cleanup

2026-01-14 16:55:00 +01:00 · 2025-08-03 16:37:18 +02:00 · 2025-08-03 16:37:18 +02:00 · a4e5e3720b
commit a4e5e3720b
parent beb86b7ea9
12 changed files with 134 additions and 176 deletions
--- a/nix/modules/caddy/default.nix
+++ b/nix/modules/caddy/default.nix
@ -1,4 +1,4 @@
-{ pkgs, config, lib, name, website, slides, blog, ... }:
+{ pkgs, config, lib, name, my-projects-versions, ... }:

 let
  caddy = pkgs.callPackage ./caddy-build.nix {
@ -11,6 +11,10 @@ let
    ];
    vendorHash = "sha256-KP9bYitM/Pocw4DxOXPVBigWh4IykNf8yKJiBlTFZmI=";
  };
+  website = import (fetchTarball "https://github.com/Noratrieb/website/archive/${my-projects-versions.website}.tar.gz");
+  blog = fetchTarball "https://github.com/Noratrieb/blog/archive/${my-projects-versions.blog}.tar.gz";
+  slides = fetchTarball "https://github.com/Noratrieb/slides/archive/${my-projects-versions.slides}.tar.gz";
+  website-build = website { inherit pkgs slides blog; };
 in
 {
  environment.systemPackages = [ caddy ];
@ -62,7 +66,7 @@ in
                header -Last-Modified
                root * ${import ./caddy-static-prepare {
                  name = "website";
-                  src = website { inherit pkgs slides blog; };
+                  src = website-build;
                  inherit pkgs lib;
                }}
                file_server {
--- a/nix/modules/default/default.nix
+++ b/nix/modules/default/default.nix
@ -1,5 +1,10 @@
-{ pkgs, lib, config, name, pretense, quotdd, nixpkgs-path, ... }: {
-  deployment.targetHost = "${config.networking.hostName}.infra.noratrieb.dev";
+{ pkgs, lib, name, my-projects-versions, networkingConfig, nixpkgs-path, ... }:
+let
+  pretense = import (fetchTarball "https://github.com/Noratrieb/pretense/archive/${my-projects-versions.pretense}.tar.gz");
+  quotdd = import (fetchTarball "https://github.com/Noratrieb/quotdd/archive/${my-projects-versions.quotdd}.tar.gz");
+in
+{
+  deployment.targetHost = "${name}.infra.noratrieb.dev";

  imports = [
    "${builtins.fetchTarball "https://github.com/ryantm/agenix/archive/de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6.tar.gz"}/modules/age.nix" # main 2024-07-26
@ -107,7 +112,7 @@
  };
  services.cadvisor = {
    enable = true;
-    listenAddress = "0.0.0.0"; # todo: $wg-ip
+    listenAddress = "0.0.0.0";
  };
  services.promtail = {
    enable = true;
@ -169,4 +174,6 @@
      ];
    };
  };
+
+  deployment.tags = networkingConfig."${name}".tags;
 }
--- a/nix/modules/dns/default.nix
+++ b/nix/modules/dns/default.nix
@ -1,4 +1,6 @@
-{ pkgs, lib, networkingConfig, ... }: {
+{ pkgs, lib, networkingConfig, ... }:
+let metricsPort = 9433; in
+{
  # get the package for the debugging tools
  environment.systemPackages = with pkgs; [ knot-dns ];

@ -40,9 +42,9 @@
    };
  };

-  networking.firewall.interfaces.wg0.allowedTCPPorts = [ 9433 ]; # metrics
+  networking.firewall.interfaces.wg0.allowedTCPPorts = [ metricsPort ];
  services.prometheus.exporters.knot = {
    enable = true;
-    port = 9433;
+    port = metricsPort;
  };
 }
--- a/nix/modules/garage/default.nix
+++ b/nix/modules/garage/default.nix
@ -1,4 +1,9 @@
-{ config, pkgs, name, ... }: {
+{ config, pkgs, name, ... }:
+let
+  rpcPort = 3901;
+  adminPort = 3903;
+in
+{
  age.secrets.garage_secrets.file = ../../secrets/garage_secrets.age;

  environment.systemPackages = with pkgs; [
@ -6,8 +11,8 @@
  ];

  networking.firewall.interfaces.wg0.allowedTCPPorts = [
-    3901 # RPC
-    3903 # admin for metrics
+    rpcPort
+    adminPort
  ];

  services.garage = {
@ -24,8 +29,8 @@
      # arbitrary, but a bit higher as disk space matters more than time. she says, cluelessly.
      compression-level = 5;

-      rpc_bind_addr = "[::]:3901";
-      rpc_public_addr = "${name}.local:3901";
+      rpc_bind_addr = "[::]:${toString rpcPort}";
+      rpc_public_addr = "${name}.local:${toString rpcPort}";

      s3_api = {
        s3_region = "garage";
@ -40,7 +45,7 @@
      };

      admin = {
-        api_bind_addr = "[::]:3903";
+        api_bind_addr = "[::]:${toString adminPort}";
      };
    };
    environmentFile = config.age.secrets.garage_secrets.path;
--- a/nix/modules/prometheus/default.nix
+++ b/nix/modules/prometheus/default.nix
@ -1,96 +1,52 @@
-{ config, lib, ... }: {
+{ config, lib, networkingConfig, ... }: {
  services.prometheus = {
    enable = true;
    globalConfig = { };
-    scrapeConfigs = [
-      {
-        job_name = "prometheus";
-        static_configs = [
-          { targets = [ "localhost:9090" ]; }
-        ];
-      }
-      {
-        job_name = "node";
-        static_configs = [
-          { targets = [ "dns1.local:9100" ]; }
-          { targets = [ "dns2.local:9100" ]; }
-          { targets = [ "vps1.local:9100" ]; }
-          { targets = [ "vps2.local:9100" ]; }
-          { targets = [ "vps3.local:9100" ]; }
-          { targets = [ "vps4.local:9100" ]; }
-          { targets = [ "vps5.local:9100" ]; }
-        ];
-      }
-      {
-        job_name = "cadvisor";
-        static_configs = [
-          { targets = [ "dns1.local:8080" ]; }
-          { targets = [ "dns2.local:8080" ]; }
-          { targets = [ "vps1.local:8080" ]; }
-          { targets = [ "vps2.local:8080" ]; }
-          { targets = [ "vps3.local:8080" ]; }
-          { targets = [ "vps4.local:8080" ]; }
-          { targets = [ "vps5.local:8080" ]; }
-        ];
-      }
-      {
-        job_name = "systemd";
-        static_configs = [
-          { targets = [ "dns1.local:9558" ]; }
-          { targets = [ "dns2.local:9558" ]; }
-          { targets = [ "vps1.local:9558" ]; }
-          { targets = [ "vps2.local:9558" ]; }
-          { targets = [ "vps3.local:9558" ]; }
-          { targets = [ "vps4.local:9558" ]; }
-          { targets = [ "vps5.local:9558" ]; }
-        ];
-      }
-      {
-        job_name = "caddy";
-        static_configs = [
-          { targets = [ "vps1.local:9010" ]; }
-          { targets = [ "vps2.local:9010" ]; }
-          { targets = [ "vps3.local:9010" ]; }
-          { targets = [ "vps4.local:9010" ]; }
-          { targets = [ "vps5.local:9010" ]; }
-        ];
-      }
-      {
-        job_name = "docker-registry";
-        static_configs = [
-          { targets = [ "vps1.local:9011" ]; }
-        ];
-      }
-      {
-        job_name = "garage";
-        static_configs = [
-          { targets = [ "vps1.local:3903" ]; }
-          { targets = [ "vps2.local:3903" ]; }
-          { targets = [ "vps3.local:3903" ]; }
-          { targets = [ "vps4.local:3903" ]; }
-          { targets = [ "vps5.local:3903" ]; }
-        ];
-      }
-      {
-        job_name = "knot";
-        static_configs = [
-          { targets = [ "dns1.local:9433" ]; }
-          { targets = [ "dns2.local:9433" ]; }
-        ];
-      }
-      {
-        job_name = "pretense";
-        static_configs = [
-          { targets = [ "dns1.local:9150" ]; }
-          { targets = [ "dns2.local:9150" ]; }
-          { targets = [ "vps1.local:9150" ]; }
-          { targets = [ "vps2.local:9150" ]; }
-          { targets = [ "vps3.local:9150" ]; }
-          { targets = [ "vps4.local:9150" ]; }
-          { targets = [ "vps5.local:9150" ]; }
-        ];
-      }
-    ];
+    scrapeConfigs =
+      let hostsWithTag = tag: map (entry: entry.name) (builtins.filter (entry: builtins.elem tag entry.value.tags) (lib.attrsToList networkingConfig)); in
+      [
+        {
+          job_name = "prometheus";
+          static_configs = [
+            { targets = [ "localhost:9090" ]; }
+          ];
+        }
+        {
+          job_name = "node";
+          static_configs = [{ targets = map (name: "${name}.local:9100") (builtins.attrNames networkingConfig); }];
+        }
+        {
+          job_name = "cadvisor";
+          static_configs = [{ targets = map (name: "${name}.local:8080") (builtins.attrNames networkingConfig); }];
+
+        }
+        {
+          job_name = "systemd";
+          static_configs = [{ targets = map (name: "${name}.local:9558") (builtins.attrNames networkingConfig); }];
+        }
+        {
+          job_name = "caddy";
+          static_configs = [{ targets = map (name: "${name}.local:9010") (hostsWithTag "apps"); }];
+        }
+        {
+          job_name = "docker-registry";
+          static_configs = [
+            { targets = [ "vps1.local:9011" ]; }
+          ];
+        }
+        {
+          job_name = "garage";
+          static_configs = [{ targets = map (name: "${name}.local:3903") (hostsWithTag "apps"); }];
+        }
+        {
+          job_name = "knot";
+          static_configs = [{ targets = map (name: "${name}.local:9433") (hostsWithTag "dns"); }];
+        }
+        {
+          job_name = "pretense";
+          static_configs = [{ targets = map (name: "${name}.local:9150") (builtins.attrNames networkingConfig); }];
+        }
+      ];
  };

  age.secrets.grafana_admin_password.file = ../../secrets/grafana_admin_password.age;
@ -132,7 +88,7 @@
    };
  };

-  networking.firewall.interfaces.wg0.allowedTCPPorts = [ 3100 ]; # loki
+  networking.firewall.interfaces.wg0.allowedTCPPorts = [ config.services.loki.configuration.server.http_listen_port ];
  age.secrets.loki_env.file = ../../secrets/loki_env.age;
  systemd.services.loki.serviceConfig.EnvironmentFile = config.age.secrets.loki_env.path;
  services.loki = {
--- a/nix/modules/registry/default.nix
+++ b/nix/modules/registry/default.nix
@ -10,9 +10,14 @@
    };
  };

-  networking.firewall.interfaces.wg0.allowedTCPPorts = [ 9011 ]; # metrics
+  networking.firewall.interfaces.wg0.allowedTCPPorts = [ 9011 ];

-  systemd.services.docker-registry.serviceConfig.EnvironmentFile = config.age.secrets.registry_s3_key_secret.path;
+  systemd.services.docker-registry = {
+    serviceConfig.EnvironmentFile = config.age.secrets.registry_s3_key_secret.path;
+    environment = {
+      OTEL_TRACES_EXPORTER = "none";
+    };
+  };
  services.dockerRegistry = {
    enable = true;
    storagePath = null;