alpine: tweaks and fixes

2025-05-23 18:32:59 +01:00 · 2025-05-23 18:32:59 +01:00 · ae83324d9b
commit ae83324d9b
parent 0e2eef3ee0
6 changed files with 70 additions and 7 deletions
--- a/nixos/services/mautrix/whatsapp.nix
+++ b/nixos/services/mautrix/whatsapp.nix
@ -1,6 +1,5 @@
 {config, ...}:
 {
-# TODO: totally borked for some reason. DB migration?
  nixpkgs.config.permittedInsecurePackages = [
    "olm-3.2.16"
  ];
--- a/nixos/services/ntfy.nix
+++ b/nixos/services/ntfy.nix
@ -12,6 +12,9 @@ in {
  services.nginx.virtualHosts.${domain} = {
    forceSSL = true;
    enableACME = true;
-    locations."~".proxyPass = "http://localhost:${toString port}";
+    locations."~" = {
+      proxyPass = "http://localhost:${toString port}";
+      proxyWebsockets = true;
+    };
  };
 }
--- a/nixos/services/prometheus.nix
+++ b/nixos/services/prometheus.nix
@ -2,7 +2,7 @@
  inherit (config.services) prometheus;
  nodes = [
    "alpine"
-    "fcs-tristan-nixbook"
+    "framework-13"
    "zenix"
  ];
  addPort = ip: "${ip}:${toString prometheus.exporters.node.port}";
@ -27,12 +27,66 @@ in {
        ];
      }
    ];
+    rules = [
+      (builtins.toJSON {
+        groups = [{
+          name = "node";
+          rules = [
+            {
+              alert = "io error";
+              expr = ''node_filesystem_device_error{device_error!="permission denied"} > 0'';
+            }
+            {
+              alert = "disk full";
+              expr = ''node_filesystem_avail_bytes{fstype=~"ext4|btrfs"} < ${toString (50 * 1024 * 1024 * 1024)}'';
+            }
+          ];
+        }];
+      })
+    ];
+    alertmanagers = [ {
+      static_configs = [ {
+        targets = [
+          "localhost:9093"
+        ];
+      } ];
+    } ];
    exporters = {
      postgres = {
        enable = true;
        runAsLocalSuperUser = true;
      };
    };
+    alertmanager = {
+      enable = true;
+      configuration = {
+        receivers = [{
+          name = "ntfy";
+          webhook_configs = [{
+            url = "http://localhost${config.services.ntfy-sh.settings.listen-http}/alert/trigger";
+          }];
+        }];
+        route = {
+          receiver = "ntfy";
+          # routes = [{
+          #   matchers = [
+          #     ''node_filesystem_device_error != 0''
+          #   ];
+          # }];
+        };
+      };
+    };
+    # alertmanager-ntfy = {
+    #   enable = true;
+    #   settings = {
+    #     ntfy = {
+    #       baseurl = "https://up.tristans.cloud";
+    #       notification = {
+    #         topic = "alertmanager";
+    #       };
+    #     };
+    #   };
+    # };
  };
  services.grafana.provision.datasources.settings.datasources = [{
    name = "Prometheus";
--- a/nixos/services/vaultwarden.nix
+++ b/nixos/services/vaultwarden.nix
@ -4,6 +4,7 @@
 in {
  services.vaultwarden = {
    enable = true;
+    backupDir = "/mnt/storage/backups/vaultwarden";
  };
  services.nginx.virtualHosts.${domain} = {
    forceSSL = true;