feat: better prometheus integration

feat: enable tailscale on servers
fix
2024-07-30 20:14:37 +08:00 · 2024-07-30 20:13:20 +08:00 · 2024-07-30 20:09:41 +08:00 · 2024-07-30 17:03:27 +08:00
4 changed files with 19 additions and 57 deletions
--- a/machines/calcite/configuration.nix
+++ b/machines/calcite/configuration.nix
@ -208,7 +208,6 @@
    element-desktop
    tdesktop
    qq
-    feishu

    # Password manager
    bitwarden
@ -265,6 +264,11 @@
  custom.forgejo-actions-runner.enable = true;
  custom.forgejo-actions-runner.tokenFile = config.sops.secrets.gitea_env.path;

+  custom.prometheus = {
+    enable = true;
+    exporters.enable = true;
+  };
+
  # MTP support
  services.gvfs.enable = true;

--- a/machines/dolomite/default.nix
+++ b/machines/dolomite/default.nix
@ -14,6 +14,12 @@ in
  config = {
    isBandwagon = builtins.elem config.networking.hostName bwgHosts;
    isLightsail = builtins.elem config.networking.hostName awsHosts;
+
+    commonSettings = {
+      auth.enable = true;
+      nix.enable = true;
+    };
+
    sops = {
      secrets = {
        wg_private_key = {
@ -43,6 +49,8 @@ in
    networking.firewall.allowedTCPPorts = [ 80 8080 ];
    networking.firewall.allowedUDPPorts = [ ] ++ (lib.range 6311 6314);

+    services.tailscale.enable = true;
+
    custom.prometheus = {
      enable = false;
      exporters.enable = false;
@ -52,33 +60,6 @@ in
      };
    };

-    custom.kanidm-client = {
-      enable = true;
-      uri = "https://auth.xinyang.life/";
-      asSSHAuth = {
-        enable = true;
-        allowedGroups = [ "linux_users" ];
-      };
-      sudoers = [ "xin@auth.xinyang.life" ];
-    };
-
-    services.openssh = {
-      settings = {
-        PasswordAuthentication = false;
-        KbdInteractiveAuthentication = false;
-        PermitRootLogin = lib.mkForce "no";
-        GSSAPIAuthentication = "no";
-        KerberosAuthentication = "no";
-      };
-    };
-    services.fail2ban.enable = true;
-    programs.mosh.enable = true;
-
-    security.sudo = {
-      execWheelOnly = true;
-      wheelNeedsPassword = false;
-    };
-
    services.sing-box = let
      singTls = {
        enabled = true;
--- a/machines/massicot/default.nix
+++ b/machines/massicot/default.nix
@ -7,6 +7,11 @@
    ./networking.nix
    ./services.nix
  ];
+
+  commonSettings = {
+    auth.enable = true;
+    nix.enable = true;
+  };
  
  sops = {
    defaultSopsFile = ./secrets.yaml;
@ -52,34 +57,6 @@
  networking = {
    hostName = "massicot";
  };
-
-  custom.kanidm-client = {
-    enable = true;
-    uri = "https://auth.xinyang.life/";
-    asSSHAuth = {
-      enable = true;
-      allowedGroups = [ "linux_users" ];
-    };
-    sudoers = [ "xin@auth.xinyang.life" ];
-  };
-
-  security.sudo = {
-      execWheelOnly = true;
-      wheelNeedsPassword = false;
-    };
-
-  services.openssh = {
-    enable = true;
-    settings = {
-      PasswordAuthentication = false;
-      KbdInteractiveAuthentication = false;
-      PermitRootLogin = "no";
-      GSSAPIAuthentication = "no";
-      KerberosAuthentication = "no";
-    };
-  };
-  services.fail2ban.enable = true;
-  programs.mosh.enable = true;
  
  systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
 }
--- a/modules/nixos/prometheus.nix
+++ b/modules/nixos/prometheus.nix
@ -103,7 +103,7 @@ in
              name = "ntfy";
              webhook_configs = [
                {
-                  url = "${config.services.ntfy-sh.settings.base-url}/prometheus-alerts";
+                  url = "https://ntfy.xinyang.life/prometheus-alerts";
                  send_resolved = true;
                }
              ];
Author	SHA1	Message	Date
xinyangli	745ce62f88	feat: better prometheus integration	2024-07-30 20:14:37 +08:00
xinyangli	1830ab192c	feat: enable tailscale on servers	2024-07-30 20:13:20 +08:00
xinyangli	013d87afdf	fix	2024-07-30 20:09:41 +08:00
xinyangli	c88f86eec2	feat: enable tailscale on servers	2024-07-30 17:03:27 +08:00