diff --git a/config/hosts/mail-1/secrets.nix b/config/hosts/mail-1/secrets.nix index c7dd92c..581461f 100644 --- a/config/hosts/mail-1/secrets.nix +++ b/config/hosts/mail-1/secrets.nix @@ -73,14 +73,6 @@ permissions = "0640"; uploadAt = "pre-activation"; }; - "mail-nekomesh-nekover-se.secret" = { - keyCommand = keyCommandEnv ++ [ "pass" "mail/nekomesh-nekover-se" ]; - destDir = "/secrets"; - user = "root"; - group = "root"; - permissions = "0640"; - uploadAt = "pre-activation"; - }; "mail-social-nekover-se.secret" = { keyCommand = keyCommandEnv ++ [ "pass" "mail/social-nekover-se" ]; destDir = "/secrets"; diff --git a/config/hosts/mail-1/simple-nixos-mailserver.nix b/config/hosts/mail-1/simple-nixos-mailserver.nix index c08a1a3..a4b426a 100644 --- a/config/hosts/mail-1/simple-nixos-mailserver.nix +++ b/config/hosts/mail-1/simple-nixos-mailserver.nix @@ -46,11 +46,6 @@ sendOnly = true; aliases = [ "nyareply@nekover.se" ]; }; - "nekomesh@nekover.se" = { - hashedPasswordFile = "/secrets/mail-nekomesh-nekover-se.secret"; - sendOnly = true; - aliases = [ "nyareply@nekover.se" ]; - }; "social@nekover.se" = { hashedPasswordFile = "/secrets/mail-social-nekover-se.secret"; sendOnly = true; diff --git a/config/hosts/metrics-nekomesh/configuration.nix b/config/hosts/metrics-nekomesh/configuration.nix deleted file mode 100644 index 8d5b18f..0000000 --- a/config/hosts/metrics-nekomesh/configuration.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ ... }: -{ - boot.loader.grub = { - enable = true; - device = "/dev/vda"; - }; - - networking = { - hostName = "metrics-nekomesh"; - firewall = { - enable = true; - allowedTCPPorts = [ 80 8443 9091 ]; - }; - }; - - system.stateVersion = "25.11"; -} diff --git a/config/hosts/metrics-nekomesh/default.nix b/config/hosts/metrics-nekomesh/default.nix deleted file mode 100644 index ef5c25c..0000000 --- a/config/hosts/metrics-nekomesh/default.nix +++ /dev/null @@ -1,9 +0,0 @@ -{ ... }: -{ - imports = [ - ./configuration.nix - ./grafana.nix - ./prometheus.nix - ./nginx.nix - ]; -} diff --git a/config/hosts/metrics-nekomesh/grafana.nix b/config/hosts/metrics-nekomesh/grafana.nix deleted file mode 100644 index 7697748..0000000 --- a/config/hosts/metrics-nekomesh/grafana.nix +++ /dev/null @@ -1,54 +0,0 @@ -{ config, ... }: -{ - services.grafana = { - enable = true; - settings = { - server = { - domain = "mesh.nekover.se"; - root_url = "https://${config.services.grafana.settings.server.domain}"; - }; - security = { - cookie_secure = true; - cookie_samesite = "strict"; - admin_user = "admin"; - admin_password = "$__file{/secrets/metrics-nekomesh-grafana-admin-password.secret}"; - admin_email = "fi@nekover.se"; - }; - smtp = { - enabled = true; - host = "mail.grzb.de:465"; - user = "nekomesh@grzb.de"; - password = "$__file{/secrets/mail-nekomesh-nekover-se.secret}"; - from_address = "nyareply@nekover.se"; - from_name = "Nekomesh"; - startTLS_policy = "NoStartTLS"; - }; - "auth.generic_oauth" = { - enabled = true; - name = "Nekoverse ID"; - allow_sign_up = true; - client_id = "nekomesh"; - client_secret = "$__file{/secrets/metrics-nekomesh-grafana-keycloak-client-secret.secret}"; - scopes = "openid email profile offline_access roles"; - email_attribute_path = "email"; - login_attribute_path = "preferred_username"; - name_attribute_path = "preferred_username"; - auth_url = "https://id.nekover.se/realms/nekoverse/protocol/openid-connect/auth"; - token_url = "https://id.nekover.se/realms/nekoverse/protocol/openid-connect/token"; - api_url = "https://id.nekover.se/realms/nekoverse/protocol/openid-connect/userinfo"; - use_refresh_token = true; - allow_assign_grafana_admin = true; - role_attribute_strict = true; - role_attribute_path = "contains(resource_access.nekomesh.roles[*], 'grafanaadmin') && 'GrafanaAdmin' || contains(resource_access.nekomesh.roles[*], 'admin') && 'Admin' || contains(resource_access.nekomesh.roles[*], 'editor') && 'Editor' || 'Viewer'"; - }; - }; - provision.datasources.settings.datasources = [ - { - name = "Prometheus"; - type = "prometheus"; - url = "http://localhost:${builtins.toString config.services.prometheus.port}"; - isDefault = true; - } - ]; - }; -} diff --git a/config/hosts/metrics-nekomesh/nginx.nix b/config/hosts/metrics-nekomesh/nginx.nix deleted file mode 100644 index e2fc483..0000000 --- a/config/hosts/metrics-nekomesh/nginx.nix +++ /dev/null @@ -1,32 +0,0 @@ -{ config, ... }: -{ - services.nginx = { - enable = true; - virtualHosts = { - ${config.services.grafana.settings.server.domain} = { - forceSSL = true; - enableACME = true; - listen = [ - { - addr = "0.0.0.0"; - port = 80; - } - { - addr = "0.0.0.0"; - port = 8443; - ssl = true; - extraParameters = [ "proxy_protocol" ]; - } - ]; - locations."/" = { - proxyPass = "http://${config.services.grafana.settings.server.http_addr}:${builtins.toString config.services.grafana.settings.server.http_port}"; - proxyWebsockets = true; - }; - extraConfig = '' - set_real_ip_from 10.202.41.100; - real_ip_header proxy_protocol; - ''; - }; - }; - }; -} diff --git a/config/hosts/metrics-nekomesh/prometheus.nix b/config/hosts/metrics-nekomesh/prometheus.nix deleted file mode 100644 index 7d52369..0000000 --- a/config/hosts/metrics-nekomesh/prometheus.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ ... }: -{ - services.prometheus = { - enable = true; - retentionTime = "2y"; - scrapeConfigs = [ - { - job_name = "meshcore"; - scrape_interval = "15m"; - static_configs = [{ - targets = [ "localhost:9091" ]; - }]; - } - ]; - pushgateway = { - enable = true; - web.external-url = "metrics-nekomesh.vs.grzb.de:9091"; - }; - }; -} diff --git a/config/hosts/metrics-nekomesh/secrets.nix b/config/hosts/metrics-nekomesh/secrets.nix deleted file mode 100644 index ef6bcec..0000000 --- a/config/hosts/metrics-nekomesh/secrets.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ keyCommandEnv, ... }: -{ - deployment.keys = { - "metrics-nekomesh-grafana-admin-password.secret" = { - keyCommand = keyCommandEnv ++ [ "pass" "metrics-nekomesh/grafana/admin-password" ]; - destDir = "/secrets"; - user = "grafana"; - group = "grafana"; - permissions = "0640"; - uploadAt = "pre-activation"; - }; - "metrics-nekomesh-grafana-keycloak-client-secret.secret" = { - keyCommand = keyCommandEnv ++ [ "pass" "metrics-nekomesh/grafana/keycloak-client-secret" ]; - destDir = "/secrets"; - user = "grafana"; - group = "grafana"; - permissions = "0640"; - uploadAt = "pre-activation"; - }; - "mail-nekomesh-nekover-se.secret" = { - keyCommand = keyCommandEnv ++ [ "pass" "mail/nekomesh-nekover-se" ]; - destDir = "/secrets"; - user = "grafana"; - group = "grafana"; - permissions = "0640"; - uploadAt = "pre-activation"; - }; - }; -} diff --git a/config/hosts/web-public-2/nginx.nix b/config/hosts/web-public-2/nginx.nix index 608d6a7..73699fb 100644 --- a/config/hosts/web-public-2/nginx.nix +++ b/config/hosts/web-public-2/nginx.nix @@ -30,7 +30,6 @@ matrix-rtc.nekover.se 10.202.41.112:8443; mewtube.nekover.se 127.0.0.1:8443; nekover.se 127.0.0.1:8443; - mesh.nekover.se 10.202.41.126:8443; nix-cache.nekover.se 10.202.41.121:8443; searx.nekover.se 10.202.41.105:8443; social.nekover.se 10.202.41.104:8443; diff --git a/config/hosts/web-public-2/virtualHosts/acme-challenge.nix b/config/hosts/web-public-2/virtualHosts/acme-challenge.nix index b3d0cc4..38d2804 100644 --- a/config/hosts/web-public-2/virtualHosts/acme-challenge.nix +++ b/config/hosts/web-public-2/virtualHosts/acme-challenge.nix @@ -7,7 +7,6 @@ let "mas.nekover.se" = "matrix.vs.grzb.de"; "matrix.nekover.se" = "matrix.vs.grzb.de"; "matrix-rtc.nekover.se" = "matrix.vs.grzb.de"; - "mesh.nekover.se" = "metrics-nekomesh.vs.grzb.de"; "netbox.grzb.de" = "netbox.vs.grzb.de"; "git.nekover.se" = "forgejo.vs.grzb.de"; "grafana.grzb.de" = "metrics.vs.grzb.de"; diff --git a/flake.lock b/flake.lock index e85d80b..9edf099 100644 --- a/flake.lock +++ b/flake.lock @@ -118,11 +118,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1762098551, - "narHash": "sha256-SchwrZR0pUgTCY10IxC4Lf40u3gLmbAdVeGNyomVxaE=", + "lastModified": 1761597516, + "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "0257fc3c4a1ba60fb2a9d19c2915e7315bad41db", + "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55", "type": "github" }, "original": { @@ -150,11 +150,11 @@ }, "nixpkgs-master": { "locked": { - "lastModified": 1762113106, - "narHash": "sha256-iiv03ogrvPXanFWJIBM2/wQn/3mKAYNpN/1bxWELhUE=", + "lastModified": 1761698251, + "narHash": "sha256-oGt8VAGzOS87XPl0GoG815V2YysxCCShPy32uQlHQhw=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "134fe04e1dad764124c515007533cdd3c9a01aaf", + "rev": "1028e8c843056e126be9e31d579bdd20942d7dd7", "type": "github" }, "original": { @@ -166,11 +166,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1762080734, - "narHash": "sha256-fFunzA7ITlPHRr7dECaFGTBucNiWYEVDNPBw/9gFmII=", + "lastModified": 1761676996, + "narHash": "sha256-mAB2hKwu+6ufnxdNJganMbPbfhTYzJGAWnfcC2JLEeQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "bc7f6fa86de9b208edf4ea7bbf40bcd8cc7d70a5", + "rev": "7f2539ca08e04c9bd337c00a80fefec5bd146b29", "type": "github" }, "original": { diff --git a/hosts.nix b/hosts.nix index b59e3d5..11a8e05 100644 --- a/hosts.nix +++ b/hosts.nix @@ -76,11 +76,6 @@ in site = "vs"; environment = "proxmox"; }; - metrics-nekomesh = { - hostNixpkgs = nixpkgs-unstable; - site = "vs"; - environment = "proxmox"; - }; nextcloud = { site = "vs"; environment = "proxmox";