metrics lxc

This commit is contained in:
Robert Perce 2025-08-23 23:14:40 -05:00
parent 0559c57556
commit 02596b8624
7 changed files with 222 additions and 20 deletions

View file

@ -12,7 +12,11 @@ build() {
dump() { dump() {
build "$@" build "$@"
sudo cp -f result/vzdump* /mnt/share/proxmox/dump/ if [ -a "vm-$1.nix" ]; then
sudo cp -f result/vzdump* /mnt/share/proxmox/dump/
elif [ -a "lxc-$1.nix" ]; then
sudo cp -f result/tarball/nixos-system-x86_64-linux.tar.xz "/mnt/share/proxmox/dump/$1.tar.xz"
fi
} }
get-ip() { get-ip() {
@ -20,8 +24,10 @@ get-ip() {
if [[ "$file" = "proxmox" ]]; then if [[ "$file" = "proxmox" ]]; then
echo 192.168.0.3 echo 192.168.0.3
return return
elif [[ "$file" != *.nix ]]; then elif [[ "$file" != *.nix && -a "vm-$1.nix" ]]; then
file="vm-$1.nix" file="vm-$1.nix"
elif [[ "$file" != *.nix && -a "lxc-$1.nix" ]]; then
file="lxc-$1.nix"
fi fi
grep ip4 "$file" | grep -Po "[0-9]+(\.[0-9]+){3}" grep ip4 "$file" | grep -Po "[0-9]+(\.[0-9]+){3}"
} }

26
flake.lock generated
View file

@ -3,11 +3,11 @@
"flake-compat": { "flake-compat": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1733328505, "lastModified": 1747046372,
"narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "narHash": "sha256-CIVLLkVgvHYbgI2UpXvIIBJ12HWgX+fjA8Xf8PUmqCY=",
"owner": "edolstra", "owner": "edolstra",
"repo": "flake-compat", "repo": "flake-compat",
"rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "rev": "9100a0f413b0c601e0533d1d94ffd501ce2e7885",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -41,11 +41,11 @@
"nixpkgs": "nixpkgs" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1748051893, "lastModified": 1755914134,
"narHash": "sha256-KV6bgVHPzb9ymVk9WDRX1lkkeoZETMbS/MyPpIOUWVo=", "narHash": "sha256-RZNriojTbxeuCcytq/RlXQ7xJIDZPzGScPxWRft2fbM=",
"owner": "Infinidoge", "owner": "Infinidoge",
"repo": "nix-minecraft", "repo": "nix-minecraft",
"rev": "a600d058c19e1668db6ba759ecc4cfd154079ab5", "rev": "f4f58df48f0ebd1c898a043790cd58dd95bc272c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -56,11 +56,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1742889210, "lastModified": 1748929857,
"narHash": "sha256-hw63HnwnqU3ZQfsMclLhMvOezpM7RSB0dMAtD5/sOiw=", "narHash": "sha256-lcZQ8RhsmhsK8u7LIFsJhsLh/pzR9yZ8yqpTzyGdj+Q=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "698214a32beb4f4c8e3942372c694f40848b360d", "rev": "c2a03962b8e24e669fb37b7df10e7c79531ff1a4",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -72,16 +72,16 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1747862697, "lastModified": 1755704039,
"narHash": "sha256-U4HaNZ1W26cbOVm0Eb5OdGSnfQVWQKbLSPrSSa78KC0=", "narHash": "sha256-gKlP0LbyJ3qX0KObfIWcp5nbuHSb5EHwIvU6UcNBg2A=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2baa12ff69913392faf0ace833bc54bba297ea95", "rev": "9cb344e96d5b6918e94e1bca2d9f3ea1e9615545",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "NixOS",
"ref": "nixos-24.11", "ref": "nixos-25.05",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }

View file

@ -1,13 +1,13 @@
{ {
inputs = { inputs = {
nixpkgs.url = "github:NixOS/nixpkgs/nixos-24.11"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.05";
nix-minecraft.url = "github:Infinidoge/nix-minecraft"; nix-minecraft.url = "github:Infinidoge/nix-minecraft";
}; };
outputs = { self, nixpkgs, ... }@inputs: outputs = { self, nixpkgs, ... }@inputs:
let let
system = "x86_64-linux"; system = "x86_64-linux";
nixos = path: nixpkgs.lib.nixosSystem { nixos-vma = path: nixpkgs.lib.nixosSystem {
specialArgs = { inherit system inputs; }; specialArgs = { inherit system inputs; };
modules = [ modules = [
"${nixpkgs}/nixos/modules/virtualisation/proxmox-image.nix" "${nixpkgs}/nixos/modules/virtualisation/proxmox-image.nix"
@ -15,16 +15,27 @@ outputs = { self, nixpkgs, ... }@inputs:
path path
]; ];
}; };
nixos-lxc = path: nixpkgs.lib.nixosSystem {
specialArgs = { inherit system inputs; };
modules = [
"${nixpkgs}/nixos/modules/virtualisation/proxmox-lxc.nix"
{ nixpkgs.hostPlatform = "${system}"; }
path
];
};
image = name: self.nixosConfigurations.${name}.config.system.build.VMA; image = name: self.nixosConfigurations.${name}.config.system.build.VMA;
lxc = name: self.nixosConfigurations.${name}.config.system.build.tarball;
in { in {
nixosConfigurations = { nixosConfigurations = {
majcraft = nixos ./vm-majcraft.nix; majcraft = nixos-vma ./vm-majcraft.nix;
homelab = nixos ./vm-homelab.nix; homelab = nixos-vma ./vm-homelab.nix;
metrics = nixos-lxc ./lxc-metrics.nix;
}; };
packages.${system} = { packages.${system} = {
majcraft = image "majcraft"; majcraft = image "majcraft";
homelab = image "homelab"; homelab = image "homelab";
metrics = lxc "metrics";
}; };
}; };
} }

116
lxc-base.nix Normal file
View file

@ -0,0 +1,116 @@
{ config, pkgs, modulesPath, lib, ... }:
{
imports = [
(modulesPath + "/virtualisation/proxmox-lxc.nix")
];
options.my.vm = {
name = lib.mkOption {
type = lib.types.nonEmptyStr;
example = "hello01";
description = "Used for vm name and hostname";
};
iface = lib.mkOption {
type = lib.types.nonEmptyStr;
default = "ens18";
example = "ens18";
description = "Interface on which static IP is bound";
};
ip4 = lib.mkOption {
type = lib.types.nonEmptyStr;
example = "192.168.0.42";
description = "Static IP for this VM";
};
};
config = let cfg = config.my.vm; in {
proxmoxLXC = {
enable = true;
};
# Allow remote updates with flakes and non-root users
nix.settings.trusted-users = [ "root" "@wheel" ];
nix.settings.experimental-features = [ "nix-command" "flakes" ];
# Enable mDNS for `hostname.local` addresses
services.avahi.enable = true;
services.avahi.nssmdns4 = true;
services.avahi.publish = {
enable = true;
addresses = true;
};
# Some sane packages we need on every system
environment.systemPackages = with pkgs; [
vim
git # for pulling nix flakes
];
# doing it here opens udp port _and_ installs package
programs.mosh.enable = true;
# Don't ask for passwords
security.sudo.wheelNeedsPassword = false;
# Don't use cloud-init
services.cloud-init.network.enable = lib.mkForce false;
networking = {
hostName = cfg.name;
nameservers = ["192.168.0.1"];
interfaces.${cfg.iface} = {
ipv4.addresses = [{
address = cfg.ip4;
prefixLength = 24;
}];
};
defaultGateway = {
address = "192.168.0.1";
interface = "${cfg.iface}";
};
defaultGateway6 = {
address = "fe80::1";
interface = "${cfg.iface}";
};
};
# Enable ssh
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.KbdInteractiveAuthentication = false;
};
programs.ssh.startAgent = true;
# Enable prometheus metrics export
networking.firewall.allowedTCPPorts = [ 9100 ];
services.prometheus.exporters.node = {
enable = true;
port = 9100;
enabledCollectors = ["systemd"];
};
# Add an admin user
users.users.admin = {
isNormalUser = true;
description = "Robert Perce";
extraGroups = [ "wheel" ];
};
users.users.admin.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFTDd1G3ufe8lCEWMbMN+q83WrrS92+qrI2tOaMtit+q robert@aether"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHdReqMvpgCuez7dTeSaMnHU/7gDal6/HH7c8m17M1hb rob@ereshkigal"
];
# Default filesystem
fileSystems."/" = lib.mkDefault {
device = "/dev/disk/by-label/nixos";
autoResize = true;
fsType = "ext4";
};
system.stateVersion = lib.mkDefault "24.11";
};
}

61
lxc-metrics.nix Normal file
View file

@ -0,0 +1,61 @@
{ config, inputs, pkgs, ... }:
{
imports = [
./lxc-base.nix
];
config = {
my.vm = {
name = "metrics01";
ip4 = "192.168.0.6";
};
# environment.systemPackages = with pkgs; [
# ]
networking.extraHosts = ''
192.168.0.2 xalicas
192.168.0.3 proxmox
192.168.0.4 craft01
192.168.0.5 lab01
192.168.0.6 metrics01
192.168.0.100 unifi
'';
networking.firewall.allowedTCPPorts = [ 3000 ];
services.grafana = {
enable = true;
settings = {
server = {
http_addr = "0.0.0.0";
http_port = 3000;
enable_gzip = true;
enforce_domain = false;
domain = "metrics.rperce.net";
};
};
};
services.prometheus = {
enable = true;
port = 9001;
scrapeConfigs = [
{ job_name = "nodes";
static_configs = [{
targets = [
"xalicas:9100"
"proxmox:9100"
"craft01:9100"
"lab01:9100"
"127.0.0.1:9100"
"unifi:9100"
];
}];
}
];
};
};
}

8
recipes/proxmox-nag.bash Normal file
View file

@ -0,0 +1,8 @@
echo '$ run ssh proxmox'
echo '$ su # with "proxmox root" pw'
echo '$ vi /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js'
echo '/No valid'
echo '?!== .active'
echo 'x'
echo ':wq'
echo 'systemctl restart pveproxy'

View file

@ -36,7 +36,7 @@
reverse_proxy http://192.168.0.2:2283 reverse_proxy http://192.168.0.2:2283
''; '';
"metrics.rperce.net".extraConfig = '' "metrics.rperce.net".extraConfig = ''
reverse_proxy http://192.168.0.2:3000 reverse_proxy http://192.168.0.6:3000
''; '';
"jellyfin.rperce.net".extraConfig = '' "jellyfin.rperce.net".extraConfig = ''
reverse_proxy http://192.168.0.2:8096 reverse_proxy http://192.168.0.2:8096