Compare commits
10 commits
217dfcd389
...
c4343b9855
Author | SHA1 | Date | |
---|---|---|---|
c4343b9855 | |||
bdd51d8d89 | |||
52d153f27e | |||
b381239227 | |||
a285a2bc19 | |||
7506048118 | |||
7d4f3d8d51 | |||
e04fb83881 | |||
5f866a8b98 | |||
1ef59b6364 |
14 changed files with 272 additions and 119 deletions
54
flake.lock
54
flake.lock
|
@ -148,11 +148,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable_2"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1708938386,
|
||||
"narHash": "sha256-WTSScoG1LhH+PBo3l4+Fcl1oGNuISmRzkYDrASPWefk=",
|
||||
"lastModified": 1709140068,
|
||||
"narHash": "sha256-lvRBx3t6wF4crVlHko6Rm7rV2bSES4rgPC8a2zoaic8=",
|
||||
"owner": "nix-community",
|
||||
"repo": "emacs-overlay",
|
||||
"rev": "dc68b375c2733198f642804a3cfacab5ede99761",
|
||||
"rev": "8c56baa0e5ba4bbf9947605a31672e2f4735b1a9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -324,11 +324,11 @@
|
|||
"systems": "systems"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1705309234,
|
||||
"narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=",
|
||||
"lastModified": 1709126324,
|
||||
"narHash": "sha256-q6EQdSeUZOG26WelxqkmR7kArjgWCdw5sfJVHPH/7j8=",
|
||||
"owner": "numtide",
|
||||
"repo": "flake-utils",
|
||||
"rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26",
|
||||
"rev": "d465f4819400de7c8d874d50b982301f28a84605",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -414,11 +414,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1708806879,
|
||||
"narHash": "sha256-MSbxtF3RThI8ANs/G4o1zIqF5/XlShHvwjl9Ws0QAbI=",
|
||||
"lastModified": 1708988456,
|
||||
"narHash": "sha256-RCz7Xe64tN2zgWk+MVHkzg224znwqknJ1RnB7rVqUWw=",
|
||||
"owner": "nix-community",
|
||||
"repo": "home-manager",
|
||||
"rev": "4ee704cb13a5a7645436f400b9acc89a67b9c08a",
|
||||
"rev": "1d085ea4444d26aa52297758b333b449b2aa6fca",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -438,11 +438,11 @@
|
|||
"spectrum": "spectrum"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1708906061,
|
||||
"narHash": "sha256-8WlGYMCtggvybPdzQschOoC9r3dl0d3lnGmlTZB6pAw=",
|
||||
"lastModified": 1709054352,
|
||||
"narHash": "sha256-JGxCz3Zv7sErrf1ROn1OjWy8BtP5w/YDp5PnQrJxZnQ=",
|
||||
"owner": "astro",
|
||||
"repo": "microvm.nix",
|
||||
"rev": "4583e2394e1e5723746fb55dbb912385c6c6bda1",
|
||||
"rev": "df3254b6a9ff2ddbbd4be27d75d8cc9f1b637d4b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -521,11 +521,11 @@
|
|||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1708594753,
|
||||
"narHash": "sha256-c/gH7iXS/IYH9NrFOT+aJqTq+iEBkvAkpWuUHGU3+f0=",
|
||||
"lastModified": 1709147990,
|
||||
"narHash": "sha256-vpXMWoaCtMYJ7lisJedCRhQG9BSsInEyZnnG5GfY9tQ=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixos-hardware",
|
||||
"rev": "3f7d0bca003eac1a1a7f4659bbab9c8f8c2a0958",
|
||||
"rev": "33a97b5814d36ddd65ad678ad07ce43b1a67f159",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -586,11 +586,11 @@
|
|||
},
|
||||
"nixpkgs-stable_2": {
|
||||
"locked": {
|
||||
"lastModified": 1708831307,
|
||||
"narHash": "sha256-0iL/DuGjiUeck1zEaL+aIe2WvA3/cVhp/SlmTcOZXH4=",
|
||||
"lastModified": 1708979614,
|
||||
"narHash": "sha256-FWLWmYojIg6TeqxSnHkKpHu5SGnFP5um1uUjH+wRV6g=",
|
||||
"owner": "NixOS",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "5bf1cadb72ab4e77cb0b700dab76bcdaf88f706b",
|
||||
"rev": "b7ee09cf5614b02d289cd86fcfa6f24d4e078c2a",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -634,11 +634,11 @@
|
|||
},
|
||||
"nixpkgs_2": {
|
||||
"locked": {
|
||||
"lastModified": 1708807242,
|
||||
"narHash": "sha256-sRTRkhMD4delO/hPxxi+XwLqPn8BuUq6nnj4JqLwOu0=",
|
||||
"lastModified": 1708984720,
|
||||
"narHash": "sha256-gJctErLbXx4QZBBbGp78PxtOOzsDaQ+yw1ylNQBuSUY=",
|
||||
"owner": "nixos",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "73de017ef2d18a04ac4bfd0c02650007ccb31c2a",
|
||||
"rev": "13aff9b34cc32e59d35c62ac9356e4a41198a538",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -762,11 +762,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1708913568,
|
||||
"narHash": "sha256-76PGANC2ADf0h7fe0w2nWpfdGN+bemFs2rvW2EdU/ZY=",
|
||||
"lastModified": 1709086241,
|
||||
"narHash": "sha256-3QHK5zu/5XOa+ghBeKzvt+/BLdEPjw/xDNLcpDfbkmg=",
|
||||
"owner": "oxalica",
|
||||
"repo": "rust-overlay",
|
||||
"rev": "cbdf3e5bb205ff2ca165fe661fbd6d885cbd0106",
|
||||
"rev": "5d56056fb905ff550ee61b6ebb6674d494f57a9e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -783,11 +783,11 @@
|
|||
"nixpkgs-stable": "nixpkgs-stable_4"
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1708830076,
|
||||
"narHash": "sha256-Cjh2xdjxC6S6nW6Whr2dxSeh8vjodzhTmQdI4zPJ4RA=",
|
||||
"lastModified": 1708987867,
|
||||
"narHash": "sha256-k2lDaDWNTU5sBVHanYzjDKVDmk29RHIgdbbXu5sdzBA=",
|
||||
"owner": "Mic92",
|
||||
"repo": "sops-nix",
|
||||
"rev": "2874fbbe4a65bd2484b0ad757d27a16107f6bc17",
|
||||
"rev": "a1c8de14f60924fafe13aea66b46157f0150f4cf",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -9,6 +9,7 @@ let
|
|||
cfg = config.eboskma.programs.firefox;
|
||||
|
||||
profileSettings = {
|
||||
"browser.chrome.guess_favicon" = false;
|
||||
"browser.shell.checkDefaultBrowser" = false;
|
||||
"browser.translations.enable" = false;
|
||||
"devtools.theme" = "dark";
|
||||
|
|
|
@ -36,7 +36,11 @@ rec {
|
|||
|
||||
config = {
|
||||
allowUnfree = true;
|
||||
firefox.speechSynthesisSupport = true;
|
||||
firefox = {
|
||||
speechSynthesisSupport = true;
|
||||
ffmpegSupport = true;
|
||||
pipewireSupport = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
home-manager = {
|
||||
|
|
|
@ -4,7 +4,7 @@ inputs: {
|
|||
# deploy = {
|
||||
# # host = "10.0.0.202";
|
||||
# host = "ci.barn-beaver.ts.net";
|
||||
# sshUser = "erwin";
|
||||
# targetUser = "erwin";
|
||||
# buildOn = "local";
|
||||
# substituteOnTarget = true;
|
||||
# tags = [ "container" ];
|
||||
|
@ -15,7 +15,7 @@ inputs: {
|
|||
deploy = {
|
||||
# host = "10.0.0.205";
|
||||
host = "frigate.barn-beaver.ts.net";
|
||||
sshUser = "erwin";
|
||||
targetUser = "erwin";
|
||||
buildOn = "local";
|
||||
substituteOnTarget = true;
|
||||
tags = [ "container" ];
|
||||
|
@ -26,7 +26,7 @@ inputs: {
|
|||
deploy = {
|
||||
# host = "10.0.0.203";
|
||||
host = "gitea.barn-beaver.ts.net";
|
||||
sshUser = "erwin";
|
||||
targetUser = "erwin";
|
||||
buildOn = "local";
|
||||
substituteOnTarget = true;
|
||||
tags = [ "container" ];
|
||||
|
@ -37,7 +37,7 @@ inputs: {
|
|||
deploy = {
|
||||
# host = "10.0.0.210";
|
||||
host = "gitea-runner.barn-beaver.ts.net";
|
||||
sshUser = "erwin";
|
||||
targetUser = "erwin";
|
||||
buildOn = "local";
|
||||
substituteOnTarget = true;
|
||||
tags = [ "container" ];
|
||||
|
@ -48,7 +48,7 @@ inputs: {
|
|||
deploy = {
|
||||
# host = "heimdall.datarift.nl";
|
||||
host = "heimdall.barn-beaver.ts.net";
|
||||
sshUser = "erwin";
|
||||
targetUser = "erwin";
|
||||
buildOn = "local";
|
||||
substituteOnTarget = true;
|
||||
tags = [ "metal" ];
|
||||
|
@ -59,7 +59,7 @@ inputs: {
|
|||
deploy = {
|
||||
# host = "10.0.0.167";
|
||||
host = "10.0.0.208";
|
||||
sshUser = "erwin";
|
||||
targetUser = "erwin";
|
||||
buildOn = "local";
|
||||
substituteOnTarget = true;
|
||||
tags = [ "container" ];
|
||||
|
@ -76,7 +76,7 @@ inputs: {
|
|||
deploy = {
|
||||
# host = "10.0.0.204";
|
||||
host = "minio.barn-beaver.ts.net";
|
||||
sshUser = "erwin";
|
||||
targetUser = "erwin";
|
||||
buildOn = "local";
|
||||
substituteOnTarget = true;
|
||||
tags = [ "container" ];
|
||||
|
@ -106,7 +106,7 @@ inputs: {
|
|||
deploy = {
|
||||
# host = "10.0.0.251";
|
||||
host = "proxy.barn-beaver.ts.net";
|
||||
sshUser = "erwin";
|
||||
targetUser = "erwin";
|
||||
buildOn = "local";
|
||||
substituteOnTarget = true;
|
||||
tags = [ "container" ];
|
||||
|
@ -116,12 +116,21 @@ inputs: {
|
|||
system = "aarch64-linux";
|
||||
config = import ./regin/configuration.nix inputs;
|
||||
};
|
||||
saga = {
|
||||
config = import ./saga/configuration.nix inputs;
|
||||
deploy = {
|
||||
# host = "10.0.0.212";
|
||||
host = "saga.barn-beaver.ts.net";
|
||||
targetUser = "erwin";
|
||||
tags = [ "container" ];
|
||||
};
|
||||
};
|
||||
# thor = {
|
||||
# system = "aarch64-linux";
|
||||
# config = import ./thor/configuration.nix inputs;
|
||||
# # deploy = {
|
||||
# # host = "10.0.0.198";
|
||||
# # sshUser = "erwin";
|
||||
# # targetUser = "erwin";
|
||||
# # buildOn = "local";
|
||||
# # substituteOnTarget = true;
|
||||
# # };
|
||||
|
@ -131,7 +140,7 @@ inputs: {
|
|||
deploy = {
|
||||
# host = "10.0.0.207";
|
||||
host = "unifi.barn-beaver.ts.net";
|
||||
sshUser = "erwin";
|
||||
targetUser = "erwin";
|
||||
buildOn = "local";
|
||||
substituteOnTarget = true;
|
||||
tags = [ "container" ];
|
||||
|
@ -142,7 +151,7 @@ inputs: {
|
|||
deploy = {
|
||||
# host = "10.0.0.206";
|
||||
host = "valkyrie.barn-beaver.ts.net";
|
||||
sshUser = "erwin";
|
||||
targetUser = "erwin";
|
||||
buildOn = "local";
|
||||
substituteOnTarget = true;
|
||||
tags = [ "container" ];
|
||||
|
|
|
@ -1,9 +1,4 @@
|
|||
{
|
||||
nixos-hardware,
|
||||
nix-ld-rs,
|
||||
attic,
|
||||
...
|
||||
}:
|
||||
{ nixos-hardware, nix-ld-rs, ... }:
|
||||
{ pkgs, config, ... }:
|
||||
{
|
||||
imports = [
|
||||
|
@ -478,18 +473,19 @@
|
|||
];
|
||||
};
|
||||
|
||||
nix.settings.post-build-hook =
|
||||
let
|
||||
inherit (attic.packages.${pkgs.system}) attic-client;
|
||||
in
|
||||
pkgs.writeScript "upload-to-cache" ''
|
||||
set -eu
|
||||
set -f
|
||||
export IFS=' '
|
||||
# nix.settings.post-build-hook =
|
||||
# let
|
||||
# inherit (attic.packages.${pkgs.system}) attic-client;
|
||||
# in
|
||||
# pkgs.writeScript "upload-to-cache" ''
|
||||
# set -eu
|
||||
# set -f
|
||||
# export IFS=' '
|
||||
|
||||
echo "Uploading paths to cache " ''${OUT_PATHS}
|
||||
exec ${attic-client}/bin/attic push main ''${OUT_PATHS}
|
||||
'';
|
||||
# OUT_PATHS=$(echo -n ''${OUT_PATHS} | ${pkgs.gawk}/bin/awk 'BEGIN { RS = " "; ORS = " "; } $0 !~ /horus_vcpkg/ { print $0 }')
|
||||
# echo "Uploading paths to cache " ''${OUT_PATHS}
|
||||
# exec ${attic-client}/bin/attic push main ''${OUT_PATHS}
|
||||
# '';
|
||||
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
sops.secrets = {
|
||||
|
|
|
@ -95,7 +95,7 @@
|
|||
listen = "127.0.0.1:8080";
|
||||
|
||||
garbage-collection = {
|
||||
default-retention-period = "3 months";
|
||||
default-retention-period = "6 weeks";
|
||||
};
|
||||
|
||||
storage = {
|
||||
|
@ -116,16 +116,16 @@
|
|||
#
|
||||
# If 0, chunking is disabled entirely for newly-uploaded NARs.
|
||||
# If 1, all NARs are chunked.
|
||||
nar-size-threshold = 64 * 1024; # 64 KiB
|
||||
nar-size-threshold = 256 * 1024; # 256 KiB
|
||||
|
||||
# The preferred minimum size of a chunk, in bytes
|
||||
min-size = 16 * 1024; # 16 KiB
|
||||
min-size = 128 * 1024; # 128 KiB
|
||||
|
||||
# The preferred average size of a chunk, in bytes
|
||||
avg-size = 64 * 1024; # 64 KiB
|
||||
avg-size = 256 * 1024; # 256 KiB
|
||||
|
||||
# The preferred maximum size of a chunk, in bytes
|
||||
max-size = 256 * 1024; # 256 KiB
|
||||
max-size = 1024 * 1024; # 1024 KiB
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
80
machines/saga/configuration.nix
Normal file
80
machines/saga/configuration.nix
Normal file
|
@ -0,0 +1,80 @@
|
|||
{ self, ... }:
|
||||
{ modulesPath, lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
(modulesPath + "/virtualisation/lxc-container.nix")
|
||||
../../users/root
|
||||
../../users/erwin
|
||||
|
||||
./grafana
|
||||
./prometheus
|
||||
];
|
||||
|
||||
eboskma = {
|
||||
users.erwin = {
|
||||
enable = true;
|
||||
server = true;
|
||||
};
|
||||
nix-common = {
|
||||
enable = true;
|
||||
remote-builders = true;
|
||||
};
|
||||
tailscale.enable = true;
|
||||
};
|
||||
|
||||
boot = {
|
||||
isContainer = true;
|
||||
};
|
||||
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
|
||||
system.configurationRevision = lib.mkIf (self ? rev) self.rev;
|
||||
|
||||
networking = {
|
||||
hostName = "saga";
|
||||
useDHCP = false;
|
||||
useHostResolvConf = false;
|
||||
networkmanager.enable = false;
|
||||
useNetworkd = true;
|
||||
nftables.enable = true;
|
||||
|
||||
firewall.trustedInterfaces = [ "tailscale0" ];
|
||||
};
|
||||
|
||||
systemd.network = {
|
||||
enable = true;
|
||||
|
||||
wait-online.anyInterface = true;
|
||||
|
||||
networks = {
|
||||
"40-eth0" = {
|
||||
matchConfig = {
|
||||
Name = "eth0";
|
||||
};
|
||||
|
||||
networkConfig = {
|
||||
Address = "10.0.0.212/24";
|
||||
Gateway = "10.0.0.1";
|
||||
DNS = "10.0.0.206";
|
||||
DHCP = "no";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
security = {
|
||||
sudo-rs = {
|
||||
enable = true;
|
||||
execWheelOnly = true;
|
||||
wheelNeedsPassword = false;
|
||||
};
|
||||
sudo.enable = false;
|
||||
};
|
||||
|
||||
# sops.defaultSopsFile = ./secrets.yaml;
|
||||
# sops.secrets = {
|
||||
|
||||
# };
|
||||
|
||||
system.stateVersion = "24.05";
|
||||
}
|
13
machines/saga/grafana/default.nix
Normal file
13
machines/saga/grafana/default.nix
Normal file
|
@ -0,0 +1,13 @@
|
|||
{
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
settings = {
|
||||
server = {
|
||||
domain = "saga.datarift.nl";
|
||||
enforce_domain = true;
|
||||
http_addr = "0.0.0.0";
|
||||
root_url = "https://saga.datarift.nl";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
37
machines/saga/prometheus/default.nix
Normal file
37
machines/saga/prometheus/default.nix
Normal file
|
@ -0,0 +1,37 @@
|
|||
{ config, ... }:
|
||||
{
|
||||
services.prometheus = {
|
||||
enable = true;
|
||||
|
||||
scrapeConfigs = [
|
||||
{
|
||||
job_name = "saga";
|
||||
static_configs = [
|
||||
{
|
||||
targets = [
|
||||
"saga:${toString config.services.prometheus.exporters.node.port}" # node
|
||||
];
|
||||
}
|
||||
];
|
||||
}
|
||||
{
|
||||
job_name = "valkyrie";
|
||||
static_configs = [
|
||||
{
|
||||
targets = [
|
||||
"valkyrie:${toString config.services.prometheus.exporters.node.port}" # node
|
||||
"valkyrie:${toString config.services.prometheus.exporters.unbound.port}" # unbound
|
||||
];
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
|
||||
exporters = {
|
||||
node = {
|
||||
enable = true;
|
||||
enabledCollectors = [ "systemd" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
|
@ -1,68 +1,82 @@
|
|||
{
|
||||
services.unbound = {
|
||||
enable = true;
|
||||
localControlSocketPath = "/run/unbound/unbound.ctl";
|
||||
settings = {
|
||||
server = {
|
||||
# Setting logfile to an empty string outputs to stderr
|
||||
log-queries = false;
|
||||
verbosity = 1;
|
||||
services = {
|
||||
unbound = {
|
||||
enable = true;
|
||||
localControlSocketPath = "/run/unbound/unbound.ctl";
|
||||
settings = {
|
||||
server = {
|
||||
# Setting logfile to an empty string outputs to stderr
|
||||
log-queries = false;
|
||||
verbosity = 1;
|
||||
|
||||
port = 5335;
|
||||
do-ip4 = true;
|
||||
do-ip6 = true;
|
||||
do-udp = true;
|
||||
do-tcp = true;
|
||||
prefer-ip6 = true;
|
||||
port = 5335;
|
||||
do-ip4 = true;
|
||||
do-ip6 = true;
|
||||
do-udp = true;
|
||||
do-tcp = true;
|
||||
prefer-ip6 = true;
|
||||
|
||||
hide-identity = true;
|
||||
hide-version = true;
|
||||
hide-identity = true;
|
||||
hide-version = true;
|
||||
|
||||
# Trust glue only if it is within the server's authority
|
||||
harden-glue = true;
|
||||
# Trust glue only if it is within the server's authority
|
||||
harden-glue = true;
|
||||
|
||||
# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
|
||||
harden-dnssec-stripped = true;
|
||||
# Require DNSSEC data for trust-anchored zones, if such data is absent, the zone becomes BOGUS
|
||||
harden-dnssec-stripped = true;
|
||||
|
||||
harden-referral-path = true;
|
||||
harden-referral-path = true;
|
||||
|
||||
# Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
|
||||
# see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
|
||||
use-caps-for-id = false;
|
||||
# Don't use Capitalization randomization as it known to cause DNSSEC issues sometimes
|
||||
# see https://discourse.pi-hole.net/t/unbound-stubby-or-dnscrypt-proxy/9378 for further details
|
||||
use-caps-for-id = false;
|
||||
|
||||
# Reduce EDNS reassembly buffer size.
|
||||
# Suggested by the unbound man page to reduce fragmentation reassembly problems
|
||||
edns-buffer-size = 1472;
|
||||
# Reduce EDNS reassembly buffer size.
|
||||
# Suggested by the unbound man page to reduce fragmentation reassembly problems
|
||||
edns-buffer-size = 1472;
|
||||
|
||||
# Perform prefetching of close to expired message cache entries
|
||||
# This only applies to domains that have been frequently queried
|
||||
prefetch = true;
|
||||
prefetch-key = true;
|
||||
# Perform prefetching of close to expired message cache entries
|
||||
# This only applies to domains that have been frequently queried
|
||||
prefetch = true;
|
||||
prefetch-key = true;
|
||||
|
||||
# This attempts to reduce latency by serving the outdated record before
|
||||
# updating it instead of the other way around. Alternative is to increase
|
||||
# cache-min-ttl to e.g. 3600.
|
||||
cache-min-ttl = 0;
|
||||
serve-expired = true;
|
||||
# This attempts to reduce latency by serving the outdated record before
|
||||
# updating it instead of the other way around. Alternative is to increase
|
||||
# cache-min-ttl to e.g. 3600.
|
||||
cache-min-ttl = 0;
|
||||
serve-expired = true;
|
||||
|
||||
rrset-cache-size = "256m";
|
||||
msg-cache-size = "128m";
|
||||
msg-cache-slabs = 4;
|
||||
# One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
|
||||
num-threads = 2;
|
||||
rrset-cache-size = "256m";
|
||||
msg-cache-size = "128m";
|
||||
msg-cache-slabs = 4;
|
||||
# One thread should be sufficient, can be increased on beefy machines. In reality for most users running on small networks or on a single machine, it should be unnecessary to seek performance enhancement by increasing num-threads above 1.
|
||||
num-threads = 2;
|
||||
|
||||
# Ensure kernel buffer is large enough to not lose messages in traffic spikes
|
||||
so-rcvbuf = "1m";
|
||||
# Ensure kernel buffer is large enough to not lose messages in traffic spikes
|
||||
so-rcvbuf = "8m";
|
||||
|
||||
# Ensure privacy of local IP ranges
|
||||
private-address = [
|
||||
"192.168.0.0/16"
|
||||
"169.254.0.0/16"
|
||||
"172.16.0.0/12"
|
||||
"10.0.0.0/8"
|
||||
"fd00::/8"
|
||||
"fe80::/10"
|
||||
];
|
||||
# Ensure privacy of local IP ranges
|
||||
private-address = [
|
||||
"192.168.0.0/16"
|
||||
"169.254.0.0/16"
|
||||
"172.16.0.0/12"
|
||||
"10.0.0.0/8"
|
||||
"fd00::/8"
|
||||
"fe80::/10"
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
prometheus.exporters = {
|
||||
node = {
|
||||
enable = true;
|
||||
enabledCollectors = [ "systemd" ];
|
||||
};
|
||||
|
||||
unbound = {
|
||||
enable = true;
|
||||
unbound.host = "unix:///run/unbound/unbound.ctl";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
@ -14,6 +14,7 @@ let
|
|||
|
||||
tls {
|
||||
dns cloudflare {env.CF_API_TOKEN}
|
||||
propagation_timeout -1
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
@ -32,6 +33,7 @@ let
|
|||
|
||||
tls {
|
||||
dns cloudflare {env.CF_API_TOKEN}
|
||||
propagation_timeout -1
|
||||
}
|
||||
'';
|
||||
};
|
||||
|
@ -49,7 +51,7 @@ in
|
|||
|
||||
email = "erwin@datarift.nl";
|
||||
|
||||
# acmeCA = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
||||
acmeCA = "https://acme-v02.api.letsencrypt.org/directory";
|
||||
|
||||
virtualHosts = {
|
||||
"home.datarift.nl" = mkProxyHost "homeassistant.barn-beaver.ts.net:8123";
|
||||
|
@ -58,6 +60,7 @@ in
|
|||
"git.datarift.nl" = mkProxyHost "gitea.barn-beaver.ts.net:3000";
|
||||
"minio.datarift.nl" = mkProxyHost "minio.barn-beaver.ts.net:9000";
|
||||
"minio-admin.datarift.nl" = mkLocalProxyHost "minio.barn-beaver.ts.net:9001";
|
||||
"saga.datarift.nl" = mkLocalProxyHost "saga.barn-beaver.ts.net:3000";
|
||||
"unifi.datarift.nl" = mkLocalProxyHost "unifi.barn-beaver.ts.net:8443";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -30,7 +30,6 @@ in
|
|||
|
||||
virtualisation.podman = {
|
||||
enable = true;
|
||||
enableNvidia = cfg.enableNvidia;
|
||||
dockerCompat = true;
|
||||
|
||||
autoPrune = {
|
||||
|
@ -43,6 +42,7 @@ in
|
|||
|
||||
virtualisation.containers = {
|
||||
enable = true;
|
||||
cdi.dynamic.nvidia.enable = cfg.enableNvidia;
|
||||
registries = {
|
||||
insecure = cfg.insecureRegistries;
|
||||
};
|
||||
|
|
|
@ -72,8 +72,6 @@ in
|
|||
};
|
||||
eww = {
|
||||
enable = true;
|
||||
# This will fail once https://github.com/NixOS/nixpkgs/pull/289595 is merged
|
||||
package = pkgs.eww.override { withWayland = true; };
|
||||
};
|
||||
firefox = {
|
||||
enable = true;
|
||||
|
|
|
@ -87,8 +87,6 @@ in
|
|||
};
|
||||
eww = {
|
||||
enable = true;
|
||||
# This will fail once https://github.com/NixOS/nixpkgs/pull/289595 is merged
|
||||
package = pkgs.eww.override { withWayland = true; };
|
||||
};
|
||||
firefox = {
|
||||
enable = true;
|
||||
|
|
Loading…
Reference in a new issue