D hosts/metrics/default.nix => hosts/metrics/default.nix +0 -17
@@ 1,17 0,0 @@
-{config, ...}: {
- sops.secrets.rootPwd.neededForUsers = true;
- sops.secrets.liljamoPwd.neededForUsers = true;
-
- roles.base = {
- root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
- primaryUser = {
- username = "liljamo";
- hashedPasswordFile = config.sops.secrets.liljamoPwd.path;
- };
- };
-
- roles.tailscale = {
- enable = true;
- enableSSH = true;
- };
-}
M lxc/hosts/default.nix => lxc/hosts/default.nix +5 -0
@@ 9,4 9,9 @@ profiles: {
profile = profiles.generic;
modules = [];
};
+ metrics = {
+ system = "x86_64-linux";
+ profile = profiles.generic;
+ modules = [];
+ };
}
R systems/hosts/metrics/default.nix => lxc/hosts/metrics/default.nix +12 -4
@@ 1,9 1,17 @@
-{artautil, ...}: let
+{
+ config,
+ util,
+ ...
+}: let
influxDB2Port = 8086;
prometheusPort = 9090;
lokiPort = 9091;
grafanaPort = 3000;
in {
+ sops.secrets.rootPwd.neededForUsers = true;
+
+ roles.base.root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
+
networking.firewall.allowedTCPPorts = [
influxDB2Port
prometheusPort
@@ 38,7 46,7 @@ in {
job_name = "cadvisor";
static_configs = [
{
- targets = map (x: x + ":9080") (builtins.attrNames (artautil.getDNSEntries "lxc"));
+ targets = map (x: x + ":9080") (builtins.attrNames (util.getDNSEntries));
}
];
}
@@ 47,7 55,7 @@ in {
job_name = "node";
static_configs = [
{
- targets = map (x: x + ":9100") (builtins.attrNames (artautil.getDNSEntries "lxc"));
+ targets = map (x: x + ":9100") (builtins.attrNames (util.getDNSEntries));
}
];
}
@@ 56,7 64,7 @@ in {
job_name = "systemd";
static_configs = [
{
- targets = map (x: x + ":9558") (builtins.attrNames (artautil.getDNSEntries "lxc"));
+ targets = map (x: x + ":9558") (builtins.attrNames (util.getDNSEntries));
}
];
}
M secrets/metrics/secrets.yaml => secrets/metrics/secrets.yaml +3 -4
@@ 1,5 1,4 @@
-rootPwd: ENC[AES256_GCM,data:qtSJNQZaN/++KhOoBnyaAyovBMoH+kawjGAGWqShiQ6OkJ3xNpNxoCoGxRpnjvRLejzIdQrKaUyNcRBFRCQhjci0hRREpPzOATH5I2LTr6QvqxN+yZnQjzpD88MWzfgiferGKgo8jZ9Iig==,iv:t/7R3Ox91Ogplrol+/aOTDqHaNDKyB8k52gN40dcUOc=,tag:qln+E2gIFoXKE87d4yXuKw==,type:str]
-liljamoPwd: ENC[AES256_GCM,data:3mPe9sLoPGQQ8xybO3eO5wuuBaKBtSD70Spn9MOgkZMkbxKqebOBY0hiTeHFGMGRpYanlm7rYUefVudLQEBIhb7FP0YDDsrWeRGZxKJnxR0I8PyL75A2Einc9+gmnlT8q0pbxZTFN3Zw2g==,iv:FFEb304O/SpZrRYgAhGaOwqpKN1Pbch2KLhx0DVAMHE=,tag:40WSr5J0mKNOgTpFyso5SQ==,type:str]
+rootPwd: ENC[AES256_GCM,data:1GVT/Y6lcgID8eQWT+shfuA8N1chQdaZPSiNnfltyNXf7x/RjrDHBoqqvW23zihNjIuR5tUHjr16nAp5Qg40kqVB7ML6cHYSQZLQ3lHtqLb5ndDSVWUgMVqL+U0apIf9fTkhP4CHYeOtyQ==,iv:+DL6vF3JXeUoa4UGOTb2H5UNHlcmzYDB5GO7mSyesCA=,tag:JdHa5pcwrvcpRfjdIaSkrQ==,type:str]
sops:
kms: []
gcp_kms: []
@@ 15,8 14,8 @@ sops:
VEI4TjdpcGI2a0d2VThQelUxVUFCNDgKNRElA7Bd0KmMKWJs/VSzT2rdImYn9EyS
5RUHFPXKTwPOY9TMcFvah2b5j9VZNeK7PWOp9YeGtMObgdS7l855Mg==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2024-09-02T17:09:32Z"
- mac: ENC[AES256_GCM,data:EgkxyzvB9WiEaPbVxe2hIAgKQLvxNlJXnKfLDtsUvpS5B+yjgcEV/z20c5WfdMX2IxHvA13+pg7Bg0DAP7yqxavrUK7rOje/iHR0H5CgdbwoYRRRIs97hxQT+OFxmqOum1yKl1HtQayZmDNBu6P6Nvd40Fff5NP2iYQR5QgOKxI=,iv:TWbhEy7vWnBLgJi6qht3FulE/cpYwWJWV3fgwdui7rY=,tag:Yz1z1QtIvWwh3wHcDZ8s6g==,type:str]
+ lastmodified: "2024-11-13T15:32:42Z"
+ mac: ENC[AES256_GCM,data:P5UOY/obQEVm+hr8y6BmsSq718L8MN40UGwYOqlR/8kQIgmAjisFIfpqHYTOJLNfpEvdGB6zII9pdQ821KC8y/aoZv+38nFIdYYu6acWwQPid+WVvDfaWY84kcRgl0V6nGvIHURGC/7Qjyinte8JAUX76oQNGhme7kKx/4uUAYY=,iv:P+koina09eLeQh3JDsjJYjzUZZlJiUTIKLCGD9lequQ=,tag:kbDWdq9zz776b+Uj813+IA==,type:str]
pgp:
- created_at: "2024-09-02T17:08:27Z"
enc: |-
M systems/hosts/default.nix => systems/hosts/default.nix +0 -5
@@ 22,11 22,6 @@
profile = lxc;
modules = [];
};
- metrics = {
- system = "x86_64-linux";
- profile = lxc;
- modules = [];
- };
oci = {
system = "x86_64-linux";
profile = lxc;