alpine: tweaks and fixes

2025-05-23 18:32:59 +01:00 · 2025-05-23 18:32:59 +01:00 · ae83324d9b
commit ae83324d9b
parent 0e2eef3ee0
6 changed files with 70 additions and 7 deletions
--- a/hardware/alpine.nix
+++ b/hardware/alpine.nix
@ -61,8 +61,8 @@ in {
    options = [
      "minfreespace=50G"
      "fsname=mergerfs"
-      "category.create=mfs"
-      "dropcacheonclose=true"
+      "cache.readdir=true"
+      "func.readdir=cosr"
    ];
  };

@ -154,7 +154,7 @@ in {
    enable = true;
    protocol = "namecheap";
    usev4 = "webv4, webv4=ipify-ipv4";
-    usev6 = "";
+    usev6 = "webv6, webv6=ipify-ipv6";
    username = "tristans.cloud";
    passwordFile = config.sops.secrets."namecheap".path;
    domains = ["@" "*"];
@ -170,4 +170,7 @@ in {

  systemd.services.NetworkManager-wait-online.enable = false;

+  # not enough memory
+  boot.tmp.useTmpfs = false;
+
 }
--- a/nixos/default.nix
+++ b/nixos/default.nix
@ -25,7 +25,10 @@ in {
    configurationLimit = 50;
  };
  boot.loader.efi.canTouchEfiVariables = true;
-  boot.tmp.useTmpfs = true;
+  boot.tmp = {
+    useTmpfs = lib.mkDefault true;
+    cleanOnBoot = true;
+  };

  networking.networkmanager.enable = true;
  programs.nm-applet = {
--- a/nixos/services/mautrix/whatsapp.nix
+++ b/nixos/services/mautrix/whatsapp.nix
@ -1,6 +1,5 @@
 {config, ...}:
 {
-# TODO: totally borked for some reason. DB migration?
  nixpkgs.config.permittedInsecurePackages = [
    "olm-3.2.16"
  ];
--- a/nixos/services/ntfy.nix
+++ b/nixos/services/ntfy.nix
@ -12,6 +12,9 @@ in {
  services.nginx.virtualHosts.${domain} = {
    forceSSL = true;
    enableACME = true;
-    locations."~".proxyPass = "http://localhost:${toString port}";
+    locations."~" = {
+      proxyPass = "http://localhost:${toString port}";
+      proxyWebsockets = true;
+    };
  };
 }
--- a/nixos/services/prometheus.nix
+++ b/nixos/services/prometheus.nix
@ -2,7 +2,7 @@
  inherit (config.services) prometheus;
  nodes = [
    "alpine"
-    "fcs-tristan-nixbook"
+    "framework-13"
    "zenix"
  ];
  addPort = ip: "${ip}:${toString prometheus.exporters.node.port}";
@ -27,12 +27,66 @@ in {
        ];
      }
    ];
+    rules = [
+      (builtins.toJSON {
+        groups = [{
+          name = "node";
+          rules = [
+            {
+              alert = "io error";
+              expr = ''node_filesystem_device_error{device_error!="permission denied"} > 0'';
+            }
+            {
+              alert = "disk full";
+              expr = ''node_filesystem_avail_bytes{fstype=~"ext4|btrfs"} < ${toString (50 * 1024 * 1024 * 1024)}'';
+            }
+          ];
+        }];
+      })
+    ];
+    alertmanagers = [ {
+      static_configs = [ {
+        targets = [
+          "localhost:9093"
+        ];
+      } ];
+    } ];
    exporters = {
      postgres = {
        enable = true;
        runAsLocalSuperUser = true;
      };
    };
+    alertmanager = {
+      enable = true;
+      configuration = {
+        receivers = [{
+          name = "ntfy";
+          webhook_configs = [{
+            url = "http://localhost${config.services.ntfy-sh.settings.listen-http}/alert/trigger";
+          }];
+        }];
+        route = {
+          receiver = "ntfy";
+          # routes = [{
+          #   matchers = [
+          #     ''node_filesystem_device_error != 0''
+          #   ];
+          # }];
+        };
+      };
+    };
+    # alertmanager-ntfy = {
+    #   enable = true;
+    #   settings = {
+    #     ntfy = {
+    #       baseurl = "https://up.tristans.cloud";
+    #       notification = {
+    #         topic = "alertmanager";
+    #       };
+    #     };
+    #   };
+    # };
  };
  services.grafana.provision.datasources.settings.datasources = [{
    name = "Prometheus";
--- a/nixos/services/vaultwarden.nix
+++ b/nixos/services/vaultwarden.nix
@ -4,6 +4,7 @@
 in {
  services.vaultwarden = {
    enable = true;
+    backupDir = "/mnt/storage/backups/vaultwarden";
  };
  services.nginx.virtualHosts.${domain} = {
    forceSSL = true;