Compare commits
38 commits
Author | SHA1 | Date | |
---|---|---|---|
Ilya K | cae763e8dd | ||
Ilya K | 4f1378937f | ||
Ilya K | 7e3074a769 | ||
Ilya K | 3182a036c0 | ||
Ilya K | 54e8282aac | ||
Ilya K | 41be8dc170 | ||
Ilya K | b08330c42b | ||
Ilya K | 268422f653 | ||
Yureka | 4e03cf2309 | ||
Yureka | 00a5d373f3 | ||
Yureka | ec93c94e7e | ||
raito | f56576d644 | ||
raito | 1ae3d7c396 | ||
raito | cca8156e52 | ||
raito | 7df7eaeb9b | ||
Kiara Grouwstra | 5ae71fff99 | ||
raito | 02f8bc7ca4 | ||
raito | e0c029ba43 | ||
raito | 3ed36f74fd | ||
raito | b1f4674da0 | ||
raito | 226eacdeec | ||
Ilya K | 14935c5e92 | ||
raito | bee402fecc | ||
raito | 3efdd0f6c9 | ||
raito | 8c0c7b517f | ||
raito | d5500d7c4e | ||
raito | eaf48a0cdd | ||
raito | e3129fec51 | ||
raito | 437293bdaa | ||
mei (ckie) | df8a57f91a | ||
Yureka | 97bee26977 | ||
Luke Granger-Brown | 84cfbdb050 | ||
Luke Granger-Brown | 6a8f49f180 | ||
Yureka | 06dd4d6e85 | ||
Luke Granger-Brown | de085155a6 | ||
Luke Granger-Brown | 2001012325 | ||
raito | fbf26302b6 | ||
raito | 1701a2b388 |
9
.envrc
9
.envrc
|
@ -1,2 +1,11 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
# the shebang is ignored, but nice for editors
|
||||||
|
|
||||||
# shellcheck shell=bash
|
# shellcheck shell=bash
|
||||||
|
if type -P lorri &>/dev/null; then
|
||||||
|
eval "$(lorri direnv --flake .)"
|
||||||
|
else
|
||||||
|
echo 'while direnv evaluated .envrc, could not find the command "lorri" [https://github.com/nix-community/lorri]'
|
||||||
use flake
|
use flake
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
|
@ -19,12 +19,14 @@ in
|
||||||
"thubrecht"
|
"thubrecht"
|
||||||
"winter"
|
"winter"
|
||||||
"yuka"
|
"yuka"
|
||||||
|
"ckie"
|
||||||
];
|
];
|
||||||
|
|
||||||
lix-infra.members = [
|
lix-infra.members = [
|
||||||
"raito"
|
"raito"
|
||||||
"hexchen"
|
"hexchen"
|
||||||
"jade"
|
"jade"
|
||||||
|
"pennae"
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
bagel.users = genAttrs [
|
bagel.users = genAttrs [
|
||||||
|
@ -39,5 +41,7 @@ in
|
||||||
"thubrecht"
|
"thubrecht"
|
||||||
"winter"
|
"winter"
|
||||||
"yuka"
|
"yuka"
|
||||||
|
"ckie"
|
||||||
|
"pennae"
|
||||||
] (name: {});
|
] (name: {});
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,6 +7,7 @@
|
||||||
nixpkgs.overlays = import ../overlays;
|
nixpkgs.overlays = import ../overlays;
|
||||||
|
|
||||||
nix.package = lib.mkDefault pkgs.lix;
|
nix.package = lib.mkDefault pkgs.lix;
|
||||||
|
system.tools.nixos-option.enable = false;
|
||||||
services.openssh.enable = lib.mkForce true;
|
services.openssh.enable = lib.mkForce true;
|
||||||
|
|
||||||
networking.nftables.enable = true;
|
networking.nftables.enable = true;
|
||||||
|
|
|
@ -61,7 +61,12 @@
|
||||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU"
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKiXXYkhRh+s7ixZ8rvG8ntIqd6FELQ9hh7HoaHQJRPU"
|
||||||
];
|
];
|
||||||
thubrecht = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM1jpXR7BWQa7Sed7ii3SbvIPRRlKb3G91qC0vOwfJn" ];
|
thubrecht = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPM1jpXR7BWQa7Sed7ii3SbvIPRRlKb3G91qC0vOwfJn" ];
|
||||||
yuka = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKath4/fDnlv/4fzxkPrQN1ttmoPRNu/m9bEtdPJBDfY cardno:16_933_242" ];
|
yuka = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIxQ3NYBi8v1f/vhxLKDcA6upmX0pctRDbnK6SER5OUR yureka" ];
|
||||||
winter = [ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIH/LDRUG+U+++UmlxvA2kspioTjktQZ8taDcHq8gVlkfAAAABHNzaDo=" ];
|
winter = [ "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIH/LDRUG+U+++UmlxvA2kspioTjktQZ8taDcHq8gVlkfAAAABHNzaDo=" ];
|
||||||
|
ckie = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH3uTwzSSMAPg84fwbNp2cq9+BdLFeA1VzDGth4zCAbz https://mei.puppycat.house" ];
|
||||||
|
pennae = [
|
||||||
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC5Wf5/IbyFpdziWfwxkQqxOf3r1L9pYn6xQBEKFwmMY"
|
||||||
|
"sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIK8icXjHkb4XzbIVN3djH4CE7RvgGd+3xbG4cgh0Yls5AAAABHNzaDo="
|
||||||
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
{ lib, pkgs, config, ... }: {
|
{ lib, pkgs, config, ... }: {
|
||||||
users.defaultUserShell = pkgs.zsh;
|
|
||||||
programs.zsh = {
|
programs.zsh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
enableCompletion = true;
|
enableCompletion = true;
|
||||||
|
|
322
flake.lock
322
flake.lock
|
@ -27,16 +27,17 @@
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"crane": "crane",
|
"crane": "crane",
|
||||||
"flake-compat": "flake-compat_2",
|
"flake-compat": "flake-compat_2",
|
||||||
"flake-utils": "flake-utils_2",
|
"flake-parts": "flake-parts_2",
|
||||||
|
"nix-github-actions": "nix-github-actions_2",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
"nixpkgs-stable": "nixpkgs-stable"
|
"nixpkgs-stable": "nixpkgs-stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1711742460,
|
"lastModified": 1730257295,
|
||||||
"narHash": "sha256-0O4v6e4a1toxXZ2gf5INhg4WPE5C5T+SVvsBt+45Mcc=",
|
"narHash": "sha256-OQl+aAsKiyygvpzck1u0sZf/R4T9zM903CgNDFmmzA8=",
|
||||||
"owner": "zhaofengli",
|
"owner": "zhaofengli",
|
||||||
"repo": "attic",
|
"repo": "attic",
|
||||||
"rev": "4dbdbee45728d8ce5788db6461aaaa89d98081f0",
|
"rev": "48c8b395bfbc6b76c7eae74df6c74351255a095c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -49,11 +50,11 @@
|
||||||
"bats-assert": {
|
"bats-assert": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1636059754,
|
"lastModified": 1692829535,
|
||||||
"narHash": "sha256-ewME0l27ZqfmAwJO4h5biTALc9bDLv7Bl3ftBzBuZwk=",
|
"narHash": "sha256-oDqhUQ6Xg7a3xx537SWLGRzqP3oKKeyY4UYGCdz9z/Y=",
|
||||||
"owner": "bats-core",
|
"owner": "bats-core",
|
||||||
"repo": "bats-assert",
|
"repo": "bats-assert",
|
||||||
"rev": "34551b1d7f8c7b677c1a66fc0ac140d6223409e5",
|
"rev": "e2d855bc78619ee15b0c702b5c30fb074101159f",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -65,11 +66,11 @@
|
||||||
"bats-support": {
|
"bats-support": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1548869839,
|
"lastModified": 1693050811,
|
||||||
"narHash": "sha256-Gr4ntadr42F2Ks8Pte2D4wNDbijhujuoJi4OPZnTAZU=",
|
"narHash": "sha256-PxJaH16+QrsfZqtkWVt5K6TwJB5gjIXnbGo+MB84WIU=",
|
||||||
"owner": "bats-core",
|
"owner": "bats-core",
|
||||||
"repo": "bats-support",
|
"repo": "bats-support",
|
||||||
"rev": "d140a65044b2d6810381935ae7f0c94c7023c8c3",
|
"rev": "9bf10e876dd6b624fe44423f0b35e064225f7556",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -87,11 +88,11 @@
|
||||||
"treefmt-nix": "treefmt-nix"
|
"treefmt-nix": "treefmt-nix"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1728162115,
|
"lastModified": 1730064416,
|
||||||
"narHash": "sha256-O95Nv81XlYZjltq009951gwYHGo+Kjt9EBhh/6cYGDw=",
|
"narHash": "sha256-Opbtu9hKijGkEx+GYbSu3MJms3lFxZmAGTFyckguWMM=",
|
||||||
"ref": "refs/heads/forkos",
|
"ref": "refs/heads/forkos",
|
||||||
"rev": "ed8f940717724af853efcafcd82cf4d10f32ede5",
|
"rev": "79137b14f3cb376204f739f44b05aebfc288ca89",
|
||||||
"revCount": 298,
|
"revCount": 310,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.lix.systems/lix-project/buildbot-nix.git"
|
"url": "https://git.lix.systems/lix-project/buildbot-nix.git"
|
||||||
},
|
},
|
||||||
|
@ -125,17 +126,18 @@
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-compat": "flake-compat",
|
"flake-compat": "flake-compat",
|
||||||
"flake-utils": "flake-utils",
|
"flake-utils": "flake-utils",
|
||||||
|
"nix-github-actions": "nix-github-actions",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
],
|
],
|
||||||
"stable": "stable"
|
"stable": "stable"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1711386353,
|
"lastModified": 1731527002,
|
||||||
"narHash": "sha256-gWEpb8Hybnoqb4O4tmpohGZk6+aerAbJpywKcFIiMlg=",
|
"narHash": "sha256-dI9I6suECoIAmbS4xcrqF8r2pbmed8WWm5LIF1yWPw8=",
|
||||||
"owner": "zhaofengli",
|
"owner": "zhaofengli",
|
||||||
"repo": "colmena",
|
"repo": "colmena",
|
||||||
"rev": "cd65ef7a25cdc75052fbd04b120aeb066c3881db",
|
"rev": "e3ad42138015fcdf2524518dd564a13145c72ea1",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -153,11 +155,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1702918879,
|
"lastModified": 1722960479,
|
||||||
"narHash": "sha256-tWJqzajIvYcaRWxn+cLUB9L9Pv4dQ3Bfit/YjU5ze3g=",
|
"narHash": "sha256-NhCkJJQhD5GUib8zN9JrmYGMwt4lCRp6ZVNzIiYCl0Y=",
|
||||||
"owner": "ipetkov",
|
"owner": "ipetkov",
|
||||||
"repo": "crane",
|
"repo": "crane",
|
||||||
"rev": "7195c00c272fdd92fc74e7d5a0a2844b9fadb2fb",
|
"rev": "4c6c77920b8d44cd6660c1621dea6b3fc4b4c4f4",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -167,18 +169,12 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"crane_2": {
|
"crane_2": {
|
||||||
"inputs": {
|
|
||||||
"nixpkgs": [
|
|
||||||
"grapevine",
|
|
||||||
"nixpkgs"
|
|
||||||
]
|
|
||||||
},
|
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716569590,
|
"lastModified": 1730060262,
|
||||||
"narHash": "sha256-5eDbq8TuXFGGO3mqJFzhUbt5zHVTf5zilQoyW5jnJwo=",
|
"narHash": "sha256-RMgSVkZ9H03sxC+Vh4jxtLTCzSjPq18UWpiM0gq6shQ=",
|
||||||
"owner": "ipetkov",
|
"owner": "ipetkov",
|
||||||
"repo": "crane",
|
"repo": "crane",
|
||||||
"rev": "109987da061a1bf452f435f1653c47511587d919",
|
"rev": "498d9f122c413ee1154e8131ace5a35a80d8fa76",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -219,11 +215,11 @@
|
||||||
"rust-analyzer-src": "rust-analyzer-src"
|
"rust-analyzer-src": "rust-analyzer-src"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716359173,
|
"lastModified": 1730442928,
|
||||||
"narHash": "sha256-pYcjP6Gy7i6jPWrjiWAVV0BCQp+DdmGaI/k65lBb/kM=",
|
"narHash": "sha256-U1DWb5c3EfkA7pqx5V1H4AWRA+EaE6UJ0lIRvK1RxgM=",
|
||||||
"owner": "nix-community",
|
"owner": "nix-community",
|
||||||
"repo": "fenix",
|
"repo": "fenix",
|
||||||
"rev": "b6fc5035b28e36a98370d0eac44f4ef3fd323df6",
|
"rev": "87b4d20f896c99018dde4702a9c6157b516f2a76",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -252,11 +248,11 @@
|
||||||
"flake-compat_2": {
|
"flake-compat_2": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1673956053,
|
"lastModified": 1696426674,
|
||||||
"narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
|
"narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",
|
||||||
"owner": "edolstra",
|
"owner": "edolstra",
|
||||||
"repo": "flake-compat",
|
"repo": "flake-compat",
|
||||||
"rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
|
"rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -320,6 +316,28 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-parts_2": {
|
"flake-parts_2": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs-lib": [
|
||||||
|
"grapevine",
|
||||||
|
"attic",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1722555600,
|
||||||
|
"narHash": "sha256-XOQkdLafnb/p9ij77byFQjDf5m5QYl9b2REiVClC+x4=",
|
||||||
|
"owner": "hercules-ci",
|
||||||
|
"repo": "flake-parts",
|
||||||
|
"rev": "8471fe90ad337a8074e957b69ca4d0089218391d",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "hercules-ci",
|
||||||
|
"repo": "flake-parts",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"flake-parts_3": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs-lib": [
|
"nixpkgs-lib": [
|
||||||
"hydra",
|
"hydra",
|
||||||
|
@ -341,6 +359,23 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"flake-parts_4": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs-lib": "nixpkgs-lib"
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1727826117,
|
||||||
|
"narHash": "sha256-K5ZLCyfO/Zj9mPFldf3iwS6oZStJcU4tSpiXTMYaaL0=",
|
||||||
|
"owner": "hercules-ci",
|
||||||
|
"repo": "flake-parts",
|
||||||
|
"rev": "3d04084d54bedc3d6b8b736c70ef449225c361b1",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"id": "flake-parts",
|
||||||
|
"type": "indirect"
|
||||||
|
}
|
||||||
|
},
|
||||||
"flake-utils": {
|
"flake-utils": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1659877975,
|
"lastModified": 1659877975,
|
||||||
|
@ -357,30 +392,15 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-utils_2": {
|
"flake-utils_2": {
|
||||||
"locked": {
|
|
||||||
"lastModified": 1667395993,
|
|
||||||
"narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=",
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"rev": "5aed5285a952e0b949eb3ba02c12fa4fcfef535f",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"flake-utils_3": {
|
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"systems": "systems_2"
|
"systems": "systems_2"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1710146030,
|
"lastModified": 1726560853,
|
||||||
"narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",
|
"narHash": "sha256-X6rJYSESBVr3hBoH0WbKE5KvhPU5bloyZ2L4K60/fPQ=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "flake-utils",
|
"repo": "flake-utils",
|
||||||
"rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",
|
"rev": "c1dfcf08411b08f6b8615f7d8971a2bfa81d5e8a",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -390,21 +410,6 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"flake-utils_4": {
|
|
||||||
"locked": {
|
|
||||||
"lastModified": 1634851050,
|
|
||||||
"narHash": "sha256-N83GlSGPJJdcqhUxSCS/WwW5pksYf3VP1M13cDRTSVA=",
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"rev": "c91f3de5adaf1de973b797ef7485e441a65b8935",
|
|
||||||
"type": "github"
|
|
||||||
},
|
|
||||||
"original": {
|
|
||||||
"owner": "numtide",
|
|
||||||
"repo": "flake-utils",
|
|
||||||
"type": "github"
|
|
||||||
}
|
|
||||||
},
|
|
||||||
"gerrit-dashboard": {
|
"gerrit-dashboard": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
|
@ -427,20 +432,21 @@
|
||||||
"crane": "crane_2",
|
"crane": "crane_2",
|
||||||
"fenix": "fenix",
|
"fenix": "fenix",
|
||||||
"flake-compat": "flake-compat_3",
|
"flake-compat": "flake-compat_3",
|
||||||
"flake-utils": "flake-utils_3",
|
"flake-utils": "flake-utils_2",
|
||||||
"nix-filter": "nix-filter",
|
"nix-filter": "nix-filter",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
],
|
],
|
||||||
|
"rocksdb": "rocksdb",
|
||||||
"rust-manifest": "rust-manifest"
|
"rust-manifest": "rust-manifest"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"host": "gitlab.computer.surgery",
|
"host": "gitlab.computer.surgery",
|
||||||
"lastModified": 1727994504,
|
"lastModified": 1731820516,
|
||||||
"narHash": "sha256-FC6M1KKX58HbU9LG+cG6EJRr02J9lE/o0iiDi6m1gv8=",
|
"narHash": "sha256-BJiFq5meQMwOLhVS9/m2HCZoNUIN5u5weJXr94dkIRU=",
|
||||||
"owner": "matrix",
|
"owner": "matrix",
|
||||||
"repo": "grapevine-fork",
|
"repo": "grapevine-fork",
|
||||||
"rev": "5a490a4397f0c6a36dab1cb631dadc67a849deab",
|
"rev": "887e59cf03efb70bfa68b56dda32c411ba6cd5fa",
|
||||||
"type": "gitlab"
|
"type": "gitlab"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -480,11 +486,11 @@
|
||||||
]
|
]
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1728163965,
|
"lastModified": 1728321752,
|
||||||
"narHash": "sha256-vHA2qZWoTY4DQUWFktq8DYfCOlm8rd1bNZpiIzpFBCk=",
|
"narHash": "sha256-GbBAoBF7ZObz0IP+g0LZKxMafpMvNKjTEu9haiZbV54=",
|
||||||
"ref": "refs/heads/main",
|
"ref": "refs/heads/main",
|
||||||
"rev": "e4d466ffcdc0e43f3bd005de3913a7e9ed4a58f5",
|
"rev": "ee1234c15cdcb427dbd4828e0add09d02cd606c9",
|
||||||
"revCount": 4216,
|
"revCount": 4220,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.lix.systems/lix-project/hydra.git"
|
"url": "https://git.lix.systems/lix-project/hydra.git"
|
||||||
},
|
},
|
||||||
|
@ -505,11 +511,11 @@
|
||||||
"pre-commit-hooks": "pre-commit-hooks"
|
"pre-commit-hooks": "pre-commit-hooks"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1728159440,
|
"lastModified": 1728163191,
|
||||||
"narHash": "sha256-8DW+VfSIk5xYpYj1VDKMmUjXhMooIlAOwYG4J9PLbbg=",
|
"narHash": "sha256-SW0IEBsPN1EysqzvfDT+8Kimtzy03O1BxQQm7ZB6fRY=",
|
||||||
"ref": "refs/heads/main",
|
"ref": "refs/heads/main",
|
||||||
"rev": "7ff60b7445ccb599edcbf0078d181034f61a0859",
|
"rev": "ed9b7f4f84fd60ad8618645cc1bae2d686ff0db6",
|
||||||
"revCount": 16318,
|
"revCount": 16323,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.lix.systems/lix-project/lix"
|
"url": "https://git.lix.systems/lix-project/lix"
|
||||||
},
|
},
|
||||||
|
@ -520,12 +526,12 @@
|
||||||
},
|
},
|
||||||
"nix-eval-jobs": {
|
"nix-eval-jobs": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"flake-parts": "flake-parts_2",
|
"flake-parts": "flake-parts_3",
|
||||||
"lix": [
|
"lix": [
|
||||||
"hydra",
|
"hydra",
|
||||||
"lix"
|
"lix"
|
||||||
],
|
],
|
||||||
"nix-github-actions": "nix-github-actions",
|
"nix-github-actions": "nix-github-actions_3",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"hydra",
|
"hydra",
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
|
@ -548,11 +554,11 @@
|
||||||
},
|
},
|
||||||
"nix-filter": {
|
"nix-filter": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1710156097,
|
"lastModified": 1730207686,
|
||||||
"narHash": "sha256-1Wvk8UP7PXdf8bCCaEoMnOT1qe5/Duqgj+rL8sRQsSM=",
|
"narHash": "sha256-SCHiL+1f7q9TAnxpasriP6fMarWE5H43t25F5/9e28I=",
|
||||||
"owner": "numtide",
|
"owner": "numtide",
|
||||||
"repo": "nix-filter",
|
"repo": "nix-filter",
|
||||||
"rev": "3342559a24e85fc164b295c3444e8a139924675b",
|
"rev": "776e68c1d014c3adde193a18db9d738458cd2ba4",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -583,6 +589,49 @@
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nix-github-actions": {
|
"nix-github-actions": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"colmena",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1729742964,
|
||||||
|
"narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "nix-github-actions",
|
||||||
|
"rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "nix-github-actions",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nix-github-actions_2": {
|
||||||
|
"inputs": {
|
||||||
|
"nixpkgs": [
|
||||||
|
"grapevine",
|
||||||
|
"attic",
|
||||||
|
"nixpkgs"
|
||||||
|
]
|
||||||
|
},
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1729742964,
|
||||||
|
"narHash": "sha256-B4mzTcQ0FZHdpeWcpDYPERtyjJd/NIuaQ9+BV1h+MpA=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "nix-github-actions",
|
||||||
|
"rev": "e04df33f62cdcf93d73e9a04142464753a16db67",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "nix-github-actions",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
|
"nix-github-actions_3": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"hydra",
|
"hydra",
|
||||||
|
@ -622,11 +671,11 @@
|
||||||
},
|
},
|
||||||
"nixpkgs": {
|
"nixpkgs": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1711401922,
|
"lastModified": 1726042813,
|
||||||
"narHash": "sha256-QoQqXoj8ClGo0sqD/qWKFWezgEwUL0SUh37/vY2jNhc=",
|
"narHash": "sha256-LnNKCCxnwgF+575y0pxUdlGZBO/ru1CtGHIqQVfvjlA=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "07262b18b97000d16a4bdb003418bd2fb067a932",
|
"rev": "159be5db480d1df880a0135ca0bfed84c2f88353",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -636,6 +685,18 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"nixpkgs-lib": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1727825735,
|
||||||
|
"narHash": "sha256-0xHYkMkeLVQAMa7gvkddbPqpxph+hDzdu1XdGPJR+Os=",
|
||||||
|
"type": "tarball",
|
||||||
|
"url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"type": "tarball",
|
||||||
|
"url": "https://github.com/NixOS/nixpkgs/archive/fb192fec7cc7a4c26d51779e9bab07ce6fa5597a.tar.gz"
|
||||||
|
}
|
||||||
|
},
|
||||||
"nixpkgs-regression": {
|
"nixpkgs-regression": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1643052045,
|
"lastModified": 1643052045,
|
||||||
|
@ -654,32 +715,32 @@
|
||||||
},
|
},
|
||||||
"nixpkgs-stable": {
|
"nixpkgs-stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1711460390,
|
"lastModified": 1724316499,
|
||||||
"narHash": "sha256-akSgjDZL6pVHEfSE6sz1DNSXuYX6hq+P/1Z5IoYWs7E=",
|
"narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "44733514b72e732bd49f5511bd0203dea9b9a434",
|
"rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"ref": "nixos-23.11",
|
"ref": "nixos-24.05",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"nixpkgs_2": {
|
"nixpkgs_2": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1728093190,
|
"lastModified": 1731676054,
|
||||||
"narHash": "sha256-CAZF2NRuHmqTtRTNAruWpHA43Gg2UvuCNEIzabP0l6M=",
|
"narHash": "sha256-OZiZ3m8SCMfh3B6bfGC/Bm4x3qc1m2SVEAlkV6iY7Yg=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "e2f08f4d8b3ecb5cf5c9fd9cb2d53bb3c71807da",
|
"rev": "5e4fbfb6b3de1aa2872b76d49fafc942626e2add",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"ref": "nixpkgs-unstable",
|
"ref": "nixos-unstable",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -700,6 +761,23 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"rocksdb": {
|
||||||
|
"flake": false,
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1730475155,
|
||||||
|
"narHash": "sha256-u5uuShM2SxHc9/zL4UU56IhCcR/ZQbzde0LgOYS44bM=",
|
||||||
|
"owner": "facebook",
|
||||||
|
"repo": "rocksdb",
|
||||||
|
"rev": "3c27a3dde0993210c5cc30d99717093f7537916f",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "facebook",
|
||||||
|
"ref": "v9.7.4",
|
||||||
|
"repo": "rocksdb",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"agenix": "agenix",
|
"agenix": "agenix",
|
||||||
|
@ -722,11 +800,11 @@
|
||||||
"rust-analyzer-src": {
|
"rust-analyzer-src": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1716107283,
|
"lastModified": 1730386175,
|
||||||
"narHash": "sha256-NJgrwLiLGHDrCia5AeIvZUHUY7xYGVryee0/9D3Ir1I=",
|
"narHash": "sha256-0Uq+/B8eu7pw8B8pxuGdFYKjcVLwNMcHfDxU9sXh7rg=",
|
||||||
"owner": "rust-lang",
|
"owner": "rust-lang",
|
||||||
"repo": "rust-analyzer",
|
"repo": "rust-analyzer",
|
||||||
"rev": "21ec8f523812b88418b2bfc64240c62b3dd967bd",
|
"rev": "0ba893e1a00d92557ac91efb771d72eee36ca687",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -750,16 +828,16 @@
|
||||||
},
|
},
|
||||||
"stable": {
|
"stable": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1696039360,
|
"lastModified": 1730883749,
|
||||||
"narHash": "sha256-g7nIUV4uq1TOVeVIDEZLb005suTWCUjSY0zYOlSBsyE=",
|
"narHash": "sha256-mwrFF0vElHJP8X3pFCByJR365Q2463ATp2qGIrDUdlE=",
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"rev": "32dcb45f66c0487e92db8303a798ebc548cadedc",
|
"rev": "dba414932936fde69f0606b4f1d87c5bc0003ede",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
"owner": "NixOS",
|
"owner": "NixOS",
|
||||||
"ref": "nixos-23.05",
|
"ref": "nixos-24.05",
|
||||||
"repo": "nixpkgs",
|
"repo": "nixpkgs",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
|
@ -767,11 +845,11 @@
|
||||||
"stateless-uptime-kuma": {
|
"stateless-uptime-kuma": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1727622797,
|
"lastModified": 1728243069,
|
||||||
"narHash": "sha256-JRvy5zsPsk1ChmEB1UHKOlnzAKCPdtBLCcx+LXh3e4c=",
|
"narHash": "sha256-l9fgwesnmFxasCaYUCD7L9bGGJXytLuwtx3CZMgpwJg=",
|
||||||
"ref": "refs/heads/master",
|
"ref": "refs/heads/master",
|
||||||
"rev": "390363e6a977d71a96c53d7f8b252038dfee2e2e",
|
"rev": "880f444ff7862d6127b051cf1a993ad1585b1652",
|
||||||
"revCount": 23,
|
"revCount": 25,
|
||||||
"type": "git",
|
"type": "git",
|
||||||
"url": "https://git.dgnum.eu/DGNum/stateless-uptime-kuma.git"
|
"url": "https://git.dgnum.eu/DGNum/stateless-uptime-kuma.git"
|
||||||
},
|
},
|
||||||
|
@ -810,22 +888,38 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"systems_3": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1681028828,
|
||||||
|
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-systems",
|
||||||
|
"repo": "default",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"terranix": {
|
"terranix": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"bats-assert": "bats-assert",
|
"bats-assert": "bats-assert",
|
||||||
"bats-support": "bats-support",
|
"bats-support": "bats-support",
|
||||||
"flake-utils": "flake-utils_4",
|
"flake-parts": "flake-parts_4",
|
||||||
"nixpkgs": [
|
"nixpkgs": [
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
],
|
],
|
||||||
|
"systems": "systems_3",
|
||||||
"terranix-examples": "terranix-examples"
|
"terranix-examples": "terranix-examples"
|
||||||
},
|
},
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1695406838,
|
"lastModified": 1728959489,
|
||||||
"narHash": "sha256-xiUfVD6rtsVWFotVtUW3Q1nQh4obKzgvpN1wqZuGXvM=",
|
"narHash": "sha256-1Pu2j5xsBTuoyga08ZVf+rKp3FOMmJh/0fXen/idOrA=",
|
||||||
"owner": "terranix",
|
"owner": "terranix",
|
||||||
"repo": "terranix",
|
"repo": "terranix",
|
||||||
"rev": "fc9077ca02ab5681935dbf0ecd725c4d889b9275",
|
"rev": "7734e2ee6a1472807a33ce1e7da794bed2aaf91c",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
@ -836,11 +930,11 @@
|
||||||
},
|
},
|
||||||
"terranix-examples": {
|
"terranix-examples": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1636300201,
|
"lastModified": 1637156952,
|
||||||
"narHash": "sha256-0n1je1WpiR6XfCsvi8ZK7GrpEnMl+DpwhWaO1949Vbc=",
|
"narHash": "sha256-KqvXIe1yiKOEP9BRYqNQN+LOWPCsWojh0WjEgv5jfEI=",
|
||||||
"owner": "terranix",
|
"owner": "terranix",
|
||||||
"repo": "terranix-examples",
|
"repo": "terranix-examples",
|
||||||
"rev": "a934aa1cf88f6bd6c6ddb4c77b77ec6e1660bd5e",
|
"rev": "921680efb8af0f332d8ad73718d53907f9483e24",
|
||||||
"type": "github"
|
"type": "github"
|
||||||
},
|
},
|
||||||
"original": {
|
"original": {
|
||||||
|
|
|
@ -2,7 +2,7 @@
|
||||||
description = "Bagel cooking infrastructure";
|
description = "Bagel cooking infrastructure";
|
||||||
|
|
||||||
inputs = {
|
inputs = {
|
||||||
nixpkgs.url = "github:NixOS/nixpkgs/nixpkgs-unstable";
|
nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
||||||
|
|
||||||
terranix.url = "github:terranix/terranix";
|
terranix.url = "github:terranix/terranix";
|
||||||
terranix.inputs.nixpkgs.follows = "nixpkgs";
|
terranix.inputs.nixpkgs.follows = "nixpkgs";
|
||||||
|
@ -199,8 +199,6 @@
|
||||||
|
|
||||||
build01-aarch64-lix.imports = lixInfraModules ++ [ ./hosts/build01-aarch64-lix ];
|
build01-aarch64-lix.imports = lixInfraModules ++ [ ./hosts/build01-aarch64-lix ];
|
||||||
buildbot-lix.imports = lixInfraModules ++ [ ./hosts/buildbot-lix ];
|
buildbot-lix.imports = lixInfraModules ++ [ ./hosts/buildbot-lix ];
|
||||||
# This is Lix's Garage S3.
|
|
||||||
cache-lix.imports = lixInfraModules ++ [ ./hosts/cache-lix ];
|
|
||||||
} // builders;
|
} // builders;
|
||||||
|
|
||||||
hydraJobs = builtins.mapAttrs (n: v: v.config.system.build.netbootDir or v.config.system.build.toplevel) self.nixosConfigurations;
|
hydraJobs = builtins.mapAttrs (n: v: v.config.system.build.netbootDir or v.config.system.build.toplevel) self.nixosConfigurations;
|
||||||
|
|
|
@ -38,7 +38,7 @@
|
||||||
|
|
||||||
zramSwap = {
|
zramSwap = {
|
||||||
enable = true;
|
enable = true;
|
||||||
memoryPercent = 25;
|
memoryPercent = 100;
|
||||||
};
|
};
|
||||||
|
|
||||||
networking.useNetworkd = true;
|
networking.useNetworkd = true;
|
||||||
|
|
|
@ -38,7 +38,9 @@
|
||||||
port = 2022;
|
port = 2022;
|
||||||
username = "buildbot";
|
username = "buildbot";
|
||||||
};
|
};
|
||||||
cors.allowedOrigin = "*.lix.systems";
|
cors.allowedOrigins = [
|
||||||
|
"https://*.lix.systems"
|
||||||
|
];
|
||||||
projects = [
|
projects = [
|
||||||
"lix"
|
"lix"
|
||||||
"lix-installer"
|
"lix-installer"
|
||||||
|
|
|
@ -36,13 +36,15 @@
|
||||||
port = cfgGerrit.port;
|
port = cfgGerrit.port;
|
||||||
username = "buildbot";
|
username = "buildbot";
|
||||||
};
|
};
|
||||||
cors.allowedOrigin = "*.forkos.org";
|
cors.allowedOrigins = [
|
||||||
|
"https://*.forkos.org"
|
||||||
|
];
|
||||||
projects = [
|
projects = [
|
||||||
"buildbot-test"
|
"buildbot-test"
|
||||||
"nixpkgs"
|
"nixpkgs"
|
||||||
"infra"
|
"infra"
|
||||||
];
|
];
|
||||||
builders = [ "builder-10" ];
|
builders = [ "builder-9" ];
|
||||||
};
|
};
|
||||||
|
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
i18n.defaultLocale = "en_US.UTF-8";
|
||||||
|
|
|
@ -1,125 +0,0 @@
|
||||||
# Configuration for a virtual machine in Raito's micro-DC basement.
|
|
||||||
# 8 vCPU (2014 grade Xeon though)
|
|
||||||
# 8GB RAM
|
|
||||||
# 100GB SSD
|
|
||||||
# 1TB HDD
|
|
||||||
# All specifications can be upgraded to a certain extent, just ask Raito.
|
|
||||||
# Hosts the Garage S3 instance for the Lix project.
|
|
||||||
# Our "binary cache".
|
|
||||||
#
|
|
||||||
# vim: et:ts=2:sw=2:
|
|
||||||
#
|
|
||||||
{ config, pkgs, lib, ... }: {
|
|
||||||
networking.hostName = "cache";
|
|
||||||
networking.domain = "lix.systems";
|
|
||||||
|
|
||||||
system.stateVersion = "24.05";
|
|
||||||
|
|
||||||
zramSwap.enable = true;
|
|
||||||
i18n.defaultLocale = "en_US.UTF-8";
|
|
||||||
|
|
||||||
# All the objects are stored there.
|
|
||||||
# Metadata is on the fast SSD.
|
|
||||||
fileSystems."/data" = {
|
|
||||||
device = "/dev/disk/by-label/data";
|
|
||||||
fsType = "ext4";
|
|
||||||
};
|
|
||||||
|
|
||||||
bagel.s3 = {
|
|
||||||
rootDomain = "lix.systems";
|
|
||||||
garage.enable = true;
|
|
||||||
web = {
|
|
||||||
buckets = [
|
|
||||||
"install"
|
|
||||||
"cache"
|
|
||||||
"releases"
|
|
||||||
"docs"
|
|
||||||
];
|
|
||||||
subdomains = {
|
|
||||||
"cache.lix.systems" = "cache";
|
|
||||||
"install.lix.systems" = "install";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
reverse-proxy = {
|
|
||||||
enable = true;
|
|
||||||
buckets = [
|
|
||||||
"docs"
|
|
||||||
"releases"
|
|
||||||
"install"
|
|
||||||
];
|
|
||||||
web = {
|
|
||||||
"releases.lix.systems" = "releases";
|
|
||||||
"docs.lix.systems" = "docs";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
# Fix up the manual path so it enables having multiple manuals
|
|
||||||
services.nginx.virtualHosts."docs.lix.systems".locations.${''~ ^/manual/nightly(/[^\s]*)$''} =
|
|
||||||
{
|
|
||||||
extraConfig = ''
|
|
||||||
return 301 /manual/lix/nightly$1;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.network.links."10-nat-lan".matchConfig.MACAddress = "BC:24:11:1E:7C:9B";
|
|
||||||
systemd.network.networks."10-wan".networkConfig.Address = [ "2001:bc8:38ee:100::210/56" ];
|
|
||||||
systemd.network.links."10-wan".matchConfig.MACAddress = "BC:24:11:42:72:79";
|
|
||||||
|
|
||||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
|
||||||
|
|
||||||
# Debugging stuff.
|
|
||||||
virtualisation.vmVariant = {
|
|
||||||
systemd.network.enable = lib.mkForce false;
|
|
||||||
networking.useDHCP = true;
|
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [
|
|
||||||
tcpdump
|
|
||||||
];
|
|
||||||
|
|
||||||
system.activationScripts.agenixInstall.text = lib.mkForce ''
|
|
||||||
echo "lol gotcha"
|
|
||||||
_agenix_generation="$(basename "$(readlink ${config.age.secretsDir})" || echo 0)"
|
|
||||||
(( ++_agenix_generation ))
|
|
||||||
p=${config.age.secretsMountPoint}/$_agenix_generation
|
|
||||||
> $p/garage
|
|
||||||
echo "GARAGE_RPC_SECRET=$(${lib.getExe pkgs.openssl.bin} rand -hex 32)" >> $p/garage
|
|
||||||
echo "GARAGE_METRICS_TOKEN=$(${lib.getExe pkgs.openssl.bin} rand -base64 32)" >> $p/garage
|
|
||||||
echo "GARAGE_ADMIN_TOKEN=$(${lib.getExe pkgs.openssl.bin} rand -base64 32)" >> $p/garage
|
|
||||||
|
|
||||||
ln -sfT /var/secrets/garage-s3-api-key $p/s3-revproxy-api-key-env
|
|
||||||
ln -sfT $p ${config.age.secretsDir}
|
|
||||||
'';
|
|
||||||
virtualisation.forwardPorts = [
|
|
||||||
{
|
|
||||||
from = "host";
|
|
||||||
guest.port = 443;
|
|
||||||
host.port = 4043;
|
|
||||||
proto = "tcp";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
from = "host";
|
|
||||||
guest.port = 1337;
|
|
||||||
host.port = 1337;
|
|
||||||
proto = "tcp";
|
|
||||||
}
|
|
||||||
{
|
|
||||||
from = "host";
|
|
||||||
guest.port = 22;
|
|
||||||
host.port = 2022;
|
|
||||||
proto = "tcp";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
|
|
||||||
security.acme = {
|
|
||||||
defaults.server = "http://127.0.0.1/failfailfail";
|
|
||||||
extraLegoFlags = ["--lol-fail"];
|
|
||||||
extraLegoRenewFlags = ["--lol-fail"];
|
|
||||||
extraLegoRunFlags = ["--lol-fail"];
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.tmpfiles.rules = [
|
|
||||||
"d /data/s3 700 garage - - -"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -23,6 +23,9 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# Block all these crawlers!!
|
||||||
|
bagel.services.nginx.crawler-blocker.enable = true;
|
||||||
|
|
||||||
fileSystems."/gerrit-data" = {
|
fileSystems."/gerrit-data" = {
|
||||||
device = "/dev/disk/by-uuid/d1062305-0dea-4740-9a27-b6b1691862a4";
|
device = "/dev/disk/by-uuid/d1062305-0dea-4740-9a27-b6b1691862a4";
|
||||||
fsType = "ext4";
|
fsType = "ext4";
|
||||||
|
@ -121,7 +124,7 @@
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
age.secrets.s3-channel-staging-keys.file = ../../secrets/s3-channel-staging-keys.age;
|
age.secrets.s3-channel-staging-keys.file = ../../secrets/floral/s3-channel-staging-keys.age;
|
||||||
bagel.nixpkgs.channel-scripts = {
|
bagel.nixpkgs.channel-scripts = {
|
||||||
enable = true;
|
enable = true;
|
||||||
otlp.enable = true;
|
otlp.enable = true;
|
||||||
|
|
|
@ -1,9 +1,10 @@
|
||||||
{ lib
|
{ lib
|
||||||
, buildGoModule
|
, buildGo122Module
|
||||||
, fetchFromGitHub
|
, fetchFromGitHub
|
||||||
}:
|
}:
|
||||||
|
|
||||||
buildGoModule rec {
|
# FIXME: update, remove this pin
|
||||||
|
buildGo122Module rec {
|
||||||
pname = "pyroscope";
|
pname = "pyroscope";
|
||||||
version = "1.7.1";
|
version = "1.7.1";
|
||||||
|
|
||||||
|
|
40
services/block-crawlers/blocked-ua.txt
Normal file
40
services/block-crawlers/blocked-ua.txt
Normal file
|
@ -0,0 +1,40 @@
|
||||||
|
AI2Bot
|
||||||
|
Ai2Bot-Dolma
|
||||||
|
Amazonbot
|
||||||
|
anthropic-ai
|
||||||
|
Applebot
|
||||||
|
Applebot-Extended
|
||||||
|
Bytespider
|
||||||
|
CCBot
|
||||||
|
ChatGPT-User
|
||||||
|
Claude-Web
|
||||||
|
ClaudeBot
|
||||||
|
cohere-ai
|
||||||
|
Diffbot
|
||||||
|
FacebookBot
|
||||||
|
facebookexternalhit
|
||||||
|
FriendlyCrawler
|
||||||
|
Google-Extended
|
||||||
|
GoogleOther
|
||||||
|
GoogleOther-Image
|
||||||
|
GoogleOther-Video
|
||||||
|
GPTBot
|
||||||
|
iaskspider/2.0
|
||||||
|
ICC-Crawler
|
||||||
|
ImagesiftBot
|
||||||
|
img2dataset
|
||||||
|
ISSCyberRiskCrawler
|
||||||
|
Kangaroo Bot
|
||||||
|
Meta-ExternalAgent
|
||||||
|
Meta-ExternalFetcher
|
||||||
|
OAI-SearchBot
|
||||||
|
omgili
|
||||||
|
omgilibot
|
||||||
|
PerplexityBot
|
||||||
|
PetalBot
|
||||||
|
Scrapy
|
||||||
|
Sidetrade indexer bot
|
||||||
|
Timpibot
|
||||||
|
VelenPublicWebCrawler
|
||||||
|
Webzio-Extended
|
||||||
|
YouBot
|
32
services/block-crawlers/default.nix
Normal file
32
services/block-crawlers/default.nix
Normal file
|
@ -0,0 +1,32 @@
|
||||||
|
{ pkgs, config, lib, ... }:
|
||||||
|
let
|
||||||
|
inherit (lib) mkEnableOption mkIf mkOption types concatStringsSep mkDefault splitString;
|
||||||
|
cfg = config.bagel.services.nginx.crawler-blocker;
|
||||||
|
mkRobotsFile = blockedUAs: pkgs.writeText "robots.txt" ''
|
||||||
|
${concatStringsSep "\n" (map (ua: "User-agent: ${ua}") blockedUAs)}
|
||||||
|
Disallow: /
|
||||||
|
'';
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
bagel.services.nginx.crawler-blocker = {
|
||||||
|
enable = mkEnableOption "the crawler blocker";
|
||||||
|
|
||||||
|
userAgents = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = splitString "\n" (builtins.readFile ./blocked-ua.txt);
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts = mkOption {
|
||||||
|
type = types.attrsOf (types.submodule {
|
||||||
|
config = {
|
||||||
|
locations."= /robots.txt" = mkIf cfg.enable (mkDefault {
|
||||||
|
alias = mkRobotsFile cfg.userAgents;
|
||||||
|
});
|
||||||
|
};
|
||||||
|
});
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
|
@ -53,9 +53,9 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
cors.allowedOrigin = mkOption {
|
cors.allowedOrigins = mkOption {
|
||||||
type = types.str;
|
type = types.listOf types.str;
|
||||||
example = "*.forkos.org";
|
example = [ "*.forkos.org" ];
|
||||||
description = "Allowed origin for Buildbot and NGINX for CORS without the protocol";
|
description = "Allowed origin for Buildbot and NGINX for CORS without the protocol";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -100,6 +100,7 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
|
recommendedProxySettings = true;
|
||||||
appendHttpConfig = ''
|
appendHttpConfig = ''
|
||||||
# Our session stuff is too big with the TWISTED_COOKIE in addition.
|
# Our session stuff is too big with the TWISTED_COOKIE in addition.
|
||||||
# Default is usually 4k or 8k.
|
# Default is usually 4k or 8k.
|
||||||
|
@ -109,8 +110,8 @@ in
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
# This is needed so that logged-in users in Buildbot can include their credentials in their requests.
|
||||||
add_header Access-Control-Allow-Credentials 'true' always;
|
add_header Access-Control-Allow-Credentials 'true' always;
|
||||||
add_header Access-Control-Allow-Origin 'https://${cfg.cors.allowedOrigin}' always;
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
@ -155,9 +156,8 @@ in
|
||||||
# we can replace all of this with automatic localworker generation on buildbot-nix side.
|
# we can replace all of this with automatic localworker generation on buildbot-nix side.
|
||||||
workersFile = config.age.secrets.buildbot-workers.path;
|
workersFile = config.age.secrets.buildbot-workers.path;
|
||||||
|
|
||||||
allowedOrigins = [
|
# We rely on NGINX to do the CORS dance.
|
||||||
cfg.cors.allowedOrigin
|
allowedOrigins = cfg.cors.allowedOrigins;
|
||||||
];
|
|
||||||
|
|
||||||
buildMachines = map (n: {
|
buildMachines = map (n: {
|
||||||
hostName = nodes.${n}.config.networking.fqdn;
|
hostName = nodes.${n}.config.networking.fqdn;
|
||||||
|
@ -194,6 +194,32 @@ in
|
||||||
RestartSteps = 10;
|
RestartSteps = 10;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.postgresql.settings = {
|
||||||
|
# DB Version: 15
|
||||||
|
# OS Type: linux
|
||||||
|
# DB Type: web
|
||||||
|
# Total Memory (RAM): 64 GB
|
||||||
|
# CPUs num: 16
|
||||||
|
# Connections num: 100
|
||||||
|
# Data Storage: ssd
|
||||||
|
max_connections = 100;
|
||||||
|
shared_buffers = "16GB";
|
||||||
|
effective_cache_size = "48GB";
|
||||||
|
maintenance_work_mem = "2GB";
|
||||||
|
checkpoint_completion_target = 0.9;
|
||||||
|
wal_buffers = "16MB";
|
||||||
|
default_statistics_target = 100;
|
||||||
|
random_page_cost = 1.1;
|
||||||
|
effective_io_concurrency = 200;
|
||||||
|
work_mem = "41943kB";
|
||||||
|
huge_pages = "try";
|
||||||
|
min_wal_size = "1GB";
|
||||||
|
max_wal_size = "4GB";
|
||||||
|
max_worker_processes = 16;
|
||||||
|
max_parallel_workers_per_gather = 4;
|
||||||
|
max_parallel_workers = 16;
|
||||||
|
max_parallel_maintenance_workers = 4;
|
||||||
|
};
|
||||||
|
|
||||||
nix.settings.keep-derivations = true;
|
nix.settings.keep-derivations = true;
|
||||||
nix.gc = {
|
nix.gc = {
|
||||||
|
|
|
@ -21,7 +21,8 @@ in
|
||||||
sshUser = "nix";
|
sshUser = "nix";
|
||||||
systems = [ "aarch64-linux" ];
|
systems = [ "aarch64-linux" ];
|
||||||
publicHostKey = ssh-keys.machines.build02-aarch64-lix;
|
publicHostKey = ssh-keys.machines.build02-aarch64-lix;
|
||||||
supportedFeatures = nodes.build02-aarch64-lix.config.nix.settings.system-features;
|
# TODO: use build02 features.
|
||||||
|
supportedFeatures = nodes.build01-aarch64-lix.config.nix.settings.system-features;
|
||||||
}
|
}
|
||||||
{
|
{
|
||||||
hostName = "build01.aarch64-darwin.lix.systems";
|
hostName = "build01.aarch64-darwin.lix.systems";
|
||||||
|
|
|
@ -1,5 +1,6 @@
|
||||||
{
|
{
|
||||||
imports = [
|
imports = [
|
||||||
|
./block-crawlers
|
||||||
./gerrit
|
./gerrit
|
||||||
./channel-scripts
|
./channel-scripts
|
||||||
./hydra
|
./hydra
|
||||||
|
|
|
@ -129,7 +129,9 @@ in
|
||||||
serverId = "9e5216ad-038d-4d74-a4e8-716515834a94";
|
serverId = "9e5216ad-038d-4d74-a4e8-716515834a94";
|
||||||
|
|
||||||
builtinPlugins = [
|
builtinPlugins = [
|
||||||
"gitiles"
|
# Disable gitiles as it generates too much traffic.
|
||||||
|
# Prefer git.forkos.org.
|
||||||
|
# "gitiles"
|
||||||
"codemirror-editor"
|
"codemirror-editor"
|
||||||
"reviewnotes"
|
"reviewnotes"
|
||||||
"download-commands"
|
"download-commands"
|
||||||
|
@ -141,7 +143,9 @@ in
|
||||||
plugins = with pkgs.gerritPlugins; [
|
plugins = with pkgs.gerritPlugins; [
|
||||||
oauth
|
oauth
|
||||||
metrics-reporter-prometheus
|
metrics-reporter-prometheus
|
||||||
# Buildbot checks plugin (writeText because services.gerrit.plugins expects packages)
|
# Theme plugin
|
||||||
|
(pkgs.concatText "theme.js" [ ./theme.js ])
|
||||||
|
# Buildbot checks plugin
|
||||||
(pkgs.runCommand "checks.js" {
|
(pkgs.runCommand "checks.js" {
|
||||||
BASE_URI = builtins.toJSON "https://buildbot.forkos.org";
|
BASE_URI = builtins.toJSON "https://buildbot.forkos.org";
|
||||||
SUPPORTED_PROJECTS = builtins.toJSON [
|
SUPPORTED_PROJECTS = builtins.toJSON [
|
||||||
|
@ -326,7 +330,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
age.secrets.gerrit-prometheus-bearer-token.file = ../../secrets/gerrit-prometheus-bearer-token.age;
|
age.secrets.gerrit-prometheus-bearer-token.file = ../../secrets/floral/gerrit-prometheus-bearer-token.age;
|
||||||
bagel.monitoring.grafana-agent.exporters.gerrit = {
|
bagel.monitoring.grafana-agent.exporters.gerrit = {
|
||||||
port = 4778; # grrt
|
port = 4778; # grrt
|
||||||
bearerTokenFile = config.age.secrets.gerrit-prometheus-bearer-token.path;
|
bearerTokenFile = config.age.secrets.gerrit-prometheus-bearer-token.path;
|
||||||
|
|
|
@ -57,6 +57,7 @@ in
|
||||||
name = "git-gc-preserve-${name}";
|
name = "git-gc-preserve-${name}";
|
||||||
value = {
|
value = {
|
||||||
description = "Git-GC-Preserve Service - ${name}";
|
description = "Git-GC-Preserve Service - ${name}";
|
||||||
|
path = [ pkgs.util-linux ];
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
WorkingDirectory = gcConfig.repoPath;
|
WorkingDirectory = gcConfig.repoPath;
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
|
|
69
services/gerrit/theme.js
Normal file
69
services/gerrit/theme.js
Normal file
|
@ -0,0 +1,69 @@
|
||||||
|
/* Set up theming for Floral.
|
||||||
|
* vim: set et ts=2 sw=2:
|
||||||
|
*/
|
||||||
|
Gerrit.install((plugin) => {
|
||||||
|
const stylesheet = new CSSStyleSheet();
|
||||||
|
stylesheet.replace(`
|
||||||
|
html {
|
||||||
|
--header-title-content: 'floral.systems';
|
||||||
|
|
||||||
|
--blue-50: #f3f4fb;
|
||||||
|
--blue-100: #e3e6f6;
|
||||||
|
--blue-200: #ced5ef;
|
||||||
|
--blue-300: #acb8e4;
|
||||||
|
--blue-400: #8495d6;
|
||||||
|
--blue-500: #6775ca;
|
||||||
|
--blue-600: #5158bb;
|
||||||
|
--blue-700: #494bac;
|
||||||
|
--blue-800: #41408d;
|
||||||
|
--blue-900: #383870;
|
||||||
|
--blue-950: #252546;
|
||||||
|
|
||||||
|
--coral-50: #fff1f1;
|
||||||
|
--coral-100: #ffe0e0;
|
||||||
|
--coral-200: #ffc5c5;
|
||||||
|
--coral-300: #ff9e9d;
|
||||||
|
--coral-400: #ff6665;
|
||||||
|
--coral-500: #fe4a49;
|
||||||
|
--coral-600: #ec1716;
|
||||||
|
--coral-700: #c70f0e;
|
||||||
|
--coral-800: #a41110;
|
||||||
|
--coral-900: #881514;
|
||||||
|
--coral-950: #4a0505;
|
||||||
|
|
||||||
|
--teal-50: #eefbf5;
|
||||||
|
--teal-100: #d6f5e5;
|
||||||
|
--teal-200: #b1e9d0;
|
||||||
|
--teal-300: #7ed7b5;
|
||||||
|
--teal-400: #49be95;
|
||||||
|
--teal-500: #27a27b;
|
||||||
|
--teal-600: #188162;
|
||||||
|
--teal-700: #136951;
|
||||||
|
--teal-800: #125342;
|
||||||
|
--teal-900: #104437;
|
||||||
|
--teal-950: #08261f;
|
||||||
|
|
||||||
|
--zinc-50: #fafafa;
|
||||||
|
--zinc-100: #f4f4f5;
|
||||||
|
--zinc-200: #e4e4e7;
|
||||||
|
--zinc-300: #d4d4d8;
|
||||||
|
--zinc-400: #a1a1aa;
|
||||||
|
--zinc-500: #71717a;
|
||||||
|
--zinc-600: #52525b;
|
||||||
|
--zinc-700: #3f3f46;
|
||||||
|
--zinc-800: #27272a;
|
||||||
|
--zinc-900: #18181b;
|
||||||
|
--zinc-950: #09090b;
|
||||||
|
}
|
||||||
|
html.lightTheme {
|
||||||
|
--header-background-color: var(--teal-700);
|
||||||
|
--header-text-color: var(--coral-50);
|
||||||
|
}
|
||||||
|
html.darkTheme {
|
||||||
|
--header-background-color: var(--teal-900);
|
||||||
|
--header-text-color: var(--coral-50);
|
||||||
|
}
|
||||||
|
`).then(() => {
|
||||||
|
document.adoptedStyleSheets = [...document.adoptedStyleSheets, stylesheet];
|
||||||
|
});
|
||||||
|
});
|
|
@ -29,10 +29,6 @@ in
|
||||||
# NGINX should not give up super fast. Things can take time.
|
# NGINX should not give up super fast. Things can take time.
|
||||||
proxy_read_timeout 3600;
|
proxy_read_timeout 3600;
|
||||||
}
|
}
|
||||||
|
|
||||||
location = /robots.txt {
|
|
||||||
return 200 'User-agent: *\nAllow: /';
|
|
||||||
}
|
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -1,33 +0,0 @@
|
||||||
{ config, lib, ... }:
|
|
||||||
let
|
|
||||||
inherit (lib) mkOption types;
|
|
||||||
cfg = config.bagel.s3;
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.bagel.s3 = {
|
|
||||||
rootDomain = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
};
|
|
||||||
|
|
||||||
webRootDomain = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "web.${cfg.rootDomain}";
|
|
||||||
};
|
|
||||||
|
|
||||||
s3RootDomain = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "s3.${cfg.rootDomain}";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
imports = [
|
|
||||||
# Generic frontend stuff
|
|
||||||
# e.g. static redirects, etc.
|
|
||||||
./web.nix
|
|
||||||
# Garage implementation for our S3
|
|
||||||
# In the future, we could be using Ceph store.
|
|
||||||
./garage.nix
|
|
||||||
# S3 reverse proxy
|
|
||||||
./s3-revproxy.nix
|
|
||||||
];
|
|
||||||
}
|
|
|
@ -1,63 +0,0 @@
|
||||||
{ wrap }:
|
|
||||||
{ lib, pkgs, config, ... }:
|
|
||||||
let
|
|
||||||
garage-ephemeral-key = pkgs.writers.writePython3Bin
|
|
||||||
"garage-ephemeral-key"
|
|
||||||
{ libraries = [ pkgs.python3.pkgs.requests ]; }
|
|
||||||
(builtins.readFile ./garage_ephemeral_key.py);
|
|
||||||
|
|
||||||
# the usual copy pasta of systemd-analyze security satisfying rules
|
|
||||||
containment = {
|
|
||||||
DynamicUser = true;
|
|
||||||
CapabilityBoundingSet = "";
|
|
||||||
NoNewPrivileges = true;
|
|
||||||
PrivateTmp = true;
|
|
||||||
PrivateUsers = true;
|
|
||||||
PrivateDevices = true;
|
|
||||||
ProtectHome = true;
|
|
||||||
ProtectClock = true;
|
|
||||||
ProtectProc = "noaccess";
|
|
||||||
ProcSubset = "pid";
|
|
||||||
UMask = "0077";
|
|
||||||
ProtectKernelLogs = true;
|
|
||||||
ProtectKernelModules = true;
|
|
||||||
ProtectKernelTunables = true;
|
|
||||||
ProtectControlGroups = true;
|
|
||||||
ProtectHostname = true;
|
|
||||||
RestrictSUIDSGID = true;
|
|
||||||
RestrictRealtime = true;
|
|
||||||
RestrictNamespaces = true;
|
|
||||||
LockPersonality = true;
|
|
||||||
RemoveIPC = true;
|
|
||||||
SystemCallFilter = [ "@system-service" "~@privileged" ];
|
|
||||||
RestrictAddressFamilies = [ "AF_INET" "AF_INET6" ];
|
|
||||||
MemoryDenyWriteExecute = true;
|
|
||||||
SystemCallArchitectures = "native";
|
|
||||||
};
|
|
||||||
in
|
|
||||||
{
|
|
||||||
_file = ./garage-ephemeral-key.nix;
|
|
||||||
|
|
||||||
environment.systemPackages = [
|
|
||||||
(wrap garage-ephemeral-key "garage-ephemeral-key")
|
|
||||||
];
|
|
||||||
|
|
||||||
# Clean expired ephemeral keys every 2 minutes
|
|
||||||
systemd.timers.garage-ephemeral-key-clean = {
|
|
||||||
wantedBy = [ "multi-user.target" ];
|
|
||||||
timerConfig = {
|
|
||||||
# Every 2 minutes.
|
|
||||||
OnCalendar = "*-*-* *:00/2";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.garage-ephemeral-key-clean = {
|
|
||||||
after = [ "garage.service" ];
|
|
||||||
wants = [ "garage.service" ];
|
|
||||||
serviceConfig = {
|
|
||||||
ExecStart = "${lib.getExe garage-ephemeral-key} clean";
|
|
||||||
|
|
||||||
EnvironmentFile = config.age.secrets.garage.path;
|
|
||||||
} // containment;
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,106 +0,0 @@
|
||||||
{ config, pkgs, lib, ... }:
|
|
||||||
let
|
|
||||||
cfg = config.bagel.s3.garage;
|
|
||||||
inherit (lib) mkEnableOption mkIf mkOption types;
|
|
||||||
# TODO: send me back upstream to cl.forkos.org.
|
|
||||||
wrap = pkg: name: pkgs.writeShellScriptBin name ''
|
|
||||||
set -a
|
|
||||||
[[ -z "''${GARAGE_RPC_SECRET:-}" ]] && source ${config.age.secrets.garage.path}
|
|
||||||
set +a
|
|
||||||
exec ${lib.getExe pkg} "$@"
|
|
||||||
'';
|
|
||||||
# TODO: generalize this idea
|
|
||||||
rootDomains = {
|
|
||||||
lix = "lix.systems";
|
|
||||||
floral = "floral.systems";
|
|
||||||
};
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.bagel.s3.garage = {
|
|
||||||
enable = mkEnableOption "the Garage implementation of S3";
|
|
||||||
tenant = mkOption {
|
|
||||||
type = types.enum [ "lix" "floral" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
api.address = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = "127.0.0.1:3900";
|
|
||||||
};
|
|
||||||
|
|
||||||
rootDomain = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = rootDomains.${cfg.tenant};
|
|
||||||
};
|
|
||||||
|
|
||||||
dataDir = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
};
|
|
||||||
|
|
||||||
metadataDir = mkOption {
|
|
||||||
default = "/var/lib/garage/metadata";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
imports = [
|
|
||||||
(import ./garage-ephemeral-key.nix { inherit wrap; })
|
|
||||||
];
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
bagel.secrets.files = [
|
|
||||||
"garage-environment"
|
|
||||||
];
|
|
||||||
|
|
||||||
services.garage = {
|
|
||||||
enable = true;
|
|
||||||
# Slightly evil, but we have to wrap it here so the garage cli Just
|
|
||||||
# Works(tm) from the shell. It will no-op in the wrapper if the env is
|
|
||||||
# already set.
|
|
||||||
package = wrap pkgs.garage_0_9 "garage";
|
|
||||||
|
|
||||||
settings = {
|
|
||||||
data_dir = cfg.dataDir;
|
|
||||||
metadata_dir = cfg.metadataDir;
|
|
||||||
|
|
||||||
db_engine = "lmdb";
|
|
||||||
|
|
||||||
replication_mode = "none";
|
|
||||||
compression_level = 7;
|
|
||||||
|
|
||||||
rpc_bind_addr = "[::]:3901";
|
|
||||||
rpc_public_addr = "127.0.0.1:3901";
|
|
||||||
|
|
||||||
s3_api = {
|
|
||||||
s3_region = "garage";
|
|
||||||
api_bind_addr = cfg.api.address;
|
|
||||||
root_domain = ".s3.${cfg.rootDomain}";
|
|
||||||
};
|
|
||||||
|
|
||||||
s3_web = {
|
|
||||||
bind_addr = "127.0.0.1:3902";
|
|
||||||
root_domain = ".web.${cfg.rootDomain}";
|
|
||||||
index = "index.html";
|
|
||||||
};
|
|
||||||
|
|
||||||
k2v_api.api_bind_addr = "[::]:3904";
|
|
||||||
# FIXME(raito): api bind address should be secured.
|
|
||||||
# admin.api_bind_addr = "[${wnlib.generateIPv6Address "monitoring" "cache"}]:3903";
|
|
||||||
};
|
|
||||||
|
|
||||||
environmentFile = config.age.secrets.garage-environment.path;
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.garage.serviceConfig = {
|
|
||||||
User = "garage";
|
|
||||||
ReadWriteDirectories = [
|
|
||||||
cfg.dataDir
|
|
||||||
];
|
|
||||||
StateDirectory = "garage";
|
|
||||||
};
|
|
||||||
|
|
||||||
users.users.garage = {
|
|
||||||
isSystemUser = true;
|
|
||||||
group = "garage";
|
|
||||||
};
|
|
||||||
users.groups.garage = { };
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,106 +0,0 @@
|
||||||
{ lib, config, ... }:
|
|
||||||
let
|
|
||||||
inherit (lib) mkOption mkIf types mapAttrs;
|
|
||||||
cfgParent = config.bagel.s3;
|
|
||||||
cfg = config.bagel.s3.reverse-proxy;
|
|
||||||
mkTarget = { name, bucket ? name }: {
|
|
||||||
mount = {
|
|
||||||
host = "${name}.${cfgParent.webRootDomain}";
|
|
||||||
path = [ "/" ];
|
|
||||||
};
|
|
||||||
actions.GET = {
|
|
||||||
enabled = true;
|
|
||||||
config = {
|
|
||||||
# e.g. /2.90 will 404, so it will redirect to /2.90/ if it is a directory
|
|
||||||
redirectWithTrailingSlashForNotFoundFile = true;
|
|
||||||
indexDocument = "index.html";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
bucket = {
|
|
||||||
name = bucket;
|
|
||||||
region = "garage";
|
|
||||||
s3Endpoint = "https://${cfgParent.s3RootDomain}";
|
|
||||||
credentials = {
|
|
||||||
accessKey.env = "AWS_ACCESS_KEY_ID";
|
|
||||||
secretKey.env = "AWS_SECRET_KEY";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.bagel.s3.reverse-proxy = {
|
|
||||||
targets = mkOption {
|
|
||||||
type = types.attrsOf (types.submodule ({ name, ... }: {
|
|
||||||
bucket = mkOption {
|
|
||||||
type = types.str;
|
|
||||||
default = name;
|
|
||||||
};
|
|
||||||
}));
|
|
||||||
default = { };
|
|
||||||
};
|
|
||||||
|
|
||||||
port = mkOption {
|
|
||||||
type = types.port;
|
|
||||||
default = 10652;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
|
||||||
age.secrets.s3-revproxy-api-key-env.file = ./s3-revproxy-env.age;
|
|
||||||
# this solves garage supporting neither anonymous access nor automatic
|
|
||||||
# directory indexing by simply ignoring garage's web server and replacing it
|
|
||||||
# with overengineered golang instead.
|
|
||||||
services.s3-revproxy = {
|
|
||||||
enable = true;
|
|
||||||
settings = {
|
|
||||||
templates = {
|
|
||||||
helpers = [ ./s3-revproxy-templates/_helpers.tpl ];
|
|
||||||
notFoundError = {
|
|
||||||
headers = {
|
|
||||||
"Content-Type" = "{{ template \"main.headers.contentType\" . }}";
|
|
||||||
};
|
|
||||||
status = "404";
|
|
||||||
};
|
|
||||||
folderList = {
|
|
||||||
path = ./s3-revproxy-templates/folder-list.tpl;
|
|
||||||
headers = {
|
|
||||||
"Content-Type" = "{{ template \"main.headers.contentType\" . }}";
|
|
||||||
};
|
|
||||||
# empty s3 directories are not real and cannot hurt you.
|
|
||||||
# due to redirectWithTrailingSlashForNotFoundFile, garbage file names
|
|
||||||
# get redirected as folders, which then appear as empty, yielding
|
|
||||||
# poor UX.
|
|
||||||
status = ''
|
|
||||||
{{- if eq (len .Entries) 0 -}}
|
|
||||||
404
|
|
||||||
{{- else -}}
|
|
||||||
200
|
|
||||||
{{- end -}}
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
/* For metrics and debugging (e.g. pulling the config)
|
|
||||||
internalServer = {
|
|
||||||
listenAddr = "127.0.0.1";
|
|
||||||
port = 1337;
|
|
||||||
};
|
|
||||||
*/
|
|
||||||
server = {
|
|
||||||
listenAddr = "127.0.0.1";
|
|
||||||
port = cfg.port;
|
|
||||||
|
|
||||||
# it's going right into nginx, so no point
|
|
||||||
compress.enabled = false;
|
|
||||||
cors = {
|
|
||||||
enabled = true;
|
|
||||||
allowMethods = [ "GET" ];
|
|
||||||
allowOrigins = [ "*" ];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
targets = mapAttrs mkTarget cfg.targets;
|
|
||||||
};
|
|
||||||
environmentFile = config.age.secrets.s3-revproxy-api-key-env.path;
|
|
||||||
};
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -1,81 +0,0 @@
|
||||||
{ config, lib, ... }:
|
|
||||||
# TODO: move to wildcard TLS.
|
|
||||||
let
|
|
||||||
cfgParent = config.bagel.s3;
|
|
||||||
cfg = config.bagel.s3.web;
|
|
||||||
|
|
||||||
buckets = [ "install" "cache" "releases" "docs" ];
|
|
||||||
mkWebLocationBlock = host: {
|
|
||||||
proxyPass = "http://127.0.0.1:3902";
|
|
||||||
extraConfig = ''
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Host ${host};
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
mkDirectSubdomain = subdomain: {
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
locations."/" = mkWebLocationBlock "${subdomain}.${webHost}";
|
|
||||||
};
|
|
||||||
|
|
||||||
# Makes a subdomain that gets proxied through s3-proxy to provide directory
|
|
||||||
# listings and reasonable 404 pages.
|
|
||||||
# This is not used on cache, since there a directory listing for cache is a
|
|
||||||
# liability at best.
|
|
||||||
mkProxiedSubdomain = subdomain: {
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
locations."/" = {
|
|
||||||
recommendedProxySettings = true;
|
|
||||||
proxyPass = "http://127.0.0.1:${toString s3RevproxyPort}/";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options.bagel.s3.web = {
|
|
||||||
|
|
||||||
};
|
|
||||||
|
|
||||||
config = {
|
|
||||||
services.nginx = {
|
|
||||||
enable = true;
|
|
||||||
|
|
||||||
virtualHosts = {
|
|
||||||
${host} = {
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
|
|
||||||
serverAliases = builtins.map (b: "${b}.${host}") buckets;
|
|
||||||
|
|
||||||
locations."/" = {
|
|
||||||
proxyPass = "http://127.0.0.1:3900";
|
|
||||||
|
|
||||||
extraConfig = ''
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
|
|
||||||
# Disable buffering to a temporary file.
|
|
||||||
proxy_max_temp_file_size 0;
|
|
||||||
client_max_body_size 20G;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
${webHost} = {
|
|
||||||
enableACME = true;
|
|
||||||
forceSSL = true;
|
|
||||||
locations."/" = mkWebLocationBlock "$host";
|
|
||||||
|
|
||||||
# Create a subdomain for each bucket; and include special aliases
|
|
||||||
# for our special buckets 'cache' and 'install'.
|
|
||||||
serverAliases =
|
|
||||||
(builtins.map (b: "${b}.${webHost}") buckets);
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [
|
|
||||||
80 443
|
|
||||||
];
|
|
||||||
};
|
|
||||||
}
|
|
|
@ -32,6 +32,11 @@ in
|
||||||
];
|
];
|
||||||
server_name = "forkos.org";
|
server_name = "forkos.org";
|
||||||
database.backend = "rocksdb";
|
database.backend = "rocksdb";
|
||||||
|
|
||||||
|
server_discovery = {
|
||||||
|
server.authority = "matrix.forkos.org:443";
|
||||||
|
client.base_url = "https://matrix.forkos.org";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -48,18 +53,7 @@ in
|
||||||
"forkos.org" = {
|
"forkos.org" = {
|
||||||
forceSSL = true;
|
forceSSL = true;
|
||||||
enableACME = true;
|
enableACME = true;
|
||||||
locations = {
|
locations."/.well-known/matrix".proxyPass = "http://grapevine";
|
||||||
"= /.well-known/matrix/server".extraConfig = ''
|
|
||||||
add_header Content-Type application/json;
|
|
||||||
add_header Access-Control-Allow-Origin *;
|
|
||||||
return 200 '{"m.server": "matrix.forkos.org:443"}';
|
|
||||||
'';
|
|
||||||
"= /.well-known/matrix/client".extraConfig = ''
|
|
||||||
add_header Content-Type application/json;
|
|
||||||
add_header Access-Control-Allow-Origin *;
|
|
||||||
return 200 '{"m.homeserver": {"base_url": "https://matrix.forkos.org/"}, "m.identity_server": {"base_url": "https://matrix.org/"}, "org.matrix.msc3575.proxy": {"url": "https://matrix.forkos.org"}}';
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
@ -23,6 +23,9 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
services.postgresql.settings.shared_preload_libraries = "pg_stat_statements";
|
services.postgresql.settings.shared_preload_libraries = "pg_stat_statements";
|
||||||
|
systemd.services.postgresql.postStart = lib.mkAfter ''
|
||||||
|
${config.services.postgresql.package}/bin/psql -U postgres -c "CREATE EXTENSION IF NOT EXISTS pg_stat_statements;";
|
||||||
|
'';
|
||||||
|
|
||||||
bagel.monitoring.grafana-agent.exporters.postgres.port = 9104;
|
bagel.monitoring.grafana-agent.exporters.postgres.port = 9104;
|
||||||
};
|
};
|
||||||
|
|
|
@ -2,10 +2,10 @@ groups:
|
||||||
- name: ForkOS automation
|
- name: ForkOS automation
|
||||||
rules:
|
rules:
|
||||||
- alert: SyncFailedTooOften
|
- alert: SyncFailedTooOften
|
||||||
expr: 'changes(node_systemd_unit_state{name=~"ows.*.service",state="failed"}[24h]) > 2'
|
expr: 'changes(node_systemd_unit_state{name=~"ows.*.service",state="failed"}[1d]) > 2'
|
||||||
for: 30m
|
for: 30m
|
||||||
labels:
|
labels:
|
||||||
severity: critical
|
severity: critical
|
||||||
annotations:
|
annotations:
|
||||||
summary: "Synchronization job {{ $labels.name }} has failed more than twice in the last 24 hours"
|
description: On {{ $labels.instance }}, the synchronization job has failed more than twice in the last 24 hours, check if there's a conflict or a stdenv change.
|
||||||
description: "On {{ $labels.instance }}, the synchronization job has failed more than twice in the last 24 hours, check if there's a conflict or a stdenv change."
|
summary: Synchronization job {{ $labels.name }} has failed more than twice in the last 24 hours
|
||||||
|
|
|
@ -1,102 +1,118 @@
|
||||||
groups:
|
groups:
|
||||||
- name: PostgreSQL
|
- name: PostgreSQL
|
||||||
rules:
|
rules:
|
||||||
|
|
||||||
- alert: PostgresqlTableNotAutoVacuumed
|
- alert: PostgresqlTableNotAutoVacuumed
|
||||||
expr: '(pg_stat_user_tables_last_autovacuum > 0) and (time() - pg_stat_user_tables_last_autovacuum) > 60 * 60 * 24 * 10'
|
expr: '(pg_stat_user_tables_last_autovacuum > 0) and (time() - pg_stat_user_tables_last_autovacuum) > 60 * 60 * 24 * 10'
|
||||||
for: 0m
|
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
|
description: |-
|
||||||
|
Table {{ $labels.relname }} has not been auto vacuumed for 10 days
|
||||||
|
VALUE = {{ $value }}
|
||||||
|
LABELS = {{ $labels }}
|
||||||
summary: Postgresql table not auto vacuumed (instance {{ $labels.instance }})
|
summary: Postgresql table not auto vacuumed (instance {{ $labels.instance }})
|
||||||
description: "Table {{ $labels.relname }} has not been auto vacuumed for 10 days\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
|
||||||
|
|
||||||
- alert: PostgresqlTableNotAutoAnalyzed
|
- alert: PostgresqlTableNotAutoAnalyzed
|
||||||
expr: '(pg_stat_user_tables_last_autoanalyze > 0) and (time() - pg_stat_user_tables_last_autoanalyze) > 24 * 60 * 60 * 10'
|
expr: '(pg_stat_user_tables_last_autoanalyze > 0) and (time() - pg_stat_user_tables_last_autoanalyze) > 24 * 60 * 60 * 10'
|
||||||
for: 0m
|
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
|
description: |-
|
||||||
|
Table {{ $labels.relname }} has not been auto analyzed for 10 days
|
||||||
|
VALUE = {{ $value }}
|
||||||
|
LABELS = {{ $labels }}
|
||||||
summary: Postgresql table not auto analyzed (instance {{ $labels.instance }})
|
summary: Postgresql table not auto analyzed (instance {{ $labels.instance }})
|
||||||
description: "Table {{ $labels.relname }} has not been auto analyzed for 10 days\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
|
||||||
|
|
||||||
- alert: PostgresqlDeadLocks
|
- alert: PostgresqlDeadLocks
|
||||||
expr: 'increase(pg_stat_database_deadlocks{datname!~"template.*|postgres"}[1m]) > 5'
|
expr: 'increase(pg_stat_database_deadlocks{datname!~"template.*|postgres"}[1m]) > 5'
|
||||||
for: 0m
|
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
|
description: |-
|
||||||
|
PostgreSQL has dead-locks
|
||||||
|
VALUE = {{ $value }}
|
||||||
|
LABELS = {{ $labels }}
|
||||||
summary: Postgresql dead locks (instance {{ $labels.instance }})
|
summary: Postgresql dead locks (instance {{ $labels.instance }})
|
||||||
description: "PostgreSQL has dead-locks\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
|
||||||
|
|
||||||
- alert: PostgresqlHighRollbackRate
|
- alert: PostgresqlHighRollbackRate
|
||||||
expr: 'sum by (namespace,datname) ((rate(pg_stat_database_xact_rollback{datname!~"template.*|postgres",datid!="0"}[3m])) / ((rate(pg_stat_database_xact_rollback{datname!~"template.*|postgres",datid!="0"}[3m])) + (rate(pg_stat_database_xact_commit{datname!~"template.*|postgres",datid!="0"}[3m])))) > 0.02'
|
expr: 'sum by (namespace, datname) ((rate(pg_stat_database_xact_rollback{datid!="0",datname!~"template.*|postgres"}[3m])) / ((rate(pg_stat_database_xact_rollback{datid!="0",datname!~"template.*|postgres"}[3m])) + (rate(pg_stat_database_xact_commit{datid!="0",datname!~"template.*|postgres"}[3m])))) > 0.02'
|
||||||
for: 0m
|
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
|
description: |-
|
||||||
|
Ratio of transactions being aborted compared to committed is > 2 %
|
||||||
|
VALUE = {{ $value }}
|
||||||
|
LABELS = {{ $labels }}
|
||||||
summary: Postgresql high rollback rate (instance {{ $labels.instance }})
|
summary: Postgresql high rollback rate (instance {{ $labels.instance }})
|
||||||
description: "Ratio of transactions being aborted compared to committed is > 2 %\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
|
||||||
|
|
||||||
- alert: PostgresqlHighRateStatementTimeout
|
- alert: PostgresqlHighRateStatementTimeout
|
||||||
expr: 'rate(postgresql_errors_total{type="statement_timeout"}[1m]) > 3'
|
expr: 'rate(postgresql_errors_total{type="statement_timeout"}[1m]) > 3'
|
||||||
for: 0m
|
|
||||||
labels:
|
labels:
|
||||||
severity: critical
|
severity: critical
|
||||||
annotations:
|
annotations:
|
||||||
|
description: |-
|
||||||
|
Postgres transactions showing high rate of statement timeouts
|
||||||
|
VALUE = {{ $value }}
|
||||||
|
LABELS = {{ $labels }}
|
||||||
summary: Postgresql high rate statement timeout (instance {{ $labels.instance }})
|
summary: Postgresql high rate statement timeout (instance {{ $labels.instance }})
|
||||||
description: "Postgres transactions showing high rate of statement timeouts\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
|
||||||
|
|
||||||
- alert: PostgresqlHighRateDeadlock
|
- alert: PostgresqlHighRateDeadlock
|
||||||
expr: 'increase(postgresql_errors_total{type="deadlock_detected"}[1m]) > 1'
|
expr: 'increase(postgresql_errors_total{type="deadlock_detected"}[1m]) > 1'
|
||||||
for: 0m
|
|
||||||
labels:
|
labels:
|
||||||
severity: critical
|
severity: critical
|
||||||
annotations:
|
annotations:
|
||||||
|
description: |-
|
||||||
|
Postgres detected deadlocks
|
||||||
|
VALUE = {{ $value }}
|
||||||
|
LABELS = {{ $labels }}
|
||||||
summary: Postgresql high rate deadlock (instance {{ $labels.instance }})
|
summary: Postgresql high rate deadlock (instance {{ $labels.instance }})
|
||||||
description: "Postgres detected deadlocks\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
|
||||||
|
|
||||||
- alert: PostgresqlTooManyDeadTuples
|
- alert: PostgresqlTooManyDeadTuples
|
||||||
expr: '((pg_stat_user_tables_n_dead_tup > 10000) / (pg_stat_user_tables_n_live_tup + pg_stat_user_tables_n_dead_tup)) >= 0.1'
|
expr: '((pg_stat_user_tables_n_dead_tup > 10000) / (pg_stat_user_tables_n_live_tup + pg_stat_user_tables_n_dead_tup)) >= 0.1'
|
||||||
for: 2m
|
for: 2m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
|
description: |-
|
||||||
|
PostgreSQL dead tuples is too large
|
||||||
|
VALUE = {{ $value }}
|
||||||
|
LABELS = {{ $labels }}
|
||||||
summary: Postgresql too many dead tuples (instance {{ $labels.instance }})
|
summary: Postgresql too many dead tuples (instance {{ $labels.instance }})
|
||||||
description: "PostgreSQL dead tuples is too large\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
|
||||||
|
|
||||||
- alert: PostgresqlTooManyLocksAcquired
|
- alert: PostgresqlTooManyLocksAcquired
|
||||||
expr: '((sum (pg_locks_count)) / (pg_settings_max_locks_per_transaction * pg_settings_max_connections)) > 0.20'
|
expr: '((sum(pg_locks_count)) / (pg_settings_max_locks_per_transaction * pg_settings_max_connections)) > 0.2'
|
||||||
for: 2m
|
for: 2m
|
||||||
labels:
|
labels:
|
||||||
severity: critical
|
severity: critical
|
||||||
annotations:
|
annotations:
|
||||||
|
description: |-
|
||||||
|
Too many locks acquired on the database. If this alert happens frequently, we may need to increase the postgres setting max_locks_per_transaction.
|
||||||
|
VALUE = {{ $value }}
|
||||||
|
LABELS = {{ $labels }}
|
||||||
summary: Postgresql too many locks acquired (instance {{ $labels.instance }})
|
summary: Postgresql too many locks acquired (instance {{ $labels.instance }})
|
||||||
description: "Too many locks acquired on the database. If this alert happens frequently, we may need to increase the postgres setting max_locks_per_transaction.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
|
||||||
|
|
||||||
- alert: PostgresqlBloatIndexHigh(>80%)
|
- alert: PostgresqlBloatIndexHigh(>80%)
|
||||||
expr: 'pg_bloat_btree_bloat_pct > 80 and on (idxname) (pg_bloat_btree_real_size > 100000000)'
|
expr: 'pg_bloat_btree_bloat_pct > 80 and on (idxname) (pg_bloat_btree_real_size > 1e+08)'
|
||||||
for: 1h
|
for: 1h
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
|
description: |-
|
||||||
|
The index {{ $labels.idxname }} is bloated. You should execute `REINDEX INDEX CONCURRENTLY {{ $labels.idxname }};`
|
||||||
|
VALUE = {{ $value }}
|
||||||
|
LABELS = {{ $labels }}
|
||||||
summary: Postgresql bloat index high (> 80%) (instance {{ $labels.instance }})
|
summary: Postgresql bloat index high (> 80%) (instance {{ $labels.instance }})
|
||||||
description: "The index {{ $labels.idxname }} is bloated. You should execute `REINDEX INDEX CONCURRENTLY {{ $labels.idxname }};`\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
|
||||||
|
|
||||||
- alert: PostgresqlBloatTableHigh(>80%)
|
- alert: PostgresqlBloatTableHigh(>80%)
|
||||||
expr: 'pg_bloat_table_bloat_pct > 80 and on (relname) (pg_bloat_table_real_size > 200000000)'
|
expr: 'pg_bloat_table_bloat_pct > 80 and on (relname) (pg_bloat_table_real_size > 2e+08)'
|
||||||
for: 1h
|
for: 1h
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
|
description: |-
|
||||||
|
The table {{ $labels.relname }} is bloated. You should execute `VACUUM {{ $labels.relname }};`
|
||||||
|
VALUE = {{ $value }}
|
||||||
|
LABELS = {{ $labels }}
|
||||||
summary: Postgresql bloat table high (> 80%) (instance {{ $labels.instance }})
|
summary: Postgresql bloat table high (> 80%) (instance {{ $labels.instance }})
|
||||||
description: "The table {{ $labels.relname }} is bloated. You should execute `VACUUM {{ $labels.relname }};`\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
|
||||||
|
|
||||||
- alert: PostgresqlInvalidIndex
|
- alert: PostgresqlInvalidIndex
|
||||||
expr: 'pg_genaral_index_info_pg_relation_size{indexrelname=~".*ccnew.*"}'
|
expr: 'pg_genaral_index_info_pg_relation_size{indexrelname=~".*ccnew.*"}'
|
||||||
for: 6h
|
for: 6h
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
|
description: |-
|
||||||
|
The table {{ $labels.relname }} has an invalid index: {{ $labels.indexrelname }}. You should execute `DROP INDEX {{ $labels.indexrelname }};`
|
||||||
|
VALUE = {{ $value }}
|
||||||
|
LABELS = {{ $labels }}
|
||||||
summary: Postgresql invalid index (instance {{ $labels.instance }})
|
summary: Postgresql invalid index (instance {{ $labels.instance }})
|
||||||
description: "The table {{ $labels.relname }} has an invalid index: {{ $labels.indexrelname }}. You should execute `DROP INDEX {{ $labels.indexrelname }};`\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
|
||||||
|
|
|
@ -7,70 +7,94 @@ groups:
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
|
description: |-
|
||||||
|
Node memory is filling up (< 10% left)
|
||||||
|
VALUE = {{ $value }}
|
||||||
|
LABELS = {{ $labels }}
|
||||||
summary: Host out of memory (instance {{ $labels.instance }})
|
summary: Host out of memory (instance {{ $labels.instance }})
|
||||||
description: "Node memory is filling up (< 10% left)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
|
||||||
- alert: HostMemoryUnderMemoryPressure
|
- alert: HostMemoryUnderMemoryPressure
|
||||||
expr: (rate(node_vmstat_pgmajfault[1m]) > 1000) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
|
expr: (rate(node_vmstat_pgmajfault[1m]) > 1000) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
|
||||||
for: 2m
|
for: 2m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
|
description: |-
|
||||||
|
The node is under heavy memory pressure. High rate of major page faults
|
||||||
|
VALUE = {{ $value }}
|
||||||
|
LABELS = {{ $labels }}
|
||||||
summary: Host memory under memory pressure (instance {{ $labels.instance }})
|
summary: Host memory under memory pressure (instance {{ $labels.instance }})
|
||||||
description: "The node is under heavy memory pressure. High rate of major page faults\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
|
||||||
- alert: HostMemoryIsUnderutilized
|
- alert: HostMemoryIsUnderutilized
|
||||||
expr: (100 - (avg_over_time(node_memory_MemAvailable_bytes[30m]) / node_memory_MemTotal_bytes * 100) < 20) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
|
expr: (100 - (avg_over_time(node_memory_MemAvailable_bytes[30m]) / node_memory_MemTotal_bytes * 100) < 20) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
|
||||||
for: 1w
|
for: 1w
|
||||||
labels:
|
labels:
|
||||||
severity: info
|
severity: info
|
||||||
annotations:
|
annotations:
|
||||||
|
description: |-
|
||||||
|
Node memory is < 20% for 1 week. Consider reducing memory space. (instance {{ $labels.instance }})
|
||||||
|
VALUE = {{ $value }}
|
||||||
|
LABELS = {{ $labels }}
|
||||||
summary: Host Memory is underutilized (instance {{ $labels.instance }})
|
summary: Host Memory is underutilized (instance {{ $labels.instance }})
|
||||||
description: "Node memory is < 20% for 1 week. Consider reducing memory space. (instance {{ $labels.instance }})\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
|
||||||
- alert: HostOutOfDiskSpace
|
- alert: HostOutOfDiskSpace
|
||||||
expr: ((node_filesystem_avail_bytes * 100) / node_filesystem_size_bytes < 10 and ON (instance, device, mountpoint) node_filesystem_readonly == 0) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}
|
expr: ((node_filesystem_avail_bytes * 100) / node_filesystem_size_bytes < 10 and on (instance, device, mountpoint) node_filesystem_readonly == 0) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
|
||||||
for: 2m
|
for: 2m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
|
description: |-
|
||||||
|
Disk is almost full (< 10% left)
|
||||||
|
VALUE = {{ $value }}
|
||||||
|
LABELS = {{ $labels }}
|
||||||
summary: Host out of disk space (instance {{ $labels.instance }})
|
summary: Host out of disk space (instance {{ $labels.instance }})
|
||||||
description: "Disk is almost full (< 10% left)\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
|
||||||
- alert: HostDiskWillFillIn24Hours
|
- alert: HostDiskWillFillIn24Hours
|
||||||
expr: ((node_filesystem_avail_bytes * 100) / node_filesystem_size_bytes < 10 and ON (instance, device, mountpoint) predict_linear(node_filesystem_avail_bytes{fstype!~"tmpfs"}[1h], 24 * 3600) < 0 and ON (instance, device, mountpoint) node_filesystem_readonly == 0) * on(instance) group_left (nodename) node_uname_info{nodename=~".+"}
|
expr: ((node_filesystem_avail_bytes * 100) / node_filesystem_size_bytes < 10 and on (instance, device, mountpoint) predict_linear(node_filesystem_avail_bytes{fstype!~"tmpfs"}[1h], 24 * 3600) < 0 and on (instance, device, mountpoint) node_filesystem_readonly == 0) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
|
||||||
for: 2m
|
for: 2m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
|
description: |-
|
||||||
|
Filesystem is predicted to run out of space within the next 24 hours at current write rate
|
||||||
|
VALUE = {{ $value }}
|
||||||
|
LABELS = {{ $labels }}
|
||||||
summary: Host disk will fill in 24 hours (instance {{ $labels.instance }})
|
summary: Host disk will fill in 24 hours (instance {{ $labels.instance }})
|
||||||
description: "Filesystem is predicted to run out of space within the next 24 hours at current write rate\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
|
||||||
- alert: HostCpuIsUnderutilized
|
- alert: HostCpuIsUnderutilized
|
||||||
expr: (100 - (rate(node_cpu_seconds_total{mode="idle"}[30m]) * 100) < 20) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
|
expr: (100 - (rate(node_cpu_seconds_total{mode="idle"}[30m]) * 100) < 20) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
|
||||||
for: 1w
|
for: 1w
|
||||||
labels:
|
labels:
|
||||||
severity: info
|
severity: info
|
||||||
annotations:
|
annotations:
|
||||||
|
description: |-
|
||||||
|
CPU load is < 20% for 1 week. Consider reducing the number of CPUs.
|
||||||
|
VALUE = {{ $value }}
|
||||||
|
LABELS = {{ $labels }}
|
||||||
summary: Host CPU is underutilized (instance {{ $labels.instance }})
|
summary: Host CPU is underutilized (instance {{ $labels.instance }})
|
||||||
description: "CPU load is < 20% for 1 week. Consider reducing the number of CPUs.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
|
||||||
- alert: HostCpuStealNoisyNeighbor
|
- alert: HostCpuStealNoisyNeighbor
|
||||||
expr: (avg by (instance) (rate(node_cpu_seconds_total{mode="steal"}[5m])) * 100 > 10) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
|
expr: (avg by (instance) (rate(node_cpu_seconds_total{mode="steal"}[5m])) * 100 > 10) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
|
||||||
for: 0m
|
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
|
description: |-
|
||||||
|
CPU steal is > 10%. A noisy neighbor is killing VM performances or a spot instance may be out of credit.
|
||||||
|
VALUE = {{ $value }}
|
||||||
|
LABELS = {{ $labels }}
|
||||||
summary: Host CPU steal noisy neighbor (instance {{ $labels.instance }})
|
summary: Host CPU steal noisy neighbor (instance {{ $labels.instance }})
|
||||||
description: "CPU steal is > 10%. A noisy neighbor is killing VM performances or a spot instance may be out of credit.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
|
||||||
- alert: HostOomKillDetected
|
- alert: HostOomKillDetected
|
||||||
expr: (increase(node_vmstat_oom_kill[1m]) > 0) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
|
expr: (increase(node_vmstat_oom_kill[1m]) > 0) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
|
||||||
for: 0m
|
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
|
description: |-
|
||||||
|
OOM kill detected
|
||||||
|
VALUE = {{ $value }}
|
||||||
|
LABELS = {{ $labels }}
|
||||||
summary: Host OOM kill detected (instance {{ $labels.instance }})
|
summary: Host OOM kill detected (instance {{ $labels.instance }})
|
||||||
description: "OOM kill detected\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
|
||||||
- alert: HostNetworkInterfaceSaturated
|
- alert: HostNetworkInterfaceSaturated
|
||||||
expr: ((rate(node_network_receive_bytes_total{device!~"^tap.*|^vnet.*|^veth.*|^tun.*"}[1m]) + rate(node_network_transmit_bytes_total{device!~"^tap.*|^vnet.*|^veth.*|^tun.*"}[1m])) / node_network_speed_bytes{device!~"^tap.*|^vnet.*|^veth.*|^tun.*"} > 0.8 < 10000) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
|
expr: ((rate(node_network_receive_bytes_total{device!~"^tap.*|^vnet.*|^veth.*|^tun.*"}[1m]) + rate(node_network_transmit_bytes_total{device!~"^tap.*|^vnet.*|^veth.*|^tun.*"}[1m])) / node_network_speed_bytes{device!~"^tap.*|^vnet.*|^veth.*|^tun.*"} > 0.8 < 10000) * on (instance) group_left (nodename) node_uname_info{nodename=~".+"}
|
||||||
for: 1m
|
for: 1m
|
||||||
labels:
|
labels:
|
||||||
severity: warning
|
severity: warning
|
||||||
annotations:
|
annotations:
|
||||||
|
description: |-
|
||||||
|
The network interface "{{ $labels.device }}" on "{{ $labels.instance }}" is getting overloaded.
|
||||||
|
VALUE = {{ $value }}
|
||||||
|
LABELS = {{ $labels }}
|
||||||
summary: Host Network Interface Saturated (instance {{ $labels.instance }})
|
summary: Host Network Interface Saturated (instance {{ $labels.instance }})
|
||||||
description: "The network interface \"{{ $labels.device }}\" on \"{{ $labels.instance }}\" is getting overloaded.\n VALUE = {{ $value }}\n LABELS = {{ $labels }}"
|
|
||||||
|
|
||||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -20,7 +20,6 @@
|
||||||
"fiscalYearStartMonth": 0,
|
"fiscalYearStartMonth": 0,
|
||||||
"gnetId": 9628,
|
"gnetId": 9628,
|
||||||
"graphTooltip": 0,
|
"graphTooltip": 0,
|
||||||
"id": 27,
|
|
||||||
"links": [],
|
"links": [],
|
||||||
"liveNow": false,
|
"liveNow": false,
|
||||||
"panels": [
|
"panels": [
|
||||||
|
@ -101,6 +100,7 @@
|
||||||
"graphMode": "none",
|
"graphMode": "none",
|
||||||
"justifyMode": "auto",
|
"justifyMode": "auto",
|
||||||
"orientation": "horizontal",
|
"orientation": "horizontal",
|
||||||
|
"percentChangeColorMode": "standard",
|
||||||
"reduceOptions": {
|
"reduceOptions": {
|
||||||
"calcs": [
|
"calcs": [
|
||||||
"mean"
|
"mean"
|
||||||
|
@ -112,14 +112,14 @@
|
||||||
"textMode": "name",
|
"textMode": "name",
|
||||||
"wideLayout": true
|
"wideLayout": true
|
||||||
},
|
},
|
||||||
"pluginVersion": "11.0.0",
|
"pluginVersion": "11.2.1",
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"datasource": {
|
"datasource": {
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "pg_static{hostname=\"$hostname\"}",
|
"expr": "pg_static{tenant=\"$tenant\",hostname=\"$hostname\"}",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"instant": true,
|
"instant": true,
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
|
@ -182,6 +182,7 @@
|
||||||
"graphMode": "none",
|
"graphMode": "none",
|
||||||
"justifyMode": "auto",
|
"justifyMode": "auto",
|
||||||
"orientation": "horizontal",
|
"orientation": "horizontal",
|
||||||
|
"percentChangeColorMode": "standard",
|
||||||
"reduceOptions": {
|
"reduceOptions": {
|
||||||
"calcs": [
|
"calcs": [
|
||||||
"mean"
|
"mean"
|
||||||
|
@ -193,14 +194,14 @@
|
||||||
"textMode": "auto",
|
"textMode": "auto",
|
||||||
"wideLayout": true
|
"wideLayout": true
|
||||||
},
|
},
|
||||||
"pluginVersion": "11.0.0",
|
"pluginVersion": "11.2.1",
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"datasource": {
|
"datasource": {
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "pg_postmaster_start_time_seconds{hostname=\"$hostname\"} * 1000",
|
"expr": "pg_postmaster_start_time_seconds{tenant=\"$tenant\",hostname=\"$hostname\"} * 1000",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 2,
|
"intervalFactor": 2,
|
||||||
"legendFormat": "",
|
"legendFormat": "",
|
||||||
|
@ -261,6 +262,7 @@
|
||||||
"graphMode": "none",
|
"graphMode": "none",
|
||||||
"justifyMode": "auto",
|
"justifyMode": "auto",
|
||||||
"orientation": "horizontal",
|
"orientation": "horizontal",
|
||||||
|
"percentChangeColorMode": "standard",
|
||||||
"reduceOptions": {
|
"reduceOptions": {
|
||||||
"calcs": [
|
"calcs": [
|
||||||
"lastNotNull"
|
"lastNotNull"
|
||||||
|
@ -272,14 +274,14 @@
|
||||||
"textMode": "auto",
|
"textMode": "auto",
|
||||||
"wideLayout": true
|
"wideLayout": true
|
||||||
},
|
},
|
||||||
"pluginVersion": "11.0.0",
|
"pluginVersion": "11.2.1",
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"datasource": {
|
"datasource": {
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "SUM(pg_stat_database_tup_fetched{datname=~\"$datname\", hostname=~\"$hostname\"})",
|
"expr": "SUM(pg_stat_database_tup_fetched{datname=~\"$datname\", tenant=\"$tenant\",hostname=~\"$hostname\"})",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 2,
|
"intervalFactor": 2,
|
||||||
"refId": "A",
|
"refId": "A",
|
||||||
|
@ -340,6 +342,7 @@
|
||||||
"graphMode": "none",
|
"graphMode": "none",
|
||||||
"justifyMode": "auto",
|
"justifyMode": "auto",
|
||||||
"orientation": "horizontal",
|
"orientation": "horizontal",
|
||||||
|
"percentChangeColorMode": "standard",
|
||||||
"reduceOptions": {
|
"reduceOptions": {
|
||||||
"calcs": [
|
"calcs": [
|
||||||
"lastNotNull"
|
"lastNotNull"
|
||||||
|
@ -351,14 +354,14 @@
|
||||||
"textMode": "auto",
|
"textMode": "auto",
|
||||||
"wideLayout": true
|
"wideLayout": true
|
||||||
},
|
},
|
||||||
"pluginVersion": "11.0.0",
|
"pluginVersion": "11.2.1",
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"datasource": {
|
"datasource": {
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "SUM(pg_stat_database_tup_inserted{datname=~\"$datname\", hostname=~\"$hostname\"})",
|
"expr": "SUM(pg_stat_database_tup_inserted{datname=~\"$datname\", tenant=\"$tenant\",hostname=~\"$hostname\"})",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 2,
|
"intervalFactor": 2,
|
||||||
"refId": "A",
|
"refId": "A",
|
||||||
|
@ -419,6 +422,7 @@
|
||||||
"graphMode": "none",
|
"graphMode": "none",
|
||||||
"justifyMode": "auto",
|
"justifyMode": "auto",
|
||||||
"orientation": "horizontal",
|
"orientation": "horizontal",
|
||||||
|
"percentChangeColorMode": "standard",
|
||||||
"reduceOptions": {
|
"reduceOptions": {
|
||||||
"calcs": [
|
"calcs": [
|
||||||
"lastNotNull"
|
"lastNotNull"
|
||||||
|
@ -430,14 +434,14 @@
|
||||||
"textMode": "auto",
|
"textMode": "auto",
|
||||||
"wideLayout": true
|
"wideLayout": true
|
||||||
},
|
},
|
||||||
"pluginVersion": "11.0.0",
|
"pluginVersion": "11.2.1",
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"datasource": {
|
"datasource": {
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "SUM(pg_stat_database_tup_updated{datname=~\"$datname\", hostname=~\"$hostname\"})",
|
"expr": "SUM(pg_stat_database_tup_updated{datname=~\"$datname\", tenant=\"$tenant\",hostname=~\"$hostname\"})",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 2,
|
"intervalFactor": 2,
|
||||||
"refId": "A",
|
"refId": "A",
|
||||||
|
@ -498,6 +502,7 @@
|
||||||
"graphMode": "none",
|
"graphMode": "none",
|
||||||
"justifyMode": "auto",
|
"justifyMode": "auto",
|
||||||
"orientation": "horizontal",
|
"orientation": "horizontal",
|
||||||
|
"percentChangeColorMode": "standard",
|
||||||
"reduceOptions": {
|
"reduceOptions": {
|
||||||
"calcs": [
|
"calcs": [
|
||||||
"mean"
|
"mean"
|
||||||
|
@ -509,14 +514,14 @@
|
||||||
"textMode": "auto",
|
"textMode": "auto",
|
||||||
"wideLayout": true
|
"wideLayout": true
|
||||||
},
|
},
|
||||||
"pluginVersion": "11.0.0",
|
"pluginVersion": "11.2.1",
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"datasource": {
|
"datasource": {
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "pg_settings_max_connections{hostname=\"$hostname\"}",
|
"expr": "pg_settings_max_connections{tenant=\"$tenant\",hostname=\"$hostname\"}",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
"refId": "A"
|
"refId": "A"
|
||||||
|
@ -602,6 +607,7 @@
|
||||||
"graphMode": "none",
|
"graphMode": "none",
|
||||||
"justifyMode": "auto",
|
"justifyMode": "auto",
|
||||||
"orientation": "horizontal",
|
"orientation": "horizontal",
|
||||||
|
"percentChangeColorMode": "standard",
|
||||||
"reduceOptions": {
|
"reduceOptions": {
|
||||||
"calcs": [
|
"calcs": [
|
||||||
"lastNotNull"
|
"lastNotNull"
|
||||||
|
@ -613,14 +619,14 @@
|
||||||
"textMode": "auto",
|
"textMode": "auto",
|
||||||
"wideLayout": true
|
"wideLayout": true
|
||||||
},
|
},
|
||||||
"pluginVersion": "11.0.0",
|
"pluginVersion": "11.2.1",
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"datasource": {
|
"datasource": {
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "pg_settings_shared_buffers_bytes{hostname=\"$hostname\"}",
|
"expr": "pg_settings_shared_buffers_bytes{tenant=\"$tenant\",hostname=\"$hostname\"}",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
"refId": "A"
|
"refId": "A"
|
||||||
|
@ -680,6 +686,7 @@
|
||||||
"graphMode": "none",
|
"graphMode": "none",
|
||||||
"justifyMode": "auto",
|
"justifyMode": "auto",
|
||||||
"orientation": "horizontal",
|
"orientation": "horizontal",
|
||||||
|
"percentChangeColorMode": "standard",
|
||||||
"reduceOptions": {
|
"reduceOptions": {
|
||||||
"calcs": [
|
"calcs": [
|
||||||
"lastNotNull"
|
"lastNotNull"
|
||||||
|
@ -691,14 +698,14 @@
|
||||||
"textMode": "auto",
|
"textMode": "auto",
|
||||||
"wideLayout": true
|
"wideLayout": true
|
||||||
},
|
},
|
||||||
"pluginVersion": "11.0.0",
|
"pluginVersion": "11.2.1",
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"datasource": {
|
"datasource": {
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "pg_settings_effective_cache_size_bytes{hostname=\"$hostname\"}",
|
"expr": "pg_settings_effective_cache_size_bytes{tenant=\"$tenant\",hostname=\"$hostname\"}",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
"refId": "A"
|
"refId": "A"
|
||||||
|
@ -758,6 +765,7 @@
|
||||||
"graphMode": "none",
|
"graphMode": "none",
|
||||||
"justifyMode": "auto",
|
"justifyMode": "auto",
|
||||||
"orientation": "horizontal",
|
"orientation": "horizontal",
|
||||||
|
"percentChangeColorMode": "standard",
|
||||||
"reduceOptions": {
|
"reduceOptions": {
|
||||||
"calcs": [
|
"calcs": [
|
||||||
"lastNotNull"
|
"lastNotNull"
|
||||||
|
@ -769,14 +777,14 @@
|
||||||
"textMode": "auto",
|
"textMode": "auto",
|
||||||
"wideLayout": true
|
"wideLayout": true
|
||||||
},
|
},
|
||||||
"pluginVersion": "11.0.0",
|
"pluginVersion": "11.2.1",
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"datasource": {
|
"datasource": {
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "pg_settings_maintenance_work_mem_bytes{hostname=\"$hostname\"}",
|
"expr": "pg_settings_maintenance_work_mem_bytes{tenant=\"$tenant\",hostname=\"$hostname\"}",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
"refId": "A"
|
"refId": "A"
|
||||||
|
@ -836,6 +844,7 @@
|
||||||
"graphMode": "none",
|
"graphMode": "none",
|
||||||
"justifyMode": "auto",
|
"justifyMode": "auto",
|
||||||
"orientation": "horizontal",
|
"orientation": "horizontal",
|
||||||
|
"percentChangeColorMode": "standard",
|
||||||
"reduceOptions": {
|
"reduceOptions": {
|
||||||
"calcs": [
|
"calcs": [
|
||||||
"lastNotNull"
|
"lastNotNull"
|
||||||
|
@ -847,14 +856,14 @@
|
||||||
"textMode": "auto",
|
"textMode": "auto",
|
||||||
"wideLayout": true
|
"wideLayout": true
|
||||||
},
|
},
|
||||||
"pluginVersion": "11.0.0",
|
"pluginVersion": "11.2.1",
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"datasource": {
|
"datasource": {
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "pg_settings_work_mem_bytes{hostname=\"$hostname\"}",
|
"expr": "pg_settings_work_mem_bytes{tenant=\"$tenant\",hostname=\"$hostname\"}",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
"legendFormat": "",
|
"legendFormat": "",
|
||||||
|
@ -916,6 +925,7 @@
|
||||||
"graphMode": "none",
|
"graphMode": "none",
|
||||||
"justifyMode": "auto",
|
"justifyMode": "auto",
|
||||||
"orientation": "horizontal",
|
"orientation": "horizontal",
|
||||||
|
"percentChangeColorMode": "standard",
|
||||||
"reduceOptions": {
|
"reduceOptions": {
|
||||||
"calcs": [
|
"calcs": [
|
||||||
"lastNotNull"
|
"lastNotNull"
|
||||||
|
@ -927,14 +937,14 @@
|
||||||
"textMode": "auto",
|
"textMode": "auto",
|
||||||
"wideLayout": true
|
"wideLayout": true
|
||||||
},
|
},
|
||||||
"pluginVersion": "11.0.0",
|
"pluginVersion": "11.2.1",
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"datasource": {
|
"datasource": {
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "pg_settings_max_wal_size_bytes{hostname=\"$hostname\"}",
|
"expr": "pg_settings_max_wal_size_bytes{tenant=\"$tenant\",hostname=\"$hostname\"}",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
"refId": "A"
|
"refId": "A"
|
||||||
|
@ -994,6 +1004,7 @@
|
||||||
"graphMode": "none",
|
"graphMode": "none",
|
||||||
"justifyMode": "auto",
|
"justifyMode": "auto",
|
||||||
"orientation": "horizontal",
|
"orientation": "horizontal",
|
||||||
|
"percentChangeColorMode": "standard",
|
||||||
"reduceOptions": {
|
"reduceOptions": {
|
||||||
"calcs": [
|
"calcs": [
|
||||||
"lastNotNull"
|
"lastNotNull"
|
||||||
|
@ -1005,14 +1016,14 @@
|
||||||
"textMode": "auto",
|
"textMode": "auto",
|
||||||
"wideLayout": true
|
"wideLayout": true
|
||||||
},
|
},
|
||||||
"pluginVersion": "11.0.0",
|
"pluginVersion": "11.2.1",
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"datasource": {
|
"datasource": {
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "pg_settings_random_page_cost{hostname=\"$hostname\"}",
|
"expr": "pg_settings_random_page_cost{tenant=\"$tenant\",hostname=\"$hostname\"}",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
"refId": "A"
|
"refId": "A"
|
||||||
|
@ -1072,6 +1083,7 @@
|
||||||
"graphMode": "none",
|
"graphMode": "none",
|
||||||
"justifyMode": "auto",
|
"justifyMode": "auto",
|
||||||
"orientation": "horizontal",
|
"orientation": "horizontal",
|
||||||
|
"percentChangeColorMode": "standard",
|
||||||
"reduceOptions": {
|
"reduceOptions": {
|
||||||
"calcs": [
|
"calcs": [
|
||||||
"lastNotNull"
|
"lastNotNull"
|
||||||
|
@ -1083,7 +1095,7 @@
|
||||||
"textMode": "auto",
|
"textMode": "auto",
|
||||||
"wideLayout": true
|
"wideLayout": true
|
||||||
},
|
},
|
||||||
"pluginVersion": "11.0.0",
|
"pluginVersion": "11.2.1",
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"datasource": {
|
"datasource": {
|
||||||
|
@ -1150,6 +1162,7 @@
|
||||||
"graphMode": "none",
|
"graphMode": "none",
|
||||||
"justifyMode": "auto",
|
"justifyMode": "auto",
|
||||||
"orientation": "horizontal",
|
"orientation": "horizontal",
|
||||||
|
"percentChangeColorMode": "standard",
|
||||||
"reduceOptions": {
|
"reduceOptions": {
|
||||||
"calcs": [
|
"calcs": [
|
||||||
"mean"
|
"mean"
|
||||||
|
@ -1161,14 +1174,14 @@
|
||||||
"textMode": "auto",
|
"textMode": "auto",
|
||||||
"wideLayout": true
|
"wideLayout": true
|
||||||
},
|
},
|
||||||
"pluginVersion": "11.0.0",
|
"pluginVersion": "11.2.1",
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"datasource": {
|
"datasource": {
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "pg_settings_max_worker_processes{hostname=\"$hostname\"}",
|
"expr": "pg_settings_max_worker_processes{tenant=\"$tenant\",hostname=\"$hostname\"}",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
"refId": "A"
|
"refId": "A"
|
||||||
|
@ -1228,6 +1241,7 @@
|
||||||
"graphMode": "none",
|
"graphMode": "none",
|
||||||
"justifyMode": "auto",
|
"justifyMode": "auto",
|
||||||
"orientation": "horizontal",
|
"orientation": "horizontal",
|
||||||
|
"percentChangeColorMode": "standard",
|
||||||
"reduceOptions": {
|
"reduceOptions": {
|
||||||
"calcs": [
|
"calcs": [
|
||||||
"lastNotNull"
|
"lastNotNull"
|
||||||
|
@ -1239,14 +1253,14 @@
|
||||||
"textMode": "auto",
|
"textMode": "auto",
|
||||||
"wideLayout": true
|
"wideLayout": true
|
||||||
},
|
},
|
||||||
"pluginVersion": "11.0.0",
|
"pluginVersion": "11.2.1",
|
||||||
"targets": [
|
"targets": [
|
||||||
{
|
{
|
||||||
"datasource": {
|
"datasource": {
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "pg_settings_max_parallel_workers{hostname=\"$hostname\"}",
|
"expr": "pg_settings_max_parallel_workers{tenant=\"$tenant\",hostname=\"$hostname\"}",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
"refId": "A"
|
"refId": "A"
|
||||||
|
@ -1298,6 +1312,7 @@
|
||||||
"axisLabel": "",
|
"axisLabel": "",
|
||||||
"axisPlacement": "auto",
|
"axisPlacement": "auto",
|
||||||
"barAlignment": 0,
|
"barAlignment": 0,
|
||||||
|
"barWidthFactor": 0.6,
|
||||||
"drawStyle": "points",
|
"drawStyle": "points",
|
||||||
"fillOpacity": 10,
|
"fillOpacity": 10,
|
||||||
"gradientMode": "none",
|
"gradientMode": "none",
|
||||||
|
@ -1372,7 +1387,7 @@
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "pg_stat_activity_count{datname=~\"$datname\", hostname=~\"$hostname\", state=\"active\"} !=0",
|
"expr": "pg_stat_activity_count{datname=~\"$datname\", tenant=\"$tenant\",hostname=~\"$hostname\", state=\"active\"} !=0",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"interval": "",
|
"interval": "",
|
||||||
"intervalFactor": 2,
|
"intervalFactor": 2,
|
||||||
|
@ -1401,6 +1416,7 @@
|
||||||
"axisLabel": "",
|
"axisLabel": "",
|
||||||
"axisPlacement": "auto",
|
"axisPlacement": "auto",
|
||||||
"barAlignment": 0,
|
"barAlignment": 0,
|
||||||
|
"barWidthFactor": 0.6,
|
||||||
"drawStyle": "line",
|
"drawStyle": "line",
|
||||||
"fillOpacity": 10,
|
"fillOpacity": 10,
|
||||||
"gradientMode": "none",
|
"gradientMode": "none",
|
||||||
|
@ -1474,7 +1490,7 @@
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "irate(pg_stat_database_xact_commit{hostname=\"$hostname\", datname=~\"$datname\"}[5m])",
|
"expr": "irate(pg_stat_database_xact_commit{tenant=\"$tenant\",hostname=\"$hostname\", datname=~\"$datname\"}[5m])",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
"legendFormat": "{{datname}} commits",
|
"legendFormat": "{{datname}} commits",
|
||||||
|
@ -1485,7 +1501,7 @@
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "irate(pg_stat_database_xact_rollback{hostname=\"$hostname\", datname=~\"$datname\"}[5m])",
|
"expr": "irate(pg_stat_database_xact_rollback{tenant=\"$tenant\",hostname=\"$hostname\", datname=~\"$datname\"}[5m])",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
"legendFormat": "{{datname}} rollbacks",
|
"legendFormat": "{{datname}} rollbacks",
|
||||||
|
@ -1512,6 +1528,7 @@
|
||||||
"axisLabel": "",
|
"axisLabel": "",
|
||||||
"axisPlacement": "auto",
|
"axisPlacement": "auto",
|
||||||
"barAlignment": 0,
|
"barAlignment": 0,
|
||||||
|
"barWidthFactor": 0.6,
|
||||||
"drawStyle": "line",
|
"drawStyle": "line",
|
||||||
"fillOpacity": 10,
|
"fillOpacity": 10,
|
||||||
"gradientMode": "none",
|
"gradientMode": "none",
|
||||||
|
@ -1585,7 +1602,7 @@
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "pg_stat_database_tup_updated{datname=~\"$datname\", hostname=~\"$hostname\"} != 0",
|
"expr": "pg_stat_database_tup_updated{datname=~\"$datname\", tenant=\"$tenant\",hostname=~\"$hostname\"} != 0",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 2,
|
"intervalFactor": 2,
|
||||||
"legendFormat": "{{datname}}",
|
"legendFormat": "{{datname}}",
|
||||||
|
@ -1613,6 +1630,7 @@
|
||||||
"axisLabel": "",
|
"axisLabel": "",
|
||||||
"axisPlacement": "auto",
|
"axisPlacement": "auto",
|
||||||
"barAlignment": 0,
|
"barAlignment": 0,
|
||||||
|
"barWidthFactor": 0.6,
|
||||||
"drawStyle": "line",
|
"drawStyle": "line",
|
||||||
"fillOpacity": 10,
|
"fillOpacity": 10,
|
||||||
"gradientMode": "none",
|
"gradientMode": "none",
|
||||||
|
@ -1686,7 +1704,7 @@
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "pg_stat_database_tup_fetched{datname=~\"$datname\", hostname=~\"$hostname\"} != 0",
|
"expr": "pg_stat_database_tup_fetched{datname=~\"$datname\", tenant=\"$tenant\",hostname=~\"$hostname\"} != 0",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 2,
|
"intervalFactor": 2,
|
||||||
"legendFormat": "{{datname}}",
|
"legendFormat": "{{datname}}",
|
||||||
|
@ -1714,6 +1732,7 @@
|
||||||
"axisLabel": "",
|
"axisLabel": "",
|
||||||
"axisPlacement": "auto",
|
"axisPlacement": "auto",
|
||||||
"barAlignment": 0,
|
"barAlignment": 0,
|
||||||
|
"barWidthFactor": 0.6,
|
||||||
"drawStyle": "line",
|
"drawStyle": "line",
|
||||||
"fillOpacity": 10,
|
"fillOpacity": 10,
|
||||||
"gradientMode": "none",
|
"gradientMode": "none",
|
||||||
|
@ -1787,7 +1806,7 @@
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "pg_stat_database_tup_inserted{datname=~\"$datname\", hostname=~\"$hostname\"} != 0",
|
"expr": "pg_stat_database_tup_inserted{datname=~\"$datname\", tenant=\"$tenant\",hostname=~\"$hostname\"} != 0",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 2,
|
"intervalFactor": 2,
|
||||||
"legendFormat": "{{datname}}",
|
"legendFormat": "{{datname}}",
|
||||||
|
@ -1815,6 +1834,7 @@
|
||||||
"axisLabel": "",
|
"axisLabel": "",
|
||||||
"axisPlacement": "auto",
|
"axisPlacement": "auto",
|
||||||
"barAlignment": 0,
|
"barAlignment": 0,
|
||||||
|
"barWidthFactor": 0.6,
|
||||||
"drawStyle": "line",
|
"drawStyle": "line",
|
||||||
"fillOpacity": 10,
|
"fillOpacity": 10,
|
||||||
"gradientMode": "none",
|
"gradientMode": "none",
|
||||||
|
@ -1890,7 +1910,7 @@
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "pg_locks_count{datname=~\"$datname\", hostname=~\"$hostname\", mode=~\"$mode\"} != 0",
|
"expr": "pg_locks_count{datname=~\"$datname\", tenant=\"$tenant\",hostname=~\"$hostname\", mode=~\"$mode\"} != 0",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 2,
|
"intervalFactor": 2,
|
||||||
"legendFormat": "{{datname}},{{mode}}",
|
"legendFormat": "{{datname}},{{mode}}",
|
||||||
|
@ -1948,8 +1968,7 @@
|
||||||
"mode": "absolute",
|
"mode": "absolute",
|
||||||
"steps": [
|
"steps": [
|
||||||
{
|
{
|
||||||
"color": "green",
|
"color": "green"
|
||||||
"value": null
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"color": "red",
|
"color": "red",
|
||||||
|
@ -1991,7 +2010,7 @@
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "pg_stat_database_tup_returned{datname=~\"$datname\", hostname=~\"$hostname\"} != 0",
|
"expr": "pg_stat_database_tup_returned{datname=~\"$datname\", tenant=\"$tenant\",hostname=~\"$hostname\"} != 0",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 2,
|
"intervalFactor": 2,
|
||||||
"legendFormat": "{{datname}}",
|
"legendFormat": "{{datname}}",
|
||||||
|
@ -2050,8 +2069,7 @@
|
||||||
"mode": "absolute",
|
"mode": "absolute",
|
||||||
"steps": [
|
"steps": [
|
||||||
{
|
{
|
||||||
"color": "green",
|
"color": "green"
|
||||||
"value": null
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"color": "red",
|
"color": "red",
|
||||||
|
@ -2092,7 +2110,7 @@
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "pg_stat_activity_count{datname=~\"$datname\", hostname=~\"$hostname\", state=~\"idle|idle in transaction|idle in transaction (aborted)\"}",
|
"expr": "pg_stat_activity_count{datname=~\"$datname\", tenant=\"$tenant\",hostname=~\"$hostname\", state=~\"idle|idle in transaction|idle in transaction (aborted)\"}",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 2,
|
"intervalFactor": 2,
|
||||||
"legendFormat": "{{datname}}, s: {{state}}",
|
"legendFormat": "{{datname}}, s: {{state}}",
|
||||||
|
@ -2150,8 +2168,7 @@
|
||||||
"mode": "absolute",
|
"mode": "absolute",
|
||||||
"steps": [
|
"steps": [
|
||||||
{
|
{
|
||||||
"color": "green",
|
"color": "green"
|
||||||
"value": null
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"color": "red",
|
"color": "red",
|
||||||
|
@ -2193,7 +2210,7 @@
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "pg_stat_database_tup_deleted{datname=~\"$datname\", hostname=~\"$hostname\"} != 0",
|
"expr": "pg_stat_database_tup_deleted{datname=~\"$datname\", tenant=\"$tenant\",hostname=~\"$hostname\"} != 0",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 2,
|
"intervalFactor": 2,
|
||||||
"legendFormat": "{{datname}}",
|
"legendFormat": "{{datname}}",
|
||||||
|
@ -2252,8 +2269,7 @@
|
||||||
"mode": "absolute",
|
"mode": "absolute",
|
||||||
"steps": [
|
"steps": [
|
||||||
{
|
{
|
||||||
"color": "green",
|
"color": "green"
|
||||||
"value": null
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"color": "red",
|
"color": "red",
|
||||||
|
@ -2294,7 +2310,7 @@
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "pg_stat_database_blks_hit{hostname=\"$hostname\", datname=~\"$datname\"} / (pg_stat_database_blks_read{hostname=\"$hostname\", datname=~\"$datname\"} + pg_stat_database_blks_hit{hostname=\"$hostname\", datname=~\"$datname\"})",
|
"expr": "pg_stat_database_blks_hit{tenant=\"$tenant\",hostname=\"$hostname\", datname=~\"$datname\"} / (pg_stat_database_blks_read{tenant=\"$tenant\",hostname=\"$hostname\", datname=~\"$datname\"} + pg_stat_database_blks_hit{tenant=\"$tenant\",hostname=\"$hostname\", datname=~\"$datname\"})",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
"legendFormat": "{{ datname }}",
|
"legendFormat": "{{ datname }}",
|
||||||
|
@ -2351,8 +2367,7 @@
|
||||||
"mode": "absolute",
|
"mode": "absolute",
|
||||||
"steps": [
|
"steps": [
|
||||||
{
|
{
|
||||||
"color": "green",
|
"color": "green"
|
||||||
"value": null
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"color": "red",
|
"color": "red",
|
||||||
|
@ -2395,7 +2410,7 @@
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "irate(pg_stat_bgwriter_buffers_backend{hostname=\"$hostname\"}[5m])",
|
"expr": "irate(pg_stat_bgwriter_buffers_backend{tenant=\"$tenant\",hostname=\"$hostname\"}[5m])",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
"legendFormat": "buffers_backend",
|
"legendFormat": "buffers_backend",
|
||||||
|
@ -2406,7 +2421,7 @@
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "irate(pg_stat_bgwriter_buffers_alloc{hostname=\"$hostname\"}[5m])",
|
"expr": "irate(pg_stat_bgwriter_buffers_alloc{tenant=\"$tenant\",hostname=\"$hostname\"}[5m])",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
"legendFormat": "buffers_alloc",
|
"legendFormat": "buffers_alloc",
|
||||||
|
@ -2417,7 +2432,7 @@
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "irate(pg_stat_bgwriter_buffers_backend_fsync{hostname=\"$hostname\"}[5m])",
|
"expr": "irate(pg_stat_bgwriter_buffers_backend_fsync{tenant=\"$tenant\",hostname=\"$hostname\"}[5m])",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
"legendFormat": "backend_fsync",
|
"legendFormat": "backend_fsync",
|
||||||
|
@ -2428,7 +2443,7 @@
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "irate(pg_stat_bgwriter_buffers_checkpoint{hostname=\"$hostname\"}[5m])",
|
"expr": "irate(pg_stat_bgwriter_buffers_checkpoint{tenant=\"$tenant\",hostname=\"$hostname\"}[5m])",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
"legendFormat": "buffers_checkpoint",
|
"legendFormat": "buffers_checkpoint",
|
||||||
|
@ -2439,7 +2454,7 @@
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "irate(pg_stat_bgwriter_buffers_clean{hostname=\"$hostname\"}[5m])",
|
"expr": "irate(pg_stat_bgwriter_buffers_clean{tenant=\"$tenant\",hostname=\"$hostname\"}[5m])",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
"legendFormat": "buffers_clean",
|
"legendFormat": "buffers_clean",
|
||||||
|
@ -2497,8 +2512,7 @@
|
||||||
"mode": "absolute",
|
"mode": "absolute",
|
||||||
"steps": [
|
"steps": [
|
||||||
{
|
{
|
||||||
"color": "green",
|
"color": "green"
|
||||||
"value": null
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"color": "red",
|
"color": "red",
|
||||||
|
@ -2540,7 +2554,7 @@
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "irate(pg_stat_database_conflicts{hostname=\"$hostname\", datname=~\"$datname\"}[5m])",
|
"expr": "irate(pg_stat_database_conflicts{tenant=\"$tenant\",hostname=\"$hostname\", datname=~\"$datname\"}[5m])",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
"legendFormat": "{{datname}} conflicts",
|
"legendFormat": "{{datname}} conflicts",
|
||||||
|
@ -2551,7 +2565,7 @@
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "irate(pg_stat_database_deadlocks{hostname=\"$hostname\", datname=~\"$datname\"}[5m])",
|
"expr": "irate(pg_stat_database_deadlocks{tenant=\"$tenant\",hostname=\"$hostname\", datname=~\"$datname\"}[5m])",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
"legendFormat": "{{datname}} deadlocks",
|
"legendFormat": "{{datname}} deadlocks",
|
||||||
|
@ -2610,8 +2624,7 @@
|
||||||
"mode": "absolute",
|
"mode": "absolute",
|
||||||
"steps": [
|
"steps": [
|
||||||
{
|
{
|
||||||
"color": "green",
|
"color": "green"
|
||||||
"value": null
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"color": "red",
|
"color": "red",
|
||||||
|
@ -2653,7 +2666,7 @@
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "irate(pg_stat_database_temp_bytes{hostname=\"$hostname\", datname=~\"$datname\"}[5m])",
|
"expr": "irate(pg_stat_database_temp_bytes{tenant=\"$tenant\",hostname=\"$hostname\", datname=~\"$datname\"}[5m])",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
"legendFormat": "{{datname}}",
|
"legendFormat": "{{datname}}",
|
||||||
|
@ -2710,8 +2723,7 @@
|
||||||
"mode": "absolute",
|
"mode": "absolute",
|
||||||
"steps": [
|
"steps": [
|
||||||
{
|
{
|
||||||
"color": "green",
|
"color": "green"
|
||||||
"value": null
|
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
"color": "red",
|
"color": "red",
|
||||||
|
@ -2754,7 +2766,7 @@
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "irate(pg_stat_bgwriter_checkpoint_write_time{hostname=\"$hostname\"}[5m])",
|
"expr": "irate(pg_stat_bgwriter_checkpoint_write_time{tenant=\"$tenant\",hostname=\"$hostname\"}[5m])",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
"legendFormat": "write_time - Total amount of time that has been spent in the portion of checkpoint processing where files are written to disk.",
|
"legendFormat": "write_time - Total amount of time that has been spent in the portion of checkpoint processing where files are written to disk.",
|
||||||
|
@ -2765,7 +2777,7 @@
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
"uid": "mimir"
|
"uid": "mimir"
|
||||||
},
|
},
|
||||||
"expr": "irate(pg_stat_bgwriter_checkpoint_sync_time{hostname=\"$hostname\"}[5m])",
|
"expr": "irate(pg_stat_bgwriter_checkpoint_sync_time{tenant=\"$tenant\",hostname=\"$hostname\"}[5m])",
|
||||||
"format": "time_series",
|
"format": "time_series",
|
||||||
"intervalFactor": 1,
|
"intervalFactor": 1,
|
||||||
"legendFormat": "sync_time - Total amount of time that has been spent in the portion of checkpoint processing where files are synchronized to disk.",
|
"legendFormat": "sync_time - Total amount of time that has been spent in the portion of checkpoint processing where files are synchronized to disk.",
|
||||||
|
@ -2866,8 +2878,32 @@
|
||||||
{
|
{
|
||||||
"current": {
|
"current": {
|
||||||
"selected": false,
|
"selected": false,
|
||||||
"text": "bagel-box",
|
"text": "fake",
|
||||||
"value": "bagel-box"
|
"value": "fake"
|
||||||
|
},
|
||||||
|
"definition": "label_values(tenant)",
|
||||||
|
"hide": 0,
|
||||||
|
"includeAll": true,
|
||||||
|
"label": "Tenant",
|
||||||
|
"multi": true,
|
||||||
|
"name": "tenant",
|
||||||
|
"options": [],
|
||||||
|
"query": {
|
||||||
|
"qryType": 1,
|
||||||
|
"query": "label_values(tenant)",
|
||||||
|
"refId": "PrometheusVariableQueryEditor-VariableQuery"
|
||||||
|
},
|
||||||
|
"refresh": 1,
|
||||||
|
"regex": "",
|
||||||
|
"skipUrlSync": false,
|
||||||
|
"sort": 0,
|
||||||
|
"type": "query"
|
||||||
|
},
|
||||||
|
{
|
||||||
|
"current": {
|
||||||
|
"selected": true,
|
||||||
|
"text": "buildbot",
|
||||||
|
"value": "buildbot"
|
||||||
},
|
},
|
||||||
"datasource": {
|
"datasource": {
|
||||||
"type": "prometheus",
|
"type": "prometheus",
|
||||||
|
@ -2962,7 +2998,6 @@
|
||||||
"from": "now-6h",
|
"from": "now-6h",
|
||||||
"to": "now"
|
"to": "now"
|
||||||
},
|
},
|
||||||
"timeRangeUpdatedDuringEditOrView": false,
|
|
||||||
"timepicker": {
|
"timepicker": {
|
||||||
"refresh_intervals": [
|
"refresh_intervals": [
|
||||||
"5s",
|
"5s",
|
||||||
|
|
|
@ -17,7 +17,7 @@ in
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
age.secrets.grafana-oauth-secret = {
|
age.secrets.grafana-oauth-secret = {
|
||||||
file = ../../../secrets/grafana-oauth-secret.age;
|
file = ../../../secrets/floral/grafana-oauth-secret.age;
|
||||||
owner = "grafana";
|
owner = "grafana";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -13,10 +13,10 @@ in
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
age.secrets = {
|
age.secrets = {
|
||||||
metrics-push-htpasswd = {
|
metrics-push-htpasswd = {
|
||||||
file = ../../../secrets/metrics-push-htpasswd.age;
|
file = ../../../secrets/floral/metrics-push-htpasswd.age;
|
||||||
owner = "nginx";
|
owner = "nginx";
|
||||||
};
|
};
|
||||||
loki-environment.file = ../../../secrets/loki-environment.age;
|
loki-environment.file = ../../../secrets/floral/loki-environment.age;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.loki = {
|
services.loki = {
|
||||||
|
|
|
@ -9,6 +9,15 @@ let
|
||||||
inherit (lib) mkEnableOption mkIf;
|
inherit (lib) mkEnableOption mkIf;
|
||||||
|
|
||||||
mimirPort = config.services.mimir.configuration.server.http_listen_port;
|
mimirPort = config.services.mimir.configuration.server.http_listen_port;
|
||||||
|
|
||||||
|
alerts = pkgs.runCommand "mimir-alerts-checked" {
|
||||||
|
src = ./alerts;
|
||||||
|
nativeBuildInputs = with pkgs; [ prometheus.cli ];
|
||||||
|
} ''
|
||||||
|
promtool check rules $src/*
|
||||||
|
mkdir $out
|
||||||
|
cp -R $src $out/anonymous/
|
||||||
|
'';
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
options.bagel.services.prometheus.enable = mkEnableOption "Prometheus scraper";
|
options.bagel.services.prometheus.enable = mkEnableOption "Prometheus scraper";
|
||||||
|
@ -16,11 +25,11 @@ in
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
age.secrets = {
|
age.secrets = {
|
||||||
metrics-push-htpasswd = {
|
metrics-push-htpasswd = {
|
||||||
file = ../../../secrets/metrics-push-htpasswd.age;
|
file = ../../../secrets/floral/metrics-push-htpasswd.age;
|
||||||
owner = "nginx";
|
owner = "nginx";
|
||||||
};
|
};
|
||||||
mimir-environment.file = ../../../secrets/mimir-environment.age;
|
mimir-environment.file = ../../../secrets/floral/mimir-environment.age;
|
||||||
mimir-webhook-url.file = ../../../secrets/mimir-webhook-url.age;
|
mimir-webhook-url.file = ../../../secrets/floral/mimir-webhook-url.age;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.mimir = {
|
services.mimir = {
|
||||||
|
@ -60,10 +69,7 @@ in
|
||||||
blocks_storage.backend = "s3";
|
blocks_storage.backend = "s3";
|
||||||
ruler_storage = {
|
ruler_storage = {
|
||||||
backend = "local";
|
backend = "local";
|
||||||
local.directory = pkgs.runCommand "mimir-rules" {} ''
|
local.directory = alerts;
|
||||||
mkdir -p $out
|
|
||||||
ln -s ${./alerts} $out/anonymous
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
|
|
||||||
alertmanager = {
|
alertmanager = {
|
||||||
|
|
|
@ -13,10 +13,10 @@ in
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
age.secrets = {
|
age.secrets = {
|
||||||
metrics-push-htpasswd = {
|
metrics-push-htpasswd = {
|
||||||
file = ../../../secrets/metrics-push-htpasswd.age;
|
file = ../../../secrets/floral/metrics-push-htpasswd.age;
|
||||||
owner = "nginx";
|
owner = "nginx";
|
||||||
};
|
};
|
||||||
tempo-environment.file = ../../../secrets/tempo-environment.age;
|
tempo-environment.file = ../../../secrets/floral/tempo-environment.age;
|
||||||
};
|
};
|
||||||
|
|
||||||
services.tempo = {
|
services.tempo = {
|
||||||
|
|
|
@ -20,7 +20,10 @@ in
|
||||||
};
|
};
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
age.secrets.netbox-environment.file = ../../secrets/netbox-environment.age;
|
# FIXME: why
|
||||||
|
nixpkgs.config.permittedInsecurePackages = [ pkgs.netbox_3_7.name ];
|
||||||
|
|
||||||
|
age.secrets.netbox-environment.file = ../../secrets/floral/netbox-environment.age;
|
||||||
services = {
|
services = {
|
||||||
netbox = {
|
netbox = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -26,10 +26,12 @@ in {
|
||||||
webroot = "/var/lib/acme/.challenges";
|
webroot = "/var/lib/acme/.challenges";
|
||||||
group = "rabbitmq";
|
group = "rabbitmq";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
services.nginx.enable = true;
|
||||||
services.nginx.virtualHosts.${amqpHost}.locations."/.well-known/acme-challenge".root =
|
services.nginx.virtualHosts.${amqpHost}.locations."/.well-known/acme-challenge".root =
|
||||||
"/var/lib/acme/.challenges";
|
"/var/lib/acme/.challenges";
|
||||||
systemd.services.rabbitmq.requires = ["acme-finished-${amqpHost}.target"];
|
systemd.services.rabbitmq.requires = ["acme-finished-${amqpHost}.target"];
|
||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ amqpPort ];
|
networking.firewall.allowedTCPPorts = [ 80 443 amqpPort ];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -70,7 +70,7 @@ in
|
||||||
];
|
];
|
||||||
|
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
age.secrets.s3-revproxy-api-keys.file = ../../secrets/s3-revproxy-api-keys.age;
|
age.secrets.s3-revproxy-api-keys.file = ../../secrets/floral/s3-revproxy-api-keys.age;
|
||||||
# For each target, generate an entry that passes it to the s3-revproxy.
|
# For each target, generate an entry that passes it to the s3-revproxy.
|
||||||
services.nginx.virtualHosts = mapAttrs' (subdomain: _: nameValuePair "${subdomain}.${cfg.domain}" (mkProxiedSubdomain subdomain)) cfg.targets;
|
services.nginx.virtualHosts = mapAttrs' (subdomain: _: nameValuePair "${subdomain}.${cfg.domain}" (mkProxiedSubdomain subdomain)) cfg.targets;
|
||||||
# this solves garage supporting neither anonymous access nor automatic
|
# this solves garage supporting neither anonymous access nor automatic
|
||||||
|
|
|
@ -59,7 +59,7 @@ in
|
||||||
443
|
443
|
||||||
];
|
];
|
||||||
|
|
||||||
age.secrets.stateless-uptime-kuma-password.file = ../../secrets/stateless-uptime-kuma-password.age;
|
age.secrets.stateless-uptime-kuma-password.file = ../../secrets/floral/stateless-uptime-kuma-password.age;
|
||||||
statelessUptimeKuma = {
|
statelessUptimeKuma = {
|
||||||
probesConfig = {
|
probesConfig = {
|
||||||
monitors = lib.genAttrs subdomains (name: {
|
monitors = lib.genAttrs subdomains (name: {
|
||||||
|
@ -83,6 +83,9 @@ in
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
settings = {
|
||||||
|
entryPage = "statusPage-forkos";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
extraFlags = [ "-s" ];
|
extraFlags = [ "-s" ];
|
||||||
host = "http://localhost:${builtins.toString port}/";
|
host = "http://localhost:${builtins.toString port}/";
|
||||||
|
|
Loading…
Reference in a new issue