|
|
|
@ -1,6 +1,148 @@
|
|
|
|
|
{
|
|
|
|
|
let
|
|
|
|
|
secrets = import ../secrets.nix;
|
|
|
|
|
in {
|
|
|
|
|
network.description = "Cryto";
|
|
|
|
|
|
|
|
|
|
workbot = {config, lib, pkgs, ...}@args:
|
|
|
|
|
{
|
|
|
|
|
config = {
|
|
|
|
|
services.nginx = let
|
|
|
|
|
hostRoot = pkgs.writeTextDir "index.html" "Hello world!";
|
|
|
|
|
reverseProxy = target: {
|
|
|
|
|
proxyPass = target;
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
proxy_set_header Host $http_host;
|
|
|
|
|
proxy_set_header X-Forwarded-Proto https;
|
|
|
|
|
proxy_set_header X-Forwarded-Port 443;
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
requireTLS = {
|
|
|
|
|
enableACME = true;
|
|
|
|
|
forceSSL = true;
|
|
|
|
|
};
|
|
|
|
|
in {
|
|
|
|
|
enable = true;
|
|
|
|
|
virtualHosts = {
|
|
|
|
|
"_" = {
|
|
|
|
|
default = true;
|
|
|
|
|
root = hostRoot;
|
|
|
|
|
};
|
|
|
|
|
"hydra.cryto.net" = {
|
|
|
|
|
locations = {
|
|
|
|
|
"/" = reverseProxy "http://localhost:3333";
|
|
|
|
|
};
|
|
|
|
|
} // requireTLS;
|
|
|
|
|
"prometheus.cryto.net" = {
|
|
|
|
|
locations = {
|
|
|
|
|
"/" = reverseProxy "http://localhost:9090";
|
|
|
|
|
};
|
|
|
|
|
} // requireTLS;
|
|
|
|
|
"metrics.cryto.net" = {
|
|
|
|
|
locations = {
|
|
|
|
|
"/" = reverseProxy "http://localhost:8452";
|
|
|
|
|
};
|
|
|
|
|
} // requireTLS;
|
|
|
|
|
"nix-cache.cryto.net" = {
|
|
|
|
|
root = "/var/lib/hydra-builds";
|
|
|
|
|
} // requireTLS;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.postgresql = {
|
|
|
|
|
enable = true;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.hydra = {
|
|
|
|
|
enable = true;
|
|
|
|
|
port = 3333;
|
|
|
|
|
hydraURL = "http://hydra.cryto.net/";
|
|
|
|
|
notificationSender = "hydra@cryto.net";
|
|
|
|
|
useSubstitutes = false;
|
|
|
|
|
minimumDiskFree = 20;
|
|
|
|
|
minimumDiskFreeEvaluator = 20;
|
|
|
|
|
buildMachinesFiles = pkgs.lib.mkIf (config.nix.buildMachines == []) [];
|
|
|
|
|
extraConfig = ''
|
|
|
|
|
store_uri = file:///var/lib/hydra-builds?secret-key=/var/lib/hydra/binary-cache.key&write-nar-listing=1
|
|
|
|
|
binary_cache_public_uri = https://nix-cache.cryto.net
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/* FIXME: Declaratively define data sources; Grafana module for NixOS does not appear to support this yet? */
|
|
|
|
|
services.grafana = {
|
|
|
|
|
enable = true;
|
|
|
|
|
port = 8452;
|
|
|
|
|
rootUrl = "https://metrics.cryto.net/";
|
|
|
|
|
|
|
|
|
|
security = {
|
|
|
|
|
adminUser = secrets.grafana.username;
|
|
|
|
|
adminPassword = secrets.grafana.password;
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
auth = {
|
|
|
|
|
anonymous.enable = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
services.prometheus = {
|
|
|
|
|
enable = true;
|
|
|
|
|
|
|
|
|
|
globalConfig = {
|
|
|
|
|
scrape_interval = "30s";
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
scrapeConfigs = let
|
|
|
|
|
nameInstance = address: name: {
|
|
|
|
|
source_labels = [ "__address__" ];
|
|
|
|
|
target_label = "instance";
|
|
|
|
|
regex = address;
|
|
|
|
|
replacement = name;
|
|
|
|
|
};
|
|
|
|
|
in [
|
|
|
|
|
{
|
|
|
|
|
job_name = "prometheus";
|
|
|
|
|
static_configs = [{
|
|
|
|
|
targets = [
|
|
|
|
|
"localhost:9090"
|
|
|
|
|
];
|
|
|
|
|
}];
|
|
|
|
|
relabel_configs = [
|
|
|
|
|
(nameInstance "localhost:9090" "workbot")
|
|
|
|
|
];
|
|
|
|
|
} {
|
|
|
|
|
job_name = "nodes";
|
|
|
|
|
scrape_interval = "10s";
|
|
|
|
|
static_configs = [{
|
|
|
|
|
targets = [
|
|
|
|
|
"localhost:9100"
|
|
|
|
|
"80.255.0.137:9100"
|
|
|
|
|
"64.187.233.73:9100"
|
|
|
|
|
];
|
|
|
|
|
}];
|
|
|
|
|
relabel_configs = [
|
|
|
|
|
(nameInstance "localhost:9100" "workbot")
|
|
|
|
|
(nameInstance "80.255.0.137:9100" "osmium")
|
|
|
|
|
(nameInstance "64.187.233.73:9100" "nijaxor")
|
|
|
|
|
];
|
|
|
|
|
}
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
exporters = {
|
|
|
|
|
node = {
|
|
|
|
|
enable = true;
|
|
|
|
|
enabledCollectors = [
|
|
|
|
|
"systemd"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
|
|
|
80
|
|
|
|
|
443
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
osmium = { config, lib, pkgs, ... }@args:
|
|
|
|
|
let
|
|
|
|
|
pastebinStream = (import ../applications/pastebin-stream.nix) args;
|
|
|
|
@ -16,8 +158,8 @@
|
|
|
|
|
imports = [
|
|
|
|
|
(pastebinStream {
|
|
|
|
|
errorPath = "/var/lib/pastebin-stream/errors";
|
|
|
|
|
rev = "bed9fefc9cc5dcf2c8aaf32c20e48e5eb70b0920";
|
|
|
|
|
sha256 = "0glj8hmx820afv1bqdjmyff1gvr20p40nl4ksh6200pnbncsbxyh";
|
|
|
|
|
rev = "d7a09deda0916fa99920156e928d281a5bd3d97a";
|
|
|
|
|
sha256 = "08xjcwmbzdmkzbz1al3vkryiix1y2zqc8yv4lsrw21dz0c5zl726";
|
|
|
|
|
})
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
@ -47,11 +189,21 @@
|
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
|
|
|
80
|
|
|
|
|
443
|
|
|
|
|
9100 # Prometheus node exporter
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
environment.systemPackages = with pkgs; [
|
|
|
|
|
htop
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
services.prometheus.exporters = {
|
|
|
|
|
node = {
|
|
|
|
|
enable = true;
|
|
|
|
|
enabledCollectors = [
|
|
|
|
|
"systemd"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
options.systems.osmium = with lib; {
|
|
|
|
@ -65,4 +217,22 @@
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
nijaxor = { config, lib, pkgs, ... }@args:
|
|
|
|
|
{
|
|
|
|
|
config = {
|
|
|
|
|
networking.firewall.allowedTCPPorts = [
|
|
|
|
|
9100 # Prometheus node exporter
|
|
|
|
|
];
|
|
|
|
|
|
|
|
|
|
services.prometheus.exporters = {
|
|
|
|
|
node = {
|
|
|
|
|
enable = true;
|
|
|
|
|
enabledCollectors = [
|
|
|
|
|
"systemd"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|