diff options
Diffstat (limited to 'users/grfn/system/system/machines/mugwump.nix')
-rw-r--r-- | users/grfn/system/system/machines/mugwump.nix | 156 |
1 files changed, 85 insertions, 71 deletions
diff --git a/users/grfn/system/system/machines/mugwump.nix b/users/grfn/system/system/machines/mugwump.nix index 7de6555878d9..a8bf91caacc0 100644 --- a/users/grfn/system/system/machines/mugwump.nix +++ b/users/grfn/system/system/machines/mugwump.nix @@ -23,7 +23,12 @@ with lib; initrd = { availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ]; kernelModules = [ - "uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1" + "uas" + "usbcore" + "usb_storage" + "vfat" + "nls_cp437" + "nls_iso8859_1" ]; postDeviceCommands = pkgs.lib.mkBefore '' @@ -60,31 +65,33 @@ with lib; networking.firewall.allowedTCPPorts = [ 22 80 443 ]; security.sudo.extraRules = [{ - groups = ["wheel"]; - commands = [{ command = "ALL"; options = ["NOPASSWD"]; }]; + groups = [ "wheel" ]; + commands = [{ command = "ALL"; options = [ "NOPASSWD" ]; }]; }]; nix.gc.dates = "monthly"; - age.secrets = let - secret = name: depot.users.grfn.secrets."${name}.age"; - in { - bbbg.file = secret "bbbg"; - cloudflare.file = secret "cloudflare"; - ddclient-password.file = secret "ddclient-password"; - - buildkite-ssh-key = { - file = secret "buildkite-ssh-key"; - group = "keys"; - mode = "0440"; - }; + age.secrets = + let + secret = name: depot.users.grfn.secrets."${name}.age"; + in + { + bbbg.file = secret "bbbg"; + cloudflare.file = secret "cloudflare"; + ddclient-password.file = secret "ddclient-password"; + + buildkite-ssh-key = { + file = secret "buildkite-ssh-key"; + group = "keys"; + mode = "0440"; + }; - buildkite-token = { - file = secret "buildkite-token"; - group = "keys"; - mode = "0440"; + buildkite-token = { + file = secret "buildkite-token"; + group = "keys"; + mode = "0440"; + }; }; - }; services.depot.auto-deploy = { enable = true; @@ -207,44 +214,49 @@ with lib; job_name = "node"; scrape_interval = "5s"; static_configs = [{ - targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"]; - }]; - } { - job_name = "nginx"; - scrape_interval = "5s"; - static_configs = [{ - targets = ["localhost:${toString config.services.prometheus.exporters.nginx.port}"]; + targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ]; }]; - } { - job_name = "xanthous_server"; - scrape_interval = "1s"; - static_configs = [{ - targets = ["localhost:${toString config.services.xanthous-server.metricsPort}"]; + } + { + job_name = "nginx"; + scrape_interval = "5s"; + static_configs = [{ + targets = [ "localhost:${toString config.services.prometheus.exporters.nginx.port}" ]; + }]; + } + { + job_name = "xanthous_server"; + scrape_interval = "1s"; + static_configs = [{ + targets = [ "localhost:${toString config.services.xanthous-server.metricsPort}" ]; + }]; + } + { + job_name = "blackbox"; + metrics_path = "/probe"; + params.module = [ "https_2xx" ]; + scrape_interval = "5s"; + static_configs = [{ + targets = [ + "https://gws.fyi" + "https://windtunnel.ci" + "https://app.windtunnel.ci" + "https://metrics.gws.fyi" + ]; + }]; + relabel_configs = [{ + source_labels = [ "__address__" ]; + target_label = "__param_target"; + } + { + source_labels = [ "__param_target" ]; + target_label = "instance"; + } + { + target_label = "__address__"; + replacement = "localhost:${toString config.services.prometheus.exporters.blackbox.port}"; + }]; }]; - } { - job_name = "blackbox"; - metrics_path = "/probe"; - params.module = ["https_2xx"]; - scrape_interval = "5s"; - static_configs = [{ - targets = [ - "https://gws.fyi" - "https://windtunnel.ci" - "https://app.windtunnel.ci" - "https://metrics.gws.fyi" - ]; - }]; - relabel_configs = [{ - source_labels = ["__address__"]; - target_label = "__param_target"; - } { - source_labels = ["__param_target"]; - target_label = "instance"; - } { - target_label = "__address__"; - replacement = "localhost:${toString config.services.prometheus.exporters.blackbox.port}"; - }]; - }]; }; services.xanthous-server.enable = true; @@ -256,21 +268,23 @@ with lib; virtualisation.docker.enable = true; - services.buildkite-agents = listToAttrs (map (n: rec { - name = "mugwump-${toString n}"; - value = { - inherit name; - enable = true; - tokenPath = "/run/agenix/buildkite-agent-token"; - privateSshKeyPath = "/run/agenix/buildkite-ssh-key"; - runtimePackages = with pkgs; [ - docker - nix - gnutar - gzip - ]; - }; - }) (range 1 1)); + services.buildkite-agents = listToAttrs (map + (n: rec { + name = "mugwump-${toString n}"; + value = { + inherit name; + enable = true; + tokenPath = "/run/agenix/buildkite-agent-token"; + privateSshKeyPath = "/run/agenix/buildkite-ssh-key"; + runtimePackages = with pkgs; [ + docker + nix + gnutar + gzip + ]; + }; + }) + (range 1 1)); users.users."buildkite-agent-mugwump-1" = { isSystemUser = true; |