grafana-to-ntfy conf
This commit is contained in:
		
							parent
							
								
									02596b8624
								
							
						
					
					
						commit
						03c2ff373d
					
				
					 3 changed files with 75 additions and 20 deletions
				
			
		
							
								
								
									
										8
									
								
								Taskfile
									
										
									
									
									
								
							
							
						
						
									
										8
									
								
								Taskfile
									
										
									
									
									
								
							|  | @ -12,9 +12,9 @@ build() { | |||
| 
 | ||||
| dump() { | ||||
|   build "$@" | ||||
|   if [ -a "vm-$1.nix" ]; then | ||||
|   if [ -e "vm-$1.nix" ]; then | ||||
|     sudo cp -f result/vzdump* /mnt/share/proxmox/dump/ | ||||
|   elif [ -a "lxc-$1.nix" ]; then | ||||
|   elif [ -e "lxc-$1.nix" ]; then | ||||
|     sudo cp -f result/tarball/nixos-system-x86_64-linux.tar.xz "/mnt/share/proxmox/dump/$1.tar.xz" | ||||
|   fi | ||||
| } | ||||
|  | @ -24,9 +24,9 @@ get-ip() { | |||
|   if [[ "$file" = "proxmox" ]]; then | ||||
|     echo 192.168.0.3 | ||||
|     return | ||||
|   elif [[ "$file" != *.nix && -a "vm-$1.nix" ]]; then | ||||
|   elif [[ "$file" != *.nix && -e "vm-$1.nix" ]]; then | ||||
|     file="vm-$1.nix" | ||||
|   elif [[ "$file" != *.nix && -a "lxc-$1.nix" ]]; then | ||||
|   elif [[ "$file" != *.nix && -e "lxc-$1.nix" ]]; then | ||||
|     file="lxc-$1.nix" | ||||
|   fi | ||||
|   grep ip4 "$file" | grep -Po "[0-9]+(\.[0-9]+){3}" | ||||
|  |  | |||
|  | @ -1,4 +1,10 @@ | |||
| { config, inputs, pkgs, ... }: | ||||
| { | ||||
|   config, | ||||
|   inputs, | ||||
|   pkgs, | ||||
|   lib, | ||||
|   ... | ||||
| }: | ||||
| 
 | ||||
| { | ||||
|   imports = [ | ||||
|  | @ -11,9 +17,10 @@ | |||
|       ip4 = "192.168.0.6"; | ||||
|     }; | ||||
| 
 | ||||
|     # environment.systemPackages = with pkgs; [ | ||||
|     environment.systemPackages = with pkgs; [ | ||||
|       grafana-to-ntfy | ||||
|     ]; | ||||
| 
 | ||||
|     # ] | ||||
|     networking.extraHosts = '' | ||||
|       192.168.0.2    xalicas | ||||
|       192.168.0.3    proxmox | ||||
|  | @ -39,12 +46,56 @@ | |||
|       }; | ||||
|     }; | ||||
| 
 | ||||
|     ## grafana-to-ntfy config is broken in nixpkgs, so we hardcode our own | ||||
|     systemd.services.grafana-to-ntfy = { | ||||
|       wantedBy = [ "multi-user.target" ]; | ||||
|       script = "exec ${lib.getExe pkgs.grafana-to-ntfy}"; | ||||
|       environment = { | ||||
|         NTFY_URL = "https://ntfy.sh/99ecef2d-05c1-4e73-9cc5-c9a1e6d0adf0"; | ||||
|         BAUTH_USER = "grafana"; | ||||
|         BAUTH_PASS = "grafana"; | ||||
|       }; | ||||
|       serviceConfig = { | ||||
|         DynamicUser = true; | ||||
|         CapabilityBoundingSet = [ "" ]; | ||||
|         DeviceAllow = ""; | ||||
|         LockPersonality = true; | ||||
|         PrivateDevices = true; | ||||
|         PrivateUsers = true; | ||||
|         ProcSubset = "pid"; | ||||
|         ProtectClock = true; | ||||
|         ProtectControlGroups = true; | ||||
|         ProtectHome = true; | ||||
|         ProtectHostname = true; | ||||
|         ProtectKernelLogs = true; | ||||
|         ProtectKernelModules = true; | ||||
|         ProtectKernelTunables = true; | ||||
|         ProtectProc = "invisible"; | ||||
|         RestrictAddressFamilies = [ | ||||
|           "AF_INET" | ||||
|           "AF_INET6" | ||||
|           "AF_UNIX" | ||||
|         ]; | ||||
|         RestrictNamespaces = true; | ||||
|         RestrictRealtime = true; | ||||
|         MemoryDenyWriteExecute = true; | ||||
|         SystemCallArchitectures = "native"; | ||||
|         SystemCallFilter = [ | ||||
|           "@system-service" | ||||
|           "~@privileged" | ||||
|         ]; | ||||
|         UMask = "0077"; | ||||
|       }; | ||||
|     }; | ||||
| 
 | ||||
|     services.prometheus = { | ||||
|       enable = true; | ||||
|       port = 9001; | ||||
|       scrapeConfigs = [ | ||||
|         { job_name = "nodes"; | ||||
|           static_configs = [{ | ||||
|         { | ||||
|           job_name = "nodes"; | ||||
|           static_configs = [ | ||||
|             { | ||||
|               targets = [ | ||||
|                 "xalicas:9100" | ||||
|                 "proxmox:9100" | ||||
|  | @ -53,7 +104,8 @@ | |||
|                 "127.0.0.1:9100" | ||||
|                 "unifi:9100" | ||||
|               ]; | ||||
|           }]; | ||||
|             } | ||||
|           ]; | ||||
|         } | ||||
|       ]; | ||||
|     }; | ||||
|  |  | |||
|  | @ -12,10 +12,13 @@ | |||
|     }; | ||||
| 
 | ||||
|     # environment.systemPackages = with pkgs; [ | ||||
| 
 | ||||
|     # | ||||
|     # ]; | ||||
| 
 | ||||
|     networking.firewall.allowedTCPPorts = [ 80 443 ]; | ||||
|     networking.firewall.allowedTCPPorts = [ | ||||
|       80 | ||||
|       443 | ||||
|     ]; | ||||
| 
 | ||||
|     services.caddy = { | ||||
|       enable = true; | ||||
|  |  | |||
		Loading…
	
	Add table
		Add a link
		
	
		Reference in a new issue