newedge/infra
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
693a97ec266314c043c5800ddc4920d93aa469b9
infra/inventories/default.nix
T
kurogeek 9d5c033316 mob next [ci-skip] [ci skip] [skip ci] 
lastFile:modules/clan/prometheus/default.nix
2026-06-19 18:42:02 +07:00

410 lines
12 KiB
Nix
Raw Blame History

{
imports = [
./personal-computer.nix
./emmie.nix
];
clan = {
inventory = {
tags = {
glom = [
"vega"
"ramus"
"canopus"
];
poy = [
"deneb"
"bosona"
];
w = [ "sirius" ];
b4l = [
"rigel"
"neptune"
"rana"
"petra"
"alasia"
];
phonebox = [
"neptune"
"rigel"
"almach"
"alpheratz"
"mirach"
"adhil"
"buna"
];
global-network = [
"rana"
"sirius"
"hadar"
"procyon"
"alasia"
"rigel"
"vega"
];
};
instances = {
sshd = {
roles.server.tags."all" = { };
roles.server.settings = {
authorizedKeys = {
"berwn" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAB/raxJR8gASmquP63weHelbi+da2WBJR1DgzHPNz/f";
"davhau" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDuhpzDHBPvn8nv8RH1MRomDOaXyP4GziQm7r3MZ1Syk";
"vi" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAmgyEGuY/r7SDlJgrzYmQqpcWS5W+fCzRi3OS59ne4W openpgp:0xFF687387";
"kurogeek" =
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEcZ/p1Ofa9liwIzPWzNtONhJ7+FUWd2lCz33r81t8+w kurogeek@kurogeek";
"matthewcroughan" =
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIOJDRQfb1+7VK5tOe8W40iryfBWYRO6Uf1r2viDjmsJtAAAABHNzaDo=";
"matthewcroughan-1" =
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIDgsWq+G/tcr6eUQYT7+sJeBtRmOMabgFiIgIV44XNc6AAAABHNzaDo=";
"matthewcroughan-2" =
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIJMi3TAuwDtIeO4MsORlBZ31HzaV5bji1fFBPcC9/tWuAAAABHNzaDo=";
};
};
};
root-password = {
module = {
name = "users";
input = "clan-core";
};
roles.default.tags."all" = { };
roles.default.settings = {
user = "root";
};
};
tor = {
module = {
name = "tor";
input = "clan-core";
};
roles.server.tags."nixos" = { };
};
w-network = {
module = {
name = "zerotier";
input = "clan-core";
};
roles.controller.machines."sirius" = {
settings.allowedIps = [
#kurogeek
"fdfe:7bf:a795:4524:4c99:932b:d36d:b8cc"
];
};
roles.peer.tags.w = { };
};
glom-network = {
module = {
name = "zerotier";
input = "clan-core";
};
roles.controller.machines."vega" = {
settings.allowedIds = [
"dbe44c0287" # Alex-gateway
"b0e0b84fd3" # Alex
"2bd36db8cc" # kurogeek-thinkpad
];
};
roles.peer.tags.glom = { };
};
b4l-network = {
module = {
name = "zerotier";
input = "clan-core";
};
roles.controller.machines."rigel" = {
settings.allowedIds = [
"dbe44c0287" # Alex-gateway
"b0e0b84fd3" # Alex
"2bd36db8cc" # kurogeek-thinkpad
];
};
roles.peer.tags.b4l = { };
};
poy-network = {
module = {
name = "zerotier";
input = "clan-core";
};
roles.controller.machines."deneb" = {
settings.allowedIps = [
#kurogeek
"fdfe:7bf:a795:4524:4c99:932b:d36d:b8cc"
];
};
roles.peer.tags."poy" = { };
};
yggdrasil-global-network = {
module = {
name = "yggdrasil";
input = "clan-core";
};
roles.default.tags."global-network" = { };
roles.default.settings.extraPeers = [
"tls://ygg.jjolly.dev:3443"
"tls://[2602:fc24:18:7a42::1]:993"
"tcp://leo.node.3dt.net:9002"
"tcp://ygg-kcmo.incognet.io:8883"
];
};
newedge-headscale = {
module = {
name = "headscale";
input = "self";
};
roles.server.machines."alasia".settings = {
public_url = "tailvpn.public.newedge.house";
base_domain = "tailnet.newedge.house";
advertise_routes = [ "10.0.10.0/24" ];
nameservers = [
"10.0.10.82"
"1.1.1.1"
"8.8.8.8"
];
};
};
yggdrasil-phone-network = {
module = {
name = "yggdrasil";
input = "clan-core";
};
roles.default.tags."phonebox" = { };
roles.default.settings.extraYggdrasilIPs = [ "200:c806:c13b:b855:723f:473:55:7904" ];
roles.default.settings.extraPeers = [
"tls://ygg.jjolly.dev:3443"
"tls://[2602:fc24:18:7a42::1]:993"
"tcp://leo.node.3dt.net:9002"
"tcp://ygg-kcmo.incognet.io:8883"
];
};
phonebox = {
module = {
name = "phonebox";
input = "self";
};
roles.default.tags."phonebox" = { };
roles.default.machines."adhil".settings = {
ata-ethernet-iface = "end0";
};
};
pulse-stream = {
module = {
name = "pulse-stream";
input = "self";
};
roles.default.machines.neptune = {
settings.client-ip-ranges = [
"10.0.0.0/24"
];
};
};
jukebox = {
module = {
name = "jukebox";
input = "self";
};
roles.default.machines.neptune = {
settings = {
binds = [ "wlp1s0" ];
disks.m3 = {
uuid = "105D-319E";
mountOptions = [ "utf8" ];
};
};
};
};
git-daemon = {
module = {
name = "git-daemon";
input = "self";
};
roles.default.machines.neptune = {
settings.repositories =
let
defaults = rec {
write-access = [
"10.0.0.0/24"
"200:d7b1:c5d5:ea7:27ad:6837:40f6:404d/128"
];
read-access = write-access;
};
PUBLIC = {
read-access = [
"10.0.0.0/24"
"0200::/7"
];
};
in
builtins.mapAttrs (_: override: defaults // override) {
"9e" = PUBLIC;
archive-dl = { };
barrytown = { };
cleanroom = PUBLIC;
community-memory = { };
eris = { };
ftdi-sd-spi = { };
go-go-gadget = { };
hacking-the-kindle = { };
islands = PUBLIC;
kt = { };
legba = { };
llb = PUBLIC;
llc = PUBLIC;
lora = { };
mute = { };
navi = { };
notmuch-memoryhole = PUBLIC;
pms5003 = { };
thinc = PUBLIC;
toad = { };
yggdrasil-erlang = { };
};
};
};
samba = {
module = {
name = "samba";
input = "self";
};
roles.server.machines."sirius".settings = {
globalUsers = {
w.writePerm = true;
};
sharedFolders = {
WHITEHOUSE = {
allowedGuest = true;
};
};
dataDir = "/mnt/hdd/samba";
};
};
wordpress = {
module = {
name = "wordpress";
input = "self";
};
roles.server.machines."tangra".settings = {
tenants = [
"poyfestival.com"
];
phpfpmOptions = ''
upload_max_filesize=64M
post_max_size=128M
'';
wpExtraConfig = ''
define('WP_MEMORY_LIMIT', '256M');
define('WP_DEBUG', false);
define('WP_DEBUG_DISPLAY', false);
define('WP_DEBUG_LOG', false);
'';
};
};
prometheus-monitoring = {
module = {
name = "prometheus";
input = "self";
};
roles.server.machines."rigel".settings = { };
roles.server.extraModules = [
(
{ config, pkgs, ... }:
{
clan.core.vars.generators.prometheus = {
files.matrix-alertmanager-token.secret = true;
files.matrix-alertmanager-secret.secret = true;
files.matrix-alertmanager-urlfile = {
secret = true;
owner = "alertmanager";
group = "alertmanager";
};
script = ''
echo "" > $out/matrix-alertmanager-token
openssl rand -hex 32 > "$out"/matrix-alertmanager-secret
echo "http://localhost:3000/alerts?secret=$(cat $out/matrix-alertmanager-secret)" > $out/matrix-alertmanager-urlfile
'';
runtimeInputs = [
pkgs.openssl
];
};
services.matrix-alertmanager = {
enable = true;
tokenFile = config.clan.core.vars.generators.prometheus.files.matrix-alertmanager-token.path;
secretFile = config.clan.core.vars.generators.prometheus.files.matrix-alertmanager-secret.path;
homeserverUrl = "https://matrix-client.matrix.org";
matrixUser = "@kuroiris:matrix.org";
matrixRooms = [
{
receivers = [
"matrix"
];
roomId = "!rqIrWqPvsXqMgYpcNZ:matrix.org";
}
];
};
services.prometheus = {
alertmanager = {
enable = true;
configuration = {
global = {
resolve_timeout = "5m";
};
route = {
receiver = "default";
routes = [
{
receiver = "matrix";
}
];
};
receivers = [
{ name = "default"; }
{
name = "matrix";
webhook_configs = [
{
url_file = config.clan.core.vars.generators.prometheus.files.matrix-alertmanager-urlfile.path;
send_resolved = true;
}
];
}
];
};
};
};
}
)
];
roles.nodes.machines = {
vega.settings = {
exporters.smartctl = { };
exporters.zfs = { };
};
};
};
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink