monitoring: improvments to redeplyablity

Co-authored-by: NotAShelf <[email protected]>
isabelroses · Nov 8, 2023 · 2877494 · 2877494
1 parent 5ab3586
commit 2877494
Show file tree

Hide file tree

Showing 14 changed files with 599 additions and 44 deletions.
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -186,6 +186,16 @@
       inputs.nixpkgs-stable.follows = "nixpkgs";
     };
 
+    # More up to date minecraft launcher
+    prism-launcher = {
+      url = "github:PrismLauncher/PrismLauncher";
+      inputs = {
+        nixpkgs.follows = "nixpkgs";
+        flake-parts.follows = "flake-parts";
+        pre-commit-hooks.follows = "pre-commit-hooks";
+      };
+    };
+
     # Hyprland packages
     hyprland.url = "github:hyprwm/Hyprland";
 

diff --git a/home/isabel/programs/gui/gaming/minecraft/default.nix b/home/isabel/programs/gui/gaming/minecraft/default.nix
@@ -2,6 +2,7 @@
   lib,
   pkgs,
   osConfig,
+  inputs',
   ...
 }: let
   catppuccin-mocha = pkgs.fetchzip {
@@ -32,8 +33,11 @@ in {
       };
 
       packages = [
-        (pkgs.prismlauncher.override {
+        (inputs'.prism-launcher.packages.prismlauncher.override {
+          # get java versions required by various minecraft versions
+          # "write once run everywhere" my ass
           jdks = javaPackages;
+          additionalPrograms = with pkgs; [gamemode mangohud];
         })
       ];
     };

diff --git a/hosts/bernie/services.nix b/hosts/bernie/services.nix
@@ -18,6 +18,7 @@ _: {
     monitoring = {
       grafana.enable = true;
       prometheus.enable = true;
+      loki.enable = true;
     };
 
     database = {

diff --git a/modules/base/common/host/os/network/default.nix b/modules/base/common/host/os/network/default.nix
@@ -17,7 +17,10 @@ in {
 
   users = {
     groups.tcpcryptd = {};
-    users.tcpcryptd.group = "tcpcryptd";
+    users.tcpcryptd = {
+      isSystemUser = true;
+      group = "tcpcryptd";
+    };
   };
 
   services = {
@@ -42,7 +45,7 @@ in {
     # enable opportunistic TCP encryption
     # this is NOT a pancea, however, if the receiver supports encryption and the attacker is passive
     # privacy will be more plausible (but not guaranteed, unlike what the option docs suggest)
-    tcpcrypt.enable = true;
+    tcpcrypt.enable = false;
 
     # dns
     nameservers = [

diff --git a/modules/base/common/services/matrix/default.nix b/modules/base/common/services/matrix/default.nix
@@ -13,7 +13,7 @@
   bindAddress = "::1";
   serverConfig."m.server" = "${config.services.matrix-synapse.settings.server_name}:443";
   clientConfig = {
-    "m.homeserver".base_url = "https://${config.networking.hostName}${domain}";
+    "m.homeserver".base_url = "https://${domain}";
     "m.identity_server" = {};
   };
 
@@ -46,14 +46,17 @@ in {
       };
 
       nginx.virtualHosts = {
-        ${domain} = {
-          locations = {
-            "= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
-            "= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
-            "/_matrix".proxyPass = "http://[${bindAddress}]:${toString port}";
-            "/_synapse/client".proxyPass = "http://[${bindAddress}]:${toString port}";
-          };
-        };
+        ${domain} =
+          {
+            locations = {
+              "= /.well-known/matrix/server".extraConfig = mkWellKnown serverConfig;
+              "= /.well-known/matrix/client".extraConfig = mkWellKnown clientConfig;
+              "/_matrix".proxyPass = "http://[${bindAddress}]:${toString port}";
+              "/_synapse/client".proxyPass = "http://[${bindAddress}]:${toString port}";
+            };
+          }
+          // sslTemplate;
+
         "matrix.${domain}" =
           {
             locations."/".proxyPass = "http://127.0.0.1:8008";

diff --git a/modules/base/common/services/monitoring/default.nix b/modules/base/common/services/monitoring/default.nix
@@ -1,6 +1,7 @@
 _: {
   imports = [
     ./grafana
+    ./loki
     ./prometheus
   ];
 }
diff --git a/modules/base/common/services/monitoring/grafana/dashboards.nix b/modules/base/common/services/monitoring/grafana/dashboards.nix
@@ -0,0 +1,26 @@
+{
+  lib,
+  pkgs,
+  ...
+}: let
+  loadDashboard = file:
+    lib.pipe file [
+      lib.importJSON
+      ({dashboard, ...}: rec {
+        name = "provision-dashboard-${dashboard.uid}.json";
+        path = builtins.toFile name (builtins.toJSON dashboard);
+      })
+    ];
+
+  dashboardsDir =
+    pkgs.linkFarm
+    "grafana-provisioning-dashboards"
+    (map loadDashboard (lib.filesystem.listFilesRecursive ./dashboards));
+in {
+  services.grafana.provision.dashboards.settings = {
+    providers = lib.singleton {
+      options.path = dashboardsDir;
+      allowUiUpdates = true;
+    };
+  };
+}