diff --git a/hardware/alpine.nix b/hardware/alpine.nix index bf4d2d4..ccdec46 100644 --- a/hardware/alpine.nix +++ b/hardware/alpine.nix @@ -61,8 +61,8 @@ in { options = [ "minfreespace=50G" "fsname=mergerfs" - "category.create=mfs" - "dropcacheonclose=true" + "cache.readdir=true" + "func.readdir=cosr" ]; }; @@ -154,7 +154,7 @@ in { enable = true; protocol = "namecheap"; usev4 = "webv4, webv4=ipify-ipv4"; - usev6 = ""; + usev6 = "webv6, webv6=ipify-ipv6"; username = "tristans.cloud"; passwordFile = config.sops.secrets."namecheap".path; domains = ["@" "*"]; @@ -170,4 +170,7 @@ in { systemd.services.NetworkManager-wait-online.enable = false; + # not enough memory + boot.tmp.useTmpfs = false; + } diff --git a/nixos/default.nix b/nixos/default.nix index 0269d20..c71a9f7 100644 --- a/nixos/default.nix +++ b/nixos/default.nix @@ -25,7 +25,10 @@ in { configurationLimit = 50; }; boot.loader.efi.canTouchEfiVariables = true; - boot.tmp.useTmpfs = true; + boot.tmp = { + useTmpfs = lib.mkDefault true; + cleanOnBoot = true; + }; networking.networkmanager.enable = true; programs.nm-applet = { diff --git a/nixos/services/mautrix/whatsapp.nix b/nixos/services/mautrix/whatsapp.nix index 99ba1f9..59e6da8 100644 --- a/nixos/services/mautrix/whatsapp.nix +++ b/nixos/services/mautrix/whatsapp.nix @@ -1,6 +1,5 @@ {config, ...}: { -# TODO: totally borked for some reason. DB migration? nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ]; diff --git a/nixos/services/ntfy.nix b/nixos/services/ntfy.nix index 077305a..4d55063 100644 --- a/nixos/services/ntfy.nix +++ b/nixos/services/ntfy.nix @@ -12,6 +12,9 @@ in { services.nginx.virtualHosts.${domain} = { forceSSL = true; enableACME = true; - locations."~".proxyPass = "http://localhost:${toString port}"; + locations."~" = { + proxyPass = "http://localhost:${toString port}"; + proxyWebsockets = true; + }; }; } diff --git a/nixos/services/prometheus.nix b/nixos/services/prometheus.nix index e38cb64..5b747e1 100644 --- a/nixos/services/prometheus.nix +++ b/nixos/services/prometheus.nix @@ -2,7 +2,7 @@ inherit (config.services) prometheus; nodes = [ "alpine" - "fcs-tristan-nixbook" + "framework-13" "zenix" ]; addPort = ip: "${ip}:${toString prometheus.exporters.node.port}"; @@ -27,12 +27,66 @@ in { ]; } ]; + rules = [ + (builtins.toJSON { + groups = [{ + name = "node"; + rules = [ + { + alert = "io error"; + expr = ''node_filesystem_device_error{device_error!="permission denied"} > 0''; + } + { + alert = "disk full"; + expr = ''node_filesystem_avail_bytes{fstype=~"ext4|btrfs"} < ${toString (50 * 1024 * 1024 * 1024)}''; + } + ]; + }]; + }) + ]; + alertmanagers = [ { + static_configs = [ { + targets = [ + "localhost:9093" + ]; + } ]; + } ]; exporters = { postgres = { enable = true; runAsLocalSuperUser = true; }; }; + alertmanager = { + enable = true; + configuration = { + receivers = [{ + name = "ntfy"; + webhook_configs = [{ + url = "http://localhost${config.services.ntfy-sh.settings.listen-http}/alert/trigger"; + }]; + }]; + route = { + receiver = "ntfy"; + # routes = [{ + # matchers = [ + # ''node_filesystem_device_error != 0'' + # ]; + # }]; + }; + }; + }; + # alertmanager-ntfy = { + # enable = true; + # settings = { + # ntfy = { + # baseurl = "https://up.tristans.cloud"; + # notification = { + # topic = "alertmanager"; + # }; + # }; + # }; + # }; }; services.grafana.provision.datasources.settings.datasources = [{ name = "Prometheus"; diff --git a/nixos/services/vaultwarden.nix b/nixos/services/vaultwarden.nix index 5d1afc1..dddb0ef 100644 --- a/nixos/services/vaultwarden.nix +++ b/nixos/services/vaultwarden.nix @@ -4,6 +4,7 @@ in { services.vaultwarden = { enable = true; + backupDir = "/mnt/storage/backups/vaultwarden"; }; services.nginx.virtualHosts.${domain} = { forceSSL = true;