Commit 4f1bd1ae5fae

Vincent Demeester <vincent@sbr.pm>
2025-05-12 23:58:32
systems: prepare for athena (as well as others such as aomi)
This adds some prometheus exporters service definition (with some options). Signed-off-by: Vincent Demeester <vincent@sbr.pm>
main
1 parent 453d639
Changed files (7)
systems
aomi
extra.nix
athena
boot.nix
extra.nix
hardware.nix
common
services
prometheus-exporters-bind.nix
prometheus-exporters-node.nix
flake.nix
systems/aomi/extra.nix
@@ -11,7 +11,7 @@ _: {
     ../common/services/docker.nix
     ../common/services/lxd.nix
     # ../common/services/ollama.nix # TODO handle nvidia vs not ?
-    # ../common/services/prometheus-exporters
+    ../common/services/prometheus-exporters-node.nix
     # ../common/services/gitea-runner
 
     ../redhat
systems/athena/boot.nix
@@ -0,0 +1,16 @@
+{ lib, pkgs, ... }:
+{
+  boot = {
+    kernelPackages = pkgs.linuxKernel.packages.linux_rpi4;
+    initrd.availableKernelModules = [
+      "xhci_pci"
+      "usbhid"
+      "usb_storage"
+    ];
+    loader = {
+      grub.enable = false;
+      systemd-boot.enable = lib.mkForce false;
+      generic-extlinux-compatible.enable = true;
+    };
+  };
+}
systems/athena/extra.nix
@@ -0,0 +1,22 @@
+{ globals, ... }:
+{
+  imports = [
+    # ../common/services/bind.nix
+    ../common/services/prometheus-exporters-node.nix
+    ../common/services/prometheus-exporters-bind.nix
+  ];
+
+  services = {
+    wireguard = {
+      enable = true;
+      ips = globals.fn.wg-ips globals.machines.athena.net.vpn.ips;
+      endpoint = "${globals.net.vpn.endpoint}";
+      endpointPublicKey = "${globals.net.vpn.pubkey}";
+    };
+  };
+
+  # TODO: could be enable by default for all ?
+  security.pam.enableSSHAgentAuth = true;
+
+  security.apparmor.enable = true;
+}
systems/athena/hardware.nix
@@ -0,0 +1,9 @@
+_: {
+  fileSystems = {
+    "/" = {
+      device = "/dev/disk/by-label/NIXOS_SD";
+      fsType = "ext4";
+      options = [ "noatime" ];
+    };
+  };
+}
systems/common/services/prometheus-exporters-bind.nix
@@ -0,0 +1,6 @@
+_: {
+  services.prometheus-exporters.bind = {
+    enable = true;
+    port = 9009;
+  };
+}
systems/common/services/prometheus-exporters-node.nix
@@ -0,0 +1,27 @@
+{ lib, config, ... }: {
+  options = {
+    prometheus-exporters-node.collectors = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [
+        "systemd"
+        "processes"
+      ];
+    };
+    prometheus-exporters-node.extraFlags = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      default = [
+        "--collector.ethtool"
+        "--collector.softirqs"
+        "--collector.tcpstat"
+      ];
+    };
+  };
+
+  config = {
+    service.prometheus.exporters.node = {
+      enable = true;
+      port = 9000;
+      enabledCollectors = config.prometheus-exporters-node.collectors;
+      extraFlags = config.prometheus-exporters-node.extraFlags;
+    };
+  };
flake.nix
@@ -85,7 +85,13 @@
         # };
         # # Servers (unstable)
         kobe = libx.mkHost { hostname = "kobe"; };
-        # shikoku = libx.mkhost { hostname = "shikoku"; };
+
+        # athena = libx.mkHost {
+        #   hostname = "athena";
+        #   pkgsInput = inputs.nixpkgs-24_11;
+        #   homeInput = inputs.home-manager-24_11;
+        # };
+        # shikoku = libx.mkHost { hostname = "shikoku"; };
         # FIXME migrate to libx.mkHost
         aomi = inputs.nixpkgs.lib.nixosSystem {
           system = "x86_64-linux";
@@ -98,12 +104,6 @@
               ./systems/hosts/aomi.nix
             ];
         };
-        # Work server (stable ?)
-        # kobe = libx.mkHost {
-        #   hostname = "sakhalin";
-        #   pkgsInput = inputs.nixpkgs-24_11;
-        #   homeInput = inputs.home-manager-24_11;
-        # };
 
         # Servers (stable)
         shikoku = inputs.nixpkgs-24_11.lib.nixosSystem {