coolneng
/
zion
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: coolneng:1723a4a872f5635343dffa70595e07d73b1b1f73
Branches Tags
coolneng:master
..
compare: coolneng:ef9f2042372eaf03693f4d35e323198c1ee13ba2
Branches Tags
coolneng:master

No commits in common. "1723a4a872f5635343dffa70595e07d73b1b1f73" and "ef9f2042372eaf03693f4d35e323198c1ee13ba2" have entirely different histories.
1723a4a872 ... ef9f204237

4 changed files with 38 additions and 6 deletions
Show Stats Expand all files Collapse all files

18
modules/monitoring.nix
View File

@ -53,20 +53,38 @@ with pkgs;
enabledCollectors = [ "systemd" ]; enabledCollectors = [ "systemd" ];
port = 9002; port = 9002;
}; };
zfs.enable = true;
wireguard.enable = true;
postgres.enable = true; postgres.enable = true;
smartctl.enable = true; smartctl.enable = true;
dnsmasq.enable = true;
nginx = {
enable = true;
scrapeUri = "http://localhost:8282/nginx_status";
};
}; };
scrapeConfigs = [{ scrapeConfigs = [{
job_name = "zion"; job_name = "zion";
static_configs = [{ static_configs = [{
targets = [ targets = [
"localhost:${toString config.services.prometheus.exporters.node.port}" "localhost:${toString config.services.prometheus.exporters.node.port}"
"localhost:${toString config.services.prometheus.exporters.zfs.port}"
"localhost:${
toString config.services.prometheus.exporters.wireguard.port
}"
"localhost:${ "localhost:${
toString config.services.prometheus.exporters.postgres.port toString config.services.prometheus.exporters.postgres.port
}" }"
"localhost:${ "localhost:${
toString config.services.prometheus.exporters.smartctl.port toString config.services.prometheus.exporters.smartctl.port
}" }"
"localhost:${
toString config.services.prometheus.exporters.dnsmasq.port
}"
"localhost:${
toString config.services.prometheus.exporters.nginx.port
}"
"localhost:9641"
]; ];
}]; }];
}]; }];

4
modules/networking.nix
View File

@ -108,7 +108,7 @@ in {
local-ttl = 300; local-ttl = 300;
conf-file = "${pkgs.dnsmasq}/share/dnsmasq/trust-anchors.conf"; conf-file = "${pkgs.dnsmasq}/share/dnsmasq/trust-anchors.conf";
dnssec = false; dnssec = true;
address = "/coolneng.duckdns.org/192.168.13.2"; address = "/coolneng.duckdns.org/192.168.13.2";
}; };
@ -129,8 +129,6 @@ in {
minisign_key = minisign_key =
"RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3"; "RWQf6LRCGA9i53mlYecO4IzT51TGPpvWucNSCh1CBM0QTaLn73Y7GFO3";
}; };
blocked_names.blocked_names_file =
"/var/lib/dnscrypt-proxy/blocklist.txt";
}; };
}; };

10
modules/periodic.nix
View File

@ -1,8 +1,8 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
stateDir = "/var/lib/dnscrypt-proxy"; stateDir = "/var/lib/dnsmasq";
blocklist = "${stateDir}/blocklist.txt"; blocklist = "${stateDir}/dnsmasq.blacklist.txt";
in { in {
# PostgreSQL daily backups # PostgreSQL daily backups
@ -20,9 +20,13 @@ in {
wantedBy = [ "default.target" ]; wantedBy = [ "default.target" ];
path = with pkgs; [ curl coreutils ]; path = with pkgs; [ curl coreutils ];
script = '' script = ''
curl -L https://download.dnscrypt.info/blacklists/domains/mybase.txt -o ${blocklist} curl -L https://github.com/notracking/hosts-blocklists/raw/master/dnsmasq/dnsmasq.blacklist.txt -o ${blocklist}
sed "/cainiao/d" -i ${blocklist}
''; '';
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
postStop = ''
chown -R dnsmasq ${stateDir}
'';
startAt = "02:00:00"; startAt = "02:00:00";
}; };

12
modules/webstack.nix
View File

@ -159,6 +159,18 @@
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
"/nginx_status/" = {
listen = [{
addr = "127.0.0.1";
port = 8282;
}];
extraConfig = ''
stub_status on;
access_log off;
allow 127.0.0.1;
deny all;
'';
};
"nightscout.coolneng.duckdns.org" = { "nightscout.coolneng.duckdns.org" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;