From b175d4accd75af1c6d9b0403d921deebab342cd1 Mon Sep 17 00:00:00 2001
From: Jonni Liljamo <jonni@liljamo.com>
Date: Wed, 13 Nov 2024 17:39:36 +0200
Subject: [PATCH] feat: move metrics

---
 hosts/metrics/default.nix                  | 17 -----------------
 lxc/hosts/default.nix                      |  5 +++++
 {systems => lxc}/hosts/metrics/default.nix | 16 ++++++++++++----
 secrets/metrics/secrets.yaml               |  7 +++----
 systems/hosts/default.nix                  |  5 -----
 5 files changed, 20 insertions(+), 30 deletions(-)
 delete mode 100644 hosts/metrics/default.nix
 rename {systems => lxc}/hosts/metrics/default.nix (94%)

diff --git a/hosts/metrics/default.nix b/hosts/metrics/default.nix
deleted file mode 100644
index d840393..0000000
--- a/hosts/metrics/default.nix
+++ /dev/null
@@ -1,17 +0,0 @@
-{config, ...}: {
-  sops.secrets.rootPwd.neededForUsers = true;
-  sops.secrets.liljamoPwd.neededForUsers = true;
-
-  roles.base = {
-    root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
-    primaryUser = {
-      username = "liljamo";
-      hashedPasswordFile = config.sops.secrets.liljamoPwd.path;
-    };
-  };
-
-  roles.tailscale = {
-    enable = true;
-    enableSSH = true;
-  };
-}
diff --git a/lxc/hosts/default.nix b/lxc/hosts/default.nix
index 6d48990..9c850f3 100644
--- a/lxc/hosts/default.nix
+++ b/lxc/hosts/default.nix
@@ -9,4 +9,9 @@ profiles: {
     profile = profiles.generic;
     modules = [];
   };
+  metrics = {
+    system = "x86_64-linux";
+    profile = profiles.generic;
+    modules = [];
+  };
 }
diff --git a/systems/hosts/metrics/default.nix b/lxc/hosts/metrics/default.nix
similarity index 94%
rename from systems/hosts/metrics/default.nix
rename to lxc/hosts/metrics/default.nix
index ed103af..2cef03a 100644
--- a/systems/hosts/metrics/default.nix
+++ b/lxc/hosts/metrics/default.nix
@@ -1,9 +1,17 @@
-{artautil, ...}: let
+{
+  config,
+  util,
+  ...
+}: let
   influxDB2Port = 8086;
   prometheusPort = 9090;
   lokiPort = 9091;
   grafanaPort = 3000;
 in {
+  sops.secrets.rootPwd.neededForUsers = true;
+
+  roles.base.root.hashedPasswordFile = config.sops.secrets.rootPwd.path;
+
   networking.firewall.allowedTCPPorts = [
     influxDB2Port
     prometheusPort
@@ -38,7 +46,7 @@ in {
         job_name = "cadvisor";
         static_configs = [
           {
-            targets = map (x: x + ":9080") (builtins.attrNames (artautil.getDNSEntries "lxc"));
+            targets = map (x: x + ":9080") (builtins.attrNames (util.getDNSEntries));
           }
         ];
       }
@@ -47,7 +55,7 @@ in {
         job_name = "node";
         static_configs = [
           {
-            targets = map (x: x + ":9100") (builtins.attrNames (artautil.getDNSEntries "lxc"));
+            targets = map (x: x + ":9100") (builtins.attrNames (util.getDNSEntries));
           }
         ];
       }
@@ -56,7 +64,7 @@ in {
         job_name = "systemd";
         static_configs = [
           {
-            targets = map (x: x + ":9558") (builtins.attrNames (artautil.getDNSEntries "lxc"));
+            targets = map (x: x + ":9558") (builtins.attrNames (util.getDNSEntries));
           }
         ];
       }
diff --git a/secrets/metrics/secrets.yaml b/secrets/metrics/secrets.yaml
index dbc54dc..254f391 100644
--- a/secrets/metrics/secrets.yaml
+++ b/secrets/metrics/secrets.yaml
@@ -1,5 +1,4 @@
-rootPwd: ENC[AES256_GCM,data:qtSJNQZaN/++KhOoBnyaAyovBMoH+kawjGAGWqShiQ6OkJ3xNpNxoCoGxRpnjvRLejzIdQrKaUyNcRBFRCQhjci0hRREpPzOATH5I2LTr6QvqxN+yZnQjzpD88MWzfgiferGKgo8jZ9Iig==,iv:t/7R3Ox91Ogplrol+/aOTDqHaNDKyB8k52gN40dcUOc=,tag:qln+E2gIFoXKE87d4yXuKw==,type:str]
-liljamoPwd: ENC[AES256_GCM,data:3mPe9sLoPGQQ8xybO3eO5wuuBaKBtSD70Spn9MOgkZMkbxKqebOBY0hiTeHFGMGRpYanlm7rYUefVudLQEBIhb7FP0YDDsrWeRGZxKJnxR0I8PyL75A2Einc9+gmnlT8q0pbxZTFN3Zw2g==,iv:FFEb304O/SpZrRYgAhGaOwqpKN1Pbch2KLhx0DVAMHE=,tag:40WSr5J0mKNOgTpFyso5SQ==,type:str]
+rootPwd: ENC[AES256_GCM,data:1GVT/Y6lcgID8eQWT+shfuA8N1chQdaZPSiNnfltyNXf7x/RjrDHBoqqvW23zihNjIuR5tUHjr16nAp5Qg40kqVB7ML6cHYSQZLQ3lHtqLb5ndDSVWUgMVqL+U0apIf9fTkhP4CHYeOtyQ==,iv:+DL6vF3JXeUoa4UGOTb2H5UNHlcmzYDB5GO7mSyesCA=,tag:JdHa5pcwrvcpRfjdIaSkrQ==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -15,8 +14,8 @@ sops:
             VEI4TjdpcGI2a0d2VThQelUxVUFCNDgKNRElA7Bd0KmMKWJs/VSzT2rdImYn9EyS
             5RUHFPXKTwPOY9TMcFvah2b5j9VZNeK7PWOp9YeGtMObgdS7l855Mg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-02T17:09:32Z"
-    mac: ENC[AES256_GCM,data:EgkxyzvB9WiEaPbVxe2hIAgKQLvxNlJXnKfLDtsUvpS5B+yjgcEV/z20c5WfdMX2IxHvA13+pg7Bg0DAP7yqxavrUK7rOje/iHR0H5CgdbwoYRRRIs97hxQT+OFxmqOum1yKl1HtQayZmDNBu6P6Nvd40Fff5NP2iYQR5QgOKxI=,iv:TWbhEy7vWnBLgJi6qht3FulE/cpYwWJWV3fgwdui7rY=,tag:Yz1z1QtIvWwh3wHcDZ8s6g==,type:str]
+    lastmodified: "2024-11-13T15:32:42Z"
+    mac: ENC[AES256_GCM,data:P5UOY/obQEVm+hr8y6BmsSq718L8MN40UGwYOqlR/8kQIgmAjisFIfpqHYTOJLNfpEvdGB6zII9pdQ821KC8y/aoZv+38nFIdYYu6acWwQPid+WVvDfaWY84kcRgl0V6nGvIHURGC/7Qjyinte8JAUX76oQNGhme7kKx/4uUAYY=,iv:P+koina09eLeQh3JDsjJYjzUZZlJiUTIKLCGD9lequQ=,tag:kbDWdq9zz776b+Uj813+IA==,type:str]
     pgp:
         - created_at: "2024-09-02T17:08:27Z"
           enc: |-
diff --git a/systems/hosts/default.nix b/systems/hosts/default.nix
index 36f6b98..571c2f9 100644
--- a/systems/hosts/default.nix
+++ b/systems/hosts/default.nix
@@ -22,11 +22,6 @@
     profile = lxc;
     modules = [];
   };
-  metrics = {
-    system = "x86_64-linux";
-    profile = lxc;
-    modules = [];
-  };
   oci = {
     system = "x86_64-linux";
     profile = lxc;
-- 
2.44.1