Compare commits

...

8 commits

Author SHA1 Message Date
a4943c475b
nushell: add haru alias
All checks were successful
fmt check / check (push) Successful in 44s
flake check / check (push) Successful in 5m55s
2023-11-30 22:28:56 -05:00
7016d2ad50
default: add haru 2023-11-30 22:28:49 -05:00
03e03862fc
nix: add nh cache 2023-11-30 22:28:42 -05:00
3a7890bee4
prometheus: add blocky scraping 2023-11-30 22:28:36 -05:00
bff334ebf9
hosts: switch ip to haru 2023-11-30 22:28:22 -05:00
5b921e633a
grafana: add haru 2023-11-30 22:28:14 -05:00
76584937f1
hosts: init haru 2023-11-30 22:27:58 -05:00
975dae3ad6
redis: add blocky 2023-11-30 22:27:21 -05:00
21 changed files with 316 additions and 17 deletions

View file

@ -67,6 +67,10 @@
HostName 100.82.146.40 HostName 100.82.146.40
User notoh User notoh
IdentityFile ~/.ssh/tsuru IdentityFile ~/.ssh/tsuru
Host haru
HostName 100.73.192.45
User notoh
IdentityFile ~/.ssh/haru
Host basegbot Host basegbot
HostName 100.83.81.116 HostName 100.83.81.116
User basegbot User basegbot

View file

@ -20,6 +20,7 @@ alias yuki = nix run github:serokell/deploy-rs ".#yuki"
alias arashi = nix run github:serokell/deploy-rs ".#arashi" alias arashi = nix run github:serokell/deploy-rs ".#arashi"
alias sora = nix run github:serokell/deploy-rs ".#sora" alias sora = nix run github:serokell/deploy-rs ".#sora"
alias tsuru = nix run github:serokell/deploy-rs ".#tsuru" alias tsuru = nix run github:serokell/deploy-rs ".#tsuru"
alias haru = nix run github:serokell/deploy-rs ".#haru"
alias dx = nix run "nixpkgs#deadnix" alias dx = nix run "nixpkgs#deadnix"
alias sx = nix run "nixpkgs#statix" -- check alias sx = nix run "nixpkgs#statix" -- check
alias sxfix = nix run "nixpkgs#statix" -- fix alias sxfix = nix run "nixpkgs#statix" -- fix

View file

@ -8,8 +8,8 @@ _: {
}; };
environment.etc = { environment.etc = {
"resolv.conf".text = '' "resolv.conf".text = ''
nameserver 192.168.1.221 nameserver 192.168.1.103
nameserver 192.168.1.153 nameserver 1.1.1.1
''; '';
}; };

View file

@ -8,8 +8,8 @@ _: {
}; };
environment.etc = { environment.etc = {
"resolv.conf".text = '' "resolv.conf".text = ''
nameserver 192.168.1.221 nameserver 192.168.1.103
nameserver 192.168.1.153 nameserver 1.1.1.1
''; '';
}; };

View file

@ -25,5 +25,17 @@
protected-mode = "no"; protected-mode = "no";
}; };
}; };
blocky = {
enable = true;
openFirewall = true;
port = 6381;
bind = null;
databases = 16;
logLevel = "debug";
requirePass = "blocky";
settings = {
protected-mode = "no";
};
};
}; };
} }

View file

@ -173,4 +173,24 @@ in {
} }
]; ];
}; };
haru = nixosSystem {
inherit system;
specialArgs = {inherit inputs;};
modules = [
./haru
sopsModule
hmModule
{
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
users.notoh = {
imports = [
./haru/home.nix
];
};
};
}
];
};
} }

View file

@ -60,5 +60,15 @@ inputs: {
sshOpts = ["-t" "-i" "~/.ssh/forgejo"]; sshOpts = ["-t" "-i" "~/.ssh/forgejo"];
magicRollback = true; magicRollback = true;
}; };
haru = {
hostname = "100.73.192.45";
profiles.system = {
user = "root";
path = activate.nixos inputs.self.nixosConfigurations.haru;
};
sshUser = "root";
sshOpts = ["-t" "-i" "~/.ssh/forgejo"];
magicRollback = true;
};
}; };
} }

33
hosts/haru/default.nix Normal file
View file

@ -0,0 +1,33 @@
{...}: {
imports = [
./hardware-configuration.nix
./services
./networking.nix
../../modules
];
boot.loader = {
grub = {
enable = true;
configurationLimit = 5;
device = "/dev/sda";
useOSProber = false;
};
};
networking = {
hostName = "haru";
};
services.xserver = {
layout = "us";
xkbVariant = "";
};
users.users.notoh.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDdSO5g6IZQUzeH0Xf7hEVjKZ4cAWn/DjN+GQ2Ujd+qD haru"
];
users.users.root.openssh.authorizedKeys.keys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMd8j1+fC/ng7l17rsxugVtlhurUe1ICizwA9lQkSuNY forgejo"
];
}

View file

@ -0,0 +1,29 @@
{
config,
lib,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = ["ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = [];
boot.extraModulePackages = [];
fileSystems."/" = {
device = "/dev/disk/by-uuid/06177115-2e39-493b-81fb-5a1980ae0534";
fsType = "ext4";
};
swapDevices = [
{device = "/dev/disk/by-uuid/c879fa21-fd80-422c-9aef-0becce5ff19c";}
];
networking.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}

14
hosts/haru/home.nix Normal file
View file

@ -0,0 +1,14 @@
{...}: {
imports = [
../../home
];
systemd.user.startServices = "sd-switch";
programs.home-manager.enable = true;
home = {
username = "notoh";
homeDirectory = "/home/notoh";
stateVersion = "23.05";
};
}

17
hosts/haru/networking.nix Normal file
View file

@ -0,0 +1,17 @@
_: {
networking = {
networkmanager.enable = true;
nameservers = ["1.1.1.1"];
firewall = {
enable = true;
};
};
environment.etc = {
"resolv.conf".text = ''
nameserver 1.1.1.1
nameserver 1.0.0.1
'';
};
services.tailscale.enable = true;
}

View file

@ -0,0 +1,132 @@
{...}: {
networking.firewall.allowedTCPPorts = [53 4000];
networking.firewall.allowedUDPPorts = [53];
services.blocky = {
enable = true;
settings = {
connectIPVersion = "v4";
upstreamTimeout = "30s";
startVerifyUpstream = false;
minTlsServeVersion = "1.2";
log = {
level = "debug";
privacy = true;
};
ports = {
dns = 53;
http = 4000;
https = 443;
};
upstream.default = [
"1.1.1.1"
"1.0.0.1"
"9.9.9.9"
"https://1.1.1.1/dns-query"
"https://dns.quad9.net/dns-query"
"https://dns-unfiltered.adguard.com/dns-query"
];
blocking = {
loading = {
strategy = "fast";
concurrency = 8;
};
blackLists = {
ads = [
"https://blocklistproject.github.io/Lists/ads.txt"
"https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts"
"https://adaway.org/hosts.txt"
"https://v.firebog.net/hosts/AdguardDNS.txt"
"https://v.firebog.net/hosts/Admiral.txt"
"https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt"
"https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt"
"https://v.firebog.net/hosts/Easylist.txt"
"https://pgl.yoyo.org/adservers/serverlist.php?hostformat=hosts&showintro=0&mimetype=plaintext"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/UncheckyAds/hosts"
"https://raw.githubusercontent.com/bigdargon/hostsVN/master/hosts"
];
tracking = [
"https://v.firebog.net/hosts/Easyprivacy.txt"
"https://v.firebog.net/hosts/Prigent-Ads.txt"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.2o7Net/hosts"
"https://raw.githubusercontent.com/crazy-max/WindowsSpyBlocker/master/data/hosts/spy.txt"
"https://hostfiles.frogeye.fr/firstparty-trackers-hosts.txt"
];
malicious = [
"https://raw.githubusercontent.com/DandelionSprout/adfilt/master/Alternate%20versions%20Anti-Malware%20List/AntiMalwareHosts.txt"
"https://osint.digitalside.it/Threat-Intel/lists/latestdomains.txt"
"https://s3.amazonaws.com/lists.disconnect.me/simple_malvertising.txt"
"https://v.firebog.net/hosts/Prigent-Crypto.txt"
"https://raw.githubusercontent.com/FadeMind/hosts.extras/master/add.Risk/hosts"
"https://v.firebog.net/hosts/RPiList-Phishing.txt"
"https://v.firebog.net/hosts/RPiList-Malware.txt"
];
misc = [
"https://zerodot1.gitlab.io/CoinBlockerLists/hosts_browser"
"https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-only/hosts"
];
};
whiteLists = {
default = [
"https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt"
# "https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/optional-list.txt"
];
};
clientGroupsBlock = {
default = [
"ads"
"tracking"
"malicious"
"misc"
];
};
};
customDNS = {
customTTL = "1h";
mapping = {
# infra
"truenas.internal.flake.sh" = "192.168.1.199";
"assistant.internal.flake.sh" = "192.168.1.189";
"dashboard.internal.flake.sh" = "192.168.1.36";
"udm.internal.flake.sh" = "192.168.1.1";
"pve.internal.flake.sh" = "192.168.1.37";
# media
"jellyfin.internal.flake.sh" = "192.168.1.36";
"jellyseerr.internal.flake.sh" = "192.168.1.36";
"sonarr.internal.flake.sh" = "192.168.1.54";
"radarr.internal.flake.sh" = "192.168.1.54";
"bazarr.internal.flake.sh" = "192.168.1.54";
"prowlarr.internal.flake.sh" = "192.168.1.54";
"stash.internal.flake.sh" = "192.168.1.36";
# misc
"wallos.internal.flake.sh" = "192.168.1.36";
};
};
redis = {
address = "100.94.214.100:6381";
password = "blocky";
database = 2;
required = false;
connectionAttempts = 10;
connectionCooldown = "5s";
};
caching = {
minTime = "2h";
maxTime = "12h";
maxItemsCount = 0;
prefetching = true;
prefetchExpires = "2h";
prefetchThreshold = 5;
};
prometheus = {
enable = true;
path = "/metrics";
};
};
};
}

View file

@ -0,0 +1,5 @@
_: {
imports = [
./blocky.nix
];
}

View file

@ -8,8 +8,8 @@ _: {
}; };
environment.etc = { environment.etc = {
"resolv.conf".text = '' "resolv.conf".text = ''
nameserver 192.168.1.221 nameserver 192.168.1.103
nameserver 192.168.1.153 nameserver 1.1.1.1
''; '';
}; };

View file

@ -8,8 +8,8 @@ _: {
}; };
environment.etc = { environment.etc = {
"resolv.conf".text = '' "resolv.conf".text = ''
nameserver 192.168.1.221 nameserver 192.168.1.103
nameserver 192.168.1.153 nameserver 1.1.1.1
''; '';
}; };

View file

@ -2,6 +2,8 @@ _: {
services.grafana = { services.grafana = {
enable = true; enable = true;
settings = { settings = {
"auth.anonymous".enabled = true;
"auth.basic".enabled = false;
server = { server = {
root_url = "https://metrics.flake.sh"; root_url = "https://metrics.flake.sh";
domain = "metrics.flake.sh"; domain = "metrics.flake.sh";
@ -9,8 +11,6 @@ _: {
http_addr = "0.0.0.0"; http_addr = "0.0.0.0";
http_port = 3100; http_port = 3100;
}; };
"auth.anonymous".enabled = true;
"auth.basic".enabled = false;
users = { users = {
allow_signup = false; allow_signup = false;
}; };
@ -21,6 +21,10 @@ _: {
user = "grafana"; user = "grafana";
ssl_mode = "disable"; ssl_mode = "disable";
}; };
panels = {
disable_sanitize_html = false;
enable_alpha = true;
};
}; };
provision = { provision = {
datasources.settings = { datasources.settings = {
@ -55,6 +59,17 @@ _: {
url = "http://100.104.42.96:9090"; url = "http://100.104.42.96:9090";
orgId = 1; orgId = 1;
} }
{
name = "Prometheus-haru";
type = "prometheus";
url = "http://100.73.192.45:9090";
orgId = 1;
jsonData = {
graphiteVersion = "1.1";
tlsAuth = false;
tlsAuthWithCACert = false;
};
}
]; ];
}; };
}; };

View file

@ -8,8 +8,8 @@ _: {
}; };
environment.etc = { environment.etc = {
"resolv.conf".text = '' "resolv.conf".text = ''
nameserver 192.168.1.221 nameserver 192.168.1.103
nameserver 192.168.1.153 nameserver 1.1.1.1
''; '';
}; };

View file

@ -8,8 +8,8 @@ _: {
}; };
environment.etc = { environment.etc = {
"resolv.conf".text = '' "resolv.conf".text = ''
nameserver 192.168.1.221 nameserver 192.168.1.103
nameserver 192.168.1.153 nameserver 1.1.1.1
''; '';
}; };

View file

@ -8,8 +8,8 @@ _: {
}; };
environment.etc = { environment.etc = {
"resolv.conf".text = '' "resolv.conf".text = ''
nameserver 192.168.1.221 nameserver 192.168.1.103
nameserver 192.168.1.153 nameserver 1.1.1.1
''; '';
}; };

View file

@ -30,6 +30,7 @@
"https://cache.garnix.io" "https://cache.garnix.io"
"https://nix-gaming.cachix.org" "https://nix-gaming.cachix.org"
"https://anyrun.cachix.org" "https://anyrun.cachix.org"
"https://viperml.cachix.org"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
@ -37,6 +38,7 @@
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4=" "nix-gaming.cachix.org-1:nbjlureqMbRAxR1gJ/f3hxemL9svXaZF/Ees8vCUUs4="
"anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s=" "anyrun.cachix.org-1:pqBobmOjI7nKlsUMV25u9QHa9btJK65/C8vnO3p346s="
"viperml.cachix.org-1:qZhKBMTfmcLL+OG6fj/hzsMEedgKvZVFRRAhq7j8Vh8="
]; ];
}; };
}; };

View file

@ -16,7 +16,7 @@ _: {
{ {
job_name = "traefik"; job_name = "traefik";
scrape_interval = "15s"; scrape_interval = "15s";
static_configs = [{targets = ["100.87.54.48:8080"];}]; static_configs = [{targets = ["100.104.42.96:8080"];}];
} }
{ {
job_name = "redis_exporter"; job_name = "redis_exporter";
@ -28,6 +28,11 @@ _: {
scrape_interval = "15s"; scrape_interval = "15s";
static_configs = [{targets = ["100.94.214.100:9003"];}]; static_configs = [{targets = ["100.94.214.100:9003"];}];
} }
{
job_name = "blocky";
scrape_interval = "15s";
static_configs = [{targets = ["100.73.192.45:4000"];}];
}
]; ];
exporters = { exporters = {
node = { node = {