Skip to content

Commit

Permalink
fix: ssh+
Browse files Browse the repository at this point in the history
  • Loading branch information
@NotAShelf @isabelroses
NotAShelf authored and isabelroses committed Nov 29, 2023
1 parent 9ef9ce3 commit 2b05560
Show file tree
Hide file tree
Showing 3 changed files with 50 additions and 30 deletions.
14 changes: 13 additions & 1 deletion modules/base/common/host/os/networking/ssh.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,17 @@
enable = true;
startWhenNeeded = true;
settings = {
PermitRootLogin = lib.mkForce "no";
# Don't allow root login
PermitRootLogin = "no";

# only allow key based logins and not password
PasswordAuthentication = false;
KbdInteractiveAuthentication = lib.mkDefault false;
AuthenticationMethods = "publickey";
PubkeyAuthentication = "yes";
ChallengeResponseAuthentication = "no";
UsePAM = "no";

UseDns = false;
X11Forwarding = false;

Expand All @@ -18,6 +26,10 @@
"diffie-hellman-group18-sha512"
"[email protected]"
];

# kick out inactive sessions
ClientAliveCountMax = 5;
ClientAliveInterval = 60;
};

openFirewall = true;
Expand Down
47 changes: 25 additions & 22 deletions modules/base/common/services/monitoring/loki/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,21 @@
inherit (lib) mkIf;

cfg = config.modules.services.monitoring.loki;
lcfg = config.services.loki;
in {
config = mkIf cfg.enable {
# https://gist.github.com/rickhull/895b0cb38fdd537c1078a858cf15d63e
services.loki = {
enable = true;
dataDir = "/srv/storage/loki";
extraFlags = ["--config.expand-env=true"];

configuration = {
server.http_listen_port = 3030;
server = {
http_listen_port = 3030;
log_level = "warn";
};

auth_enabled = false;

ingester = {
Expand All @@ -34,32 +40,29 @@ in {
max_transfer_retries = 0;
};

schema_config = {
configs = [
{
from = "2022-06-06";
store = "boltdb-shipper";
object_store = "filesystem";
schema = "v11";
index = {
prefix = "index_";
period = "24h";
};
}
];
};
schema_config.configs = [
{
from = "2022-06-06";
store = "boltdb-shipper";
object_store = "filesystem";
schema = "v11";
index = {
prefix = "index_";
period = "24h";
};
}
];

storage_config = {
boltdb.directory = "${lcfg.dataDir}/boltdb-index";
filesystem.directory = "${lcfg.dataDir}/storage-chunks";

boltdb_shipper = {
active_index_directory = "/srv/storage/loki/boltdb-shipper-active";
cache_location = "/srv/storage/loki/boltdb-shipper-cache";
active_index_directory = "${lcfg.dataDir}/boltdb-shipper-active";
cache_location = "${lcfg.dataDir}/boltdb-shipper-cache";
cache_ttl = "24h";
shared_store = "filesystem";
};

filesystem = {
directory = "/srv/storage/loki/chunks";
};
};

limits_config = {
Expand All @@ -77,7 +80,7 @@ in {
};

compactor = {
working_directory = "/srv/storage/loki";
working_directory = "${lcfg.dataDir}/compactor-work";
shared_store = "filesystem";
compactor_ring = {
kvstore = {
Expand Down
19 changes: 12 additions & 7 deletions modules/base/common/services/monitoring/prometheus/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ in {
port = 9101;
enabledCollectors = [
"logind"
"processes"
"systemd"
];
};
Expand All @@ -45,6 +46,15 @@ in {
enable = false;
port = 9104;
};

smartctl = {
inherit (config.services.smartd) enable;
openFirewall = config.services.smartd.enable;
# Defaults:
user = "smartctl-exporter";
group = "disk";
port = 9110;
};
};

scrapeConfigs = [
Expand All @@ -68,16 +78,11 @@ in {
scrape_interval = "30s";
static_configs = [{targets = ["localhost:9103"];}];
}
/*
{
job_name = "nginx";
static_configs = [
{
targets = ["127.0.0.1:${toString config.services.prometheus.exporters.nginx.port}"];
}
];
scrape_interval = "30s";
static_configs = [{targets = ["localhost:9104"];}];
}
*/
];
};
};
Expand Down

0 comments on commit 2b05560

Please sign in to comment.