fi/nix-infra
1
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add metrics-nekomesh host

Browse source
This commit is contained in:
fi 2025-11-02 21:20:49 +01:00
commit 3fcd427251
10 changed files with 138 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

5
config/hosts/mail-1/simple-nixos-mailserver.nix
View file

@ -46,6 +46,11 @@
sendOnly = true; sendOnly = true;
aliases = [ "nyareply@nekover.se" ]; aliases = [ "nyareply@nekover.se" ];
}; };
"nekomesh@nekover.se" = {
hashedPasswordFile = "/secrets/mail-nekomesh-nekover-se.secret";
sendOnly = true;
aliases = [ "nyareply@nekover.se" ];
};
"social@nekover.se" = { "social@nekover.se" = {
hashedPasswordFile = "/secrets/mail-social-nekover-se.secret"; hashedPasswordFile = "/secrets/mail-social-nekover-se.secret";
sendOnly = true; sendOnly = true;

17
config/hosts/metrics-nekomesh/configuration.nix Normal file
View file

@ -0,0 +1,17 @@
{ ... }:
{
boot.loader.grub = {
enable = true;
device = "/dev/vda";
};
networking = {
hostName = "metrics-nekomesh";
firewall = {
enable = true;
allowedTCPPorts = [ 80 443 ];
};
};
system.stateVersion = "25.11";
}

9
config/hosts/metrics-nekomesh/default.nix Normal file
View file

@ -0,0 +1,9 @@
{ ... }:
{
imports = [
./configuration.nix
./grafana.nix
./prometheus.nix
./nginx.nix
];
}

36
config/hosts/metrics-nekomesh/grafana.nix Normal file
View file

@ -0,0 +1,36 @@
{ config, ... }:
{
services.grafana = {
enable = true;
settings = {
server = {
domain = "nekomesh.nekover.se";
root_url = "https://${config.services.grafana.settings.server.domain}";
};
security = {
cookie_secure = true;
cookie_samesite = "strict";
admin_user = "fi";
admin_password = "$__file{/secrets/metrics-nekomesh-grafana-admin-password.secret}";
admin_email = "fi@nekover.se";
};
smtp = {
enabled = true;
host = "mail.grzb.de:465";
user = "nekomesh@grzb.de";
password = "$__file{/secrets/mail-nekomesh-nekover-se.secret}";
from_address = "nyareply@nekover.se";
from_name = "Nekomesh";
startTLS_policy = "NoStartTLS";
};
};
provision.datasources.settings.datasources = [
{
name = "Prometheus";
type = "prometheus";
url = "http://localhost:${builtins.toString config.services.prometheus.port}";
isDefault = true;
}
];
};
}

27
config/hosts/metrics-nekomesh/nginx.nix Normal file
View file

@ -0,0 +1,27 @@
{ config, ... }:
{
services.nginx = {
enable = true;
virtualHosts = {
${config.services.grafana.settings.server.domain} = {
forceSSL = true;
enableACME = true;
listen = [
{
addr = "0.0.0.0";
port = 80;
}
{
addr = "0.0.0.0";
port = 443;
ssl = true;
}
];
locations."/" = {
proxyPass = "http://${config.services.grafana.settings.server.http_addr}:${builtins.toString config.services.grafana.settings.server.http_port}";
proxyWebsockets = true;
};
};
};
};
}

16
config/hosts/metrics-nekomesh/prometheus.nix Normal file
View file

@ -0,0 +1,16 @@
{ ... }:
{
services.prometheus = {
enable = true;
retentionTime = "2y";
scrapeConfigs = [
{
job_name = "meshcore";
scrape_interval = "15m";
static_configs = [{
targets = [ "localhost:9091" ];
}];
}
];
};
}

21
config/hosts/metrics-nekomesh/secrets.nix Normal file
View file

@ -0,0 +1,21 @@
{ keyCommandEnv, ... }:
{
deployment.keys = {
"metrics-nekomesh-grafana-admin-password.secret" = {
keyCommand = keyCommandEnv ++ [ "pass" "metrics-nekomesh/grafana/admin-password" ];
destDir = "/secrets";
user = "grafana";
group = "grafana";
permissions = "0640";
uploadAt = "pre-activation";
};
"mail-nekomesh-nekover-se.secret" = {
keyCommand = keyCommandEnv ++ [ "pass" "mail/nekomesh-nekover-se" ];
destDir = "/secrets";
user = "grafana";
group = "grafana";
permissions = "0640";
uploadAt = "pre-activation";
};
};
}

1
config/hosts/web-public-2/nginx.nix
View file

@ -30,6 +30,7 @@
matrix-rtc.nekover.se 10.202.41.112:8443; matrix-rtc.nekover.se 10.202.41.112:8443;
mewtube.nekover.se 127.0.0.1:8443; mewtube.nekover.se 127.0.0.1:8443;
nekover.se 127.0.0.1:8443; nekover.se 127.0.0.1:8443;
nekomesh.nekover.se 10.202.41.126:8443;
nix-cache.nekover.se 10.202.41.121:8443; nix-cache.nekover.se 10.202.41.121:8443;
searx.nekover.se 10.202.41.105:8443; searx.nekover.se 10.202.41.105:8443;
social.nekover.se 10.202.41.104:8443; social.nekover.se 10.202.41.104:8443;

1
config/hosts/web-public-2/virtualHosts/acme-challenge.nix
View file

@ -7,6 +7,7 @@ let
"mas.nekover.se" = "matrix.vs.grzb.de"; "mas.nekover.se" = "matrix.vs.grzb.de";
"matrix.nekover.se" = "matrix.vs.grzb.de"; "matrix.nekover.se" = "matrix.vs.grzb.de";
"matrix-rtc.nekover.se" = "matrix.vs.grzb.de"; "matrix-rtc.nekover.se" = "matrix.vs.grzb.de";
"nekomesh.nekover.se" = "metrics-nekomesh.vs.grzb.de";
"netbox.grzb.de" = "netbox.vs.grzb.de"; "netbox.grzb.de" = "netbox.vs.grzb.de";
"git.nekover.se" = "forgejo.vs.grzb.de"; "git.nekover.se" = "forgejo.vs.grzb.de";
"grafana.grzb.de" = "metrics.vs.grzb.de"; "grafana.grzb.de" = "metrics.vs.grzb.de";

5
hosts.nix
View file

@ -76,6 +76,11 @@ in
site = "vs"; site = "vs";
environment = "proxmox"; environment = "proxmox";
}; };
metrics-nekomesh = {
hostNixpkgs = nixpkgs-unstable;
site = "vs";
environment = "proxmox";
};
nextcloud = { nextcloud = {
site = "vs"; site = "vs";
environment = "proxmox"; environment = "proxmox";