Drift/pvv-nixos-config
17
5
Fork 1
Code Issues Pull Requests 11 Actions Wiki Activity

Compare commits

base: Drift:gitea-vaskepersonalet
Branches Tags
Drift:main Drift:gitea-vaskepersonalet Drift:errorpages Drift:create-flake-input-exporter Drift:minecraft-heatmap Drift:fix-import-gitea-users-script Drift:gitea-runners-secrets Drift:gitea-runners-cluster Drift:25.05 Drift:new_nodes Drift:ooye Drift:grg-ip Drift:nom Drift:add-skrott Drift:pvvvvv Drift:setup-git-mirroring-on-bicep Drift:init-bakke Drift:gitea-show-license-in-list-view Drift:nix-topology Drift:gitea-robots-txt Drift:dagali-heimdal-openldap-sasl-stack Drift:gitea-navbar-get-started Drift:backup-databases Drift:openwebui Drift:setup-openvpn-tunnel Drift:gitea-gpg-signing Drift:sleipner-authorised-keys Drift:openstack-image-builder Drift:elysium Drift:smartd-notifs Drift:systemd-journald-remote Drift:skrot Drift:deploy-doorbell Drift:misc-gitea-fixes Drift:spotifyd Drift:remote Drift:setup-bikkje-login Drift:ozai-prod Drift:add-bluemap Drift:ozai Drift:setup-postfix-for-service-machines Drift:fix-gitea-ci-runner-network-issues Drift:heimdal-openldap-sasl-testing-on-salsa-on-buskerud Drift:gitea-metrics Drift:misc1 Drift:add-simple-saml-theme Drift:misc-extra-gitea-setup Drift:setup-kerberos Drift:setup-home-areas Drift:shark-kanidm Drift:prometheusexim
..
compare: Drift:create-flake-input-exporter
Branches Tags
Drift:gitea-vaskepersonalet Drift:errorpages Drift:main Drift:create-flake-input-exporter Drift:minecraft-heatmap Drift:fix-import-gitea-users-script Drift:gitea-runners-secrets Drift:gitea-runners-cluster Drift:25.05 Drift:new_nodes Drift:ooye Drift:grg-ip Drift:nom Drift:add-skrott Drift:pvvvvv Drift:setup-git-mirroring-on-bicep Drift:init-bakke Drift:gitea-show-license-in-list-view Drift:nix-topology Drift:gitea-robots-txt Drift:dagali-heimdal-openldap-sasl-stack Drift:gitea-navbar-get-started Drift:backup-databases Drift:openwebui Drift:setup-openvpn-tunnel Drift:gitea-gpg-signing Drift:sleipner-authorised-keys Drift:openstack-image-builder Drift:elysium Drift:smartd-notifs Drift:systemd-journald-remote Drift:skrot Drift:deploy-doorbell Drift:misc-gitea-fixes Drift:spotifyd Drift:remote Drift:setup-bikkje-login Drift:ozai-prod Drift:add-bluemap Drift:ozai Drift:setup-postfix-for-service-machines Drift:fix-gitea-ci-runner-network-issues Drift:heimdal-openldap-sasl-testing-on-salsa-on-buskerud Drift:gitea-metrics Drift:misc1 Drift:add-simple-saml-theme Drift:misc-extra-gitea-setup Drift:setup-kerberos Drift:setup-home-areas Drift:shark-kanidm Drift:prometheusexim

1 Commits
gitea-vask ... create-fla

Author SHA1 Message Date
fredrikr79
b4aada6fbc base: create flake input exporter 2025-10-12 02:40:43 +02:00
6 changed files with 35 additions and 117 deletions
Expand all files Collapse all files

27
base/flake-input-exporter.nix
View File

@@ -3,7 +3,6 @@
inputs,
lib,
pkgs,
values,
...
}:
let
@@ -16,40 +15,26 @@ let
);
folder = pkgs.writeTextDir "share/flake-inputs" (
lib.concatMapStringsSep "\n" (
{ name, value }: ''nixos_last_modified_input{flake="${name}"} ${toString value.lastModified}''
{ name, value }:
"nixos_last_modified_input{flake=${name},host=${config.networking.hostName}} ${toString value.lastModified}"
) (lib.attrsToList data)
);
port = 9102;
in
{
services.nginx.virtualHosts."${config.networking.fqdn}-nixos-metrics" = {
serverName = config.networking.fqdn;
services.nginx.virtualHosts."${config.networking.fqdn}" = {
forceSSL = true;
enableACME = true;
kTLS = true;
serverAliases = [
"${config.networking.hostName}.pvv.org"
];
locations."/metrics" = {
root = "${folder}/share";
tryFiles = "/flake-inputs =404";
extraConfig = ''
default_type text/plain;
'';
};
listen = [
{
inherit port;
addr = "0.0.0.0";
}
];
extraConfig = ''
allow ${values.hosts.ildkule.ipv4}/32;
allow ${values.hosts.ildkule.ipv6}/128;
allow 127.0.0.1/32;
allow ::1/128;
allow 129.241.210.128/25;
allow 2001:700:300:1900::/64;
deny all;
'';
};
networking.firewall.allowedTCPPorts = [ port ];
}

30
flake.lock generated
View File

@@ -48,11 +48,11 @@
"rust-overlay": "rust-overlay"
},
"locked": {
"lastModified": 1758919016,
"narHash": "sha256-TSJMOWq9dO7P1iQB4httzWwAtpM1veacLcaS7FAyTpo=",
"lastModified": 1758386174,
"narHash": "sha256-iNDxHSDdb/LlqDbqP9BcZd1QEmks4iYiyN34UhUizZ8=",
"ref": "refs/heads/main",
"rev": "c87263b784954d20485d108e70934c9316935d75",
"revCount": 51,
"rev": "a21fdfe56743afc7de1fb14597711fbd97ddef76",
"revCount": 50,
"type": "git",
"url": "https://git.pvv.ntnu.no/Grzegorz/greg-ng.git"
},
@@ -159,11 +159,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1760254360,
"narHash": "sha256-Npp92Joy2bRyickrrVP9+85z31aGS8kVNiLlKvd5pC4=",
"rev": "bafe987a29b8bea2edbb3aba76b51464b3d222f0",
"lastModified": 1758363343,
"narHash": "sha256-TWem5ajoX0vD7j1v/cg3XU7GHWW10HRUQbZL++QNXLk=",
"rev": "b2a3852bd078e68dd2b3dfa8c00c67af1f0a7d20",
"type": "tarball",
"url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.811161.bafe987a29b8/nixexprs.tar.xz"
"url": "https://releases.nixos.org/nixos/25.05-small/nixos-25.05.810175.b2a3852bd078/nixexprs.tar.xz"
},
"original": {
"type": "tarball",
@@ -172,11 +172,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1760252326,
"narHash": "sha256-5v32B25kSE++E+KtP4DO687r/AlWL9qOlOjtYyfcDSw=",
"rev": "66e5020bfe0af40ffa127426f8405edbdadbb40b",
"lastModified": 1758361324,
"narHash": "sha256-uCqhgJlmxP3UmyCNZ21ucc5Ic0I2le3rA7+Q61UH1YA=",
"rev": "0f3383ef02bc092d2f82afa4e556743c6e6b74d6",
"type": "tarball",
"url": "https://releases.nixos.org/nixos/unstable-small/nixos-25.11pre876242.66e5020bfe0a/nixexprs.tar.xz"
"url": "https://releases.nixos.org/nixos/unstable-small/nixos-25.11pre864278.0f3383ef02bc/nixexprs.tar.xz"
},
"original": {
"type": "tarball",
@@ -268,11 +268,11 @@
]
},
"locked": {
"lastModified": 1760240450,
"narHash": "sha256-sa9bS9jSyc4vH0jSWrUsPGdqtMvDwmkLg971ntWOo2U=",
"lastModified": 1758007585,
"narHash": "sha256-HYnwlbY6RE5xVd5rh0bYw77pnD8lOgbT4mlrfjgNZ0c=",
"owner": "Mic92",
"repo": "sops-nix",
"rev": "41fd1f7570c89f645ee0ada0be4e2d3c4b169549",
"rev": "f77d4cfa075c3de66fc9976b80e0c4fc69e2c139",
"type": "github"
},
"original": {

10
hosts/bicep/services/matrix/hookshot/default.nix
View File

@@ -77,14 +77,14 @@ in
outbound = true;
urlPrefix = "https://hookshot.pvv.ntnu.no/webhook/";
userIdPrefix = "_webhooks_";
allowJsTransformationFunctions = true;
allowJsTransformationFunctions = false;
waitForComplete = false;
};
feeds = {
enabled = true;
pollIntervalSeconds = 600;
};
serviceBots = [
{ localpart = "bot_feeds";
displayname = "Aya";
@@ -94,11 +94,6 @@ in
}
];
widgets = {
roomSetupWidget.addOnInvite = false;
publicUrl = "https://hookshot.pvv.ntnu.no/widgetapi/v1/static";
};
permissions = [
# Users of the PVV Server
{ actor = "pvv.ntnu.no";
@@ -133,7 +128,6 @@ in
services.nginx.virtualHosts."hookshot.pvv.ntnu.no" = {
enableACME = true;
addSSL = true;
locations."/" = {
proxyPass = "http://${webhookListenAddress}:${toString webhookListenPort}";
};

25
hosts/ildkule/services/monitoring/prometheus/machines.nix
View File

@@ -8,26 +8,25 @@
defaultNodeExporterPort = 9100;
defaultSystemdExporterPort = 9101;
defaultNixosExporterPort = 9102;
in {
services.prometheus.scrapeConfigs = [{
job_name = "base_info";
static_configs = [
(mkHostScrapeConfig "ildkule" [ cfg.exporters.node.port cfg.exporters.systemd.port defaultNixosExporterPort ])
(mkHostScrapeConfig "ildkule" [ cfg.exporters.node.port cfg.exporters.systemd.port ])
(mkHostScrapeConfig "bekkalokk" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
(mkHostScrapeConfig "bicep" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
(mkHostScrapeConfig "brzeczyszczykiewicz" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
(mkHostScrapeConfig "georg" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
(mkHostScrapeConfig "kommode" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
(mkHostScrapeConfig "ustetind" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
(mkHostScrapeConfig "wenche" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
(mkHostScrapeConfig "bekkalokk" [ defaultNodeExporterPort defaultSystemdExporterPort ])
(mkHostScrapeConfig "bicep" [ defaultNodeExporterPort defaultSystemdExporterPort ])
(mkHostScrapeConfig "brzeczyszczykiewicz" [ defaultNodeExporterPort defaultSystemdExporterPort ])
(mkHostScrapeConfig "georg" [ defaultNodeExporterPort defaultSystemdExporterPort ])
(mkHostScrapeConfig "kommode" [ defaultNodeExporterPort defaultSystemdExporterPort ])
(mkHostScrapeConfig "ustetind" [ defaultNodeExporterPort defaultSystemdExporterPort ])
(mkHostScrapeConfig "wenche" [ defaultNodeExporterPort defaultSystemdExporterPort ])
(mkHostScrapeConfig "lupine-1" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
(mkHostScrapeConfig "lupine-1" [ defaultNodeExporterPort defaultSystemdExporterPort ])
# (mkHostScrapeConfig "lupine-2" [ defaultNodeExporterPort defaultSystemdExporterPort ])
(mkHostScrapeConfig "lupine-3" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
(mkHostScrapeConfig "lupine-4" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
(mkHostScrapeConfig "lupine-5" [ defaultNodeExporterPort defaultSystemdExporterPort defaultNixosExporterPort ])
(mkHostScrapeConfig "lupine-3" [ defaultNodeExporterPort defaultSystemdExporterPort ])
(mkHostScrapeConfig "lupine-4" [ defaultNodeExporterPort defaultSystemdExporterPort ])
(mkHostScrapeConfig "lupine-5" [ defaultNodeExporterPort defaultSystemdExporterPort ])
(mkHostScrapeConfig "hildring" [ defaultNodeExporterPort ])
(mkHostScrapeConfig "isvegg" [ defaultNodeExporterPort ])

1
hosts/kommode/services/gitea/default.nix
View File

@@ -8,7 +8,6 @@ in {
./customization
./gpg.nix
./import-users
./vaskepersonalet.nix
./web-secret-provider
];

59
hosts/kommode/services/gitea/vaskepersonalet.nix
View File

@@ -1,59 +0,0 @@
{ config, ... }:
let
cfg = config.services.gitea;
cacheDir = "/var/cache/${config.systemd.services.gitea.serviceConfig.CacheDirectory}";
in
{
systemd.services."gitea-vaskepersonalet" = {
description = "yeeet";
startAt = "hourly";
serviceConfig = rec {
User = cfg.user;
Group = cfg.group;
RuntimeDirectory = "gitea-vaskepersonalet";
RootDirectory = "/run/${RuntimeDirectory}";
BindPaths = [
builtins.storeDir
cacheDir
cfg.dump.backupDir
];
};
script = let
percentageLimit = 80;
in ''
USED=$(df --output=pcent '${cacheDir}' | grep '[0-9]' | tr -d '%')
if [[ $USED -lt ${toString percentageLimit} ]]; then exit 0; fi
echo "omg omg, we're running out of space, imma yeet the cache"
rm -rf '${cacheDir}'/*
echo "yeetus deletus"
USED=$(df --output=pcent '${cacheDir}' | grep '[0-9]' | tr -d '%')
if [[ $USED -lt ${toString percentageLimit} ]]; then exit 0; fi
echo ""
echo "bruh, still low on space, yeeting old backups"
echo ""
# tail -n+2 ensure we keep at least one backup.
for file in $(ls -t1 '${cfg.dump.backupDir}' | sort --reverse | tail -n+2); do
echo "> Chose $file"
echo "> Do you really want to release this pokemon? [Y/n] Y"
rm "$file"
echo "> ..."
echo "> The pokemon was released back into the wild"
echo ""
USED=$(df --output=pcent '${cacheDir}' | grep '[0-9]' | tr -d '%')
if [[ $USED -lt ${toString percentageLimit} ]]; then exit 0; fi
done
echo "No way, we're still out of space? Not my problem anymore"
'';
};
}