arashi: init exporters

home/firefox/default.nix

@@ -20,7 +20,31 @@
         "browser.search.separatePrivateDefault" = false;
         "browser.search.separatePrivateDefault.ui.enabled" = true;
         "browser.startup.homepage" = "http://dashboard.internal.flake.sh/";
-        "network.trr.mode" = 2;
+        "network.trr.mode" = 3;
+        "network.trr.uri" = "https://dns.quad9.net/dns-query";
+        "dom.security.https_first" = true;
+        "dom.security.https_only_mode" = true;
+        "dom.security.https_only_mode_ever_enabled" = true;
+        "network.trr.excluded-domains" = ''
+          ,
+          pve.internal.flake.sh,
+          pbs.internal.flake.sh,
+          truenas.internal.flake.sh,
+          udm.internal.flake.sh,
+          dashboard.internal.flake.sh,
+          stash.internal.flake.sh,
+          synology.internal.flake.sh,
+          wallos.internal.flake.sh,
+          jellyfin.internal.flake.sh,
+          jellyseerr.internal.flake.sh,
+          sonarr.internal.flake.sh,
+          radarr.internal.flake.sh,
+          readarr.internal.flake.sh,
+          lidarr.internal.flake.sh,
+          bazarr.internal.flake.sh,
+          whisparr.internal.flake.sh,
+          prowlarr.internal.flake.sh
+        '';
       };
       extraConfig = builtins.readFile ./user.js/betterfox.js;
       search = {

hosts/ame/home.nix

@@ -43,7 +43,71 @@
       hyprpicker
       (libsForQt5.callPackage ../../pkgs/chatterino7 {})
     ];
-
     stateVersion = "23.05";
   };
+  programs.ssh = {
+    enable = true;
+    extraConfig = ''
+      Host sakura
+        Hostname 100.121.201.47
+        User notoh
+        IdentityFile ~/.ssh/sakura
+      Host kariru
+        Hostname 100.126.229.95
+        User notoh
+        IdentityFile ~/.ssh/kariru
+      Host yuki
+        Hostname 100.108.113.89
+        User notoh
+        IdentityFile ~/.ssh/yuki
+      Host arashi
+        Hostname 100.94.214.100
+        User notoh
+        IdentityFile ~/.ssh/arashi
+      Host sora
+        Hostname 100.104.42.96
+        User notoh
+        IdentityFile ~/.ssh/sora
+      Host daphbot
+        Hostname 100.109.118.139
+        User root
+        IdentityFile ~/.ssh/daphbot
+      Host tsuru
+        Hostname 100.82.146.40
+        User notoh
+        IdentityFile ~/.ssh/tsuru
+      Host haru
+        Hostname 100.73.192.45
+        User notoh
+        IdentityFile ~/.ssh/haru
+      Host kaze
+        Hostname 100.69.79.81
+        User notoh
+        IdentityFile ~/.ssh/kaze
+      Host basegbot
+        HostName 100.83.81.116
+        User basegbot
+        IdentityFile ~/.ssh/basegbot
+      Host rpi4
+        Hostname 100.92.145.147
+        User notoh
+        IdentityFile ~/.ssh/rpi4
+      Host pve
+        Hostname 100.115.234.69
+        User root
+      Host truenas
+        Hostname 192.168.1.199
+        User root
+        IdentityFile ~/.ssh/truenas
+      Host git.flake.sh
+        Hostname git.flake.sh
+        User notohh
+        IdentityFile ~/.ssh/notohh-git
+        Port 2222
+      Host github.com
+        Hostname github.com
+        User notohh
+        IdentityFile ~/.ssh/notohh-git
+    '';
+  };
 }

hosts/arashi/default.nix

@@ -4,7 +4,6 @@
     ./services
     ./networking.nix
     ../../modules
-    ../../modules/prometheus/exporters/postgres.nix
   ];
 
   boot.loader = {

hosts/arashi/services/default.nix

@@ -3,5 +3,6 @@ _: {
     ./restic.nix
     ./postgresql.nix
     ./redis.nix
+    ./exporters.nix
   ];
 }

hosts/arashi/services/exporters.nix

@@ -1,4 +1,10 @@
 _: {
+  services.prometheus.exporters.redis = {
+    enable = true;
+    openFirewall = true;
+    port = 9002;
+  };
+
   services.prometheus.exporters.postgres = {
     enable = true;
     openFirewall = true;

modules/default.nix

@@ -1,7 +1,7 @@
 {inputs, ...}: {
   imports = [
     inputs.nh.nixosModules.default
-    ./prometheus
+    ./prometheus.nix
     ./security.nix
     ./users.nix
     ./nix.nix
@@ -11,5 +11,4 @@
     ./sops.nix
     ./time.nix
   ];
-  services.tailscale.enable = true;
 }

modules/nix.nix

@@ -8,7 +8,9 @@
     overlays = [inputs.nur.overlay];
     config = {
       allowUnfree = true;
-      permittedInsecurePackages = lib.optional (pkgs.obsidian.version == "1.5.3") "electron-25.9.0";
+      permittedInsecurePackages = [
+        "electron-25.9.0"
+      ];
     };
   };
 

modules/prometheus.nix

@@ -2,37 +2,35 @@ _: {
   networking.firewall.allowedTCPPorts = [9090];
   services.prometheus = {
     enable = true;
+    globalConfig = {
+      scrape_interval = "15s";
+      evaluation_interval = "15s";
+    };
     scrapeConfigs = [
       {
         job_name = "prometheus";
-        scrape_interval = "15s";
         static_configs = [{targets = ["localhost:9090"];}];
       }
       {
         job_name = "node";
-        scrape_interval = "15s";
         static_configs = [{targets = ["localhost:9100"];}];
       }
       {
         job_name = "traefik";
-        scrape_interval = "15s";
         static_configs = [{targets = ["100.104.42.96:8080"];}];
       }
-      {
-        job_name = "redis_exporter";
-        scrape_interval = "15s";
-        static_configs = [{targets = ["100.94.214.100:9002"];}];
-      }
       {
         job_name = "postgres";
-        scrape_interval = "15s";
         static_configs = [{targets = ["100.94.214.100:9003"];}];
       }
       {
         job_name = "blocky";
-        scrape_interval = "15s";
         static_configs = [{targets = ["100.73.192.45:4000"];}];
       }
+      {
+        job_name = "redis_exporter";
+        static_configs = [{targets = ["100.94.214.100:9002"];}];
+      }
     ];
     exporters = {
       node = {

modules/prometheus/exporters/redis.nix

@@ -1,7 +0,0 @@
-_: {
-  services.prometheus.exporters.redis = {
-    enable = true;
-    openFirewall = true;
-    port = 9002;
-  };
-}

modules/system.nix

@@ -10,6 +10,7 @@
     fstrim = {
       enable = true;
     };
+    tailscale.enable = true;
   };
 
   time.timeZone = "America/New_York";