system-manager-wakasu
1{
2 libx,
3 globals,
4 lib,
5 pkgs,
6 ...
7}:
8{
9
10 imports = [
11 ../common/services/containers.nix
12 ../common/services/docker.nix
13 ../common/desktop/binfmt.nix # TODO: move to something else than desktop
14 ../common/services/prometheus-exporters-node.nix
15 ];
16
17 # TODO make it an option ? (otherwise I'll add it for all)
18 users.users.vincent.linger = true;
19
20 systemd.services.n8n.environment = {
21 N8N_SECURE_COOKIE = "false";
22 PATH = lib.mkForce "/run/current-system/sw/bin";
23 };
24
25 services = {
26 atuin = {
27 enable = true;
28 host = "0.0.0.0";
29 openRegistration = false;
30 };
31
32 n8n = {
33 enable = true;
34 openFirewall = true;
35 # webhookUrl = "";
36 };
37 paperless = {
38 enable = true;
39 address = "${builtins.head globals.machines.sakhalin.net.vpn.ips}";
40 };
41 # services.postgresql.enable = true;
42 # services.postgresql.package = pkgs.postgresql_15;
43 # services.postgresql.dataDir = "/var/lib/postgresql/15";
44 # services.postgresqlBackup.databases = [ "atuin" "homepage_production" "nextcloud" ];
45 # services.postgresqlBackup.enable = true;
46 # services.postgresqlBackup.location = "/var/backup/postgresql";
47 # services.postgresqlBackup.startAt = "*-*-* 02:15:00";
48
49 grafana = {
50 enable = true;
51 settings = {
52 server = {
53 http_addr = "0.0.0.0";
54 http_port = 3000;
55 domain = "graphana.sbr.pm";
56 };
57 };
58 };
59 prometheus = {
60 enable = true;
61 port = 9001;
62 scrapeConfigs = [
63 {
64 job_name = "node";
65 static_configs = [
66 {
67 # TODO: make this dynamic
68 targets = [
69 "aion.sbr.pm:9100"
70 "aix.sbr.pm:9000"
71 "aomi.sbr.pm:9000"
72 "athena.sbr.pm:9000"
73 "demeter.sbr.pm:9000"
74 "kerkouane.sbr.pm:9000"
75 "sakhalin.sbr.pm:9000"
76 "shikoku.sbr.pm:9000"
77 ];
78 }
79 ];
80 }
81 {
82 job_name = "bind";
83 static_configs = [
84 {
85 targets = [
86 "demeter.sbr.pm:9009"
87 "athena.sbr.pm:9009"
88 ];
89 }
90 ];
91 }
92 {
93 job_name = "nginx";
94 static_configs = [
95 {
96 targets = [ "kerkouane.sbr.pm:9001" ];
97 }
98 ];
99 }
100 ];
101 exporters.node = {
102 enable = true;
103 port = 9000;
104 enabledCollectors = [
105 "systemd"
106 "processes"
107 ];
108 extraFlags = [
109 "--collector.ethtool"
110 "--collector.softirqs"
111 "--collector.tcpstat"
112 ];
113 };
114 };
115 tarsnap = {
116 enable = true;
117 archives = {
118 documents = {
119 directories = [ "/home/vincent/desktop/documents" ];
120 period = "daily";
121 keyfile = "/etc/nixos/assets/tarsnap.documents.key";
122 };
123 org = {
124 directories = [ "/home/vincent/desktop/org" ];
125 period = "daily";
126 keyfile = "/etc/nixos/assets/tarsnap.org.key";
127 };
128 };
129 };
130 nfs.server = {
131 enable = true;
132 exports = ''
133 /export 192.168.1.0/24(rw,fsid=0,no_subtree_check) 10.100.0.0/24(rw,fsid=0,no_subtree_check)
134 /export/gaia 192.168.1.0/24(rw,fsid=1,no_subtree_check) 10.100.0.0/24(rw,fsid=1,no_subtree_check)
135 /export/toshito 192.168.1.0/24(rw,fsid=2,no_subtree_check) 10.100.0.0/24(rw,fsid=2,no_subtree_check)
136 '';
137 };
138 wireguard = {
139 enable = true;
140 ips = libx.wg-ips globals.machines.sakhalin.net.vpn.ips;
141 endpoint = "${globals.net.vpn.endpoint}";
142 endpointPublicKey = "${globals.machines.kerkouane.net.vpn.pubkey}";
143 };
144 };
145 environment.systemPackages = with pkgs; [ yt-dlp ]; # -----------------------------------
146 environment.etc."vrsync".text = ''
147 /home/vincent/desktop/pictures/screenshots/ vincent@synodine.home:/volumeUSB2/usbshare/pictures/screenshots/
148 /home/vincent/desktop/pictures/wallpapers/ vincent@synodine.home:/volumeUSB2/usbshare/pictures/wallpapers/
149 /home/vincent/desktop/documents/ vincent@synodine.home:/volume1/documents/
150 /mnt/gaia/photos/ vincent@synodine.home:/volumeUSB2/usbshare/pictures/photos/
151 /mnt/gaia/music/ vincent@synodine.home:/volumeUSB2/usbshare/music/
152 '';
153 systemd.services.vrsync = {
154 description = "vrsync - sync folders to NAS";
155 requires = [ "network-online.target" ];
156 after = [ "network-online.target" ];
157
158 unitConfig.X-StopOnRemoval = false;
159 restartIfChanged = false;
160
161 path = with pkgs; [
162 rsync
163 coreutils
164 bash
165 openssh
166 ];
167 script = ''
168 ${pkgs.vrsync}/bin/vrsync
169 '';
170
171 startAt = "hourly";
172 serviceConfig = {
173 Type = "oneshot";
174 OnFailure = "status-email-root@%n.service";
175 };
176 };
177 # mr -i u daily
178 systemd.services.mr = {
179 description = "Update configs daily";
180 requires = [ "network-online.target" ];
181 after = [ "network-online.target" ];
182
183 restartIfChanged = false;
184 unitConfig.X-StopOnRemoval = false;
185
186 serviceConfig = {
187 Type = "oneshot";
188 User = "vincent";
189 OnFailure = "status-email-root@%n.service";
190 };
191
192 path = with pkgs; [
193 git
194 mr
195 ];
196 script = ''
197 set -e
198 cd /mnt/gaia/src/configs/
199 mr -t run git reset --hard
200 mr -t u
201 '';
202
203 startAt = "daily";
204 };
205}