home/firefox/default.nix

@@ -20,31 +20,7 @@
         "browser.search.separatePrivateDefault" = false;
         "browser.search.separatePrivateDefault.ui.enabled" = true;
         "browser.startup.homepage" = "http://dashboard.internal.flake.sh/";
-        "network.trr.mode" = 3;
+        "network.trr.mode" = 2;
-        "network.trr.uri" = "https://dns.quad9.net/dns-query";
-        "dom.security.https_first" = true;
-        "dom.security.https_only_mode" = true;
-        "dom.security.https_only_mode_ever_enabled" = true;
-        "network.trr.excluded-domains" = ''
-          ,
-          pve.internal.flake.sh,
-          pbs.internal.flake.sh,
-          truenas.internal.flake.sh,
-          udm.internal.flake.sh,
-          dashboard.internal.flake.sh,
-          stash.internal.flake.sh,
-          synology.internal.flake.sh,
-          wallos.internal.flake.sh,
-          jellyfin.internal.flake.sh,
-          jellyseerr.internal.flake.sh,
-          sonarr.internal.flake.sh,
-          radarr.internal.flake.sh,
-          readarr.internal.flake.sh,
-          lidarr.internal.flake.sh,
-          bazarr.internal.flake.sh,
-          whisparr.internal.flake.sh,
-          prowlarr.internal.flake.sh
-        '';
       };
       extraConfig = builtins.readFile ./user.js/betterfox.js;
       search = {

hosts/ame/home.nix

@@ -43,71 +43,7 @@
       hyprpicker
       (libsForQt5.callPackage ../../pkgs/chatterino7 {})
     ];
+
     stateVersion = "23.05";
   };
-  programs.ssh = {
-    enable = true;
-    extraConfig = ''
-      Host sakura
-        Hostname 100.121.201.47
-        User notoh
-        IdentityFile ~/.ssh/sakura
-      Host kariru
-        Hostname 100.126.229.95
-        User notoh
-        IdentityFile ~/.ssh/kariru
-      Host yuki
-        Hostname 100.108.113.89
-        User notoh
-        IdentityFile ~/.ssh/yuki
-      Host arashi
-        Hostname 100.94.214.100
-        User notoh
-        IdentityFile ~/.ssh/arashi
-      Host sora
-        Hostname 100.104.42.96
-        User notoh
-        IdentityFile ~/.ssh/sora
-      Host daphbot
-        Hostname 100.109.118.139
-        User root
-        IdentityFile ~/.ssh/daphbot
-      Host tsuru
-        Hostname 100.82.146.40
-        User notoh
-        IdentityFile ~/.ssh/tsuru
-      Host haru
-        Hostname 100.73.192.45
-        User notoh
-        IdentityFile ~/.ssh/haru
-      Host kaze
-        Hostname 100.69.79.81
-        User notoh
-        IdentityFile ~/.ssh/kaze
-      Host basegbot
-        HostName 100.83.81.116
-        User basegbot
-        IdentityFile ~/.ssh/basegbot
-      Host rpi4
-        Hostname 100.92.145.147
-        User notoh
-        IdentityFile ~/.ssh/rpi4
-      Host pve
-        Hostname 100.115.234.69
-        User root
-      Host truenas
-        Hostname 192.168.1.199
-        User root
-        IdentityFile ~/.ssh/truenas
-      Host git.flake.sh
-        Hostname git.flake.sh
-        User notohh
-        IdentityFile ~/.ssh/notohh-git
-        Port 2222
-      Host github.com
-        Hostname github.com
-        User notohh
-        IdentityFile ~/.ssh/notohh-git
-    '';
-  };
 }

hosts/arashi/default.nix

@@ -4,6 +4,7 @@
     ./services
     ./networking.nix
     ../../modules
+    ../../modules/prometheus/exporters/postgres.nix
   ];
 
   boot.loader = {

hosts/arashi/services/default.nix

@@ -3,6 +3,5 @@ _: {
     ./restic.nix
     ./postgresql.nix
     ./redis.nix
-    ./exporters.nix
   ];
 }

modules/default.nix

@@ -1,7 +1,7 @@
 {inputs, ...}: {
   imports = [
     inputs.nh.nixosModules.default
-    ./prometheus.nix
+    ./prometheus
     ./security.nix
     ./users.nix
     ./nix.nix
@@ -11,4 +11,5 @@
     ./sops.nix
     ./time.nix
   ];
+  services.tailscale.enable = true;
 }

modules/nix.nix

@@ -8,9 +8,7 @@
     overlays = [inputs.nur.overlay];
     config = {
       allowUnfree = true;
-      permittedInsecurePackages = [
+      permittedInsecurePackages = lib.optional (pkgs.obsidian.version == "1.5.3") "electron-25.9.0";
-        "electron-25.9.0"
-      ];
     };
   };
 

modules/prometheus/default.nix

@@ -2,35 +2,37 @@ _: {
   networking.firewall.allowedTCPPorts = [9090];
   services.prometheus = {
     enable = true;
-    globalConfig = {
-      scrape_interval = "15s";
-      evaluation_interval = "15s";
-    };
     scrapeConfigs = [
       {
         job_name = "prometheus";
+        scrape_interval = "15s";
         static_configs = [{targets = ["localhost:9090"];}];
       }
       {
         job_name = "node";
+        scrape_interval = "15s";
         static_configs = [{targets = ["localhost:9100"];}];
       }
       {
         job_name = "traefik";
+        scrape_interval = "15s";
         static_configs = [{targets = ["100.104.42.96:8080"];}];
       }
+      {
+        job_name = "redis_exporter";
+        scrape_interval = "15s";
+        static_configs = [{targets = ["100.94.214.100:9002"];}];
+      }
       {
         job_name = "postgres";
+        scrape_interval = "15s";
         static_configs = [{targets = ["100.94.214.100:9003"];}];
       }
       {
         job_name = "blocky";
+        scrape_interval = "15s";
         static_configs = [{targets = ["100.73.192.45:4000"];}];
       }
-      {
-        job_name = "redis_exporter";
-        static_configs = [{targets = ["100.94.214.100:9002"];}];
-      }
     ];
     exporters = {
       node = {

modules/prometheus/exporters/postgres.nix

@@ -1,10 +1,4 @@
 _: {
-  services.prometheus.exporters.redis = {
-    enable = true;
-    openFirewall = true;
-    port = 9002;
-  };
-
   services.prometheus.exporters.postgres = {
     enable = true;
     openFirewall = true;

modules/prometheus/exporters/redis.nix

@@ -0,0 +1,7 @@
+_: {
+  services.prometheus.exporters.redis = {
+    enable = true;
+    openFirewall = true;
+    port = 9002;
+  };
+}

modules/system.nix

@@ -10,7 +10,6 @@
     fstrim = {
       enable = true;
     };
-    tailscale.enable = true;
   };
 
   time.timeZone = "America/New_York";