about summary refs log tree commit diff
path: root/users/grfn/system/system/machines/mugwump.nix
diff options
context:
space:
mode:
Diffstat (limited to 'users/grfn/system/system/machines/mugwump.nix')
-rw-r--r--users/grfn/system/system/machines/mugwump.nix156
1 files changed, 85 insertions, 71 deletions
diff --git a/users/grfn/system/system/machines/mugwump.nix b/users/grfn/system/system/machines/mugwump.nix
index 7de6555878..a8bf91caac 100644
--- a/users/grfn/system/system/machines/mugwump.nix
+++ b/users/grfn/system/system/machines/mugwump.nix
@@ -23,7 +23,12 @@ with lib;
     initrd = {
       availableKernelModules = [ "xhci_pci" "ehci_pci" "ahci" "usb_storage" "usbhid" "sd_mod" ];
       kernelModules = [
-        "uas" "usbcore" "usb_storage" "vfat" "nls_cp437" "nls_iso8859_1"
+        "uas"
+        "usbcore"
+        "usb_storage"
+        "vfat"
+        "nls_cp437"
+        "nls_iso8859_1"
       ];
 
       postDeviceCommands = pkgs.lib.mkBefore ''
@@ -60,31 +65,33 @@ with lib;
   networking.firewall.allowedTCPPorts = [ 22 80 443 ];
 
   security.sudo.extraRules = [{
-    groups = ["wheel"];
-    commands = [{ command = "ALL"; options = ["NOPASSWD"]; }];
+    groups = [ "wheel" ];
+    commands = [{ command = "ALL"; options = [ "NOPASSWD" ]; }];
   }];
 
   nix.gc.dates = "monthly";
 
-  age.secrets = let
-    secret = name: depot.users.grfn.secrets."${name}.age";
-  in {
-    bbbg.file = secret "bbbg";
-    cloudflare.file = secret "cloudflare";
-    ddclient-password.file = secret "ddclient-password";
-
-    buildkite-ssh-key = {
-      file = secret "buildkite-ssh-key";
-      group = "keys";
-      mode = "0440";
-    };
+  age.secrets =
+    let
+      secret = name: depot.users.grfn.secrets."${name}.age";
+    in
+    {
+      bbbg.file = secret "bbbg";
+      cloudflare.file = secret "cloudflare";
+      ddclient-password.file = secret "ddclient-password";
+
+      buildkite-ssh-key = {
+        file = secret "buildkite-ssh-key";
+        group = "keys";
+        mode = "0440";
+      };
 
-    buildkite-token = {
-      file = secret "buildkite-token";
-      group = "keys";
-      mode = "0440";
+      buildkite-token = {
+        file = secret "buildkite-token";
+        group = "keys";
+        mode = "0440";
+      };
     };
-  };
 
   services.depot.auto-deploy = {
     enable = true;
@@ -207,44 +214,49 @@ with lib;
       job_name = "node";
       scrape_interval = "5s";
       static_configs = [{
-        targets = ["localhost:${toString config.services.prometheus.exporters.node.port}"];
-      }];
-    } {
-      job_name = "nginx";
-      scrape_interval = "5s";
-      static_configs = [{
-        targets = ["localhost:${toString config.services.prometheus.exporters.nginx.port}"];
+        targets = [ "localhost:${toString config.services.prometheus.exporters.node.port}" ];
       }];
-    } {
-      job_name = "xanthous_server";
-      scrape_interval = "1s";
-      static_configs = [{
-        targets = ["localhost:${toString config.services.xanthous-server.metricsPort}"];
+    }
+      {
+        job_name = "nginx";
+        scrape_interval = "5s";
+        static_configs = [{
+          targets = [ "localhost:${toString config.services.prometheus.exporters.nginx.port}" ];
+        }];
+      }
+      {
+        job_name = "xanthous_server";
+        scrape_interval = "1s";
+        static_configs = [{
+          targets = [ "localhost:${toString config.services.xanthous-server.metricsPort}" ];
+        }];
+      }
+      {
+        job_name = "blackbox";
+        metrics_path = "/probe";
+        params.module = [ "https_2xx" ];
+        scrape_interval = "5s";
+        static_configs = [{
+          targets = [
+            "https://gws.fyi"
+            "https://windtunnel.ci"
+            "https://app.windtunnel.ci"
+            "https://metrics.gws.fyi"
+          ];
+        }];
+        relabel_configs = [{
+          source_labels = [ "__address__" ];
+          target_label = "__param_target";
+        }
+          {
+            source_labels = [ "__param_target" ];
+            target_label = "instance";
+          }
+          {
+            target_label = "__address__";
+            replacement = "localhost:${toString config.services.prometheus.exporters.blackbox.port}";
+          }];
       }];
-    } {
-      job_name = "blackbox";
-      metrics_path = "/probe";
-      params.module = ["https_2xx"];
-      scrape_interval = "5s";
-      static_configs = [{
-        targets = [
-          "https://gws.fyi"
-          "https://windtunnel.ci"
-          "https://app.windtunnel.ci"
-          "https://metrics.gws.fyi"
-        ];
-      }];
-      relabel_configs = [{
-        source_labels = ["__address__"];
-        target_label = "__param_target";
-      } {
-        source_labels = ["__param_target"];
-        target_label = "instance";
-      } {
-        target_label = "__address__";
-        replacement = "localhost:${toString config.services.prometheus.exporters.blackbox.port}";
-      }];
-    }];
   };
 
   services.xanthous-server.enable = true;
@@ -256,21 +268,23 @@ with lib;
 
   virtualisation.docker.enable = true;
 
-  services.buildkite-agents = listToAttrs (map (n: rec {
-    name = "mugwump-${toString n}";
-    value = {
-      inherit name;
-      enable = true;
-      tokenPath = "/run/agenix/buildkite-agent-token";
-      privateSshKeyPath = "/run/agenix/buildkite-ssh-key";
-      runtimePackages = with pkgs; [
-        docker
-        nix
-        gnutar
-        gzip
-      ];
-    };
-  }) (range 1 1));
+  services.buildkite-agents = listToAttrs (map
+    (n: rec {
+      name = "mugwump-${toString n}";
+      value = {
+        inherit name;
+        enable = true;
+        tokenPath = "/run/agenix/buildkite-agent-token";
+        privateSshKeyPath = "/run/agenix/buildkite-ssh-key";
+        runtimePackages = with pkgs; [
+          docker
+          nix
+          gnutar
+          gzip
+        ];
+      };
+    })
+    (range 1 1));
 
   users.users."buildkite-agent-mugwump-1" = {
     isSystemUser = true;
generated by cgit-pink 1.4.1 (git 2.44.0) at 2024-05-17T18ยท08+0000