2024-07-30 12:07:43 +02:00
|
|
|
{
|
|
|
|
config,
|
|
|
|
_utils,
|
|
|
|
...
|
|
|
|
}: let
|
|
|
|
secrets = _utils.setupSharedSecrets config {
|
|
|
|
secrets = ["vmAuthToken"];
|
|
|
|
};
|
|
|
|
in {
|
|
|
|
imports = [
|
|
|
|
./common.nix
|
|
|
|
secrets.generate
|
|
|
|
];
|
2024-06-26 19:30:41 +02:00
|
|
|
|
2024-06-23 22:48:22 +02:00
|
|
|
_module.args.nixinate = {
|
|
|
|
host = config.networking.hostName;
|
2024-07-25 13:37:51 +02:00
|
|
|
sshUser = "leo";
|
2024-06-23 22:48:22 +02:00
|
|
|
buildOn = "remote";
|
|
|
|
substituteOnTarget = true;
|
2024-03-24 14:02:03 +01:00
|
|
|
hermetic = false; # hermetic fucks up for cross-system deployments
|
2024-06-23 22:48:22 +02:00
|
|
|
};
|
|
|
|
|
2024-06-20 16:49:12 +02:00
|
|
|
services = {
|
|
|
|
tailscale.extraUpFlags = ["--advertise-exit-node"];
|
|
|
|
|
|
|
|
openssh = {
|
|
|
|
enable = true;
|
|
|
|
settings = {
|
|
|
|
PermitRootLogin = "no";
|
|
|
|
PasswordAuthentication = false;
|
|
|
|
KbdInteractiveAuthentication = false;
|
|
|
|
X11Forwarding = false;
|
|
|
|
};
|
|
|
|
};
|
2024-07-29 22:55:37 +02:00
|
|
|
|
|
|
|
prometheus.exporters.node = {
|
|
|
|
enable = true;
|
|
|
|
port = 9091;
|
|
|
|
enabledCollectors = ["systemd"];
|
|
|
|
};
|
2024-07-30 12:07:43 +02:00
|
|
|
|
|
|
|
vmagent = {
|
|
|
|
enable = true;
|
|
|
|
remoteWrite.url = "https://metrics.uku3lig.net/api/v1/write";
|
|
|
|
extraArgs = ["-remoteWrite.bearerToken $VM_AUTH_TOKEN"];
|
|
|
|
prometheusConfig = {
|
|
|
|
global.scrape_interval = "15s";
|
|
|
|
|
|
|
|
scrape_configs = [
|
|
|
|
{
|
|
|
|
job_name = "node";
|
|
|
|
static_configs = [{targets = ["localhost:${builtins.toString config.services.prometheus.exporters.node.port}"];}];
|
|
|
|
relabel_configs = [
|
|
|
|
{
|
|
|
|
target_label = "instance";
|
|
|
|
replacement = config.networking.hostName;
|
|
|
|
}
|
|
|
|
];
|
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
2024-06-20 16:49:12 +02:00
|
|
|
};
|
2024-07-30 12:07:43 +02:00
|
|
|
|
|
|
|
systemd.services.vmagent.serviceConfig.EnvironmentFile = secrets.get "vmAuthToken";
|
2024-05-12 13:33:15 +02:00
|
|
|
}
|