diff --git a/config/hosts/mail-1/simple-nixos-mailserver.nix b/config/hosts/mail-1/simple-nixos-mailserver.nix index a4b426a..c08a1a3 100644 --- a/config/hosts/mail-1/simple-nixos-mailserver.nix +++ b/config/hosts/mail-1/simple-nixos-mailserver.nix @@ -46,6 +46,11 @@ sendOnly = true; aliases = [ "nyareply@nekover.se" ]; }; + "nekomesh@nekover.se" = { + hashedPasswordFile = "/secrets/mail-nekomesh-nekover-se.secret"; + sendOnly = true; + aliases = [ "nyareply@nekover.se" ]; + }; "social@nekover.se" = { hashedPasswordFile = "/secrets/mail-social-nekover-se.secret"; sendOnly = true; diff --git a/config/hosts/metrics-nekomesh/configuration.nix b/config/hosts/metrics-nekomesh/configuration.nix new file mode 100644 index 0000000..0f46c1d --- /dev/null +++ b/config/hosts/metrics-nekomesh/configuration.nix @@ -0,0 +1,17 @@ +{ ... }: +{ + boot.loader.grub = { + enable = true; + device = "/dev/vda"; + }; + + networking = { + hostName = "metrics-nekomesh"; + firewall = { + enable = true; + allowedTCPPorts = [ 80 443 ]; + }; + }; + + system.stateVersion = "25.11"; +} diff --git a/config/hosts/metrics-nekomesh/default.nix b/config/hosts/metrics-nekomesh/default.nix new file mode 100644 index 0000000..ef5c25c --- /dev/null +++ b/config/hosts/metrics-nekomesh/default.nix @@ -0,0 +1,9 @@ +{ ... }: +{ + imports = [ + ./configuration.nix + ./grafana.nix + ./prometheus.nix + ./nginx.nix + ]; +} diff --git a/config/hosts/metrics-nekomesh/grafana.nix b/config/hosts/metrics-nekomesh/grafana.nix new file mode 100644 index 0000000..69e5a6d --- /dev/null +++ b/config/hosts/metrics-nekomesh/grafana.nix @@ -0,0 +1,36 @@ +{ config, ... }: +{ + services.grafana = { + enable = true; + settings = { + server = { + domain = "nekomesh.nekover.se"; + root_url = "https://${config.services.grafana.settings.server.domain}"; + }; + security = { + cookie_secure = true; + cookie_samesite = "strict"; + admin_user = "fi"; + admin_password = "$__file{/secrets/metrics-nekomesh-grafana-admin-password.secret}"; + admin_email = "fi@nekover.se"; + }; + smtp = { + enabled = true; + host = "mail.grzb.de:465"; + user = "nekomesh@grzb.de"; + password = "$__file{/secrets/mail-nekomesh-nekover-se.secret}"; + from_address = "nyareply@nekover.se"; + from_name = "Nekomesh"; + startTLS_policy = "NoStartTLS"; + }; + }; + provision.datasources.settings.datasources = [ + { + name = "Prometheus"; + type = "prometheus"; + url = "http://localhost:${builtins.toString config.services.prometheus.port}"; + isDefault = true; + } + ]; + }; +} diff --git a/config/hosts/metrics-nekomesh/nginx.nix b/config/hosts/metrics-nekomesh/nginx.nix new file mode 100644 index 0000000..9e31454 --- /dev/null +++ b/config/hosts/metrics-nekomesh/nginx.nix @@ -0,0 +1,27 @@ +{ config, ... }: +{ + services.nginx = { + enable = true; + virtualHosts = { + ${config.services.grafana.settings.server.domain} = { + forceSSL = true; + enableACME = true; + listen = [ + { + addr = "0.0.0.0"; + port = 80; + } + { + addr = "0.0.0.0"; + port = 443; + ssl = true; + } + ]; + locations."/" = { + proxyPass = "http://${config.services.grafana.settings.server.http_addr}:${builtins.toString config.services.grafana.settings.server.http_port}"; + proxyWebsockets = true; + }; + }; + }; + }; +} diff --git a/config/hosts/metrics-nekomesh/prometheus.nix b/config/hosts/metrics-nekomesh/prometheus.nix new file mode 100644 index 0000000..1e139a1 --- /dev/null +++ b/config/hosts/metrics-nekomesh/prometheus.nix @@ -0,0 +1,16 @@ +{ ... }: +{ + services.prometheus = { + enable = true; + retentionTime = "2y"; + scrapeConfigs = [ + { + job_name = "meshcore"; + scrape_interval = "15m"; + static_configs = [{ + targets = [ "localhost:9091" ]; + }]; + } + ]; + }; +} diff --git a/config/hosts/metrics-nekomesh/secrets.nix b/config/hosts/metrics-nekomesh/secrets.nix new file mode 100644 index 0000000..4b68fbb --- /dev/null +++ b/config/hosts/metrics-nekomesh/secrets.nix @@ -0,0 +1,21 @@ +{ keyCommandEnv, ... }: +{ + deployment.keys = { + "metrics-nekomesh-grafana-admin-password.secret" = { + keyCommand = keyCommandEnv ++ [ "pass" "metrics-nekomesh/grafana/admin-password" ]; + destDir = "/secrets"; + user = "grafana"; + group = "grafana"; + permissions = "0640"; + uploadAt = "pre-activation"; + }; + "mail-nekomesh-nekover-se.secret" = { + keyCommand = keyCommandEnv ++ [ "pass" "mail/nekomesh-nekover-se" ]; + destDir = "/secrets"; + user = "grafana"; + group = "grafana"; + permissions = "0640"; + uploadAt = "pre-activation"; + }; + }; +} diff --git a/config/hosts/web-public-2/nginx.nix b/config/hosts/web-public-2/nginx.nix index 73699fb..5c790f7 100644 --- a/config/hosts/web-public-2/nginx.nix +++ b/config/hosts/web-public-2/nginx.nix @@ -30,6 +30,7 @@ matrix-rtc.nekover.se 10.202.41.112:8443; mewtube.nekover.se 127.0.0.1:8443; nekover.se 127.0.0.1:8443; + nekomesh.nekover.se 10.202.41.126:8443; nix-cache.nekover.se 10.202.41.121:8443; searx.nekover.se 10.202.41.105:8443; social.nekover.se 10.202.41.104:8443; diff --git a/config/hosts/web-public-2/virtualHosts/acme-challenge.nix b/config/hosts/web-public-2/virtualHosts/acme-challenge.nix index 38d2804..7e970f3 100644 --- a/config/hosts/web-public-2/virtualHosts/acme-challenge.nix +++ b/config/hosts/web-public-2/virtualHosts/acme-challenge.nix @@ -7,6 +7,7 @@ let "mas.nekover.se" = "matrix.vs.grzb.de"; "matrix.nekover.se" = "matrix.vs.grzb.de"; "matrix-rtc.nekover.se" = "matrix.vs.grzb.de"; + "nekomesh.nekover.se" = "metrics-nekomesh.vs.grzb.de"; "netbox.grzb.de" = "netbox.vs.grzb.de"; "git.nekover.se" = "forgejo.vs.grzb.de"; "grafana.grzb.de" = "metrics.vs.grzb.de"; diff --git a/hosts.nix b/hosts.nix index 11a8e05..b59e3d5 100644 --- a/hosts.nix +++ b/hosts.nix @@ -76,6 +76,11 @@ in site = "vs"; environment = "proxmox"; }; + metrics-nekomesh = { + hostNixpkgs = nixpkgs-unstable; + site = "vs"; + environment = "proxmox"; + }; nextcloud = { site = "vs"; environment = "proxmox";