RGBCube/ncc
1
Fork 0
mirror of https://github.com/RGBCube/ncc synced 2025-08-01 12:37:46 +00:00
Code Issues Activity

Add Prometheus

Browse source
This commit is contained in:
RGBCube 2024-01-12 18:05:56 +03:00
parent 7728c6ce6a
commit a0d026d222
No known key found for this signature in database
7 changed files with 32 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

4
hosts/cube/default.nix
View file

@ -8,13 +8,13 @@
time.timeZone = "Europe/Amsterdam"; time.timeZone = "Europe/Amsterdam";
users.users.root.passwordFile = config.age.secrets."cube.password.hash".path; users.users.root.passwordFile = config.age.secrets."cube.rgb.password.hash".path;
users.users.rgb = normalUser { users.users.rgb = normalUser {
description = "RGB"; description = "RGB";
extraGroups = [ "wheel" ]; extraGroups = [ "wheel" ];
openssh.authorizedKeys.keys = [ keys.rgbcube ]; openssh.authorizedKeys.keys = [ keys.rgbcube ];
hashedPasswordFile = config.age.secrets."cube.password.hash".path; hashedPasswordFile = config.age.secrets."cube.rgb.password.hash".path;
}; };
}) })

12
hosts/cube/mail.nix
View file

@ -5,6 +5,18 @@ let
fqdn = "mail.${domain}"; fqdn = "mail.${domain}";
in serverSystemConfiguration { in serverSystemConfiguration {
services.prometheus.exporters = {
dmarc = enabled {
imap.host = domain;
imap.passwordFile = config.age.secrets."cube.mail.password".path;
imap.username = "contact@${domain}";
};
dovecot = enabled {};
postfix = enabled {};
rspamd = enabled {};
};
mailserver = enabled { mailserver = enabled {
inherit fqdn; inherit fqdn;

7
hosts/cube/nginx.nix
View file

@ -3,7 +3,14 @@
serverSystemConfiguration { serverSystemConfiguration {
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
services.prometheus.exporters = {
nginxlog = enabled {};
nginx = enabled {};
};
services.nginx = enabled { services.nginx = enabled {
statusPage = true;
recommendedGzipSettings = true; recommendedGzipSettings = true;
recommendedOptimisation = true; recommendedOptimisation = true;
recommendedProxySettings = true; recommendedProxySettings = true;

9
hosts/cube/prometheus.nix Normal file
View file

@ -0,0 +1,9 @@
{ ulib, ... }: with ulib;
serverSystemConfiguration {
services.prometheus = enabled {
exporters.node = enabled {
enabledCollectors = [ "systemd" ];
};
};
}

BIN
secrets/cube.mail.password.age Normal file
View file

Binary file not shown.

0
secrets/cube.password.hash.age → secrets/cube.rgb.password.hash.age
View file

3
secrets/secrets.nix
View file

@ -5,7 +5,8 @@ rec {
}; };
"acme.age".publicKeys = [ keys.cube ]; "acme.age".publicKeys = [ keys.cube ];
"cube.password.hash.age".publicKeys = [ keys.cube ]; "cube.rgb.password.hash.age".publicKeys = [ keys.cube ];
"cube.mail.password.age".publicKeys = [ keys.cube ];
"cube.mail.password.hash.age".publicKeys = [ keys.cube ]; "cube.mail.password.hash.age".publicKeys = [ keys.cube ];
"cube.id.age".publicKeys = [ keys.rgbcube ]; "cube.id.age".publicKeys = [ keys.rgbcube ];
"enka.said.password.hash.age".publicKeys = [ keys.rgbcube ]; "enka.said.password.hash.age".publicKeys = [ keys.rgbcube ];