alpine: tweaks and fixes

hardware/alpine.nix

@@ -61,8 +61,8 @@ in {
     options = [
       "minfreespace=50G"
       "fsname=mergerfs"
-      "category.create=mfs"
+      "cache.readdir=true"
-      "dropcacheonclose=true"
+      "func.readdir=cosr"
     ];
   };
 
@@ -154,7 +154,7 @@ in {
     enable = true;
     protocol = "namecheap";
     usev4 = "webv4, webv4=ipify-ipv4";
-    usev6 = "";
+    usev6 = "webv6, webv6=ipify-ipv6";
     username = "tristans.cloud";
     passwordFile = config.sops.secrets."namecheap".path;
     domains = ["@" "*"];
@@ -170,4 +170,7 @@ in {
 
   systemd.services.NetworkManager-wait-online.enable = false;
 
+  # not enough memory
+  boot.tmp.useTmpfs = false;
+
 }

nixos/default.nix

@@ -25,7 +25,10 @@ in {
     configurationLimit = 50;
   };
   boot.loader.efi.canTouchEfiVariables = true;
-  boot.tmp.useTmpfs = true;
+  boot.tmp = {
+    useTmpfs = lib.mkDefault true;
+    cleanOnBoot = true;
+  };
 
   networking.networkmanager.enable = true;
   programs.nm-applet = {

nixos/services/mautrix/whatsapp.nix

@@ -1,6 +1,5 @@
 {config, ...}:
 {
-# TODO: totally borked for some reason. DB migration?
   nixpkgs.config.permittedInsecurePackages = [
     "olm-3.2.16"
   ];

nixos/services/ntfy.nix

@@ -12,6 +12,9 @@ in {
   services.nginx.virtualHosts.${domain} = {
     forceSSL = true;
     enableACME = true;
-    locations."~".proxyPass = "http://localhost:${toString port}";
+    locations."~" = {
+      proxyPass = "http://localhost:${toString port}";
+      proxyWebsockets = true;
+    };
   };
 }

nixos/services/prometheus.nix

@@ -2,7 +2,7 @@
   inherit (config.services) prometheus;
   nodes = [
     "alpine"
-    "fcs-tristan-nixbook"
+    "framework-13"
     "zenix"
   ];
   addPort = ip: "${ip}:${toString prometheus.exporters.node.port}";
@@ -27,12 +27,66 @@ in {
         ];
       }
     ];
+    rules = [
+      (builtins.toJSON {
+        groups = [{
+          name = "node";
+          rules = [
+            {
+              alert = "io error";
+              expr = ''node_filesystem_device_error{device_error!="permission denied"} > 0'';
+            }
+            {
+              alert = "disk full";
+              expr = ''node_filesystem_avail_bytes{fstype=~"ext4|btrfs"} < ${toString (50 * 1024 * 1024 * 1024)}'';
+            }
+          ];
+        }];
+      })
+    ];
+    alertmanagers = [ {
+      static_configs = [ {
+        targets = [
+          "localhost:9093"
+        ];
+      } ];
+    } ];
     exporters = {
       postgres = {
         enable = true;
         runAsLocalSuperUser = true;
       };
     };
+    alertmanager = {
+      enable = true;
+      configuration = {
+        receivers = [{
+          name = "ntfy";
+          webhook_configs = [{
+            url = "http://localhost${config.services.ntfy-sh.settings.listen-http}/alert/trigger";
+          }];
+        }];
+        route = {
+          receiver = "ntfy";
+          # routes = [{
+          #   matchers = [
+          #     ''node_filesystem_device_error != 0''
+          #   ];
+          # }];
+        };
+      };
+    };
+    # alertmanager-ntfy = {
+    #   enable = true;
+    #   settings = {
+    #     ntfy = {
+    #       baseurl = "https://up.tristans.cloud";
+    #       notification = {
+    #         topic = "alertmanager";
+    #       };
+    #     };
+    #   };
+    # };
   };
   services.grafana.provision.datasources.settings.datasources = [{
     name = "Prometheus";

nixos/services/vaultwarden.nix

@@ -4,6 +4,7 @@
 in {
   services.vaultwarden = {
     enable = true;
+    backupDir = "/mnt/storage/backups/vaultwarden";
   };
   services.nginx.virtualHosts.${domain} = {
     forceSSL = true;