diff options
Diffstat (limited to 'users/aspen')
28 files changed, 329 insertions, 265 deletions
diff --git a/users/aspen/pkgs/cargo-hakari.nix b/users/aspen/pkgs/cargo-hakari.nix deleted file mode 100644 index b6f4e7e40007..000000000000 --- a/users/aspen/pkgs/cargo-hakari.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ pkgs, ... }: - -with pkgs; - -rustPlatform.buildRustPackage rec { - pname = "cargo-hakari"; - version = "0.9.13"; - - src = fetchFromGitHub { - owner = "facebookincubator"; - repo = "cargo-guppy"; - rev = "cargo-hakari-${version}"; - sha256 = "11ds2zryxdd6rvszkpphb0xnfg7rqisg6kixrwyiydjrm5rdjg9d"; - }; - - cargoSha256 = "0b2hjyak5v4m3g5zjk2q8bdb4iv3015qw1rmhpclv4cv48lcmdbb"; - - buildAndTestSubdir = "tools/cargo-hakari"; - - nativeBuildInputs = [ - pkg-config - ]; - - buildInputs = [ - openssl - ]; -} diff --git a/users/aspen/pkgs/cargo-nextest.nix b/users/aspen/pkgs/cargo-nextest.nix deleted file mode 100644 index dbf3bd7eef19..000000000000 --- a/users/aspen/pkgs/cargo-nextest.nix +++ /dev/null @@ -1,27 +0,0 @@ -{ pkgs, ... }: - -with pkgs; - -rustPlatform.buildRustPackage rec { - pname = "cargo-nextest"; - version = "0.9.36"; - - src = fetchFromGitHub { - owner = "nextest-rs"; - repo = "nextest"; - rev = "cargo-nextest-${version}"; - sha256 = "1g40r38bqmdhc0dy07pj27vkc64d3fw6v5z2vwn82xld2h9dg7w2"; - }; - - cargoSha256 = "1g862azgkn3xk3v3chs8hv1b1prj1pq2vfzbhcx6ir9l00kv6gcv"; - - cargoTestFlags = [ - "--" - "--skip" - "tests_integration::test_relocated_run" - "--skip" - "tests_integration::test_run" - "--skip" - "tests_integration::test_run_after_build" - ]; -} diff --git a/users/aspen/secrets/bbbg.age b/users/aspen/secrets/bbbg.age index ebc0df233898..379441b74f5c 100644 --- a/users/aspen/secrets/bbbg.age +++ b/users/aspen/secrets/bbbg.age Binary files differdiff --git a/users/aspen/secrets/buildkite-ssh-key.age b/users/aspen/secrets/buildkite-ssh-key.age index d9587f11df4b..61ad416385c6 100644 --- a/users/aspen/secrets/buildkite-ssh-key.age +++ b/users/aspen/secrets/buildkite-ssh-key.age Binary files differdiff --git a/users/aspen/secrets/buildkite-token.age b/users/aspen/secrets/buildkite-token.age index 320ee06c0937..5bd4923de34f 100644 --- a/users/aspen/secrets/buildkite-token.age +++ b/users/aspen/secrets/buildkite-token.age Binary files differdiff --git a/users/aspen/secrets/cloudflare.age b/users/aspen/secrets/cloudflare.age index 4f42ee782165..c94fef706c4c 100644 --- a/users/aspen/secrets/cloudflare.age +++ b/users/aspen/secrets/cloudflare.age @@ -1,9 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 CpJBgQ AVkUs8tuzVlDq3FH/zRrBr5f4KR05fONM6iCluq6hyM -feS2cxFowSWfDdUQjtmIiMc5338n805yownSZ/ZWfS8 --> ssh-ed25519 LfBFbQ F67irB+DYQ8WMhaFcO+3o0O0lJsf+tWFZ9cSGSuHgA8 -EKS4zRGUEgeldjxdx4sIsnorWHoeTlXa9LJtNf9lkAM --> QvY:XSvC-grease 04 -pBnXsOF6qugcSBp+pw ---- +g65NbIxu6bVVerS93kYZpEO5ssUZfCD+sZMzOjDUdU -RTmaF[BÊ0a_&˕=3dlzRVi6-9:U.E JΙA-qྟ|}}a=H+]mtR%9\Jt|1B \ No newline at end of file +-> ssh-ed25519 CpJBgQ 5lJGEVwg5v6612p4iOoO+ShR5kLiQAG/7m2f6R6KLRc +CvFJQChj9IssFIIvVCh6/qRPfdvLx72rf3aXBD4EAEo +-> ssh-ed25519 LfBFbQ uqcGghDi2DOAJPD/7udNpdyU4NccMJSdh8mdhzEKNyU +zT+oVqOOUvTGU8fl0X/kARGESerZfUEjW3F1g6ASlxk +-> ssh-ed25519 GeE7sQ Ehb6kwx8irEbfeFy4gzK/oWmIZRdt/MEbPysJHVRsBA +grBUiZAB9Iu37LEhNU8VBvf3jMjiO+QJfJn9dnZ3DI8 +--- Zb/3hWF4WXpQlGJ+0eB4P9ZI6uCdUv5s5n7BnEaKfZM +1^9]ጶte)Gr6.\#&H&xhM{Di^^-k5ѽh*jn)VޚG{g zeYIh]G \ No newline at end of file diff --git a/users/aspen/secrets/ddclient-password.age b/users/aspen/secrets/ddclient-password.age index 8d25e3b539bd..3bbc2e51ffd3 100644 --- a/users/aspen/secrets/ddclient-password.age +++ b/users/aspen/secrets/ddclient-password.age Binary files differdiff --git a/users/aspen/secrets/secrets.nix b/users/aspen/secrets/secrets.nix index 5bfb1c3eb08c..76126f811d02 100644 --- a/users/aspen/secrets/secrets.nix +++ b/users/aspen/secrets/secrets.nix @@ -7,8 +7,8 @@ in { "bbbg.age".publicKeys = [ grfn mugwump bbbg ]; - "cloudflare.age".publicKeys = [ grfn mugwump ]; - "ddclient-password.age".publicKeys = [ grfn mugwump ]; + "cloudflare.age".publicKeys = [ grfn mugwump ogopogo ]; + "ddclient-password.age".publicKeys = [ grfn ogopogo ]; "buildkite-ssh-key.age".publicKeys = [ grfn mugwump ogopogo ]; "buildkite-token.age".publicKeys = [ grfn mugwump ogopogo ]; "windtunnel-bot-github-token.age".publicKeys = [ grfn mugwump ogopogo ]; diff --git a/users/aspen/secrets/windtunnel-bot-github-token.age b/users/aspen/secrets/windtunnel-bot-github-token.age index daae99958276..39fd7cb3a476 100644 --- a/users/aspen/secrets/windtunnel-bot-github-token.age +++ b/users/aspen/secrets/windtunnel-bot-github-token.age @@ -1,11 +1,9 @@ age-encryption.org/v1 --> ssh-ed25519 CpJBgQ YaZ2VHyXofn2qnxRrOYO4yPPu77BEPFq/cbnfa+5WAA -VgJQoyJVxirvASD0aDsuzmbNJdIP0kpHa5b72Ri7kr8 --> ssh-ed25519 LfBFbQ cXXW3kQzZL7sU4heujIJGzvfpbX0toL2AgsJl5AZPEg -mhkKn69c/QeCJhYAFgx/MsHrIrXim3OcjkZ/rrckVLs --> ssh-ed25519 GeE7sQ /XcP3pWg+aKF1F0sPu6RpYv3Rfj2J/QI0yjg3Wgfjm0 -d+rsgbMlDJx0VrjD4/nO4UcM10hcrLxcPA3QlY1t7sQ --> "0?-grease k}d?h6 |v -7mV6AFUdCMCrkmLVQaWJPQ ---- I9Ls9AWMkSFCKw7y4pLoTkeGw7h5iROwXLuUm0nfuj8 -~v8&3\.%$ɺtQ͜},BEh w96?U \ No newline at end of file +-> ssh-ed25519 CpJBgQ PiY6IidA+GRbpjL91BVe9UdejWvi02SRcijiMOjXcm4 +XegOhgjdEdzXtz31PsGVyOZ10gH6P82Q1/txZcSxjIY +-> ssh-ed25519 LfBFbQ uqRF0nKMk1GrK+6pEBdmyHKu2ewDFlWwlKC+myey4gc +dgnX4eprSolXxCDNoVmGzGK9xLEmtmeg/cJihD4/8sU +-> ssh-ed25519 GeE7sQ ikAIyFR/qH1a+aa5mumiiDwa5o5aLsQeJKwQwMzgs1M +8htzhM5t2VnjRBrC+VrL23f9chlQjVGzjxMaFB7Arrs +--- Qm16HTo5wGUBKS0ly3OZDWp2etLyDS/zlxOHxPjS8PI +7NY6k|p2'&=mq`5T N9N)RVU-)M(%p \ No newline at end of file diff --git a/users/aspen/system/home/machines/ogopogo.nix b/users/aspen/system/home/machines/ogopogo.nix index 37396a5aa1be..38dace208411 100644 --- a/users/aspen/system/home/machines/ogopogo.nix +++ b/users/aspen/system/home/machines/ogopogo.nix @@ -13,7 +13,7 @@ in ../modules/games.nix ../modules/obs.nix ../modules/development/agda.nix - ../modules/development/readyset.nix + # ../modules/development/readyset.nix ../modules/development/ocaml.nix ] ++ (lib.optional (pathExists ../modules/private.nix) ../modules/private.nix); diff --git a/users/aspen/system/home/machines/roswell.nix b/users/aspen/system/home/machines/roswell.nix index 135477b12ddf..514f19caff17 100644 --- a/users/aspen/system/home/machines/roswell.nix +++ b/users/aspen/system/home/machines/roswell.nix @@ -11,7 +11,7 @@ in ../modules/development.nix ../modules/emacs.nix ../modules/vim.nix - ../modules/development/readyset.nix + # ../modules/development/readyset.nix ../modules/tmux.nix ] ++ (lib.optional (pathExists ../modules/private.nix) ../modules/private.nix); @@ -34,7 +34,7 @@ in openssl # Nix things - nixfmt + nixfmt-classic nix-prefetch-github nixpkgs-review cachix diff --git a/users/aspen/system/home/machines/yeren.nix b/users/aspen/system/home/machines/yeren.nix index 9a7a561b5e62..54e79f950bce 100644 --- a/users/aspen/system/home/machines/yeren.nix +++ b/users/aspen/system/home/machines/yeren.nix @@ -11,7 +11,7 @@ in ../modules/common.nix ../modules/desktop.nix ../modules/development/agda.nix - ../modules/development/readyset.nix + # ../modules/development/readyset.nix ../modules/development/ocaml.nix ] ++ (lib.optional (pathExists ../modules/private.nix) ../modules/private.nix); diff --git a/users/aspen/system/home/modules/common.nix b/users/aspen/system/home/modules/common.nix index b51ae1c7db7e..5117187d6b98 100644 --- a/users/aspen/system/home/modules/common.nix +++ b/users/aspen/system/home/modules/common.nix @@ -43,7 +43,7 @@ openssl # Nix things - nixfmt + nixfmt-classic nix-prefetch-github nixpkgs-review cachix diff --git a/users/aspen/system/home/modules/development/rust.nix b/users/aspen/system/home/modules/development/rust.nix index c4b20f231546..3c81e2398010 100644 --- a/users/aspen/system/home/modules/development/rust.nix +++ b/users/aspen/system/home/modules/development/rust.nix @@ -10,16 +10,16 @@ with lib; home.packages = with pkgs; [ rustup + + cargo-bloat cargo-edit cargo-expand + cargo-hakari + cargo-nextest cargo-udeps - cargo-bloat sccache evcxr - depot.users.aspen.pkgs.cargo-hakari - depot.users.aspen.pkgs.cargo-nextest - # benchmarking+profiling cargo-criterion cargo-flamegraph diff --git a/users/aspen/system/home/modules/email.nix b/users/aspen/system/home/modules/email.nix index cb92c40cee89..a43e3ab5a68d 100644 --- a/users/aspen/system/home/modules/email.nix +++ b/users/aspen/system/home/modules/email.nix @@ -16,7 +16,7 @@ let personal = { primary = true; address = "root@gws.fyi"; - aliases = [ "aspen@gws.fyi" "aspen@gws.fyi" ]; + aliases = [ "aspen@gws.fyi" ]; passEntry = "root-gws-msmtp"; }; }; diff --git a/users/aspen/system/system/machines/lusca.nix b/users/aspen/system/system/machines/lusca.nix index 782d504aa90b..4a9202187dd0 100644 --- a/users/aspen/system/system/machines/lusca.nix +++ b/users/aspen/system/system/machines/lusca.nix @@ -10,6 +10,7 @@ ../modules/sound.nix ../modules/tvl.nix ../modules/development.nix + ../modules/prometheus-exporter.nix ]; networking.hostName = "lusca"; @@ -130,7 +131,7 @@ hardware.sensor.iio.enable = true; - hardware.opengl.driSupport32Bit = true; + hardware.graphics.enable32Bit = true; # TPM security.tpm2 = { diff --git a/users/aspen/system/system/machines/mugwump.nix b/users/aspen/system/system/machines/mugwump.nix index 4cfa11713495..4b72a247601f 100644 --- a/users/aspen/system/system/machines/mugwump.nix +++ b/users/aspen/system/system/machines/mugwump.nix @@ -9,7 +9,6 @@ with lib; (depot.path.origSrc + "/ops/modules/prometheus-fail2ban-exporter.nix") (depot.path.origSrc + "/users/aspen/xanthous/server/module.nix") (depot.third_party.agenix.src + "/modules/age.nix") - depot.third_party.ddclient.module ]; networking.hostName = "mugwump"; @@ -83,7 +82,6 @@ with lib; in { cloudflare.file = secret "cloudflare"; - ddclient-password.file = secret "ddclient-password"; buildkite-ssh-key = { file = secret "buildkite-ssh-key"; @@ -119,161 +117,9 @@ with lib; }; }; - services.grafana = { - enable = true; - dataDir = "/var/lib/grafana"; - - settings = { - server = { - http_port = 3000; - root_url = "https://metrics.gws.fyi"; - domain = "metrics.gws.fyi"; - }; - analytics.reporting_enabled = false; - }; - - provision = { - enable = true; - datasources.settings.datasources = [{ - name = "Prometheus"; - type = "prometheus"; - url = "http://localhost:9090"; - }]; - }; - }; - security.acme.defaults.email = "root@gws.fyi"; security.acme.acceptTerms = true; - services.nginx = { - enable = true; - statusPage = true; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedTlsSettings = true; - recommendedProxySettings = true; - - virtualHosts = { - "metrics.gws.fyi" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}"; - }; - }; - }; - }; - - services.deprecated-ddclient = { - package = depot.third_party.ddclient; - enable = true; - domains = [ "home.gws.fyi" ]; - interval = "1d"; - zone = "gws.fyi"; - protocol = "cloudflare"; - username = "root@gws.fyi"; - passwordFile = config.age.secretsDir + "/ddclient-password"; - quiet = true; - }; - - security.acme.certs."metrics.gws.fyi" = { - dnsProvider = "cloudflare"; - credentialsFile = config.age.secretsDir + "/cloudflare"; - webroot = mkForce null; - }; - - services.prometheus = { - enable = true; - exporters = { - node = { - enable = true; - openFirewall = false; - - enabledCollectors = [ - "processes" - "systemd" - "tcpstat" - "wifi" - ]; - }; - - nginx = { - enable = true; - openFirewall = true; - sslVerify = false; - constLabels = [ "host=mugwump" ]; - }; - - blackbox = { - enable = true; - openFirewall = true; - configFile = pkgs.writeText "blackbox-exporter.yaml" (builtins.toJSON { - modules = { - https_2xx = { - prober = "http"; - http = { - method = "GET"; - fail_if_ssl = false; - fail_if_not_ssl = true; - preferred_ip_protocol = "ip4"; - }; - }; - }; - }); - }; - }; - - scrapeConfigs = [ - { - job_name = "node"; - scrape_interval = "5s"; - static_configs = [{ - targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; - }]; - } - { - job_name = "nginx"; - scrape_interval = "5s"; - static_configs = [{ - targets = [ "localhost:${toString config.services.prometheus.exporters.nginx.port}" ]; - }]; - } - { - job_name = "xanthous_server"; - scrape_interval = "1s"; - static_configs = [{ - targets = [ "localhost:${toString config.services.xanthous-server.metricsPort}" ]; - }]; - } - { - job_name = "blackbox"; - metrics_path = "/probe"; - params.module = [ "https_2xx" ]; - scrape_interval = "5s"; - static_configs = [{ - targets = [ - "https://gws.fyi" - "https://windtunnel.ci" - "https://app.windtunnel.ci" - "https://metrics.gws.fyi" - ]; - }]; - relabel_configs = [{ - source_labels = [ "__address__" ]; - target_label = "__param_target"; - } - { - source_labels = [ "__param_target" ]; - target_label = "instance"; - } - { - target_label = "__address__"; - replacement = "localhost:${toString config.services.prometheus.exporters.blackbox.port}"; - }]; - } - ]; - }; - services.xanthous-server.enable = true; virtualisation.docker = { diff --git a/users/aspen/system/system/machines/ogopogo.nix b/users/aspen/system/system/machines/ogopogo.nix index e80a0906dbf8..3d41a839e17b 100644 --- a/users/aspen/system/system/machines/ogopogo.nix +++ b/users/aspen/system/system/machines/ogopogo.nix @@ -11,6 +11,8 @@ ../modules/tvl.nix ../modules/development.nix ../modules/wireshark.nix + ../modules/metrics.nix + ../modules/prometheus-exporter.nix ]; networking.hostName = "ogopogo"; @@ -77,12 +79,13 @@ videoDrivers = [ "nvidia" ]; dpi = 100; }; - hardware.opengl.enable = true; + hardware.graphics.enable = true; services.picom = { enable = true; vSync = true; }; - hardware.opengl.driSupport32Bit = true; + hardware.graphics.enable32Bit = true; + hardware.nvidia.open = true; services.postgresql = { enable = true; @@ -90,18 +93,32 @@ authentication = "host all all 0.0.0.0/0 md5"; dataDir = "/data/postgresql"; package = pkgs.postgresql_15; - port = 5431; settings = { wal_level = "logical"; }; }; - nix.settings.substituters = [ "ssh://grfn@172.16.0.5" ]; - nix.settings.trusted-substituters = [ "ssh://grfn@172.16.0.5" ]; - programs.ssh.knownHosts.mugwump = { - extraHostNames = [ "172.16.0.5" ]; - publicKeyFile = pkgs.writeText "mugwump.pub" '' - ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFE2fxPgWO+zeQoLBTgsgxP7Vg7QNHlrQ+Rb3fHFTomB - ''; + # ddclient + age.secrets = + let + secret = name: depot.users.aspen.secrets."${name}.age"; + in + { + ddclient-password.file = secret "ddclient-password"; + }; + + services.ddclient = { + enable = true; + domains = [ "home.gws.fyi" ]; + interval = "1d"; + zone = "gws.fyi"; + protocol = "cloudflare"; + username = "root@gws.fyi"; + passwordFile = config.age.secretsDir + "/ddclient-password"; + quiet = true; + } + # TODO(aspen): Remove when upgrading past 4.0.0 + // lib.optionalAttrs (lib.versionOlder pkgs.ddclient.version "4.0.0") { + ssl = false; }; } diff --git a/users/aspen/system/system/machines/yeren.nix b/users/aspen/system/system/machines/yeren.nix index 653f0cd44cd5..4b563df635aa 100644 --- a/users/aspen/system/system/machines/yeren.nix +++ b/users/aspen/system/system/machines/yeren.nix @@ -93,7 +93,7 @@ sof-firmware ]; - hardware.opengl.extraPackages = with pkgs; [ + hardware.graphics.extraPackages = with pkgs; [ vaapiIntel vaapiVdpau libvdpau-va-gl @@ -118,7 +118,7 @@ lightdm-greeter.fprintAuth = true; }; - hardware.opengl.driSupport32Bit = true; + hardware.graphics.enable32Bit = true; hardware.pulseaudio.extraConfig = '' load-module module-remap-source source_name=KompleteAudio6_1 source_properties=device.description=KompleteAudio6Input1 master=alsa_input.usb-Native_Instruments_Komplete_Audio_6_458E0FFD-00.multichannel-input remix=no channels=1 master_channel_map=front-left channel_map=mono diff --git a/users/aspen/system/system/modules/containers.nix b/users/aspen/system/system/modules/containers.nix new file mode 100644 index 000000000000..587e7426b582 --- /dev/null +++ b/users/aspen/system/system/modules/containers.nix @@ -0,0 +1,12 @@ +{ config, lib, pkgs, ... }: + +{ + virtualisation.podman = { + enable = true; + defaultNetwork.settings = { dns_enabled = true; }; + dockerCompat = true; + dockerSocket.enable = true; + }; + + users.users.aspen.extraGroups = [ "docker" ]; +} diff --git a/users/aspen/system/system/modules/development.nix b/users/aspen/system/system/modules/development.nix index bd5e326b2ea6..6e96ae3c8e7f 100644 --- a/users/aspen/system/system/modules/development.nix +++ b/users/aspen/system/system/modules/development.nix @@ -1,8 +1,9 @@ { config, lib, pkgs, ... }: { - virtualisation.docker.enable = true; - users.users.aspen.extraGroups = [ "docker" ]; + imports = [ + ./containers.nix + ]; security.pam.loginLimits = [ { diff --git a/users/aspen/system/system/modules/laptop.nix b/users/aspen/system/system/modules/laptop.nix index 89c880973d80..57b2bc5a45a9 100644 --- a/users/aspen/system/system/modules/laptop.nix +++ b/users/aspen/system/system/modules/laptop.nix @@ -20,4 +20,6 @@ criticalPowerAction = "Hibernate"; percentageAction = 3; }; + + services.libinput.touchpad.naturalScrolling = true; } diff --git a/users/aspen/system/system/modules/metrics.nix b/users/aspen/system/system/modules/metrics.nix new file mode 100644 index 000000000000..0abfb27eeeb5 --- /dev/null +++ b/users/aspen/system/system/modules/metrics.nix @@ -0,0 +1,197 @@ +{ depot, config, lib, pkgs, ... }: + +with lib; + +let + nodesToScrape = [ + "ogopogo" + # "dobharchu" + "mugwump" + # "yeren" + "lusca" + ]; + + nodesRunningNginx = [ + "ogopogo" + "mugwump" + ]; + + nodesRunningPostgres = [ + "ogopogo" + ]; + + blackboxTargets = [ + "https://gws.fyi" + "https://windtunnel.ci" + "https://app.windtunnel.ci" + "https://metrics.gws.fyi" + ]; +in +{ + imports = [ + (depot.third_party.agenix.src + "/modules/age.nix") + ]; + + config = { + services.postgresql = { + ensureUsers = [{ + name = config.services.grafana.settings.database.user; + ensureDBOwnership = true; + }]; + + ensureDatabases = [ + config.services.grafana.settings.database.name + ]; + }; + + services.grafana = { + enable = true; + dataDir = "/var/lib/grafana"; + + settings = { + server = { + http_port = 3000; + root_url = "https://metrics.gws.fyi"; + domain = "metrics.gws.fyi"; + }; + analytics.reporting_enabled = false; + + database = { + type = "postgres"; + user = "grafana"; + name = "grafana"; + host = "/run/postgresql"; + }; + }; + + provision = { + enable = true; + datasources.settings.datasources = [{ + name = "Prometheus"; + type = "prometheus"; + url = "http://localhost:9090"; + }]; + }; + }; + + security.acme.defaults.email = "root@gws.fyi"; + security.acme.acceptTerms = true; + + services.nginx = { + enable = true; + statusPage = true; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedTlsSettings = true; + recommendedProxySettings = true; + + virtualHosts = { + "metrics.gws.fyi" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}"; + }; + }; + }; + }; + + age.secrets = { + cloudflare.file = depot.users.aspen.secrets."cloudflare.age"; + }; + + security.acme.certs."metrics.gws.fyi" = { + dnsProvider = "cloudflare"; + credentialsFile = config.age.secretsDir + "/cloudflare"; + webroot = mkForce null; + }; + + services.prometheus = { + enable = true; + retentionTime = "30d"; + exporters = { + blackbox = { + enable = true; + openFirewall = true; + configFile = pkgs.writeText "blackbox-exporter.yaml" (builtins.toJSON { + modules = { + https_2xx = { + prober = "http"; + http = { + method = "GET"; + fail_if_ssl = false; + fail_if_not_ssl = true; + preferred_ip_protocol = "ip4"; + }; + }; + }; + }); + }; + }; + + scrapeConfigs = [ + { + job_name = "node"; + scrape_interval = "5s"; + static_configs = + map + (node: { + targets = [ "${node}:${toString config.services.prometheus.exporters.node.port}" ]; + labels.node = node; + }) + nodesToScrape; + } + { + job_name = "nginx"; + scrape_interval = "5s"; + static_configs = + map + (node: { + targets = [ "${node}:${toString config.services.prometheus.exporters.nginx.port}" ]; + labels.node = node; + }) + nodesRunningNginx; + } + { + job_name = "postgres"; + scrape_interval = "5s"; + static_configs = + map + (node: { + targets = [ "${node}:${toString config.services.prometheus.exporters.postgres.port}" ]; + labels.node = node; + }) + nodesRunningPostgres; + } + { + job_name = "blackbox"; + metrics_path = "/probe"; + params.module = [ "https_2xx" ]; + scrape_interval = "5s"; + static_configs = [{ + targets = [ + "https://gws.fyi" + "https://windtunnel.ci" + "https://app.windtunnel.ci" + "https://metrics.gws.fyi" + ]; + }]; + relabel_configs = [ + { + source_labels = [ "__address__" ]; + target_label = "__param_target"; + } + { + source_labels = [ "__param_target" ]; + target_label = "instance"; + } + { + target_label = "__address__"; + replacement = "localhost:${toString config.services.prometheus.exporters.blackbox.port}"; + } + ]; + } + ]; + }; + }; +} diff --git a/users/aspen/system/system/modules/prometheus-exporter.nix b/users/aspen/system/system/modules/prometheus-exporter.nix new file mode 100644 index 000000000000..2916fc70ef96 --- /dev/null +++ b/users/aspen/system/system/modules/prometheus-exporter.nix @@ -0,0 +1,31 @@ +{ config, lib, pkgs, ... }: + +with lib; + +{ + services.prometheus.exporters = { + node = { + enable = true; + openFirewall = false; + + enabledCollectors = [ + "processes" + "systemd" + "tcpstat" + "wifi" + ]; + }; + + nginx = mkIf config.services.nginx.enable { + enable = true; + openFirewall = true; + sslVerify = false; + constLabels = [ "host=${config.networking.hostName}" ]; + }; + + postgres = mkIf config.services.postgresql.enable { + enable = true; + runAsLocalSuperUser = true; + }; + }; +} diff --git a/users/aspen/system/system/modules/sound.nix b/users/aspen/system/system/modules/sound.nix index 07a67a1ec43b..c97e19f9b2f8 100644 --- a/users/aspen/system/system/modules/sound.nix +++ b/users/aspen/system/system/modules/sound.nix @@ -2,8 +2,8 @@ { # Enable sound. - sound.enable = true; hardware.pulseaudio.enable = true; + services.pipewire.enable = false; environment.systemPackages = with pkgs; [ pulseaudio-ctl diff --git a/users/aspen/system/system/modules/xserver.nix b/users/aspen/system/system/modules/xserver.nix index f78edb207e9d..fca49ab9cca0 100644 --- a/users/aspen/system/system/modules/xserver.nix +++ b/users/aspen/system/system/modules/xserver.nix @@ -5,12 +5,11 @@ enable = true; xkb.layout = "us"; - libinput.enable = true; - - displayManager = { - defaultSession = "none+i3"; - }; windowManager.i3.enable = true; }; + + services.displayManager.defaultSession = "none+i3"; + + services.libinput.enable = true; } diff --git a/users/aspen/web/index.org b/users/aspen/web/index.org index 4be79fd79772..109f3a77a08c 100644 --- a/users/aspen/web/index.org +++ b/users/aspen/web/index.org @@ -11,22 +11,36 @@ my name is aspen smith and i'm a software engineer and musician. * work -most recently, i worked on database internals at [[https://readyset.io/][readyset]], an incrementally +i'm currently a software engineer at jane street. + +previously, i worked on database internals at [[https://readyset.io/][readyset]], an incrementally maintained, partially stateful materialized view maintenance system for sql that's wire-compatible with postgresql and mysql, based on [[https://github.com/mit-pdos/noria][noria]]. * projects -- [[https://windtunnel.ci/][windtunnel]], a continuous benchmarking software-as-a-service currently accepting early alpha users (send me an email if you want to try it out!) -- [[https://cs.tvl.fyi/depot/-/tree/users/aspen/achilles][achilles]], a compiler for (what I plan to become) a dependently typed, low-level functional programming language targeting LLVM -- [[https://github.com/glittershark/org-clubhouse][org-clubhouse]], an emacs package for lightweight integration between [[https://orgmode.org/][org-mode]] and [[https://clubhouse.io/][the clubhouse project management tool]] -- [[https://cs.tvl.fyi/depot/-/tree/users/aspen/xanthous][xanthous]], a terminal roguelike in haskell that I work on intermittently and exclusively for fun +- [[https://windtunnel.ci/][windtunnel]], a continuous benchmarking software-as-a-service currently + accepting early alpha users (send me an email if you want to try it out!) +- [[https://tvix.dev/][tvix]], a project to reimplement nix in rust with a focus on better performance, + maintainability, and extensibility. i'm a committer to the project, and mostly + focus on the implementation of the language evaluator. +- [[https://cs.tvl.fyi/depot/-/tree/users/aspen/achilles][achilles]], a compiler for (what I plan to become) a dependently typed, + low-level functional programming language targeting LLVM +- [[https://cs.tvl.fyi/depot/-/tree/users/aspen/xanthous][xanthous]], a terminal roguelike in haskell that I work on intermittently and + exclusively for fun * music - https://sacrosanct.bandcamp.com/, a post-rock project with a [[https://bandcamp.com/h34rken][friend of mine]] - [[https://soundcloud.com/missingggg][my current soundcloud]], releasing instrumental music under the name *missing* - i play bass in [[https://goodcry.band][good cry]], a rock band based in brooklyn +- my friend [[https://tasshin.com/][tasshin]] and i wrote, recorded and made music videos for 6 songs + together: + - [[https://www.youtube.com/watch?v=uX11-ClOf5k&list=PLXcbtcE8U1zcQsIWV7uzz-fUm2o9ggSbW&index=5][u're welcome bro]] + - [[https://www.youtube.com/watch?v=i1ZNdzkkJe4&list=PLXcbtcE8U1zcQsIWV7uzz-fUm2o9ggSbW&index=4]["cool"]] + - [[https://www.youtube.com/watch?v=5GOciie5Pjk&list=PLXcbtcE8U1zcQsIWV7uzz-fUm2o9ggSbW&index=3][being love]] + - [[https://www.youtube.com/watch?v=ew-rhBQmGpY&list=PLXcbtcE8U1zcQsIWV7uzz-fUm2o9ggSbW&index=2][gonna]] + - [[https://www.youtube.com/watch?v=GJBTaH2EozQ&list=PLXcbtcE8U1zcQsIWV7uzz-fUm2o9ggSbW&index=1][love like there's no tomorrow]] - you can also find a log of all the music I listen to [[https://www.last.fm/user/wildgriffin45][on last.fm]] * contact diff --git a/users/aspen/web/orgExportHTML.nix b/users/aspen/web/orgExportHTML.nix index aac4e32e7ac5..3a8e35f22d17 100644 --- a/users/aspen/web/orgExportHTML.nix +++ b/users/aspen/web/orgExportHTML.nix @@ -51,7 +51,7 @@ runCommand outName { inherit src; } '' --kill rm file.org substitute file.html "$2" \ - --replace '<title>‎</title>' "" + --replace-quiet '<title>‎</title>' "" rm file.html } |