]'"]; - }) - (mkAlias { - name = "upper"; - command = ["tr" "'[:lower:]'" "'[:upper:]'"]; - }) - (mkAlias { - name = "disk"; - command = [ - "df" - "--human-readable" - "--exclude-type=tmpfs" - "--exclude-type=devtmpfs" - "2>/dev/null" - ]; - }) - ] - )) - // genAttrs ["grep" "egrep" "fgrep"] - (name: "${pkgs.gnugrep}/bin/${name} --color=always"); - - systemPackages = with pkgs; [ - bash-completion - bc - gawk - hr - moreutils - pv - ]; - }; + environment.systemPackages = with pkgs; [ + bash-completion + bc + gawk + hr + moreutils + pv + ]; } diff --git a/modules/nixfiles/common/systemd.nix b/modules/nixfiles/common/systemd.nix deleted file mode 100644 index 5c7282d..0000000 --- a/modules/nixfiles/common/systemd.nix +++ /dev/null @@ -1,22 +0,0 @@ -{pkgs, ...}: { - hm.systemd.user.startServices = "sd-switch"; - - services.journald.extraConfig = '' - SystemMaxUse=5G - ''; - - systemd = let - extraConfig = '' - DefaultTimeoutStartSec=30s - DefaultTimeoutStopSec=15s - ''; - in { - inherit extraConfig; - user = {inherit extraConfig;}; - }; - - environment.sessionVariables = { - SYSTEMD_PAGER = "${pkgs.less}/bin/less"; - SYSTEMD_LESS = "FRSXMK"; - }; -} diff --git a/modules/nixfiles/common/tmp.nix b/modules/nixfiles/common/tmp.nix deleted file mode 100644 index d56e2b6..0000000 --- a/modules/nixfiles/common/tmp.nix +++ /dev/null @@ -1,18 +0,0 @@ -_: { - systemd.mounts = [ - { - type = "tmpfs"; - what = "tmpfs"; - where = "/tmp"; - mountConfig.Options = [ - "huge=within_size" - "mode=1777" - "noatime" - "nodev" - "nosuid" - "rw" - "size=25%" - ]; - } - ]; -} diff --git a/modules/nixfiles/common/users.nix b/modules/nixfiles/common/users.nix index fb85c1b..aee0e38 100644 --- a/modules/nixfiles/common/users.nix +++ b/modules/nixfiles/common/users.nix @@ -1,21 +1,8 @@ -{lib, ...}: +{ + lib, + localUsername ? lib.my.username, + ... +}: with lib; { - imports = [(mkAliasOptionModule ["my"] ["users" "users" my.username])]; - - users = { - mutableUsers = false; - - users = { - root.hashedPassword = "@HASHED_PASSWORD@"; - - ${my.username} = { - isNormalUser = true; - uid = 1000; - description = my.fullname; - inherit (my) hashedPassword; - openssh.authorizedKeys.keys = [my.ssh.key]; - extraGroups = ["wheel"]; - }; - }; - }; + imports = [(mkAliasOptionModule ["my"] ["users" "users" localUsername])]; } diff --git a/modules/nixfiles/common/xdg.nix b/modules/nixfiles/common/xdg.nix deleted file mode 100644 index 8ddf1ac..0000000 --- a/modules/nixfiles/common/xdg.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ - config, - lib, - this, - ... -}: -with lib; { - imports = let - withBase = s: ["home-manager" "users" my.username "xdg" s]; - in [ - (mkAliasOptionModule ["dirs" "cache"] (withBase "cacheHome")) - (mkAliasOptionModule ["dirs" "config"] (withBase "configHome")) - (mkAliasOptionModule ["dirs" "data"] (withBase "dataHome")) - (mkAliasOptionModule ["dirs" "state"] (withBase "stateHome")) - (mkAliasOptionModule ["userDirs"] (withBase "userDirs")) - ]; - - hm.xdg = mkMerge [ - { - enable = true; - - userDirs = let - inherit (config.my) home; - tmp = home + "/tmp"; - in { - enable = true; - - desktop = tmp; - documents = "${home}/doc"; - download = tmp; - music = tmp; - pictures = tmp; - publicShare = "${home}/share"; - templates = tmp; - videos = tmp; - }; - } - (mkIf this.isHeadful { - mimeApps = { - enable = true; - defaultApplications = mkMerge (mapAttrsToList - (n: v: genAttrs v (_: ["${n}.desktop"])) - { - emacsclient = [ - "application/json" - "application/vnd.ms-publisher" - "application/x-desktop" - "application/x-shellscript" - "application/x-trash" - "application/x-wine-extension-ini" - "application/xml" - "text/markdown" - "text/plain" - ]; - firefox = [ - "text/html" - "x-scheme-handler/http" - "x-scheme-handler/https" - ]; - imv = [ - "image/bmp" - "image/gif" - "image/jpeg" - "image/jpg" - "image/png" - "image/svg+xml" - "image/tiff" - "image/webp" - ]; - mpv = [ - "audio/aac" - "audio/flac" - "audio/mp3" - "audio/ogg" - "audio/wav" - "audio/webm" - "video/mkv" - "video/mp4" - "video/ogg" - "video/webm" - "video/x-matroska" - ]; - }); - }; - }) - ]; -} diff --git a/modules/nixfiles/default.nix b/modules/nixfiles/default.nix index 82ccc27..d4e5e26 100644 --- a/modules/nixfiles/default.nix +++ b/modules/nixfiles/default.nix @@ -1,78 +1,31 @@ -{...}: { +_: { imports = [ - ./acme.nix ./alacritty.nix - ./alertmanager.nix - ./android.nix ./aria2.nix ./bat.nix ./beets.nix - ./bluetooth.nix ./chromium.nix ./common ./curl.nix ./direnv.nix - ./docker.nix - ./dwm.nix ./emacs - ./endlessh-go.nix - ./endlessh.nix - ./fail2ban.nix ./firefox ./fonts.nix - ./games ./git.nix ./gnupg.nix - ./gotify.nix - ./grafana.nix ./htop.nix - ./hydra.nix - ./ipfs.nix - ./kde.nix - ./libvirtd.nix - ./lidarr.nix - ./loki.nix - ./lxc.nix - ./matrix - ./monitoring ./mpd.nix ./mpv.nix - ./nextcloud.nix - ./nginx.nix ./nmap.nix - ./node-exporter.nix - ./nsd.nix ./openssh.nix ./password-store.nix - ./podman.nix - ./postgresql.nix ./profiles - ./prometheus.nix - ./promtail.nix - ./psd.nix ./qutebrowser.nix - ./radarr.nix - ./radicale.nix - ./rss-bridge.nix - ./rtorrent.nix - ./searx.nix - ./shadowsocks.nix - ./soju.nix - ./solaar.nix - ./sonarr.nix - ./sound.nix ./subversion.nix - ./syncthing.nix - ./throttled.nix ./tmux.nix - ./unbound.nix - ./vaultwarden.nix ./vim ./vscode.nix ./wget.nix - ./wireguard.nix - ./x11.nix - ./xmonad.nix ./zathura.nix ]; } diff --git a/modules/nixfiles/discord.nix b/modules/nixfiles/discord.nix new file mode 100644 index 0000000..190b5fc --- /dev/null +++ b/modules/nixfiles/discord.nix @@ -0,0 +1,22 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.discord; +in { + options.nixfiles.modules.discord.enable = + mkEnableOption "Steam runtime"; + + config = mkIf cfg.enable { + nixfiles.modules.common.nix.allowedUnfreePackages = ["discord"]; + + hm.home.packages = with pkgs; [ + (discord.override { + withOpenASAR = true; + }) + ]; + }; +} diff --git a/modules/nixfiles/docker.nix b/modules/nixfiles/docker.nix deleted file mode 100644 index e642030..0000000 --- a/modules/nixfiles/docker.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.docker; -in { - options.nixfiles.modules.docker.enable = mkEnableOption "Docker"; - - config = mkIf cfg.enable { - assertions = [ - { - assertion = !config.nixfiles.modules.podman.enable; - message = "Pick only one!"; - } - ]; - - secrets.containers-auth = { - file = "${inputs.self}/secrets/containers-auth"; - path = "${config.my.home}/.docker/config.json"; - owner = my.username; - inherit (config.my) group; - }; - - virtualisation.docker.enable = true; - - environment.systemPackages = with pkgs; [docker-compose]; - - my.extraGroups = ["docker"]; - - hm.programs.bash = { - shellAliases.d = "${pkgs.docker}/bin/docker"; - initExtra = mkAfter '' - _complete_alias d _docker docker - ''; - }; - }; -} diff --git a/modules/nixfiles/dwm.nix b/modules/nixfiles/dwm.nix deleted file mode 100644 index 618d8ed..0000000 --- a/modules/nixfiles/dwm.nix +++ /dev/null @@ -1,159 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.dwm; -in { - options.nixfiles.modules.dwm.enable = mkEnableOption "dwm"; - - config = mkIf cfg.enable { - nixfiles.modules.x11.enable = true; - - hm.xsession = { - enable = true; - - windowManager.command = let - pkg = pkgs.dwm.override { - conf = let - font = with config.fontScheme.monospaceFont; "${family}:size=${toString size}"; - colour = config.colourScheme; - in '' - static const unsigned int borderpx = 1; - static const unsigned int snap = 32; - static const int showbar = 1; - static const int topbar = 1; - - static const char *fonts[] = { - "${font}" - }; - - static const char *colors[][3] = { - [SchemeNorm] = { - "${colour.white}", - "${colour.black}", - "${colour.black}", - }, - [SchemeSel] = { - "${colour.black}", - "${colour.white}", - "${colour.white}", - }, - }; - - static const char *tags[] = { - "1", - "2", - "3", - "4", - "5", - "6", - "7", - "8", - "9" - }; - - static const Rule rules[] = { - { "Emacs", NULL, NULL, 1 << 0, 0, -1 }, - }; - - static const float mfact = 0.666; - static const int nmaster = 1; - static const int resizehints = 0; - static const int lockfullscreen = 1; - - static const Layout layouts[] = { - { "[]=", tile }, - { "><>", NULL }, - { "[M]", monocle }, - }; - - #define MODKEY Mod4Mask - #define TAGKEYS(KEY,TAG) \ - { MODKEY, KEY, view, { .ui = 1 << TAG } }, \ - { MODKEY|ControlMask, KEY, toggleview, { .ui = 1 << TAG } }, \ - { MODKEY|ShiftMask, KEY, tag, { .ui = 1 << TAG } }, \ - { MODKEY|ControlMask|ShiftMask, KEY, toggletag, { .ui = 1 << TAG } }, - - static char dmenumon[2] = "0"; - static const char *dmenucmd[] = { - "${pkgs.dmenu}/bin/dmenu_run", - "-m", dmenumon, - "-fn", "${font}", - "-nb", "${colour.black}", - "-nf", "${colour.white}", - "-sb", "${colour.white}", - "-sf", "${colour.black}", - NULL, - }; - static const char *termcmd[] = { - "${pkgs.alacritty}/bin/alacritty", - NULL, - }; - - static const Key keys[] = { - { MODKEY, XK_x, spawn, {.v = dmenucmd } }, - { MODKEY, XK_Return, spawn, {.v = termcmd } }, - { MODKEY, XK_b, togglebar, {0} }, - { MODKEY, XK_j, focusstack, {.i = +1 } }, - { MODKEY, XK_k, focusstack, {.i = -1 } }, - { MODKEY|ShiftMask, XK_k, incnmaster, {.i = +1 } }, - { MODKEY|ShiftMask, XK_j, incnmaster, {.i = -1 } }, - { MODKEY, XK_comma, setmfact, {.f = -0.05} }, - { MODKEY, XK_period, setmfact, {.f = +0.05} }, - { MODKEY, XK_p, zoom, {0} }, - { MODKEY, XK_Tab, view, {0} }, - { MODKEY, XK_d, killclient, {0} }, - { MODKEY, XK_t, setlayout, {.v = &layouts[0]} }, - { MODKEY, XK_m, setlayout, {.v = &layouts[1]} }, - { MODKEY, XK_f, setlayout, {.v = &layouts[2]} }, - { MODKEY, XK_o, togglefloating, {0} }, - { MODKEY, XK_0, view, {.ui = ~0 } }, - { MODKEY|ShiftMask, XK_0, tag, {.ui = ~0 } }, - { MODKEY, XK_h, focusmon, {.i = -1 } }, - { MODKEY, XK_l, focusmon, {.i = +1 } }, - { MODKEY|ShiftMask, XK_h, tagmon, {.i = -1 } }, - { MODKEY|ShiftMask, XK_l, tagmon, {.i = +1 } }, - TAGKEYS( XK_1, 0) - TAGKEYS( XK_2, 1) - TAGKEYS( XK_3, 2) - TAGKEYS( XK_4, 3) - TAGKEYS( XK_5, 4) - TAGKEYS( XK_6, 5) - TAGKEYS( XK_7, 6) - TAGKEYS( XK_8, 7) - TAGKEYS( XK_9, 8) - { MODKEY|ShiftMask, XK_q, quit, {0} }, - }; - - static const Button buttons[] = { - { ClkLtSymbol, 0, Button1, setlayout, {0} }, - { ClkLtSymbol, 0, Button3, setlayout, {.v = &layouts[2]} }, - { ClkWinTitle, 0, Button2, zoom, {0} }, - { ClkStatusText, 0, Button2, spawn, {.v = termcmd } }, - { ClkClientWin, MODKEY, Button1, movemouse, {0} }, - { ClkClientWin, MODKEY, Button2, togglefloating, {0} }, - { ClkClientWin, MODKEY, Button3, resizemouse, {0} }, - { ClkTagBar, 0, Button1, view, {0} }, - { ClkTagBar, 0, Button3, toggleview, {0} }, - { ClkTagBar, MODKEY, Button1, tag, {0} }, - { ClkTagBar, MODKEY, Button3, toggletag, {0} }, - }; - ''; - }; - in "${pkg}/bin/dwm"; - }; - - hm.services.dwm-status = { - enable = true; - # package = pkgs.dwm-status.override { - # enableAlsaUtils = false; - # }; - order = ["audio" "backlight" "battery" "cpu_load" "network" "time"]; - }; - - services.xserver.displayManager.startx.enable = true; - }; -} diff --git a/modules/nixfiles/emacs/default.nix b/modules/nixfiles/emacs/default.nix index 0ae2bf9..933a32e 100644 --- a/modules/nixfiles/emacs/default.nix +++ b/modules/nixfiles/emacs/default.nix @@ -11,17 +11,10 @@ in { options.nixfiles.modules.emacs.enable = mkEnableOption "GNU Emacs"; config = mkIf cfg.enable { - secrets.authinfo = { - file = "${inputs.self}/secrets/authinfo"; - owner = my.username; - inherit (config.my) group; - }; - nixfiles.modules = { fonts.enable = true; git.client.enable = true; gnupg.enable = true; - x11.enable = true; }; hm = { @@ -65,7 +58,6 @@ in { gore # :lang go gotests # :lang go graphviz # :lang (org +roam2) :lang plantuml - grip # :lang (markdown +grip) haskell-language-server # :lang (haskell +lsp) haskellPackages.brittany # :lang haskell :editor format haskellPackages.cabal-fmt # :lang haskell :editor format @@ -97,10 +89,6 @@ in { texlive.combined.scheme-full # :lang org tex unzip # :tools debugger wordnet # :tools (lookup +dictionary +offline) - xclip # :app everywhere - xdotool # :app everywhere - xorg.xprop # :app everywhere - xorg.xwininfo # :app everywhere yaml-language-server # :lang (yaml +lsp) zls # :lang (zig +lsp) zstd # :emacs undo @@ -117,13 +105,11 @@ in { (setq custom-file (file-name-concat doom-emacs-dir "custom.el")) - ;; Font must be set to n+2 because otherwise it looks too small. + Font must be set to n+2 because otherwise it looks too small. (setq doom-font (font-spec :family "${config.fontScheme.monospaceFont.family}" :size ${toString (config.fontScheme.monospaceFont.size + 2)}) doom-unicode-font doom-font) - (appendq! auth-sources '("${config.secrets.authinfo.path}")) - (setq user-full-name "${my.fullname}" user-mail-address "${my.email}") @@ -142,16 +128,6 @@ in { (setq skk-large-jisyo "${pkgs.skk-dicts}/share/skk/SKK-JISYO.L") ''; }; - - services.emacs = { - enable = true; - client.enable = true; - }; }; - - system.extraDependencies = with inputs; [ - emacs-overlay - nix-doom-emacs - ]; }; } diff --git a/modules/nixfiles/emacs/doom/init.el b/modules/nixfiles/emacs/doom/init.el index ef663a0..efb831e 100644 --- a/modules/nixfiles/emacs/doom/init.el +++ b/modules/nixfiles/emacs/doom/init.el @@ -20,7 +20,7 @@ ophints (popup +defaults) ;; tabs - (treemacs +lsp) + ;; (treemacs +lsp) ;; unicode (vc-gutter +diff-hl +pretty) window-select @@ -91,7 +91,7 @@ (javascript +lsp +tree-sitter) json (latex +lsp +tree-sittter) - (lua +lsp +tree-sitter) + ;; (lua +lsp +tree-sitter) (markdown +lsp +tree-sitter) (nix +lsp) (org +pandoc +roam2) @@ -99,7 +99,7 @@ (python +lsp +tree-sitter) ;; (racket +lsp +tree-sitter) ;; rst - (rust +lsp +tree-sitter) + ;; (rust +lsp +tree-sitter) ;; (scheme +lsp +tree-sitter +racket) (sh +lsp +tree-sitter) web @@ -112,7 +112,7 @@ :app calendar ;; emms - everywhere + ;; everywhere irc (rss +org) diff --git a/modules/nixfiles/endlessh-go.nix b/modules/nixfiles/endlessh-go.nix deleted file mode 100644 index 9ceb4e4..0000000 --- a/modules/nixfiles/endlessh-go.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - this, - ... -}: -with lib; let - cfg = config.nixfiles.modules.endlessh-go; -in { - options.nixfiles.modules.endlessh-go.enable = mkEnableOption "endlessh-go"; - - config = let - port = 22; - in - mkIf cfg.enable { - services.endlessh-go = { - enable = true; - listenAddress = "0.0.0.0"; - inherit port; - prometheus = { - enable = true; - listenAddress = this.wireguard.ipv4.address; - port = 9229; - }; - extraOptions = ["-geoip_supplier=ip-api" "-v=1"]; - }; - - networking.firewall.allowedTCPPorts = [port]; - }; -} diff --git a/modules/nixfiles/endlessh.nix b/modules/nixfiles/endlessh.nix deleted file mode 100644 index c66d8b3..0000000 --- a/modules/nixfiles/endlessh.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.endlessh; -in { - options.nixfiles.modules.endlessh.enable = - mkEnableOption "endlessh"; - - config = let - port = 22; - in - mkIf cfg.enable { - assertions = [ - { - assertion = !(any (x: x == port) config.services.openssh.ports); - message = "Port ${toString port} is already occupied by OpenSSH"; - } - ]; - - systemd.services.endlessh = { - description = "Endlessh SSH Tarpit"; - requires = ["network-online.target"]; - serviceConfig = { - Restart = "always"; - ExecStart = concatStringsSep " " [ - "${pkgs.endlessh}/bin/endlessh" - "-v" - "-4" - "-p ${toString port}" - ]; - KillSignal = "SIGTERM"; - AmbientCapabilities = "CAP_NET_BIND_SERVICE"; - DynamicUser = true; - StateDirectory = "endlessh"; - }; - wantedBy = ["multi-user.target"]; - }; - - networking.firewall.allowedTCPPorts = [port]; - }; -} diff --git a/modules/nixfiles/fail2ban.nix b/modules/nixfiles/fail2ban.nix deleted file mode 100644 index 5ac3c9c..0000000 --- a/modules/nixfiles/fail2ban.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ - config, - lib, - this, - ... -}: -with lib; let - cfg = config.nixfiles.modules.fail2ban; -in { - options.nixfiles.modules.fail2ban.enable = - mkEnableOption "fail2ban"; - - config = mkIf cfg.enable { - services.fail2ban = { - enable = true; - - bantime-increment = { - enable = true; - maxtime = "24h"; - rndtime = "8m"; - }; - - ignoreIP = - optionals (hasAttr "wireguard" this) - (with config.nixfiles.modules.wireguard; [ipv4.subnet ipv6.subnet]); - - jails.DEFAULT = '' - blocktype = DROP - ''; - }; - }; -} diff --git a/modules/nixfiles/firefox/default.nix b/modules/nixfiles/firefox/default.nix index 8557d64..cd651a6 100644 --- a/modules/nixfiles/firefox/default.nix +++ b/modules/nixfiles/firefox/default.nix @@ -276,23 +276,17 @@ in { }; }; - extensions = with pkgs.nur.repos.rycee.firefox-addons; - [ - bitwarden - consent-o-matic - darkreader - localcdn - noscript - privacy-redirect - ublock-origin - violentmonkey - ] - ++ optional config.nixfiles.modules.ipfs.enable ipfs-companion; + extensions = with pkgs.nur.repos.rycee.firefox-addons; [ + bitwarden + consent-o-matic + darkreader + localcdn + noscript + privacy-redirect + ublock-origin + violentmonkey + ]; }; }; - - services.psd.enable = true; - - system.extraDependencies = [inputs.arkenfox-nixos]; }; } diff --git a/modules/nixfiles/firefox/userChrome.css b/modules/nixfiles/firefox/userChrome.css index 23fc336..5300d17 100644 --- a/modules/nixfiles/firefox/userChrome.css +++ b/modules/nixfiles/firefox/userChrome.css @@ -94,8 +94,8 @@ min-width: 1.6em; } - #back-button, #forward-button, + #back-button, #context-bookmarklink, #context-inspect-a11y, #context-navigation, @@ -117,7 +117,8 @@ #context_moveTabOptions, #context_reopenInContainer, #context_selectAllTabs, - #context_sendTabToDevice { + #context_sendTabToDevice, + #webrtcIndicator { display: none !important; } } diff --git a/modules/nixfiles/fonts.nix b/modules/nixfiles/fonts.nix index dbae282..483de0d 100644 --- a/modules/nixfiles/fonts.nix +++ b/modules/nixfiles/fonts.nix @@ -80,51 +80,12 @@ in { }; }; - config = mkMerge [ - (mkIf cfg.enable { - hm.fonts.fontconfig.enable = true; - - fonts = { - fonts = with pkgs; [ - iosevka-bin - (iosevka-bin.override {variant = "aile";}) - (iosevka-bin.override {variant = "etoile";}) - sarasa-gothic - ]; - - fontconfig = { - enable = true; - - defaultFonts = { - monospace = [ - "Iosevka" - "Sarasa Mono K" - "Sarasa Mono J" - "Sarasa Mono SC" - "Sarasa Mono CL" - ]; - sansSerif = [ - "Iosevka Aile" - "Sarasa Gothic K" - "Sarasa Gothic J" - "Sarasa Gothic SC" - "Sarasa Gothic CL" - ]; - serif = [ - "Iosevka Etoile" - "Sarasa Gothic K" - "Sarasa Gothic J" - "Sarasa Gothic SC" - "Sarasa Gothic CL" - ]; - }; - }; - }; - }) - (mkIf (!cfg.enable) { - # Disable fonts for headless profiles. - hm.fonts.fontconfig.enable = mkForce false; - fonts.fontconfig.enable = mkForce false; - }) - ]; + config = mkIf cfg.enable { + fonts.fonts = with pkgs; [ + iosevka-bin + (iosevka-bin.override {variant = "aile";}) + (iosevka-bin.override {variant = "etoile";}) + sarasa-gothic + ]; + }; } diff --git a/modules/nixfiles/games/default.nix b/modules/nixfiles/games/default.nix deleted file mode 100644 index 1c5766b..0000000 --- a/modules/nixfiles/games/default.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; let - cfg = config.nixfiles.modules.games; -in { - imports = [ - ./gamemode.nix - ./gog.nix - ./lutris.nix - ./mangohud.nix - ./minecraft.nix - ./steam-run.nix - ./steam.nix - ]; - - options.nixfiles.modules.games.enable32BitSupport = - mkEnableOption "support for games"; - - config = mkIf cfg.enable32BitSupport { - services = { - jack.alsa.support32Bit = config.services.jack.alsa.enable; - - pipewire.alsa.support32Bit = config.services.pipewire.alsa.enable; - }; - - hardware = { - opengl = mkIf config.hardware.opengl.enable { - extraPackages32 = config.hardware.opengl.extraPackages; - driSupport32Bit = config.hardware.opengl.driSupport; - }; - - pulseaudio.support32Bit = config.hardware.pulseaudio.enable; - }; - }; -} diff --git a/modules/nixfiles/games/gamemode.nix b/modules/nixfiles/games/gamemode.nix deleted file mode 100644 index 051d12e..0000000 --- a/modules/nixfiles/games/gamemode.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; let - cfg = config.nixfiles.modules.games.gamemode; -in { - options.nixfiles.modules.games.gamemode.enable = - mkEnableOption "Feral GameMode"; - - config = mkIf cfg.enable {programs.gamemode.enable = true;}; -} diff --git a/modules/nixfiles/games/gog.nix b/modules/nixfiles/games/gog.nix deleted file mode 100644 index 86039f1..0000000 --- a/modules/nixfiles/games/gog.nix +++ /dev/null @@ -1,18 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.games.gog; -in { - options.nixfiles.modules.games.gog.enable = - mkEnableOption "stand-alone GOG clients and the ability to run GOG games"; - - config = mkIf cfg.enable { - nixfiles.modules.games.steam-run.enable = true; - - hm.home.packages = with pkgs; [lgogdownloader]; - }; -} diff --git a/modules/nixfiles/games/lutris.nix b/modules/nixfiles/games/lutris.nix deleted file mode 100644 index e7faef3..0000000 --- a/modules/nixfiles/games/lutris.nix +++ /dev/null @@ -1,35 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.games.lutris; -in { - options.nixfiles.modules.games.lutris.enable = mkEnableOption "Lutris"; - - config = mkIf cfg.enable { - nixfiles.modules.games = { - gamemode.enable = true; - mangohud.enable = true; - steam-run.enable = true; - }; - - # This removes the annoying warning. - boot.kernel.sysctl."dev.i915.perf_stream_paranoid" = 0; - - hm.home.packages = with pkgs; [ - (lutris.override { - lutris-unwrapped = lutris-unwrapped.override { - wine = buildFHSUserEnv { - # We don't really need Wine because Lutris downloads the required - # runtime for us. - name = "empty"; - }; - }; - steamSupport = false; - }) - ]; - }; -} diff --git a/modules/nixfiles/games/mangohud.nix b/modules/nixfiles/games/mangohud.nix deleted file mode 100644 index b521687..0000000 --- a/modules/nixfiles/games/mangohud.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; let - cfg = config.nixfiles.modules.games.mangohud; -in { - options.nixfiles.modules.games.mangohud.enable = mkEnableOption "MangoHud"; - - config = mkIf cfg.enable { - hm.programs.mangohud = { - enable = true; - settings = { - fps = true; - gpu_stats = true; - gpu_temp = true; - cpu_stats = true; - cpu_temp = true; - }; - settingsPerApplication = { - mpv.no_display = true; - }; - }; - }; -} diff --git a/modules/nixfiles/games/minecraft.nix b/modules/nixfiles/games/minecraft.nix deleted file mode 100644 index 47279f8..0000000 --- a/modules/nixfiles/games/minecraft.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.games.minecraft; -in { - options.nixfiles.modules.games.minecraft = { - client.enable = mkEnableOption "Minecraft client"; - server = { - enable = mkEnableOption "Minecraft server"; - - memory = mkOption { - description = "Amount of RAM to allocate."; - type = types.str; - default = "2G"; - }; - }; - }; - - config = mkMerge [ - (mkIf cfg.client.enable { - hm.home.packages = with pkgs; [pollymc]; - - system.extraDependencies = [inputs.pollymc]; - }) - (mkIf cfg.server.enable { - # Configurations, opslist, whitelist and plugins are managed imperatively. - # TODO Make it declarative. - services.minecraft-server = { - enable = true; - eula = true; - - package = pkgs.minecraftServers.purpur_1_19_2; - - # TODO Make a PR fixing trailing whitespace on this. - jvmOpts = - (concatStringsSep " " [ - "-Xmx${cfg.server.memory}" - "-Xms${cfg.server.memory}" - "--add-modules=jdk.incubator.vector" - ]) - + " "; - }; - - # Defined in /var/lib/minecraft/server.properties. - networking.firewall.allowedTCPPorts = [55565]; - - system.extraDependencies = [inputs.nix-minecraft-servers]; - }) - ]; -} diff --git a/modules/nixfiles/games/steam-run.nix b/modules/nixfiles/games/steam-run.nix deleted file mode 100644 index 4731fd6..0000000 --- a/modules/nixfiles/games/steam-run.nix +++ /dev/null @@ -1,69 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.games.steam-run; -in { - options.nixfiles.modules.games.steam-run = { - enable = mkEnableOption "native Steam runtime"; - - quirks = { - mountandblade = mkEnableOption ''fixes for "Mount & Blade: Warband" issues''; - }; - }; - - config = mkIf cfg.enable { - nixfiles.modules = { - games = { - enable32BitSupport = true; - gamemode.enable = true; - }; - }; - - hm.home.packages = with pkgs; [ - (steam.override { - extraLibraries = _: - with cfg.quirks; - optionals mountandblade [ - (glew.overrideAttrs (_: super: let - opname = super.pname; - in rec { - pname = "${opname}-mbw"; - inherit (super) version; - src = fetchurl { - url = "mirror://sourceforge/${opname}/${opname}-${version}.tgz"; - hash = "sha256-BN6R5+Z2MDm8EZQAlc2cf4gLq6ghlqd2X3J6wFqZPJU="; - }; - })) - (fmodex.overrideAttrs (_: super: let - opname = super.pname; - in rec { - pname = "${opname}-mbw"; - inherit (super) version; - installPhase = let - libPath = makeLibraryPath [ - alsa-lib - libpulseaudio - stdenv.cc.cc - ]; - in '' - install -Dm755 api/lib/libfmodex64-${version}.so $out/lib/libfmodex64.so - patchelf --set-rpath ${libPath} $out/lib/libfmodex64.so - ''; - })) - ]; - }) - .run - ]; - - nixpkgs.config.allowUnfreePredicate = p: - elem (getName p) [ - "steam" - "steam-original" - "steam-run" - ]; - }; -} diff --git a/modules/nixfiles/games/steam.nix b/modules/nixfiles/games/steam.nix deleted file mode 100644 index bbd01f6..0000000 --- a/modules/nixfiles/games/steam.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.games.steam; -in { - options.nixfiles.modules.games.steam.enable = - mkEnableOption "Steam runtime"; - - config = mkIf cfg.enable { - nixfiles.modules.games = { - enable32BitSupport = true; - gamemode.enable = true; - }; - - hm.home.packages = with pkgs; [steam]; - - nixpkgs.config.allowUnfreePredicate = p: - elem (getName p) [ - "steam" - "steam-original" - "steam-run" - ]; - }; -} diff --git a/modules/nixfiles/git.nix b/modules/nixfiles/git.nix index facff2f..2c1dd1f 100644 --- a/modules/nixfiles/git.nix +++ b/modules/nixfiles/git.nix @@ -1,224 +1,117 @@ { config, lib, - inputs, pkgs, ... }: with lib; let cfg = config.nixfiles.modules.git; in { - options.nixfiles.modules.git = { - client.enable = mkEnableOption "Git client"; - server = { - enable = mkEnableOption "Git server"; + options.nixfiles.modules.git.client.enable = + mkEnableOption "Git client"; - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; nullOr str; - default = "git.${config.networking.domain}"; - }; - - package = mkOption { - description = "Package."; - type = types.package; - default = pkgs.cgit-pink; - }; - }; - }; - - config = mkMerge [ - (mkIf cfg.client.enable { - secrets = { - glab-cli-config = { - file = "${inputs.self}/secrets/glab-cli-config"; - path = "${config.dirs.config}/glab-cli/config.yml"; - owner = my.username; - inherit (config.my) group; - }; - gh-hosts = { - file = "${inputs.self}/secrets/gh-hosts"; - path = "${config.dirs.config}/gh/hosts.yml"; - owner = my.username; - inherit (config.my) group; - }; - hut = { - file = "${inputs.self}/secrets/hut"; - path = "${config.dirs.config}/hut/config"; - owner = my.username; - inherit (config.my) group; - }; - }; - - hm = { - home.packages = with pkgs; [glab hut]; - - programs = { - git = { - enable = true; - - package = pkgs.git.override { - doInstallCheck = false; - pythonSupport = false; - sendEmailSupport = true; - withLibsecret = false; - withSsh = true; - }; - - userName = my.fullname; - userEmail = my.email; - signing = { - inherit (my.pgp) key; - signByDefault = true; - }; - - extraConfig = - { - advice.detachedHead = false; - color.ui = true; - core.whitespace = "trailing-space"; - diff = { - mnemonicPrefix = true; - renames = "copies"; - submodule = "log"; - }; - init.defaultBranch = "master"; - status.submoduleSummary = true; - github.user = my.username; - gitlab.user = my.username; - } - // mapAttrs' - (n: v: nameValuePair ''url "git@${v}:"'' {insteadOf = "${n}:";}) { - "alpine" = "gitlab.alpinelinux.org"; - "bitbucket" = "bitbucket.com"; - "codeberg" = "codeberg.org"; - "freedesktop" = "gitlab.freedesktop.org"; - "github" = "github.com"; - "gitlab" = "gitlab.com"; - "gnome" = "gitlab.gnome.org"; - "haskell" = "gitlab.haskell.org"; - "kde" = "invent.kde.org"; - "notabug" = "notabug.org"; - "opencode" = "opencode.net"; - "sourcehut" = "git.sr.ht"; - "videolan" = "code.videolan.org"; - }; + config = mkIf cfg.client.enable { + hm = { + home.packages = with pkgs; [glab hut]; - aliases = let - git = "${config.hm.programs.git.package}/bin/git"; - curl = "${pkgs.curl}/bin/curl"; - in { - fuck = "!${git} reset --hard && ${git} clean -fdx"; - gud = ''commit -m "git gud"''; - wtc = "!${curl} -sq whatthecommit.com/index.txt | ${git} commit -F -"; - }; + programs = { + git = { + enable = true; - # All helper tools/editor generated files should go here. This must - # be kept relatively clean and void of any project-specific residual - # files. - ignores = [ - "*~" - ".cache/clangd/" - ".ccls-cache/" - ".dir-locals.el" - ".gdb_history" - ".netrwhist" - ".projectile" - "[._]*.s[a-v][a-z]" - "[._]*.sw[a-p]" - "[._]s[a-rt-v][a-z]" - "[._]ss[a-gi-z]" - "[._]sw[a-p]" - "\#*\#" - "compile_commands*.json" - "cscope.*" - "vgcore.*" - ]; + package = pkgs.git.override { + doInstallCheck = false; + pythonSupport = false; + sendEmailSupport = true; + withLibsecret = false; + withSsh = true; }; - gh = { - enable = true; - settings.git_protocol = "ssh"; + userName = my.fullname; + userEmail = my.email; + signing = { + inherit (my.pgp) key; + signByDefault = true; }; - bash = { - shellAliases = { - gl = "${pkgs.glab}/bin/glab"; - ht = "${pkgs.hut}/bin/hut"; + extraConfig = + { + advice.detachedHead = false; + color.ui = true; + core.whitespace = "trailing-space"; + diff = { + mnemonicPrefix = true; + renames = "copies"; + submodule = "log"; + }; + init.defaultBranch = "master"; + status.submoduleSummary = true; + } + // mapAttrs' + (n: v: nameValuePair ''url "git@${v}:"'' {insteadOf = "${n}:";}) { + "alpine" = "gitlab.alpinelinux.org"; + "bitbucket" = "bitbucket.com"; + "codeberg" = "codeberg.org"; + "freedesktop" = "gitlab.freedesktop.org"; + "github" = "github.com"; + "gitlab" = "gitlab.com"; + "gnome" = "gitlab.gnome.org"; + "haskell" = "gitlab.haskell.org"; + "kde" = "invent.kde.org"; + "notabug" = "notabug.org"; + "opencode" = "opencode.net"; + "sourcehut" = "git.sr.ht"; + "videolan" = "code.videolan.org"; }; - initExtra = mkAfter '' - _complete_alias gl __start_glab glab - _complete_alias ht __start_hut hut - ''; - }; - }; - }; - }) - (mkIf cfg.server.enable { - nixfiles.modules.nginx = { - enable = true; - virtualHosts.${cfg.server.domain} = { - locations = { - "/".extraConfig = let - cgitrc = pkgs.writeText "cgitrc" '' - root-title=azahi’s git stuff - root-desc=鯛も一人はうまからず - - about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh - source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py - commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh - - enable-git-config=1 - enable-gitweb-owner=1 - remove-suffix=1 - snapshots=tar.gz tar.bz2 zip - - readme=:README - readme=:README.md - readme=:README.org - readme=:README.txt - readme=:readme - readme=:readme.md - readme=:readme.org - readme=:readme.txt - - scan-path=${config.services.gitolite.dataDir}/repositories - ''; - in '' - include ${config.services.nginx.package}/conf/fastcgi_params; - fastcgi_split_path_info ^(/?)(.+)$; - fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; - fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi; - fastcgi_param CGIT_CONFIG ${cgitrc}; - fastcgi_param PATH_INFO $uri; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - ''; - # FIXME This breaks sources previewing for these files. - "~* ^/(.+.(ico|css|png))$".extraConfig = '' - alias ${cfg.server.package}/cgit/$1; - ''; + aliases = let + git = "${config.hm.programs.git.package}/bin/git"; + curl = "${pkgs.curl}/bin/curl"; + in { + fuck = "!${git} reset --hard && ${git} clean -fdx"; + gud = ''commit -m "git gud"''; + wtc = "!${curl} -sq whatthecommit.com/index.txt | ${git} commit -F -"; }; + + # All helper tools/editor generated files should go here. This must + # be kept relatively clean and void of any project-specific residual + # files. + ignores = [ + "*~" + ".DS_Store" + ".cache/clangd/" + ".ccls-cache/" + ".dir-locals.el" + ".gdb_history" + ".netrwhist" + ".projectile" + "[._]*.s[a-v][a-z]" + "[._]*.sw[a-p]" + "[._]s[a-rt-v][a-z]" + "[._]ss[a-gi-z]" + "[._]sw[a-p]" + "\#*\#" + "compile_commands*.json" + "cscope.*" + "vgcore.*" + ]; }; - }; - services = let - user = "git"; - group = "git"; - in { - gitolite = { - # TODO Make the configuration purely declarative. + gh = { enable = true; - inherit user group; - adminPubkey = my.ssh.key; + settings.git_protocol = "ssh"; }; - fcgiwrap = { - enable = true; - inherit user group; + bash = { + shellAliases = { + gl = "${pkgs.glab}/bin/glab"; + ht = "${pkgs.hut}/bin/hut"; + }; + initExtra = mkAfter '' + _complete_alias gl __start_glab glab + _complete_alias ht __start_hut hut + ''; }; }; - }) - ]; + }; + }; } diff --git a/modules/nixfiles/gnupg.nix b/modules/nixfiles/gnupg.nix index c1419e4..c0f10f9 100644 --- a/modules/nixfiles/gnupg.nix +++ b/modules/nixfiles/gnupg.nix @@ -6,83 +6,53 @@ with lib; let cfg = config.nixfiles.modules.gnupg; in { - options.nixfiles.modules.gnupg = { - enable = mkEnableOption "GnuPG"; - - pinentry = mkOption { - description = "Name of a pinentry implementation."; - type = types.str; - default = "curses"; - }; - }; + options.nixfiles.modules.gnupg.enable = mkEnableOption "GnuPG"; config = mkIf cfg.enable { - hm = { - programs.gpg = { - enable = true; - - homedir = "${config.dirs.data}/gnupg"; - - settings = - { - display-charset = "utf-8"; - enable-progress-filter = true; - fixed-list-mode = true; - keyid-format = "0xlong"; - no-comments = true; - no-emit-version = true; - no-greeting = true; - with-fingerprint = true; - throw-keyids = false; - - use-agent = true; - - armor = true; - - no-random-seed-file = true; - - list-options = "show-uid-validity"; - verify-options = "show-uid-validity"; - } - // (let - cipherAlgos = ["AES256" "AES192" "AES"]; - compressionAlgos = ["ZLIB" "BZIP2" "ZIP" "Uncompressed"]; - digestAlgos = ["SHA512" "SHA384" "SHA256" "SHA224"]; - - cs = concatStringsSep " "; - in { - default-preference-list = - cs (digestAlgos ++ cipherAlgos ++ compressionAlgos); - - personal-cipher-preferences = cs cipherAlgos; - personal-compress-preferences = cs compressionAlgos; - personal-digest-preferences = cs digestAlgos; - - s2k-cipher-algo = head cipherAlgos; - s2k-digest-algo = head digestAlgos; - - digest-algo = head digestAlgos; - cert-digest-algo = head digestAlgos; - }); - }; - - services.gpg-agent = { - enable = true; - - enableSshSupport = true; - enableScDaemon = false; - - defaultCacheTtl = 999999; - defaultCacheTtlSsh = 999999; - maxCacheTtl = 999999; - maxCacheTtlSsh = 999999; - - grabKeyboardAndMouse = true; - - sshKeys = [my.pgp.grip]; - - pinentryFlavor = cfg.pinentry; - }; + hm.programs.gpg = { + enable = true; + + settings = + { + display-charset = "utf-8"; + enable-progress-filter = true; + fixed-list-mode = true; + keyid-format = "0xlong"; + no-comments = true; + no-emit-version = true; + no-greeting = true; + with-fingerprint = true; + throw-keyids = false; + + use-agent = true; + + armor = true; + + no-random-seed-file = true; + + list-options = "show-uid-validity"; + verify-options = "show-uid-validity"; + } + // (let + cipherAlgos = ["AES256" "AES192" "AES"]; + digestAlgos = ["SHA512" "SHA384" "SHA256" "SHA224"]; + compressionAlgos = ["ZLIB" "BZIP2" "ZIP" "Uncompressed"]; + + cs = concatStringsSep " "; + in { + default-preference-list = + cs (cipherAlgos ++ digestAlgos ++ compressionAlgos); + + personal-cipher-preferences = cs cipherAlgos; + personal-digest-preferences = cs digestAlgos; + personal-compress-preferences = cs compressionAlgos; + + s2k-cipher-algo = head cipherAlgos; + s2k-digest-algo = head digestAlgos; + + digest-algo = head digestAlgos; + cert-digest-algo = head digestAlgos; + }); }; }; } diff --git a/modules/nixfiles/gotify.nix b/modules/nixfiles/gotify.nix deleted file mode 100644 index db47bb4..0000000 --- a/modules/nixfiles/gotify.nix +++ /dev/null @@ -1,75 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; let - cfg = config.nixfiles.modules.gotify; -in { - options.nixfiles.modules.gotify = { - enable = mkEnableOption "Gotify"; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = "gotify.${config.networking.domain}"; - }; - }; - - config = let - db = "gotify"; - in - mkIf cfg.enable { - nixfiles.modules = { - nginx = { - enable = true; - upstreams.gotify.servers."127.0.0.1:${toString config.services.gotify.port}" = {}; - virtualHosts.${cfg.domain} = { - locations."/" = { - proxyPass = "http://gotify"; - proxyWebsockets = true; - }; - extraConfig = nginxInternalOnly; - }; - }; - postgresql = { - enable = true; - extraPostStart = [ - '' - $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"' - '' - ]; - }; - }; - - services = { - gotify = { - enable = true; - port = 7665; - }; - - postgresql = { - ensureDatabases = [db]; - ensureUsers = [ - { - name = db; - ensurePermissions."DATABASE \"${db}\"" = "ALL"; - } - ]; - }; - }; - - systemd.services.gotify-server = { - after = ["network-online.target" "postgresql.service"]; - environment = { - GOTIFY_DATABASE_DIALECT = "postgres"; - GOTIFY_DATABASE_CONNECTION = concatStringsSep " " [ - "host=/run/postgresql" - "user=${db}" - "dbname=${db}" - "sslmode=disable" - ]; - }; - }; - }; -} diff --git a/modules/nixfiles/grafana.nix b/modules/nixfiles/grafana.nix deleted file mode 100644 index a614502..0000000 --- a/modules/nixfiles/grafana.nix +++ /dev/null @@ -1,119 +0,0 @@ -{ - config, - inputs, - lib, - ... -}: -with lib; let - cfg = config.nixfiles.modules.grafana; -in { - options.nixfiles.modules.grafana = { - enable = mkEnableOption "Grafana"; - - port = mkOption { - description = "Port."; - type = with types; port; - default = 30101; - }; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; nullOr str; - default = "grafana.${config.networking.domain}"; - }; - }; - - config = let - db = "grafana"; - in - mkIf cfg.enable { - secrets = { - grafana-key = { - file = "${inputs.self}/secrets/grafana-key"; - owner = "grafana"; - group = "grafana"; - }; - grafana-admin-password = { - file = "${inputs.self}/secrets/grafana-admin-password"; - owner = "grafana"; - group = "grafana"; - }; - grafana-smtp-password = { - file = "${inputs.self}/secrets/grafana-smtp-password"; - owner = "grafana"; - group = "grafana"; - }; - }; - - nixfiles.modules = { - nginx = { - enable = true; - upstreams.grafana.servers."127.0.0.1:${toString cfg.port}" = {}; - virtualHosts.${cfg.domain} = { - locations."/" = { - proxyPass = "http://grafana"; - proxyWebsockets = true; - }; - extraConfig = nginxInternalOnly; - }; - }; - postgresql = { - enable = true; - extraPostStart = [ - '' - $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"' - '' - ]; - }; - }; - - services = { - grafana = { - enable = true; - - settings = { - server = with cfg; { - protocol = "http"; - http_addr = "127.0.0.1"; - http_port = port; - inherit domain; - enable_gzip = true; - }; - database = { - type = "postgres"; - host = "/run/postgresql"; - name = db; - user = db; - }; - smtp = { - enable = true; - user = "azahi@shire.me"; - host = my.domain.shire; - password = "$__file{${config.secrets.grafana-smtp-password.path}}"; - }; - user = { - allow_org_create = false; - allow_sign_up = false; - auto_assign_org = false; - auto_assign_org_role = "Viewer"; - }; - security = with config.secrets; { - secret_key = grafana-key.path; - admin_password = grafana-admin-password.path; - }; - analytics.reporting_enable = false; - }; - }; - - postgresql = { - ensureDatabases = [db]; - ensureUsers = [ - { - name = db; - ensurePermissions."DATABASE \"${db}\"" = "ALL"; - } - ]; - }; - }; - }; -} diff --git a/modules/nixfiles/hydra.nix b/modules/nixfiles/hydra.nix deleted file mode 100644 index 590fecb..0000000 --- a/modules/nixfiles/hydra.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; let - cfg = config.nixfiles.modules.hydra; -in { - options.nixfiles.modules.hydra = { - enable = mkEnableOption "Hydra"; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = "hydra.${config.networking.domain}"; - }; - - port = mkOption { - description = "Port."; - type = with types; port; - default = 7754; - }; - }; - - config = mkIf cfg.enable { - nixfiles.modules = { - nginx = { - enable = true; - upstreams.hydra.servers."127.0.0.1:${toString cfg.port}" = {}; - virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://hydra"; - }; - postgresql.enable = true; - }; - - services = let - db = "hydra"; - in { - hydra = { - enable = true; - listenHost = "127.0.0.1"; - inherit (cfg) port; - dbi = "dbi:Pg:dbname=${db};user=${db}"; - hydraURL = cfg.domain; - }; - - postgresql = { - ensureDatabases = [db]; - ensureUsers = [ - { - name = db; - ensurePermissions."DATABASE \"${db}\"" = "ALL"; - } - ]; - }; - }; - }; -} diff --git a/modules/nixfiles/ipfs.nix b/modules/nixfiles/ipfs.nix deleted file mode 100644 index 0ec64e5..0000000 --- a/modules/nixfiles/ipfs.nix +++ /dev/null @@ -1,167 +0,0 @@ -{ - config, - lib, - this, - ... -}: -with lib; let - cfg = config.nixfiles.modules.ipfs; - - swarmDefaultPort = 4001; - apiDefaultPort = 5001; - gatewayDefaultPort = 6001; -in { - options.nixfiles.modules.ipfs = { - enable = mkEnableOption "IPFS daemon"; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = "ipfs.${config.networking.fqdn}"; - }; - - swarmPort = mkOption { - description = "Swarm port."; - type = with types; port; - default = - if this.isHeadless - then swarmDefaultPort + 990 - else swarmDefaultPort; - }; - - apiPort = mkOption { - description = "API port."; - type = with types; port; - default = - if this.isHeadless - then apiDefaultPort + 990 - else apiDefaultPort; - }; - - gatewayPort = mkOption { - description = "Gateway port."; - type = with types; port; - default = - if this.isHeadless - then gatewayDefaultPort + 990 - else gatewayDefaultPort; - }; - }; - - config = mkIf cfg.enable (mkMerge [ - { - services.ipfs = { - enable = true; - - user = my.username; - inherit (config.my) group; - - dataDir = "${config.dirs.data}/ipfs"; - - swarmAddress = let - port = toString cfg.swarmPort; - in - if this.isHeadless - then [ - "/ip4/127.0.0.1/tcp/${port}" - "/ip4/127.0.0.1/udp/${port}/quic" - ] - else [ - "/ip4/0.0.0.0/tcp/${port}" - "/ip6/::/tcp/${port}" - "/ip4/0.0.0.0/udp/${port}/quic" - "/ip6/::/udp/${port}/quic" - ]; - apiAddress = "/ip4/127.0.0.1/tcp/${toString cfg.apiPort}"; - gatewayAddress = "/ip4/127.0.0.1/tcp/${toString cfg.gatewayPort}"; - - autoMigrate = true; - autoMount = true; - emptyRepo = true; - enableGC = true; - - extraConfig = mkMerge [ - (let - filterAddresses = - [ - "/ip4/100.64.0.0/ipcidr/10" - "/ip4/169.254.0.0/ipcidr/16" - "/ip4/172.16.0.0/ipcidr/12" - "/ip4/192.0.0.0/ipcidr/24" - "/ip4/192.0.2.0/ipcidr/24" - "/ip4/192.168.0.0/ipcidr/16" - "/ip4/198.18.0.0/ipcidr/15" - "/ip4/198.51.100.0/ipcidr/24" - "/ip4/203.0.113.0/ipcidr/24" - "/ip4/240.0.0.0/ipcidr/4" - "/ip6/100::/ipcidr/64" - "/ip6/2001:2::/ipcidr/48" - "/ip6/2001:db8::/ipcidr/32" - "/ip6/fe80::/ipcidr/10" - ] - ++ optionals (!hasAttr "wireguard" this) [ - "/ip4/10.0.0.0/ipcidr/8" - "/ip6/fc00::/ipcidr/7" - ]; - in { - Addresses = with config.services.ipfs; { - # https://github.com/NixOS/nixpkgs/pull/165259 - # I think this shit broke inheritance... Gotta test more and make - # a PR I guess. - API = apiAddress; - Gateway = gatewayAddress; - Swarm = swarmAddress; - - NoAnnounce = filterAddresses; - }; - Swarm.AddrFilters = filterAddresses; - API.HTTPHeaders.Access-Control-Allow-Methods = ["GET" "POST" "PUT"]; - }) - (mkIf this.isHeadful { - API.HTTPHeaders.Access-Control-Allow-Origin = ["*"]; - }) - (mkIf this.isHeadless { - API.HTTPHeaders.Access-Control-Allow-Origin = ["https://${cfg.domain}" "https://api.${cfg.domain}"]; - }) - ]; - }; - - networking.firewall = rec { - allowedTCPPorts = [swarmDefaultPort]; - allowedUDPPorts = allowedTCPPorts; - }; - } - (mkIf this.isHeadless { - nixfiles.modules.nginx = { - enable = true; - upstreams = { - ipfs_gateway.servers."127.0.0.1:${toString cfg.gatewayPort}" = {}; - ipfs_swarm.servers."127.0.0.1:${toString cfg.swarmPort}" = {}; - ipfs_api.servers."127.0.0.1:${toString cfg.apiPort}" = {}; - }; - virtualHosts = { - ${cfg.domain}.locations."/".proxyPass = "http://ipfs_gateway"; - "swarm.${cfg.domain}" = { - serverName = cfg.domain; - listen = [ - { - addr = "0.0.0.0"; - port = swarmDefaultPort; - } - { - addr = "[::0]"; - port = swarmDefaultPort; - } - ]; - locations."/".proxyPass = "http://ipfs_swarm"; - }; - "api.${cfg.domain}" = { - # TODO Redirect "/" to "/webui" but keep other endpoints. - locations."/".proxyPass = "http://ipfs_api"; - extraConfig = nginxInternalOnly; - }; - }; - }; - }) - ]); -} diff --git a/modules/nixfiles/kde.nix b/modules/nixfiles/kde.nix deleted file mode 100644 index a430294..0000000 --- a/modules/nixfiles/kde.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.kde; -in { - options.nixfiles.modules.kde.enable = mkEnableOption "KDE Plasma"; - - config = mkIf cfg.enable { - nixfiles.modules = { - gnupg.pinentry = "qt"; - sound.enable = true; - x11.enable = true; - }; - - hm = { - home.sessionVariables.GTK_USE_PORTAL = 1; - - programs.firefox.profiles.default.settings = { - "widget.use-xdg-desktop-portal.file-picker" = 1; - "widget.use-xdg-desktop-portal.mime-handler" = 1; - }; - }; - - services.xserver = { - desktopManager.plasma5 = { - enable = true; - excludePackages = with pkgs.plasma5Packages; [ - elisa - gwenview - khelpcenter - okular - print-manager - ]; - }; - displayManager = { - sddm.enable = true; - - # NOTE https://github.com/NixOS/nixpkgs/pull/199881 - setupCommands = lib.mkForce ""; - }; - }; - - environment.systemPackages = with pkgs; [pinentry-qt]; - }; -} diff --git a/modules/nixfiles/libvirtd.nix b/modules/nixfiles/libvirtd.nix deleted file mode 100644 index ae8b336..0000000 --- a/modules/nixfiles/libvirtd.nix +++ /dev/null @@ -1,44 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.libvirtd; -in { - options.nixfiles.modules.libvirtd.enable = mkEnableOption "libvirtd"; - - config = mkIf cfg.enable { - virtualisation.libvirtd = { - enable = true; - - onBoot = "ignore"; - onShutdown = "shutdown"; - - extraConfig = '' - log_level = 4 - log_outputs = "4:stderr" - ''; - - qemu = { - package = pkgs.qemu_kvm; - runAsRoot = false; - - ovmf = { - enable = true; - packages = [pkgs.OVMFFull.fd]; - }; - - swtpm = { - enable = false; # Is this required for Windows 11? - package = pkgs.swtpm-tpm2; - }; - }; - }; - - environment.systemPackages = with pkgs; [virt-manager qemu-utils]; - - my.extraGroups = ["libvirtd"]; - }; -} diff --git a/modules/nixfiles/lidarr.nix b/modules/nixfiles/lidarr.nix deleted file mode 100644 index f73f917..0000000 --- a/modules/nixfiles/lidarr.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; let - cfg = config.nixfiles.modules.lidarr; -in { - options.nixfiles.modules.lidarr = { - enable = mkEnableOption "Lidarr"; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = "lidarr.${config.networking.fqdn}"; - }; - }; - - config = mkIf cfg.enable { - nixfiles.modules.nginx = { - enable = true; - upstreams.lidarr.servers."127.0.0.1:8686" = {}; - virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://lidarr"; - }; - - services.lidarr.enable = true; - }; -} diff --git a/modules/nixfiles/loki.nix b/modules/nixfiles/loki.nix deleted file mode 100644 index 1582164..0000000 --- a/modules/nixfiles/loki.nix +++ /dev/null @@ -1,102 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.loki; -in { - options.nixfiles.modules.loki = { - enable = mkEnableOption "Loki"; - - port = mkOption { - description = "Port."; - type = with types; port; - default = 30171; - }; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = "loki.${config.networking.domain}"; - }; - }; - - config = mkIf cfg.enable { - nixfiles.modules.nginx = with cfg; { - enable = true; - upstreams.loki.servers."127.0.0.1:${toString cfg.port}" = {}; - virtualHosts.${domain} = { - locations."/".proxyPass = "http://loki"; - extraConfig = nginxInternalOnly; - }; - }; - - services.loki = { - enable = true; - - configuration = rec { - auth_enabled = false; - - server = rec { - http_listen_address = "127.0.0.1"; - http_listen_port = cfg.port; - - grpc_listen_address = "127.0.0.1"; - grpc_listen_port = http_listen_port + 1; - - log_level = "warn"; - }; - - common = rec { - path_prefix = "/var/lib/loki"; - storage.filesystem = { - chunks_directory = "${path_prefix}/chunker"; - rules_directory = "${path_prefix}/ruler"; - }; - replication_factor = 1; - instance_interface_names = ["lo"]; - ring = { - instance_addr = "127.0.0.1"; - kvstore.store = "inmemory"; - }; - }; - - ruler = { - rule_path = "${common.path_prefix}/ruler"; - storage = { - type = "local"; - local.directory = - pkgs.writeTextDir "ruler/ruler.yml" - (generators.toJSON {} {groups = [{name = "default";}];}); - }; - }; - - schema_config.configs = [ - { - from = "2020-01-01"; - store = "boltdb-shipper"; - object_store = "filesystem"; - schema = "v11"; - index = { - prefix = "index_"; - period = "24h"; - }; - chunks = { - prefix = "chunks_"; - period = "24h"; - }; - } - ]; - - analytics.reporting_enabled = false; - }; - }; - - systemd.tmpfiles.rules = [ - "d /var/lib/loki 0700 loki loki - -" - "d /var/lib/loki/ruler 0700 loki loki - -" - ]; - }; -} diff --git a/modules/nixfiles/lxc.nix b/modules/nixfiles/lxc.nix deleted file mode 100644 index 4f7805f..0000000 --- a/modules/nixfiles/lxc.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; let - cfg = config.nixfiles.modules.lxc; -in { - options.nixfiles.modules.lxc.enable = - mkEnableOption "LXC/LXD"; - - config = mkIf cfg.enable { - virtualisation.lxd.enable = true; - my.extraGroups = "lxd"; - }; -} diff --git a/modules/nixfiles/matrix/default.nix b/modules/nixfiles/matrix/default.nix deleted file mode 100644 index bd221c4..0000000 --- a/modules/nixfiles/matrix/default.nix +++ /dev/null @@ -1 +0,0 @@ -_: {imports = [./dendrite.nix ./element.nix ./synapse.nix];} diff --git a/modules/nixfiles/matrix/dendrite.nix b/modules/nixfiles/matrix/dendrite.nix deleted file mode 100644 index 0fad5f2..0000000 --- a/modules/nixfiles/matrix/dendrite.nix +++ /dev/null @@ -1,157 +0,0 @@ -{ - config, - lib, - inputs, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.matrix.dendrite; -in { - options.nixfiles.modules.matrix.dendrite = { - enable = mkEnableOption "Dendrite Matrix server"; - - domain = mkOption { - type = types.str; - default = config.networking.domain; - description = "Domain name sans protocol scheme."; - }; - }; - - config = let - db = "dendrite"; - in - mkIf cfg.enable { - secrets.dendrite-private-key = { - file = "${inputs.self}/secrets/dendrite-private-key"; - mode = "0444"; # The user is dynamic so the file must be world-readable. - }; - secrets.dendrite-environment-file = { - file = "${inputs.self}/secrets/dendrite-environment-file"; - mode = "0444"; # The user is dynamic so the file must be world-readable. - }; - - nixfiles.modules = { - nginx = { - enable = true; - upstreams.dendrite.servers."127.0.0.1:${toString config.services.dendrite.httpPort}" = {}; - virtualHosts.${cfg.domain}.locations = { - "/_matrix".proxyPass = "http://dendrite"; - "= /.well-known/matrix/server" = { - extraConfig = '' - add_header Content-Type application/json; - ''; - return = "200 '${ - generators.toJSON {} {"m.server" = "${cfg.domain}:443";} - }'"; - }; - "= /.well-known/matrix/client" = { - extraConfig = '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - ''; - return = "200 '${ - generators.toJSON {} { - "m.homeserver".base_url = "https://${cfg.domain}"; - } - }'"; - }; - }; - }; - postgresql = { - enable = true; - extraPostStart = [ - '' - $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"' - '' - ]; - }; - }; - - services = { - dendrite = { - enable = true; - httpPort = 8008; - environmentFile = config.secrets.dendrite-environment-file.path; - settings = { - version = 2; - global = { - server_name = cfg.domain; - private_key = config.secrets.dendrite-private-key.path; - database = { - connection_string = "postgresql://${db}@/${db}?host=/run/postgresql"; - max_open_conns = 64; - max_idle_connections = 8; - }; - cache = { - max_size_estimated = "1gb"; - max_age = "1h"; - }; - trusted_third_party_id_servers = [ - "matrix.org" - "nixos.org" - "vector.im" - ]; - presence = { - enable_inbound = false; - enable_outbound = false; - }; - }; - client_api = { - registration_disabled = true; - guests_disabled = true; - registration_shared_secret = "$REGISTRATION_SHARED_SECRET"; - }; - media_api = { - max_file_size_bytes = 0; - dynamic_thumbnails = true; - max_thumbnail_generators = 8; - thumbnail_sizes = [ - { - width = 32; - height = 32; - method = "crop"; - } - { - width = 96; - height = 96; - method = "crop"; - } - { - width = 640; - height = 480; - method = "scale"; - } - ]; - }; - logging = [ - { - type = "std"; - level = "warn"; - } - ]; - }; - }; - - postgresql = { - ensureDatabases = [db]; - ensureUsers = [ - { - name = db; - ensurePermissions."DATABASE \"${db}\"" = "ALL"; - } - ]; - }; - }; - - systemd.services.dendrite.serviceConfig.ExecStart = - mkForce - (concatStringsSep " " [ - "${pkgs.dendrite}/bin/dendrite-monolith-server" - "--config /run/dendrite/dendrite.yaml" - "--http-bind-address 127.0.0.1:${ - toString config.services.dendrite.httpPort - }" - ]); - }; -} diff --git a/modules/nixfiles/matrix/element.nix b/modules/nixfiles/matrix/element.nix deleted file mode 100644 index 3d47800..0000000 --- a/modules/nixfiles/matrix/element.nix +++ /dev/null @@ -1,59 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.matrix.element; -in { - options.nixfiles.modules.matrix.element = { - enable = mkEnableOption "Element, a Matrix web interface"; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; nullOr str; - default = "element.${config.networking.domain}"; - }; - - homeserver = mkOption { - description = "Default Matrix homeserver."; - type = with types; str; - default = my.domain.azahi; - }; - }; - - config = mkIf cfg.enable { - assertions = [ - { - assertion = with config.nixfiles.modules.matrix; - (synapse.enable || dendrite.enable) && !(!synapse.enable && !dendrite.enable); - message = "Synapse or Dendrite must be enabled"; - } - ]; - - nixfiles.modules.nginx = with cfg; { - enable = true; - virtualHosts.${domain}.locations."/".root = pkgs.element-web.override { - conf = { - default_server_config."m.homeserver" = { - base_url = "https://${homeserver}"; - server_name = homeserver; - }; - disable_custom_urls = true; - disable_guests = true; - disable_login_language_selector = true; - disable_3pid_login = true; - brand = homeserver; - branding.authFooterLinks = [ - { - text = "Hosted on NixOS"; - url = "https://nixos.org"; - } - ]; - default_theme = "dark"; - }; - }; - }; - }; -} diff --git a/modules/nixfiles/matrix/synapse.nix b/modules/nixfiles/matrix/synapse.nix deleted file mode 100644 index 6ff5e0d..0000000 --- a/modules/nixfiles/matrix/synapse.nix +++ /dev/null @@ -1,93 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.matrix.synapse; -in { - options.nixfiles.modules.matrix.synapse = { - enable = mkEnableOption "Synapse Matrix server"; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = config.networking.domain; - }; - }; - - config = let - bind_address = "127.0.0.1"; - port = 8448; - in - mkIf cfg.enable { - nixfiles.modules = { - nginx = { - enable = true; - upstreams.synapse.servers."${bind_address}:${toString port}" = {}; - virtualHosts.${cfg.domain}.locations = { - "~ ^(/_matrix|/_synapse/client)".proxyPass = "http://synapse"; - "= /.well-known/matrix/server" = { - extraConfig = '' - add_header Content-Type application/json; - ''; - return = "200 '${ - generators.toJSON {} {"m.server" = "${cfg.domain}:443";} - }'"; - }; - "= /.well-known/matrix/client" = { - extraConfig = '' - add_header Content-Type application/json; - add_header Access-Control-Allow-Origin *; - ''; - return = "200 '${ - generators.toJSON {} { - "m.homeserver".base_url = "https://${cfg.domain}"; - } - }'"; - }; - }; - }; - postgresql.enable = true; - }; - - services = let - db = "synapse"; - in { - matrix-synapse = { - enable = true; - server_name = config.networking.domain; - - database_type = "psycopg2"; - database_name = db; - database_user = db; - - listeners = [ - { - inherit bind_address port; - type = "http"; - tls = false; - x_forwarded = true; - resources = [ - { - names = ["client" "federation"]; - compress = false; - } - ]; - } - ]; - }; - - postgresql = { - ensureDatabases = [db]; - ensureUsers = [ - { - name = db; - ensurePermissions."DATABASE \"${db}\"" = "ALL"; - } - ]; - }; - }; - }; -} diff --git a/modules/nixfiles/monitoring/dashboards/endlessh.json b/modules/nixfiles/monitoring/dashboards/endlessh.json deleted file mode 100644 index 0b47ee2..0000000 --- a/modules/nixfiles/monitoring/dashboards/endlessh.json +++ /dev/null @@ -1,1457 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "datasource", - "uid": "grafana" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [], - "type": "dashboard" - }, - "type": "dashboard" - } - ] - }, - "description": "", - "editable": true, - "fiscalYearStartMonth": 0, - "gnetId": 15156, - "graphTooltip": 0, - "links": [], - "liveNow": false, - "panels": [ - { - "datasource": { - "type": "datasource", - "uid": "-- Dashboard --" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 0, - "y": 0 - }, - "id": 36, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "/^Total number connections that endlessh trapped$/", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.2", - "targets": [ - { - "datasource": { - "type": "datasource", - "uid": "-- Dashboard --" - }, - "panelId": 49, - "refId": "A" - } - ], - "title": "Connections", - "transformations": [ - { - "id": "filterByRefId", - "options": { - "include": "Seen" - } - }, - { - "id": "filterByValue", - "options": { - "filters": [ - { - "config": { - "id": "greaterOrEqual", - "options": { - "value": 0 - } - }, - "fieldName": "Value #Seen" - } - ], - "match": "any", - "type": "include" - } - }, - { - "id": "groupBy", - "options": { - "fields": { - "Value #Seen": { - "aggregations": [ - "sum" - ], - "operation": "aggregate" - }, - "ip": { - "aggregations": [], - "operation": "groupby" - } - } - } - }, - { - "id": "reduce", - "options": { - "includeTimeField": false, - "labelsToFields": false, - "mode": "reduceFields", - "reducers": [ - "sum" - ] - } - }, - { - "id": "organize", - "options": { - "excludeByName": {}, - "indexByName": {}, - "renameByName": { - "Value #Seen (sum)": "Total number connections that endlessh trapped" - } - } - } - ], - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Dashboard --" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 4, - "y": 0 - }, - "id": 42, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "/^Time spent on endlessh$/", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.2", - "targets": [ - { - "datasource": { - "type": "datasource", - "uid": "-- Dashboard --" - }, - "panelId": 49, - "refId": "A" - } - ], - "title": "Trapped Time", - "transformations": [ - { - "id": "filterByRefId", - "options": { - "include": "Trapped" - } - }, - { - "id": "filterByValue", - "options": { - "filters": [ - { - "config": { - "id": "greaterOrEqual", - "options": { - "value": 0 - } - }, - "fieldName": "Value #Trapped" - } - ], - "match": "all", - "type": "include" - } - }, - { - "id": "groupBy", - "options": { - "fields": { - "Value #Trapped": { - "aggregations": [ - "sum" - ], - "operation": "aggregate" - }, - "ip": { - "aggregations": [], - "operation": "groupby" - } - } - } - }, - { - "id": "reduce", - "options": { - "includeTimeField": false, - "labelsToFields": false, - "mode": "reduceFields", - "reducers": [ - "sum" - ] - } - }, - { - "id": "organize", - "options": { - "excludeByName": {}, - "indexByName": {}, - "renameByName": { - "Total": "Seconds spent on endlessh", - "Value #Trapped (sum)": "Time spent on endlessh" - } - } - } - ], - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 8, - "y": 0 - }, - "id": 18, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.2", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": true, - "expr": "sum(increase(endlessh_sent_bytes_total{instance=~\"$host\",job=~\"$job\"}[$__range]))", - "hide": false, - "interval": "", - "legendFormat": "Bytes sent by endlessh", - "refId": "sent_bytes" - } - ], - "title": "Sent Bytes", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Dashboard --" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 12, - "y": 0 - }, - "id": 38, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "/^Unique IPs connected$/", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.2", - "targets": [ - { - "datasource": { - "type": "datasource", - "uid": "-- Dashboard --" - }, - "panelId": 49, - "refId": "A" - } - ], - "title": "Unique IPs", - "transformations": [ - { - "id": "filterByRefId", - "options": { - "include": "Seen" - } - }, - { - "id": "groupBy", - "options": { - "fields": { - "Value #Seen": { - "aggregations": [ - "sum" - ], - "operation": "aggregate" - }, - "ip": { - "aggregations": [], - "operation": "groupby" - } - } - } - }, - { - "id": "reduce", - "options": { - "includeTimeField": false, - "labelsToFields": false, - "mode": "reduceFields", - "reducers": [ - "count" - ] - } - }, - { - "id": "organize", - "options": { - "excludeByName": {}, - "indexByName": {}, - "renameByName": { - "Value #Seen (sum)": "Unique IPs connected", - "ip": "" - } - } - } - ], - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Dashboard --" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "links": [ - { - "targetBlank": true, - "title": "whois", - "url": "https://search.arin.net/rdap/?query=${__value.text}" - } - ], - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 16, - "y": 0 - }, - "id": 45, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "/^Client IP of the latest connection$/", - "values": false - }, - "text": {}, - "textMode": "value" - }, - "pluginVersion": "9.1.2", - "targets": [ - { - "datasource": { - "type": "datasource", - "uid": "-- Dashboard --" - }, - "panelId": 49, - "refId": "A" - } - ], - "title": "Latest Connection", - "transformations": [ - { - "id": "filterByRefId", - "options": { - "include": "Seen" - } - }, - { - "id": "filterByValue", - "options": { - "filters": [ - { - "config": { - "id": "greaterOrEqual", - "options": { - "value": 0 - } - }, - "fieldName": "Value #Seen" - } - ], - "match": "any", - "type": "include" - } - }, - { - "id": "groupBy", - "options": { - "fields": { - "Time": { - "aggregations": [ - "lastNotNull" - ], - "operation": "aggregate" - }, - "Value #Seen": { - "aggregations": [ - "sum" - ], - "operation": "aggregate" - }, - "ip": { - "aggregations": [], - "operation": "groupby" - } - } - } - }, - { - "id": "sortBy", - "options": { - "fields": {}, - "sort": [ - { - "field": "Time (lastNotNull)" - } - ] - } - }, - { - "id": "organize", - "options": { - "excludeByName": { - "instance": true, - "job": true - }, - "indexByName": {}, - "renameByName": { - "Time (lastNotNull)": "Time", - "Value #Seen (sum)": "Count", - "ip": "Client IP of the latest connection" - } - } - } - ], - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "#EAB839", - "value": 10 - }, - { - "color": "red", - "value": 20 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 20, - "y": 0 - }, - "id": 20, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "auto", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "text": {}, - "textMode": "auto" - }, - "pluginVersion": "9.1.2", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": true, - "expr": "sum((endlessh_client_open_count_total{instance=~\"$host\",job=~\"$job\"}) - (endlessh_client_closed_count_total{instance=~\"$host\",job=~\"$job\"} offset $__interval or endlessh_client_open_count_total{instance=~\"$host\",job=~\"$job\"} * 0))", - "instant": false, - "interval": "", - "legendFormat": "Open Connections", - "refId": "current_open" - } - ], - "title": "Current Connections", - "type": "stat" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Dashboard --" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "stepAfter", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "auto", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "min": -0.01, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 4, - "w": 12, - "x": 0, - "y": 3 - }, - "id": 30, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": false - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "datasource", - "uid": "-- Dashboard --" - }, - "panelId": 20, - "refId": "A" - } - ], - "title": "Concurrent Connections", - "type": "timeseries" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Dashboard --" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - } - }, - "mappings": [] - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 3 - }, - "id": 32, - "options": { - "displayLabels": [], - "legend": { - "displayMode": "table", - "placement": "right", - "showLegend": true, - "values": [ - "value", - "percent" - ] - }, - "pieType": "pie", - "reduceOptions": { - "calcs": [ - "lastNotNull" - ], - "fields": "", - "values": false - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "targets": [ - { - "datasource": { - "type": "datasource", - "uid": "-- Dashboard --" - }, - "panelId": 49, - "refId": "A" - } - ], - "title": "Connections by country", - "transformations": [ - { - "id": "filterByRefId", - "options": { - "include": "Seen" - } - }, - { - "id": "filterByValue", - "options": { - "filters": [ - { - "config": { - "id": "greaterOrEqual", - "options": { - "value": 0 - } - }, - "fieldName": "Value #Seen" - } - ], - "match": "any", - "type": "include" - } - }, - { - "id": "groupBy", - "options": { - "fields": { - "Value #Seen": { - "aggregations": [ - "sum" - ], - "operation": "aggregate" - }, - "country": { - "aggregations": [ - "last" - ], - "operation": "aggregate" - }, - "ip": { - "aggregations": [], - "operation": "groupby" - } - } - } - }, - { - "id": "groupBy", - "options": { - "fields": { - "Value #Seen (sum)": { - "aggregations": [ - "sum" - ], - "operation": "aggregate" - }, - "country (last)": { - "aggregations": [], - "operation": "groupby" - } - } - } - }, - { - "id": "rowsToFields", - "options": {} - } - ], - "type": "piechart" - }, - { - "datasource": { - "type": "datasource", - "uid": "-- Dashboard --" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "continuous-GrYlRd" - }, - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "#96D98D", - "value": null - } - ] - } - }, - "overrides": [] - }, - "gridPos": { - "h": 12, - "w": 12, - "x": 0, - "y": 7 - }, - "id": 48, - "links": [], - "options": { - "basemap": { - "config": {}, - "name": "Layer 0", - "type": "default" - }, - "controls": { - "mouseWheelZoom": false, - "showAttribution": false, - "showDebug": false, - "showScale": false, - "showZoom": true - }, - "layers": [ - { - "config": { - "color": { - "field": "Connections", - "fixed": "dark-green" - }, - "fillOpacity": 0.4, - "shape": "circle", - "showLegend": false, - "size": { - "field": "Connections", - "fixed": 5, - "max": 10, - "min": 2 - }, - "style": { - "color": { - "field": "Connections", - "fixed": "dark-green" - }, - "size": { - "field": "Connections", - "fixed": 5, - "max": 9, - "min": 2 - }, - "text": { - "field": "location (lastNotNull) (lastNotNull)", - "fixed": "", - "mode": "fixed" - } - } - }, - "location": { - "geohash": "Geohash", - "mode": "geohash" - }, - "name": "Layer 1", - "type": "markers" - } - ], - "tooltip": { - "mode": "details" - }, - "view": { - "id": "zero", - "lat": 0, - "lon": 0, - "zoom": 1 - } - }, - "pluginVersion": "9.1.2", - "targets": [ - { - "datasource": { - "type": "datasource", - "uid": "-- Dashboard --" - }, - "panelId": 49, - "refId": "A" - } - ], - "title": "Locations", - "transformations": [ - { - "id": "filterByRefId", - "options": { - "include": "Seen" - } - }, - { - "id": "filterByValue", - "options": { - "filters": [ - { - "config": { - "id": "greaterOrEqual", - "options": { - "value": 0 - } - }, - "fieldName": "Value #Seen" - } - ], - "match": "any", - "type": "include" - } - }, - { - "id": "groupBy", - "options": { - "fields": { - "Value #Seen": { - "aggregations": [ - "sum" - ], - "operation": "aggregate" - }, - "geohash": { - "aggregations": [ - "lastNotNull" - ], - "operation": "groupby" - }, - "location": { - "aggregations": [ - "lastNotNull" - ], - "operation": "aggregate" - } - } - } - }, - { - "id": "organize", - "options": { - "excludeByName": {}, - "indexByName": { - "Value #geo (lastNotNull) (sum)": 2, - "geohash (lastNotNull)": 0, - "location (lastNotNull) (lastNotNull)": 1 - }, - "renameByName": { - "Value #Seen (sum)": "Connections", - "geohash": "Geohash", - "location (lastNotNull)": "Location" - } - } - } - ], - "type": "geomap" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "custom": { - "align": "auto", - "displayMode": "auto", - "filterable": true, - "inspect": false, - "minWidth": 50 - }, - "links": [], - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - } - ] - } - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "Last Connection" - }, - "properties": [ - { - "id": "custom.minWidth", - "value": 150 - }, - { - "id": "unit", - "value": "dateTimeAsIso" - }, - { - "id": "custom.align", - "value": "left" - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "IP" - }, - "properties": [ - { - "id": "links", - "value": [ - { - "targetBlank": true, - "title": "search ARIN", - "url": "https://search.arin.net/rdap/?query=${__data.fields.IP}" - } - ] - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "Trapped Time" - }, - "properties": [ - { - "id": "unit", - "value": "s" - } - ] - } - ] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 11 - }, - "id": 49, - "options": { - "footer": { - "fields": "", - "reducer": [ - "sum" - ], - "show": false - }, - "frameIndex": 0, - "showHeader": true, - "sortBy": [ - { - "desc": true, - "displayName": "Last Connection" - } - ] - }, - "pluginVersion": "9.1.2", - "targets": [ - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": true, - "expr": "(endlessh_client_open_count{instance=~\"$host\",job=~\"$job\"} - endlessh_client_open_count{instance=~\"$host\",job=~\"$job\"} offset $__interval) > 0 or (endlessh_client_open_count{instance=~\"$host\",job=~\"$job\"}!=0 unless endlessh_client_open_count{instance=~\"$host\",job=~\"$job\"} offset $__interval)", - "format": "table", - "hide": false, - "interval": "", - "legendFormat": "Seen {{ip}}", - "refId": "Seen" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "exemplar": true, - "expr": "(endlessh_client_trapped_time_seconds{instance=~\"$host\",job=~\"$job\"} - endlessh_client_trapped_time_seconds{instance=~\"$host\",job=~\"$job\"} offset $__interval) > 0 or (endlessh_client_trapped_time_seconds{instance=~\"$host\",job=~\"$job\"}!=0 unless endlessh_client_trapped_time_seconds{instance=~\"$host\",job=~\"$job\"} offset $__interval)", - "format": "table", - "hide": false, - "interval": "", - "legendFormat": "Trapped {{ip}}", - "refId": "Trapped" - } - ], - "title": "Clients", - "transformations": [ - { - "id": "filterByValue", - "options": { - "filters": [ - { - "config": { - "id": "greaterOrEqual", - "options": { - "value": 0 - } - }, - "fieldName": "Value #Seen" - }, - { - "config": { - "id": "greaterOrEqual", - "options": { - "value": 0 - } - }, - "fieldName": "Value #Trapped" - } - ], - "match": "any", - "type": "include" - } - }, - { - "id": "merge", - "options": {} - }, - { - "id": "calculateField", - "options": { - "alias": "Seen", - "mode": "reduceRow", - "reduce": { - "include": [ - "Value #Seen" - ], - "reducer": "sum" - } - } - }, - { - "id": "calculateField", - "options": { - "alias": "Trapped", - "mode": "reduceRow", - "reduce": { - "include": [ - "Value #Trapped" - ], - "reducer": "sum" - } - } - }, - { - "id": "filterByValue", - "options": { - "filters": [ - { - "config": { - "id": "greaterOrEqual", - "options": { - "value": 0 - } - }, - "fieldName": "Seen" - }, - { - "config": { - "id": "greaterOrEqual", - "options": { - "value": 0 - } - }, - "fieldName": "Trapped" - } - ], - "match": "all", - "type": "include" - } - }, - { - "id": "groupBy", - "options": { - "fields": { - "Seen": { - "aggregations": [ - "sum" - ], - "operation": "aggregate" - }, - "Time": { - "aggregations": [ - "max" - ], - "operation": "aggregate" - }, - "Trapped": { - "aggregations": [ - "sum" - ], - "operation": "aggregate" - }, - "country": { - "aggregations": [ - "lastNotNull" - ], - "operation": "aggregate" - }, - "ip": { - "aggregations": [], - "operation": "groupby" - } - } - } - }, - { - "id": "filterByValue", - "options": { - "filters": [ - { - "config": { - "id": "isNull", - "options": {} - }, - "fieldName": "ip" - } - ], - "match": "any", - "type": "exclude" - } - }, - { - "id": "organize", - "options": { - "excludeByName": {}, - "indexByName": { - "Seen (sum)": 3, - "Time (max)": 0, - "Trapped (sum)": 4, - "country (lastNotNull)": 2, - "ip": 1 - }, - "renameByName": { - "Seen (sum)": "Connections", - "Time (max)": "Last Connection", - "Trapped (sum)": "Trapped Time", - "country (lastNotNull)": "Country", - "ip": "IP" - } - } - } - ], - "type": "table" - } - ], - "refresh": "", - "schemaVersion": 37, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "selected": false, - "text": "default", - "value": "default" - }, - "hide": 0, - "includeAll": false, - "label": "datasource", - "multi": false, - "name": "DS_PROMETHEUS", - "options": [], - "query": "prometheus", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - }, - { - "allValue": ".*", - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "definition": "label_values(endlessh_client_open_count_total, job)", - "hide": 0, - "includeAll": true, - "label": "Job", - "multi": true, - "name": "job", - "options": [], - "query": { - "query": "label_values(endlessh_client_open_count_total, job)", - "refId": "StandardVariableQuery" - }, - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "type": "query" - }, - { - "allValue": ".*", - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "definition": "label_values(endlessh_client_open_count_total{job=~\"$job\"}, instance)", - "hide": 0, - "includeAll": true, - "label": "Host", - "multi": true, - "name": "host", - "options": [], - "query": { - "query": "label_values(endlessh_client_open_count_total{job=~\"$job\"}, instance)", - "refId": "StandardVariableQuery" - }, - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "type": "query" - } - ] - }, - "time": { - "from": "now-24h", - "to": "now" - }, - "timepicker": {}, - "timezone": "", - "title": "Endlessh", - "uid": "ATIxYkO7k", - "version": 1, - "weekStart": "" -} \ No newline at end of file diff --git a/modules/nixfiles/monitoring/dashboards/nginx.json b/modules/nixfiles/monitoring/dashboards/nginx.json deleted file mode 100644 index b2cc499..0000000 --- a/modules/nixfiles/monitoring/dashboards/nginx.json +++ /dev/null @@ -1,567 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "datasource", - "uid": "grafana" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [], - "type": "dashboard" - }, - "type": "dashboard" - } - ] - }, - "description": "", - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "id": 31, - "links": [], - "liveNow": false, - "panels": [ - { - "collapsed": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 4, - "panels": [], - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Status", - "type": "row" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "0": { - "text": "Down" - }, - "1": { - "text": "Up" - } - }, - "type": "value" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "#E02F44", - "value": null - }, - { - "color": "#FF9830", - "value": 1 - }, - { - "color": "#299c46", - "value": 1 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 12, - "x": 0, - "y": 1 - }, - "id": 8, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "background", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "repeat": "instance", - "repeatDirection": "h", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "nginx_up{instance=~\"$instance\"}", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "refId": "A" - } - ], - "title": "NGINX Status for $instance", - "type": "stat" - }, - { - "collapsed": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 4 - }, - "id": 6, - "panels": [], - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Metrics", - "type": "row" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "Connections (rate)", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "decimals": 1, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 10, - "w": 12, - "x": 0, - "y": 5 - }, - "id": 10, - "links": [], - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "irate(nginx_connections_accepted{instance=~\"$instance\"}[$__range])", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{instance}} accepted", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "irate(nginx_connections_handled{instance=~\"$instance\"}[$__range])", - "format": "time_series", - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{instance}} handled", - "refId": "B" - } - ], - "title": "Processed connections", - "type": "timeseries" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "Connections", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "decimals": 0, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 10, - "w": 12, - "x": 12, - "y": 5 - }, - "id": 12, - "links": [], - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "nginx_connections_active{instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{instance}} active", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "nginx_connections_reading{instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{instance}} reading", - "refId": "B" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "nginx_connections_waiting{instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{instance}} waiting", - "refId": "C" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "nginx_connections_writing{instance=~\"$instance\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{instance}} writing", - "refId": "D" - } - ], - "title": "Active Connections", - "type": "timeseries" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 15 - }, - "id": 15, - "links": [], - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "irate(nginx_http_requests_total{instance=~\"$instance\"}[$__range])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{instance}} total requests", - "refId": "A" - } - ], - "title": "Total requests", - "type": "timeseries" - } - ], - "refresh": "5s", - "schemaVersion": 37, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "selected": false, - "text": "default", - "value": "default" - }, - "hide": 0, - "includeAll": false, - "label": "datasource", - "multi": false, - "name": "DS_PROMETHEUS", - "options": [], - "query": "prometheus", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - }, - { - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "definition": "label_values(nginx_up, instance)", - "hide": 0, - "includeAll": true, - "label": "", - "multi": true, - "name": "instance", - "options": [], - "query": { - "query": "label_values(nginx_up, instance)", - "refId": "StandardVariableQuery" - }, - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": ["5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d"] - }, - "timezone": "", - "title": "NGINX", - "uid": "Yoeroupho", - "version": 1, - "weekStart": "" -} diff --git a/modules/nixfiles/monitoring/dashboards/postgresql.json b/modules/nixfiles/monitoring/dashboards/postgresql.json deleted file mode 100644 index 4e533f7..0000000 --- a/modules/nixfiles/monitoring/dashboards/postgresql.json +++ /dev/null @@ -1,3086 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "datasource", - "uid": "grafana" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [], - "type": "dashboard" - }, - "type": "dashboard" - } - ] - }, - "description": "", - "editable": true, - "fiscalYearStartMonth": 0, - "graphTooltip": 0, - "id": 29, - "links": [], - "liveNow": false, - "panels": [ - { - "collapsed": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 0 - }, - "id": 34, - "panels": [], - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "General Counters, CPU, Memory and File Descriptor Stats", - "type": "row" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 2, - "w": 4, - "x": 0, - "y": 1 - }, - "id": 36, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "value", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["mean"], - "fields": "", - "values": false - }, - "textMode": "name" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "pg_static{instance=\"$instance\"}", - "format": "time_series", - "instant": true, - "intervalFactor": 1, - "legendFormat": "{{short_version}}", - "refId": "A" - } - ], - "title": "Version", - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "start time of the process", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "dateTimeFromNow" - }, - "overrides": [] - }, - "gridPos": { - "h": 2, - "w": 4, - "x": 4, - "y": 1 - }, - "id": 28, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["mean"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "pg_postmaster_start_time_seconds{instance=\"$instance\"} * 1000", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "", - "range": true, - "refId": "A" - } - ], - "title": "Start Time", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "decbytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 2, - "w": 4, - "x": 8, - "y": 1 - }, - "id": 10, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "SUM(pg_stat_database_tup_fetched{datname=~\"$datname\", instance=~\"$instance\"})", - "format": "time_series", - "intervalFactor": 2, - "refId": "A", - "step": 4 - } - ], - "title": "Current fetch data", - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "decbytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 2, - "w": 4, - "x": 12, - "y": 1 - }, - "id": 11, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "SUM(pg_stat_database_tup_inserted{datname=~\"$datname\", instance=~\"$instance\"})", - "format": "time_series", - "intervalFactor": 2, - "range": true, - "refId": "A", - "step": 4 - } - ], - "title": "Current insert data", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "decbytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 2, - "w": 4, - "x": 16, - "y": 1 - }, - "id": 12, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "SUM(pg_stat_database_tup_updated{datname=~\"$datname\", instance=~\"$instance\"})", - "format": "time_series", - "intervalFactor": 2, - "refId": "A", - "step": 4 - } - ], - "title": "Current update data", - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 2, - "w": 4, - "x": 20, - "y": 1 - }, - "id": 38, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["mean"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "pg_settings_max_connections{instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 1, - "range": true, - "refId": "A" - } - ], - "title": "Max Connections", - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "Average user and system CPU time spent in seconds.", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "s" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 3 - }, - "id": 22, - "links": [], - "options": { - "legend": { - "calcs": ["mean", "lastNotNull", "max", "min"], - "displayMode": "table", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "avg(rate(process_cpu_seconds_total{instance=\"$instance\"}[$__range]) * 1000)", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "CPU Time", - "range": true, - "refId": "A" - } - ], - "title": "Average CPU Usage", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "Virtual and Resident memory size in bytes, averages over 5 min interval", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "decbytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 3 - }, - "id": 24, - "links": [], - "options": { - "legend": { - "calcs": ["mean", "lastNotNull", "max", "min"], - "displayMode": "table", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "avg(rate(process_resident_memory_bytes{instance=\"$instance\"}[$__range]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Resident Mem", - "range": true, - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "avg(rate(process_virtual_memory_bytes{instance=\"$instance\"}[$__range]))", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Virtual Mem", - "range": true, - "refId": "B" - } - ], - "title": "Average Memory Usage", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "Number of open file descriptors", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 3 - }, - "id": 26, - "links": [], - "options": { - "legend": { - "calcs": ["mean", "lastNotNull", "max", "min"], - "displayMode": "table", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "process_open_fds{instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "Open FD", - "range": true, - "refId": "A" - } - ], - "title": "Open File Descriptors", - "type": "timeseries" - }, - { - "collapsed": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 32, - "panels": [], - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Settings", - "type": "row" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 3, - "x": 0, - "y": 11 - }, - "id": 40, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "pg_settings_shared_buffers_bytes{instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "title": "Shared Buffers", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 3, - "x": 3, - "y": 11 - }, - "id": 42, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "pg_settings_effective_cache_size_bytes{instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "title": "Effective Cache", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 3, - "x": 6, - "y": 11 - }, - "id": 44, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "pg_settings_maintenance_work_mem_bytes{instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "title": "Maintenance Work Mem", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 3, - "x": 9, - "y": 11 - }, - "id": 46, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "pg_settings_work_mem_bytes{instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "", - "refId": "A" - } - ], - "title": "Work Mem", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "decimals": 1, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 3, - "x": 12, - "y": 11 - }, - "id": 48, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "pg_settings_max_wal_size_bytes{instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "title": "Max WAL Size", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 3, - "x": 15, - "y": 11 - }, - "id": 50, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "pg_settings_random_page_cost{instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "title": "Random Page Cost", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 2, - "x": 18, - "y": 11 - }, - "id": 52, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "pg_settings_seq_page_cost", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "title": "Seq Page Cost", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 2, - "x": 20, - "y": 11 - }, - "id": 54, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["mean"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "pg_settings_max_worker_processes{instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "title": "Max Worker Processes", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 2, - "x": 22, - "y": 11 - }, - "id": 56, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "pg_settings_max_parallel_workers{instance=\"$instance\"}", - "format": "time_series", - "intervalFactor": 1, - "refId": "A" - } - ], - "title": "Max Parallel Workers", - "type": "stat" - }, - { - "collapsed": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 14 - }, - "id": 30, - "panels": [], - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Database Stats", - "type": "row" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 0, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineStyle": { - "fill": "solid" - }, - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": true, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "decimals": 0, - "links": [], - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 15 - }, - "id": 1, - "links": [], - "options": { - "legend": { - "calcs": ["mean", "lastNotNull", "max"], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "pg_stat_activity_count{datname=~\"$datname\", instance=~\"$instance\", state=\"active\"} != 0", - "format": "time_series", - "interval": "", - "intervalFactor": 2, - "legendFormat": "{{datname}}, s: {{state}}", - "range": true, - "refId": "A", - "step": 2 - } - ], - "title": "Active sessions", - "type": "timeseries" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 15 - }, - "id": 60, - "links": [], - "options": { - "legend": { - "calcs": ["mean", "lastNotNull", "sum"], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "irate(pg_stat_database_xact_commit{instance=\"$instance\", datname=~\"$datname\"}[$__range])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{datname}} commits", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "irate(pg_stat_database_xact_rollback{instance=\"$instance\", datname=~\"$datname\"}[$__range])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{datname}} rollbacks", - "refId": "B" - } - ], - "title": "Transactions", - "type": "timeseries" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 15 - }, - "id": 8, - "links": [], - "options": { - "legend": { - "calcs": ["mean", "lastNotNull", "sum"], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "pg_stat_database_tup_updated{datname=~\"$datname\", instance=~\"$instance\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{datname}}", - "refId": "A", - "step": 2 - } - ], - "title": "Update data", - "type": "timeseries" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 22 - }, - "id": 5, - "links": [], - "options": { - "legend": { - "calcs": ["mean", "lastNotNull", "sum"], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "pg_stat_database_tup_fetched{datname=~\"$datname\", instance=~\"$instance\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{datname}}", - "refId": "A", - "step": 2 - } - ], - "title": "Fetch data", - "type": "timeseries" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 22 - }, - "id": 6, - "links": [], - "options": { - "legend": { - "calcs": ["mean", "lastNotNull", "sum"], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "pg_stat_database_tup_inserted{datname=~\"$datname\", instance=~\"$instance\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{datname}}", - "refId": "A", - "step": 2 - } - ], - "title": "Insert data", - "type": "timeseries" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "decimals": 0, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 22 - }, - "id": 3, - "links": [], - "options": { - "legend": { - "calcs": ["mean", "lastNotNull", "sum"], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "pg_locks_count{datname=~\"$datname\", instance=~\"$instance\", mode=~\"$mode\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{datname}},{{mode}}", - "refId": "A", - "step": 2 - } - ], - "title": "Lock tables", - "type": "timeseries" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 29 - }, - "id": 14, - "links": [], - "options": { - "legend": { - "calcs": ["mean", "lastNotNull", "sum"], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "pg_stat_database_tup_returned{datname=~\"$datname\", instance=~\"$instance\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{datname}}", - "refId": "A", - "step": 2 - } - ], - "title": "Return data", - "type": "timeseries" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 29 - }, - "id": 4, - "links": [], - "options": { - "legend": { - "calcs": ["lastNotNull", "max"], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "pg_stat_activity_count{datname=~\"$datname\", instance=~\"$instance\", state=~\"idle|idle in transaction|idle in transaction (aborted)\"}", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{datname}}, s: {{state}}", - "refId": "A", - "step": 2 - } - ], - "title": "Idle sessions", - "type": "timeseries" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 29 - }, - "id": 7, - "links": [], - "options": { - "legend": { - "calcs": ["mean", "lastNotNull", "sum"], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "pg_stat_database_tup_deleted{datname=~\"$datname\", instance=~\"$instance\"} != 0", - "format": "time_series", - "intervalFactor": 2, - "legendFormat": "{{datname}}", - "refId": "A", - "step": 2 - } - ], - "title": "Delete data", - "type": "timeseries" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "decimals": 4, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "percentunit" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 36 - }, - "id": 62, - "links": [], - "options": { - "legend": { - "calcs": ["mean", "lastNotNull"], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "pg_stat_database_blks_hit{instance=\"$instance\", datname=~\"$datname\"} / (pg_stat_database_blks_read{instance=\"$instance\", datname=~\"$datname\"} + pg_stat_database_blks_hit{instance=\"$instance\", datname=~\"$datname\"})", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{ datname }}", - "refId": "A" - } - ], - "title": "Cache Hit Rate", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 8, - "x": 8, - "y": 36 - }, - "id": 64, - "links": [], - "options": { - "legend": { - "calcs": ["mean", "lastNotNull", "max", "min"], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "irate(pg_stat_bgwriter_buffers_backend_total{instance=\"$instance\"}[$__range])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "buffers_backend", - "range": true, - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "irate(pg_stat_bgwriter_buffers_alloc_total{instance=\"$instance\"}[$__range])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "buffers_alloc", - "range": true, - "refId": "B" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "irate(pg_stat_bgwriter_buffers_backend_fsync_total{instance=\"$instance\"}[$__range])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "backend_fsync", - "range": true, - "refId": "C" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "irate(pg_stat_bgwriter_buffers_checkpoint_total{instance=\"$instance\"}[$__range])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "buffers_checkpoint", - "range": true, - "refId": "D" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "irate(pg_stat_bgwriter_buffers_clean_total{instance=\"$instance\"}[$__range])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "buffers_clean", - "range": true, - "refId": "E" - } - ], - "title": "Buffers (bgwriter)", - "type": "timeseries" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 36 - }, - "id": 66, - "links": [], - "options": { - "legend": { - "calcs": ["mean", "lastNotNull", "sum"], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "irate(pg_stat_database_conflicts{instance=\"$instance\", datname=~\"$datname\"}[$__range])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{datname}} conflicts", - "refId": "B" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "irate(pg_stat_database_deadlocks{instance=\"$instance\", datname=~\"$datname\"}[$__range])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{datname}} deadlocks", - "refId": "A" - } - ], - "title": "Conflicts/Deadlocks", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total amount of data written to temporary files by queries in this database. All temporary files are counted, regardless of why the temporary file was created, and regardless of the log_temp_files setting.", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 8, - "x": 0, - "y": 43 - }, - "id": 68, - "links": [], - "options": { - "legend": { - "calcs": ["mean", "lastNotNull", "sum"], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "irate(pg_stat_database_temp_bytes{instance=\"$instance\", datname=~\"$datname\"}[$__range])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "{{datname}}", - "range": true, - "refId": "A" - } - ], - "title": "Temp File (Bytes)", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "ms" - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 16, - "x": 8, - "y": 43 - }, - "id": 70, - "links": [], - "options": { - "legend": { - "calcs": ["mean", "lastNotNull", "max", "min"], - "displayMode": "table", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "irate(pg_stat_bgwriter_checkpoint_write_time_total{instance=\"$instance\"}[$__range])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "write_time - Total amount of time that has been spent in the portion of checkpoint processing where files are written to disk.", - "range": true, - "refId": "B" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "irate(pg_stat_bgwriter_checkpoint_sync_time_total{instance=\"$instance\"}[$__range])", - "format": "time_series", - "intervalFactor": 1, - "legendFormat": "sync_time - Total amount of time that has been spent in the portion of checkpoint processing where files are synchronized to disk.", - "range": true, - "refId": "A" - } - ], - "title": "Checkpoint Stats", - "type": "timeseries" - } - ], - "refresh": "5s", - "schemaVersion": 37, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "selected": false, - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "includeAll": false, - "label": "datasource", - "multi": false, - "name": "DS_PROMETHEUS", - "options": [], - "query": "prometheus", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - }, - { - "current": { - "selected": false, - "text": "manwe:9187", - "value": "manwe:9187" - }, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "definition": "query_result(pg_up)", - "hide": 0, - "includeAll": false, - "label": "Instance", - "multi": false, - "name": "instance", - "options": [], - "query": { - "query": "query_result(pg_up)", - "refId": "StandardVariableQuery" - }, - "refresh": 1, - "regex": "/.*instance=\"([^\"]+).*/", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "definition": "label_values(datname)", - "hide": 0, - "includeAll": true, - "label": "Database", - "multi": true, - "name": "datname", - "options": [], - "query": { - "query": "label_values(datname)", - "refId": "StandardVariableQuery" - }, - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 1, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "current": { - "selected": false, - "text": "All", - "value": "$__all" - }, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "definition": "label_values({mode=~\"accessexclusivelock|accesssharelock|exclusivelock|rowexclusivelock|rowsharelock|sharelock|sharerowexclusivelock|shareupdateexclusivelock\"}, mode)", - "hide": 0, - "includeAll": true, - "label": "Lock table", - "multi": true, - "name": "mode", - "options": [], - "query": { - "query": "label_values({mode=~\"accessexclusivelock|accesssharelock|exclusivelock|rowexclusivelock|rowsharelock|sharelock|sharerowexclusivelock|shareupdateexclusivelock\"}, mode)", - "refId": "StandardVariableQuery" - }, - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": ["5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d"] - }, - "timezone": "", - "title": "PostgreSQL", - "uid": "fiuGhahwi", - "version": 1, - "weekStart": "" -} diff --git a/modules/nixfiles/monitoring/dashboards/unbound.json b/modules/nixfiles/monitoring/dashboards/unbound.json deleted file mode 100644 index 8a0d503..0000000 --- a/modules/nixfiles/monitoring/dashboards/unbound.json +++ /dev/null @@ -1,2991 +0,0 @@ -{ - "annotations": { - "list": [ - { - "builtIn": 1, - "datasource": { - "type": "datasource", - "uid": "grafana" - }, - "enable": true, - "hide": true, - "iconColor": "rgba(0, 211, 255, 1)", - "name": "Annotations & Alerts", - "target": { - "limit": 100, - "matchAny": false, - "tags": [], - "type": "dashboard" - }, - "type": "dashboard" - } - ] - }, - "description": "", - "editable": true, - "fiscalYearStartMonth": 0, - "gnetId": 11705, - "graphTooltip": 0, - "id": 39, - "links": [], - "liveNow": false, - "panels": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total number of queries received at the selected time range.", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "rgb(31, 120, 193)", - "mode": "fixed" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 0, - "y": 0 - }, - "id": 24, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["sum"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(increase(unbound_queries_total{instance=\"$instance\"}[$__range]))", - "range": true, - "refId": "A" - } - ], - "title": "Queries", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "rgb(31, 120, 193)", - "mode": "fixed" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 4, - "y": 0 - }, - "id": 26, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(unbound_queries_total{instance=\"$instance\"}[$__range]))", - "refId": "A" - } - ], - "title": "Queries per second", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total number of queries that were refused or dropped because they failed the access control settings at the selected time range.", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "rgb(31, 120, 193)", - "mode": "fixed" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 8, - "y": 0 - }, - "id": 8, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["sum"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "increase(unbound_unwanted_queries_total{instance=\"$instance\"}[$__range])", - "range": true, - "refId": "A" - } - ], - "title": "Unwanted queries", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total number of replies that were unwanted or unsolicited at the selected time range.\n\nA sharp increase in unwanted traffic indicates a possible spoof run in progress.", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "rgb(31, 120, 193)", - "mode": "fixed" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 12, - "y": 0 - }, - "id": 49, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["sum"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "increase(unbound_unwanted_replies_total{instance=\"$instance\"}[$__range])", - "refId": "A" - } - ], - "title": "Unwanted replies", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Max memory in use by caches at the selected time range.", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "rgb(31, 120, 193)", - "mode": "fixed" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 16, - "y": 0 - }, - "id": 48, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(rate(unbound_memory_caches_bytes{instance=\"$instance\"}[$__range]))", - "range": true, - "refId": "A" - } - ], - "title": "Memory cache size", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "The number of threads created to serve clients", - "fieldConfig": { - "defaults": { - "color": { - "mode": "thresholds" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 20, - "y": 0 - }, - "id": 2, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "none", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "unbound_num_threads{instance=\"$instance\"}", - "format": "time_series", - "instant": false, - "refId": "A" - } - ], - "title": "Threads", - "type": "stat" - }, - { - "cards": { - "cardPadding": 0 - }, - "color": { - "cardColor": "#3274D9", - "colorScale": "sqrt", - "colorScheme": "interpolateSpectral", - "exponent": 0.5, - "mode": "opacity" - }, - "dataFormat": "timeseries", - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "Query response time in seconds", - "fieldConfig": { - "defaults": { - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "scaleDistribution": { - "type": "linear" - } - } - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 16, - "x": 0, - "y": 3 - }, - "heatmap": {}, - "hideZeroBuckets": false, - "highlightCards": true, - "id": 46, - "legend": { - "show": false - }, - "options": { - "calculate": true, - "calculation": {}, - "cellGap": 1, - "cellValues": {}, - "color": { - "exponent": 0.5, - "fill": "#3274D9", - "mode": "opacity", - "scale": "exponential", - "scheme": "Oranges", - "steps": 128 - }, - "exemplars": { - "color": "rgba(255,0,255,0.7)" - }, - "filterValues": { - "le": 1e-9 - }, - "legend": { - "show": false - }, - "rowsFrame": { - "layout": "ge" - }, - "showValue": "never", - "tooltip": { - "show": true, - "yHistogram": true - }, - "yAxis": { - "axisPlacement": "left", - "decimals": 0, - "min": "0", - "reverse": false, - "unit": "s" - } - }, - "pluginVersion": "9.1.0", - "reverseYBuckets": false, - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "rate(unbound_response_time_seconds_bucket{instance=\"$instance\", le=~\"0.001024|0.002048|0.004096|0.008192|0.016384|0.032768|0.065536|0.131072|0.262144|0.524288|1|2|4|8|16|32|64\"}[$__range])", - "format": "heatmap", - "instant": false, - "intervalFactor": 1, - "legendFormat": "{{le}}", - "refId": "A" - } - ], - "title": "Response time", - "tooltip": { - "show": true, - "showHistogram": true - }, - "type": "heatmap", - "xAxis": { - "show": true - }, - "yAxis": { - "decimals": 0, - "format": "s", - "logBase": 1, - "min": "0", - "show": true - }, - "yBucketBound": "upper" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - } - }, - "mappings": [] - }, - "overrides": [] - }, - "gridPos": { - "h": 7, - "w": 8, - "x": 16, - "y": 3 - }, - "id": 37, - "links": [], - "maxDataPoints": 3, - "options": { - "displayLabels": ["value"], - "legend": { - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "pieType": "pie", - "reduceOptions": { - "calcs": ["lastNotNull"], - "fields": "", - "values": false - }, - "tooltip": { - "mode": "single", - "sort": "none" - } - }, - "pluginVersion": "8.3.6", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(increase(unbound_cache_hits_total{instance=\"$instance\"}[$__range]))", - "legendFormat": "Hits", - "range": true, - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "exemplar": true, - "expr": "sum(increase(unbound_cache_misses_total{instance=\"$instance\"}[$__range]))", - "format": "time_series", - "interval": "", - "legendFormat": "Misses", - "range": true, - "refId": "B" - } - ], - "title": "Cache hit/miss ratio", - "type": "piechart" - }, - { - "collapsed": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 10 - }, - "id": 12, - "panels": [], - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Queries", - "type": "row" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total number of queries that were made using TCP towards the Unbound server at the selected time range.", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "rgb(31, 120, 193)", - "mode": "fixed" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 5, - "x": 0, - "y": 11 - }, - "id": 16, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["sum"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "increase(unbound_query_tcp_total{instance=\"$instance\"}[$__range])", - "refId": "A" - } - ], - "title": "Incoming TCP queries", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total number of queries that were made using TCP towards the Unbound server at the selected time range.", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "rgb(31, 120, 193)", - "mode": "fixed" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 5, - "x": 5, - "y": 11 - }, - "id": 22, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["sum"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "increase(unbound_query_tcp_out_total{instance=\"$instance\"}[$__range])", - "refId": "A" - } - ], - "title": "Outgoing TCP queries", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total number of queries that had been rate limited at the selected time range.", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "rgb(31, 120, 193)", - "mode": "fixed" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 10, - "y": 11 - }, - "id": 50, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["sum"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "increase(unbound_query_ratelimited_total{instance=\"$instance\"}[$__range])", - "refId": "A" - } - ], - "title": "Rate limited queries", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total number of queries that were made using TLS towards the Unbound server at the selected time range.", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "rgb(31, 120, 193)", - "mode": "fixed" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 5, - "x": 14, - "y": 11 - }, - "id": 18, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["sum"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "increase(unbound_query_tls_total{instance=\"$instance\"}[$__range])", - "refId": "A" - } - ], - "title": "Incoming TLS queries", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total number of queries that were made using TLS resumption at the selected time range.", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "rgb(31, 120, 193)", - "mode": "fixed" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 5, - "x": 19, - "y": 11 - }, - "id": 19, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["sum"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "increase(unbound_query_tls_resume_total{instance=\"$instance\"}[$__range])", - "refId": "A" - } - ], - "title": "TLS resumption queries", - "type": "stat" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total number of queries that were made using IPv6 towards the Unbound server at the selected time range.", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "rgb(31, 120, 193)", - "mode": "fixed" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 5, - "x": 0, - "y": 14 - }, - "id": 20, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["sum"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "increase(unbound_query_ipv6_total{instance=\"$instance\"}[$__range])", - "range": true, - "refId": "A" - } - ], - "title": "IPv6 queries", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total amount of answers that were secure (AD) at the selected time range.", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "rgb(31, 120, 193)", - "mode": "fixed" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 5, - "x": 5, - "y": 14 - }, - "id": 51, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["sum"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "increase(unbound_answers_secure_total{instance=\"$instance\"}[$__range])", - "refId": "A" - } - ], - "title": "Secure answers", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total amount of answers that were bogus (withheld as SERVFAIL) at the selected time range.", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "rgb(31, 120, 193)", - "mode": "fixed" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 4, - "x": 10, - "y": 14 - }, - "id": 52, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["sum"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "increase(unbound_answers_bogus_total{instance=\"$instance\"}[$__range])", - "range": true, - "refId": "A" - } - ], - "title": "Bogus answers", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total number of queries that had an EDNS OPT record present at the selected time range.", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "rgb(31, 120, 193)", - "mode": "fixed" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 5, - "x": 14, - "y": 14 - }, - "id": 17, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["sum"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "increase(unbound_query_edns_present_total{instance=\"$instance\"}[$__range])", - "refId": "A" - } - ], - "title": "EDNS OPT queries", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total number of queries that had an EDNS OPT record with the DO (DNSSEC OK) bit set present at the selected time range.", - "fieldConfig": { - "defaults": { - "color": { - "fixedColor": "rgb(31, 120, 193)", - "mode": "fixed" - }, - "mappings": [ - { - "options": { - "match": "null", - "result": { - "text": "N/A" - } - }, - "type": "special" - } - ], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "none" - }, - "overrides": [] - }, - "gridPos": { - "h": 3, - "w": 5, - "x": 19, - "y": 14 - }, - "id": 21, - "links": [], - "maxDataPoints": 100, - "options": { - "colorMode": "none", - "graphMode": "area", - "justifyMode": "auto", - "orientation": "horizontal", - "reduceOptions": { - "calcs": ["sum"], - "fields": "", - "values": false - }, - "textMode": "auto" - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "increase(unbound_query_edns_DO_total{instance=\"$instance\"}[$__range])", - "refId": "A" - } - ], - "title": "EDNS OPT + DNSSEC OK queries", - "type": "stat" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total number of queries with a given query type", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "reqps" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 17 - }, - "id": 35, - "options": { - "legend": { - "calcs": [], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(unbound_query_types_total{instance=\"$instance\"}[$__range])", - "legendFormat": "{{type}}", - "refId": "A" - } - ], - "title": "Total queries by type", - "type": "timeseries" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total number of answers by rcode", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "reqps" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "NXDOMAIN" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "dark-orange", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "SERVFAIL" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "dark-red", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 17 - }, - "id": 40, - "options": { - "legend": { - "calcs": [], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(unbound_answer_rcodes_total{instance=\"$instance\"}[$__range])", - "legendFormat": "{{rcode}}", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(unbound_answers_secure_total{instance=\"$instance\"}[$__range])", - "legendFormat": "Secure (AD)", - "refId": "B" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(unbound_answers_bogus_total{instance=\"$instance\"}[$__range])", - "legendFormat": "Bogus (SERVFAIL)", - "refId": "C" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(unbound_rrset_bogus_total{instance=\"$instance\"}[$__range])", - "legendFormat": "RRset bogus", - "refId": "D" - } - ], - "title": "Total answers by rcode", - "type": "timeseries" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total number of queries with a given query class", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "reqps" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 25 - }, - "id": 38, - "options": { - "legend": { - "calcs": [], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(unbound_query_classes_total{instance=\"$instance\"}[$__range])", - "legendFormat": "{{class}}", - "refId": "A" - } - ], - "title": "Total queries by class", - "type": "timeseries" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total number of queries with a given query opcode", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "reqps" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 25 - }, - "id": 39, - "options": { - "legend": { - "calcs": [], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(unbound_query_opcodes_total{instance=\"$instance\"}[$__range])", - "legendFormat": "{{opcode}}", - "refId": "A" - } - ], - "title": "Total queries by opcode", - "type": "timeseries" - }, - { - "collapsed": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 33 - }, - "id": 54, - "panels": [], - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Request list", - "type": "row" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Current size of the request list, including internally generated queries", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 24, - "x": 0, - "y": 34 - }, - "id": 55, - "options": { - "legend": { - "calcs": ["lastNotNull"], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(unbound_request_list_current_all{instance=\"$instance\"}[$__range]))", - "legendFormat": "all", - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(rate(unbound_request_list_current_user{instance=\"$instance\"}[$__range]))", - "legendFormat": "user", - "refId": "B" - } - ], - "title": "Request list size", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "Number of queries that were dropped because the request list was full", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 42 - }, - "id": 56, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(rate(unbound_request_list_exceeded_total{instance=\"$instance\"}[$__range]))", - "legendFormat": "", - "range": true, - "refId": "A" - } - ], - "title": "Total exceeded queries", - "type": "timeseries" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total number of requests in the request list that were overwritten by newer entries", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 42 - }, - "id": 57, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(rate(unbound_request_list_overwritten_total{instance=\"$instance\"}[$__range]))", - "legendFormat": "", - "range": true, - "refId": "A" - } - ], - "title": "Total overwritten queries", - "type": "timeseries" - }, - { - "collapsed": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 50 - }, - "id": 30, - "panels": [], - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "DNSCrypt", - "type": "row" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total number of queries that were encrypted and successfully decapsulated by dnscrypt", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "reqps" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 51 - }, - "id": 28, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": false - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(rate(unbound_dnscrypt_valid_queries_total{instance=\"$instance\"}[$__range]))", - "range": true, - "refId": "A" - } - ], - "title": "Total successful queries", - "type": "timeseries" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total number of queries that were requesting dnscrypt certificates", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "reqps" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 51 - }, - "id": 31, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": false - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(irate(unbound_dnscrypt_cert_queries_total{instance=\"$instance\"}[$__range]))", - "refId": "A" - } - ], - "title": "Total certificate requesting queries", - "type": "timeseries" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total number of queries received on dnscrypt port that were cleartext and not a request for certificates", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "reqps" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 59 - }, - "id": 32, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": false - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(irate(unbound_dnscrypt_cleartext_queries_total{instance=\"$instance\"}[$__range]))", - "refId": "A" - } - ], - "title": "Total received cleartext queries", - "type": "timeseries" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Total number of requests that were neither cleartext, not valid dnscrypt messages", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "reqps" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 59 - }, - "id": 33, - "options": { - "legend": { - "calcs": [], - "displayMode": "list", - "placement": "bottom", - "showLegend": false - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(irate(unbound_dnscrypt_malformed_queries_total{instance=\"$instance\"}[$__range]))", - "refId": "A" - } - ], - "title": "Total malformed queries", - "type": "timeseries" - }, - { - "collapsed": false, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "gridPos": { - "h": 1, - "w": 24, - "x": 0, - "y": 67 - }, - "id": 43, - "panels": [], - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "refId": "A" - } - ], - "title": "Cache", - "type": "row" - }, - { - "datasource": { - "type": "prometheus", - "uid": "${DS_PROMETHEUS}" - }, - "description": "Hits: total number of queries that were successfully answered using a cache lookup.\n\nMisses: total number of cache queries that needed recursive processing", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "min": 0, - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "ops" - }, - "overrides": [ - { - "matcher": { - "id": "byName", - "options": "hits" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#73BF69", - "mode": "fixed" - } - } - ] - }, - { - "matcher": { - "id": "byName", - "options": "misses" - }, - "properties": [ - { - "id": "color", - "value": { - "fixedColor": "#F2495C", - "mode": "fixed" - } - } - ] - } - ] - }, - "gridPos": { - "h": 7, - "w": 24, - "x": 0, - "y": 68 - }, - "id": 60, - "options": { - "legend": { - "calcs": ["mean", "lastNotNull"], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "editorMode": "code", - "expr": "sum(irate(unbound_cache_hits_total{instance=\"$instance\"}[$__range]))", - "legendFormat": "hits", - "range": true, - "refId": "A" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "sum(irate(unbound_cache_misses_total{instance=\"$instance\"}[$__range]))", - "legendFormat": "misses", - "refId": "B" - } - ], - "title": "Cache hits / misses", - "type": "timeseries" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "Memory in bytes by caches", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "bytes" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 0, - "y": 75 - }, - "id": 6, - "options": { - "legend": { - "calcs": ["lastNotNull"], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "rate(unbound_memory_caches_bytes{instance=\"$instance\"}[$__range])", - "legendFormat": "{{cache}}", - "refId": "A" - } - ], - "title": "Cache size", - "type": "timeseries" - }, - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "description": "The number of cached entries", - "fieldConfig": { - "defaults": { - "color": { - "mode": "palette-classic" - }, - "custom": { - "axisCenteredZero": false, - "axisColorMode": "text", - "axisLabel": "", - "axisPlacement": "auto", - "barAlignment": 0, - "drawStyle": "line", - "fillOpacity": 10, - "gradientMode": "none", - "hideFrom": { - "legend": false, - "tooltip": false, - "viz": false - }, - "lineInterpolation": "linear", - "lineWidth": 1, - "pointSize": 5, - "scaleDistribution": { - "type": "linear" - }, - "showPoints": "never", - "spanNulls": false, - "stacking": { - "group": "A", - "mode": "none" - }, - "thresholdsStyle": { - "mode": "off" - } - }, - "links": [], - "mappings": [], - "thresholds": { - "mode": "absolute", - "steps": [ - { - "color": "green", - "value": null - }, - { - "color": "red", - "value": 80 - } - ] - }, - "unit": "short" - }, - "overrides": [] - }, - "gridPos": { - "h": 8, - "w": 12, - "x": 12, - "y": 75 - }, - "id": 41, - "options": { - "legend": { - "calcs": ["lastNotNull"], - "displayMode": "table", - "placement": "right", - "showLegend": true - }, - "tooltip": { - "mode": "multi", - "sort": "none" - } - }, - "pluginVersion": "9.1.0", - "targets": [ - { - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "expr": "unbound_cache_count_total{instance=\"$instance\"}", - "legendFormat": "{{type}}", - "refId": "A" - } - ], - "title": "Cached entries", - "type": "timeseries" - } - ], - "refresh": "5s", - "schemaVersion": 37, - "style": "dark", - "tags": [], - "templating": { - "list": [ - { - "current": { - "selected": false, - "text": "manwe:9167", - "value": "manwe:9167" - }, - "datasource": { - "uid": "${DS_PROMETHEUS}" - }, - "definition": "label_values(unbound_up, instance)", - "hide": 0, - "includeAll": false, - "multi": false, - "name": "instance", - "options": [], - "query": { - "query": "label_values(unbound_up, instance)", - "refId": "Prometheus-instance-Variable-Query" - }, - "refresh": 2, - "regex": "", - "skipUrlSync": false, - "sort": 0, - "tagValuesQuery": "", - "tagsQuery": "", - "type": "query", - "useTags": false - }, - { - "current": { - "selected": false, - "text": "Prometheus", - "value": "Prometheus" - }, - "hide": 0, - "includeAll": false, - "label": "datasource", - "multi": false, - "name": "DS_PROMETHEUS", - "options": [], - "query": "prometheus", - "refresh": 1, - "regex": "", - "skipUrlSync": false, - "type": "datasource" - } - ] - }, - "time": { - "from": "now-1h", - "to": "now" - }, - "timepicker": { - "refresh_intervals": [ - "5s", - "10s", - "30s", - "1m", - "5m", - "15m", - "30m", - "1h", - "2h", - "1d" - ], - "time_options": ["5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d"] - }, - "timezone": "", - "title": "Unbound", - "uid": "Eighooghi", - "version": 1, - "weekStart": "" -} diff --git a/modules/nixfiles/monitoring/default.nix b/modules/nixfiles/monitoring/default.nix deleted file mode 100644 index 4ff4c50..0000000 --- a/modules/nixfiles/monitoring/default.nix +++ /dev/null @@ -1,176 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.monitoring; -in { - options.nixfiles.modules.monitoring.enable = mkEnableOption '' - a custom monitoring stack bas on the Grafana Labs toolkit - ''; - - config = mkIf cfg.enable { - nixfiles.modules = { - grafana.enable = true; - loki.enable = true; - prometheus.enable = true; - alertmanager.enable = true; - }; - - services = { - grafana.provision = { - enable = true; - - # https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources - datasources.settings.datasources = with config.nixfiles.modules; [ - { - name = "Prometheus"; - type = "prometheus"; - access = "proxy"; - url = "https://${prometheus.domain}"; - isDefault = true; - } - { - name = "Loki"; - type = "loki"; - access = "proxy"; - url = "https://${loki.domain}"; - } - ]; - - # https://grafana.com/docs/grafana/latest/administration/provisioning/#dashboards - dashboards.settings.providers = [ - # System dashboard is imported manually from here[1]. Too bad - # provisioned dashboards cannot properly integrate dynamic datasources - # yet. - # - # [1]: https://grafana.com/grafana/dashboards/1860-node-exporter-full - { - name = "endlessh"; - options.path = ./dashboards/endlessh.json; - } - { - name = "unbound"; - options.path = ./dashboards/unbound.json; - } - { - name = "nginx"; - options.path = ./dashboards/nginx.json; - } - { - name = "postgersql"; - options.path = ./dashboards/postgresql.json; - } - ]; - }; - - loki.configuration.ruler.alertmanager_url = "https://${config.nixfiles.modules.alertmanager.domain}"; - - prometheus = { - # It would be nice if these could be generated dynamically. That would - # require a complete rework of how configurations are defined, though. - scrapeConfigs = let - mkTargets = hosts: port: map (host: "${host.hostname}:${toString port}") hosts; - in - with my.configurations; - with config.services.prometheus.exporters; [ - { - job_name = "endlessh-go"; - static_configs = [ - { - targets = - mkTargets - [ - manwe - varda - yavanna - ] - config.services.endlessh-go.prometheus.port; - } - ]; - } - { - job_name = "nginx"; - static_configs = [ - { - targets = - mkTargets - [ - manwe - varda - yavanna - ] - nginx.port; - } - ]; - } - { - job_name = "node"; - static_configs = [ - { - targets = - mkTargets - [ - manwe - varda - yavanna - ] - node.port; - } - ]; - } - { - job_name = "postgres"; - static_configs = [ - { - targets = - mkTargets - [ - manwe - ] - postgres.port; - } - ]; - } - { - job_name = "unbound"; - static_configs = [ - { - targets = - mkTargets - [ - manwe - ] - unbound.port; - } - ]; - } - { - job_name = "wireguard"; - static_configs = [ - { - targets = - mkTargets - [ - manwe - ] - wireguard.port; - } - ]; - } - ]; - - alertmanagers = [ - { - scheme = "https"; - static_configs = [ - {targets = [config.nixfiles.modules.alertmanager.domain];} - ]; - } - ]; - }; - }; - }; -} diff --git a/modules/nixfiles/nextcloud.nix b/modules/nixfiles/nextcloud.nix deleted file mode 100644 index 69bea8a..0000000 --- a/modules/nixfiles/nextcloud.nix +++ /dev/null @@ -1,133 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.nextcloud; -in { - options.nixfiles.modules.nextcloud = { - enable = mkEnableOption "Nextcloud"; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = "nextcloud.${config.networking.domain}"; - }; - }; - - config = mkIf cfg.enable { - nixfiles.modules = { - nginx = { - enable = true; - virtualHosts.${cfg.domain} = {}; - }; - postgresql.enable = true; - }; - - services = let - db = "nextcloud"; - in { - nextcloud = mkMerge [ - { - enable = true; - package = pkgs.nextcloud23; - - hostName = cfg.domain; - - appstoreEnable = false; - - config = { - adminpassFile = null; # This needs to be set as secret. - - dbtype = "pgsql"; - dbhost = "/run/postgresql"; - dbuser = db; - dbname = db; - - defaultPhoneRegion = "RU"; - }; - - extraApps = let - mkNextcloudApp = { - name, - version, - hash, - }: - pkgs.fetchNextcloudApp { - inherit name version hash; - url = "https://github.com/nextcloud/${name}/archive/refs/tags/v${version}.tar.gz"; - }; - in { - contacts = mkNextcloudApp { - name = "contacts"; - version = "4.0.1"; - sha256 = "sha256-dXKsG8KmlUojeY5dUn/XsMD3KaSh4QcZFOGDdcqlSvE="; - }; - calendar = mkNextcloudApp { - name = "calendar"; - version = "3.0.5"; - sha256 = "sha256-aKUKm7fWJQxOWwma56Tv+GGIo+p0n30Nhoyt4XoxsjI="; - }; - files_rightclick = mkNextcloudApp { - name = "files_rightclick"; - version = "23.0.1"; - sha256 = "sha256-VYODzkvvGrtpyRoug/8UPKhAgfCx1ltP1JdGPiB/lts="; - }; - unsplash = mkNextcloudApp { - name = "unsplash"; - version = "1.2.4"; - sha256 = "sha256-KGSkBOrNu0nK0YvAPYaxEL/kZNoJQD1oBV2aUBxh6cI="; - }; - previewgenerator = mkNextcloudApp { - name = "previewgenerator"; - version = "3.4.1"; - sha256 = "sha256-IUdj0xWt5zHxQoiMv1bYyYTzekuOFrsRIe530QOwC/w="; - }; - bruteforcesettings = mkNextcloudApp { - name = "bruteforcesettings"; - version = "2.3.0"; - sha256 = "sha256-J7ujmiPaw8GI7vDfVPXEum2XAMWvahciP8C6iXgckdE="; - }; - }; - } - (mkIf config.nixfiles.modules.acme.enable { - https = true; - config.overwriteProtocol = "https"; - }) - ]; - - postgresql = { - ensureDatabases = [db]; - ensureUsers = [ - { - name = db; - ensurePermissions."DATABASE \"${db}\"" = "ALL"; - } - ]; - }; - }; - - systemd = { - services = { - nextcloud-setup.after = ["network-online.target" "postgresql.service"]; - - nextcloud-preview-generate-cron.serviceConfig = { - Type = "oneshot"; - User = "nextcloud"; - ExecStart = "${config.services.nextcloud.occ}/bin/nextcloud-occ preview:pre-generate"; - }; - }; - - timers.nextcloud-preview-generate = { - wantedBy = ["timers.target"]; - timerConfig = { - OnBootSec = "15m"; - OnUnitActiveSec = "15m"; - Unit = "nextcloud-preview-generate-cron.service"; - }; - }; - }; - }; -} diff --git a/modules/nixfiles/nginx.nix b/modules/nixfiles/nginx.nix deleted file mode 100644 index b8ab24d..0000000 --- a/modules/nixfiles/nginx.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ - config, - lib, - pkgs, - this, - ... -}: -with lib; let - cfg = config.nixfiles.modules.nginx; -in { - options.nixfiles.modules.nginx = { - enable = mkEnableOption "Nginx"; - - upstreams = mkOption { - description = "Defines a group of servers to use as proxy target."; - type = with types; anything; - default = null; - }; - - virtualHosts = mkOption { - description = "Attrset of virtual hosts."; - type = with types; anything; - default = null; - }; - }; - - config = mkIf cfg.enable { - services = { - nginx = { - enable = true; - enableReload = true; - - package = pkgs.nginxMainline; - - statusPage = true; - - serverTokens = false; - - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - - commonHttpConfig = concatStrings [ - '' - add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet"; - '' - (optionalString (hasAttr "wireguard" this) - (with config.nixfiles.modules.wireguard; '' - geo $internal { - default 0; - 127.0.0.1/32 1; - ::1/128 1; - ${ipv4.subnet} 1; - ${ipv6.subnet} 1; - } - '')) - ]; - - inherit (cfg) upstreams; - - virtualHosts = - { - default = { - default = true; - rejectSSL = true; - locations."/".return = "444"; - }; - } - // (mkIf (cfg.virtualHosts != null) (mapAttrs (_: attr: - mkMerge [ - attr - (mkIf config.nixfiles.modules.acme.enable { - enableACME = true; - forceSSL = true; - }) - ]) - cfg.virtualHosts)); - }; - - fail2ban.jails = { - nginx-http-auth = '' - enabled = true - ''; - nginx-botsearch = '' - enabled = true - ''; - }; - - prometheus.exporters.nginx = { - enable = true; - listenAddress = mkDefault this.wireguard.ipv4.address; - port = mkDefault 9113; - }; - }; - - networking.firewall.allowedTCPPorts = [80 443]; - }; -} diff --git a/modules/nixfiles/nmap.nix b/modules/nixfiles/nmap.nix index 14ad007..65877be 100644 --- a/modules/nixfiles/nmap.nix +++ b/modules/nixfiles/nmap.nix @@ -55,10 +55,5 @@ in { ''; }; }; - - system.extraDependencies = with inputs; [ - nmap-vulners - nmap-vulscan - ]; }; } diff --git a/modules/nixfiles/node-exporter.nix b/modules/nixfiles/node-exporter.nix deleted file mode 100644 index 43f48f6..0000000 --- a/modules/nixfiles/node-exporter.nix +++ /dev/null @@ -1,34 +0,0 @@ -{ - config, - lib, - this, - ... -}: -with lib; let - cfg = config.nixfiles.modules.node-exporter; -in { - options.nixfiles.modules.node-exporter.enable = mkEnableOption "Prometheus Node Exporter"; - - config = mkIf cfg.enable { - services.prometheus.exporters.node = { - enable = true; - listenAddress = mkDefault this.wireguard.ipv4.address; - port = 9100; - enabledCollectors = [ - "buddyinfo" - "cgroups" - "ethtool" - "interrupts" - "ksmd" - "lnstat" - "logind" - "mountstats" - "network_route" - "processes" - "qdisc" - "systemd" - "zoneinfo" - ]; - }; - }; -} diff --git a/modules/nixfiles/nsd.nix b/modules/nixfiles/nsd.nix deleted file mode 100644 index f5a7d84..0000000 --- a/modules/nixfiles/nsd.nix +++ /dev/null @@ -1,176 +0,0 @@ -{ - config, - inputs, - lib, - this, - ... -}: -with lib; let - cfg = config.nixfiles.modules.nsd; -in { - options.nixfiles.modules.nsd = { - enable = mkEnableOption "NSD"; - - fqdn = mkOption { - description = "FQDN of this nameserver."; - type = with types; str; - default = "ns.${config.networking.domain}"; - }; - }; - - config = mkIf cfg.enable { - services = { - nsd = { - enable = true; - interfaces = with this; [ipv4.address ipv6.address]; - ipTransparent = true; - ratelimit.enable = true; - - zones = let - dns = inputs.dns-nix.lib; - in - with dns.combinators; let - ips = hostname: - with my.configurations.${hostname}; { - A = [(a ipv4.address)]; - AAAA = [(aaaa ipv6.address)]; - }; - - mkEmailEntries = { - domain ? my.domain.shire, - dkimKey ? null, - }: { - MX = [(mx.mx 10 "${domain}.")]; - TXT = [(spf.strict ["a" "mx"])]; - DMARC = [ - { - p = "quarantine"; - sp = "quarantine"; - rua = ["mailto:admin+rua@${domain}"]; - ruf = ["mailto:admin+ruf@${domain}"]; - } - ]; - DKIM = optional (dkimKey != null) { - selector = "mail"; - p = dkimKey; - }; - }; - - mkZone = { - domain, - sldIps ? (ips "manwe"), - extra ? {}, - }: { - ${domain}.data = dns.toString domain (mkMerge [ - { - TTL = 60 * 60; - - SOA = { - nameServer = "${cfg.fqdn}."; - adminEmail = "admin+dns@${my.domain.shire}"; - serial = 2022091601; # Don't forget to bump the revision! - }; - - NS = with my.domain; [ - "ns1.${shire}" - # "ns2.${shire}" - ]; - - CAA = letsEncrypt "admin+caa@${my.domain.shire}"; - } - sldIps - extra - ]); - }; - - # https://ariadne.id/ - # https://docs.keyoxide.org/service-providers/dns/ - ariadneIdProof.TXT = ["openpgp4fpr:${my.pgp.fingerprint}"]; - in - mkMerge [ - (mkZone { - domain = my.domain.shire; - extra = mkMerge [ - (mkEmailEntries { - dkimKey = "@DKIM_KEY@"; - }) - { - subdomains = rec { - manwe = ips "manwe"; - "*.manwe" = manwe; - varda = ips "varda"; - "*.varda" = varda; - yavanna = ips "yavanna"; - "*.yavanna" = yavanna; - - ns1 = manwe; - # ns2 = varda; - - alertmanager = manwe; - bitwarden = manwe; - git = manwe; - gotify = manwe; - grafana = manwe; - loki = manwe; - prometheus = manwe; - radicale = manwe; - rss-bridge = manwe; - vaultwarden = manwe; - - minecraft = varda; - - flood = yavanna; - }; - } - ]; - }) - (mkZone { - domain = my.domain.azahi; - extra = mkMerge [ - (mkEmailEntries { - dkimKey = "@DKIM_KEY@"; - }) - ariadneIdProof - { - subdomains.git = ips "manwe"; - } - ]; - }) - (mkZone { - domain = my.domain.gondor; - extra = mkMerge [ - (mkEmailEntries { - dkimKey = "@DKIM_KEY@"; - }) - { - subdomains.frodo = ips "manwe" // ariadneIdProof; - } - ]; - }) - (mkZone { - domain = my.domain.rohan; - extra = mkMerge [ - (mkEmailEntries { - dkimKey = "@DKIM_KEY@"; - }) - { - subdomains.frodo = ips "manwe" // ariadneIdProof; - } - ]; - }) - ]; - }; - - fail2ban.jails.nsd = '' - enabled = true - ''; - }; - - networking.firewall = rec { - allowedTCPPorts = [53]; - allowedUDPPorts = allowedTCPPorts; - }; - - system.extraDependencies = [inputs.dns-nix]; - }; -} diff --git a/modules/nixfiles/openssh.nix b/modules/nixfiles/openssh.nix index bf470ca..4b80809 100644 --- a/modules/nixfiles/openssh.nix +++ b/modules/nixfiles/openssh.nix @@ -7,80 +7,52 @@ with lib; let cfg = config.nixfiles.modules.openssh; in { - options.nixfiles.modules.openssh = { - client.enable = mkEnableOption "OpenSSH client"; - server.enable = mkEnableOption "OpenSSH server"; + options.nixfiles.modules.openssh.client.enable = + mkEnableOption "OpenSSH client"; + + config = mkIf cfg.client.enable { + hm = { + home.packages = with pkgs; [mosh sshfs]; + + programs.ssh = { + enable = true; + + hashKnownHosts = true; + + controlMaster = "auto"; + controlPersist = "24H"; + + serverAliveCountMax = 30; + serverAliveInterval = 60; + + matchBlocks = let + mkBlock = name: { + hostname ? name, + port ? 22022, # NOTE This is not the default OpenSSH port. + user ? my.username, + identityFile ? "${config.my.home}/.ssh/${my.username}_${my.ssh.type}", + extraAttrs ? {}, + }: + nameValuePair name ({inherit hostname port user identityFile;} + // extraAttrs); + + internalServers = + mapAttrs' mkBlock + (mapAttrs (name: _: { + hostname = "${name}.${my.domain.shire}"; + }) (filterAttrs (_: attr: + hasAttr "wireguard" attr + && attr.isHeadless) + my.configurations)); + in + internalServers + // (mapAttrs' mkBlock { + gitolite = { + user = "git"; + hostname = "git.${my.domain.shire}"; + }; + }); + }; + }; }; - - config = let - port = 22022; # Port 22 should be occupied by endlessh. - in - mkMerge [ - (mkIf cfg.client.enable { - hm = { - home.packages = with pkgs; [mosh sshfs]; - - programs.ssh = { - enable = true; - - hashKnownHosts = true; - - controlMaster = "auto"; - controlPersist = "24H"; - - serverAliveCountMax = 30; - serverAliveInterval = 60; - - matchBlocks = let - mkBlock = name: { - hostname ? name, - port ? 22, - user ? my.username, - identityFile ? "${config.my.home}/.ssh/id_ed25519", - extraAttrs ? {}, - }: - nameValuePair name ({inherit hostname port user identityFile;} - // extraAttrs); - - internalServers = - mapAttrs' mkBlock - (mapAttrs (name: _: { - hostname = "${name}.${my.domain.shire}"; - inherit port; - }) (filterAttrs (_: attr: - hasAttr "wireguard" attr - && attr.isHeadless) - my.configurations)); - in - internalServers - // (mapAttrs' mkBlock { - gitolite = { - user = "git"; - hostname = "git.${my.domain.shire}"; - inherit port; - }; - }); - }; - }; - }) - (mkIf cfg.server.enable { - programs.mosh.enable = true; - - services = { - openssh = { - enable = true; - ports = [port]; - logLevel = "VERBOSE"; # Required by fail2ban. - permitRootLogin = "no"; - passwordAuthentication = false; - }; - - fail2ban.jails.sshd = '' - enabled = true - mode = aggressive - port = ${toString port} - ''; - }; - }) - ]; } diff --git a/modules/nixfiles/password-store.nix b/modules/nixfiles/password-store.nix index 7eac85e..1de8a55 100644 --- a/modules/nixfiles/password-store.nix +++ b/modules/nixfiles/password-store.nix @@ -7,7 +7,8 @@ with lib; let cfg = config.nixfiles.modules.password-store; in { - options.nixfiles.modules.password-store.enable = mkEnableOption "Unix pass"; + options.nixfiles.modules.password-store.enable = + mkEnableOption "the standard UNIX password manager"; config = mkIf cfg.enable { hm.programs = { @@ -16,7 +17,7 @@ in { package = pkgs.pass.withExtensions (p: with p; [pass-otp]); - settings.PASSWORD_STORE_DIR = "${config.dirs.data}/password-store"; + settings.PASSWORD_STORE_DIR = "${config.my.home}/.password-store"; }; # https://github.com/NixOS/nixpkgs/issues/183604 diff --git a/modules/nixfiles/podman.nix b/modules/nixfiles/podman.nix deleted file mode 100644 index 1c5378b..0000000 --- a/modules/nixfiles/podman.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ - config, - lib, - inputs, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.podman; -in { - options.nixfiles.modules.podman.enable = mkEnableOption "Podman"; - - config = mkIf cfg.enable { - assertions = [ - { - assertion = !config.nixfiles.modules.docker.enable; - message = "Pick only one!"; - } - ]; - - secrets.containers-auth = { - file = "${inputs.self}/secrets/containers-auth"; - path = "${config.dirs.config}/containers/auth.json"; - owner = my.username; - inherit (config.my) group; - }; - - virtualisation.podman.enable = true; - - environment.systemPackages = with pkgs; [podman-compose]; - - my.extraGroups = ["podman"]; - - hm.programs.bash = { - shellAliases.p = "${pkgs.podman}/bin/podman"; - initExtra = mkAfter '' - _complete_alias p __start_podman podman - ''; - }; - }; -} diff --git a/modules/nixfiles/postgresql.nix b/modules/nixfiles/postgresql.nix deleted file mode 100644 index df05e7e..0000000 --- a/modules/nixfiles/postgresql.nix +++ /dev/null @@ -1,87 +0,0 @@ -{ - config, - lib, - pkgs, - this, - ... -}: -with lib; let - cfg = config.nixfiles.modules.postgresql; -in { - options.nixfiles.modules.postgresql = { - enable = mkEnableOption "PostgreSQL"; - - package = mkOption { - type = types.package; - default = pkgs.postgresql_15; - description = "PostgreSQL package to use."; - }; - - extraPostStart = mkOption { - type = with types; listOf str; - default = []; - description = '' - Additional post-startup commands. - - This could be used to provide a crude interface to grant permissions and - such. - ''; - }; - }; - - config = mkIf cfg.enable { - assertions = [ - { - assertion = any (x: x == "en_GB.UTF-8/UTF-8") config.i18n.supportedLocales; - message = "The locale must be available"; - } - ]; - - services = { - postgresql = { - enable = true; - - inherit (cfg) package; - - initdbArgs = [ - "--encoding=UTF8" - "--locale-provider=icu" - "--icu-locale=en_GB@collation=posix" - "--locale=en_GB.UTF-8" - "--lc-collate=C" - "--lc-ctype=C" - ]; - - authentication = '' - local all all trust - ''; - }; - - prometheus.exporters.postgres = { - enable = true; - listenAddress = mkDefault this.wireguard.ipv4.address; - port = mkDefault 9187; - }; - }; - - systemd.services.postgresql.postStart = - optionalString (cfg.extraPostStart != []) - concatStringsSep "\n" - cfg.extraPostStart; - - environment.sessionVariables.PSQLRC = toString (pkgs.writeText "psqlrc" '' - \set QUIET 1 - - \timing - \x auto - \pset null '[NULL]' - \set PROMPT1 '%[%033[1m%]%M %n@%/%R%[%033[0m%]% λ ' - \set PROMPT2 ' … > ' - \set VERBOSITY verbose - \set HISTCONTROL ignoredups - \set HISTFILE /dev/null - - \unset QUIET - ''); - }; -} diff --git a/modules/nixfiles/profiles/default.nix b/modules/nixfiles/profiles/default.nix index 356413a..7d5ee8e 100644 --- a/modules/nixfiles/profiles/default.nix +++ b/modules/nixfiles/profiles/default.nix @@ -77,32 +77,14 @@ in { vim.enable = true; }; - # home-manager.users.root.home.file.".bash_history".source = - # config.hm.lib.file.mkOutOfStoreSymlink "/dev/null"; - - hm.home.language = { - collate = "C"; - messages = "C"; - }; - - programs.less = { - enable = true; - envVariables.LESSHISTFILE = "-"; - }; + time.timeZone = mkDefault "Europe/Moscow"; environment.systemPackages = with pkgs; [ - cryptsetup ddrescue file git gnupg - lshw - lsof - pciutils - psmisc tree - usbutils - util-linux ]; }; } diff --git a/modules/nixfiles/profiles/dev/containers.nix b/modules/nixfiles/profiles/dev/containers.nix index da7aa27..7ec6768 100644 --- a/modules/nixfiles/profiles/dev/containers.nix +++ b/modules/nixfiles/profiles/dev/containers.nix @@ -14,12 +14,9 @@ in { }; config = mkIf cfg.enable { - nixfiles.modules.podman.enable = true; - hm = { home = { sessionVariables = { - MINIKUBE_HOME = "${config.dirs.config}/minikube"; MINIKUBE_IN_STYLE = "false"; WERF_DEV = "true"; WERF_INSECURE_REGISTRY = "true"; @@ -31,15 +28,16 @@ in { }; packages = with pkgs; [ - buildah chart-testing cmctl datree helm kubectl kubectx + kubelogin kubescape kubespy + lima minikube skaffold skopeo @@ -49,12 +47,6 @@ in { ]; }; - xdg.dataFile."minikube/config/config.json".text = generators.toJSON {} { - config.Rootless = true; - driver = "podman"; - container-runtime = "cri-o"; - }; - programs.bash = { shellAliases = with pkgs; { b = "${buildah}/bin/buildah"; diff --git a/modules/nixfiles/profiles/dev/default.nix b/modules/nixfiles/profiles/dev/default.nix index 4656ade..b05aeac 100644 --- a/modules/nixfiles/profiles/dev/default.nix +++ b/modules/nixfiles/profiles/dev/default.nix @@ -2,6 +2,7 @@ config, lib, pkgs, + this, ... }: with lib; let @@ -34,7 +35,7 @@ in { ".ghc/ghci.conf".source = ./ghci.conf; - "${config.dirs.data}/stack/config.yaml".text = generators.toYAML {} { + ".stack/config.yaml".text = generators.toYAML {} { templates.params = rec { author-name = my.fullname; author-email = my.email; @@ -43,16 +44,14 @@ in { }; }; - "${config.dirs.data}/stack/global-project/stack.yaml".text = generators.toYAML {} { + ".stack/global-project/stack.yaml".text = generators.toYAML {} { packages = []; - resolver = "lts-19.28"; + resolver = "lts-20.3"; }; }; sessionVariables = with config.dirs; rec { - ANDROID_HOME = "${data}/android"; - - CABAL_DIR = "${data}/cabal"; + CABAL_DIR = "${config.my.home}/.cabal"; CABAL_CONFIG = pkgs.writeText "cabal-config" '' repository hackage.haskell.org url: https://hackage.haskell.org/ @@ -71,11 +70,11 @@ in { extra-prog-path: ${CABAL_DIR}/bin ''; - STACK_ROOT = "${data}/stack"; + STACK_ROOT = "${config.my.home}/.stack"; - CARGO_HOME = "${data}/cargo"; + CARGO_HOME = "${config.my.home}/.cargo"; - GOPATH = "${data}/go"; + GOPATH = "${config.my.home}/.go"; PYTHONSTARTUP = ./pystartup.py; }; @@ -86,7 +85,5 @@ in { yq ]; }; - - my.extraGroups = ["kvm"]; }; } diff --git a/modules/nixfiles/profiles/dev/sql.nix b/modules/nixfiles/profiles/dev/sql.nix index d6bcba8..7a2a09c 100644 --- a/modules/nixfiles/profiles/dev/sql.nix +++ b/modules/nixfiles/profiles/dev/sql.nix @@ -15,7 +15,11 @@ in { config = mkIf cfg.enable { hm = { - home.packages = with pkgs; [pgcli litecli]; + home.packages = with pkgs; [ + dbeaver + pgcli + litecli + ]; xdg = let mainSection = { diff --git a/modules/nixfiles/profiles/headful.nix b/modules/nixfiles/profiles/headful.nix index f3355b6..1c1f43b 100644 --- a/modules/nixfiles/profiles/headful.nix +++ b/modules/nixfiles/profiles/headful.nix @@ -17,44 +17,27 @@ in { alacritty.enable = true; aria2.enable = true; - chromium.enable = true; emacs.enable = true; - firefox.enable = true; mpv.enable = true; openssh.client.enable = true; password-store.enable = true; - sound.enable = true; - x11.enable = true; - - dwm.enable = mkDefault false; - kde.enable = mkDefault true; - xmonad.enable = mkDefault false; }; hm = { - home.packages = with pkgs; [ - # (openconnect.overrideAttrs (_: super: { - # version = "unstable-2022-10-23"; - # src = pkgs.fetchFromGitLab { - # owner = "openconnect"; - # repo = "openconnect"; - # rev = "acdfc753f7885b2a539f99036ac41ba1b78cc7ae"; - # hash = "sha256-ub+Z4WFD77h5YMQTb+TLc7EyY2KjBWglF1QVTirCHJM="; - # }; - # configureFlags = super.configureFlags ++ [ - # "--with-external-browser=${config.hm.programs.firefox.package}/bin/firefox" - # ]; - # })) - calibre - fd - imv - neochat - ripgrep - ripgrep-all - sd - tdesktop - tor-browser - ]; + home = { + file.".digrc".text = '' + +answer + +multiline + +recurse + ''; + + packages = with pkgs; [ + fd + ripgrep + ripgrep-all + sd + ]; + }; accounts.email = { maildirBasePath = "${config.my.home}/mail"; @@ -105,54 +88,19 @@ in { }; programs = { - bash.shellAliases.open = "${pkgs.xdg-utils}/bin/xdg-open"; mbsync.enable = true; msmtp.enable = true; mu.enable = true; }; }; - boot = { - kernelPackages = mkForce pkgs.linuxPackages_xanmod_latest; - - # There are (arguably) not a lot of reasons to keep mitigations enabled - # for on machine that is not web-facing. First of all, to completely - # mitigate any possible Spectre holes one would need to disable - # Hyperthreading altogether which will essentially put one's computer into - # the stone age by not being able to to effectively utilise multi-core its - # multicore capabilities. Secondly, by enabling mitigations, we introduce - # a plethora of performace overheads[1], which, albeit small, but still - # contribute to the overall speed of things. This is however still poses a - # security risk, which I am willing to take. - # - # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11 - kernelParams = ["mitigations=off"]; - }; - - hardware.opengl = { - enable = true; - driSupport = true; - }; - - programs = { - iftop.enable = true; - mtr.enable = true; - traceroute.enable = true; - }; - - services.upower.enable = true; - environment.systemPackages = with pkgs; [ arping dnsutils - ethtool inetutils ldns - nethogs socat tcpdump ]; - - my.extraGroups = ["audio" "video" "input"]; }; } diff --git a/modules/nixfiles/profiles/headless.nix b/modules/nixfiles/profiles/headless.nix index 520b97f..cc7c326 100644 --- a/modules/nixfiles/profiles/headless.nix +++ b/modules/nixfiles/profiles/headless.nix @@ -12,42 +12,12 @@ in { mkEnableOption "headless profile" // {default = this.isHeadless;}; config = mkIf cfg.enable { - nixfiles.modules = { - openssh.server.enable = true; - endlessh-go.enable = true; - - fail2ban.enable = true; - - node-exporter.enable = true; - promtail.enable = true; - }; - hm.home.file = { ".hushlogin".text = ""; ".bash_history".source = config.hm.lib.file.mkOutOfStoreSymlink "/dev/null"; }; - # Pin version to prevent any surprises. - boot.kernelPackages = pkgs.linuxPackages_5_15_hardened; - - nix = { - gc = { - automatic = true; - dates = "weekly"; - options = "--delete-older-than 30d"; - }; - - optimise = { - automatic = true; - dates = ["daily"]; - }; - }; - - services.udisks2.enable = false; - - xdg.sounds.enable = false; - environment.systemPackages = with pkgs; [alacritty.terminfo]; }; } diff --git a/modules/nixfiles/prometheus.nix b/modules/nixfiles/prometheus.nix deleted file mode 100644 index a75c151..0000000 --- a/modules/nixfiles/prometheus.nix +++ /dev/null @@ -1,49 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; let - cfg = config.nixfiles.modules.prometheus; -in { - options.nixfiles.modules.prometheus = { - enable = mkEnableOption "Prometheus"; - - port = mkOption { - description = "Port."; - type = with types; port; - default = 30111; - }; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = "prometheus.${config.networking.domain}"; - }; - }; - - config = mkIf cfg.enable { - nixfiles.modules.nginx = with cfg; { - enable = true; - upstreams.prometheus.servers."127.0.0.1:${toString cfg.port}" = {}; - virtualHosts.${domain} = { - locations."/".proxyPass = "http://prometheus"; - extraConfig = nginxInternalOnly; - }; - }; - - services.prometheus = with cfg; { - enable = true; - - listenAddress = "127.0.0.1"; - inherit port; - - extraFlags = [ - "--web.external-url=https://${domain}" - "--storage.tsdb.retention.size=50GB" - "--storage.tsdb.retention.time=1y" - "--storage.tsdb.wal-compression" - ]; - }; - }; -} diff --git a/modules/nixfiles/promtail.nix b/modules/nixfiles/promtail.nix deleted file mode 100644 index 552df82..0000000 --- a/modules/nixfiles/promtail.nix +++ /dev/null @@ -1,53 +0,0 @@ -{ - config, - lib, - this, - ... -}: -with lib; let - cfg = config.nixfiles.modules.promtail; -in { - options.nixfiles.modules.promtail = { - enable = mkEnableOption "Promtail"; - - loki = { - url = mkOption { - description = "Address of a listening Loki service."; - type = with types; str; - default = "https://${config.nixfiles.modules.loki.domain}"; - }; - }; - }; - - config = mkIf cfg.enable { - services.promtail = { - enable = true; - - configuration = { - server = rec { - http_listen_address = this.wireguard.ipv4.address; - http_listen_port = 30181; - - grpc_listen_address = this.wireguard.ipv4.address; - grpc_listen_port = http_listen_port + 1; - - log_level = "warn"; - }; - - clients = [{url = "${cfg.loki.url}/loki/api/v1/push";}]; - - positions.filename = "/tmp/positions.yaml"; - - scrape_configs = [ - { - job_name = "journal"; - journal = { - max_age = "24h"; - labels.job = "systemd-journal"; - }; - } - ]; - }; - }; - }; -} diff --git a/modules/nixfiles/psd.nix b/modules/nixfiles/psd.nix deleted file mode 100644 index 77d3c66..0000000 --- a/modules/nixfiles/psd.nix +++ /dev/null @@ -1,60 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.psd; -in { - options.nixfiles.modules.psd.enable = - mkEnableOption "Profile Sync Daemon"; - - config = mkIf cfg.enable { - hm = { - home.packages = with pkgs; [profile-sync-daemon]; - - xdg.configFile."psd/psd.conf".text = '' - USE_OVERLAYFS="yes" - ''; - }; - - systemd.user = { - services = { - psd = { - unitConfig = { - Description = "Profile-sync-daemon"; - Wants = ["psd-resync.service"]; - RequiresMountsFor = "/home/"; - After = ["local-fs.target"]; - }; - serviceConfig = { - RemainAfterExit = true; - ExecStart = "${pkgs.profile-sync-daemon}/bin/profile-sync-daemon startup"; - ExecStop = "${pkgs.profile-sync-daemon}/bin/profile-sync-daemon unsync"; - }; - wantedBy = ["graphical.target"]; - }; - - psd-resync = { - unitConfig = { - Description = "Profile-sync-daemon resync"; - After = ["psd.service"]; - Wants = ["psd-resync.timer"]; - BindsTo = ["psd.service"]; - }; - serviceConfig.ExecStart = "${pkgs.profile-sync-daemon}/bin/profile-sync-daemon resync"; - wantedBy = ["graphical.target"]; - }; - }; - - timers.psd-resync = { - unitConfig = { - Description = "Profile-sync-daemon resync timer"; - BindsTo = ["psd.service"]; - }; - timerConfig.OnUnitActiveSec = "1h"; - }; - }; - }; -} diff --git a/modules/nixfiles/qutebrowser.nix b/modules/nixfiles/qutebrowser.nix index 76f9f98..68a41a5 100644 --- a/modules/nixfiles/qutebrowser.nix +++ b/modules/nixfiles/qutebrowser.nix @@ -532,7 +532,5 @@ in { in concatStringsSep "\n" final + "\n"); }; - - services.psd.enable = true; }; } diff --git a/modules/nixfiles/radarr.nix b/modules/nixfiles/radarr.nix deleted file mode 100644 index 0abfdf2..0000000 --- a/modules/nixfiles/radarr.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; let - cfg = config.nixfiles.modules.radarr; -in { - options.nixfiles.modules.radarr = { - enable = mkEnableOption "Radarr"; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = "radarr.${config.networking.fqdn}"; - }; - }; - - config = mkIf cfg.enable { - nixfiles.modules.nginx = { - enable = true; - upstreams.radarr.servers."127.0.0.1:7878" = {}; - virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://radarr"; - }; - - services.radarr.enable = true; - }; -} diff --git a/modules/nixfiles/radicale.nix b/modules/nixfiles/radicale.nix deleted file mode 100644 index c903d39..0000000 --- a/modules/nixfiles/radicale.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - config, - inputs, - lib, - ... -}: -with lib; let - cfg = config.nixfiles.modules.radicale; -in { - options.nixfiles.modules.radicale = { - enable = mkEnableOption "Radicale"; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = "radicale.${config.networking.domain}"; - }; - }; - - config = let - port = 5232; - in - mkIf cfg.enable { - secrets.radicale-htpasswd = { - file = "${inputs.self}/secrets/radicale-htpasswd"; - owner = "radicale"; - group = "radicale"; - }; - - nixfiles.modules.nginx = { - enable = true; - upstreams.radicale.servers."127.0.0.1:${toString port}" = {}; - virtualHosts.${cfg.domain} = { - locations."/".proxyPass = "http://radicale"; - extraConfig = nginxInternalOnly; - }; - }; - - services.radicale = { - enable = true; - settings = { - server.hosts = ["127.0.0.1:${toString port}"]; - web.type = "none"; - auth = { - type = "htpasswd"; - htpasswd_filename = config.secrets.radicale-htpasswd.path; - htpasswd_encryption = "bcrypt"; - }; - }; - }; - }; -} diff --git a/modules/nixfiles/rss-bridge.nix b/modules/nixfiles/rss-bridge.nix deleted file mode 100644 index fef1070..0000000 --- a/modules/nixfiles/rss-bridge.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; let - cfg = config.nixfiles.modules.rss-bridge; -in { - options.nixfiles.modules.rss-bridge = { - enable = mkEnableOption "RSS-Bridge"; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = "rss-bridge.${config.networking.domain}"; - }; - }; - - config = mkIf cfg.enable { - nixfiles.modules.nginx = { - enable = true; - virtualHosts.${cfg.domain}.extraConfig = nginxInternalOnly; - }; - - services.rss-bridge = { - enable = true; - virtualHost = cfg.domain; - whitelist = ["*"]; - }; - }; -} diff --git a/modules/nixfiles/rtorrent.nix b/modules/nixfiles/rtorrent.nix deleted file mode 100644 index 4014a3b..0000000 --- a/modules/nixfiles/rtorrent.nix +++ /dev/null @@ -1,297 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.rtorrent; -in { - options.nixfiles.modules.rtorrent = { - enable = mkEnableOption "rTorrent"; - - flood = { - enable = mkEnableOption "Flood" // {default = cfg.enable;}; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = "flood.${config.networking.domain}"; - }; - }; - }; - - config = let - user = "rtorrent"; - group = "rtorrent"; - baseDir = "/var/lib/rtorrent"; - rpcSocket = "${baseDir}/rpc.socket"; - in - mkIf cfg.enable (mkMerge [ - (let - port = 50000; - in { - systemd = { - services.rtorrent = { - description = "rTorrent"; - after = ["network.target" "local-fs.target"]; - serviceConfig = let - leechDir = "${baseDir}/leech"; - seedDir = "${baseDir}/seed"; - sessionDir = "${baseDir}/session"; - logDir = "${baseDir}/log"; - configFile = let - moveCompleted = let - pkg = pkgs.writeShellApplication { - name = "move-completed"; - runtimeInputs = with pkgs; [ - coreutils-full - gnused - findutils - ]; - text = '' - set -x - - leech_path="$1" - seed_path="$2" - # seed_path="$(echo "$2" | sed 's@+@ @g;s@%@\\x@g' | xargs -0 printf '%b')" - - mkdir -pv "$seed_path" - mv -fv "$leech_path" "$seed_path" - ''; - }; - in "${pkg}/bin/move-completed"; - in - pkgs.writeText "rtorrent.rc" '' - method.insert = cfg.leech, private|const|string, (cat, "${leechDir}") - method.insert = cfg.seed, private|const|string, (cat, "${seedDir}") - method.insert = cfg.session, private|const|string, (cat, "${sessionDir}") - method.insert = cfg.log, private|const|string, (cat, "${logDir}") - method.insert = cfg.rpcsocket, private|const|string, (cat, "${rpcSocket}") - - directory.default.set = (cat, (cfg.leech)) - session.path.set = (cat, (cfg.session)) - - network.port_range.set = ${toString port}-${toString port} - network.port_random.set = no - - dht.mode.set = disable - protocol.pex.set = no - - trackers.use_udp.set = no - - protocol.encryption.set = allow_incoming,try_outgoing,enable_retry - - pieces.memory.max.set = ${toString (pow 2 11)}M - pieces.preload.type.set = 2 - - network.xmlrpc.size_limit.set = ${toString (pow 2 17)} - - network.max_open_files.set = ${toString (pow 2 10)} - network.max_open_sockets.set = ${toString (pow 2 10)} - - network.http.max_open.set = ${toString (pow 2 8)} - - throttle.global_down.max_rate.set_kb = 0 - throttle.global_up.max_rate.set_kb = 0 - - encoding.add = UTF-8 - system.umask.set = 0027 - system.cwd.set = (directory.default) - - network.scgi.open_local = (cat, (cfg.rpcsocket)) - - method.insert = d.move_completed, simple, "\ - d.directory.set=$argument.1=;\ - execute=${moveCompleted}, $argument.0=, $argument.1=;\ - d.save_full_session=\ - " - method.insert = d.leech_path, simple, "\ - if=(d.is_multi_file),\ - (cat, (d.directory), /),\ - (cat, (d.directory), /, (d.name))\ - " - method.insert = d.seed_path, simple, "\ - cat=$cfg.seed=, /, $d.custom1=\ - " - method.set_key = event.download.finished, move_complete, "\ - d.move_completed=$d.leech_path=, $d.seed_path=\ - " - - log.open_file = "log", (cat, (cfg.log), "/", "default.log") - log.add_output = "info", "log" - log.execute = (cat, (cfg.log), "/", "execute.log") - ''; - in { - Restart = "on-failure"; - RestartSec = 3; - - KillMode = "process"; - KillSignal = "SIGHUP"; - - User = user; - Group = group; - - ExecStartPre = concatStringsSep " " [ - "${pkgs.coreutils-full}/bin/mkdir -p" - leechDir - seedDir - sessionDir - logDir - ]; - ExecStart = concatStringsSep " " [ - "${pkgs.rtorrent}/bin/rtorrent" - "-n" - "-o system.daemon.set=true" - "-o network.bind_address.set=0.0.0.0" - "-o import=${configFile}" - ]; - ExecStop = concatStringsSep " " [ - "${pkgs.coreutils-full}/bin/rm -rf" - rpcSocket - ]; - - RuntimeDirectory = "rtorrent"; - RuntimeDirectoryMode = 0750; - UMask = 0027; - AmbientCapabilities = [""]; - CapabilityBoundingSet = [""]; - LockPersonality = true; - MemoryDenyWriteExecute = true; - NoNewPrivileges = true; - PrivateDevices = true; - PrivateTmp = true; - PrivateUsers = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProcSubset = "pid"; - RemoveIPC = true; - RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"]; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - SystemCallArchitectures = "native"; - SystemCallFilter = ["@system-service" "~@resources" "~@privileged"]; - }; - wantedBy = ["multi-user.target"]; - }; - - tmpfiles.rules = ["d '${baseDir}' 0750 ${user} ${group} -"]; - }; - - users = { - users.${user} = { - inherit group; - shell = pkgs.bashInteractive; - home = baseDir; - description = "rTorrent"; - isSystemUser = true; - }; - groups.${group} = {}; - }; - my.extraGroups = [group]; - - networking.firewall.allowedTCPPorts = [port]; - - boot.kernel.sysctl = { - "net.core.rmem_max" = mkOverride 500 (pow 2 24); - "net.core.wmem_max" = mkOverride 500 (pow 2 24); - "net.ipv4.tcp_fin_timeout" = mkOverride 500 30; - "net.ipv4.tcp_rmem" = mkOverride 500 (mkTcpMem 12 23 24); - "net.ipv4.tcp_slow_start_after_idle" = 0; - "net.ipv4.tcp_tw_recycle" = mkOverride 500 1; - "net.ipv4.tcp_tw_reuse" = mkOverride 500 1; - "net.ipv4.tcp_wmem" = mkOverride 500 (mkTcpMem 12 23 24); - }; - }) - (let - port = 50001; - pkg = pkgs.nodePackages.flood; - in - mkIf cfg.flood.enable { - nixfiles.modules.nginx = { - enable = true; - upstreams.flood.servers."127.0.0.1:${toString port}" = {}; - virtualHosts.${cfg.flood.domain} = { - root = "${pkg}/lib/node_modules/flood/dist/assets"; - locations = { - "/".tryFiles = "$uri /index.html"; - "/api" = { - proxyPass = "http://flood"; - extraConfig = '' - proxy_buffering off; - proxy_cache off; - ''; - }; - }; - extraConfig = nginxInternalOnly; - }; - }; - - systemd.services.flood = { - description = "Flood"; - after = ["network.target" "rtorrent.service"]; - path = with pkgs; [mediainfo]; - serviceConfig = { - Restart = "on-failure"; - RestartSec = 3; - - User = user; - Group = group; - - ExecStart = concatStringsSep " " [ - "${pkg}/bin/flood" - "--allowedpath=${baseDir}" - "--baseuri=/" - "--rundir=${baseDir}/flood" - "--host=127.0.0.1" - "--port=${toString port}" - "--rtsocket=${rpcSocket}" - "--ssl=false" - "--auth=none" - ]; - - RuntimeDirectory = "rtorrent"; - RuntimeDirectoryMode = 0750; - UMask = 0027; - AmbientCapabilities = [""]; - CapabilityBoundingSet = [""]; - LockPersonality = true; - NoNewPrivileges = true; - PrivateDevices = true; - PrivateTmp = true; - PrivateUsers = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProcSubset = "pid"; - ProtectProc = "invisible"; - RemoveIPC = true; - RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"]; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - SystemCallArchitectures = "native"; - SystemCallFilter = [ - "~@cpu-emulation" - "~@debug" - "~@mount" - "~@obsolete" - "~@privileged" - "~@resources" - ]; - }; - wantedBy = ["multi-user.target"]; - }; - }) - ]); -} diff --git a/modules/nixfiles/searx.nix b/modules/nixfiles/searx.nix deleted file mode 100644 index 9462d5d..0000000 --- a/modules/nixfiles/searx.nix +++ /dev/null @@ -1,78 +0,0 @@ -{ - config, - inputs, - lib, - ... -}: -with lib; let - cfg = config.nixfiles.modules.searx; -in { - options.nixfiles.modules.searx = { - enable = mkEnableOption "SearX"; - - port = mkOption { - description = "Port."; - type = with types; port; - default = 61001; - }; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; nullOr str; - default = "searx.${config.networking.domain}"; - }; - }; - - config = mkIf cfg.enable { - secrets.searx-environment = { - file = "${inputs.self}/secrets/searx-environment"; - owner = "searx"; - group = "searx"; - }; - - nixfiles.modules.nginx = { - enable = true; - upstreams.searx.servers."127.0.0.1:${toString cfg.port}" = {}; - virtualHosts.${cfg.domain} = { - locations."/".proxyPass = "http://searx"; - extraConfig = nginxInternalOnly; - }; - }; - - services = { - searx = { - enable = true; - - settings = { - general = { - instance_name = cfg.domain; - contact_url = "mailto:admin+searx@${config.networking.domain}"; - git_url = false; - git_branch = false; - docs_url = false; - wiki_url = false; - twitter_url = false; - }; - server = { - bind_address = "127.0.0.1"; - inherit (cfg) port; - secret_key = "@SEARX_SECRET_KEY@"; - base_url = false; - image_proxy = false; - default_http_headers = { - Referrer-Policy = "no-referrer"; - X-Content-Type-Options = "nosniff"; - X-Download-Options = "noopen"; - X-Robots-Tag = "noindex, nofollow, nosnippet, noarchive"; - }; - }; - search = { - safe_search = 0; - autocomplete = ""; - }; - }; - environmentFile = config.secrets.searx-environment.path; - }; - }; - }; -} diff --git a/modules/nixfiles/shadowsocks.nix b/modules/nixfiles/shadowsocks.nix deleted file mode 100644 index b59359c..0000000 --- a/modules/nixfiles/shadowsocks.nix +++ /dev/null @@ -1,116 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.shadowsocks; -in { - options.nixfiles.modules.shadowsocks = { - enable = mkEnableOption "Shadowsocks"; - - port = mkOption { - type = with types; port; - default = 8388; - description = "Port."; - }; - }; - - config = mkIf cfg.enable { - secrets.shadowsocks-password.file = "${inputs.self}/secrets/shadowsocks-password"; - - services = { - shadowsocks = { - enable = true; - passwordFile = config.secrets.shadowsocks-password.path; - localAddress = ["0.0.0.0"]; - mode = "tcp_only"; - }; - - fail2ban.jails.shadowsocks-libev = '' - enabled = true - filter = shadowsocks-libev - port = ${toString cfg.port} - ''; - }; - - systemd.services.shadowsocks-libev.path = with pkgs; - mkForce [ - (writeShellApplication { - name = "ss-server"; - runtimeInputs = [shadowsocks-libev]; - text = let - # https://github.com/shadowsocks/shadowsocks-libev/blob/master/acl/server_block_local.acl - aclFile = writeText "outbound_block_list.acl" '' - [outbound_block_list] - 0.0.0.0/8 - 10.0.0.0/8 - 100.64.0.0/10 - 127.0.0.0/8 - 169.254.0.0/16 - 172.16.0.0/12 - 192.0.0.0/24 - 192.0.2.0/24 - 192.88.99.0/24 - 192.168.0.0/16 - 198.18.0.0/15 - 198.51.100.0/24 - 203.0.113.0/24 - 224.0.0.0/4 - 240.0.0.0/4 - 255.255.255.255/32 - ::1/128 - ::ffff:127.0.0.1/104 - fc00::/7 - fe80::/10 - ''; - in '' - ss-server --acl ${aclFile} "$@" - ''; - }) - coreutils-full - jq - ]; - - environment.etc = mkIf config.nixfiles.modules.fail2ban.enable { - "fail2ban/filter.d/shadowsocks-libev.conf".text = '' - [Definition] - failregex = ^.*failed to handshake with : authentication error$ - ignoreregex = - journalmatch = _SYSTEMD_UNIT=shadowsocks-libev.service - ''; - }; - - networking.firewall = { - allowedTCPPorts = [cfg.port]; - extraCommands = '' - iptables -A nixos-fw -p tcp --syn --dport ${ - toString cfg.port - } -m connlimit --connlimit-above 32 -j nixos-fw-refuse - ''; - }; - - boot.kernel.sysctl = { - "net.core.rmem_max" = mkOverride 100 (pow 2 26); - "net.core.wmem_max" = mkOverride 100 (pow 2 26); - "net.core.netdev_max_backlog" = pow 2 18; - "net.core.somaxconn" = pow 2 12; - "net.ipv4.tcp_syncookies" = 1; - "net.ipv4.tcp_tw_reuse" = mkOverride 100 1; - "net.ipv4.tcp_tw_recycle" = mkOverride 100 0; - "net.ipv4.tcp_fin_timeout" = mkOverride 100 30; - "net.ipv4.tcp_keepalive_time" = 60 * 20; - "net.ipv4.ip_local_port_range" = "10000 65000"; - "net.ipv4.tcp_max_syn_backlog" = pow 2 13; - "net.ipv4.tcp_max_tw_buckets" = pow 2 12; - "net.ipv4.tcp_fastopen" = 3; - "net.ipv4.tcp_mem" = mkOverride 100 (mkTcpMem 15 16 17); - "net.ipv4.tcp_rmem" = mkOverride 100 (mkTcpMem 12 16 26); - "net.ipv4.tcp_wmem" = mkOverride 100 (mkTcpMem 12 16 26); - "net.ipv4.tcp_mtu_probing" = 1; - "net.ipv4.tcp_congestion_control" = "hybla"; - }; - }; -} diff --git a/modules/nixfiles/soju.nix b/modules/nixfiles/soju.nix deleted file mode 100644 index 14faf00..0000000 --- a/modules/nixfiles/soju.nix +++ /dev/null @@ -1,117 +0,0 @@ -{ - config, - lib, - pkgs, - this, - ... -}: -with lib; let - cfg = config.nixfiles.modules.soju; -in { - options.nixfiles.modules.soju = { - enable = mkEnableOption "soju"; - - protocol = mkOption { - description = "Port."; - type = with types; enum ["ircs" "irc+insecure"]; - default = "irc+insecure"; - }; - - address = mkOption { - description = "Address."; - type = with types; str; - default = this.wireguard.ipv4.address; - }; - - port = mkOption { - description = "Port."; - type = with types; port; - default = 6667; - }; - - domain = mkOption { - description = "Domain."; - type = with types; str; - default = config.networking.fqdn; - }; - }; - - config = let - db = "soju"; - in - mkIf cfg.enable { - nixfiles.modules.postgresql = { - enable = true; - extraPostStart = [ - '' - $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"' - '' - ]; - }; - - services.postgresql = { - ensureDatabases = [db]; - ensureUsers = [ - { - name = db; - ensurePermissions."DATABASE \"${db}\"" = "ALL"; - } - ]; - }; - - systemd.services.soju = { - description = "soju IRC bouncer"; - wantedBy = ["multi-user.target"]; - after = ["network-online.target" "postgresql.service"]; - serviceConfig = { - ExecStart = let - # https://soju.im/doc/soju.1.html - configFile = pkgs.writeText "soju.conf" '' - listen ${cfg.protocol}://${cfg.address}:${toString cfg.port} - db postgres ${ - concatStringsSep " " [ - "host=/run/postgresql" - "user=${db}" - "dbname=${db}" - "sslmode=disable" - ] - } - hostname ${cfg.domain} - title ${cfg.domain} - ''; - in - concatStringsSep " " [ - "${pkgs.soju}/bin/soju" - "-config ${configFile}" - ]; - DynamicUser = true; - AmbientCapabilities = [""]; - CapabilityBoundingSet = [""]; - UMask = "0077"; - LockPersonality = true; - MemoryDenyWriteExecute = true; - NoNewPrivileges = true; - PrivateDevices = true; - PrivateTmp = true; - PrivateUsers = true; - ProtectClock = true; - ProtectControlGroups = true; - ProtectHome = true; - ProtectHostname = true; - ProtectKernelLogs = true; - ProtectKernelModules = true; - ProtectKernelTunables = true; - ProtectSystem = "strict"; - ProtectProc = "invisible"; - ProcSubset = "pid"; - RemoveIPC = true; - RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"]; - RestrictNamespaces = true; - RestrictRealtime = true; - RestrictSUIDSGID = true; - SystemCallArchitectures = "native"; - SystemCallFilter = ["@system-service" "~@privileged"]; - }; - }; - }; -} diff --git a/modules/nixfiles/solaar.nix b/modules/nixfiles/solaar.nix deleted file mode 100644 index ceff23d..0000000 --- a/modules/nixfiles/solaar.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.solaar; -in { - options.nixfiles.modules.solaar = { - enable = mkEnableOption "Solaar"; - }; - - config = mkIf cfg.enable { - hm = { - home.packages = with pkgs; [solaar]; - - systemd.user.services.solaar = { - Unit = { - Description = "Device manager for Logitech devices"; - After = ["graphical-session-pre.target"]; - PartOf = ["graphical-session.target"]; - }; - Service = { - # The dirtiest hack I've ever implemented... I should be ashamed of - # it. Regardless, that shit still doesn't work because each reconnect, - # /dev/hidraw* is recreated and has default permissions which breaks - # Solaar. Fuck this shit. - ExecStartPre = let - pkg = pkgs.writeShellApplication { - name = "solaar-pre"; - text = '' - for i in /dev/hidraw*; do - if [ -c "$i" ]; then - sudo chown root:input "$i" - sudo chmod 0660 "$i" - fi - done - ''; - }; - in "${pkg}/bin/solaar-pre"; - ExecStart = "${pkgs.solaar}/bin/solaar --window=hide"; - }; - Install.WantedBy = ["graphical-session.target"]; - }; - }; - - boot.kernelModules = ["hid_logitech_dj" "hid_logitech_hidpp"]; - - hardware.uinput.enable = true; - - my.extraGroups = ["uinput" "input"]; - }; -} diff --git a/modules/nixfiles/sonarr.nix b/modules/nixfiles/sonarr.nix deleted file mode 100644 index 8c79175..0000000 --- a/modules/nixfiles/sonarr.nix +++ /dev/null @@ -1,28 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; let - cfg = config.nixfiles.modules.sonarr; -in { - options.nixfiles.modules.sonarr = { - enable = mkEnableOption "Sonarr"; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = "sonarr.${config.networking.fqdn}"; - }; - }; - - config = mkIf cfg.enable { - nixfiles.modules.nginx = { - enable = true; - upstreams.sonarr.servers."127.0.0.1:8989" = {}; - virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://sonarr"; - }; - - services.sonarr.enable = true; - }; -} diff --git a/modules/nixfiles/sound.nix b/modules/nixfiles/sound.nix deleted file mode 100644 index ae35e44..0000000 --- a/modules/nixfiles/sound.nix +++ /dev/null @@ -1,21 +0,0 @@ -{ - config, - lib, - ... -}: -with lib; let - cfg = config.nixfiles.modules.sound; -in { - options.nixfiles.modules.sound.enable = - mkEnableOption "sound support"; - - config = mkIf cfg.enable { - services.pipewire = { - enable = true; - - alsa.enable = false; - jack.enable = false; - pulse.enable = true; - }; - }; -} diff --git a/modules/nixfiles/syncthing.nix b/modules/nixfiles/syncthing.nix deleted file mode 100644 index b690ab4..0000000 --- a/modules/nixfiles/syncthing.nix +++ /dev/null @@ -1,145 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - this, - ... -}: -with lib; let - cfg = config.nixfiles.modules.syncthing; -in { - options.nixfiles.modules.syncthing = { - enable = mkEnableOption "Syncthing"; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = "syncthing.${config.networking.fqdn}"; - }; - }; - - config = mkIf cfg.enable (mkMerge [ - { - secrets = { - "syncthing-cert-${this.hostname}" = with config.services.syncthing; { - file = "${inputs.self}/secrets/syncthing-cert-${this.hostname}"; - owner = user; - inherit group; - }; - - "syncthing-key-${this.hostname}" = with config.services.syncthing; { - file = "${inputs.self}/secrets/syncthing-key-${this.hostname}"; - owner = user; - inherit group; - }; - }; - - services.syncthing = { - enable = true; - - user = my.username; - inherit (config.my) group; - - dataDir = config.my.home; - - guiAddress = "127.0.0.1:8384"; - - cert = config.secrets."syncthing-cert-${this.hostname}".path; - key = config.secrets."syncthing-key-${this.hostname}".path; - - overrideDevices = true; - devices = mapAttrs (name: attr: - mkIf (attr.syncthing.id != null && hasAttr "wireguard" attr) { - inherit (attr.syncthing) id; - addresses = ["tcp://${name}.${config.networking.domain}:22000"]; - introducer = this.isHeadless; - }) - my.configurations; - - overrideFolders = true; - folders = let - filterDevices = f: - attrNames (filterAttrs (_: attr: - (attr.hostname != this.hostname) - && (attr.syncthing.id != null) - && f attr) - my.configurations); - all = filterDevices (_: true); - notHeadless = filterDevices (attr: !attr.isHeadless); - notOther = filterDevices (attr: !attr.isOther); - - simple = { - type = "simple"; - params.keep = "5"; - }; - trashcan = { - type = "trashcan"; - params.cleanoutDays = "7"; - }; - in - with config.hm.xdg.userDirs; { - share = { - path = publicShare; - devices = notHeadless; - versioning = trashcan; - }; - pass = { - path = config.hm.programs.password-store.settings.PASSWORD_STORE_DIR; - devices = notOther; - versioning = trashcan; - }; - org = { - path = "${documents}/org"; - devices = all; - versioning = simple; - }; - roam = { - path = "${documents}/roam"; - devices = notOther; - versioning = simple; - }; - elfeed = { - path = "${config.my.home}/.elfeed"; - devices = notOther; - versioning = trashcan; - }; - books = { - path = "${documents}/books"; - devices = notOther; - versioning = trashcan; - }; - }; - - extraOptions = { - gui = { - insecureAdminAccess = true; - insecureSkipHostcheck = this.isHeadless; - }; - options = { - autoUpgradeIntervalH = 0; - crashReportingEnabled = false; - globalAnnounceEnabled = false; - relaysEnabled = false; - setLowPriority = this.isHeadless; - stunKeepaliveMinS = 0; - stunKeepaliveStartS = 0; - urAccepted = -1; - }; - }; - }; - - systemd.services.syncthing.environment.STNODEFAULTFOLDER = "yes"; - } - (mkIf this.isHeadless { - nixfiles.modules.nginx = { - enable = true; - upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = {}; - virtualHosts.${cfg.domain} = { - locations."/".proxyPass = "http://syncthing"; - extraConfig = nginxInternalOnly; - }; - }; - }) - ]); -} diff --git a/modules/nixfiles/throttled.nix b/modules/nixfiles/throttled.nix deleted file mode 100644 index f182ee1..0000000 --- a/modules/nixfiles/throttled.nix +++ /dev/null @@ -1,119 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.throttled; -in { - options.nixfiles.modules.throttled.enable = mkEnableOption "Throttled"; - - config = mkIf cfg.enable { - # Disable the module we are trying to "override". - services.throttled.enable = mkForce false; - - environment.etc."throttled.conf".text = '' - [GENERAL] - # Enable or disable the script execution - Enabled: True - # SYSFS path for checking if the system is running on AC power - Sysfs_Power_Path: /sys/class/power_supply/AC*/online - # Auto reload config on changes - Autoreload: True - - ## Settings to apply while connected to Battery power - [BATTERY] - # Update the registers every this many seconds - Update_Rate_s: 30 - # Max package power for time window #1 - PL1_Tdp_W: 29 - # Time window #1 duration - PL1_Duration_s: 28 - # Max package power for time window #2 - PL2_Tdp_W: 44 - # Time window #2 duration - PL2_Duration_S: 0.002 - # Max allowed temperature before throttling - Trip_Temp_C: 85 - # Set cTDP to normal=0, down=1 or up=2 (EXPERIMENTAL) - cTDP: 0 - # Disable BDPROCHOT (EXPERIMENTAL) - Disable_BDPROCHOT: False - - ## Settings to apply while connected to AC power - [AC] - # Update the registers every this many seconds - Update_Rate_s: 5 - # Max package power for time window #1 - PL1_Tdp_W: 44 - # Time window #1 duration - PL1_Duration_s: 28 - # Max package power for time window #2 - PL2_Tdp_W: 44 - # Time window #2 duration - PL2_Duration_S: 0.002 - # Max allowed temperature before throttling - Trip_Temp_C: 95 - # Set HWP energy performance hints to 'performance' on high load (EXPERIMENTAL) - # Uncomment only if you really want to use it - # HWP_Mode: False - # Set cTDP to normal=0, down=1 or up=2 (EXPERIMENTAL) - cTDP: 0 - # Disable BDPROCHOT (EXPERIMENTAL) - Disable_BDPROCHOT: False - - # All voltage values are expressed in mV and *MUST* be negative (i.e. undervolt)! - [UNDERVOLT.BATTERY] - # CPU core voltage offset (mV) - CORE: 0 - # Integrated GPU voltage offset (mV) - GPU: 0 - # CPU cache voltage offset (mV) - CACHE: 0 - # System Agent voltage offset (mV) - UNCORE: 0 - # Analog I/O voltage offset (mV) - ANALOGIO: 0 - - # All voltage values are expressed in mV and *MUST* be negative (i.e. undervolt)! - [UNDERVOLT.AC] - # CPU core voltage offset (mV) - CORE: 0 - # Integrated GPU voltage offset (mV) - GPU: 0 - # CPU cache voltage offset (mV) - CACHE: 0 - # System Agent voltage offset (mV) - UNCORE: 0 - # Analog I/O voltage offset (mV) - ANALOGIO: 0 - - # [ICCMAX.AC] - # # CPU core max current (A) - # CORE: - # # Integrated GPU max current (A) - # GPU: - # # CPU cache max current (A) - # CACHE: - - # [ICCMAX.BATTERY] - # # CPU core max current (A) - # CORE: - # # Integrated GPU max current (A) - # GPU: - # # CPU cache max current (A) - # CACHE: - ''; - - systemd.services.throttled = { - description = "Stop Intel throttling"; - serviceConfig = { - Type = "simple"; - ExecStart = "${pkgs.throttled}/opt/throttled/throttled.py"; - }; - environment.PYTHONUNBUFFERED = "1"; - wantedBy = ["multi-user.target"]; - }; - }; -} diff --git a/modules/nixfiles/unbound.nix b/modules/nixfiles/unbound.nix deleted file mode 100644 index 8c40291..0000000 --- a/modules/nixfiles/unbound.nix +++ /dev/null @@ -1,197 +0,0 @@ -{ - config, - lib, - pkgs, - this, - ... -}: -with lib; let - cfg = config.nixfiles.modules.unbound; -in { - options.nixfiles.modules.unbound = { - enable = mkEnableOption "Unbound"; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = config.networking.domain; - }; - }; - - config = let - adblock-conf = "${config.services.unbound.stateDir}/adblock.conf"; - in - mkIf cfg.enable { - services = { - unbound = { - enable = true; - - package = pkgs.unbound-with-systemd.override { - withRedis = true; - withTFO = true; - }; - - settings = { - server = { - interface = with this.wireguard; [ - "127.0.0.1" - "::1" - ipv4.address - ipv6.address - ]; - - local-zone = - concatLists - (mapAttrsToList (h: _: [''"${h}.${cfg.domain}" redirect'']) - my.configurations); - local-data = concatLists (mapAttrsToList (hostname: let - domain = "${hostname}.${cfg.domain}"; - in - attr: (optionals (hasAttr "wireguard" attr) (with attr.wireguard; - [ - ''"${domain} 604800 IN A ${ipv4.address}"'' - ''"${domain} 604800 IN AAAA ${ipv6.address}"'' - ''"${domain}. A ${ipv4.address}"'' - ''"${domain}. AAAA ${ipv6.address}"'' - ] - ++ concatMap (domain: [ - ''"${domain}. A ${ipv4.address}"'' - ''"${domain}. AAAA ${ipv6.address}"'' - ]) - attr.domains))) - my.configurations); - local-data-ptr = concatLists (mapAttrsToList (hostname: let - domain = "${hostname}.${cfg.domain}"; - in - attr: (optionals (hasAttr "wireguard" attr) (with attr.wireguard; - [ - ''"${ipv4.address} ${domain}"'' - ''"${ipv6.address} ${domain}"'' - ] - ++ concatMap (domain: [ - ''"${ipv4.address} ${domain}"'' - ''"${ipv6.address} ${domain}"'' - ]) - attr.domains))) - my.configurations); - - access-control = with config.nixfiles.modules.wireguard; [ - "0.0.0.0/0 refuse" - "::/0 refuse" - "127.0.0.0/8 allow" - "::1/128 allow" - "${ipv4.subnet} allow" - "${ipv6.subnet} allow" - ]; - - private-domain = cfg.domain; - private-address = with config.nixfiles.modules.wireguard; [ - ipv4.subnet - ipv6.subnet - ]; - - domain-insecure = cfg.domain; - - prefetch = true; - prefetch-key = true; - - hide-identity = true; - hide-version = true; - - extended-statistics = true; - - include = ''"${adblock-conf}"''; - }; - - forward-zone = [ - { - name = "."; - forward-tls-upstream = true; - forward-addr = let - mkDnsOverTls = ips: auth: map (ip: concatStrings [ip "@" auth]) ips; - in - mkDnsOverTls dns.const.quad9.default "853#dns.quad9.net"; - } - ]; - - cachedb = with config.services.redis.servers.unbound; { - backend = "redis"; - redis-server-host = bind; - redis-server-port = port; - }; - }; - - localControlSocketPath = "/run/unbound/unbound.socket"; - }; - - redis = { - servers.unbound = { - enable = true; - bind = "127.0.0.1"; - port = 6379; - }; - vmOverCommit = mkForce true; - }; - - prometheus.exporters = { - unbound = { - enable = true; - listenAddress = mkDefault this.wireguard.ipv4.address; - port = 9167; - fetchType = "uds"; - controlInterface = config.services.unbound.localControlSocketPath; - inherit (config.services.unbound) group user; - }; - - redis = { - enable = true; - listenAddress = mkDefault this.wireguard.ipv4.address; - port = mkDefault 9121; - extraFlags = with config.services.redis.servers.unbound; [ - "--redis.addr=redis://${bind}:${toString port}" - "--redis.user=${user}" - ]; - }; - }; - }; - - systemd = { - services = { - unbound.after = ["unbound-adblock-update.service"]; - - unbound-adblock-update = { - serviceConfig = with config.services.unbound; { - Type = "oneshot"; - User = user; - Group = group; - ExecStart = let - pkg = with pkgs; - writeShellApplication { - name = "unbound-adblock-update"; - runtimeInputs = [curl package]; - text = '' - curl \ - "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound&showintro=0&mimetype=plaintext" \ - >${adblock-conf} - - if [[ -f "${localControlSocketPath}" ]]; then - unbound-control reload - fi - ''; - }; - in "${pkg}/bin/unbound-adblock-update"; - }; - }; - }; - - timers.unbound-adblock-update = { - requires = ["network-online.target"]; - timerConfig = { - OnUnitActiveSec = "1d"; - Unit = "unbound-adblock-update.service"; - }; - wantedBy = ["timers.target"]; - }; - }; - }; -} diff --git a/modules/nixfiles/vaultwarden.nix b/modules/nixfiles/vaultwarden.nix deleted file mode 100644 index 7d51667..0000000 --- a/modules/nixfiles/vaultwarden.nix +++ /dev/null @@ -1,134 +0,0 @@ -{ - config, - inputs, - lib, - ... -}: -with lib; let - cfg = config.nixfiles.modules.vaultwarden; -in { - options.nixfiles.modules.vaultwarden = { - enable = mkEnableOption "Vaultwarden"; - - domain = mkOption { - description = "Domain name sans protocol scheme."; - type = with types; str; - default = "vaultwarden.${config.networking.domain}"; - }; - }; - - config = let - db = "vaultwarden"; - in - mkIf cfg.enable { - secrets.vaultwarden-environment = { - file = "${inputs.self}/secrets/vaultwarden-environment"; - owner = "vaultwarden"; - group = "vaultwarden"; - }; - - nixfiles.modules = { - nginx = { - enable = true; - upstreams = with config.services.vaultwarden.config; { - vaultwarden_rocket.servers."${ROCKET_ADDRESS}:${toString ROCKET_PORT}" = {}; - vaultwarden_websocket.servers."${WEBSOCKET_ADDRESS}:${toString WEBSOCKET_PORT}" = {}; - }; - virtualHosts.${cfg.domain} = { - locations."/" = { - proxyPass = "http://vaultwarden_rocket"; - proxyWebsockets = true; - }; - locations."/notifications/hub" = { - proxyPass = "http://vaultwarden_websocket"; - proxyWebsockets = true; - }; - locations."/notifications/hub/negotiate" = { - proxyPass = "http://vaultwarden_rocket"; - proxyWebsockets = true; - }; - }; - }; - postgresql = { - enable = true; - extraPostStart = [ - '' - $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"' - '' - ]; - }; - }; - - services = { - vaultwarden = { - enable = true; - config = { - TZ = config.time.timeZone; - - WEB_VAULT_ENABLED = true; - - DOMAIN = optionalString (cfg.domain != null) "http://${cfg.domain}"; - - SIGNUPS_ALLOWED = false; - INVITATIONS_ALLOWED = false; - - ORG_CREATION_USERS = "none"; - - PASSWORD_HINTS_ALLOWED = false; - SHOW_PASSWORD_HINT = false; - - ROCKET_ADDRESS = "127.0.0.1"; - ROCKET_PORT = 8812; - - WEBSOCKET_ENABLED = true; - WEBSOCKET_ADDRESS = "127.0.0.1"; - WEBSOCKET_PORT = 8813; - - LOG_LEVEL = "error"; - - DATABASE_URL = "postgresql://${db}@/${db}"; - }; - dbBackend = "postgresql"; - environmentFile = config.secrets.vaultwarden-environment.path; - }; - - postgresql = { - ensureDatabases = [db]; - ensureUsers = [ - { - name = db; - ensurePermissions."DATABASE \"${db}\"" = "ALL"; - } - ]; - }; - - fail2ban.jails = mkIf config.nixfiles.modules.fail2ban.enable { - vaultwarden = '' - enabled = true - filter = vaultwarden - port = http,https - ''; - vaultwarden-admin = '' - enabled = true - filter = vaultwarden-admin - port = http,https - ''; - }; - }; - - environment.etc = mkIf config.nixfiles.modules.fail2ban.enable { - "fail2ban/filter.d/vaultwarden.conf".text = '' - [Definition] - failregex = ^.*Username or password is incorrect\. Try again\. IP: \. Username:.*$ - ignoreregex = - journalmatch = _SYSTEMD_UNIT=vaultwarden.service - ''; - "fail2ban/filter.d/vaultwarden-admin.conf".text = '' - [Definition] - failregex = ^.*Invalid admin token\. IP: .*$ - ignoreregex = - journalmatch = _SYSTEMD_UNIT=vaultwarden.service - ''; - }; - }; -} diff --git a/modules/nixfiles/vscode.nix b/modules/nixfiles/vscode.nix index 7175b36..6671973 100644 --- a/modules/nixfiles/vscode.nix +++ b/modules/nixfiles/vscode.nix @@ -34,16 +34,16 @@ in { extensions = with pkgs; with vscode-extensions; - [editorconfig.editorconfig file-icons.file-icons redhat.vscode-yaml] - ++ optional cfg.vim.enable vscodevim.vim - ++ vscode-utils.extensionsFromVscodeMarketplace [ - { - name = "vscode-xml"; - publisher = "redhat"; - version = "0.20.0"; - hash = "sha256-GKBrf9s8n7Wv14RSfwyDma1dM0fGMvRkU/7v2DAcB9A="; - } - ]; + [ + editorconfig.editorconfig + file-icons.file-icons + gitlab.gitlab-workflow + ms-kubernetes-tools.vscode-kubernetes-tools + redhat.vscode-xml + redhat.vscode-yaml + streetsidesoftware.code-spell-checker + ] + ++ optional cfg.vim.enable vscodevim.vim; userSettings = let font = config.fontScheme.monospaceFont; @@ -61,7 +61,7 @@ in { renderWhitespace = "trailing"; rulers = [80 120]; smoothScrolling = false; - tabCompletion = true; + tabCompletion = "on"; } // (let surround = 10; @@ -160,11 +160,6 @@ in { leader = " "; useSystemClipboard = true; - - autoSwitchInputMethod = let - inputMethod = config.i18n.inputMethod.enabled; - in - mkIf (inputMethod != null) applyInputMethod.${inputMethod}; }; }; }; diff --git a/modules/nixfiles/wget.nix b/modules/nixfiles/wget.nix index 6d7b1b2..9a16fcc 100644 --- a/modules/nixfiles/wget.nix +++ b/modules/nixfiles/wget.nix @@ -11,7 +11,7 @@ in { config = mkIf cfg.enable { hm = { - programs.bash.shellAliases.wget = "${pkgs.wget}/bin/wget --hsts-file=${config.dirs.data}/wget-hsts"; + programs.bash.shellAliases.wget = "${pkgs.wget}/bin/wget --hsts-file=/tmp/wget-hsts"; home.sessionVariables.WGETRC = pkgs.writeText "wgetrc" '' adjust_extension = on diff --git a/modules/nixfiles/wireguard.nix b/modules/nixfiles/wireguard.nix deleted file mode 100644 index d05c6ae..0000000 --- a/modules/nixfiles/wireguard.nix +++ /dev/null @@ -1,198 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - this, - ... -}: -with lib; let - cfg = config.nixfiles.modules.wireguard; -in { - options.nixfiles.modules.wireguard = { - client = { - enable = mkEnableOption "WireGuard client"; - - enableTrafficRouting = mkOption { - description = "Whether to enable traffic routing through the sever."; - type = with types; bool; - default = !this.isHeadless; - }; - }; - - server = { - enable = mkEnableOption "WireGuard server"; - - ipv4.address = mkOption { - description = "IPv4 address to bind to."; - type = with types; str; - default = my.configurations.manwe.wireguard.ipv4.address; - }; - - ipv6.address = mkOption { - description = "IPv4 address to bind to."; - type = with types; str; - default = my.configurations.manwe.wireguard.ipv6.address; - }; - - address = mkOption { - description = "Endpoint address to use"; - type = with types; str; - default = my.configurations.manwe.ipv4.address; - }; - - port = mkOption { - description = "Endpoint port to use."; - type = with types; int; - default = 6969; - }; - - publicKey = mkOption { - description = "Server's public key."; - type = with types; str; - default = my.configurations.manwe.wireguard.publicKey; - }; - - peers = mkOption { - description = "List of peers."; - type = with types; listOf attrs; - default = mapAttrsToList (_: attr: - with attr; { - inherit (wireguard) publicKey; - allowedIPs = with wireguard; [ - "${ipv4.address}/32" - "${ipv6.address}/128" - ]; - }) (filterAttrs (_: attr: - attr.hostname != this.hostname && hasAttr "wireguard" attr) - my.configurations); - }; - }; - - interface = mkOption { - description = "Name of the interface to use WireGuard with."; - type = with types; str; - default = "wg69"; - }; - - ipv4.subnet = mkOption { - description = "CIDR notation for the IPv4 subnet to use over WireGuard."; - type = with types; str; - default = "10.69.0.0/16"; - }; - - ipv6.subnet = mkOption { - description = "CIDR notation for the IPv6 subnet to use over WireGuard."; - type = with types; str; - default = "fd69::/16"; - }; - }; - - config = - { - assertions = [ - { - assertion = config.security.sudo.enable; - message = "Sudo is not enabled."; - } - { - assertion = any (x: x == "wheel") config.my.extraGroups; - message = ''User is not in the "wheel" group.''; - } - ]; - } - // mkMerge [ - (mkIf (cfg.client.enable || cfg.server.enable) { - secrets."wireguard-private-key-${this.hostname}".file = "${inputs.self}/secrets/wireguard-private-key-${this.hostname}"; - - networking.firewall.trustedInterfaces = [cfg.interface]; - }) - (mkIf cfg.client.enable { - networking.wg-quick.interfaces.${cfg.interface} = mkMerge [ - (with this.wireguard; { - privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path; - address = ["${ipv4.address}/16" "${ipv6.address}/16"]; - }) - (with cfg.server; { - peers = [ - { - inherit publicKey; - endpoint = "${address}:${toString port}"; - allowedIPs = - if cfg.client.enableTrafficRouting - then [ - "0.0.0.0/0" - "::/0" - ] - else [ - cfg.ipv4.subnet - cfg.ipv6.subnet - ]; - persistentKeepalive = 25; - } - ]; - dns = [ - ipv4.address - ipv6.address - ]; # This assumes that the host has Unbound running. - }) - ]; - - environment.systemPackages = with pkgs; [ - (writeShellApplication { - name = "wg-toggle"; - runtimeInputs = [iproute2 jq wireguard-tools]; - text = '' - ip46() { - sudo ip -4 "$@" - sudo ip -6 "$@" - } - - fwmark=$(sudo wg show ${cfg.interface} fwmark) || exit - if ip -j rule list lookup "$fwmark" | jq -e 'length > 0' >/dev/null; then - ip46 rule del lookup main suppress_prefixlength 0 - ip46 rule del lookup "$fwmark" - else - ip46 rule add not fwmark "$fwmark" lookup "$fwmark" - ip46 rule add lookup main suppress_prefixlength 0 - fi - ''; - }) - ]; - }) - (mkIf cfg.server.enable { - networking = { - wireguard = { - enable = true; - interfaces.${cfg.interface} = with cfg.server; { - privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path; - ips = ["${ipv4.address}/16" "${ipv6.address}/16"]; - listenPort = port; - inherit peers; - allowedIPsAsRoutes = false; - }; - }; - - nat = { - enable = true; - enableIPv6 = true; - - externalInterface = mkDefault "eth0"; - - internalInterfaces = [cfg.interface]; - internalIPs = [cfg.ipv4.subnet]; - internalIPv6s = [cfg.ipv6.subnet]; - }; - - firewall.allowedUDPPorts = [cfg.server.port]; - }; - - services.prometheus.exporters.wireguard = { - enable = true; - listenAddress = mkDefault this.wireguard.ipv4.address; - withRemoteIp = true; - port = 9586; - }; - }) - ]; -} diff --git a/modules/nixfiles/x11.nix b/modules/nixfiles/x11.nix deleted file mode 100644 index cd8dfbe..0000000 --- a/modules/nixfiles/x11.nix +++ /dev/null @@ -1,92 +0,0 @@ -{ - config, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.x11; -in { - options.nixfiles.modules.x11.enable = mkEnableOption "X11"; - - config = mkIf cfg.enable { - nixfiles.modules.fonts.enable = true; - - hm = { - home.sessionVariables = with config.dirs; { - XCOMPOSEFILE = "${cache}/XComposeFile"; - XCOMPOSECACHE = "${cache}/XComposeCache"; - }; - - xsession.scriptPath = ".xinitrc"; - - xresources.properties = - (let - font = with config.fontScheme.monospaceFont; "${family}:style=${style}:size=${toString size}"; - in { - "*.font" = font; - - "Xft.antialias" = 1; - "Xft.autohint" = 0; - "Xft.dpi" = 96; - "Xft.hinting" = 1; - "Xft.hintstyle" = "hintslight"; - "Xft.lcdfilter" = "lcddefault"; - "Xft.rgba" = "rgb"; - }) - // (with config.colourScheme; { - "*.color0" = black; - "*.color8" = brightBlack; - "*.color1" = red; - "*.color9" = brightRed; - "*.color2" = green; - "*.color10" = brightGreen; - "*.color3" = yellow; - "*.color11" = brightYellow; - "*.color4" = blue; - "*.color12" = brightBlue; - "*.color5" = magenta; - "*.color13" = brightMagenta; - "*.color6" = cyan; - "*.color14" = brightCyan; - "*.color7" = white; - "*.color15" = brightWhite; - - "*.background" = background; - "*.foreground" = foreground; - }); - }; - - services.xserver = { - enable = true; - - tty = mkDefault 1; - - autoRepeatDelay = 200; - autoRepeatInterval = 25; - - libinput.enable = true; - - monitorSection = '' - Option "DPMS" "false" - ''; - - serverFlagsSection = '' - Option "BlankTime" "0" - Option "OffTime" "0" - Option "StandbyTime" "0" - Option "SuspendTime" "0" - ''; - - inputClassSections = [ - '' - Identifier "Mouse" - MatchIsPointer "yes" - Option "AccelerationNumerator" "2" - Option "AccelerationDenominator" "1" - Option "AccelerationThreshold" "4" - '' - ]; - }; - }; -} diff --git a/modules/nixfiles/xmonad.nix b/modules/nixfiles/xmonad.nix deleted file mode 100644 index 847110e..0000000 --- a/modules/nixfiles/xmonad.nix +++ /dev/null @@ -1,30 +0,0 @@ -{ - config, - inputs, - lib, - pkgs, - ... -}: -with lib; let - cfg = config.nixfiles.modules.xmonad; -in { - options.nixfiles.modules.xmonad.enable = mkEnableOption "XMonad"; - - config = mkIf cfg.enable { - nixfiles.modules.x11.enable = true; - - hm = { - xsession = { - enable = true; - - scriptPath = ".xinitrc"; - - windowManager.command = "${pkgs.xmonad-ng}/bin/xmonad-ng"; - }; - }; - - services.xserver.displayManager.startx.enable = true; - - system.extraDependencies = [inputs.xmonad-ng]; - }; -} diff --git a/modules/nixos/acme.nix b/modules/nixos/acme.nix new file mode 100644 index 0000000..d3ad661 --- /dev/null +++ b/modules/nixos/acme.nix @@ -0,0 +1,32 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.acme; +in { + imports = [ + (mkAliasOptionModule ["certs"] ["security" "acme" "certs"]) + ]; + + options.nixfiles.modules.acme = { + enable = mkEnableOption "ACME"; + + email = mkOption { + description = "Email for notifications."; + type = with types; str; + default = "admin+acme@${my.domain.shire}"; + }; + }; + + config = mkIf cfg.enable { + security.acme = { + acceptTerms = true; + defaults = { + inherit (cfg) email; + validMinDays = 60; + }; + }; + }; +} diff --git a/modules/nixos/alertmanager.nix b/modules/nixos/alertmanager.nix new file mode 100644 index 0000000..871b0c4 --- /dev/null +++ b/modules/nixos/alertmanager.nix @@ -0,0 +1,63 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.alertmanager; +in { + options.nixfiles.modules.alertmanager = { + enable = mkEnableOption "Alertmanager"; + + port = mkOption { + description = "Port."; + type = with types; port; + default = 30112; + }; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; nullOr str; + default = "alertmanager.${config.networking.domain}"; + }; + }; + + config = mkIf cfg.enable { + nixfiles.modules.nginx = with cfg; { + enable = true; + upstreams.alertmanager.servers."127.0.0.1:${toString cfg.port}" = {}; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://alertmanager"; + extraConfig = nginxInternalOnly; + }; + }; + + services.prometheus.alertmanager = { + enable = true; + + listenAddress = "127.0.0.1"; + inherit (cfg) port; + + extraFlags = ["--web.external-url=https://${cfg.domain}"]; + + configuration = { + global = { + smtp_from = "alertmanager@${my.domain.shire}"; + smtp_smarthost = "${my.domain.shire}:584"; + }; + + route = { + receiver = my.username; + group_by = ["alertname"]; + }; + + receivers = [ + { + name = my.username; + email_configs = [{to = "${my.username}+alert@${my.domain.shire}";}]; + } + ]; + }; + }; + }; +} diff --git a/modules/nixos/android.nix b/modules/nixos/android.nix new file mode 100644 index 0000000..307490a --- /dev/null +++ b/modules/nixos/android.nix @@ -0,0 +1,18 @@ +{ + config, + lib, + inputs, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.android; +in { + options.nixfiles.modules.android.enable = mkEnableOption "support for Android devices"; + + config = mkIf cfg.enable { + programs.adb.enable = true; + + my.extraGroups = ["adbusers"]; + }; +} diff --git a/modules/nixos/bluetooth.nix b/modules/nixos/bluetooth.nix new file mode 100644 index 0000000..8347361 --- /dev/null +++ b/modules/nixos/bluetooth.nix @@ -0,0 +1,28 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.bluetooth; +in { + options.nixfiles.modules.bluetooth.enable = + mkEnableOption "Bluetooth support"; + + config = mkIf cfg.enable { + hardware.bluetooth = { + enable = true; + settings.General.FastConnectable = true; + }; + + environment = { + etc."bluetooth/input.conf".text = generators.toINI {} { + General = { + IdleTimeout = 15; + UserspaceHID = true; + }; + }; + }; + }; +} diff --git a/modules/nixos/common/console.nix b/modules/nixos/common/console.nix new file mode 100644 index 0000000..3c73695 --- /dev/null +++ b/modules/nixos/common/console.nix @@ -0,0 +1,6 @@ +{config, ...}: { + console = { + earlySetup = true; + useXkbConfig = config.services.xserver.enable; + }; +} diff --git a/modules/nixos/common/default.nix b/modules/nixos/common/default.nix new file mode 100644 index 0000000..8724c8b --- /dev/null +++ b/modules/nixos/common/default.nix @@ -0,0 +1,19 @@ +_: { + imports = [ + ./console.nix + ./documentation.nix + ./home-manager.nix + ./kernel.nix + ./locale.nix + ./networking.nix + ./nix.nix + ./secrets.nix + ./security.nix + ./services.nix + ./shell.nix + ./systemd.nix + ./tmp.nix + ./users.nix + ./xdg.nix + ]; +} diff --git a/modules/nixos/common/documentation.nix b/modules/nixos/common/documentation.nix new file mode 100644 index 0000000..f909108 --- /dev/null +++ b/modules/nixos/common/documentation.nix @@ -0,0 +1,31 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; { + config = mkIf this.isHeadful { + documentation = { + dev.enable = true; + nixos.enable = true; + + man.man-db.manualPages = + (pkgs.buildEnv { + name = "man-paths"; + paths = with config; + environment.systemPackages ++ hm.home.packages; + pathsToLink = ["/share/man"]; + extraOutputsToInstall = ["man"]; + ignoreCollisions = true; + }) + .overrideAttrs (_: _: {__contentAddressed = true;}); + }; + + environment.sessionVariables = { + MANOPT = "--no-hyphenation"; + MANPAGER = "${pkgs.less}/bin/less -+F"; + }; + }; +} diff --git a/modules/nixos/common/home-manager.nix b/modules/nixos/common/home-manager.nix new file mode 100644 index 0000000..52f2fd3 --- /dev/null +++ b/modules/nixos/common/home-manager.nix @@ -0,0 +1,3 @@ +{inputs, ...}: { + imports = [inputs.home-manager.nixosModule]; +} diff --git a/modules/nixos/common/kernel.nix b/modules/nixos/common/kernel.nix new file mode 100644 index 0000000..2fc40f9 --- /dev/null +++ b/modules/nixos/common/kernel.nix @@ -0,0 +1,39 @@ +{lib, ...}: +with lib; { + boot = { + # I don't use it even on laptops. It's also /required/ to disable it for + # ZFS[1]. + # [1]: https://github.com/openzfs/zfs/issues/260 + # [1]: https://github.com/openzfs/zfs/issues/12842 + kernelParams = ["hibernate=no"]; + + kernel.sysctl = { + "fs.file-max" = pow 2 17; + "fs.inotify.max_user_watches" = pow 2 19; + "fs.suid_dumpable" = 0; + "kernel.core_uses_pid" = 1; + "kernel.exec-shield" = 1; + "kernel.kptr_restrict" = 1; + "kernel.maps_protect" = 1; + "kernel.msgmax" = pow 2 16; + "kernel.msgmnb" = pow 2 16; + "kernel.pid_max" = pow 2 16; + "kernel.randomize_va_space" = 2; + "kernel.shmall" = pow 2 28; + "kernel.shmmax" = pow 2 28; + "kernel.sysrq" = 0; + "vm.dirty_background_bytes" = pow 2 22; + "vm.dirty_background_ratio" = 5; + "vm.dirty_bytes" = pow 2 22; + "vm.dirty_ratio" = 30; + "vm.min_free_kbytes" = pow 2 16; + "vm.mmap_min_addr" = pow 2 12; + "vm.overcommit_memory" = mkDefault 0; + "vm.overcommit_ratio" = mkDefault 50; + "vm.vfs_cache_pressure" = 50; + }; + }; + + # https://docs.kernel.org/admin-guide/mm/ksm.html + hardware.ksm.enable = true; +} diff --git a/modules/nixos/common/locale.nix b/modules/nixos/common/locale.nix new file mode 100644 index 0000000..62d19f4 --- /dev/null +++ b/modules/nixos/common/locale.nix @@ -0,0 +1,24 @@ +{lib, ...}: +with lib; { + i18n = { + defaultLocale = mkDefault "en_GB.UTF-8"; + supportedLocales = [ + "C.UTF-8/UTF-8" + "en_GB.UTF-8/UTF-8" + "en_US.UTF-8/UTF-8" + "ja_JP.UTF-8/UTF-8" + "ru_RU.UTF-8/UTF-8" + ]; + }; + + services.xserver = { + layout = comcat ["us" "ru"]; + xkbVariant = comcat ["" "phonetic"]; + xkbOptions = comcat [ + "terminate:ctrl_alt_bksp" + "caps:escape" + "compose:menu" + "grp:win_space_toggle" + ]; + }; +} diff --git a/modules/nixos/common/networking.nix b/modules/nixos/common/networking.nix new file mode 100644 index 0000000..6109933 --- /dev/null +++ b/modules/nixos/common/networking.nix @@ -0,0 +1,108 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; { + # TODO Support multiple interfaces and IP addresses. + networking = mkMerge [ + { + domain = my.domain.shire; + + hostName = this.hostname; + hostId = substring 0 8 (builtins.hashString "md5" this.hostname); + + # Remove default hostname mappings. This is required at least by the current + # implementation of the montoring module. + hosts = { + "127.0.0.2" = mkForce []; + "::1" = mkForce []; + }; + + nameservers = mkDefault dns.const.quad9.default; + + useDHCP = false; + + firewall = { + enable = true; + + rejectPackets = false; + + allowPing = true; + pingLimit = "--limit 1/minute --limit-burst 5"; + + logRefusedConnections = false; + logRefusedPackets = false; + logRefusedUnicastsOnly = false; + logReversePathDrops = false; + }; + } + (let + interface = "eth0"; # This assumes `usePredictableInterfaceNames` is false. + in + mkIf (hasAttr "ipv4" this && hasAttr "ipv6" this) { + usePredictableInterfaceNames = false; # NOTE This can break something! + interfaces.${interface} = { + ipv4.addresses = with this.ipv4; + optional (isString address && isInt prefixLength) { + inherit address prefixLength; + }; + + ipv6.addresses = with this.ipv6; + optional (isString address && isInt prefixLength) { + inherit address prefixLength; + }; + }; + defaultGateway = with this.ipv4; + mkIf (isString gatewayAddress) { + inherit interface; + address = gatewayAddress; + }; + defaultGateway6 = with this.ipv6; + mkIf (isString gatewayAddress) { + inherit interface; + address = gatewayAddress; + }; + }) + (mkIf this.isHeadful { + interfaces = { + eth0.useDHCP = mkDefault true; + wlan0.useDHCP = mkDefault true; + }; + + networkmanager = { + enable = mkDefault true; + wifi.backend = "iwd"; + }; + + wireless = { + enable = false; + iwd.enable = mkDefault true; + userControlled.enable = true; + allowAuxiliaryImperativeNetworks = true; + }; + }) + ]; + + environment.shellAliases = listToAttrs (map + ({ + name, + value, + }: + nameValuePair name "${pkgs.iproute2}/bin/${value}") [ + { + name = "bridge"; + value = "bridge -color=always"; + } + { + name = "ip"; + value = "ip -color=always"; + } + { + name = "tc"; + value = "tc -color=always"; + } + ]); +} diff --git a/modules/nixos/common/nix.nix b/modules/nixos/common/nix.nix new file mode 100644 index 0000000..07136a0 --- /dev/null +++ b/modules/nixos/common/nix.nix @@ -0,0 +1,39 @@ +{ + config, + inputs, + lib, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.common.nix; +in { + options.nixfiles.modules.common.nix.allowedUnfreePackages = mkOption { + description = "A list of allowed unfree packages."; + type = with types; listOf str; + default = []; + }; + + config = { + nix.settings.trusted-users = ["@wheel"]; + + nixpkgs = { + config.allowUnfreePredicate = p: elem (getName p) cfg.allowedUnfreePackages; + + overlays = with inputs; [ + agenix.overlay + # nix-minecraft-servers.overlays.default + xmonad-ng.overlays.default + ]; + }; + + system.stateVersion = with builtins; + head (split "\n" (readFile "${inputs.nixpkgs}/.version")); + + environment = { + sessionVariables.NIX_SHELL_PRESERVE_PROMPT = "1"; + localBinInPath = true; + defaultPackages = []; + }; + }; +} diff --git a/modules/nixos/common/secrets.nix b/modules/nixos/common/secrets.nix new file mode 100644 index 0000000..4fcdc61 --- /dev/null +++ b/modules/nixos/common/secrets.nix @@ -0,0 +1,45 @@ +{ + config, + inputs, + lib, + pkgs, + this, + ... +}: +with lib; { + imports = [ + inputs.agenix.nixosModule + (mkAliasOptionModule ["secrets"] ["age" "secrets"]) + ]; + + config = { + age = { + identityPaths = + if this.isHeadful + then ["${config.my.home}/.ssh/id_${my.ssh.type}"] + else + map (attr: attr.path) (filter (attr: attr.type == my.ssh.type) + config.services.openssh.hostKeys); + + # This can be used to auto-add all secrets, thus eleminating the need to + # specify path to each envrypted file. The drawback is that this will + # expose *all* secrets to all machines and try to decrypt them all even on + # machines where the secret will not be used. + # + # secrets = + # let + # secretsSourceDir = "${inputs.self}/age"; + # in + # mapAttrs' + # (name: _: + # nameValuePair name { + # file = "${secretsSourceDir}/${name}"; + # owner = mkDefault my.username; + # group = mkDefault config.my.group; + # }) + # (builtins.readDir secretsSourceDir); + }; + + environment.systemPackages = with pkgs; [agenix]; + }; +} diff --git a/modules/nixos/common/security.nix b/modules/nixos/common/security.nix new file mode 100644 index 0000000..09c5da1 --- /dev/null +++ b/modules/nixos/common/security.nix @@ -0,0 +1,29 @@ +{ + inputs, + lib, + ... +}: +with lib; { + security = { + sudo = { + enable = true; + execWheelOnly = true; + wheelNeedsPassword = false; + # https://mwl.io/archives/1000 + extraConfig = '' + Defaults env_keep += "SSH_CLIENT SSH_CONNECTION SSH_TTY SSH_AUTH_SOCK" + ''; + }; + + polkit = { + enable = true; + # https://wiki.archlinux.org/title/Polkit#Bypass_password_prompt + extraConfig = '' + polkit.addRule(function (action, subject) { + if (subject.isInGroup('wheel')) + return polkit.Result.YES; + }); + ''; + }; + }; +} diff --git a/modules/nixos/common/services.nix b/modules/nixos/common/services.nix new file mode 100644 index 0000000..725502a --- /dev/null +++ b/modules/nixos/common/services.nix @@ -0,0 +1,10 @@ +_: { + services = { + # https://github.com/Irqbalance/irqbalance/issues/54#issuecomment-319245584 + # https://unix.stackexchange.com/questions/710603/should-the-irqbalance-daemon-be-used-on-a-modern-desktop-x86-system + irqbalance.enable = true; + + # https://github.com/NixOS/nixpkgs/issues/135888 + nscd.enableNsncd = true; + }; +} diff --git a/modules/nixos/common/shell.nix b/modules/nixos/common/shell.nix new file mode 100644 index 0000000..5fbc441 --- /dev/null +++ b/modules/nixos/common/shell.nix @@ -0,0 +1,3 @@ +_: { + programs.command-not-found.enable = false; +} diff --git a/modules/nixos/common/systemd.nix b/modules/nixos/common/systemd.nix new file mode 100644 index 0000000..5c7282d --- /dev/null +++ b/modules/nixos/common/systemd.nix @@ -0,0 +1,22 @@ +{pkgs, ...}: { + hm.systemd.user.startServices = "sd-switch"; + + services.journald.extraConfig = '' + SystemMaxUse=5G + ''; + + systemd = let + extraConfig = '' + DefaultTimeoutStartSec=30s + DefaultTimeoutStopSec=15s + ''; + in { + inherit extraConfig; + user = {inherit extraConfig;}; + }; + + environment.sessionVariables = { + SYSTEMD_PAGER = "${pkgs.less}/bin/less"; + SYSTEMD_LESS = "FRSXMK"; + }; +} diff --git a/modules/nixos/common/tmp.nix b/modules/nixos/common/tmp.nix new file mode 100644 index 0000000..d56e2b6 --- /dev/null +++ b/modules/nixos/common/tmp.nix @@ -0,0 +1,18 @@ +_: { + systemd.mounts = [ + { + type = "tmpfs"; + what = "tmpfs"; + where = "/tmp"; + mountConfig.Options = [ + "huge=within_size" + "mode=1777" + "noatime" + "nodev" + "nosuid" + "rw" + "size=25%" + ]; + } + ]; +} diff --git a/modules/nixos/common/users.nix b/modules/nixos/common/users.nix new file mode 100644 index 0000000..22e8023 --- /dev/null +++ b/modules/nixos/common/users.nix @@ -0,0 +1,19 @@ +{lib, ...}: +with lib; { + users = { + mutableUsers = false; + + users = { + root.hashedPassword = "@HASHED_PASSWORD@"; + + ${my.username} = { + isNormalUser = true; + uid = 1000; + description = my.fullname; + inherit (my) hashedPassword; + openssh.authorizedKeys.keys = [my.ssh.key]; + extraGroups = ["wheel"]; + }; + }; + }; +} diff --git a/modules/nixos/common/xdg.nix b/modules/nixos/common/xdg.nix new file mode 100644 index 0000000..8ddf1ac --- /dev/null +++ b/modules/nixos/common/xdg.nix @@ -0,0 +1,87 @@ +{ + config, + lib, + this, + ... +}: +with lib; { + imports = let + withBase = s: ["home-manager" "users" my.username "xdg" s]; + in [ + (mkAliasOptionModule ["dirs" "cache"] (withBase "cacheHome")) + (mkAliasOptionModule ["dirs" "config"] (withBase "configHome")) + (mkAliasOptionModule ["dirs" "data"] (withBase "dataHome")) + (mkAliasOptionModule ["dirs" "state"] (withBase "stateHome")) + (mkAliasOptionModule ["userDirs"] (withBase "userDirs")) + ]; + + hm.xdg = mkMerge [ + { + enable = true; + + userDirs = let + inherit (config.my) home; + tmp = home + "/tmp"; + in { + enable = true; + + desktop = tmp; + documents = "${home}/doc"; + download = tmp; + music = tmp; + pictures = tmp; + publicShare = "${home}/share"; + templates = tmp; + videos = tmp; + }; + } + (mkIf this.isHeadful { + mimeApps = { + enable = true; + defaultApplications = mkMerge (mapAttrsToList + (n: v: genAttrs v (_: ["${n}.desktop"])) + { + emacsclient = [ + "application/json" + "application/vnd.ms-publisher" + "application/x-desktop" + "application/x-shellscript" + "application/x-trash" + "application/x-wine-extension-ini" + "application/xml" + "text/markdown" + "text/plain" + ]; + firefox = [ + "text/html" + "x-scheme-handler/http" + "x-scheme-handler/https" + ]; + imv = [ + "image/bmp" + "image/gif" + "image/jpeg" + "image/jpg" + "image/png" + "image/svg+xml" + "image/tiff" + "image/webp" + ]; + mpv = [ + "audio/aac" + "audio/flac" + "audio/mp3" + "audio/ogg" + "audio/wav" + "audio/webm" + "video/mkv" + "video/mp4" + "video/ogg" + "video/webm" + "video/x-matroska" + ]; + }); + }; + }) + ]; +} diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix new file mode 100644 index 0000000..b35e461 --- /dev/null +++ b/modules/nixos/default.nix @@ -0,0 +1,59 @@ +_: { + imports = [ + ./acme.nix + ./alertmanager.nix + ./android.nix + ./bluetooth.nix + ./common + ./discord.nix + ./docker.nix + ./dwm.nix + ./emacs.nix + ./endlessh-go.nix + ./endlessh.nix + ./fail2ban.nix + ./fonts.nix + ./games + ./git.nix + ./gnupg.nix + ./gotify.nix + ./grafana.nix + ./hydra.nix + ./ipfs.nix + ./kde.nix + ./libvirtd.nix + ./lidarr.nix + ./loki.nix + ./lxc.nix + ./matrix + ./monitoring + ./nextcloud.nix + ./nginx.nix + ./node-exporter.nix + ./nsd.nix + ./openssh.nix + ./podman.nix + ./postgresql.nix + ./profiles + ./prometheus.nix + ./promtail.nix + ./psd.nix + ./radarr.nix + ./radicale.nix + ./rss-bridge.nix + ./rtorrent.nix + ./searx.nix + ./shadowsocks.nix + ./soju.nix + ./solaar.nix + ./sonarr.nix + ./sound.nix + ./syncthing.nix + ./throttled.nix + ./unbound.nix + ./vaultwarden.nix + ./wireguard.nix + ./x11.nix + ./xmonad.nix + ]; +} diff --git a/modules/nixos/discord.nix b/modules/nixos/discord.nix new file mode 100644 index 0000000..190b5fc --- /dev/null +++ b/modules/nixos/discord.nix @@ -0,0 +1,22 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.discord; +in { + options.nixfiles.modules.discord.enable = + mkEnableOption "Steam runtime"; + + config = mkIf cfg.enable { + nixfiles.modules.common.nix.allowedUnfreePackages = ["discord"]; + + hm.home.packages = with pkgs; [ + (discord.override { + withOpenASAR = true; + }) + ]; + }; +} diff --git a/modules/nixos/docker.nix b/modules/nixos/docker.nix new file mode 100644 index 0000000..e642030 --- /dev/null +++ b/modules/nixos/docker.nix @@ -0,0 +1,41 @@ +{ + config, + inputs, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.docker; +in { + options.nixfiles.modules.docker.enable = mkEnableOption "Docker"; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = !config.nixfiles.modules.podman.enable; + message = "Pick only one!"; + } + ]; + + secrets.containers-auth = { + file = "${inputs.self}/secrets/containers-auth"; + path = "${config.my.home}/.docker/config.json"; + owner = my.username; + inherit (config.my) group; + }; + + virtualisation.docker.enable = true; + + environment.systemPackages = with pkgs; [docker-compose]; + + my.extraGroups = ["docker"]; + + hm.programs.bash = { + shellAliases.d = "${pkgs.docker}/bin/docker"; + initExtra = mkAfter '' + _complete_alias d _docker docker + ''; + }; + }; +} diff --git a/modules/nixos/dwm.nix b/modules/nixos/dwm.nix new file mode 100644 index 0000000..618d8ed --- /dev/null +++ b/modules/nixos/dwm.nix @@ -0,0 +1,159 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.dwm; +in { + options.nixfiles.modules.dwm.enable = mkEnableOption "dwm"; + + config = mkIf cfg.enable { + nixfiles.modules.x11.enable = true; + + hm.xsession = { + enable = true; + + windowManager.command = let + pkg = pkgs.dwm.override { + conf = let + font = with config.fontScheme.monospaceFont; "${family}:size=${toString size}"; + colour = config.colourScheme; + in '' + static const unsigned int borderpx = 1; + static const unsigned int snap = 32; + static const int showbar = 1; + static const int topbar = 1; + + static const char *fonts[] = { + "${font}" + }; + + static const char *colors[][3] = { + [SchemeNorm] = { + "${colour.white}", + "${colour.black}", + "${colour.black}", + }, + [SchemeSel] = { + "${colour.black}", + "${colour.white}", + "${colour.white}", + }, + }; + + static const char *tags[] = { + "1", + "2", + "3", + "4", + "5", + "6", + "7", + "8", + "9" + }; + + static const Rule rules[] = { + { "Emacs", NULL, NULL, 1 << 0, 0, -1 }, + }; + + static const float mfact = 0.666; + static const int nmaster = 1; + static const int resizehints = 0; + static const int lockfullscreen = 1; + + static const Layout layouts[] = { + { "[]=", tile }, + { "><>", NULL }, + { "[M]", monocle }, + }; + + #define MODKEY Mod4Mask + #define TAGKEYS(KEY,TAG) \ + { MODKEY, KEY, view, { .ui = 1 << TAG } }, \ + { MODKEY|ControlMask, KEY, toggleview, { .ui = 1 << TAG } }, \ + { MODKEY|ShiftMask, KEY, tag, { .ui = 1 << TAG } }, \ + { MODKEY|ControlMask|ShiftMask, KEY, toggletag, { .ui = 1 << TAG } }, + + static char dmenumon[2] = "0"; + static const char *dmenucmd[] = { + "${pkgs.dmenu}/bin/dmenu_run", + "-m", dmenumon, + "-fn", "${font}", + "-nb", "${colour.black}", + "-nf", "${colour.white}", + "-sb", "${colour.white}", + "-sf", "${colour.black}", + NULL, + }; + static const char *termcmd[] = { + "${pkgs.alacritty}/bin/alacritty", + NULL, + }; + + static const Key keys[] = { + { MODKEY, XK_x, spawn, {.v = dmenucmd } }, + { MODKEY, XK_Return, spawn, {.v = termcmd } }, + { MODKEY, XK_b, togglebar, {0} }, + { MODKEY, XK_j, focusstack, {.i = +1 } }, + { MODKEY, XK_k, focusstack, {.i = -1 } }, + { MODKEY|ShiftMask, XK_k, incnmaster, {.i = +1 } }, + { MODKEY|ShiftMask, XK_j, incnmaster, {.i = -1 } }, + { MODKEY, XK_comma, setmfact, {.f = -0.05} }, + { MODKEY, XK_period, setmfact, {.f = +0.05} }, + { MODKEY, XK_p, zoom, {0} }, + { MODKEY, XK_Tab, view, {0} }, + { MODKEY, XK_d, killclient, {0} }, + { MODKEY, XK_t, setlayout, {.v = &layouts[0]} }, + { MODKEY, XK_m, setlayout, {.v = &layouts[1]} }, + { MODKEY, XK_f, setlayout, {.v = &layouts[2]} }, + { MODKEY, XK_o, togglefloating, {0} }, + { MODKEY, XK_0, view, {.ui = ~0 } }, + { MODKEY|ShiftMask, XK_0, tag, {.ui = ~0 } }, + { MODKEY, XK_h, focusmon, {.i = -1 } }, + { MODKEY, XK_l, focusmon, {.i = +1 } }, + { MODKEY|ShiftMask, XK_h, tagmon, {.i = -1 } }, + { MODKEY|ShiftMask, XK_l, tagmon, {.i = +1 } }, + TAGKEYS( XK_1, 0) + TAGKEYS( XK_2, 1) + TAGKEYS( XK_3, 2) + TAGKEYS( XK_4, 3) + TAGKEYS( XK_5, 4) + TAGKEYS( XK_6, 5) + TAGKEYS( XK_7, 6) + TAGKEYS( XK_8, 7) + TAGKEYS( XK_9, 8) + { MODKEY|ShiftMask, XK_q, quit, {0} }, + }; + + static const Button buttons[] = { + { ClkLtSymbol, 0, Button1, setlayout, {0} }, + { ClkLtSymbol, 0, Button3, setlayout, {.v = &layouts[2]} }, + { ClkWinTitle, 0, Button2, zoom, {0} }, + { ClkStatusText, 0, Button2, spawn, {.v = termcmd } }, + { ClkClientWin, MODKEY, Button1, movemouse, {0} }, + { ClkClientWin, MODKEY, Button2, togglefloating, {0} }, + { ClkClientWin, MODKEY, Button3, resizemouse, {0} }, + { ClkTagBar, 0, Button1, view, {0} }, + { ClkTagBar, 0, Button3, toggleview, {0} }, + { ClkTagBar, MODKEY, Button1, tag, {0} }, + { ClkTagBar, MODKEY, Button3, toggletag, {0} }, + }; + ''; + }; + in "${pkg}/bin/dwm"; + }; + + hm.services.dwm-status = { + enable = true; + # package = pkgs.dwm-status.override { + # enableAlsaUtils = false; + # }; + order = ["audio" "backlight" "battery" "cpu_load" "network" "time"]; + }; + + services.xserver.displayManager.startx.enable = true; + }; +} diff --git a/modules/nixos/emacs.nix b/modules/nixos/emacs.nix new file mode 100644 index 0000000..800d411 --- /dev/null +++ b/modules/nixos/emacs.nix @@ -0,0 +1,30 @@ +{ + config, + inputs, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.emacs; +in { + config = mkIf cfg.enable { + secrets.authinfo = { + file = "${inputs.self}/secrets/authinfo"; + owner = my.username; + inherit (config.my) group; + }; + + nixfiles.modules.x11.enable = true; + + hm = { + programs.doom-emacs.extraConfig = '' + (appendq! auth-sources '("${config.secrets.authinfo.path}")) + ''; + + services.emacs = { + enable = true; + client.enable = true; + }; + }; + }; +} diff --git a/modules/nixos/endlessh-go.nix b/modules/nixos/endlessh-go.nix new file mode 100644 index 0000000..435305d --- /dev/null +++ b/modules/nixos/endlessh-go.nix @@ -0,0 +1,30 @@ +{ + config, + lib, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.endlessh-go; +in { + options.nixfiles.modules.endlessh-go.enable = mkEnableOption "endlessh-go"; + + config = let + port = 22; + in + mkIf cfg.enable { + services.endlessh-go = { + enable = true; + listenAddress = "0.0.0.0"; + inherit port; + prometheus = { + enable = true; + listenAddress = this.wireguard.ipv4.address; + port = 9229; + }; + extraOptions = ["-geoip_supplier=ip-api" "-v=1"]; + }; + + networking.firewall.allowedTCPPorts = [port]; + }; +} diff --git a/modules/nixos/endlessh.nix b/modules/nixos/endlessh.nix new file mode 100644 index 0000000..67789fd --- /dev/null +++ b/modules/nixos/endlessh.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.endlessh; +in { + options.nixfiles.modules.endlessh.enable = mkEnableOption "endlessh"; + + config = let + port = 22; + in + mkIf cfg.enable { + services.endlessh = { + enable = true; + inherit port; + extraOptions = ["-v" "-4"]; + }; + + networking.firewall.allowedTCPPorts = [port]; + }; +} diff --git a/modules/nixos/fail2ban.nix b/modules/nixos/fail2ban.nix new file mode 100644 index 0000000..5ac3c9c --- /dev/null +++ b/modules/nixos/fail2ban.nix @@ -0,0 +1,32 @@ +{ + config, + lib, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.fail2ban; +in { + options.nixfiles.modules.fail2ban.enable = + mkEnableOption "fail2ban"; + + config = mkIf cfg.enable { + services.fail2ban = { + enable = true; + + bantime-increment = { + enable = true; + maxtime = "24h"; + rndtime = "8m"; + }; + + ignoreIP = + optionals (hasAttr "wireguard" this) + (with config.nixfiles.modules.wireguard; [ipv4.subnet ipv6.subnet]); + + jails.DEFAULT = '' + blocktype = DROP + ''; + }; + }; +} diff --git a/modules/nixos/fonts.nix b/modules/nixos/fonts.nix new file mode 100644 index 0000000..d4a7330 --- /dev/null +++ b/modules/nixos/fonts.nix @@ -0,0 +1,45 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.fonts; +in { + config = mkMerge [ + (mkIf cfg.enable { + hm.fonts.fontconfig.enable = true; + fonts.fontconfig = { + enable = true; + + defaultFonts = { + monospace = [ + "Iosevka" + "Sarasa Mono K" + "Sarasa Mono J" + "Sarasa Mono SC" + "Sarasa Mono CL" + ]; + sansSerif = [ + "Iosevka Aile" + "Sarasa Gothic K" + "Sarasa Gothic J" + "Sarasa Gothic SC" + "Sarasa Gothic CL" + ]; + serif = [ + "Iosevka Etoile" + "Sarasa Gothic K" + "Sarasa Gothic J" + "Sarasa Gothic SC" + "Sarasa Gothic CL" + ]; + }; + }; + }) + (mkIf (!cfg.enable) { + hm.fonts.fontconfig.enable = false; + fonts.fontconfig.enable = false; + }) + ]; +} diff --git a/modules/nixos/games/default.nix b/modules/nixos/games/default.nix new file mode 100644 index 0000000..1c5766b --- /dev/null +++ b/modules/nixos/games/default.nix @@ -0,0 +1,38 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.games; +in { + imports = [ + ./gamemode.nix + ./gog.nix + ./lutris.nix + ./mangohud.nix + ./minecraft.nix + ./steam-run.nix + ./steam.nix + ]; + + options.nixfiles.modules.games.enable32BitSupport = + mkEnableOption "support for games"; + + config = mkIf cfg.enable32BitSupport { + services = { + jack.alsa.support32Bit = config.services.jack.alsa.enable; + + pipewire.alsa.support32Bit = config.services.pipewire.alsa.enable; + }; + + hardware = { + opengl = mkIf config.hardware.opengl.enable { + extraPackages32 = config.hardware.opengl.extraPackages; + driSupport32Bit = config.hardware.opengl.driSupport; + }; + + pulseaudio.support32Bit = config.hardware.pulseaudio.enable; + }; + }; +} diff --git a/modules/nixos/games/gamemode.nix b/modules/nixos/games/gamemode.nix new file mode 100644 index 0000000..051d12e --- /dev/null +++ b/modules/nixos/games/gamemode.nix @@ -0,0 +1,13 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.games.gamemode; +in { + options.nixfiles.modules.games.gamemode.enable = + mkEnableOption "Feral GameMode"; + + config = mkIf cfg.enable {programs.gamemode.enable = true;}; +} diff --git a/modules/nixos/games/gog.nix b/modules/nixos/games/gog.nix new file mode 100644 index 0000000..86039f1 --- /dev/null +++ b/modules/nixos/games/gog.nix @@ -0,0 +1,18 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.games.gog; +in { + options.nixfiles.modules.games.gog.enable = + mkEnableOption "stand-alone GOG clients and the ability to run GOG games"; + + config = mkIf cfg.enable { + nixfiles.modules.games.steam-run.enable = true; + + hm.home.packages = with pkgs; [lgogdownloader]; + }; +} diff --git a/modules/nixos/games/lutris.nix b/modules/nixos/games/lutris.nix new file mode 100644 index 0000000..72179fc --- /dev/null +++ b/modules/nixos/games/lutris.nix @@ -0,0 +1,32 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.games.lutris; +in { + options.nixfiles.modules.games.lutris.enable = mkEnableOption "Lutris"; + + config = mkIf cfg.enable { + nixfiles.modules.games = { + gamemode.enable = true; + mangohud.enable = true; + steam-run.enable = true; + }; + + hm.home.packages = with pkgs; [ + (lutris.override { + lutris-unwrapped = lutris-unwrapped.override { + wine = buildFHSUserEnv { + # We don't really need Wine because Lutris downloads a required + # runtime for us. + name = "empty"; + }; + }; + }) + vkBasalt + ]; + }; +} diff --git a/modules/nixos/games/mangohud.nix b/modules/nixos/games/mangohud.nix new file mode 100644 index 0000000..d693c82 --- /dev/null +++ b/modules/nixos/games/mangohud.nix @@ -0,0 +1,26 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.games.mangohud; +in { + options.nixfiles.modules.games.mangohud.enable = mkEnableOption "MangoHud"; + + config = mkIf cfg.enable { + hm.programs.mangohud = { + enable = true; + settings = { + fps = true; + frame_timing = true; + gpu_stats = true; + gpu_temp = true; + cpu_stats = true; + cpu_temp = true; + ram = true; + vram = true; + }; + }; + }; +} diff --git a/modules/nixos/games/minecraft.nix b/modules/nixos/games/minecraft.nix new file mode 100644 index 0000000..e53f9eb --- /dev/null +++ b/modules/nixos/games/minecraft.nix @@ -0,0 +1,50 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.games.minecraft; +in { + options.nixfiles.modules.games.minecraft = { + client.enable = mkEnableOption "Minecraft client"; + server = { + enable = mkEnableOption "Minecraft server"; + + memory = mkOption { + description = "Amount of RAM to allocate."; + type = types.str; + default = "2G"; + }; + }; + }; + + config = mkMerge [ + (mkIf cfg.client.enable { + hm.home.packages = with pkgs; [pollymc]; + }) + (mkIf cfg.server.enable { + # Configurations, opslist, whitelist and plugins are managed imperatively. + # TODO Make it declarative. + services.minecraft-server = { + enable = true; + eula = true; + + package = pkgs.minecraftServers.purpur_1_19_2; + + # TODO Make a PR fixing trailing whitespace on this. + jvmOpts = + (concatStringsSep " " [ + "-Xmx${cfg.server.memory}" + "-Xms${cfg.server.memory}" + "--add-modules=jdk.incubator.vector" + ]) + + " "; + }; + + # Defined in /var/lib/minecraft/server.properties. + networking.firewall.allowedTCPPorts = [55565]; + }) + ]; +} diff --git a/modules/nixos/games/steam-run.nix b/modules/nixos/games/steam-run.nix new file mode 100644 index 0000000..1a1e61f --- /dev/null +++ b/modules/nixos/games/steam-run.nix @@ -0,0 +1,73 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.games.steam-run; +in { + options.nixfiles.modules.games.steam-run = { + enable = mkEnableOption "native Steam runtime"; + + quirks = { + mountAndBladeWarband = mkEnableOption ''fixes for "Mount & Blade: Warband" issues''; + cryptOfTheNecrodancer = mkEnableOption ''fixes for "Crypt of the NecroDancer" issues''; + }; + }; + + config = mkIf cfg.enable { + nixfiles.modules = { + common.nix.allowedUnfreePackages = ["steam" "steam-run"]; + + games = { + enable32BitSupport = true; + gamemode.enable = true; + }; + }; + + hm.home.packages = with pkgs; [ + (steam.override { + extraLibraries = _: + with cfg.quirks; + [] + ++ optionals mountAndBladeWarband [ + (glew.overrideAttrs (_: super: let + opname = super.pname; + in rec { + pname = "${opname}-runfix"; + inherit (super) version; + src = fetchurl { + url = "mirror://sourceforge/${opname}/${opname}-${version}.tgz"; + hash = "sha256-BN6R5+Z2MDm8EZQAlc2cf4gLq6ghlqd2X3J6wFqZPJU="; + }; + })) + (fmodex.overrideAttrs (_: super: let + opname = super.pname; + in rec { + pname = "${opname}-runfix"; + inherit (super) version; + installPhase = let + libPath = makeLibraryPath [ + alsa-lib + libpulseaudio + stdenv.cc.cc + ]; + in '' + install -Dm755 api/lib/libfmodex64-${version}.so $out/lib/libfmodex64.so + patchelf --set-rpath ${libPath} $out/lib/libfmodex64.so + ''; + })) + ] + ++ optionals cryptOfTheNecrodancer [ + (import (builtins.fetchTarball { + url = "https://github.com/NixOS/nixpkgs/archive/d1c3fea7ecbed758168787fe4e4a3157e52bc808.tar.gz"; + sha256 = "0ykm15a690v8lcqf2j899za3j6hak1rm3xixdxsx33nz7n3swsyy"; + }) {inherit (config.nixpkgs) config localSystem;}) + .flac + ]; + }) + .run + ]; + }; +} diff --git a/modules/nixos/games/steam.nix b/modules/nixos/games/steam.nix new file mode 100644 index 0000000..8dfa72c --- /dev/null +++ b/modules/nixos/games/steam.nix @@ -0,0 +1,25 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.games.steam; +in { + options.nixfiles.modules.games.steam.enable = + mkEnableOption "Steam runtime"; + + config = mkIf cfg.enable { + nixfiles.modules = { + common.nix.allowedUnfreePackages = ["steam" "steam-original"]; + + games = { + enable32BitSupport = true; + gamemode.enable = true; + }; + }; + + hm.home.packages = with pkgs; [steam]; + }; +} diff --git a/modules/nixos/git.nix b/modules/nixos/git.nix new file mode 100644 index 0000000..f754588 --- /dev/null +++ b/modules/nixos/git.nix @@ -0,0 +1,117 @@ +{ + config, + lib, + inputs, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.git; +in { + options.nixfiles.modules.git.server = { + enable = mkEnableOption "Git server"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; nullOr str; + default = "git.${config.networking.domain}"; + }; + + package = mkOption { + description = "Package."; + type = types.package; + default = pkgs.cgit-pink; + }; + }; + + config = mkMerge [ + (mkIf cfg.client.enable { + secrets = { + glab-cli-config = { + file = "${inputs.self}/secrets/glab-cli-config"; + path = "${config.dirs.config}/glab-cli/config.yml"; + owner = my.username; + inherit (config.my) group; + }; + gh-hosts = { + file = "${inputs.self}/secrets/gh-hosts"; + path = "${config.dirs.config}/gh/hosts.yml"; + owner = my.username; + inherit (config.my) group; + }; + hut = { + file = "${inputs.self}/secrets/hut"; + path = "${config.dirs.config}/hut/config"; + owner = my.username; + inherit (config.my) group; + }; + }; + }) + (mkIf cfg.server.enable { + nixfiles.modules.nginx = { + enable = true; + virtualHosts.${cfg.server.domain} = { + locations = { + "/".extraConfig = let + cgitrc = pkgs.writeText "cgitrc" '' + root-title=azahi’s git stuff + root-desc=鯛も一人はうまからず + + about-filter=${cfg.server.package}/lib/cgit/filters/about-formatting.sh + source-filter=${cfg.server.package}/lib/cgit/filters/syntax-highlighting.py + commit-filter=${cfg.server.package}/lib/cgit/filters/commit-links.sh + + enable-git-config=1 + enable-gitweb-owner=1 + remove-suffix=1 + + snapshots=tar.gz tar.bz2 zip + + readme=:README + readme=:README.md + readme=:README.org + readme=:README.txt + readme=:readme + readme=:readme.md + readme=:readme.org + readme=:readme.txt + + scan-path=${config.services.gitolite.dataDir}/repositories + ''; + in '' + include ${config.services.nginx.package}/conf/fastcgi_params; + fastcgi_split_path_info ^(/?)(.+)$; + fastcgi_pass unix:${config.services.fcgiwrap.socketAddress}; + fastcgi_param SCRIPT_FILENAME ${cfg.server.package}/cgit/cgit.cgi; + fastcgi_param CGIT_CONFIG ${cgitrc}; + fastcgi_param PATH_INFO $uri; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + ''; + # FIXME This breaks sources previewing for these files. + "~* ^/(.+.(ico|css|png))$".extraConfig = '' + alias ${cfg.server.package}/cgit/$1; + ''; + }; + }; + }; + + services = let + user = "git"; + group = "git"; + in { + gitolite = { + # TODO Make the configuration purely declarative. + enable = true; + inherit user group; + adminPubkey = my.ssh.key; + }; + + fcgiwrap = { + enable = true; + inherit user group; + }; + }; + }) + ]; +} diff --git a/modules/nixos/gnupg.nix b/modules/nixos/gnupg.nix new file mode 100644 index 0000000..b86be9b --- /dev/null +++ b/modules/nixos/gnupg.nix @@ -0,0 +1,38 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.gnupg; +in { + options.nixfiles.modules.gnupg.pinentry = mkOption { + description = "Name of a pinentry implementation."; + type = types.str; + default = "curses"; + }; + + config = mkIf cfg.enable { + hm = { + programs.gpg.homedir = "${config.dirs.data}/gnupg"; + + services.gpg-agent = { + enable = true; + + enableSshSupport = true; + enableScDaemon = false; + + defaultCacheTtl = 999999; + defaultCacheTtlSsh = 999999; + maxCacheTtl = 999999; + maxCacheTtlSsh = 999999; + + grabKeyboardAndMouse = true; + + sshKeys = [my.pgp.grip]; + + pinentryFlavor = cfg.pinentry; + }; + }; + }; +} diff --git a/modules/nixos/gotify.nix b/modules/nixos/gotify.nix new file mode 100644 index 0000000..db47bb4 --- /dev/null +++ b/modules/nixos/gotify.nix @@ -0,0 +1,75 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.gotify; +in { + options.nixfiles.modules.gotify = { + enable = mkEnableOption "Gotify"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; str; + default = "gotify.${config.networking.domain}"; + }; + }; + + config = let + db = "gotify"; + in + mkIf cfg.enable { + nixfiles.modules = { + nginx = { + enable = true; + upstreams.gotify.servers."127.0.0.1:${toString config.services.gotify.port}" = {}; + virtualHosts.${cfg.domain} = { + locations."/" = { + proxyPass = "http://gotify"; + proxyWebsockets = true; + }; + extraConfig = nginxInternalOnly; + }; + }; + postgresql = { + enable = true; + extraPostStart = [ + '' + $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"' + '' + ]; + }; + }; + + services = { + gotify = { + enable = true; + port = 7665; + }; + + postgresql = { + ensureDatabases = [db]; + ensureUsers = [ + { + name = db; + ensurePermissions."DATABASE \"${db}\"" = "ALL"; + } + ]; + }; + }; + + systemd.services.gotify-server = { + after = ["network-online.target" "postgresql.service"]; + environment = { + GOTIFY_DATABASE_DIALECT = "postgres"; + GOTIFY_DATABASE_CONNECTION = concatStringsSep " " [ + "host=/run/postgresql" + "user=${db}" + "dbname=${db}" + "sslmode=disable" + ]; + }; + }; + }; +} diff --git a/modules/nixos/grafana.nix b/modules/nixos/grafana.nix new file mode 100644 index 0000000..a614502 --- /dev/null +++ b/modules/nixos/grafana.nix @@ -0,0 +1,119 @@ +{ + config, + inputs, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.grafana; +in { + options.nixfiles.modules.grafana = { + enable = mkEnableOption "Grafana"; + + port = mkOption { + description = "Port."; + type = with types; port; + default = 30101; + }; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; nullOr str; + default = "grafana.${config.networking.domain}"; + }; + }; + + config = let + db = "grafana"; + in + mkIf cfg.enable { + secrets = { + grafana-key = { + file = "${inputs.self}/secrets/grafana-key"; + owner = "grafana"; + group = "grafana"; + }; + grafana-admin-password = { + file = "${inputs.self}/secrets/grafana-admin-password"; + owner = "grafana"; + group = "grafana"; + }; + grafana-smtp-password = { + file = "${inputs.self}/secrets/grafana-smtp-password"; + owner = "grafana"; + group = "grafana"; + }; + }; + + nixfiles.modules = { + nginx = { + enable = true; + upstreams.grafana.servers."127.0.0.1:${toString cfg.port}" = {}; + virtualHosts.${cfg.domain} = { + locations."/" = { + proxyPass = "http://grafana"; + proxyWebsockets = true; + }; + extraConfig = nginxInternalOnly; + }; + }; + postgresql = { + enable = true; + extraPostStart = [ + '' + $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"' + '' + ]; + }; + }; + + services = { + grafana = { + enable = true; + + settings = { + server = with cfg; { + protocol = "http"; + http_addr = "127.0.0.1"; + http_port = port; + inherit domain; + enable_gzip = true; + }; + database = { + type = "postgres"; + host = "/run/postgresql"; + name = db; + user = db; + }; + smtp = { + enable = true; + user = "azahi@shire.me"; + host = my.domain.shire; + password = "$__file{${config.secrets.grafana-smtp-password.path}}"; + }; + user = { + allow_org_create = false; + allow_sign_up = false; + auto_assign_org = false; + auto_assign_org_role = "Viewer"; + }; + security = with config.secrets; { + secret_key = grafana-key.path; + admin_password = grafana-admin-password.path; + }; + analytics.reporting_enable = false; + }; + }; + + postgresql = { + ensureDatabases = [db]; + ensureUsers = [ + { + name = db; + ensurePermissions."DATABASE \"${db}\"" = "ALL"; + } + ]; + }; + }; + }; +} diff --git a/modules/nixos/hydra.nix b/modules/nixos/hydra.nix new file mode 100644 index 0000000..590fecb --- /dev/null +++ b/modules/nixos/hydra.nix @@ -0,0 +1,57 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.hydra; +in { + options.nixfiles.modules.hydra = { + enable = mkEnableOption "Hydra"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; str; + default = "hydra.${config.networking.domain}"; + }; + + port = mkOption { + description = "Port."; + type = with types; port; + default = 7754; + }; + }; + + config = mkIf cfg.enable { + nixfiles.modules = { + nginx = { + enable = true; + upstreams.hydra.servers."127.0.0.1:${toString cfg.port}" = {}; + virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://hydra"; + }; + postgresql.enable = true; + }; + + services = let + db = "hydra"; + in { + hydra = { + enable = true; + listenHost = "127.0.0.1"; + inherit (cfg) port; + dbi = "dbi:Pg:dbname=${db};user=${db}"; + hydraURL = cfg.domain; + }; + + postgresql = { + ensureDatabases = [db]; + ensureUsers = [ + { + name = db; + ensurePermissions."DATABASE \"${db}\"" = "ALL"; + } + ]; + }; + }; + }; +} diff --git a/modules/nixos/ipfs.nix b/modules/nixos/ipfs.nix new file mode 100644 index 0000000..0ec64e5 --- /dev/null +++ b/modules/nixos/ipfs.nix @@ -0,0 +1,167 @@ +{ + config, + lib, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.ipfs; + + swarmDefaultPort = 4001; + apiDefaultPort = 5001; + gatewayDefaultPort = 6001; +in { + options.nixfiles.modules.ipfs = { + enable = mkEnableOption "IPFS daemon"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; str; + default = "ipfs.${config.networking.fqdn}"; + }; + + swarmPort = mkOption { + description = "Swarm port."; + type = with types; port; + default = + if this.isHeadless + then swarmDefaultPort + 990 + else swarmDefaultPort; + }; + + apiPort = mkOption { + description = "API port."; + type = with types; port; + default = + if this.isHeadless + then apiDefaultPort + 990 + else apiDefaultPort; + }; + + gatewayPort = mkOption { + description = "Gateway port."; + type = with types; port; + default = + if this.isHeadless + then gatewayDefaultPort + 990 + else gatewayDefaultPort; + }; + }; + + config = mkIf cfg.enable (mkMerge [ + { + services.ipfs = { + enable = true; + + user = my.username; + inherit (config.my) group; + + dataDir = "${config.dirs.data}/ipfs"; + + swarmAddress = let + port = toString cfg.swarmPort; + in + if this.isHeadless + then [ + "/ip4/127.0.0.1/tcp/${port}" + "/ip4/127.0.0.1/udp/${port}/quic" + ] + else [ + "/ip4/0.0.0.0/tcp/${port}" + "/ip6/::/tcp/${port}" + "/ip4/0.0.0.0/udp/${port}/quic" + "/ip6/::/udp/${port}/quic" + ]; + apiAddress = "/ip4/127.0.0.1/tcp/${toString cfg.apiPort}"; + gatewayAddress = "/ip4/127.0.0.1/tcp/${toString cfg.gatewayPort}"; + + autoMigrate = true; + autoMount = true; + emptyRepo = true; + enableGC = true; + + extraConfig = mkMerge [ + (let + filterAddresses = + [ + "/ip4/100.64.0.0/ipcidr/10" + "/ip4/169.254.0.0/ipcidr/16" + "/ip4/172.16.0.0/ipcidr/12" + "/ip4/192.0.0.0/ipcidr/24" + "/ip4/192.0.2.0/ipcidr/24" + "/ip4/192.168.0.0/ipcidr/16" + "/ip4/198.18.0.0/ipcidr/15" + "/ip4/198.51.100.0/ipcidr/24" + "/ip4/203.0.113.0/ipcidr/24" + "/ip4/240.0.0.0/ipcidr/4" + "/ip6/100::/ipcidr/64" + "/ip6/2001:2::/ipcidr/48" + "/ip6/2001:db8::/ipcidr/32" + "/ip6/fe80::/ipcidr/10" + ] + ++ optionals (!hasAttr "wireguard" this) [ + "/ip4/10.0.0.0/ipcidr/8" + "/ip6/fc00::/ipcidr/7" + ]; + in { + Addresses = with config.services.ipfs; { + # https://github.com/NixOS/nixpkgs/pull/165259 + # I think this shit broke inheritance... Gotta test more and make + # a PR I guess. + API = apiAddress; + Gateway = gatewayAddress; + Swarm = swarmAddress; + + NoAnnounce = filterAddresses; + }; + Swarm.AddrFilters = filterAddresses; + API.HTTPHeaders.Access-Control-Allow-Methods = ["GET" "POST" "PUT"]; + }) + (mkIf this.isHeadful { + API.HTTPHeaders.Access-Control-Allow-Origin = ["*"]; + }) + (mkIf this.isHeadless { + API.HTTPHeaders.Access-Control-Allow-Origin = ["https://${cfg.domain}" "https://api.${cfg.domain}"]; + }) + ]; + }; + + networking.firewall = rec { + allowedTCPPorts = [swarmDefaultPort]; + allowedUDPPorts = allowedTCPPorts; + }; + } + (mkIf this.isHeadless { + nixfiles.modules.nginx = { + enable = true; + upstreams = { + ipfs_gateway.servers."127.0.0.1:${toString cfg.gatewayPort}" = {}; + ipfs_swarm.servers."127.0.0.1:${toString cfg.swarmPort}" = {}; + ipfs_api.servers."127.0.0.1:${toString cfg.apiPort}" = {}; + }; + virtualHosts = { + ${cfg.domain}.locations."/".proxyPass = "http://ipfs_gateway"; + "swarm.${cfg.domain}" = { + serverName = cfg.domain; + listen = [ + { + addr = "0.0.0.0"; + port = swarmDefaultPort; + } + { + addr = "[::0]"; + port = swarmDefaultPort; + } + ]; + locations."/".proxyPass = "http://ipfs_swarm"; + }; + "api.${cfg.domain}" = { + # TODO Redirect "/" to "/webui" but keep other endpoints. + locations."/".proxyPass = "http://ipfs_api"; + extraConfig = nginxInternalOnly; + }; + }; + }; + }) + ]); +} diff --git a/modules/nixos/kde.nix b/modules/nixos/kde.nix new file mode 100644 index 0000000..a430294 --- /dev/null +++ b/modules/nixos/kde.nix @@ -0,0 +1,49 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.kde; +in { + options.nixfiles.modules.kde.enable = mkEnableOption "KDE Plasma"; + + config = mkIf cfg.enable { + nixfiles.modules = { + gnupg.pinentry = "qt"; + sound.enable = true; + x11.enable = true; + }; + + hm = { + home.sessionVariables.GTK_USE_PORTAL = 1; + + programs.firefox.profiles.default.settings = { + "widget.use-xdg-desktop-portal.file-picker" = 1; + "widget.use-xdg-desktop-portal.mime-handler" = 1; + }; + }; + + services.xserver = { + desktopManager.plasma5 = { + enable = true; + excludePackages = with pkgs.plasma5Packages; [ + elisa + gwenview + khelpcenter + okular + print-manager + ]; + }; + displayManager = { + sddm.enable = true; + + # NOTE https://github.com/NixOS/nixpkgs/pull/199881 + setupCommands = lib.mkForce ""; + }; + }; + + environment.systemPackages = with pkgs; [pinentry-qt]; + }; +} diff --git a/modules/nixos/libvirtd.nix b/modules/nixos/libvirtd.nix new file mode 100644 index 0000000..ae8b336 --- /dev/null +++ b/modules/nixos/libvirtd.nix @@ -0,0 +1,44 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.libvirtd; +in { + options.nixfiles.modules.libvirtd.enable = mkEnableOption "libvirtd"; + + config = mkIf cfg.enable { + virtualisation.libvirtd = { + enable = true; + + onBoot = "ignore"; + onShutdown = "shutdown"; + + extraConfig = '' + log_level = 4 + log_outputs = "4:stderr" + ''; + + qemu = { + package = pkgs.qemu_kvm; + runAsRoot = false; + + ovmf = { + enable = true; + packages = [pkgs.OVMFFull.fd]; + }; + + swtpm = { + enable = false; # Is this required for Windows 11? + package = pkgs.swtpm-tpm2; + }; + }; + }; + + environment.systemPackages = with pkgs; [virt-manager qemu-utils]; + + my.extraGroups = ["libvirtd"]; + }; +} diff --git a/modules/nixos/lidarr.nix b/modules/nixos/lidarr.nix new file mode 100644 index 0000000..f73f917 --- /dev/null +++ b/modules/nixos/lidarr.nix @@ -0,0 +1,28 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.lidarr; +in { + options.nixfiles.modules.lidarr = { + enable = mkEnableOption "Lidarr"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; str; + default = "lidarr.${config.networking.fqdn}"; + }; + }; + + config = mkIf cfg.enable { + nixfiles.modules.nginx = { + enable = true; + upstreams.lidarr.servers."127.0.0.1:8686" = {}; + virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://lidarr"; + }; + + services.lidarr.enable = true; + }; +} diff --git a/modules/nixos/loki.nix b/modules/nixos/loki.nix new file mode 100644 index 0000000..1582164 --- /dev/null +++ b/modules/nixos/loki.nix @@ -0,0 +1,102 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.loki; +in { + options.nixfiles.modules.loki = { + enable = mkEnableOption "Loki"; + + port = mkOption { + description = "Port."; + type = with types; port; + default = 30171; + }; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; str; + default = "loki.${config.networking.domain}"; + }; + }; + + config = mkIf cfg.enable { + nixfiles.modules.nginx = with cfg; { + enable = true; + upstreams.loki.servers."127.0.0.1:${toString cfg.port}" = {}; + virtualHosts.${domain} = { + locations."/".proxyPass = "http://loki"; + extraConfig = nginxInternalOnly; + }; + }; + + services.loki = { + enable = true; + + configuration = rec { + auth_enabled = false; + + server = rec { + http_listen_address = "127.0.0.1"; + http_listen_port = cfg.port; + + grpc_listen_address = "127.0.0.1"; + grpc_listen_port = http_listen_port + 1; + + log_level = "warn"; + }; + + common = rec { + path_prefix = "/var/lib/loki"; + storage.filesystem = { + chunks_directory = "${path_prefix}/chunker"; + rules_directory = "${path_prefix}/ruler"; + }; + replication_factor = 1; + instance_interface_names = ["lo"]; + ring = { + instance_addr = "127.0.0.1"; + kvstore.store = "inmemory"; + }; + }; + + ruler = { + rule_path = "${common.path_prefix}/ruler"; + storage = { + type = "local"; + local.directory = + pkgs.writeTextDir "ruler/ruler.yml" + (generators.toJSON {} {groups = [{name = "default";}];}); + }; + }; + + schema_config.configs = [ + { + from = "2020-01-01"; + store = "boltdb-shipper"; + object_store = "filesystem"; + schema = "v11"; + index = { + prefix = "index_"; + period = "24h"; + }; + chunks = { + prefix = "chunks_"; + period = "24h"; + }; + } + ]; + + analytics.reporting_enabled = false; + }; + }; + + systemd.tmpfiles.rules = [ + "d /var/lib/loki 0700 loki loki - -" + "d /var/lib/loki/ruler 0700 loki loki - -" + ]; + }; +} diff --git a/modules/nixos/lxc.nix b/modules/nixos/lxc.nix new file mode 100644 index 0000000..4f7805f --- /dev/null +++ b/modules/nixos/lxc.nix @@ -0,0 +1,16 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.lxc; +in { + options.nixfiles.modules.lxc.enable = + mkEnableOption "LXC/LXD"; + + config = mkIf cfg.enable { + virtualisation.lxd.enable = true; + my.extraGroups = "lxd"; + }; +} diff --git a/modules/nixos/matrix/default.nix b/modules/nixos/matrix/default.nix new file mode 100644 index 0000000..bd221c4 --- /dev/null +++ b/modules/nixos/matrix/default.nix @@ -0,0 +1 @@ +_: {imports = [./dendrite.nix ./element.nix ./synapse.nix];} diff --git a/modules/nixos/matrix/dendrite.nix b/modules/nixos/matrix/dendrite.nix new file mode 100644 index 0000000..0fad5f2 --- /dev/null +++ b/modules/nixos/matrix/dendrite.nix @@ -0,0 +1,157 @@ +{ + config, + lib, + inputs, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.matrix.dendrite; +in { + options.nixfiles.modules.matrix.dendrite = { + enable = mkEnableOption "Dendrite Matrix server"; + + domain = mkOption { + type = types.str; + default = config.networking.domain; + description = "Domain name sans protocol scheme."; + }; + }; + + config = let + db = "dendrite"; + in + mkIf cfg.enable { + secrets.dendrite-private-key = { + file = "${inputs.self}/secrets/dendrite-private-key"; + mode = "0444"; # The user is dynamic so the file must be world-readable. + }; + secrets.dendrite-environment-file = { + file = "${inputs.self}/secrets/dendrite-environment-file"; + mode = "0444"; # The user is dynamic so the file must be world-readable. + }; + + nixfiles.modules = { + nginx = { + enable = true; + upstreams.dendrite.servers."127.0.0.1:${toString config.services.dendrite.httpPort}" = {}; + virtualHosts.${cfg.domain}.locations = { + "/_matrix".proxyPass = "http://dendrite"; + "= /.well-known/matrix/server" = { + extraConfig = '' + add_header Content-Type application/json; + ''; + return = "200 '${ + generators.toJSON {} {"m.server" = "${cfg.domain}:443";} + }'"; + }; + "= /.well-known/matrix/client" = { + extraConfig = '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + ''; + return = "200 '${ + generators.toJSON {} { + "m.homeserver".base_url = "https://${cfg.domain}"; + } + }'"; + }; + }; + }; + postgresql = { + enable = true; + extraPostStart = [ + '' + $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"' + '' + ]; + }; + }; + + services = { + dendrite = { + enable = true; + httpPort = 8008; + environmentFile = config.secrets.dendrite-environment-file.path; + settings = { + version = 2; + global = { + server_name = cfg.domain; + private_key = config.secrets.dendrite-private-key.path; + database = { + connection_string = "postgresql://${db}@/${db}?host=/run/postgresql"; + max_open_conns = 64; + max_idle_connections = 8; + }; + cache = { + max_size_estimated = "1gb"; + max_age = "1h"; + }; + trusted_third_party_id_servers = [ + "matrix.org" + "nixos.org" + "vector.im" + ]; + presence = { + enable_inbound = false; + enable_outbound = false; + }; + }; + client_api = { + registration_disabled = true; + guests_disabled = true; + registration_shared_secret = "$REGISTRATION_SHARED_SECRET"; + }; + media_api = { + max_file_size_bytes = 0; + dynamic_thumbnails = true; + max_thumbnail_generators = 8; + thumbnail_sizes = [ + { + width = 32; + height = 32; + method = "crop"; + } + { + width = 96; + height = 96; + method = "crop"; + } + { + width = 640; + height = 480; + method = "scale"; + } + ]; + }; + logging = [ + { + type = "std"; + level = "warn"; + } + ]; + }; + }; + + postgresql = { + ensureDatabases = [db]; + ensureUsers = [ + { + name = db; + ensurePermissions."DATABASE \"${db}\"" = "ALL"; + } + ]; + }; + }; + + systemd.services.dendrite.serviceConfig.ExecStart = + mkForce + (concatStringsSep " " [ + "${pkgs.dendrite}/bin/dendrite-monolith-server" + "--config /run/dendrite/dendrite.yaml" + "--http-bind-address 127.0.0.1:${ + toString config.services.dendrite.httpPort + }" + ]); + }; +} diff --git a/modules/nixos/matrix/element.nix b/modules/nixos/matrix/element.nix new file mode 100644 index 0000000..3d47800 --- /dev/null +++ b/modules/nixos/matrix/element.nix @@ -0,0 +1,59 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.matrix.element; +in { + options.nixfiles.modules.matrix.element = { + enable = mkEnableOption "Element, a Matrix web interface"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; nullOr str; + default = "element.${config.networking.domain}"; + }; + + homeserver = mkOption { + description = "Default Matrix homeserver."; + type = with types; str; + default = my.domain.azahi; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = with config.nixfiles.modules.matrix; + (synapse.enable || dendrite.enable) && !(!synapse.enable && !dendrite.enable); + message = "Synapse or Dendrite must be enabled"; + } + ]; + + nixfiles.modules.nginx = with cfg; { + enable = true; + virtualHosts.${domain}.locations."/".root = pkgs.element-web.override { + conf = { + default_server_config."m.homeserver" = { + base_url = "https://${homeserver}"; + server_name = homeserver; + }; + disable_custom_urls = true; + disable_guests = true; + disable_login_language_selector = true; + disable_3pid_login = true; + brand = homeserver; + branding.authFooterLinks = [ + { + text = "Hosted on NixOS"; + url = "https://nixos.org"; + } + ]; + default_theme = "dark"; + }; + }; + }; + }; +} diff --git a/modules/nixos/matrix/synapse.nix b/modules/nixos/matrix/synapse.nix new file mode 100644 index 0000000..6ff5e0d --- /dev/null +++ b/modules/nixos/matrix/synapse.nix @@ -0,0 +1,93 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.matrix.synapse; +in { + options.nixfiles.modules.matrix.synapse = { + enable = mkEnableOption "Synapse Matrix server"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; str; + default = config.networking.domain; + }; + }; + + config = let + bind_address = "127.0.0.1"; + port = 8448; + in + mkIf cfg.enable { + nixfiles.modules = { + nginx = { + enable = true; + upstreams.synapse.servers."${bind_address}:${toString port}" = {}; + virtualHosts.${cfg.domain}.locations = { + "~ ^(/_matrix|/_synapse/client)".proxyPass = "http://synapse"; + "= /.well-known/matrix/server" = { + extraConfig = '' + add_header Content-Type application/json; + ''; + return = "200 '${ + generators.toJSON {} {"m.server" = "${cfg.domain}:443";} + }'"; + }; + "= /.well-known/matrix/client" = { + extraConfig = '' + add_header Content-Type application/json; + add_header Access-Control-Allow-Origin *; + ''; + return = "200 '${ + generators.toJSON {} { + "m.homeserver".base_url = "https://${cfg.domain}"; + } + }'"; + }; + }; + }; + postgresql.enable = true; + }; + + services = let + db = "synapse"; + in { + matrix-synapse = { + enable = true; + server_name = config.networking.domain; + + database_type = "psycopg2"; + database_name = db; + database_user = db; + + listeners = [ + { + inherit bind_address port; + type = "http"; + tls = false; + x_forwarded = true; + resources = [ + { + names = ["client" "federation"]; + compress = false; + } + ]; + } + ]; + }; + + postgresql = { + ensureDatabases = [db]; + ensureUsers = [ + { + name = db; + ensurePermissions."DATABASE \"${db}\"" = "ALL"; + } + ]; + }; + }; + }; +} diff --git a/modules/nixos/monitoring/dashboards/endlessh.json b/modules/nixos/monitoring/dashboards/endlessh.json new file mode 100644 index 0000000..0b47ee2 --- /dev/null +++ b/modules/nixos/monitoring/dashboards/endlessh.json @@ -0,0 +1,1457 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "", + "editable": true, + "fiscalYearStartMonth": 0, + "gnetId": 15156, + "graphTooltip": 0, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "type": "datasource", + "uid": "-- Dashboard --" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 0, + "y": 0 + }, + "id": 36, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "/^Total number connections that endlessh trapped$/", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.2", + "targets": [ + { + "datasource": { + "type": "datasource", + "uid": "-- Dashboard --" + }, + "panelId": 49, + "refId": "A" + } + ], + "title": "Connections", + "transformations": [ + { + "id": "filterByRefId", + "options": { + "include": "Seen" + } + }, + { + "id": "filterByValue", + "options": { + "filters": [ + { + "config": { + "id": "greaterOrEqual", + "options": { + "value": 0 + } + }, + "fieldName": "Value #Seen" + } + ], + "match": "any", + "type": "include" + } + }, + { + "id": "groupBy", + "options": { + "fields": { + "Value #Seen": { + "aggregations": [ + "sum" + ], + "operation": "aggregate" + }, + "ip": { + "aggregations": [], + "operation": "groupby" + } + } + } + }, + { + "id": "reduce", + "options": { + "includeTimeField": false, + "labelsToFields": false, + "mode": "reduceFields", + "reducers": [ + "sum" + ] + } + }, + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "Value #Seen (sum)": "Total number connections that endlessh trapped" + } + } + } + ], + "type": "stat" + }, + { + "datasource": { + "type": "datasource", + "uid": "-- Dashboard --" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 4, + "y": 0 + }, + "id": 42, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "/^Time spent on endlessh$/", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.2", + "targets": [ + { + "datasource": { + "type": "datasource", + "uid": "-- Dashboard --" + }, + "panelId": 49, + "refId": "A" + } + ], + "title": "Trapped Time", + "transformations": [ + { + "id": "filterByRefId", + "options": { + "include": "Trapped" + } + }, + { + "id": "filterByValue", + "options": { + "filters": [ + { + "config": { + "id": "greaterOrEqual", + "options": { + "value": 0 + } + }, + "fieldName": "Value #Trapped" + } + ], + "match": "all", + "type": "include" + } + }, + { + "id": "groupBy", + "options": { + "fields": { + "Value #Trapped": { + "aggregations": [ + "sum" + ], + "operation": "aggregate" + }, + "ip": { + "aggregations": [], + "operation": "groupby" + } + } + } + }, + { + "id": "reduce", + "options": { + "includeTimeField": false, + "labelsToFields": false, + "mode": "reduceFields", + "reducers": [ + "sum" + ] + } + }, + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "Total": "Seconds spent on endlessh", + "Value #Trapped (sum)": "Time spent on endlessh" + } + } + } + ], + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 8, + "y": 0 + }, + "id": 18, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum(increase(endlessh_sent_bytes_total{instance=~\"$host\",job=~\"$job\"}[$__range]))", + "hide": false, + "interval": "", + "legendFormat": "Bytes sent by endlessh", + "refId": "sent_bytes" + } + ], + "title": "Sent Bytes", + "type": "stat" + }, + { + "datasource": { + "type": "datasource", + "uid": "-- Dashboard --" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 12, + "y": 0 + }, + "id": 38, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "/^Unique IPs connected$/", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.2", + "targets": [ + { + "datasource": { + "type": "datasource", + "uid": "-- Dashboard --" + }, + "panelId": 49, + "refId": "A" + } + ], + "title": "Unique IPs", + "transformations": [ + { + "id": "filterByRefId", + "options": { + "include": "Seen" + } + }, + { + "id": "groupBy", + "options": { + "fields": { + "Value #Seen": { + "aggregations": [ + "sum" + ], + "operation": "aggregate" + }, + "ip": { + "aggregations": [], + "operation": "groupby" + } + } + } + }, + { + "id": "reduce", + "options": { + "includeTimeField": false, + "labelsToFields": false, + "mode": "reduceFields", + "reducers": [ + "count" + ] + } + }, + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": {}, + "renameByName": { + "Value #Seen (sum)": "Unique IPs connected", + "ip": "" + } + } + } + ], + "type": "stat" + }, + { + "datasource": { + "type": "datasource", + "uid": "-- Dashboard --" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "links": [ + { + "targetBlank": true, + "title": "whois", + "url": "https://search.arin.net/rdap/?query=${__value.text}" + } + ], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 16, + "y": 0 + }, + "id": 45, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "/^Client IP of the latest connection$/", + "values": false + }, + "text": {}, + "textMode": "value" + }, + "pluginVersion": "9.1.2", + "targets": [ + { + "datasource": { + "type": "datasource", + "uid": "-- Dashboard --" + }, + "panelId": 49, + "refId": "A" + } + ], + "title": "Latest Connection", + "transformations": [ + { + "id": "filterByRefId", + "options": { + "include": "Seen" + } + }, + { + "id": "filterByValue", + "options": { + "filters": [ + { + "config": { + "id": "greaterOrEqual", + "options": { + "value": 0 + } + }, + "fieldName": "Value #Seen" + } + ], + "match": "any", + "type": "include" + } + }, + { + "id": "groupBy", + "options": { + "fields": { + "Time": { + "aggregations": [ + "lastNotNull" + ], + "operation": "aggregate" + }, + "Value #Seen": { + "aggregations": [ + "sum" + ], + "operation": "aggregate" + }, + "ip": { + "aggregations": [], + "operation": "groupby" + } + } + } + }, + { + "id": "sortBy", + "options": { + "fields": {}, + "sort": [ + { + "field": "Time (lastNotNull)" + } + ] + } + }, + { + "id": "organize", + "options": { + "excludeByName": { + "instance": true, + "job": true + }, + "indexByName": {}, + "renameByName": { + "Time (lastNotNull)": "Time", + "Value #Seen (sum)": "Count", + "ip": "Client IP of the latest connection" + } + } + } + ], + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "#EAB839", + "value": 10 + }, + { + "color": "red", + "value": 20 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 20, + "y": 0 + }, + "id": 20, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "auto", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "text": {}, + "textMode": "auto" + }, + "pluginVersion": "9.1.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "sum((endlessh_client_open_count_total{instance=~\"$host\",job=~\"$job\"}) - (endlessh_client_closed_count_total{instance=~\"$host\",job=~\"$job\"} offset $__interval or endlessh_client_open_count_total{instance=~\"$host\",job=~\"$job\"} * 0))", + "instant": false, + "interval": "", + "legendFormat": "Open Connections", + "refId": "current_open" + } + ], + "title": "Current Connections", + "type": "stat" + }, + { + "datasource": { + "type": "datasource", + "uid": "-- Dashboard --" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "stepAfter", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "auto", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "min": -0.01, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 4, + "w": 12, + "x": 0, + "y": 3 + }, + "id": 30, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "datasource", + "uid": "-- Dashboard --" + }, + "panelId": 20, + "refId": "A" + } + ], + "title": "Concurrent Connections", + "type": "timeseries" + }, + { + "datasource": { + "type": "datasource", + "uid": "-- Dashboard --" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 3 + }, + "id": 32, + "options": { + "displayLabels": [], + "legend": { + "displayMode": "table", + "placement": "right", + "showLegend": true, + "values": [ + "value", + "percent" + ] + }, + "pieType": "pie", + "reduceOptions": { + "calcs": [ + "lastNotNull" + ], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "targets": [ + { + "datasource": { + "type": "datasource", + "uid": "-- Dashboard --" + }, + "panelId": 49, + "refId": "A" + } + ], + "title": "Connections by country", + "transformations": [ + { + "id": "filterByRefId", + "options": { + "include": "Seen" + } + }, + { + "id": "filterByValue", + "options": { + "filters": [ + { + "config": { + "id": "greaterOrEqual", + "options": { + "value": 0 + } + }, + "fieldName": "Value #Seen" + } + ], + "match": "any", + "type": "include" + } + }, + { + "id": "groupBy", + "options": { + "fields": { + "Value #Seen": { + "aggregations": [ + "sum" + ], + "operation": "aggregate" + }, + "country": { + "aggregations": [ + "last" + ], + "operation": "aggregate" + }, + "ip": { + "aggregations": [], + "operation": "groupby" + } + } + } + }, + { + "id": "groupBy", + "options": { + "fields": { + "Value #Seen (sum)": { + "aggregations": [ + "sum" + ], + "operation": "aggregate" + }, + "country (last)": { + "aggregations": [], + "operation": "groupby" + } + } + } + }, + { + "id": "rowsToFields", + "options": {} + } + ], + "type": "piechart" + }, + { + "datasource": { + "type": "datasource", + "uid": "-- Dashboard --" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "continuous-GrYlRd" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#96D98D", + "value": null + } + ] + } + }, + "overrides": [] + }, + "gridPos": { + "h": 12, + "w": 12, + "x": 0, + "y": 7 + }, + "id": 48, + "links": [], + "options": { + "basemap": { + "config": {}, + "name": "Layer 0", + "type": "default" + }, + "controls": { + "mouseWheelZoom": false, + "showAttribution": false, + "showDebug": false, + "showScale": false, + "showZoom": true + }, + "layers": [ + { + "config": { + "color": { + "field": "Connections", + "fixed": "dark-green" + }, + "fillOpacity": 0.4, + "shape": "circle", + "showLegend": false, + "size": { + "field": "Connections", + "fixed": 5, + "max": 10, + "min": 2 + }, + "style": { + "color": { + "field": "Connections", + "fixed": "dark-green" + }, + "size": { + "field": "Connections", + "fixed": 5, + "max": 9, + "min": 2 + }, + "text": { + "field": "location (lastNotNull) (lastNotNull)", + "fixed": "", + "mode": "fixed" + } + } + }, + "location": { + "geohash": "Geohash", + "mode": "geohash" + }, + "name": "Layer 1", + "type": "markers" + } + ], + "tooltip": { + "mode": "details" + }, + "view": { + "id": "zero", + "lat": 0, + "lon": 0, + "zoom": 1 + } + }, + "pluginVersion": "9.1.2", + "targets": [ + { + "datasource": { + "type": "datasource", + "uid": "-- Dashboard --" + }, + "panelId": 49, + "refId": "A" + } + ], + "title": "Locations", + "transformations": [ + { + "id": "filterByRefId", + "options": { + "include": "Seen" + } + }, + { + "id": "filterByValue", + "options": { + "filters": [ + { + "config": { + "id": "greaterOrEqual", + "options": { + "value": 0 + } + }, + "fieldName": "Value #Seen" + } + ], + "match": "any", + "type": "include" + } + }, + { + "id": "groupBy", + "options": { + "fields": { + "Value #Seen": { + "aggregations": [ + "sum" + ], + "operation": "aggregate" + }, + "geohash": { + "aggregations": [ + "lastNotNull" + ], + "operation": "groupby" + }, + "location": { + "aggregations": [ + "lastNotNull" + ], + "operation": "aggregate" + } + } + } + }, + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": { + "Value #geo (lastNotNull) (sum)": 2, + "geohash (lastNotNull)": 0, + "location (lastNotNull) (lastNotNull)": 1 + }, + "renameByName": { + "Value #Seen (sum)": "Connections", + "geohash": "Geohash", + "location (lastNotNull)": "Location" + } + } + } + ], + "type": "geomap" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "custom": { + "align": "auto", + "displayMode": "auto", + "filterable": true, + "inspect": false, + "minWidth": 50 + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + } + ] + } + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "Last Connection" + }, + "properties": [ + { + "id": "custom.minWidth", + "value": 150 + }, + { + "id": "unit", + "value": "dateTimeAsIso" + }, + { + "id": "custom.align", + "value": "left" + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "IP" + }, + "properties": [ + { + "id": "links", + "value": [ + { + "targetBlank": true, + "title": "search ARIN", + "url": "https://search.arin.net/rdap/?query=${__data.fields.IP}" + } + ] + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "Trapped Time" + }, + "properties": [ + { + "id": "unit", + "value": "s" + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 11 + }, + "id": 49, + "options": { + "footer": { + "fields": "", + "reducer": [ + "sum" + ], + "show": false + }, + "frameIndex": 0, + "showHeader": true, + "sortBy": [ + { + "desc": true, + "displayName": "Last Connection" + } + ] + }, + "pluginVersion": "9.1.2", + "targets": [ + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "(endlessh_client_open_count{instance=~\"$host\",job=~\"$job\"} - endlessh_client_open_count{instance=~\"$host\",job=~\"$job\"} offset $__interval) > 0 or (endlessh_client_open_count{instance=~\"$host\",job=~\"$job\"}!=0 unless endlessh_client_open_count{instance=~\"$host\",job=~\"$job\"} offset $__interval)", + "format": "table", + "hide": false, + "interval": "", + "legendFormat": "Seen {{ip}}", + "refId": "Seen" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "exemplar": true, + "expr": "(endlessh_client_trapped_time_seconds{instance=~\"$host\",job=~\"$job\"} - endlessh_client_trapped_time_seconds{instance=~\"$host\",job=~\"$job\"} offset $__interval) > 0 or (endlessh_client_trapped_time_seconds{instance=~\"$host\",job=~\"$job\"}!=0 unless endlessh_client_trapped_time_seconds{instance=~\"$host\",job=~\"$job\"} offset $__interval)", + "format": "table", + "hide": false, + "interval": "", + "legendFormat": "Trapped {{ip}}", + "refId": "Trapped" + } + ], + "title": "Clients", + "transformations": [ + { + "id": "filterByValue", + "options": { + "filters": [ + { + "config": { + "id": "greaterOrEqual", + "options": { + "value": 0 + } + }, + "fieldName": "Value #Seen" + }, + { + "config": { + "id": "greaterOrEqual", + "options": { + "value": 0 + } + }, + "fieldName": "Value #Trapped" + } + ], + "match": "any", + "type": "include" + } + }, + { + "id": "merge", + "options": {} + }, + { + "id": "calculateField", + "options": { + "alias": "Seen", + "mode": "reduceRow", + "reduce": { + "include": [ + "Value #Seen" + ], + "reducer": "sum" + } + } + }, + { + "id": "calculateField", + "options": { + "alias": "Trapped", + "mode": "reduceRow", + "reduce": { + "include": [ + "Value #Trapped" + ], + "reducer": "sum" + } + } + }, + { + "id": "filterByValue", + "options": { + "filters": [ + { + "config": { + "id": "greaterOrEqual", + "options": { + "value": 0 + } + }, + "fieldName": "Seen" + }, + { + "config": { + "id": "greaterOrEqual", + "options": { + "value": 0 + } + }, + "fieldName": "Trapped" + } + ], + "match": "all", + "type": "include" + } + }, + { + "id": "groupBy", + "options": { + "fields": { + "Seen": { + "aggregations": [ + "sum" + ], + "operation": "aggregate" + }, + "Time": { + "aggregations": [ + "max" + ], + "operation": "aggregate" + }, + "Trapped": { + "aggregations": [ + "sum" + ], + "operation": "aggregate" + }, + "country": { + "aggregations": [ + "lastNotNull" + ], + "operation": "aggregate" + }, + "ip": { + "aggregations": [], + "operation": "groupby" + } + } + } + }, + { + "id": "filterByValue", + "options": { + "filters": [ + { + "config": { + "id": "isNull", + "options": {} + }, + "fieldName": "ip" + } + ], + "match": "any", + "type": "exclude" + } + }, + { + "id": "organize", + "options": { + "excludeByName": {}, + "indexByName": { + "Seen (sum)": 3, + "Time (max)": 0, + "Trapped (sum)": 4, + "country (lastNotNull)": 2, + "ip": 1 + }, + "renameByName": { + "Seen (sum)": "Connections", + "Time (max)": "Last Connection", + "Trapped (sum)": "Trapped Time", + "country (lastNotNull)": "Country", + "ip": "IP" + } + } + } + ], + "type": "table" + } + ], + "refresh": "", + "schemaVersion": 37, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "default", + "value": "default" + }, + "hide": 0, + "includeAll": false, + "label": "datasource", + "multi": false, + "name": "DS_PROMETHEUS", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "allValue": ".*", + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(endlessh_client_open_count_total, job)", + "hide": 0, + "includeAll": true, + "label": "Job", + "multi": true, + "name": "job", + "options": [], + "query": { + "query": "label_values(endlessh_client_open_count_total, job)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "type": "query" + }, + { + "allValue": ".*", + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(endlessh_client_open_count_total{job=~\"$job\"}, instance)", + "hide": 0, + "includeAll": true, + "label": "Host", + "multi": true, + "name": "host", + "options": [], + "query": { + "query": "label_values(endlessh_client_open_count_total{job=~\"$job\"}, instance)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "type": "query" + } + ] + }, + "time": { + "from": "now-24h", + "to": "now" + }, + "timepicker": {}, + "timezone": "", + "title": "Endlessh", + "uid": "ATIxYkO7k", + "version": 1, + "weekStart": "" +} \ No newline at end of file diff --git a/modules/nixos/monitoring/dashboards/nginx.json b/modules/nixos/monitoring/dashboards/nginx.json new file mode 100644 index 0000000..b2cc499 --- /dev/null +++ b/modules/nixos/monitoring/dashboards/nginx.json @@ -0,0 +1,567 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "", + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 31, + "links": [], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 4, + "panels": [], + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "refId": "A" + } + ], + "title": "Status", + "type": "row" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "0": { + "text": "Down" + }, + "1": { + "text": "Up" + } + }, + "type": "value" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "#E02F44", + "value": null + }, + { + "color": "#FF9830", + "value": 1 + }, + { + "color": "#299c46", + "value": 1 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 12, + "x": 0, + "y": 1 + }, + "id": 8, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "background", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "repeat": "instance", + "repeatDirection": "h", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "nginx_up{instance=~\"$instance\"}", + "format": "time_series", + "instant": false, + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "NGINX Status for $instance", + "type": "stat" + }, + { + "collapsed": false, + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 4 + }, + "id": 6, + "panels": [], + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "refId": "A" + } + ], + "title": "Metrics", + "type": "row" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "Connections (rate)", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 1, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 0, + "y": 5 + }, + "id": 10, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(nginx_connections_accepted{instance=~\"$instance\"}[$__range])", + "format": "time_series", + "instant": false, + "intervalFactor": 1, + "legendFormat": "{{instance}} accepted", + "refId": "A" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(nginx_connections_handled{instance=~\"$instance\"}[$__range])", + "format": "time_series", + "instant": false, + "intervalFactor": 1, + "legendFormat": "{{instance}} handled", + "refId": "B" + } + ], + "title": "Processed connections", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "Connections", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 10, + "w": 12, + "x": 12, + "y": 5 + }, + "id": 12, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "nginx_connections_active{instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{instance}} active", + "refId": "A" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "nginx_connections_reading{instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{instance}} reading", + "refId": "B" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "nginx_connections_waiting{instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{instance}} waiting", + "refId": "C" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "nginx_connections_writing{instance=~\"$instance\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{instance}} writing", + "refId": "D" + } + ], + "title": "Active Connections", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 15 + }, + "id": 15, + "links": [], + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(nginx_http_requests_total{instance=~\"$instance\"}[$__range])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{instance}} total requests", + "refId": "A" + } + ], + "title": "Total requests", + "type": "timeseries" + } + ], + "refresh": "5s", + "schemaVersion": 37, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "default", + "value": "default" + }, + "hide": 0, + "includeAll": false, + "label": "datasource", + "multi": false, + "name": "DS_PROMETHEUS", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(nginx_up, instance)", + "hide": 0, + "includeAll": true, + "label": "", + "multi": true, + "name": "instance", + "options": [], + "query": { + "query": "label_values(nginx_up, instance)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": ["5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d"] + }, + "timezone": "", + "title": "NGINX", + "uid": "Yoeroupho", + "version": 1, + "weekStart": "" +} diff --git a/modules/nixos/monitoring/dashboards/postgresql.json b/modules/nixos/monitoring/dashboards/postgresql.json new file mode 100644 index 0000000..4e533f7 --- /dev/null +++ b/modules/nixos/monitoring/dashboards/postgresql.json @@ -0,0 +1,3086 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "", + "editable": true, + "fiscalYearStartMonth": 0, + "graphTooltip": 0, + "id": 29, + "links": [], + "liveNow": false, + "panels": [ + { + "collapsed": false, + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 0 + }, + "id": 34, + "panels": [], + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "refId": "A" + } + ], + "title": "General Counters, CPU, Memory and File Descriptor Stats", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 2, + "w": 4, + "x": 0, + "y": 1 + }, + "id": 36, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "value", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["mean"], + "fields": "", + "values": false + }, + "textMode": "name" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "pg_static{instance=\"$instance\"}", + "format": "time_series", + "instant": true, + "intervalFactor": 1, + "legendFormat": "{{short_version}}", + "refId": "A" + } + ], + "title": "Version", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "start time of the process", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "dateTimeFromNow" + }, + "overrides": [] + }, + "gridPos": { + "h": 2, + "w": 4, + "x": 4, + "y": 1 + }, + "id": 28, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["mean"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "pg_postmaster_start_time_seconds{instance=\"$instance\"} * 1000", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Start Time", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 2, + "w": 4, + "x": 8, + "y": 1 + }, + "id": 10, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "SUM(pg_stat_database_tup_fetched{datname=~\"$datname\", instance=~\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "refId": "A", + "step": 4 + } + ], + "title": "Current fetch data", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 2, + "w": 4, + "x": 12, + "y": 1 + }, + "id": 11, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "SUM(pg_stat_database_tup_inserted{datname=~\"$datname\", instance=~\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "range": true, + "refId": "A", + "step": 4 + } + ], + "title": "Current insert data", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 2, + "w": 4, + "x": 16, + "y": 1 + }, + "id": 12, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "SUM(pg_stat_database_tup_updated{datname=~\"$datname\", instance=~\"$instance\"})", + "format": "time_series", + "intervalFactor": 2, + "refId": "A", + "step": 4 + } + ], + "title": "Current update data", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 2, + "w": 4, + "x": 20, + "y": 1 + }, + "id": 38, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["mean"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "pg_settings_max_connections{instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 1, + "range": true, + "refId": "A" + } + ], + "title": "Max Connections", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Average user and system CPU time spent in seconds.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "s" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 3 + }, + "id": 22, + "links": [], + "options": { + "legend": { + "calcs": ["mean", "lastNotNull", "max", "min"], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "avg(rate(process_cpu_seconds_total{instance=\"$instance\"}[$__range]) * 1000)", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "CPU Time", + "range": true, + "refId": "A" + } + ], + "title": "Average CPU Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Virtual and Resident memory size in bytes, averages over 5 min interval", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "decbytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 3 + }, + "id": 24, + "links": [], + "options": { + "legend": { + "calcs": ["mean", "lastNotNull", "max", "min"], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "avg(rate(process_resident_memory_bytes{instance=\"$instance\"}[$__range]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Resident Mem", + "range": true, + "refId": "A" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "avg(rate(process_virtual_memory_bytes{instance=\"$instance\"}[$__range]))", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Virtual Mem", + "range": true, + "refId": "B" + } + ], + "title": "Average Memory Usage", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Number of open file descriptors", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 3 + }, + "id": 26, + "links": [], + "options": { + "legend": { + "calcs": ["mean", "lastNotNull", "max", "min"], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "process_open_fds{instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "Open FD", + "range": true, + "refId": "A" + } + ], + "title": "Open File Descriptors", + "type": "timeseries" + }, + { + "collapsed": false, + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 32, + "panels": [], + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "refId": "A" + } + ], + "title": "Settings", + "type": "row" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 0, + "y": 11 + }, + "id": 40, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "pg_settings_shared_buffers_bytes{instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Shared Buffers", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 3, + "y": 11 + }, + "id": 42, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "pg_settings_effective_cache_size_bytes{instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Effective Cache", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 6, + "y": 11 + }, + "id": 44, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "pg_settings_maintenance_work_mem_bytes{instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Maintenance Work Mem", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 9, + "y": 11 + }, + "id": 46, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "pg_settings_work_mem_bytes{instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "", + "refId": "A" + } + ], + "title": "Work Mem", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "decimals": 1, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 12, + "y": 11 + }, + "id": 48, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "pg_settings_max_wal_size_bytes{instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Max WAL Size", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 3, + "x": 15, + "y": 11 + }, + "id": 50, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "pg_settings_random_page_cost{instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Random Page Cost", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 2, + "x": 18, + "y": 11 + }, + "id": 52, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "pg_settings_seq_page_cost", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Seq Page Cost", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 2, + "x": 20, + "y": 11 + }, + "id": 54, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["mean"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "pg_settings_max_worker_processes{instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Max Worker Processes", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 2, + "x": 22, + "y": 11 + }, + "id": 56, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "pg_settings_max_parallel_workers{instance=\"$instance\"}", + "format": "time_series", + "intervalFactor": 1, + "refId": "A" + } + ], + "title": "Max Parallel Workers", + "type": "stat" + }, + { + "collapsed": false, + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 14 + }, + "id": 30, + "panels": [], + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "refId": "A" + } + ], + "title": "Database Stats", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 0, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineStyle": { + "fill": "solid" + }, + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": true, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 15 + }, + "id": 1, + "links": [], + "options": { + "legend": { + "calcs": ["mean", "lastNotNull", "max"], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "pg_stat_activity_count{datname=~\"$datname\", instance=~\"$instance\", state=\"active\"} != 0", + "format": "time_series", + "interval": "", + "intervalFactor": 2, + "legendFormat": "{{datname}}, s: {{state}}", + "range": true, + "refId": "A", + "step": 2 + } + ], + "title": "Active sessions", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 15 + }, + "id": 60, + "links": [], + "options": { + "legend": { + "calcs": ["mean", "lastNotNull", "sum"], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(pg_stat_database_xact_commit{instance=\"$instance\", datname=~\"$datname\"}[$__range])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{datname}} commits", + "refId": "A" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(pg_stat_database_xact_rollback{instance=\"$instance\", datname=~\"$datname\"}[$__range])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{datname}} rollbacks", + "refId": "B" + } + ], + "title": "Transactions", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 15 + }, + "id": 8, + "links": [], + "options": { + "legend": { + "calcs": ["mean", "lastNotNull", "sum"], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "pg_stat_database_tup_updated{datname=~\"$datname\", instance=~\"$instance\"} != 0", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{datname}}", + "refId": "A", + "step": 2 + } + ], + "title": "Update data", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 22 + }, + "id": 5, + "links": [], + "options": { + "legend": { + "calcs": ["mean", "lastNotNull", "sum"], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "pg_stat_database_tup_fetched{datname=~\"$datname\", instance=~\"$instance\"} != 0", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{datname}}", + "refId": "A", + "step": 2 + } + ], + "title": "Fetch data", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 22 + }, + "id": 6, + "links": [], + "options": { + "legend": { + "calcs": ["mean", "lastNotNull", "sum"], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "pg_stat_database_tup_inserted{datname=~\"$datname\", instance=~\"$instance\"} != 0", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{datname}}", + "refId": "A", + "step": 2 + } + ], + "title": "Insert data", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 0, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 22 + }, + "id": 3, + "links": [], + "options": { + "legend": { + "calcs": ["mean", "lastNotNull", "sum"], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "pg_locks_count{datname=~\"$datname\", instance=~\"$instance\", mode=~\"$mode\"} != 0", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{datname}},{{mode}}", + "refId": "A", + "step": 2 + } + ], + "title": "Lock tables", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 29 + }, + "id": 14, + "links": [], + "options": { + "legend": { + "calcs": ["mean", "lastNotNull", "sum"], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "pg_stat_database_tup_returned{datname=~\"$datname\", instance=~\"$instance\"} != 0", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{datname}}", + "refId": "A", + "step": 2 + } + ], + "title": "Return data", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 29 + }, + "id": 4, + "links": [], + "options": { + "legend": { + "calcs": ["lastNotNull", "max"], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "pg_stat_activity_count{datname=~\"$datname\", instance=~\"$instance\", state=~\"idle|idle in transaction|idle in transaction (aborted)\"}", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{datname}}, s: {{state}}", + "refId": "A", + "step": 2 + } + ], + "title": "Idle sessions", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 29 + }, + "id": 7, + "links": [], + "options": { + "legend": { + "calcs": ["mean", "lastNotNull", "sum"], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "pg_stat_database_tup_deleted{datname=~\"$datname\", instance=~\"$instance\"} != 0", + "format": "time_series", + "intervalFactor": 2, + "legendFormat": "{{datname}}", + "refId": "A", + "step": 2 + } + ], + "title": "Delete data", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "decimals": 4, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "percentunit" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 36 + }, + "id": 62, + "links": [], + "options": { + "legend": { + "calcs": ["mean", "lastNotNull"], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "pg_stat_database_blks_hit{instance=\"$instance\", datname=~\"$datname\"} / (pg_stat_database_blks_read{instance=\"$instance\", datname=~\"$datname\"} + pg_stat_database_blks_hit{instance=\"$instance\", datname=~\"$datname\"})", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{ datname }}", + "refId": "A" + } + ], + "title": "Cache Hit Rate", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 8, + "y": 36 + }, + "id": 64, + "links": [], + "options": { + "legend": { + "calcs": ["mean", "lastNotNull", "max", "min"], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "irate(pg_stat_bgwriter_buffers_backend_total{instance=\"$instance\"}[$__range])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "buffers_backend", + "range": true, + "refId": "A" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "irate(pg_stat_bgwriter_buffers_alloc_total{instance=\"$instance\"}[$__range])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "buffers_alloc", + "range": true, + "refId": "B" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "irate(pg_stat_bgwriter_buffers_backend_fsync_total{instance=\"$instance\"}[$__range])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "backend_fsync", + "range": true, + "refId": "C" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "irate(pg_stat_bgwriter_buffers_checkpoint_total{instance=\"$instance\"}[$__range])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "buffers_checkpoint", + "range": true, + "refId": "D" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "irate(pg_stat_bgwriter_buffers_clean_total{instance=\"$instance\"}[$__range])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "buffers_clean", + "range": true, + "refId": "E" + } + ], + "title": "Buffers (bgwriter)", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 36 + }, + "id": 66, + "links": [], + "options": { + "legend": { + "calcs": ["mean", "lastNotNull", "sum"], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(pg_stat_database_conflicts{instance=\"$instance\", datname=~\"$datname\"}[$__range])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{datname}} conflicts", + "refId": "B" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "irate(pg_stat_database_deadlocks{instance=\"$instance\", datname=~\"$datname\"}[$__range])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{datname}} deadlocks", + "refId": "A" + } + ], + "title": "Conflicts/Deadlocks", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total amount of data written to temporary files by queries in this database. All temporary files are counted, regardless of why the temporary file was created, and regardless of the log_temp_files setting.", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 0, + "y": 43 + }, + "id": 68, + "links": [], + "options": { + "legend": { + "calcs": ["mean", "lastNotNull", "sum"], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "irate(pg_stat_database_temp_bytes{instance=\"$instance\", datname=~\"$datname\"}[$__range])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "{{datname}}", + "range": true, + "refId": "A" + } + ], + "title": "Temp File (Bytes)", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ms" + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 16, + "x": 8, + "y": 43 + }, + "id": 70, + "links": [], + "options": { + "legend": { + "calcs": ["mean", "lastNotNull", "max", "min"], + "displayMode": "table", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "irate(pg_stat_bgwriter_checkpoint_write_time_total{instance=\"$instance\"}[$__range])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "write_time - Total amount of time that has been spent in the portion of checkpoint processing where files are written to disk.", + "range": true, + "refId": "B" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "irate(pg_stat_bgwriter_checkpoint_sync_time_total{instance=\"$instance\"}[$__range])", + "format": "time_series", + "intervalFactor": 1, + "legendFormat": "sync_time - Total amount of time that has been spent in the portion of checkpoint processing where files are synchronized to disk.", + "range": true, + "refId": "A" + } + ], + "title": "Checkpoint Stats", + "type": "timeseries" + } + ], + "refresh": "5s", + "schemaVersion": 37, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "includeAll": false, + "label": "datasource", + "multi": false, + "name": "DS_PROMETHEUS", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + }, + { + "current": { + "selected": false, + "text": "manwe:9187", + "value": "manwe:9187" + }, + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "definition": "query_result(pg_up)", + "hide": 0, + "includeAll": false, + "label": "Instance", + "multi": false, + "name": "instance", + "options": [], + "query": { + "query": "query_result(pg_up)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "/.*instance=\"([^\"]+).*/", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(datname)", + "hide": 0, + "includeAll": true, + "label": "Database", + "multi": true, + "name": "datname", + "options": [], + "query": { + "query": "label_values(datname)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 1, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "current": { + "selected": false, + "text": "All", + "value": "$__all" + }, + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values({mode=~\"accessexclusivelock|accesssharelock|exclusivelock|rowexclusivelock|rowsharelock|sharelock|sharerowexclusivelock|shareupdateexclusivelock\"}, mode)", + "hide": 0, + "includeAll": true, + "label": "Lock table", + "multi": true, + "name": "mode", + "options": [], + "query": { + "query": "label_values({mode=~\"accessexclusivelock|accesssharelock|exclusivelock|rowexclusivelock|rowsharelock|sharelock|sharerowexclusivelock|shareupdateexclusivelock\"}, mode)", + "refId": "StandardVariableQuery" + }, + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": ["5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d"] + }, + "timezone": "", + "title": "PostgreSQL", + "uid": "fiuGhahwi", + "version": 1, + "weekStart": "" +} diff --git a/modules/nixos/monitoring/dashboards/unbound.json b/modules/nixos/monitoring/dashboards/unbound.json new file mode 100644 index 0000000..8a0d503 --- /dev/null +++ b/modules/nixos/monitoring/dashboards/unbound.json @@ -0,0 +1,2991 @@ +{ + "annotations": { + "list": [ + { + "builtIn": 1, + "datasource": { + "type": "datasource", + "uid": "grafana" + }, + "enable": true, + "hide": true, + "iconColor": "rgba(0, 211, 255, 1)", + "name": "Annotations & Alerts", + "target": { + "limit": 100, + "matchAny": false, + "tags": [], + "type": "dashboard" + }, + "type": "dashboard" + } + ] + }, + "description": "", + "editable": true, + "fiscalYearStartMonth": 0, + "gnetId": 11705, + "graphTooltip": 0, + "id": 39, + "links": [], + "liveNow": false, + "panels": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total number of queries received at the selected time range.", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "fixed" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 0, + "y": 0 + }, + "id": 24, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(increase(unbound_queries_total{instance=\"$instance\"}[$__range]))", + "range": true, + "refId": "A" + } + ], + "title": "Queries", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "fixed" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 4, + "y": 0 + }, + "id": 26, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "sum(rate(unbound_queries_total{instance=\"$instance\"}[$__range]))", + "refId": "A" + } + ], + "title": "Queries per second", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total number of queries that were refused or dropped because they failed the access control settings at the selected time range.", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "fixed" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 8, + "y": 0 + }, + "id": 8, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "increase(unbound_unwanted_queries_total{instance=\"$instance\"}[$__range])", + "range": true, + "refId": "A" + } + ], + "title": "Unwanted queries", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total number of replies that were unwanted or unsolicited at the selected time range.\n\nA sharp increase in unwanted traffic indicates a possible spoof run in progress.", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "fixed" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 12, + "y": 0 + }, + "id": 49, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(unbound_unwanted_replies_total{instance=\"$instance\"}[$__range])", + "refId": "A" + } + ], + "title": "Unwanted replies", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Max memory in use by caches at the selected time range.", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "fixed" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 16, + "y": 0 + }, + "id": 48, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(rate(unbound_memory_caches_bytes{instance=\"$instance\"}[$__range]))", + "range": true, + "refId": "A" + } + ], + "title": "Memory cache size", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "The number of threads created to serve clients", + "fieldConfig": { + "defaults": { + "color": { + "mode": "thresholds" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 20, + "y": 0 + }, + "id": 2, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "none", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "unbound_num_threads{instance=\"$instance\"}", + "format": "time_series", + "instant": false, + "refId": "A" + } + ], + "title": "Threads", + "type": "stat" + }, + { + "cards": { + "cardPadding": 0 + }, + "color": { + "cardColor": "#3274D9", + "colorScale": "sqrt", + "colorScheme": "interpolateSpectral", + "exponent": 0.5, + "mode": "opacity" + }, + "dataFormat": "timeseries", + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Query response time in seconds", + "fieldConfig": { + "defaults": { + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "scaleDistribution": { + "type": "linear" + } + } + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 16, + "x": 0, + "y": 3 + }, + "heatmap": {}, + "hideZeroBuckets": false, + "highlightCards": true, + "id": 46, + "legend": { + "show": false + }, + "options": { + "calculate": true, + "calculation": {}, + "cellGap": 1, + "cellValues": {}, + "color": { + "exponent": 0.5, + "fill": "#3274D9", + "mode": "opacity", + "scale": "exponential", + "scheme": "Oranges", + "steps": 128 + }, + "exemplars": { + "color": "rgba(255,0,255,0.7)" + }, + "filterValues": { + "le": 1e-9 + }, + "legend": { + "show": false + }, + "rowsFrame": { + "layout": "ge" + }, + "showValue": "never", + "tooltip": { + "show": true, + "yHistogram": true + }, + "yAxis": { + "axisPlacement": "left", + "decimals": 0, + "min": "0", + "reverse": false, + "unit": "s" + } + }, + "pluginVersion": "9.1.0", + "reverseYBuckets": false, + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "rate(unbound_response_time_seconds_bucket{instance=\"$instance\", le=~\"0.001024|0.002048|0.004096|0.008192|0.016384|0.032768|0.065536|0.131072|0.262144|0.524288|1|2|4|8|16|32|64\"}[$__range])", + "format": "heatmap", + "instant": false, + "intervalFactor": 1, + "legendFormat": "{{le}}", + "refId": "A" + } + ], + "title": "Response time", + "tooltip": { + "show": true, + "showHistogram": true + }, + "type": "heatmap", + "xAxis": { + "show": true + }, + "yAxis": { + "decimals": 0, + "format": "s", + "logBase": 1, + "min": "0", + "show": true + }, + "yBucketBound": "upper" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + } + }, + "mappings": [] + }, + "overrides": [] + }, + "gridPos": { + "h": 7, + "w": 8, + "x": 16, + "y": 3 + }, + "id": 37, + "links": [], + "maxDataPoints": 3, + "options": { + "displayLabels": ["value"], + "legend": { + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "pieType": "pie", + "reduceOptions": { + "calcs": ["lastNotNull"], + "fields": "", + "values": false + }, + "tooltip": { + "mode": "single", + "sort": "none" + } + }, + "pluginVersion": "8.3.6", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(increase(unbound_cache_hits_total{instance=\"$instance\"}[$__range]))", + "legendFormat": "Hits", + "range": true, + "refId": "A" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "exemplar": true, + "expr": "sum(increase(unbound_cache_misses_total{instance=\"$instance\"}[$__range]))", + "format": "time_series", + "interval": "", + "legendFormat": "Misses", + "range": true, + "refId": "B" + } + ], + "title": "Cache hit/miss ratio", + "type": "piechart" + }, + { + "collapsed": false, + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 10 + }, + "id": 12, + "panels": [], + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "refId": "A" + } + ], + "title": "Queries", + "type": "row" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total number of queries that were made using TCP towards the Unbound server at the selected time range.", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "fixed" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 5, + "x": 0, + "y": 11 + }, + "id": 16, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(unbound_query_tcp_total{instance=\"$instance\"}[$__range])", + "refId": "A" + } + ], + "title": "Incoming TCP queries", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total number of queries that were made using TCP towards the Unbound server at the selected time range.", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "fixed" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 5, + "x": 5, + "y": 11 + }, + "id": 22, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(unbound_query_tcp_out_total{instance=\"$instance\"}[$__range])", + "refId": "A" + } + ], + "title": "Outgoing TCP queries", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total number of queries that had been rate limited at the selected time range.", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "fixed" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 10, + "y": 11 + }, + "id": 50, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(unbound_query_ratelimited_total{instance=\"$instance\"}[$__range])", + "refId": "A" + } + ], + "title": "Rate limited queries", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total number of queries that were made using TLS towards the Unbound server at the selected time range.", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "fixed" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 5, + "x": 14, + "y": 11 + }, + "id": 18, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(unbound_query_tls_total{instance=\"$instance\"}[$__range])", + "refId": "A" + } + ], + "title": "Incoming TLS queries", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total number of queries that were made using TLS resumption at the selected time range.", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "fixed" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 5, + "x": 19, + "y": 11 + }, + "id": 19, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(unbound_query_tls_resume_total{instance=\"$instance\"}[$__range])", + "refId": "A" + } + ], + "title": "TLS resumption queries", + "type": "stat" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total number of queries that were made using IPv6 towards the Unbound server at the selected time range.", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "fixed" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 5, + "x": 0, + "y": 14 + }, + "id": 20, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "increase(unbound_query_ipv6_total{instance=\"$instance\"}[$__range])", + "range": true, + "refId": "A" + } + ], + "title": "IPv6 queries", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total amount of answers that were secure (AD) at the selected time range.", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "fixed" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 5, + "x": 5, + "y": 14 + }, + "id": 51, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(unbound_answers_secure_total{instance=\"$instance\"}[$__range])", + "refId": "A" + } + ], + "title": "Secure answers", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total amount of answers that were bogus (withheld as SERVFAIL) at the selected time range.", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "fixed" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 4, + "x": 10, + "y": 14 + }, + "id": 52, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "increase(unbound_answers_bogus_total{instance=\"$instance\"}[$__range])", + "range": true, + "refId": "A" + } + ], + "title": "Bogus answers", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total number of queries that had an EDNS OPT record present at the selected time range.", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "fixed" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 5, + "x": 14, + "y": 14 + }, + "id": 17, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(unbound_query_edns_present_total{instance=\"$instance\"}[$__range])", + "refId": "A" + } + ], + "title": "EDNS OPT queries", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total number of queries that had an EDNS OPT record with the DO (DNSSEC OK) bit set present at the selected time range.", + "fieldConfig": { + "defaults": { + "color": { + "fixedColor": "rgb(31, 120, 193)", + "mode": "fixed" + }, + "mappings": [ + { + "options": { + "match": "null", + "result": { + "text": "N/A" + } + }, + "type": "special" + } + ], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "none" + }, + "overrides": [] + }, + "gridPos": { + "h": 3, + "w": 5, + "x": 19, + "y": 14 + }, + "id": 21, + "links": [], + "maxDataPoints": 100, + "options": { + "colorMode": "none", + "graphMode": "area", + "justifyMode": "auto", + "orientation": "horizontal", + "reduceOptions": { + "calcs": ["sum"], + "fields": "", + "values": false + }, + "textMode": "auto" + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "increase(unbound_query_edns_DO_total{instance=\"$instance\"}[$__range])", + "refId": "A" + } + ], + "title": "EDNS OPT + DNSSEC OK queries", + "type": "stat" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total number of queries with a given query type", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 17 + }, + "id": 35, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "rate(unbound_query_types_total{instance=\"$instance\"}[$__range])", + "legendFormat": "{{type}}", + "refId": "A" + } + ], + "title": "Total queries by type", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total number of answers by rcode", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "NXDOMAIN" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-orange", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "SERVFAIL" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "dark-red", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 17 + }, + "id": 40, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "rate(unbound_answer_rcodes_total{instance=\"$instance\"}[$__range])", + "legendFormat": "{{rcode}}", + "refId": "A" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "rate(unbound_answers_secure_total{instance=\"$instance\"}[$__range])", + "legendFormat": "Secure (AD)", + "refId": "B" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "rate(unbound_answers_bogus_total{instance=\"$instance\"}[$__range])", + "legendFormat": "Bogus (SERVFAIL)", + "refId": "C" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "rate(unbound_rrset_bogus_total{instance=\"$instance\"}[$__range])", + "legendFormat": "RRset bogus", + "refId": "D" + } + ], + "title": "Total answers by rcode", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total number of queries with a given query class", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 25 + }, + "id": 38, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "rate(unbound_query_classes_total{instance=\"$instance\"}[$__range])", + "legendFormat": "{{class}}", + "refId": "A" + } + ], + "title": "Total queries by class", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total number of queries with a given query opcode", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 25 + }, + "id": 39, + "options": { + "legend": { + "calcs": [], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "rate(unbound_query_opcodes_total{instance=\"$instance\"}[$__range])", + "legendFormat": "{{opcode}}", + "refId": "A" + } + ], + "title": "Total queries by opcode", + "type": "timeseries" + }, + { + "collapsed": false, + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 33 + }, + "id": 54, + "panels": [], + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "refId": "A" + } + ], + "title": "Request list", + "type": "row" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Current size of the request list, including internally generated queries", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 24, + "x": 0, + "y": 34 + }, + "id": 55, + "options": { + "legend": { + "calcs": ["lastNotNull"], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "sum(rate(unbound_request_list_current_all{instance=\"$instance\"}[$__range]))", + "legendFormat": "all", + "refId": "A" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "sum(rate(unbound_request_list_current_user{instance=\"$instance\"}[$__range]))", + "legendFormat": "user", + "refId": "B" + } + ], + "title": "Request list size", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Number of queries that were dropped because the request list was full", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 42 + }, + "id": 56, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(rate(unbound_request_list_exceeded_total{instance=\"$instance\"}[$__range]))", + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Total exceeded queries", + "type": "timeseries" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total number of requests in the request list that were overwritten by newer entries", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 42 + }, + "id": 57, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(rate(unbound_request_list_overwritten_total{instance=\"$instance\"}[$__range]))", + "legendFormat": "", + "range": true, + "refId": "A" + } + ], + "title": "Total overwritten queries", + "type": "timeseries" + }, + { + "collapsed": false, + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 50 + }, + "id": 30, + "panels": [], + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "refId": "A" + } + ], + "title": "DNSCrypt", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total number of queries that were encrypted and successfully decapsulated by dnscrypt", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 51 + }, + "id": 28, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(rate(unbound_dnscrypt_valid_queries_total{instance=\"$instance\"}[$__range]))", + "range": true, + "refId": "A" + } + ], + "title": "Total successful queries", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total number of queries that were requesting dnscrypt certificates", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 51 + }, + "id": 31, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "sum(irate(unbound_dnscrypt_cert_queries_total{instance=\"$instance\"}[$__range]))", + "refId": "A" + } + ], + "title": "Total certificate requesting queries", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total number of queries received on dnscrypt port that were cleartext and not a request for certificates", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 59 + }, + "id": 32, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "sum(irate(unbound_dnscrypt_cleartext_queries_total{instance=\"$instance\"}[$__range]))", + "refId": "A" + } + ], + "title": "Total received cleartext queries", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Total number of requests that were neither cleartext, not valid dnscrypt messages", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "reqps" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 59 + }, + "id": 33, + "options": { + "legend": { + "calcs": [], + "displayMode": "list", + "placement": "bottom", + "showLegend": false + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "sum(irate(unbound_dnscrypt_malformed_queries_total{instance=\"$instance\"}[$__range]))", + "refId": "A" + } + ], + "title": "Total malformed queries", + "type": "timeseries" + }, + { + "collapsed": false, + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "gridPos": { + "h": 1, + "w": 24, + "x": 0, + "y": 67 + }, + "id": 43, + "panels": [], + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "refId": "A" + } + ], + "title": "Cache", + "type": "row" + }, + { + "datasource": { + "type": "prometheus", + "uid": "${DS_PROMETHEUS}" + }, + "description": "Hits: total number of queries that were successfully answered using a cache lookup.\n\nMisses: total number of cache queries that needed recursive processing", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "min": 0, + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "ops" + }, + "overrides": [ + { + "matcher": { + "id": "byName", + "options": "hits" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#73BF69", + "mode": "fixed" + } + } + ] + }, + { + "matcher": { + "id": "byName", + "options": "misses" + }, + "properties": [ + { + "id": "color", + "value": { + "fixedColor": "#F2495C", + "mode": "fixed" + } + } + ] + } + ] + }, + "gridPos": { + "h": 7, + "w": 24, + "x": 0, + "y": 68 + }, + "id": 60, + "options": { + "legend": { + "calcs": ["mean", "lastNotNull"], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "editorMode": "code", + "expr": "sum(irate(unbound_cache_hits_total{instance=\"$instance\"}[$__range]))", + "legendFormat": "hits", + "range": true, + "refId": "A" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "sum(irate(unbound_cache_misses_total{instance=\"$instance\"}[$__range]))", + "legendFormat": "misses", + "refId": "B" + } + ], + "title": "Cache hits / misses", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "Memory in bytes by caches", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "bytes" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 0, + "y": 75 + }, + "id": 6, + "options": { + "legend": { + "calcs": ["lastNotNull"], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "rate(unbound_memory_caches_bytes{instance=\"$instance\"}[$__range])", + "legendFormat": "{{cache}}", + "refId": "A" + } + ], + "title": "Cache size", + "type": "timeseries" + }, + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "description": "The number of cached entries", + "fieldConfig": { + "defaults": { + "color": { + "mode": "palette-classic" + }, + "custom": { + "axisCenteredZero": false, + "axisColorMode": "text", + "axisLabel": "", + "axisPlacement": "auto", + "barAlignment": 0, + "drawStyle": "line", + "fillOpacity": 10, + "gradientMode": "none", + "hideFrom": { + "legend": false, + "tooltip": false, + "viz": false + }, + "lineInterpolation": "linear", + "lineWidth": 1, + "pointSize": 5, + "scaleDistribution": { + "type": "linear" + }, + "showPoints": "never", + "spanNulls": false, + "stacking": { + "group": "A", + "mode": "none" + }, + "thresholdsStyle": { + "mode": "off" + } + }, + "links": [], + "mappings": [], + "thresholds": { + "mode": "absolute", + "steps": [ + { + "color": "green", + "value": null + }, + { + "color": "red", + "value": 80 + } + ] + }, + "unit": "short" + }, + "overrides": [] + }, + "gridPos": { + "h": 8, + "w": 12, + "x": 12, + "y": 75 + }, + "id": 41, + "options": { + "legend": { + "calcs": ["lastNotNull"], + "displayMode": "table", + "placement": "right", + "showLegend": true + }, + "tooltip": { + "mode": "multi", + "sort": "none" + } + }, + "pluginVersion": "9.1.0", + "targets": [ + { + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "expr": "unbound_cache_count_total{instance=\"$instance\"}", + "legendFormat": "{{type}}", + "refId": "A" + } + ], + "title": "Cached entries", + "type": "timeseries" + } + ], + "refresh": "5s", + "schemaVersion": 37, + "style": "dark", + "tags": [], + "templating": { + "list": [ + { + "current": { + "selected": false, + "text": "manwe:9167", + "value": "manwe:9167" + }, + "datasource": { + "uid": "${DS_PROMETHEUS}" + }, + "definition": "label_values(unbound_up, instance)", + "hide": 0, + "includeAll": false, + "multi": false, + "name": "instance", + "options": [], + "query": { + "query": "label_values(unbound_up, instance)", + "refId": "Prometheus-instance-Variable-Query" + }, + "refresh": 2, + "regex": "", + "skipUrlSync": false, + "sort": 0, + "tagValuesQuery": "", + "tagsQuery": "", + "type": "query", + "useTags": false + }, + { + "current": { + "selected": false, + "text": "Prometheus", + "value": "Prometheus" + }, + "hide": 0, + "includeAll": false, + "label": "datasource", + "multi": false, + "name": "DS_PROMETHEUS", + "options": [], + "query": "prometheus", + "refresh": 1, + "regex": "", + "skipUrlSync": false, + "type": "datasource" + } + ] + }, + "time": { + "from": "now-1h", + "to": "now" + }, + "timepicker": { + "refresh_intervals": [ + "5s", + "10s", + "30s", + "1m", + "5m", + "15m", + "30m", + "1h", + "2h", + "1d" + ], + "time_options": ["5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d"] + }, + "timezone": "", + "title": "Unbound", + "uid": "Eighooghi", + "version": 1, + "weekStart": "" +} diff --git a/modules/nixos/monitoring/default.nix b/modules/nixos/monitoring/default.nix new file mode 100644 index 0000000..4ff4c50 --- /dev/null +++ b/modules/nixos/monitoring/default.nix @@ -0,0 +1,176 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.monitoring; +in { + options.nixfiles.modules.monitoring.enable = mkEnableOption '' + a custom monitoring stack bas on the Grafana Labs toolkit + ''; + + config = mkIf cfg.enable { + nixfiles.modules = { + grafana.enable = true; + loki.enable = true; + prometheus.enable = true; + alertmanager.enable = true; + }; + + services = { + grafana.provision = { + enable = true; + + # https://grafana.com/docs/grafana/latest/administration/provisioning/#data-sources + datasources.settings.datasources = with config.nixfiles.modules; [ + { + name = "Prometheus"; + type = "prometheus"; + access = "proxy"; + url = "https://${prometheus.domain}"; + isDefault = true; + } + { + name = "Loki"; + type = "loki"; + access = "proxy"; + url = "https://${loki.domain}"; + } + ]; + + # https://grafana.com/docs/grafana/latest/administration/provisioning/#dashboards + dashboards.settings.providers = [ + # System dashboard is imported manually from here[1]. Too bad + # provisioned dashboards cannot properly integrate dynamic datasources + # yet. + # + # [1]: https://grafana.com/grafana/dashboards/1860-node-exporter-full + { + name = "endlessh"; + options.path = ./dashboards/endlessh.json; + } + { + name = "unbound"; + options.path = ./dashboards/unbound.json; + } + { + name = "nginx"; + options.path = ./dashboards/nginx.json; + } + { + name = "postgersql"; + options.path = ./dashboards/postgresql.json; + } + ]; + }; + + loki.configuration.ruler.alertmanager_url = "https://${config.nixfiles.modules.alertmanager.domain}"; + + prometheus = { + # It would be nice if these could be generated dynamically. That would + # require a complete rework of how configurations are defined, though. + scrapeConfigs = let + mkTargets = hosts: port: map (host: "${host.hostname}:${toString port}") hosts; + in + with my.configurations; + with config.services.prometheus.exporters; [ + { + job_name = "endlessh-go"; + static_configs = [ + { + targets = + mkTargets + [ + manwe + varda + yavanna + ] + config.services.endlessh-go.prometheus.port; + } + ]; + } + { + job_name = "nginx"; + static_configs = [ + { + targets = + mkTargets + [ + manwe + varda + yavanna + ] + nginx.port; + } + ]; + } + { + job_name = "node"; + static_configs = [ + { + targets = + mkTargets + [ + manwe + varda + yavanna + ] + node.port; + } + ]; + } + { + job_name = "postgres"; + static_configs = [ + { + targets = + mkTargets + [ + manwe + ] + postgres.port; + } + ]; + } + { + job_name = "unbound"; + static_configs = [ + { + targets = + mkTargets + [ + manwe + ] + unbound.port; + } + ]; + } + { + job_name = "wireguard"; + static_configs = [ + { + targets = + mkTargets + [ + manwe + ] + wireguard.port; + } + ]; + } + ]; + + alertmanagers = [ + { + scheme = "https"; + static_configs = [ + {targets = [config.nixfiles.modules.alertmanager.domain];} + ]; + } + ]; + }; + }; + }; +} diff --git a/modules/nixos/nextcloud.nix b/modules/nixos/nextcloud.nix new file mode 100644 index 0000000..69bea8a --- /dev/null +++ b/modules/nixos/nextcloud.nix @@ -0,0 +1,133 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.nextcloud; +in { + options.nixfiles.modules.nextcloud = { + enable = mkEnableOption "Nextcloud"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; str; + default = "nextcloud.${config.networking.domain}"; + }; + }; + + config = mkIf cfg.enable { + nixfiles.modules = { + nginx = { + enable = true; + virtualHosts.${cfg.domain} = {}; + }; + postgresql.enable = true; + }; + + services = let + db = "nextcloud"; + in { + nextcloud = mkMerge [ + { + enable = true; + package = pkgs.nextcloud23; + + hostName = cfg.domain; + + appstoreEnable = false; + + config = { + adminpassFile = null; # This needs to be set as secret. + + dbtype = "pgsql"; + dbhost = "/run/postgresql"; + dbuser = db; + dbname = db; + + defaultPhoneRegion = "RU"; + }; + + extraApps = let + mkNextcloudApp = { + name, + version, + hash, + }: + pkgs.fetchNextcloudApp { + inherit name version hash; + url = "https://github.com/nextcloud/${name}/archive/refs/tags/v${version}.tar.gz"; + }; + in { + contacts = mkNextcloudApp { + name = "contacts"; + version = "4.0.1"; + sha256 = "sha256-dXKsG8KmlUojeY5dUn/XsMD3KaSh4QcZFOGDdcqlSvE="; + }; + calendar = mkNextcloudApp { + name = "calendar"; + version = "3.0.5"; + sha256 = "sha256-aKUKm7fWJQxOWwma56Tv+GGIo+p0n30Nhoyt4XoxsjI="; + }; + files_rightclick = mkNextcloudApp { + name = "files_rightclick"; + version = "23.0.1"; + sha256 = "sha256-VYODzkvvGrtpyRoug/8UPKhAgfCx1ltP1JdGPiB/lts="; + }; + unsplash = mkNextcloudApp { + name = "unsplash"; + version = "1.2.4"; + sha256 = "sha256-KGSkBOrNu0nK0YvAPYaxEL/kZNoJQD1oBV2aUBxh6cI="; + }; + previewgenerator = mkNextcloudApp { + name = "previewgenerator"; + version = "3.4.1"; + sha256 = "sha256-IUdj0xWt5zHxQoiMv1bYyYTzekuOFrsRIe530QOwC/w="; + }; + bruteforcesettings = mkNextcloudApp { + name = "bruteforcesettings"; + version = "2.3.0"; + sha256 = "sha256-J7ujmiPaw8GI7vDfVPXEum2XAMWvahciP8C6iXgckdE="; + }; + }; + } + (mkIf config.nixfiles.modules.acme.enable { + https = true; + config.overwriteProtocol = "https"; + }) + ]; + + postgresql = { + ensureDatabases = [db]; + ensureUsers = [ + { + name = db; + ensurePermissions."DATABASE \"${db}\"" = "ALL"; + } + ]; + }; + }; + + systemd = { + services = { + nextcloud-setup.after = ["network-online.target" "postgresql.service"]; + + nextcloud-preview-generate-cron.serviceConfig = { + Type = "oneshot"; + User = "nextcloud"; + ExecStart = "${config.services.nextcloud.occ}/bin/nextcloud-occ preview:pre-generate"; + }; + }; + + timers.nextcloud-preview-generate = { + wantedBy = ["timers.target"]; + timerConfig = { + OnBootSec = "15m"; + OnUnitActiveSec = "15m"; + Unit = "nextcloud-preview-generate-cron.service"; + }; + }; + }; + }; +} diff --git a/modules/nixos/nginx.nix b/modules/nixos/nginx.nix new file mode 100644 index 0000000..b8ab24d --- /dev/null +++ b/modules/nixos/nginx.nix @@ -0,0 +1,99 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.nginx; +in { + options.nixfiles.modules.nginx = { + enable = mkEnableOption "Nginx"; + + upstreams = mkOption { + description = "Defines a group of servers to use as proxy target."; + type = with types; anything; + default = null; + }; + + virtualHosts = mkOption { + description = "Attrset of virtual hosts."; + type = with types; anything; + default = null; + }; + }; + + config = mkIf cfg.enable { + services = { + nginx = { + enable = true; + enableReload = true; + + package = pkgs.nginxMainline; + + statusPage = true; + + serverTokens = false; + + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + commonHttpConfig = concatStrings [ + '' + add_header X-Robots-Tag "noindex, nofollow, noarchive, nosnippet"; + '' + (optionalString (hasAttr "wireguard" this) + (with config.nixfiles.modules.wireguard; '' + geo $internal { + default 0; + 127.0.0.1/32 1; + ::1/128 1; + ${ipv4.subnet} 1; + ${ipv6.subnet} 1; + } + '')) + ]; + + inherit (cfg) upstreams; + + virtualHosts = + { + default = { + default = true; + rejectSSL = true; + locations."/".return = "444"; + }; + } + // (mkIf (cfg.virtualHosts != null) (mapAttrs (_: attr: + mkMerge [ + attr + (mkIf config.nixfiles.modules.acme.enable { + enableACME = true; + forceSSL = true; + }) + ]) + cfg.virtualHosts)); + }; + + fail2ban.jails = { + nginx-http-auth = '' + enabled = true + ''; + nginx-botsearch = '' + enabled = true + ''; + }; + + prometheus.exporters.nginx = { + enable = true; + listenAddress = mkDefault this.wireguard.ipv4.address; + port = mkDefault 9113; + }; + }; + + networking.firewall.allowedTCPPorts = [80 443]; + }; +} diff --git a/modules/nixos/node-exporter.nix b/modules/nixos/node-exporter.nix new file mode 100644 index 0000000..43f48f6 --- /dev/null +++ b/modules/nixos/node-exporter.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.node-exporter; +in { + options.nixfiles.modules.node-exporter.enable = mkEnableOption "Prometheus Node Exporter"; + + config = mkIf cfg.enable { + services.prometheus.exporters.node = { + enable = true; + listenAddress = mkDefault this.wireguard.ipv4.address; + port = 9100; + enabledCollectors = [ + "buddyinfo" + "cgroups" + "ethtool" + "interrupts" + "ksmd" + "lnstat" + "logind" + "mountstats" + "network_route" + "processes" + "qdisc" + "systemd" + "zoneinfo" + ]; + }; + }; +} diff --git a/modules/nixos/nsd.nix b/modules/nixos/nsd.nix new file mode 100644 index 0000000..0dade8f --- /dev/null +++ b/modules/nixos/nsd.nix @@ -0,0 +1,174 @@ +{ + config, + inputs, + lib, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.nsd; +in { + options.nixfiles.modules.nsd = { + enable = mkEnableOption "NSD"; + + fqdn = mkOption { + description = "FQDN of this nameserver."; + type = with types; str; + default = "ns.${config.networking.domain}"; + }; + }; + + config = mkIf cfg.enable { + services = { + nsd = { + enable = true; + interfaces = with this; [ipv4.address ipv6.address]; + ipTransparent = true; + ratelimit.enable = true; + + zones = let + dns = inputs.dns-nix.lib; + in + with dns.combinators; let + ips = hostname: + with my.configurations.${hostname}; { + A = [(a ipv4.address)]; + AAAA = [(aaaa ipv6.address)]; + }; + + mkEmailEntries = { + domain ? my.domain.shire, + dkimKey ? null, + }: { + MX = [(mx.mx 10 "${domain}.")]; + TXT = [(spf.strict ["a" "mx"])]; + DMARC = [ + { + p = "quarantine"; + sp = "quarantine"; + rua = ["mailto:admin+rua@${domain}"]; + ruf = ["mailto:admin+ruf@${domain}"]; + } + ]; + DKIM = optional (dkimKey != null) { + selector = "mail"; + p = dkimKey; + }; + }; + + mkZone = { + domain, + sldIps ? (ips "manwe"), + extra ? {}, + }: { + ${domain}.data = dns.toString domain (mkMerge [ + { + TTL = 60 * 60; + + SOA = { + nameServer = "${cfg.fqdn}."; + adminEmail = "admin+dns@${my.domain.shire}"; + serial = 2022091601; # Don't forget to bump the revision! + }; + + NS = with my.domain; [ + "ns1.${shire}" + # "ns2.${shire}" + ]; + + CAA = letsEncrypt "admin+caa@${my.domain.shire}"; + } + sldIps + extra + ]); + }; + + # https://ariadne.id/ + # https://docs.keyoxide.org/service-providers/dns/ + ariadneIdProof.TXT = ["openpgp4fpr:${my.pgp.fingerprint}"]; + in + mkMerge [ + (mkZone { + domain = my.domain.shire; + extra = mkMerge [ + (mkEmailEntries { + dkimKey = "@DKIM_KEY@"; + }) + { + subdomains = rec { + manwe = ips "manwe"; + "*.manwe" = manwe; + varda = ips "varda"; + "*.varda" = varda; + yavanna = ips "yavanna"; + "*.yavanna" = yavanna; + + ns1 = manwe; + # ns2 = varda; + + alertmanager = manwe; + bitwarden = manwe; + git = manwe; + gotify = manwe; + grafana = manwe; + loki = manwe; + prometheus = manwe; + radicale = manwe; + rss-bridge = manwe; + vaultwarden = manwe; + + minecraft = varda; + + flood = yavanna; + }; + } + ]; + }) + (mkZone { + domain = my.domain.azahi; + extra = mkMerge [ + (mkEmailEntries { + dkimKey = "@DKIM_KEY@"; + }) + ariadneIdProof + { + subdomains.git = ips "manwe"; + } + ]; + }) + (mkZone { + domain = my.domain.gondor; + extra = mkMerge [ + (mkEmailEntries { + dkimKey = "@DKIM_KEY@"; + }) + { + subdomains.frodo = ips "manwe" // ariadneIdProof; + } + ]; + }) + (mkZone { + domain = my.domain.rohan; + extra = mkMerge [ + (mkEmailEntries { + dkimKey = "@DKIM_KEY@"; + }) + { + subdomains.frodo = ips "manwe" // ariadneIdProof; + } + ]; + }) + ]; + }; + + fail2ban.jails.nsd = '' + enabled = true + ''; + }; + + networking.firewall = rec { + allowedTCPPorts = [53]; + allowedUDPPorts = allowedTCPPorts; + }; + }; +} diff --git a/modules/nixos/openssh.nix b/modules/nixos/openssh.nix new file mode 100644 index 0000000..00d2852 --- /dev/null +++ b/modules/nixos/openssh.nix @@ -0,0 +1,34 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.openssh; +in { + options.nixfiles.modules.openssh.server.enable = + mkEnableOption "OpenSSH server"; + + config = mkIf cfg.server.enable { + programs.mosh.enable = true; + + services = let + port = 22022; # Port 22 should be occupied by a tarpit. + in { + openssh = { + enable = true; + ports = [port]; + logLevel = "VERBOSE"; # Required by fail2ban. + permitRootLogin = "no"; + passwordAuthentication = false; + }; + + fail2ban.jails.sshd = '' + enabled = true + mode = aggressive + port = ${toString port} + ''; + }; + }; +} diff --git a/modules/nixos/podman.nix b/modules/nixos/podman.nix new file mode 100644 index 0000000..1c5378b --- /dev/null +++ b/modules/nixos/podman.nix @@ -0,0 +1,41 @@ +{ + config, + lib, + inputs, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.podman; +in { + options.nixfiles.modules.podman.enable = mkEnableOption "Podman"; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = !config.nixfiles.modules.docker.enable; + message = "Pick only one!"; + } + ]; + + secrets.containers-auth = { + file = "${inputs.self}/secrets/containers-auth"; + path = "${config.dirs.config}/containers/auth.json"; + owner = my.username; + inherit (config.my) group; + }; + + virtualisation.podman.enable = true; + + environment.systemPackages = with pkgs; [podman-compose]; + + my.extraGroups = ["podman"]; + + hm.programs.bash = { + shellAliases.p = "${pkgs.podman}/bin/podman"; + initExtra = mkAfter '' + _complete_alias p __start_podman podman + ''; + }; + }; +} diff --git a/modules/nixos/postgresql.nix b/modules/nixos/postgresql.nix new file mode 100644 index 0000000..df05e7e --- /dev/null +++ b/modules/nixos/postgresql.nix @@ -0,0 +1,87 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.postgresql; +in { + options.nixfiles.modules.postgresql = { + enable = mkEnableOption "PostgreSQL"; + + package = mkOption { + type = types.package; + default = pkgs.postgresql_15; + description = "PostgreSQL package to use."; + }; + + extraPostStart = mkOption { + type = with types; listOf str; + default = []; + description = '' + Additional post-startup commands. + + This could be used to provide a crude interface to grant permissions and + such. + ''; + }; + }; + + config = mkIf cfg.enable { + assertions = [ + { + assertion = any (x: x == "en_GB.UTF-8/UTF-8") config.i18n.supportedLocales; + message = "The locale must be available"; + } + ]; + + services = { + postgresql = { + enable = true; + + inherit (cfg) package; + + initdbArgs = [ + "--encoding=UTF8" + "--locale-provider=icu" + "--icu-locale=en_GB@collation=posix" + "--locale=en_GB.UTF-8" + "--lc-collate=C" + "--lc-ctype=C" + ]; + + authentication = '' + local all all trust + ''; + }; + + prometheus.exporters.postgres = { + enable = true; + listenAddress = mkDefault this.wireguard.ipv4.address; + port = mkDefault 9187; + }; + }; + + systemd.services.postgresql.postStart = + optionalString (cfg.extraPostStart != []) + concatStringsSep "\n" + cfg.extraPostStart; + + environment.sessionVariables.PSQLRC = toString (pkgs.writeText "psqlrc" '' + \set QUIET 1 + + \timing + \x auto + \pset null '[NULL]' + \set PROMPT1 '%[%033[1m%]%M %n@%/%R%[%033[0m%]% λ ' + \set PROMPT2 ' … > ' + \set VERBOSITY verbose + \set HISTCONTROL ignoredups + \set HISTFILE /dev/null + + \unset QUIET + ''); + }; +} diff --git a/modules/nixos/profiles/default.nix b/modules/nixos/profiles/default.nix new file mode 100644 index 0000000..d5ab838 --- /dev/null +++ b/modules/nixos/profiles/default.nix @@ -0,0 +1,33 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.profiles.default; +in { + imports = [ + ./dev + ./headful.nix + ./headless.nix + ]; + + config = mkIf cfg.enable { + programs.less = { + enable = true; + envVariables.LESSHISTFILE = "-"; + }; + + environment.systemPackages = with pkgs; [ + cryptsetup + lshw + lsof + pciutils + psmisc + usbutils + util-linux + ]; + }; +} diff --git a/modules/nixos/profiles/dev/containers.nix b/modules/nixos/profiles/dev/containers.nix new file mode 100644 index 0000000..195b892 --- /dev/null +++ b/modules/nixos/profiles/dev/containers.nix @@ -0,0 +1,27 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.profiles.dev.containers; +in { + config = mkIf cfg.enable { + nixfiles.modules.podman.enable = true; + + hm = { + home = { + sessionVariables.MINIKUBE_HOME = "${config.dirs.config}/minikube"; + + packages = with pkgs; [buildah]; + }; + + xdg.dataFile."minikube/config/config.json".text = generators.toJSON {} { + config.Rootless = true; + driver = "podman"; + container-runtime = "cri-o"; + }; + }; + }; +} diff --git a/modules/nixos/profiles/dev/default.nix b/modules/nixos/profiles/dev/default.nix new file mode 100644 index 0000000..83d41c0 --- /dev/null +++ b/modules/nixos/profiles/dev/default.nix @@ -0,0 +1,19 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.profiles.dev.default; +in { + config = mkIf cfg.enable { + hm.home.language = { + collate = "C"; + messages = "C"; + }; + + my.extraGroups = ["kvm"]; + }; +} diff --git a/modules/nixos/profiles/headful.nix b/modules/nixos/profiles/headful.nix new file mode 100644 index 0000000..01c442e --- /dev/null +++ b/modules/nixos/profiles/headful.nix @@ -0,0 +1,88 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.profiles.headful; +in { + config = mkIf cfg.enable { + nixfiles.modules = { + chromium.enable = true; + firefox.enable = true; + sound.enable = true; + x11.enable = true; + + dwm.enable = mkDefault false; + kde.enable = mkDefault true; + xmonad.enable = mkDefault false; + }; + + hm = { + home.packages = with pkgs; [ + calibre + imv + neochat + tdesktop + tor-browser + ]; + + programs.bash.shellAliases.open = "${pkgs.xdg-utils}/bin/xdg-open"; + }; + + boot = { + # Pretty much placebo but has some nice patches for `-march=native` + # optimisations, P-State Zen4 support and Fsync for Wine. + kernelPackages = mkDefault pkgs.linuxPackages_xanmod_latest; + + # There are (arguably) not a lot of reasons to keep mitigations enabled + # for on machine that is not web-facing. First of all, to completely + # mitigate any possible Spectre holes one would need to disable + # Hyperthreading altogether which will essentially put one's computer into + # the stone age by not being able to to effectively utilise multi-core its + # multicore capabilities. Secondly, by enabling mitigations, we introduce + # a plethora of performace overheads[1], which, albeit small, but still + # contribute to the overall speed of things. This is however still poses a + # security risk, which I am willing to take. + # + # [1]: https://www.phoronix.com/scan.php?page=article&item=spectre-meltdown-2&num=11 + kernelParams = ["mitigations=off"]; + + loader = { + efi.canTouchEfiVariables = true; + + systemd-boot = { + enable = true; + configurationLimit = 10; + }; + }; + }; + + hardware.opengl = { + enable = true; + driSupport = true; + }; + + programs = { + iftop.enable = true; + mtr.enable = true; + traceroute.enable = true; + }; + + services = { + # https://github.com/NixOS/nixpkgs/issues/135888 + upower.enable = true; + + psd.enable = true; + }; + + environment.systemPackages = with pkgs; [ + ethtool + nethogs + ]; + + my.extraGroups = ["audio" "video" "input"]; + }; +} diff --git a/modules/nixos/profiles/headless.nix b/modules/nixos/profiles/headless.nix new file mode 100644 index 0000000..9faf531 --- /dev/null +++ b/modules/nixos/profiles/headless.nix @@ -0,0 +1,42 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.profiles.headless; +in { + config = mkIf cfg.enable { + nixfiles.modules = { + openssh.server.enable = true; + endlessh-go.enable = true; + + fail2ban.enable = true; + + node-exporter.enable = true; + promtail.enable = true; + }; + + # Pin version to prevent any surprises. + boot.kernelPackages = pkgs.linuxPackages_5_15_hardened; + + nix = { + gc = { + automatic = true; + dates = "weekly"; + options = "--delete-older-than 30d"; + }; + + optimise = { + automatic = true; + dates = ["daily"]; + }; + }; + + services.udisks2.enable = false; + + xdg.sounds.enable = false; + }; +} diff --git a/modules/nixos/prometheus.nix b/modules/nixos/prometheus.nix new file mode 100644 index 0000000..a75c151 --- /dev/null +++ b/modules/nixos/prometheus.nix @@ -0,0 +1,49 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.prometheus; +in { + options.nixfiles.modules.prometheus = { + enable = mkEnableOption "Prometheus"; + + port = mkOption { + description = "Port."; + type = with types; port; + default = 30111; + }; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; str; + default = "prometheus.${config.networking.domain}"; + }; + }; + + config = mkIf cfg.enable { + nixfiles.modules.nginx = with cfg; { + enable = true; + upstreams.prometheus.servers."127.0.0.1:${toString cfg.port}" = {}; + virtualHosts.${domain} = { + locations."/".proxyPass = "http://prometheus"; + extraConfig = nginxInternalOnly; + }; + }; + + services.prometheus = with cfg; { + enable = true; + + listenAddress = "127.0.0.1"; + inherit port; + + extraFlags = [ + "--web.external-url=https://${domain}" + "--storage.tsdb.retention.size=50GB" + "--storage.tsdb.retention.time=1y" + "--storage.tsdb.wal-compression" + ]; + }; + }; +} diff --git a/modules/nixos/promtail.nix b/modules/nixos/promtail.nix new file mode 100644 index 0000000..552df82 --- /dev/null +++ b/modules/nixos/promtail.nix @@ -0,0 +1,53 @@ +{ + config, + lib, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.promtail; +in { + options.nixfiles.modules.promtail = { + enable = mkEnableOption "Promtail"; + + loki = { + url = mkOption { + description = "Address of a listening Loki service."; + type = with types; str; + default = "https://${config.nixfiles.modules.loki.domain}"; + }; + }; + }; + + config = mkIf cfg.enable { + services.promtail = { + enable = true; + + configuration = { + server = rec { + http_listen_address = this.wireguard.ipv4.address; + http_listen_port = 30181; + + grpc_listen_address = this.wireguard.ipv4.address; + grpc_listen_port = http_listen_port + 1; + + log_level = "warn"; + }; + + clients = [{url = "${cfg.loki.url}/loki/api/v1/push";}]; + + positions.filename = "/tmp/positions.yaml"; + + scrape_configs = [ + { + job_name = "journal"; + journal = { + max_age = "24h"; + labels.job = "systemd-journal"; + }; + } + ]; + }; + }; + }; +} diff --git a/modules/nixos/psd.nix b/modules/nixos/psd.nix new file mode 100644 index 0000000..77d3c66 --- /dev/null +++ b/modules/nixos/psd.nix @@ -0,0 +1,60 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.psd; +in { + options.nixfiles.modules.psd.enable = + mkEnableOption "Profile Sync Daemon"; + + config = mkIf cfg.enable { + hm = { + home.packages = with pkgs; [profile-sync-daemon]; + + xdg.configFile."psd/psd.conf".text = '' + USE_OVERLAYFS="yes" + ''; + }; + + systemd.user = { + services = { + psd = { + unitConfig = { + Description = "Profile-sync-daemon"; + Wants = ["psd-resync.service"]; + RequiresMountsFor = "/home/"; + After = ["local-fs.target"]; + }; + serviceConfig = { + RemainAfterExit = true; + ExecStart = "${pkgs.profile-sync-daemon}/bin/profile-sync-daemon startup"; + ExecStop = "${pkgs.profile-sync-daemon}/bin/profile-sync-daemon unsync"; + }; + wantedBy = ["graphical.target"]; + }; + + psd-resync = { + unitConfig = { + Description = "Profile-sync-daemon resync"; + After = ["psd.service"]; + Wants = ["psd-resync.timer"]; + BindsTo = ["psd.service"]; + }; + serviceConfig.ExecStart = "${pkgs.profile-sync-daemon}/bin/profile-sync-daemon resync"; + wantedBy = ["graphical.target"]; + }; + }; + + timers.psd-resync = { + unitConfig = { + Description = "Profile-sync-daemon resync timer"; + BindsTo = ["psd.service"]; + }; + timerConfig.OnUnitActiveSec = "1h"; + }; + }; + }; +} diff --git a/modules/nixos/radarr.nix b/modules/nixos/radarr.nix new file mode 100644 index 0000000..0abfdf2 --- /dev/null +++ b/modules/nixos/radarr.nix @@ -0,0 +1,28 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.radarr; +in { + options.nixfiles.modules.radarr = { + enable = mkEnableOption "Radarr"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; str; + default = "radarr.${config.networking.fqdn}"; + }; + }; + + config = mkIf cfg.enable { + nixfiles.modules.nginx = { + enable = true; + upstreams.radarr.servers."127.0.0.1:7878" = {}; + virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://radarr"; + }; + + services.radarr.enable = true; + }; +} diff --git a/modules/nixos/radicale.nix b/modules/nixos/radicale.nix new file mode 100644 index 0000000..c903d39 --- /dev/null +++ b/modules/nixos/radicale.nix @@ -0,0 +1,52 @@ +{ + config, + inputs, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.radicale; +in { + options.nixfiles.modules.radicale = { + enable = mkEnableOption "Radicale"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; str; + default = "radicale.${config.networking.domain}"; + }; + }; + + config = let + port = 5232; + in + mkIf cfg.enable { + secrets.radicale-htpasswd = { + file = "${inputs.self}/secrets/radicale-htpasswd"; + owner = "radicale"; + group = "radicale"; + }; + + nixfiles.modules.nginx = { + enable = true; + upstreams.radicale.servers."127.0.0.1:${toString port}" = {}; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://radicale"; + extraConfig = nginxInternalOnly; + }; + }; + + services.radicale = { + enable = true; + settings = { + server.hosts = ["127.0.0.1:${toString port}"]; + web.type = "none"; + auth = { + type = "htpasswd"; + htpasswd_filename = config.secrets.radicale-htpasswd.path; + htpasswd_encryption = "bcrypt"; + }; + }; + }; + }; +} diff --git a/modules/nixos/rss-bridge.nix b/modules/nixos/rss-bridge.nix new file mode 100644 index 0000000..fef1070 --- /dev/null +++ b/modules/nixos/rss-bridge.nix @@ -0,0 +1,31 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.rss-bridge; +in { + options.nixfiles.modules.rss-bridge = { + enable = mkEnableOption "RSS-Bridge"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; str; + default = "rss-bridge.${config.networking.domain}"; + }; + }; + + config = mkIf cfg.enable { + nixfiles.modules.nginx = { + enable = true; + virtualHosts.${cfg.domain}.extraConfig = nginxInternalOnly; + }; + + services.rss-bridge = { + enable = true; + virtualHost = cfg.domain; + whitelist = ["*"]; + }; + }; +} diff --git a/modules/nixos/rtorrent.nix b/modules/nixos/rtorrent.nix new file mode 100644 index 0000000..4014a3b --- /dev/null +++ b/modules/nixos/rtorrent.nix @@ -0,0 +1,297 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.rtorrent; +in { + options.nixfiles.modules.rtorrent = { + enable = mkEnableOption "rTorrent"; + + flood = { + enable = mkEnableOption "Flood" // {default = cfg.enable;}; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; str; + default = "flood.${config.networking.domain}"; + }; + }; + }; + + config = let + user = "rtorrent"; + group = "rtorrent"; + baseDir = "/var/lib/rtorrent"; + rpcSocket = "${baseDir}/rpc.socket"; + in + mkIf cfg.enable (mkMerge [ + (let + port = 50000; + in { + systemd = { + services.rtorrent = { + description = "rTorrent"; + after = ["network.target" "local-fs.target"]; + serviceConfig = let + leechDir = "${baseDir}/leech"; + seedDir = "${baseDir}/seed"; + sessionDir = "${baseDir}/session"; + logDir = "${baseDir}/log"; + configFile = let + moveCompleted = let + pkg = pkgs.writeShellApplication { + name = "move-completed"; + runtimeInputs = with pkgs; [ + coreutils-full + gnused + findutils + ]; + text = '' + set -x + + leech_path="$1" + seed_path="$2" + # seed_path="$(echo "$2" | sed 's@+@ @g;s@%@\\x@g' | xargs -0 printf '%b')" + + mkdir -pv "$seed_path" + mv -fv "$leech_path" "$seed_path" + ''; + }; + in "${pkg}/bin/move-completed"; + in + pkgs.writeText "rtorrent.rc" '' + method.insert = cfg.leech, private|const|string, (cat, "${leechDir}") + method.insert = cfg.seed, private|const|string, (cat, "${seedDir}") + method.insert = cfg.session, private|const|string, (cat, "${sessionDir}") + method.insert = cfg.log, private|const|string, (cat, "${logDir}") + method.insert = cfg.rpcsocket, private|const|string, (cat, "${rpcSocket}") + + directory.default.set = (cat, (cfg.leech)) + session.path.set = (cat, (cfg.session)) + + network.port_range.set = ${toString port}-${toString port} + network.port_random.set = no + + dht.mode.set = disable + protocol.pex.set = no + + trackers.use_udp.set = no + + protocol.encryption.set = allow_incoming,try_outgoing,enable_retry + + pieces.memory.max.set = ${toString (pow 2 11)}M + pieces.preload.type.set = 2 + + network.xmlrpc.size_limit.set = ${toString (pow 2 17)} + + network.max_open_files.set = ${toString (pow 2 10)} + network.max_open_sockets.set = ${toString (pow 2 10)} + + network.http.max_open.set = ${toString (pow 2 8)} + + throttle.global_down.max_rate.set_kb = 0 + throttle.global_up.max_rate.set_kb = 0 + + encoding.add = UTF-8 + system.umask.set = 0027 + system.cwd.set = (directory.default) + + network.scgi.open_local = (cat, (cfg.rpcsocket)) + + method.insert = d.move_completed, simple, "\ + d.directory.set=$argument.1=;\ + execute=${moveCompleted}, $argument.0=, $argument.1=;\ + d.save_full_session=\ + " + method.insert = d.leech_path, simple, "\ + if=(d.is_multi_file),\ + (cat, (d.directory), /),\ + (cat, (d.directory), /, (d.name))\ + " + method.insert = d.seed_path, simple, "\ + cat=$cfg.seed=, /, $d.custom1=\ + " + method.set_key = event.download.finished, move_complete, "\ + d.move_completed=$d.leech_path=, $d.seed_path=\ + " + + log.open_file = "log", (cat, (cfg.log), "/", "default.log") + log.add_output = "info", "log" + log.execute = (cat, (cfg.log), "/", "execute.log") + ''; + in { + Restart = "on-failure"; + RestartSec = 3; + + KillMode = "process"; + KillSignal = "SIGHUP"; + + User = user; + Group = group; + + ExecStartPre = concatStringsSep " " [ + "${pkgs.coreutils-full}/bin/mkdir -p" + leechDir + seedDir + sessionDir + logDir + ]; + ExecStart = concatStringsSep " " [ + "${pkgs.rtorrent}/bin/rtorrent" + "-n" + "-o system.daemon.set=true" + "-o network.bind_address.set=0.0.0.0" + "-o import=${configFile}" + ]; + ExecStop = concatStringsSep " " [ + "${pkgs.coreutils-full}/bin/rm -rf" + rpcSocket + ]; + + RuntimeDirectory = "rtorrent"; + RuntimeDirectoryMode = 0750; + UMask = 0027; + AmbientCapabilities = [""]; + CapabilityBoundingSet = [""]; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateTmp = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProcSubset = "pid"; + RemoveIPC = true; + RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallFilter = ["@system-service" "~@resources" "~@privileged"]; + }; + wantedBy = ["multi-user.target"]; + }; + + tmpfiles.rules = ["d '${baseDir}' 0750 ${user} ${group} -"]; + }; + + users = { + users.${user} = { + inherit group; + shell = pkgs.bashInteractive; + home = baseDir; + description = "rTorrent"; + isSystemUser = true; + }; + groups.${group} = {}; + }; + my.extraGroups = [group]; + + networking.firewall.allowedTCPPorts = [port]; + + boot.kernel.sysctl = { + "net.core.rmem_max" = mkOverride 500 (pow 2 24); + "net.core.wmem_max" = mkOverride 500 (pow 2 24); + "net.ipv4.tcp_fin_timeout" = mkOverride 500 30; + "net.ipv4.tcp_rmem" = mkOverride 500 (mkTcpMem 12 23 24); + "net.ipv4.tcp_slow_start_after_idle" = 0; + "net.ipv4.tcp_tw_recycle" = mkOverride 500 1; + "net.ipv4.tcp_tw_reuse" = mkOverride 500 1; + "net.ipv4.tcp_wmem" = mkOverride 500 (mkTcpMem 12 23 24); + }; + }) + (let + port = 50001; + pkg = pkgs.nodePackages.flood; + in + mkIf cfg.flood.enable { + nixfiles.modules.nginx = { + enable = true; + upstreams.flood.servers."127.0.0.1:${toString port}" = {}; + virtualHosts.${cfg.flood.domain} = { + root = "${pkg}/lib/node_modules/flood/dist/assets"; + locations = { + "/".tryFiles = "$uri /index.html"; + "/api" = { + proxyPass = "http://flood"; + extraConfig = '' + proxy_buffering off; + proxy_cache off; + ''; + }; + }; + extraConfig = nginxInternalOnly; + }; + }; + + systemd.services.flood = { + description = "Flood"; + after = ["network.target" "rtorrent.service"]; + path = with pkgs; [mediainfo]; + serviceConfig = { + Restart = "on-failure"; + RestartSec = 3; + + User = user; + Group = group; + + ExecStart = concatStringsSep " " [ + "${pkg}/bin/flood" + "--allowedpath=${baseDir}" + "--baseuri=/" + "--rundir=${baseDir}/flood" + "--host=127.0.0.1" + "--port=${toString port}" + "--rtsocket=${rpcSocket}" + "--ssl=false" + "--auth=none" + ]; + + RuntimeDirectory = "rtorrent"; + RuntimeDirectoryMode = 0750; + UMask = 0027; + AmbientCapabilities = [""]; + CapabilityBoundingSet = [""]; + LockPersonality = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateTmp = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProcSubset = "pid"; + ProtectProc = "invisible"; + RemoveIPC = true; + RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallFilter = [ + "~@cpu-emulation" + "~@debug" + "~@mount" + "~@obsolete" + "~@privileged" + "~@resources" + ]; + }; + wantedBy = ["multi-user.target"]; + }; + }) + ]); +} diff --git a/modules/nixos/searx.nix b/modules/nixos/searx.nix new file mode 100644 index 0000000..9462d5d --- /dev/null +++ b/modules/nixos/searx.nix @@ -0,0 +1,78 @@ +{ + config, + inputs, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.searx; +in { + options.nixfiles.modules.searx = { + enable = mkEnableOption "SearX"; + + port = mkOption { + description = "Port."; + type = with types; port; + default = 61001; + }; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; nullOr str; + default = "searx.${config.networking.domain}"; + }; + }; + + config = mkIf cfg.enable { + secrets.searx-environment = { + file = "${inputs.self}/secrets/searx-environment"; + owner = "searx"; + group = "searx"; + }; + + nixfiles.modules.nginx = { + enable = true; + upstreams.searx.servers."127.0.0.1:${toString cfg.port}" = {}; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://searx"; + extraConfig = nginxInternalOnly; + }; + }; + + services = { + searx = { + enable = true; + + settings = { + general = { + instance_name = cfg.domain; + contact_url = "mailto:admin+searx@${config.networking.domain}"; + git_url = false; + git_branch = false; + docs_url = false; + wiki_url = false; + twitter_url = false; + }; + server = { + bind_address = "127.0.0.1"; + inherit (cfg) port; + secret_key = "@SEARX_SECRET_KEY@"; + base_url = false; + image_proxy = false; + default_http_headers = { + Referrer-Policy = "no-referrer"; + X-Content-Type-Options = "nosniff"; + X-Download-Options = "noopen"; + X-Robots-Tag = "noindex, nofollow, nosnippet, noarchive"; + }; + }; + search = { + safe_search = 0; + autocomplete = ""; + }; + }; + environmentFile = config.secrets.searx-environment.path; + }; + }; + }; +} diff --git a/modules/nixos/shadowsocks.nix b/modules/nixos/shadowsocks.nix new file mode 100644 index 0000000..b59359c --- /dev/null +++ b/modules/nixos/shadowsocks.nix @@ -0,0 +1,116 @@ +{ + config, + inputs, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.shadowsocks; +in { + options.nixfiles.modules.shadowsocks = { + enable = mkEnableOption "Shadowsocks"; + + port = mkOption { + type = with types; port; + default = 8388; + description = "Port."; + }; + }; + + config = mkIf cfg.enable { + secrets.shadowsocks-password.file = "${inputs.self}/secrets/shadowsocks-password"; + + services = { + shadowsocks = { + enable = true; + passwordFile = config.secrets.shadowsocks-password.path; + localAddress = ["0.0.0.0"]; + mode = "tcp_only"; + }; + + fail2ban.jails.shadowsocks-libev = '' + enabled = true + filter = shadowsocks-libev + port = ${toString cfg.port} + ''; + }; + + systemd.services.shadowsocks-libev.path = with pkgs; + mkForce [ + (writeShellApplication { + name = "ss-server"; + runtimeInputs = [shadowsocks-libev]; + text = let + # https://github.com/shadowsocks/shadowsocks-libev/blob/master/acl/server_block_local.acl + aclFile = writeText "outbound_block_list.acl" '' + [outbound_block_list] + 0.0.0.0/8 + 10.0.0.0/8 + 100.64.0.0/10 + 127.0.0.0/8 + 169.254.0.0/16 + 172.16.0.0/12 + 192.0.0.0/24 + 192.0.2.0/24 + 192.88.99.0/24 + 192.168.0.0/16 + 198.18.0.0/15 + 198.51.100.0/24 + 203.0.113.0/24 + 224.0.0.0/4 + 240.0.0.0/4 + 255.255.255.255/32 + ::1/128 + ::ffff:127.0.0.1/104 + fc00::/7 + fe80::/10 + ''; + in '' + ss-server --acl ${aclFile} "$@" + ''; + }) + coreutils-full + jq + ]; + + environment.etc = mkIf config.nixfiles.modules.fail2ban.enable { + "fail2ban/filter.d/shadowsocks-libev.conf".text = '' + [Definition] + failregex = ^.*failed to handshake with : authentication error$ + ignoreregex = + journalmatch = _SYSTEMD_UNIT=shadowsocks-libev.service + ''; + }; + + networking.firewall = { + allowedTCPPorts = [cfg.port]; + extraCommands = '' + iptables -A nixos-fw -p tcp --syn --dport ${ + toString cfg.port + } -m connlimit --connlimit-above 32 -j nixos-fw-refuse + ''; + }; + + boot.kernel.sysctl = { + "net.core.rmem_max" = mkOverride 100 (pow 2 26); + "net.core.wmem_max" = mkOverride 100 (pow 2 26); + "net.core.netdev_max_backlog" = pow 2 18; + "net.core.somaxconn" = pow 2 12; + "net.ipv4.tcp_syncookies" = 1; + "net.ipv4.tcp_tw_reuse" = mkOverride 100 1; + "net.ipv4.tcp_tw_recycle" = mkOverride 100 0; + "net.ipv4.tcp_fin_timeout" = mkOverride 100 30; + "net.ipv4.tcp_keepalive_time" = 60 * 20; + "net.ipv4.ip_local_port_range" = "10000 65000"; + "net.ipv4.tcp_max_syn_backlog" = pow 2 13; + "net.ipv4.tcp_max_tw_buckets" = pow 2 12; + "net.ipv4.tcp_fastopen" = 3; + "net.ipv4.tcp_mem" = mkOverride 100 (mkTcpMem 15 16 17); + "net.ipv4.tcp_rmem" = mkOverride 100 (mkTcpMem 12 16 26); + "net.ipv4.tcp_wmem" = mkOverride 100 (mkTcpMem 12 16 26); + "net.ipv4.tcp_mtu_probing" = 1; + "net.ipv4.tcp_congestion_control" = "hybla"; + }; + }; +} diff --git a/modules/nixos/soju.nix b/modules/nixos/soju.nix new file mode 100644 index 0000000..14faf00 --- /dev/null +++ b/modules/nixos/soju.nix @@ -0,0 +1,117 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.soju; +in { + options.nixfiles.modules.soju = { + enable = mkEnableOption "soju"; + + protocol = mkOption { + description = "Port."; + type = with types; enum ["ircs" "irc+insecure"]; + default = "irc+insecure"; + }; + + address = mkOption { + description = "Address."; + type = with types; str; + default = this.wireguard.ipv4.address; + }; + + port = mkOption { + description = "Port."; + type = with types; port; + default = 6667; + }; + + domain = mkOption { + description = "Domain."; + type = with types; str; + default = config.networking.fqdn; + }; + }; + + config = let + db = "soju"; + in + mkIf cfg.enable { + nixfiles.modules.postgresql = { + enable = true; + extraPostStart = [ + '' + $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"' + '' + ]; + }; + + services.postgresql = { + ensureDatabases = [db]; + ensureUsers = [ + { + name = db; + ensurePermissions."DATABASE \"${db}\"" = "ALL"; + } + ]; + }; + + systemd.services.soju = { + description = "soju IRC bouncer"; + wantedBy = ["multi-user.target"]; + after = ["network-online.target" "postgresql.service"]; + serviceConfig = { + ExecStart = let + # https://soju.im/doc/soju.1.html + configFile = pkgs.writeText "soju.conf" '' + listen ${cfg.protocol}://${cfg.address}:${toString cfg.port} + db postgres ${ + concatStringsSep " " [ + "host=/run/postgresql" + "user=${db}" + "dbname=${db}" + "sslmode=disable" + ] + } + hostname ${cfg.domain} + title ${cfg.domain} + ''; + in + concatStringsSep " " [ + "${pkgs.soju}/bin/soju" + "-config ${configFile}" + ]; + DynamicUser = true; + AmbientCapabilities = [""]; + CapabilityBoundingSet = [""]; + UMask = "0077"; + LockPersonality = true; + MemoryDenyWriteExecute = true; + NoNewPrivileges = true; + PrivateDevices = true; + PrivateTmp = true; + PrivateUsers = true; + ProtectClock = true; + ProtectControlGroups = true; + ProtectHome = true; + ProtectHostname = true; + ProtectKernelLogs = true; + ProtectKernelModules = true; + ProtectKernelTunables = true; + ProtectSystem = "strict"; + ProtectProc = "invisible"; + ProcSubset = "pid"; + RemoveIPC = true; + RestrictAddressFamilies = ["AF_UNIX" "AF_INET" "AF_INET6"]; + RestrictNamespaces = true; + RestrictRealtime = true; + RestrictSUIDSGID = true; + SystemCallArchitectures = "native"; + SystemCallFilter = ["@system-service" "~@privileged"]; + }; + }; + }; +} diff --git a/modules/nixos/solaar.nix b/modules/nixos/solaar.nix new file mode 100644 index 0000000..ceff23d --- /dev/null +++ b/modules/nixos/solaar.nix @@ -0,0 +1,54 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.solaar; +in { + options.nixfiles.modules.solaar = { + enable = mkEnableOption "Solaar"; + }; + + config = mkIf cfg.enable { + hm = { + home.packages = with pkgs; [solaar]; + + systemd.user.services.solaar = { + Unit = { + Description = "Device manager for Logitech devices"; + After = ["graphical-session-pre.target"]; + PartOf = ["graphical-session.target"]; + }; + Service = { + # The dirtiest hack I've ever implemented... I should be ashamed of + # it. Regardless, that shit still doesn't work because each reconnect, + # /dev/hidraw* is recreated and has default permissions which breaks + # Solaar. Fuck this shit. + ExecStartPre = let + pkg = pkgs.writeShellApplication { + name = "solaar-pre"; + text = '' + for i in /dev/hidraw*; do + if [ -c "$i" ]; then + sudo chown root:input "$i" + sudo chmod 0660 "$i" + fi + done + ''; + }; + in "${pkg}/bin/solaar-pre"; + ExecStart = "${pkgs.solaar}/bin/solaar --window=hide"; + }; + Install.WantedBy = ["graphical-session.target"]; + }; + }; + + boot.kernelModules = ["hid_logitech_dj" "hid_logitech_hidpp"]; + + hardware.uinput.enable = true; + + my.extraGroups = ["uinput" "input"]; + }; +} diff --git a/modules/nixos/sonarr.nix b/modules/nixos/sonarr.nix new file mode 100644 index 0000000..8c79175 --- /dev/null +++ b/modules/nixos/sonarr.nix @@ -0,0 +1,28 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.sonarr; +in { + options.nixfiles.modules.sonarr = { + enable = mkEnableOption "Sonarr"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; str; + default = "sonarr.${config.networking.fqdn}"; + }; + }; + + config = mkIf cfg.enable { + nixfiles.modules.nginx = { + enable = true; + upstreams.sonarr.servers."127.0.0.1:8989" = {}; + virtualHosts.${cfg.domain}.locations."/".proxyPass = "http://sonarr"; + }; + + services.sonarr.enable = true; + }; +} diff --git a/modules/nixos/sound.nix b/modules/nixos/sound.nix new file mode 100644 index 0000000..ae35e44 --- /dev/null +++ b/modules/nixos/sound.nix @@ -0,0 +1,21 @@ +{ + config, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.sound; +in { + options.nixfiles.modules.sound.enable = + mkEnableOption "sound support"; + + config = mkIf cfg.enable { + services.pipewire = { + enable = true; + + alsa.enable = false; + jack.enable = false; + pulse.enable = true; + }; + }; +} diff --git a/modules/nixos/syncthing.nix b/modules/nixos/syncthing.nix new file mode 100644 index 0000000..b690ab4 --- /dev/null +++ b/modules/nixos/syncthing.nix @@ -0,0 +1,145 @@ +{ + config, + inputs, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.syncthing; +in { + options.nixfiles.modules.syncthing = { + enable = mkEnableOption "Syncthing"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; str; + default = "syncthing.${config.networking.fqdn}"; + }; + }; + + config = mkIf cfg.enable (mkMerge [ + { + secrets = { + "syncthing-cert-${this.hostname}" = with config.services.syncthing; { + file = "${inputs.self}/secrets/syncthing-cert-${this.hostname}"; + owner = user; + inherit group; + }; + + "syncthing-key-${this.hostname}" = with config.services.syncthing; { + file = "${inputs.self}/secrets/syncthing-key-${this.hostname}"; + owner = user; + inherit group; + }; + }; + + services.syncthing = { + enable = true; + + user = my.username; + inherit (config.my) group; + + dataDir = config.my.home; + + guiAddress = "127.0.0.1:8384"; + + cert = config.secrets."syncthing-cert-${this.hostname}".path; + key = config.secrets."syncthing-key-${this.hostname}".path; + + overrideDevices = true; + devices = mapAttrs (name: attr: + mkIf (attr.syncthing.id != null && hasAttr "wireguard" attr) { + inherit (attr.syncthing) id; + addresses = ["tcp://${name}.${config.networking.domain}:22000"]; + introducer = this.isHeadless; + }) + my.configurations; + + overrideFolders = true; + folders = let + filterDevices = f: + attrNames (filterAttrs (_: attr: + (attr.hostname != this.hostname) + && (attr.syncthing.id != null) + && f attr) + my.configurations); + all = filterDevices (_: true); + notHeadless = filterDevices (attr: !attr.isHeadless); + notOther = filterDevices (attr: !attr.isOther); + + simple = { + type = "simple"; + params.keep = "5"; + }; + trashcan = { + type = "trashcan"; + params.cleanoutDays = "7"; + }; + in + with config.hm.xdg.userDirs; { + share = { + path = publicShare; + devices = notHeadless; + versioning = trashcan; + }; + pass = { + path = config.hm.programs.password-store.settings.PASSWORD_STORE_DIR; + devices = notOther; + versioning = trashcan; + }; + org = { + path = "${documents}/org"; + devices = all; + versioning = simple; + }; + roam = { + path = "${documents}/roam"; + devices = notOther; + versioning = simple; + }; + elfeed = { + path = "${config.my.home}/.elfeed"; + devices = notOther; + versioning = trashcan; + }; + books = { + path = "${documents}/books"; + devices = notOther; + versioning = trashcan; + }; + }; + + extraOptions = { + gui = { + insecureAdminAccess = true; + insecureSkipHostcheck = this.isHeadless; + }; + options = { + autoUpgradeIntervalH = 0; + crashReportingEnabled = false; + globalAnnounceEnabled = false; + relaysEnabled = false; + setLowPriority = this.isHeadless; + stunKeepaliveMinS = 0; + stunKeepaliveStartS = 0; + urAccepted = -1; + }; + }; + }; + + systemd.services.syncthing.environment.STNODEFAULTFOLDER = "yes"; + } + (mkIf this.isHeadless { + nixfiles.modules.nginx = { + enable = true; + upstreams.syncthing.servers.${config.services.syncthing.guiAddress} = {}; + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://syncthing"; + extraConfig = nginxInternalOnly; + }; + }; + }) + ]); +} diff --git a/modules/nixos/throttled.nix b/modules/nixos/throttled.nix new file mode 100644 index 0000000..f182ee1 --- /dev/null +++ b/modules/nixos/throttled.nix @@ -0,0 +1,119 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.throttled; +in { + options.nixfiles.modules.throttled.enable = mkEnableOption "Throttled"; + + config = mkIf cfg.enable { + # Disable the module we are trying to "override". + services.throttled.enable = mkForce false; + + environment.etc."throttled.conf".text = '' + [GENERAL] + # Enable or disable the script execution + Enabled: True + # SYSFS path for checking if the system is running on AC power + Sysfs_Power_Path: /sys/class/power_supply/AC*/online + # Auto reload config on changes + Autoreload: True + + ## Settings to apply while connected to Battery power + [BATTERY] + # Update the registers every this many seconds + Update_Rate_s: 30 + # Max package power for time window #1 + PL1_Tdp_W: 29 + # Time window #1 duration + PL1_Duration_s: 28 + # Max package power for time window #2 + PL2_Tdp_W: 44 + # Time window #2 duration + PL2_Duration_S: 0.002 + # Max allowed temperature before throttling + Trip_Temp_C: 85 + # Set cTDP to normal=0, down=1 or up=2 (EXPERIMENTAL) + cTDP: 0 + # Disable BDPROCHOT (EXPERIMENTAL) + Disable_BDPROCHOT: False + + ## Settings to apply while connected to AC power + [AC] + # Update the registers every this many seconds + Update_Rate_s: 5 + # Max package power for time window #1 + PL1_Tdp_W: 44 + # Time window #1 duration + PL1_Duration_s: 28 + # Max package power for time window #2 + PL2_Tdp_W: 44 + # Time window #2 duration + PL2_Duration_S: 0.002 + # Max allowed temperature before throttling + Trip_Temp_C: 95 + # Set HWP energy performance hints to 'performance' on high load (EXPERIMENTAL) + # Uncomment only if you really want to use it + # HWP_Mode: False + # Set cTDP to normal=0, down=1 or up=2 (EXPERIMENTAL) + cTDP: 0 + # Disable BDPROCHOT (EXPERIMENTAL) + Disable_BDPROCHOT: False + + # All voltage values are expressed in mV and *MUST* be negative (i.e. undervolt)! + [UNDERVOLT.BATTERY] + # CPU core voltage offset (mV) + CORE: 0 + # Integrated GPU voltage offset (mV) + GPU: 0 + # CPU cache voltage offset (mV) + CACHE: 0 + # System Agent voltage offset (mV) + UNCORE: 0 + # Analog I/O voltage offset (mV) + ANALOGIO: 0 + + # All voltage values are expressed in mV and *MUST* be negative (i.e. undervolt)! + [UNDERVOLT.AC] + # CPU core voltage offset (mV) + CORE: 0 + # Integrated GPU voltage offset (mV) + GPU: 0 + # CPU cache voltage offset (mV) + CACHE: 0 + # System Agent voltage offset (mV) + UNCORE: 0 + # Analog I/O voltage offset (mV) + ANALOGIO: 0 + + # [ICCMAX.AC] + # # CPU core max current (A) + # CORE: + # # Integrated GPU max current (A) + # GPU: + # # CPU cache max current (A) + # CACHE: + + # [ICCMAX.BATTERY] + # # CPU core max current (A) + # CORE: + # # Integrated GPU max current (A) + # GPU: + # # CPU cache max current (A) + # CACHE: + ''; + + systemd.services.throttled = { + description = "Stop Intel throttling"; + serviceConfig = { + Type = "simple"; + ExecStart = "${pkgs.throttled}/opt/throttled/throttled.py"; + }; + environment.PYTHONUNBUFFERED = "1"; + wantedBy = ["multi-user.target"]; + }; + }; +} diff --git a/modules/nixos/unbound.nix b/modules/nixos/unbound.nix new file mode 100644 index 0000000..8c40291 --- /dev/null +++ b/modules/nixos/unbound.nix @@ -0,0 +1,197 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.unbound; +in { + options.nixfiles.modules.unbound = { + enable = mkEnableOption "Unbound"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; str; + default = config.networking.domain; + }; + }; + + config = let + adblock-conf = "${config.services.unbound.stateDir}/adblock.conf"; + in + mkIf cfg.enable { + services = { + unbound = { + enable = true; + + package = pkgs.unbound-with-systemd.override { + withRedis = true; + withTFO = true; + }; + + settings = { + server = { + interface = with this.wireguard; [ + "127.0.0.1" + "::1" + ipv4.address + ipv6.address + ]; + + local-zone = + concatLists + (mapAttrsToList (h: _: [''"${h}.${cfg.domain}" redirect'']) + my.configurations); + local-data = concatLists (mapAttrsToList (hostname: let + domain = "${hostname}.${cfg.domain}"; + in + attr: (optionals (hasAttr "wireguard" attr) (with attr.wireguard; + [ + ''"${domain} 604800 IN A ${ipv4.address}"'' + ''"${domain} 604800 IN AAAA ${ipv6.address}"'' + ''"${domain}. A ${ipv4.address}"'' + ''"${domain}. AAAA ${ipv6.address}"'' + ] + ++ concatMap (domain: [ + ''"${domain}. A ${ipv4.address}"'' + ''"${domain}. AAAA ${ipv6.address}"'' + ]) + attr.domains))) + my.configurations); + local-data-ptr = concatLists (mapAttrsToList (hostname: let + domain = "${hostname}.${cfg.domain}"; + in + attr: (optionals (hasAttr "wireguard" attr) (with attr.wireguard; + [ + ''"${ipv4.address} ${domain}"'' + ''"${ipv6.address} ${domain}"'' + ] + ++ concatMap (domain: [ + ''"${ipv4.address} ${domain}"'' + ''"${ipv6.address} ${domain}"'' + ]) + attr.domains))) + my.configurations); + + access-control = with config.nixfiles.modules.wireguard; [ + "0.0.0.0/0 refuse" + "::/0 refuse" + "127.0.0.0/8 allow" + "::1/128 allow" + "${ipv4.subnet} allow" + "${ipv6.subnet} allow" + ]; + + private-domain = cfg.domain; + private-address = with config.nixfiles.modules.wireguard; [ + ipv4.subnet + ipv6.subnet + ]; + + domain-insecure = cfg.domain; + + prefetch = true; + prefetch-key = true; + + hide-identity = true; + hide-version = true; + + extended-statistics = true; + + include = ''"${adblock-conf}"''; + }; + + forward-zone = [ + { + name = "."; + forward-tls-upstream = true; + forward-addr = let + mkDnsOverTls = ips: auth: map (ip: concatStrings [ip "@" auth]) ips; + in + mkDnsOverTls dns.const.quad9.default "853#dns.quad9.net"; + } + ]; + + cachedb = with config.services.redis.servers.unbound; { + backend = "redis"; + redis-server-host = bind; + redis-server-port = port; + }; + }; + + localControlSocketPath = "/run/unbound/unbound.socket"; + }; + + redis = { + servers.unbound = { + enable = true; + bind = "127.0.0.1"; + port = 6379; + }; + vmOverCommit = mkForce true; + }; + + prometheus.exporters = { + unbound = { + enable = true; + listenAddress = mkDefault this.wireguard.ipv4.address; + port = 9167; + fetchType = "uds"; + controlInterface = config.services.unbound.localControlSocketPath; + inherit (config.services.unbound) group user; + }; + + redis = { + enable = true; + listenAddress = mkDefault this.wireguard.ipv4.address; + port = mkDefault 9121; + extraFlags = with config.services.redis.servers.unbound; [ + "--redis.addr=redis://${bind}:${toString port}" + "--redis.user=${user}" + ]; + }; + }; + }; + + systemd = { + services = { + unbound.after = ["unbound-adblock-update.service"]; + + unbound-adblock-update = { + serviceConfig = with config.services.unbound; { + Type = "oneshot"; + User = user; + Group = group; + ExecStart = let + pkg = with pkgs; + writeShellApplication { + name = "unbound-adblock-update"; + runtimeInputs = [curl package]; + text = '' + curl \ + "https://pgl.yoyo.org/adservers/serverlist.php?hostformat=unbound&showintro=0&mimetype=plaintext" \ + >${adblock-conf} + + if [[ -f "${localControlSocketPath}" ]]; then + unbound-control reload + fi + ''; + }; + in "${pkg}/bin/unbound-adblock-update"; + }; + }; + }; + + timers.unbound-adblock-update = { + requires = ["network-online.target"]; + timerConfig = { + OnUnitActiveSec = "1d"; + Unit = "unbound-adblock-update.service"; + }; + wantedBy = ["timers.target"]; + }; + }; + }; +} diff --git a/modules/nixos/vaultwarden.nix b/modules/nixos/vaultwarden.nix new file mode 100644 index 0000000..7d51667 --- /dev/null +++ b/modules/nixos/vaultwarden.nix @@ -0,0 +1,134 @@ +{ + config, + inputs, + lib, + ... +}: +with lib; let + cfg = config.nixfiles.modules.vaultwarden; +in { + options.nixfiles.modules.vaultwarden = { + enable = mkEnableOption "Vaultwarden"; + + domain = mkOption { + description = "Domain name sans protocol scheme."; + type = with types; str; + default = "vaultwarden.${config.networking.domain}"; + }; + }; + + config = let + db = "vaultwarden"; + in + mkIf cfg.enable { + secrets.vaultwarden-environment = { + file = "${inputs.self}/secrets/vaultwarden-environment"; + owner = "vaultwarden"; + group = "vaultwarden"; + }; + + nixfiles.modules = { + nginx = { + enable = true; + upstreams = with config.services.vaultwarden.config; { + vaultwarden_rocket.servers."${ROCKET_ADDRESS}:${toString ROCKET_PORT}" = {}; + vaultwarden_websocket.servers."${WEBSOCKET_ADDRESS}:${toString WEBSOCKET_PORT}" = {}; + }; + virtualHosts.${cfg.domain} = { + locations."/" = { + proxyPass = "http://vaultwarden_rocket"; + proxyWebsockets = true; + }; + locations."/notifications/hub" = { + proxyPass = "http://vaultwarden_websocket"; + proxyWebsockets = true; + }; + locations."/notifications/hub/negotiate" = { + proxyPass = "http://vaultwarden_rocket"; + proxyWebsockets = true; + }; + }; + }; + postgresql = { + enable = true; + extraPostStart = [ + '' + $PSQL "${db}" -tAc 'GRANT ALL ON SCHEMA "public" TO "${db}"' + '' + ]; + }; + }; + + services = { + vaultwarden = { + enable = true; + config = { + TZ = config.time.timeZone; + + WEB_VAULT_ENABLED = true; + + DOMAIN = optionalString (cfg.domain != null) "http://${cfg.domain}"; + + SIGNUPS_ALLOWED = false; + INVITATIONS_ALLOWED = false; + + ORG_CREATION_USERS = "none"; + + PASSWORD_HINTS_ALLOWED = false; + SHOW_PASSWORD_HINT = false; + + ROCKET_ADDRESS = "127.0.0.1"; + ROCKET_PORT = 8812; + + WEBSOCKET_ENABLED = true; + WEBSOCKET_ADDRESS = "127.0.0.1"; + WEBSOCKET_PORT = 8813; + + LOG_LEVEL = "error"; + + DATABASE_URL = "postgresql://${db}@/${db}"; + }; + dbBackend = "postgresql"; + environmentFile = config.secrets.vaultwarden-environment.path; + }; + + postgresql = { + ensureDatabases = [db]; + ensureUsers = [ + { + name = db; + ensurePermissions."DATABASE \"${db}\"" = "ALL"; + } + ]; + }; + + fail2ban.jails = mkIf config.nixfiles.modules.fail2ban.enable { + vaultwarden = '' + enabled = true + filter = vaultwarden + port = http,https + ''; + vaultwarden-admin = '' + enabled = true + filter = vaultwarden-admin + port = http,https + ''; + }; + }; + + environment.etc = mkIf config.nixfiles.modules.fail2ban.enable { + "fail2ban/filter.d/vaultwarden.conf".text = '' + [Definition] + failregex = ^.*Username or password is incorrect\. Try again\. IP: \. Username:.*$ + ignoreregex = + journalmatch = _SYSTEMD_UNIT=vaultwarden.service + ''; + "fail2ban/filter.d/vaultwarden-admin.conf".text = '' + [Definition] + failregex = ^.*Invalid admin token\. IP: .*$ + ignoreregex = + journalmatch = _SYSTEMD_UNIT=vaultwarden.service + ''; + }; + }; +} diff --git a/modules/nixos/wireguard.nix b/modules/nixos/wireguard.nix new file mode 100644 index 0000000..d05c6ae --- /dev/null +++ b/modules/nixos/wireguard.nix @@ -0,0 +1,198 @@ +{ + config, + inputs, + lib, + pkgs, + this, + ... +}: +with lib; let + cfg = config.nixfiles.modules.wireguard; +in { + options.nixfiles.modules.wireguard = { + client = { + enable = mkEnableOption "WireGuard client"; + + enableTrafficRouting = mkOption { + description = "Whether to enable traffic routing through the sever."; + type = with types; bool; + default = !this.isHeadless; + }; + }; + + server = { + enable = mkEnableOption "WireGuard server"; + + ipv4.address = mkOption { + description = "IPv4 address to bind to."; + type = with types; str; + default = my.configurations.manwe.wireguard.ipv4.address; + }; + + ipv6.address = mkOption { + description = "IPv4 address to bind to."; + type = with types; str; + default = my.configurations.manwe.wireguard.ipv6.address; + }; + + address = mkOption { + description = "Endpoint address to use"; + type = with types; str; + default = my.configurations.manwe.ipv4.address; + }; + + port = mkOption { + description = "Endpoint port to use."; + type = with types; int; + default = 6969; + }; + + publicKey = mkOption { + description = "Server's public key."; + type = with types; str; + default = my.configurations.manwe.wireguard.publicKey; + }; + + peers = mkOption { + description = "List of peers."; + type = with types; listOf attrs; + default = mapAttrsToList (_: attr: + with attr; { + inherit (wireguard) publicKey; + allowedIPs = with wireguard; [ + "${ipv4.address}/32" + "${ipv6.address}/128" + ]; + }) (filterAttrs (_: attr: + attr.hostname != this.hostname && hasAttr "wireguard" attr) + my.configurations); + }; + }; + + interface = mkOption { + description = "Name of the interface to use WireGuard with."; + type = with types; str; + default = "wg69"; + }; + + ipv4.subnet = mkOption { + description = "CIDR notation for the IPv4 subnet to use over WireGuard."; + type = with types; str; + default = "10.69.0.0/16"; + }; + + ipv6.subnet = mkOption { + description = "CIDR notation for the IPv6 subnet to use over WireGuard."; + type = with types; str; + default = "fd69::/16"; + }; + }; + + config = + { + assertions = [ + { + assertion = config.security.sudo.enable; + message = "Sudo is not enabled."; + } + { + assertion = any (x: x == "wheel") config.my.extraGroups; + message = ''User is not in the "wheel" group.''; + } + ]; + } + // mkMerge [ + (mkIf (cfg.client.enable || cfg.server.enable) { + secrets."wireguard-private-key-${this.hostname}".file = "${inputs.self}/secrets/wireguard-private-key-${this.hostname}"; + + networking.firewall.trustedInterfaces = [cfg.interface]; + }) + (mkIf cfg.client.enable { + networking.wg-quick.interfaces.${cfg.interface} = mkMerge [ + (with this.wireguard; { + privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path; + address = ["${ipv4.address}/16" "${ipv6.address}/16"]; + }) + (with cfg.server; { + peers = [ + { + inherit publicKey; + endpoint = "${address}:${toString port}"; + allowedIPs = + if cfg.client.enableTrafficRouting + then [ + "0.0.0.0/0" + "::/0" + ] + else [ + cfg.ipv4.subnet + cfg.ipv6.subnet + ]; + persistentKeepalive = 25; + } + ]; + dns = [ + ipv4.address + ipv6.address + ]; # This assumes that the host has Unbound running. + }) + ]; + + environment.systemPackages = with pkgs; [ + (writeShellApplication { + name = "wg-toggle"; + runtimeInputs = [iproute2 jq wireguard-tools]; + text = '' + ip46() { + sudo ip -4 "$@" + sudo ip -6 "$@" + } + + fwmark=$(sudo wg show ${cfg.interface} fwmark) || exit + if ip -j rule list lookup "$fwmark" | jq -e 'length > 0' >/dev/null; then + ip46 rule del lookup main suppress_prefixlength 0 + ip46 rule del lookup "$fwmark" + else + ip46 rule add not fwmark "$fwmark" lookup "$fwmark" + ip46 rule add lookup main suppress_prefixlength 0 + fi + ''; + }) + ]; + }) + (mkIf cfg.server.enable { + networking = { + wireguard = { + enable = true; + interfaces.${cfg.interface} = with cfg.server; { + privateKeyFile = config.secrets."wireguard-private-key-${this.hostname}".path; + ips = ["${ipv4.address}/16" "${ipv6.address}/16"]; + listenPort = port; + inherit peers; + allowedIPsAsRoutes = false; + }; + }; + + nat = { + enable = true; + enableIPv6 = true; + + externalInterface = mkDefault "eth0"; + + internalInterfaces = [cfg.interface]; + internalIPs = [cfg.ipv4.subnet]; + internalIPv6s = [cfg.ipv6.subnet]; + }; + + firewall.allowedUDPPorts = [cfg.server.port]; + }; + + services.prometheus.exporters.wireguard = { + enable = true; + listenAddress = mkDefault this.wireguard.ipv4.address; + withRemoteIp = true; + port = 9586; + }; + }) + ]; +} diff --git a/modules/nixos/x11.nix b/modules/nixos/x11.nix new file mode 100644 index 0000000..cd8dfbe --- /dev/null +++ b/modules/nixos/x11.nix @@ -0,0 +1,92 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.x11; +in { + options.nixfiles.modules.x11.enable = mkEnableOption "X11"; + + config = mkIf cfg.enable { + nixfiles.modules.fonts.enable = true; + + hm = { + home.sessionVariables = with config.dirs; { + XCOMPOSEFILE = "${cache}/XComposeFile"; + XCOMPOSECACHE = "${cache}/XComposeCache"; + }; + + xsession.scriptPath = ".xinitrc"; + + xresources.properties = + (let + font = with config.fontScheme.monospaceFont; "${family}:style=${style}:size=${toString size}"; + in { + "*.font" = font; + + "Xft.antialias" = 1; + "Xft.autohint" = 0; + "Xft.dpi" = 96; + "Xft.hinting" = 1; + "Xft.hintstyle" = "hintslight"; + "Xft.lcdfilter" = "lcddefault"; + "Xft.rgba" = "rgb"; + }) + // (with config.colourScheme; { + "*.color0" = black; + "*.color8" = brightBlack; + "*.color1" = red; + "*.color9" = brightRed; + "*.color2" = green; + "*.color10" = brightGreen; + "*.color3" = yellow; + "*.color11" = brightYellow; + "*.color4" = blue; + "*.color12" = brightBlue; + "*.color5" = magenta; + "*.color13" = brightMagenta; + "*.color6" = cyan; + "*.color14" = brightCyan; + "*.color7" = white; + "*.color15" = brightWhite; + + "*.background" = background; + "*.foreground" = foreground; + }); + }; + + services.xserver = { + enable = true; + + tty = mkDefault 1; + + autoRepeatDelay = 200; + autoRepeatInterval = 25; + + libinput.enable = true; + + monitorSection = '' + Option "DPMS" "false" + ''; + + serverFlagsSection = '' + Option "BlankTime" "0" + Option "OffTime" "0" + Option "StandbyTime" "0" + Option "SuspendTime" "0" + ''; + + inputClassSections = [ + '' + Identifier "Mouse" + MatchIsPointer "yes" + Option "AccelerationNumerator" "2" + Option "AccelerationDenominator" "1" + Option "AccelerationThreshold" "4" + '' + ]; + }; + }; +} diff --git a/modules/nixos/xmonad.nix b/modules/nixos/xmonad.nix new file mode 100644 index 0000000..2cc7ad6 --- /dev/null +++ b/modules/nixos/xmonad.nix @@ -0,0 +1,28 @@ +{ + config, + inputs, + lib, + pkgs, + ... +}: +with lib; let + cfg = config.nixfiles.modules.xmonad; +in { + options.nixfiles.modules.xmonad.enable = mkEnableOption "XMonad"; + + config = mkIf cfg.enable { + nixfiles.modules.x11.enable = true; + + hm = { + xsession = { + enable = true; + + scriptPath = ".xinitrc"; + + windowManager.command = "${pkgs.xmonad-ng}/bin/xmonad-ng"; + }; + }; + + services.xserver.displayManager.startx.enable = true; + }; +} diff --git a/nixosConfigurations/default.nix b/nixosConfigurations/default.nix new file mode 100644 index 0000000..8ebeda4 --- /dev/null +++ b/nixosConfigurations/default.nix @@ -0,0 +1,96 @@ +{ + inputs, + lib, +}: +with lib; let + mkConfiguration = name: { + modules ? [], + configuration ? ./${name}, + this ? my.configurations.${name}, + extraSpecialArgs ? { + localUsername = my.username; + localHostname = this.hostname; + }, + }: + nameValuePair name (nixosSystem { + inherit (this) system; + modules = + modules + ++ attrValues inputs.self.modules + ++ attrValues inputs.self.nixosModules + ++ optional (configuration != null) (import configuration); + specialArgs = + { + inherit inputs lib this; + } + // extraSpecialArgs; + }); +in + mapAttrs' mkConfiguration { + # A dummy configuration to test the "headless" profile. + test-headless = { + modules = with inputs; [ + "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" + nixpkgs.nixosModules.notDetected + ]; + this = { + hostname = "test-headless"; + system = "x86_64-linux"; + isHeadless = true; + isHeadful = false; + }; + }; + + # A dummy configuration to test the "headful" profile. + test-headful = { + modules = with inputs; [ + "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" + nixpkgs.nixosModules.notDetected + ]; + this = { + hostname = "test-headful"; + system = "x86_64-linux"; + isHeadless = false; + isHeadful = true; + }; + }; + + # A beefy desktop: 7950x/rx6750xt/128GB. + eonwe.modules = with inputs; [ + nixos-hardware.nixosModules.common-cpu-amd + nixos-hardware.nixosModules.common-gpu-amd + nixos-hardware.nixosModules.common-pc-ssd + nixpkgs.nixosModules.notDetected + ]; + + # ThinkPad T480. + melian.modules = with inputs; [ + nixos-hardware.nixosModules.common-pc-laptop-ssd + nixos-hardware.nixosModules.lenovo-thinkpad-t480 + nixpkgs.nixosModules.notDetected + ]; + + # VPS: Germany + manwe.modules = with inputs; [ + "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" + nixos-hardware.nixosModules.common-cpu-amd + nixos-hardware.nixosModules.common-pc-ssd + nixpkgs.nixosModules.notDetected + ]; + + # VPS: Germany + varda.modules = with inputs; [ + "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" + nixos-hardware.nixosModules.common-cpu-amd + nixos-hardware.nixosModules.common-pc-ssd + nixpkgs.nixosModules.notDetected + ]; + + # VPS: France + yavanna.modules = with inputs; [ + "${nixpkgs}/nixos/modules/profiles/qemu-guest.nix" + nixos-hardware.nixosModules.common-cpu-intel + nixos-hardware.nixosModules.common-pc-hdd + nixpkgs.nixosModules.notDetected + ]; + } diff --git a/nixosConfigurations/eonwe/default.nix b/nixosConfigurations/eonwe/default.nix new file mode 100644 index 0000000..a867837 --- /dev/null +++ b/nixosConfigurations/eonwe/default.nix @@ -0,0 +1,72 @@ +{ + config, + lib, + pkgs, + this, + ... +}: +with lib; { + nixfiles.modules = { + wireguard.client.enable = true; + + syncthing.enable = true; + + openssh.server.enable = true; + + games = { + lutris.enable = true; + steam.enable = true; + }; + android.enable = true; + bluetooth.enable = true; + discord.enable = true; + libvirtd.enable = true; + qutebrowser.enable = true; + }; + + hm.programs = { + firefox.profiles.default.settings."media.ffmpeg.vaapi.enabled" = true; + + mpv.config = { + hwdec = "vdpau"; + vo = "gpu"; + profile = "gpu-hq"; + }; + }; + + boot = { + # Silence benign MCE errors: + # ``` + # mce: [Hardware Error]: CPU 1: Machine Check: 0 Bank 29: ffffffffffffffff + # mce: [Hardware Error]: TSC 0 MISC ff1fffffffffffff SYND ffffffffffffffff IPID ffffffffffffffff + # mce: [Hardware Error]: PROCESSOR 2:a60f12 TIME 1669988017 SOCKET 0 APIC 2 microcode a601201 + # ``` + kernelParams = ["mce=nobootlog"]; + + initrd.availableKernelModules = [ + "ahci" + "nvme" + "sd_mod" + "usb_storage" + "usbhid" + "xhci_pci" + ]; + }; + + fileSystems = { + "/boot" = { + device = "/dev/disk/by-uuid/FF1E-9CFD"; + fsType = "vfat"; + }; + + "/" = { + device = "/dev/disk/by-uuid/20276c1b-7e46-430b-b741-2f4aeb76bc51"; + fsType = "xfs"; + options = ["noatime"]; + }; + }; + + # No swap space is declared here because the system already has 128Gb of RAM. + # I didn't manage to even hit 100Gb mark even when running large + # computations/compiling something big. +} diff --git a/nixosConfigurations/manwe/default.nix b/nixosConfigurations/manwe/default.nix new file mode 100644 index 0000000..b8dd324 --- /dev/null +++ b/nixosConfigurations/manwe/default.nix @@ -0,0 +1,88 @@ +{ + config, + lib, + this, + ... +}: +with lib; { + imports = [ + ./mailserver.nix + ./webserver.nix + ]; + + nixfiles.modules = { + nsd = { + enable = true; + fqdn = "ns1.${config.networking.domain}"; + }; + unbound.enable = true; + + wireguard.server.enable = true; + + acme.enable = true; + + monitoring.enable = true; + + postgresql.enable = true; + + git.server = { + enable = true; + domain = "git.${my.domain.azahi}"; + }; + + gotify.enable = true; + matrix.dendrite = { + enable = true; + domain = my.domain.azahi; + }; + radicale.enable = true; + rss-bridge.enable = true; + shadowsocks.enable = true; + soju = { + enable = true; + domain = my.domain.azahi; + }; + vaultwarden.enable = true; + }; + + boot = { + loader.grub = { + enable = true; + device = "/dev/sda"; + }; + + initrd.availableKernelModules = [ + "ata_piix" + "sd_mod" + "sr_mod" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + ]; + }; + + fileSystems = { + "/boot" = { + device = "/dev/sda1"; + fsType = "xfs"; + options = ["noatime"]; + }; + + "/" = { + device = "/dev/sda2"; + fsType = "xfs"; + options = ["noatime"]; + }; + }; + + swapDevices = [ + { + device = "/dev/sda3"; + } + ]; + + zramSwap = { + enable = true; + memoryPercent = 25; + }; +} diff --git a/nixosConfigurations/manwe/mailserver.nix b/nixosConfigurations/manwe/mailserver.nix new file mode 100644 index 0000000..a4b552a --- /dev/null +++ b/nixosConfigurations/manwe/mailserver.nix @@ -0,0 +1,94 @@ +{ + config, + inputs, + lib, + ... +}: +with lib; { + imports = [inputs.simple-nixos-mailserver.nixosModule]; + + secrets = { + dkim-key-azahi-cc = { + file = "${inputs.self}/secrets/dkim-key-azahi-cc"; + path = "/var/dkim/${my.domain.azahi}.${config.mailserver.dkimSelector}.key"; + owner = "opendkim"; + group = "opendkim"; + }; + dkim-key-rohan-net = { + file = "${inputs.self}/secrets/dkim-key-rohan-net"; + path = "/var/dkim/${my.domain.rohan}.${config.mailserver.dkimSelector}.key"; + owner = "opendkim"; + group = "opendkim"; + }; + dkim-key-gondor-net = { + file = "${inputs.self}/secrets/dkim-key-gondor-net"; + path = "/var/dkim/${my.domain.gondor}.${config.mailserver.dkimSelector}.key"; + owner = "opendkim"; + group = "opendkim"; + }; + dkim-key-shire-me = { + file = "${inputs.self}/secrets/dkim-key-shire-me"; + path = "/var/dkim/${my.domain.shire}.${config.mailserver.dkimSelector}.key"; + owner = "opendkim"; + group = "opendkim"; + }; + }; + + nixfiles.modules.acme.enable = true; + + mailserver = let + cert = config.certs.${my.domain.shire}; + in { + enable = true; + + fqdn = config.networking.domain; + domains = with my.domain; [azahi gondor rohan shire]; + + localDnsResolver = false; + + certificateScheme = 1; + certificateFile = "${cert.directory}/fullchain.pem"; + keyFile = "${cert.directory}/key.pem"; + + lmtpSaveToDetailMailbox = "no"; + + loginAccounts = with my.domain; { + "azahi@${shire}" = { + hashedPassword = "@HASHED_PASSWORD@"; + aliases = [ + "@${azahi}" + "@${rohan}" + "@${gondor}" + "abuse@${shire}" + "admin@${shire}" + "ceo@${shire}" + "postmaster@${shire}" + ]; + }; + "samwise@${shire}" = { + hashedPassword = "@HASHED_PASSWORD@"; + aliases = ["chad@${shire}"]; + quota = "1G"; + }; + "pippin@${shire}" = { + hashedPassword = "@HASHED_PASSWORD@"; + quota = "1G"; + }; + "meriadoc@${shire}" = { + hashedPassword = "@HASHED_PASSWORD@"; + quota = "1G"; + }; + }; + }; + + services.fail2ban.jails = { + dovecot = '' + enabled = true + mode = aggressive + ''; + postfix = '' + enabled = true + mode = aggressive + ''; + }; +} diff --git a/nixosConfigurations/manwe/webserver.nix b/nixosConfigurations/manwe/webserver.nix new file mode 100644 index 0000000..4dded7e --- /dev/null +++ b/nixosConfigurations/manwe/webserver.nix @@ -0,0 +1,23 @@ +{ + inputs, + lib, + ... +}: +with lib; { + nixfiles.modules.nginx.virtualHosts = with my.domain; + { + ${shire}.locations."/".return = "301 https://www.youtube.com/watch?v=dQw4w9WgXcQ"; + "git.${shire}".locations."/".return = "301 https://git.${azahi}"; + "bitwarden.${shire}".locations."/".return = "301 https://vaultwarden.${shire}"; + ${azahi} = { + serverAliases = ["frodo.${gondor}" "frodo.${rohan}"]; + locations."/".root = inputs.azahi-cc; + }; + } + // (let + frodo = "301 https://frodo."; + in { + ${gondor}.locations."/".return = concatStrings [frodo gondor]; + ${rohan}.locations."/".return = concatStrings [frodo rohan]; + }); +} diff --git a/nixosConfigurations/melian/default.nix b/nixosConfigurations/melian/default.nix new file mode 100644 index 0000000..3ba854c --- /dev/null +++ b/nixosConfigurations/melian/default.nix @@ -0,0 +1,108 @@ +{ + config, + lib, + pkgs, + ... +}: +with lib; { + nixfiles.modules = { + wireguard.client.enable = true; + + syncthing.enable = true; + + bluetooth.enable = true; + + throttled.enable = true; + }; + + hardware.trackpoint = { + enable = true; + speed = 500; + sensitivity = 250; + }; + + powerManagement = let + modprobe = "${pkgs.kmod}/bin/modprobe"; + in { + enable = true; + + # This fixes an issue with not being able to suspend or wake up from suspend + # due to a kernel bug[1]. + # + # [1]: https://bbs.archlinux.org/viewtopic.php?id=270964 + # [1]: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/522998 + # [1]: https://bugs.launchpad.net/ubuntu/+source/pm-utils/+bug/562484/comments/3 + # [1]: https://gist.github.com/ioggstream/8f380d398aef989ac455b93b92d42048 + powerDownCommands = "${modprobe} -r xhci_pci"; + powerUpCommands = "${modprobe} xhci_pci"; + }; + + services = { + thinkfan = { + enable = true; + + settings = { + sensors = [ + { + hwmon = "/sys/class/hwmon"; + name = "coretemp"; + indices = [1]; + } + ]; + fans = [{tpacpi = "/proc/acpi/ibm/fan";}]; + levels = [ + ["level auto" 0 50] + ["level disengaged" 50 32767] + ]; + }; + }; + + fwupd.enable = true; + }; + + boot = { + initrd = { + availableKernelModules = [ + "ahci" + "nvme" + "sd_mod" + "usb_storage" + "usbhid" + "xhci_pci" + ]; + + luks.devices."root" = { + device = "/dev/disk/by-uuid/c1b46f24-eec0-47d2-a142-75ddfd7bb218"; + allowDiscards = true; + bypassWorkqueues = true; + }; + }; + }; + + fileSystems = { + "/boot" = { + device = "/dev/disk/by-uuid/1083-C8A0"; + fsType = "vfat"; + }; + + "/" = { + device = "/dev/disk/by-uuid/bb8b09dc-cc67-47e5-8280-532b17a9e62a"; + fsType = "xfs"; + options = ["noatime"]; + }; + }; + + # NOTE This makes hibernation pretty much impossible because the partition is + # encrypted. + swapDevices = [ + { + device = "/swapfile"; + size = 8 * 1024; + } + ]; + + zramSwap = { + enable = true; + memoryPercent = 25; + }; +} diff --git a/nixosConfigurations/test-headful/default.nix b/nixosConfigurations/test-headful/default.nix new file mode 100644 index 0000000..25db8c7 --- /dev/null +++ b/nixosConfigurations/test-headful/default.nix @@ -0,0 +1,19 @@ +{lib, ...}: +with lib; { + nixfiles.modules = { + dwm.enable = true; + kde.enable = false; + xmonad.enable = false; + }; + + boot.loader.systemd-boot.enable = true; + fileSystems."/".device = "/dev/null"; + + documentation = { + enable = mkForce false; + man = { + enable = mkForce false; + man-db.enable = mkForce false; + }; + }; +} diff --git a/nixosConfigurations/test-headless/default.nix b/nixosConfigurations/test-headless/default.nix new file mode 100644 index 0000000..919a436 --- /dev/null +++ b/nixosConfigurations/test-headless/default.nix @@ -0,0 +1,13 @@ +{lib, ...}: +with lib; { + nixfiles.modules = { + endlessh-go.enable = mkForce false; + node-exporter.enable = mkForce false; + promtail.enable = mkForce false; + }; + + boot.loader.systemd-boot.enable = true; + fileSystems."/".device = "/dev/null"; + + documentation.enable = mkForce false; +} diff --git a/nixosConfigurations/varda/default.nix b/nixosConfigurations/varda/default.nix new file mode 100644 index 0000000..5e0914e --- /dev/null +++ b/nixosConfigurations/varda/default.nix @@ -0,0 +1,62 @@ +{ + lib, + this, + ... +}: +with lib; { + nixfiles.modules = { + wireguard.client.enable = true; + + acme.enable = true; + + games.minecraft.server = { + enable = false; # Disabled because no one is playing now. + memory = "6G"; + }; + }; + + boot = { + loader = { + efi.canTouchEfiVariables = true; + + systemd-boot = { + enable = true; + configurationLimit = 10; + }; + }; + + initrd.availableKernelModules = [ + "ata_piix" + "sd_mod" + "sr_mod" + "uhci_hcd" + "virtio_pci" + "virtio_scsi" + ]; + }; + + fileSystems = { + "/boot" = { + device = "/dev/disk/by-uuid/03FD-B6C0"; + fsType = "vfat"; + }; + + "/" = { + device = "/dev/disk/by-uuid/b07e8273-915a-424c-8c55-cdc2bd482f49"; + fsType = "xfs"; + options = ["noatime"]; + }; + }; + + swapDevices = [ + { + device = "/swapfile"; + size = 4 * 1024; + } + ]; + + zramSwap = { + enable = true; + memoryPercent = 25; + }; +} diff --git a/nixosConfigurations/yavanna/default.nix b/nixosConfigurations/yavanna/default.nix new file mode 100644 index 0000000..e3172a6 --- /dev/null +++ b/nixosConfigurations/yavanna/default.nix @@ -0,0 +1,46 @@ +{ + lib, + this, + ... +}: +with lib; { + nixfiles.modules = { + wireguard.client.enable = true; + + syncthing.enable = true; + + acme.enable = true; + + rtorrent.enable = true; + }; + + boot = { + loader.grub = { + enable = true; + device = "/dev/sda"; + }; + + initrd = { + availableKernelModules = ["uhci_hcd" "ahci"]; + kernelModules = ["nvme"]; + }; + }; + + fileSystems."/" = { + device = "/dev/sda1"; + fsType = "ext4"; + options = ["noatime"]; + }; + + swapDevices = [ + { + device = "/swapfile"; + size = 4 * 1024; + } + ]; + + zramSwap = { + enable = true; + memoryPercent = 25; + }; +} -- cgit 1.4.1