ptr.pet / ark
nix machine / user configurations
fork atom

migrate to trimounts

ptr.pet 8ee102ba 63697dca

verified
options
unified split
Changed files
+2139 -184
dns
dnsconfig.js
flake.lock
hosts
chernobog
default.nix
modules
vr.nix
default.nix
dzwonek
modules
nginx.nix
trimounts
modules
arpa.nix
atproto.nix
clickee-proxy.nix
email.nix
fluentbit.nix
hedgedoc.nix
limbusart.nix
mosh.nix
nginx.nix
nsid-tracker.nix
pds.nix
perses.nix
dashboards
.gitignore
go.mod
go.sum
wolumonde.go
default.nix
provision
1-private-infra.yaml
2-admin-role.yaml
3-admin-bind-role.yaml
4-victoria.yaml
6-guest-role.yaml
7-guest-role-bind.yaml
90-wolumonde.yaml
pocket-id.nix
tangled.nix
default.nix
knot.nix
motd
spindle.nix
victoria.nix
website.nix
wolumonde
modules
arpa.disabled
atproto.disabled
clickee-proxy.disabled
email.disabled
fluentbit.disabled
forgejo.disabled
default.nix
public
assets
css
theme-edge-dark.css
fonts
comic.woff2
comicbd.woff2
comici.woff2
img
favicon.png
grrr.webp
logo.png
wecode.gif
templates
base
head.tmpl
head_navbar.tmpl
home.tmpl
hedgedoc.disabled
limbusart.disabled
nginx.nix
nsid-tracker.disabled
pds.disabled
perses.disabled
dashboards
.gitignore
go.mod
go.sum
wolumonde.go
default.nix
provision
1-private-infra.yaml
2-admin-role.yaml
3-admin-bind-role.yaml
4-victoria.yaml
6-guest-role.yaml
7-guest-role-bind.yaml
90-wolumonde.yaml
pocket-id.disabled
secrets.nix
tangled.disabled
default.nix
knot.nix
motd
spindle.nix
unbound.disabled
victoria.disabled
website.nix
secrets
clickeeProxyConfig.age
cloudflareDnsEdit.age
develMobiTailscaleAuthKey.age
headscaleOidcSecret.age
nixGithubAccessToken.age
pdsConfig.age
persesSecret.age
secrets.nix
trimounts.key.pub
websiteConfig.age
users
modules
discord
default.nix
+22 -27
dns/dnsconfig.js 
···

       
3

       
3

       
 

       



     

       
4

       
4

       
 

       
var WOLUMONDE_IP = "23.88.101.188";


     

       
5

       
5

       
 

       
var DZWONEK_IP = "94.237.26.47";


     

       

       
6

       
+

       
var TRIMOUNTS_IP = "159.195.58.28";


     

       
6

       
7

       
 

       



     

       
7

       
8

       
 

       
D(


     

       
8

       
9

       
 

       
    "gaze.systems",


     

       
9

       
10

       
 

       
    REG_NONE,


     

       
10

       
11

       
 

       
    DnsProvider(DSP_CLOUDFLARE),


     

       
11

       
12

       
 

       
    DefaultTTL(1),


     

       
12

       

       
-

       
    A("@", WOLUMONDE_IP, CF_PROXY_OFF),


     

       
13

       

       
-

       
    A("doc", WOLUMONDE_IP, CF_PROXY_OFF),


     

       
14

       

       
-

       
    A("git", WOLUMONDE_IP, CF_PROXY_OFF),


     

       
15

       

       
-

       
    A("limbus", WOLUMONDE_IP, CF_PROXY_OFF),


     

       
16

       

       
-

       
    A("pmart", WOLUMONDE_IP, CF_PROXY_OFF),


     

       

       
13

       
+

       
    A("@", TRIMOUNTS_IP, CF_PROXY_OFF, TTL(60)),


     

       

       
14

       
+

       
    A("doc", TRIMOUNTS_IP, CF_PROXY_OFF),


     

       

       
15

       
+

       
    A("pmart", TRIMOUNTS_IP, CF_PROXY_OFF),


     

       
17

       
16

       
 

       
    // A("webhook", WOLUMONDE_IP, CF_PROXY_OFF),


     

       
18

       

       
-

       
    A("dash", WOLUMONDE_IP, CF_PROXY_OFF), // perses


     

       
19

       

       
-

       
    A("knot", WOLUMONDE_IP, CF_PROXY_OFF),


     

       
20

       

       
-

       
    A("spindle", WOLUMONDE_IP, CF_PROXY_OFF),


     

       
21

       

       
-

       
    A("skeetdeck", WOLUMONDE_IP, CF_PROXY_OFF),


     

       
22

       

       
-

       
    A("likes", WOLUMONDE_IP, CF_PROXY_OFF),


     

       
23

       

       
-

       
    A("id", WOLUMONDE_IP, CF_PROXY_OFF),


     

       
24

       

       
-

       
    A("test", WOLUMONDE_IP, CF_PROXY_OFF),


     

       
25

       

       
-

       
    // atp handles


     

       
26

       

       
-

       
    A("dawn", WOLUMONDE_IP, CF_PROXY_OFF),


     

       
27

       

       
-

       
    A("guestbook", WOLUMONDE_IP, CF_PROXY_OFF),


     

       
28

       

       
-

       
    A("drew", WOLUMONDE_IP, CF_PROXY_OFF),


     

       
29

       

       
-

       
    A("eris", WOLUMONDE_IP, CF_PROXY_OFF),


     

       

       
17

       
+

       
    A("dash", TRIMOUNTS_IP, CF_PROXY_OFF), // perses


     

       

       
18

       
+

       
    A("knot", TRIMOUNTS_IP, CF_PROXY_OFF, TTL(60)),


     

       

       
19

       
+

       
    A("spindle", TRIMOUNTS_IP, CF_PROXY_OFF, TTL(60)),


     

       

       
20

       
+

       
    A("id", TRIMOUNTS_IP, CF_PROXY_OFF),


     

       

       
21

       
+

       
    // atp


     

       

       
22

       
+

       
    A("guestbook", TRIMOUNTS_IP, CF_PROXY_OFF),


     

       
30

       
23

       
 

       
    // dzwonek


     

       
31

       
24

       
 

       
    A("vpn", DZWONEK_IP, CF_PROXY_OFF),


     

       
32

       
25

       
 

       
    // A("meow", WOLUMONDE_IP, CF_PROXY_OFF),


     
···

       
54

       
47

       
 

       
    TXT("send.poke", "v=spf1 include:amazonses.com ~all"),


     

       
55

       
48

       
 

       
    // atproto


     

       
56

       
49

       
 

       
    TXT("_atproto.eris", "did=did:plc:bxjnsrfzozl365rsdo5yvuz5", TTL(60)),


     

       
57

       

       
-

       
    // TXT("_atproto", "did=did:plc:dfl62fgb7wtjj3fcbb72naae", TTL(60)),


     

       
58

       

       
-

       
    // TXT("_atproto.dusk", "did=did:plc:dfl62fgb7wtjj3fcbb72naae", TTL(60)),


     

       

       
50

       
+

       
    TXT("_atproto.drew", "did=did:plc:vo6ie3kd6xvpjlof4pnb2zzp", TTL(60)),


     

       
59

       
51

       
 

       
);


     

       
60

       
52

       
 

       



     

       
61

       
53

       
 

       
D(


     
···

       
63

       
55

       
 

       
    REG_NONE,


     

       
64

       
56

       
 

       
    DnsProvider(DSP_CLOUDFLARE),


     

       
65

       
57

       
 

       
    DefaultTTL(1),


     

       
66

       

       
-

       
    A("@", WOLUMONDE_IP, CF_PROXY_ON),


     

       

       
58

       
+

       
    A("@", TRIMOUNTS_IP, CF_PROXY_ON),


     

       
67

       
59

       
 

       
    TXT("@", "a data endpoint for entity with serial id /90008/."),


     

       
68

       
60

       
 

       
    TXT(


     

       
69

       
61

       
 

       
        "@",


     
···

       
79

       
71

       
 

       
    ),


     

       
80

       
72

       
 

       
    // atproto


     

       
81

       
73

       
 

       
    // TXT("_atproto", "did=did:plc:dfl62fgb7wtjj3fcbb72naae"),


     

       

       
74

       
+

       
    IGNORE_NAME("_acme-challenge"),


     

       
82

       
75

       
 

       
);


     

       
83

       
76

       
 

       



     

       
84

       
77

       
 

       
D(


     
···

       
86

       
79

       
 

       
    REG_NONE,


     

       
87

       
80

       
 

       
    DnsProvider(DSP_CLOUDFLARE),


     

       
88

       
81

       
 

       
    DefaultTTL(1),


     

       
89

       

       
-

       
    A("@", WOLUMONDE_IP, CF_PROXY_OFF),


     

       

       
82

       
+

       
    A("@", TRIMOUNTS_IP, CF_PROXY_OFF),


     

       
90

       
83

       
 

       
    TXT("@", "v=spf1 -all"),


     

       
91

       
84

       
 

       
    TXT("_dmarc", "v=DMARC1; p=reject;"),


     

       

       
85

       
+

       
    TXT("_atproto", "did=did:plc:dfl62fgb7wtjj3fcbb72naae", TTL(60)),


     

       

       
86

       
+

       
    IGNORE_NAME("_acme-challenge"),


     

       
92

       
87

       
 

       
);


     

       
93

       
88

       
 

       



     

       
94

       
89

       
 

       
var EMAIL_TTL = 86400;


     
···

       
98

       
93

       
 

       
    REG_NONE,


     

       
99

       
94

       
 

       
    DnsProvider(DSP_CLOUDFLARE),


     

       
100

       
95

       
 

       
    DefaultTTL(1),


     

       
101

       

       
-

       
    A("@", WOLUMONDE_IP, CF_PROXY_OFF),


     

       
102

       

       
-

       
    A("test", WOLUMONDE_IP, CF_PROXY_OFF),


     

       

       
96

       
+

       
    A("@", TRIMOUNTS_IP, CF_PROXY_OFF),


     

       
103

       
97

       
 

       
    A("nucleus", DZWONEK_IP, CF_PROXY_OFF),


     

       
104

       
98

       
 

       
    A("trill", DZWONEK_IP, CF_PROXY_OFF),


     

       
105

       
99

       
 

       
    // atproto


     

       
106

       
100

       
 

       
    TXT("_atproto", "did=did:plc:dfl62fgb7wtjj3fcbb72naae"),


     

       
107

       

       
-

       
    A("nil", WOLUMONDE_IP, CF_PROXY_OFF),


     

       
108

       
101

       
 

       
    TXT("_atproto.nil", "did=did:plc:dumbmutt4po52ept2tczimje"),


     

       
109

       
102

       
 

       
    TXT("_atproto.june", "did=did:plc:y3z2rr7q5rywu4fjn3fmfyop"),


     

       
110

       
103

       
 

       
    // june


     
···

       
159

       
152

       
 

       
    ),


     

       
160

       
153

       
 

       



     

       
161

       
154

       
 

       
    // mta-sts


     

       
162

       

       
-

       
    A("mta-sts", WOLUMONDE_IP, CF_PROXY_OFF),


     

       

       
155

       
+

       
    A("mta-sts", TRIMOUNTS_IP, CF_PROXY_OFF),


     

       
163

       
156

       
 

       
    TXT("_mta-sts", "v=STSv1; id=20250930T1945", TTL(EMAIL_TTL)),


     

       
164

       
157

       
 

       



     

       
165

       
158

       
 

       
    // autoconfig


     

       
166

       

       
-

       
    A("autoconfig", WOLUMONDE_IP, CF_PROXY_OFF),


     

       
167

       

       
-

       
    A("autodiscover", WOLUMONDE_IP, CF_PROXY_OFF),


     

       

       
159

       
+

       
    A("autoconfig", TRIMOUNTS_IP, CF_PROXY_OFF),


     

       

       
160

       
+

       
    A("autodiscover", TRIMOUNTS_IP, CF_PROXY_OFF),


     

       
168

       
161

       
 

       



     

       
169

       
162

       
 

       
    // autodiscovery


     

       
170

       
163

       
 

       
    SRV(


     
···

       
178

       
171

       
 

       
    SRV("_submissions._tcp", 0, 1, 465, "smtp.migadu.com.", TTL(EMAIL_TTL)),


     

       
179

       
172

       
 

       
    SRV("_imaps._tcp", 0, 1, 993, "imap.migadu.com.", TTL(EMAIL_TTL)),


     

       
180

       
173

       
 

       
    SRV("_pop3s._tcp", 0, 1, 995, "pop.migadu.com.", TTL(EMAIL_TTL)),


     

       

       
174

       
+

       



     

       

       
175

       
+

       
    IGNORE_NAME("_acme-challenge"),


     

       
181

       
176

       
 

       
);
+18 -18
flake.lock 
···

       
9

       
9

       
 

       
        "rust-overlay": "rust-overlay"


     

       
10

       
10

       
 

       
      },


     

       
11

       
11

       
 

       
      "locked": {


     

       
12

       

       
-

       
        "lastModified": 1764153295,


     

       
13

       

       
-

       
        "narHash": "sha256-Y+Cp19zLo5JZVLSbzpyCTSK1bVYfE3Leuut6nQVkdR4=",


     

       

       
12

       
+

       
        "lastModified": 1764351487,


     

       

       
13

       
+

       
        "narHash": "sha256-7XJcTfz0dPhBd7nfyjcFxT1LIIctJZ2LthiI2Ltd7zY=",


     

       
14

       
14

       
 

       
        "owner": "chaotic-cx",


     

       
15

       
15

       
 

       
        "repo": "nyx",


     

       
16

       

       
-

       
        "rev": "29c49282c9b2e8216004a87086494defe401fee8",


     

       

       
16

       
+

       
        "rev": "2031f4a0507d0f7ab3e1aaff4c027a010feee447",


     

       
17

       
17

       
 

       
        "type": "github"


     

       
18

       
18

       
 

       
      },


     

       
19

       
19

       
 

       
      "original": {


     
···

       
45

       
45

       
 

       
        ]


     

       
46

       
46

       
 

       
      },


     

       
47

       
47

       
 

       
      "locked": {


     

       
48

       

       
-

       
        "lastModified": 1764075860,


     

       
49

       

       
-

       
        "narHash": "sha256-KYEIHCBBw+/lwKsJNRNoUxBB4ZY2LK0G0T8f+0i65q0=",


     

       

       
48

       
+

       
        "lastModified": 1764194569,


     

       

       
49

       
+

       
        "narHash": "sha256-iUM9ktarEzThkayyZrzQ7oycPshAY2XRQqVKz0xX/L0=",


     

       
50

       
50

       
 

       
        "owner": "nix-community",


     

       
51

       
51

       
 

       
        "repo": "home-manager",


     

       
52

       

       
-

       
        "rev": "295d90e22d557ccc3049dc92460b82f372cd3892",


     

       

       
52

       
+

       
        "rev": "9651819d75f6c7ffaf8a9227490ac704f29659f0",


     

       
53

       
53

       
 

       
        "type": "github"


     

       
54

       
54

       
 

       
      },


     

       
55

       
55

       
 

       
      "original": {


     
···

       
67

       
67

       
 

       
        ]


     

       
68

       
68

       
 

       
      },


     

       
69

       
69

       
 

       
      "locked": {


     

       
70

       

       
-

       
        "lastModified": 1763714684,


     

       
71

       

       
-

       
        "narHash": "sha256-ZNJPAaeSYQTDgvwwE8XHhCz4HiHqYoUyoXdoBE2nxug=",


     

       

       
70

       
+

       
        "lastModified": 1764275117,


     

       

       
71

       
+

       
        "narHash": "sha256-DRcv8Y0BnWm4ZhUQnaYk1dNzC6ZhA2W9Vv5Jl4n0RbE=",


     

       
72

       
72

       
 

       
        "owner": "Jovian-Experiments",


     

       
73

       
73

       
 

       
        "repo": "Jovian-NixOS",


     

       
74

       

       
-

       
        "rev": "6178d787ee61b8586fdb0ccb8644fbfd5317d0f3",


     

       

       
74

       
+

       
        "rev": "96023dcc9a0febaaa3b91f447b9ae2fbe86f2923",


     

       
75

       
75

       
 

       
        "type": "github"


     

       
76

       
76

       
 

       
      },


     

       
77

       
77

       
 

       
      "original": {


     
···

       
105

       
105

       
 

       
    },


     

       
106

       
106

       
 

       
    "nixpkgs": {


     

       
107

       
107

       
 

       
      "locked": {


     

       
108

       

       
-

       
        "lastModified": 1763966396,


     

       
109

       

       
-

       
        "narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=",


     

       

       
108

       
+

       
        "lastModified": 1764242076,


     

       

       
109

       
+

       
        "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=",


     

       
110

       
110

       
 

       
        "owner": "NixOS",


     

       
111

       
111

       
 

       
        "repo": "nixpkgs",


     

       
112

       

       
-

       
        "rev": "5ae3b07d8d6527c42f17c876e404993199144b6a",


     

       

       
112

       
+

       
        "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4",


     

       
113

       
113

       
 

       
        "type": "github"


     

       
114

       
114

       
 

       
      },


     

       
115

       
115

       
 

       
      "original": {


     
···

       
121

       
121

       
 

       
    },


     

       
122

       
122

       
 

       
    "nixpkgs_2": {


     

       
123

       
123

       
 

       
      "locked": {


     

       
124

       

       
-

       
        "lastModified": 1763966396,


     

       
125

       

       
-

       
        "narHash": "sha256-6eeL1YPcY1MV3DDStIDIdy/zZCDKgHdkCmsrLJFiZf0=",


     

       

       
124

       
+

       
        "lastModified": 1764242076,


     

       

       
125

       
+

       
        "narHash": "sha256-sKoIWfnijJ0+9e4wRvIgm/HgE27bzwQxcEmo2J/gNpI=",


     

       
126

       
126

       
 

       
        "owner": "NixOS",


     

       
127

       
127

       
 

       
        "repo": "nixpkgs",


     

       
128

       

       
-

       
        "rev": "5ae3b07d8d6527c42f17c876e404993199144b6a",


     

       

       
128

       
+

       
        "rev": "2fad6eac6077f03fe109c4d4eb171cf96791faa4",


     

       
129

       
129

       
 

       
        "type": "github"


     

       
130

       
130

       
 

       
      },


     

       
131

       
131

       
 

       
      "original": {


     
···

       
149

       
149

       
 

       
        ]


     

       
150

       
150

       
 

       
      },


     

       
151

       
151

       
 

       
      "locked": {


     

       
152

       

       
-

       
        "lastModified": 1764038373,


     

       
153

       

       
-

       
        "narHash": "sha256-M6w2wNBRelcavoDAyFL2iO4NeWknD40ASkH1S3C0YGM=",


     

       

       
152

       
+

       
        "lastModified": 1764211126,


     

       

       
153

       
+

       
        "narHash": "sha256-p5y13PnMZYd5WdHk+XCzyUaLGBUCwnz2n4KYKEZM0Pw=",


     

       
154

       
154

       
 

       
        "owner": "oxalica",


     

       
155

       
155

       
 

       
        "repo": "rust-overlay",


     

       
156

       

       
-

       
        "rev": "ab3536fe850211a96673c6ffb2cb88aab8071cc9",


     

       

       
156

       
+

       
        "rev": "895935bff08cfcfb663fb9c8263c43596e7cd1ed",


     

       
157

       
157

       
 

       
        "type": "github"


     

       
158

       
158

       
 

       
      },


     

       
159

       
159

       
 

       
      "original": {
+1 -3
hosts/chernobog/default.nix 
···

       
49

       
49

       
 

       
      noto-fonts


     

       
50

       
50

       
 

       
      noto-fonts-cjk-serif


     

       
51

       
51

       
 

       
      noto-fonts-cjk-sans


     

       
52

       

       
-

       
      noto-fonts-emoji


     

       

       
52

       
+

       
      noto-fonts-color-emoji


     

       
53

       
53

       
 

       
      font-awesome


     

       
54

       
54

       
 

       
      source-han-serif


     

       
55

       
55

       
 

       
      source-han-sans


     

       
56

       

       
-

       
      source-han-sans-japanese


     

       
57

       

       
-

       
      source-han-serif-japanese


     

       
58

       
56

       
 

       
      comic-mono


     

       
59

       
57

       
 

       
      comic-relief


     

       
60

       
58

       
 

       
    ];
+22 -2
hosts/chernobog/modules/vr.nix 
···

       
25

       
25

       
 

       
    };


     

       
26

       
26

       
 

       
  };


     

       
27

       
27

       
 

       



     

       
28

       

       
-

       
  # programs.envision.enable = true;


     

       

       
28

       
+

       
  environment.systemPackages = with pkgs; [ wlx-overlay-s eepyxr wayvr-dashboard xrizer ];


     

       
29

       
29

       
 

       



     

       
30

       

       
-

       
  environment.systemPackages = with pkgs; [ wlx-overlay-s eepyxr wayvr-dashboard ];


     

       

       
30

       
+

       
  home-manager.sharedModules = [{


     

       

       
31

       
+

       
    xdg.configFile."openvr/openvrpaths.vrpath".text = ''


     

       

       
32

       
+

       
      {


     

       

       
33

       
+

       
        "config" :


     

       

       
34

       
+

       
        [


     

       

       
35

       
+

       
          "/home/mayer/.local/share/Steam/config"


     

       

       
36

       
+

       
        ],


     

       

       
37

       
+

       
        "external_drivers" : null,


     

       

       
38

       
+

       
        "jsonid" : "vrpathreg",


     

       

       
39

       
+

       
        "log" :


     

       

       
40

       
+

       
        [


     

       

       
41

       
+

       
          "/home/mayer/.local/share/Steam/logs"


     

       

       
42

       
+

       
        ],


     

       

       
43

       
+

       
        "runtime" :


     

       

       
44

       
+

       
        [


     

       

       
45

       
+

       
          ${pkgs.xrizer}/lib/xrizer"


     

       

       
46

       
+

       
        ],


     

       

       
47

       
+

       
        "version" : 1


     

       

       
48

       
+

       
      }


     

       

       
49

       
+

       
    '';


     

       

       
50

       
+

       
  }];


     

       
31

       
51

       
 

       
}
+1 -1
hosts/default.nix 
···

       
29

       
29

       
 

       
  systems = {


     

       
30

       
30

       
 

       
    # lungmen = "x86_64-linux";


     

       
31

       
31

       
 

       
    # tkaronto = "x86_64-linux";


     

       
32

       

       
-

       
    wolumonde = allPkgsSets.x86_64-linux;


     

       

       
32

       
+

       
    # wolumonde = allPkgsSets.x86_64-linux;


     

       
33

       
33

       
 

       
    # wsl = allPkgsSets.x86_64-linux;


     

       
34

       
34

       
 

       
    dzwonek = allPkgsSets.x86_64-linux;


     

       
35

       
35

       
 

       
    volsinii = allPkgsSets.x86_64-linux;
-3
hosts/dzwonek/modules/nginx.nix 
···

       
1

       
1

       
 

       
{


     

       
2

       

       
-

       
  lib,


     

       
3

       
2

       
 

       
  inputs,


     

       
4

       

       
-

       
  pkgs,


     

       
5

       
3

       
 

       
  ...


     

       
6

       
4

       
 

       
}:


     

       
7

       
5

       
 

       
{


     

       
8

       
6

       
 

       
  services.nginx = {


     

       
9

       
7

       
 

       
    enable = true;


     

       
10

       

       
-

       
    package = pkgs.nginxQuic;


     

       
11

       
8

       
 

       
    recommendedTlsSettings = true;


     

       
12

       
9

       
 

       
    recommendedOptimisation = true;


     

       
13

       
10

       
 

       
    recommendedGzipSettings = true;
+38
hosts/trimounts/modules/atproto.nix 
···

       

       
1

       
+

       
{ pkgs, lib, ... }:


     

       

       
2

       
+

       
let


     

       

       
3

       
+

       
  getFileType = name: if lib.hasSuffix ".json" name then "application/json" else "text/plain";


     

       

       
4

       
+

       
  mkWellKnownCfg = files: {


     

       

       
5

       
+

       
    quic = true;


     

       

       
6

       
+

       
    kTLS = true;


     

       

       
7

       
+

       
    locations = (


     

       

       
8

       
+

       
      lib.mapAttrs' (name: file: {


     

       

       
9

       
+

       
        name = "=/.well-known/${name}";


     

       

       
10

       
+

       
        value = {


     

       

       
11

       
+

       
          extraConfig = ''


     

       

       
12

       
+

       
            alias ${file};


     

       

       
13

       
+

       
            add_header access-control-allow-origin *;


     

       

       
14

       
+

       
            default_type ${getFileType name};


     

       

       
15

       
+

       
          '';


     

       

       
16

       
+

       
        };


     

       

       
17

       
+

       
      }) files


     

       

       
18

       
+

       
    );


     

       

       
19

       
+

       
  };


     

       

       
20

       
+

       
  mkDidWebCfg = domain: {


     

       

       
21

       
+

       
    "${domain}" =


     

       

       
22

       
+

       
      (mkWellKnownCfg {


     

       

       
23

       
+

       
        "did.json" = ../../../secrets/${domain}.did;


     

       

       
24

       
+

       
        "atproto-did" = pkgs.writeText "server" "did:web:${domain}";


     

       

       
25

       
+

       
      })


     

       

       
26

       
+

       
      // (lib.optionalAttrs (lib.hasSuffix "gaze.systems" domain) {


     

       

       
27

       
+

       
        useACMEHost = "gaze.systems";


     

       

       
28

       
+

       
        forceSSL = true;


     

       

       
29

       
+

       
        quic = true;


     

       

       
30

       
+

       
        kTLS = true;


     

       

       
31

       
+

       
      });


     

       

       
32

       
+

       
  };


     

       

       
33

       
+

       
  guestbookDid = "guestbook.gaze.systems";


     

       

       
34

       
+

       
in


     

       

       
35

       
+

       
{


     

       

       
36

       
+

       
  security.acme.certs."gaze.systems".extraDomainNames = [guestbookDid];


     

       

       
37

       
+

       
  services.nginx.virtualHosts = mkDidWebCfg guestbookDid;


     

       

       
38

       
+

       
}
+58
hosts/trimounts/modules/email.nix 
···

       

       
1

       
+

       
{ pkgs, ... }:


     

       

       
2

       
+

       
{


     

       

       
3

       
+

       
  security.acme.certs."ptr.pet".extraDomainNames = [


     

       

       
4

       
+

       
    "mta-sts.ptr.pet"


     

       

       
5

       
+

       
    "autoconfig.ptr.pet"


     

       

       
6

       
+

       
    "autodiscover.ptr.pet"


     

       

       
7

       
+

       
  ];


     

       

       
8

       
+

       
  services.nginx.virtualHosts."ptr.pet" = {


     

       

       
9

       
+

       
    useACMEHost = "ptr.pet";


     

       

       
10

       
+

       
    quic = true;


     

       

       
11

       
+

       
    kTLS = true;


     

       

       
12

       
+

       
    forceSSL = true;


     

       

       
13

       
+

       
    locations."/mail/config-v1.1.xml" = {


     

       

       
14

       
+

       
      return = "301 https://autoconfig.migadu.com/mail/config-v1.1.xml";


     

       

       
15

       
+

       
    };


     

       

       
16

       
+

       
    locations."/Autodiscover/Autodiscover.xml" = {


     

       

       
17

       
+

       
      return = "301 https://autodiscover.migadu.com/Autodiscover/Autodiscover.xml";


     

       

       
18

       
+

       
    };


     

       

       
19

       
+

       
  };


     

       

       
20

       
+

       
  services.nginx.virtualHosts."mta-sts.ptr.pet" =


     

       

       
21

       
+

       
    let


     

       

       
22

       
+

       
      file = pkgs.writeText "mta-sts.txt" ''


     

       

       
23

       
+

       
        version: STSv1


     

       

       
24

       
+

       
        mode: enforce


     

       

       
25

       
+

       
        mx: aspmx1.migadu.com


     

       

       
26

       
+

       
        mx: aspmx2.migadu.com


     

       

       
27

       
+

       
        max_age: 31557600


     

       

       
28

       
+

       
      '';


     

       

       
29

       
+

       
    in


     

       

       
30

       
+

       
    {


     

       

       
31

       
+

       
      useACMEHost = "ptr.pet";


     

       

       
32

       
+

       
      quic = true;


     

       

       
33

       
+

       
      kTLS = true;


     

       

       
34

       
+

       
      forceSSL = true;


     

       

       
35

       
+

       
      locations."=/.well-known/mta-sts.txt".extraConfig = ''


     

       

       
36

       
+

       
        alias ${file};


     

       

       
37

       
+

       
        default_type text/plain;


     

       

       
38

       
+

       
      '';


     

       

       
39

       
+

       
    };


     

       

       
40

       
+

       
  services.nginx.virtualHosts."autoconfig.ptr.pet" = {


     

       

       
41

       
+

       
    useACMEHost = "ptr.pet";


     

       

       
42

       
+

       
    quic = true;


     

       

       
43

       
+

       
    kTLS = true;


     

       

       
44

       
+

       
    forceSSL = true;


     

       

       
45

       
+

       
    locations."/" = {


     

       

       
46

       
+

       
      return = "301 https://autoconfig.migadu.com$request_uri";


     

       

       
47

       
+

       
    };


     

       

       
48

       
+

       
  };


     

       

       
49

       
+

       
  services.nginx.virtualHosts."autodiscover.ptr.pet" = {


     

       

       
50

       
+

       
    useACMEHost = "ptr.pet";


     

       

       
51

       
+

       
    quic = true;


     

       

       
52

       
+

       
    kTLS = true;


     

       

       
53

       
+

       
    forceSSL = true;


     

       

       
54

       
+

       
    locations."/" = {


     

       

       
55

       
+

       
      return = "301 https://autodiscover.migadu.com$request_uri";


     

       

       
56

       
+

       
    };


     

       

       
57

       
+

       
  };


     

       

       
58

       
+

       
}
+47
hosts/trimounts/modules/limbusart.nix 
···

       

       
1

       
+

       
{


     

       

       
2

       
+

       
  inputs,


     

       

       
3

       
+

       
  pkgs,


     

       

       
4

       
+

       
  lib,


     

       

       
5

       
+

       
  ...


     

       

       
6

       
+

       
}:


     

       

       
7

       
+

       
let


     

       

       
8

       
+

       
  pkg = pkgs.callPackage "${inputs.limbusart}/package.nix" { };


     

       

       
9

       
+

       
  domain = "pmart.gaze.systems";


     

       

       
10

       
+

       
in


     

       

       
11

       
+

       
{


     

       

       
12

       
+

       
  systemd.services.limbusart = {


     

       

       
13

       
+

       
    description = "limbusart";


     

       

       
14

       
+

       
    wantedBy = [ "multi-user.target" ];


     

       

       
15

       
+

       
    after = [ "network.target" ];


     

       

       
16

       
+

       
    serviceConfig = lib.mkMerge [


     

       

       
17

       
+

       
      {


     

       

       
18

       
+

       
        User = "limbusart";


     

       

       
19

       
+

       
        ExecStart = "${pkg}/bin/limbusart";


     

       

       
20

       
+

       
        Restart = "on-failure";


     

       

       
21

       
+

       
        RestartSec = 5;


     

       

       
22

       
+

       
        WorkingDirectory = "/var/lib/limbusart";


     

       

       
23

       
+

       
        EnvironmentFile = pkgs.writeText "limbusart.conf" ''


     

       

       
24

       
+

       
          ARTS_PATH="arts.txt"


     

       

       
25

       
+

       
          SITE_TITLE="random pm art"


     

       

       
26

       
+

       
          EMBED_TITLE="random pm art here!!"


     

       

       
27

       
+

       
          EMBED_DESC="click NOW to see random pm art"


     

       

       
28

       
+

       
          EMBED_COLOR="#bd0000"


     

       

       
29

       
+

       
        '';


     

       

       
30

       
+

       
      }


     

       

       
31

       
+

       
    ];


     

       

       
32

       
+

       
  };


     

       

       
33

       
+

       
  users.users.limbusart = {


     

       

       
34

       
+

       
    isSystemUser = true;


     

       

       
35

       
+

       
    group = "limbusart";


     

       

       
36

       
+

       
  };


     

       

       
37

       
+

       
  users.groups.limbusart = { };


     

       

       
38

       
+

       



     

       

       
39

       
+

       
  security.acme.certs."gaze.systems".extraDomainNames = [domain];


     

       

       
40

       
+

       
  services.nginx.virtualHosts.${domain} = {


     

       

       
41

       
+

       
    useACMEHost = "gaze.systems";


     

       

       
42

       
+

       
    forceSSL = true;


     

       

       
43

       
+

       
    quic = true;


     

       

       
44

       
+

       
    kTLS = true;


     

       

       
45

       
+

       
    locations."/".proxyPass = "http://localhost:3000";


     

       

       
46

       
+

       
  };


     

       

       
47

       
+

       
}
+3
hosts/trimounts/modules/mosh.nix 
···

       

       
1

       
+

       
{


     

       

       
2

       
+

       
  programs.mosh.enable = true;


     

       

       
3

       
+

       
}
+134
hosts/trimounts/modules/nginx.nix 
···

       

       
1

       
+

       
{


     

       

       
2

       
+

       
  config,


     

       

       
3

       
+

       
  lib,


     

       

       
4

       
+

       
  inputs,


     

       

       
5

       
+

       
  ...


     

       

       
6

       
+

       
}:


     

       

       
7

       
+

       
{


     

       

       
8

       
+

       
  services.nginx = {


     

       

       
9

       
+

       
    enable = true;


     

       

       
10

       
+

       
    recommendedTlsSettings = true;


     

       

       
11

       
+

       
    recommendedOptimisation = true;


     

       

       
12

       
+

       
    recommendedGzipSettings = true;


     

       

       
13

       
+

       
    recommendedProxySettings = true;


     

       

       
14

       
+

       
    # /nginx_status


     

       

       
15

       
+

       
    statusPage = true;


     

       

       
16

       
+

       
  };


     

       

       
17

       
+

       



     

       

       
18

       
+

       
  networking.firewall.allowedTCPPorts = [ 80 443 ];


     

       

       
19

       
+

       



     

       

       
20

       
+

       
  # output json logs so we can consume them more easily


     

       

       
21

       
+

       
  services.nginx.appendHttpConfig = ''


     

       

       
22

       
+

       
    log_format json_logs escape=json '{'


     

       

       
23

       
+

       
      '"_msg":"request completed",'


     

       

       
24

       
+

       
      '"time":"$time_local",'


     

       

       
25

       
+

       
      '"req.remoteAddr":"$remote_addr",'


     

       

       
26

       
+

       
      '"req.method":"$request_method",'


     

       

       
27

       
+

       
      '"req.url":"$uri",'


     

       

       
28

       
+

       
      '"req.httpVersion":"$server_protocol",'


     

       

       
29

       
+

       
      '"res.statusCode":$status,'


     

       

       
30

       
+

       
      '"res.bodySize":$body_bytes_sent,'


     

       

       
31

       
+

       
      '"req.headers.id":"$request_id",'


     

       

       
32

       
+

       
      '"req.headers.referer":"$http_referer",'


     

       

       
33

       
+

       
      '"req.headers.user-agent":"$http_user_agent",'


     

       

       
34

       
+

       
      '"requestTime":$request_time'


     

       

       
35

       
+

       
    '}';


     

       

       
36

       
+

       
    access_log /var/log/nginx/access.log json_logs;


     

       

       
37

       
+

       
  '';


     

       

       
38

       
+

       



     

       

       
39

       
+

       
  users.users.nginx.extraGroups = [ "acme" ];


     

       

       
40

       
+

       



     

       

       
41

       
+

       
  age.secrets.cfDnsEditToken.file = ../../../secrets/cloudflareDnsEdit.age;


     

       

       
42

       
+

       
  security.acme = {


     

       

       
43

       
+

       
    acceptTerms = true;


     

       

       
44

       
+

       
    defaults = {


     

       

       
45

       
+

       
      group = "nginx";


     

       

       
46

       
+

       
      email = (import "${inputs.self}/personal.nix").emails.primary;


     

       

       
47

       
+

       
      dnsProvider = "cloudflare";


     

       

       
48

       
+

       
      credentialFiles = {


     

       

       
49

       
+

       
        CF_DNS_API_TOKEN_FILE = config.age.secrets.cfDnsEditToken.path;


     

       

       
50

       
+

       
      };


     

       

       
51

       
+

       
    };


     

       

       
52

       
+

       
    certs."poor.dog" = { };


     

       

       
53

       
+

       
    certs."ptr.pet" = { };


     

       

       
54

       
+

       
    certs."gaze.systems" = { };


     

       

       
55

       
+

       
  };


     

       

       
56

       
+

       
  services.nginx.virtualHosts."gaze.systems" = {


     

       

       
57

       
+

       
    quic = true;


     

       

       
58

       
+

       
    kTLS = true;


     

       

       
59

       
+

       
    useACMEHost = "gaze.systems";


     

       

       
60

       
+

       
    forceSSL = true;


     

       

       
61

       
+

       
  };


     

       

       
62

       
+

       
  services.nginx.virtualHosts."poor.dog" = {


     

       

       
63

       
+

       
    quic = true;


     

       

       
64

       
+

       
    kTLS = true;


     

       

       
65

       
+

       
    useACMEHost = "poor.dog";


     

       

       
66

       
+

       
    forceSSL = true;


     

       

       
67

       
+

       
  };


     

       

       
68

       
+

       
  services.nginx.virtualHosts."ptr.pet" = {


     

       

       
69

       
+

       
    quic = true;


     

       

       
70

       
+

       
    kTLS = true;


     

       

       
71

       
+

       
    useACMEHost = "ptr.pet";


     

       

       
72

       
+

       
    forceSSL = true;


     

       

       
73

       
+

       
  };


     

       

       
74

       
+

       



     

       

       
75

       
+

       
  services.fluent-bit.settings = {


     

       

       
76

       
+

       
    parsers = [


     

       

       
77

       
+

       
      {


     

       

       
78

       
+

       
        name = "nginx_json";


     

       

       
79

       
+

       
        format = "json";


     

       

       
80

       
+

       
        time_key = "time";


     

       

       
81

       
+

       
        time_format = "%d/%b/%Y:%H:%M:%S %z";


     

       

       
82

       
+

       
      }


     

       

       
83

       
+

       
    ];


     

       

       
84

       
+

       
    pipeline = {


     

       

       
85

       
+

       
      inputs = [


     

       

       
86

       
+

       
        {


     

       

       
87

       
+

       
          name = "nginx_metrics";


     

       

       
88

       
+

       
          tag = "metrics.nginx";


     

       

       
89

       
+

       
          status_url = "/nginx_status";


     

       

       
90

       
+

       
          nginx_plus = false;


     

       

       
91

       
+

       
        }


     

       

       
92

       
+

       
        {


     

       

       
93

       
+

       
          name = "tail";


     

       

       
94

       
+

       
          tag = "logs.nginx";


     

       

       
95

       
+

       
          path = "/var/log/nginx/*.log";


     

       

       
96

       
+

       
          db = "/var/lib/fluent-bit/nginx-access.db";


     

       

       
97

       
+

       
          "db.locking" = true;


     

       

       
98

       
+

       
          buffer_chunk_size = "4m";


     

       

       
99

       
+

       
          buffer_max_size = "32m";


     

       

       
100

       
+

       
          parser = "nginx_json";


     

       

       
101

       
+

       
        }


     

       

       
102

       
+

       
      ];


     

       

       
103

       
+

       
      filters = [


     

       

       
104

       
+

       
        {


     

       

       
105

       
+

       
          name = "modify";


     

       

       
106

       
+

       
          match = "logs.nginx";


     

       

       
107

       
+

       
          Add = [ "name nginx" ];


     

       

       
108

       
+

       
        }


     

       

       
109

       
+

       
      ];


     

       

       
110

       
+

       
    };


     

       

       
111

       
+

       
  };


     

       

       
112

       
+

       



     

       

       
113

       
+

       
  # need so fluent-bit can access nginx


     

       

       
114

       
+

       
  systemd.services.fluent-bit.serviceConfig.SupplementaryGroups = lib.mkForce "systemd-journal nginx";


     

       

       
115

       
+

       



     

       

       
116

       
+

       
  services.vmalert.instances."".rules.groups = [


     

       

       
117

       
+

       
    {


     

       

       
118

       
+

       
      name = "nginx-logs";


     

       

       
119

       
+

       
      type = "vlogs";


     

       

       
120

       
+

       
      interval = "1m";


     

       

       
121

       
+

       
      rules = [


     

       

       
122

       
+

       
        {


     

       

       
123

       
+

       
          record = "nginx_request_count";


     

       

       
124

       
+

       
          expr = "name:nginx | stats (res.statusCode) count() as total_requests";


     

       

       
125

       
+

       
        }


     

       

       
126

       
+

       
        {


     

       

       
127

       
+

       
          record = "nginx_request_latency";


     

       

       
128

       
+

       
          # filter out subscribeRepos requests because they are long polling http L


     

       

       
129

       
+

       
          expr = "name:nginx | filter req.url:!/xrpc/com.atproto.sync.subscribeRepos | stats avg(requestTime) avg, quantile(0.5, requestTime) p50, quantile(0.9, requestTime) p90, quantile(0.99, requestTime) p99";


     

       

       
130

       
+

       
        }


     

       

       
131

       
+

       
      ];


     

       

       
132

       
+

       
    }


     

       

       
133

       
+

       
  ];


     

       

       
134

       
+

       
}
+65
hosts/trimounts/modules/nsid-tracker.nix 
···

       

       
1

       
+

       
{


     

       

       
2

       
+

       
  pkgs,


     

       

       
3

       
+

       
  terra,


     

       

       
4

       
+

       
  inputs,


     

       

       
5

       
+

       
  ...


     

       

       
6

       
+

       
}:


     

       

       
7

       
+

       
let


     

       

       
8

       
+

       
  client-modules = pkgs.callPackage "${inputs.nsid-tracker}/nix/client-modules.nix" { };


     

       

       
9

       
+

       
  client = pkgs.callPackage "${inputs.nsid-tracker}/nix/client.nix" {


     

       

       
10

       
+

       
    PUBLIC_API_URL = "gaze.systems/nsid-tracker/api";


     

       

       
11

       
+

       
    inherit client-modules;


     

       

       
12

       
+

       
  };


     

       

       
13

       
+

       
  # server = terra.nsid-tracker-server;


     

       

       
14

       
+

       
  port = 3713;


     

       

       
15

       
+

       
in


     

       

       
16

       
+

       
{


     

       

       
17

       
+

       
  systemd.services.nsid-tracker-client = {


     

       

       
18

       
+

       
    description = "nsid-tracker-client";


     

       

       
19

       
+

       
    wantedBy = [ "multi-user.target" ];


     

       

       
20

       
+

       
    after = [ "network.target" ];


     

       

       
21

       
+

       
    environment = {


     

       

       
22

       
+

       
      # ORIGIN = "https://gaze.systems";


     

       

       
23

       
+

       
      PORT = toString port;


     

       

       
24

       
+

       
    };


     

       

       
25

       
+

       
    serviceConfig = {


     

       

       
26

       
+

       
      DynamicUser = true;


     

       

       
27

       
+

       
      ExecStart = "${client}/bin/website";


     

       

       
28

       
+

       
      Restart = "on-failure";


     

       

       
29

       
+

       
      RestartSec = 5;


     

       

       
30

       
+

       
      WorkingDirectory = "/var/lib/nsid-tracker";


     

       

       
31

       
+

       
    };


     

       

       
32

       
+

       
  };


     

       

       
33

       
+

       



     

       

       
34

       
+

       
  systemd.services.nsid-tracker-keep-alive = {


     

       

       
35

       
+

       
    description = "keeps nsid-tracker peer connection alive";


     

       

       
36

       
+

       
    wantedBy = [ "multi-user.target" ];


     

       

       
37

       
+

       
    after = [ "network.target" ];


     

       

       
38

       
+

       
    serviceConfig = {


     

       

       
39

       
+

       
      Type = "oneshot";


     

       

       
40

       
+

       
      ExecStart = "${pkgs.curl}/bin/curl http://dusk-devel-mobi:${toString port}/events";


     

       

       
41

       
+

       
    };


     

       

       
42

       
+

       
  };


     

       

       
43

       
+

       
  systemd.timers.nsid-tracker-keep-alive.timerConfig = {


     

       

       
44

       
+

       
    OnBootSec = "5 min";


     

       

       
45

       
+

       
    OnUnitActiveSec = "5 min";


     

       

       
46

       
+

       
    Unit = "nsid-tracker-keep-alive.service";


     

       

       
47

       
+

       
  };


     

       

       
48

       
+

       



     

       

       
49

       
+

       
  services.nginx.virtualHosts."gaze.systems" = {


     

       

       
50

       
+

       
    locations."/nsid-tracker/api" = {


     

       

       
51

       
+

       
      proxyPass = "http://100.64.0.6:${toString port}/";


     

       

       
52

       
+

       
      proxyWebsockets = true;


     

       

       
53

       
+

       
      extraConfig = ''


     

       

       
54

       
+

       
        rewrite ^/nsid-tracker/api/(.*) /$1 break;


     

       

       
55

       
+

       
      '';


     

       

       
56

       
+

       
    };


     

       

       
57

       
+

       
    locations."/nsid-tracker".return = "301 /nsid-tracker/";


     

       

       
58

       
+

       
    locations."/nsid-tracker/" = {


     

       

       
59

       
+

       
      proxyPass = "http://localhost:${toString port}/";


     

       

       
60

       
+

       
      extraConfig = ''


     

       

       
61

       
+

       
        rewrite ^/nsid-tracker/(.*)$ /$1 break;


     

       

       
62

       
+

       
      '';


     

       

       
63

       
+

       
    };


     

       

       
64

       
+

       
  };


     

       

       
65

       
+

       
}
+104
hosts/trimounts/modules/perses.nix/default.nix 
···

       

       
1

       
+

       
{


     

       

       
2

       
+

       
  pkgs,


     

       

       
3

       
+

       
  config,


     

       

       
4

       
+

       
  ...


     

       

       
5

       
+

       
}:


     

       

       
6

       
+

       
let


     

       

       
7

       
+

       
  domain = "dash.gaze.systems";


     

       

       
8

       
+

       
  port = 7412;


     

       

       
9

       
+

       
  user = "perses";


     

       

       
10

       
+

       



     

       

       
11

       
+

       
  provisionFolder = "provisioning";


     

       

       
12

       
+

       
  provisioningFolder = "${config.users.users.${user}.home}/${provisionFolder}";


     

       

       
13

       
+

       



     

       

       
14

       
+

       
  persesConfig = {


     

       

       
15

       
+

       
    database.file = {


     

       

       
16

       
+

       
      folder = config.users.users.${user}.home;


     

       

       
17

       
+

       
      extension = "json";


     

       

       
18

       
+

       
    };


     

       

       
19

       
+

       
    provisioning.folders = [ provisioningFolder ];


     

       

       
20

       
+

       
    security = {


     

       

       
21

       
+

       
      enable_auth = true;


     

       

       
22

       
+

       
      authentication = {


     

       

       
23

       
+

       
        providers = {


     

       

       
24

       
+

       
          enable_native = false;


     

       

       
25

       
+

       
          oidc = [


     

       

       
26

       
+

       
            {


     

       

       
27

       
+

       
              slug_id = "pocketid";


     

       

       
28

       
+

       
              name = "Pocket ID";


     

       

       
29

       
+

       
              client_id = "aa583db6-e03c-4490-853a-7f2b3e089fbe";


     

       

       
30

       
+

       
              issuer = config.services.pocket-id.settings.APP_URL;


     

       

       
31

       
+

       
              scopes = [ "openid profile email" ];


     

       

       
32

       
+

       
            }


     

       

       
33

       
+

       
          ];


     

       

       
34

       
+

       
        };


     

       

       
35

       
+

       
        disable_sign_up = false;


     

       

       
36

       
+

       
      };


     

       

       
37

       
+

       
      cookie = {


     

       

       
38

       
+

       
        same_site = "strict";


     

       

       
39

       
+

       
        secure = true;


     

       

       
40

       
+

       
      };


     

       

       
41

       
+

       
    };


     

       

       
42

       
+

       
  };


     

       

       
43

       
+

       
  persesConfigYaml = pkgs.writers.writeYAML "config.yaml" persesConfig;


     

       

       
44

       
+

       



     

       

       
45

       
+

       
  secrets = config.age.secrets;


     

       

       
46

       
+

       
in


     

       

       
47

       
+

       
{


     

       

       
48

       
+

       
  environment.systemPackages = [ pkgs.perses ];


     

       

       
49

       
+

       



     

       

       
50

       
+

       
  users.users.${user} = {


     

       

       
51

       
+

       
    isNormalUser = true;


     

       

       
52

       
+

       
    group = user;


     

       

       
53

       
+

       
    home = "/var/lib/${user}";


     

       

       
54

       
+

       
    createHome = true;


     

       

       
55

       
+

       
    uid = 1001;


     

       

       
56

       
+

       
  };


     

       

       
57

       
+

       
  users.groups.${user} = {


     

       

       
58

       
+

       
    gid = 976;


     

       

       
59

       
+

       
  };


     

       

       
60

       
+

       



     

       

       
61

       
+

       
  age.secrets.persesSecret = {


     

       

       
62

       
+

       
    file = ../../../../secrets/persesSecret.age;


     

       

       
63

       
+

       
    owner = user;


     

       

       
64

       
+

       
    group = user;


     

       

       
65

       
+

       
  };


     

       

       
66

       
+

       



     

       

       
67

       
+

       
  systemd.services.perses = {


     

       

       
68

       
+

       
    description = "perses";


     

       

       
69

       
+

       
    after = [


     

       

       
70

       
+

       
      "network.target"


     

       

       
71

       
+

       
      "pocket-id.service"


     

       

       
72

       
+

       
    ];


     

       

       
73

       
+

       
    requires = [ "pocket-id.service" ];


     

       

       
74

       
+

       
    serviceConfig = {


     

       

       
75

       
+

       
      ExecStart = "${pkgs.perses}/bin/perses --config=${persesConfigYaml} --web.listen-address=:${toString port} --log.level=info";


     

       

       
76

       
+

       
      EnvironmentFile = secrets.persesSecret.path;


     

       

       
77

       
+

       
      WorkingDirectory = config.users.users.${user}.home;


     

       

       
78

       
+

       
    };


     

       

       
79

       
+

       
  };


     

       

       
80

       
+

       
  systemd.services.perses.preStart = ''


     

       

       
81

       
+

       
    rm -rf ${provisioningFolder} && mkdir -p ${provisioningFolder}


     

       

       
82

       
+

       
    cp -f ${./provision}/* ${provisioningFolder}


     

       

       
83

       
+

       
  '';


     

       

       
84

       
+

       



     

       

       
85

       
+

       
  security.acme.certs."gaze.systems".extraDomainNames = [ domain ];


     

       

       
86

       
+

       
  services.nginx.virtualHosts.${domain} = {


     

       

       
87

       
+

       
    useACMEHost = "gaze.systems"; # TODO: write a module to define vhosts for subdomains


     

       

       
88

       
+

       
    quic = true;


     

       

       
89

       
+

       
    kTLS = true;


     

       

       
90

       
+

       
    forceSSL = true;


     

       

       
91

       
+

       
    locations."/" = {


     

       

       
92

       
+

       
      proxyPass = "http://localhost:${toString port}";


     

       

       
93

       
+

       
    };


     

       

       
94

       
+

       
  };


     

       

       
95

       
+

       



     

       

       
96

       
+

       
  # scrape perses metrics


     

       

       
97

       
+

       
  services.victoriametrics.prometheusConfig.scrape_configs = [


     

       

       
98

       
+

       
    {


     

       

       
99

       
+

       
      job_name = "perses";


     

       

       
100

       
+

       
      metrics_path = "/metrics";


     

       

       
101

       
+

       
      static_configs = [ { targets = [ "localhost:${toString port}" ]; } ];


     

       

       
102

       
+

       
    }


     

       

       
103

       
+

       
  ];


     

       

       
104

       
+

       
}
+3
hosts/trimounts/modules/perses.nix/provision/1-private-infra.yaml 
···

       

       
1

       
+

       
kind: Project


     

       

       
2

       
+

       
metadata:


     

       

       
3

       
+

       
  name: private-infra
+9
hosts/trimounts/modules/perses.nix/provision/2-admin-role.yaml 
···

       

       
1

       
+

       
- kind: GlobalRole


     

       

       
2

       
+

       
  metadata:


     

       

       
3

       
+

       
    name: admin


     

       

       
4

       
+

       
  spec:


     

       

       
5

       
+

       
    permissions:


     

       

       
6

       
+

       
    - actions:


     

       

       
7

       
+

       
      - '*'


     

       

       
8

       
+

       
      scopes:


     

       

       
9

       
+

       
      - '*'
+8
hosts/trimounts/modules/perses.nix/provision/3-admin-bind-role.yaml 
···

       

       
1

       
+

       
- kind: GlobalRoleBinding


     

       

       
2

       
+

       
  metadata:


     

       

       
3

       
+

       
    name: admin


     

       

       
4

       
+

       
  spec:


     

       

       
5

       
+

       
    role: admin


     

       

       
6

       
+

       
    subjects:


     

       

       
7

       
+

       
    - kind: User


     

       

       
8

       
+

       
      name: 90008
+12
hosts/trimounts/modules/perses.nix/provision/4-victoria.yaml 
···

       

       
1

       
+

       
- kind: GlobalDatasource


     

       

       
2

       
+

       
  metadata:


     

       

       
3

       
+

       
    name: victoria


     

       

       
4

       
+

       
  spec:


     

       

       
5

       
+

       
    default: true


     

       

       
6

       
+

       
    plugin:


     

       

       
7

       
+

       
      kind: PrometheusDatasource


     

       

       
8

       
+

       
      spec:


     

       

       
9

       
+

       
        proxy:


     

       

       
10

       
+

       
          kind: HTTPProxy


     

       

       
11

       
+

       
          spec:


     

       

       
12

       
+

       
            url: http://localhost:8428
+12
hosts/trimounts/modules/perses.nix/provision/6-guest-role.yaml 
···

       

       
1

       
+

       
- kind: GlobalRole


     

       

       
2

       
+

       
  metadata:


     

       

       
3

       
+

       
    name: guest


     

       

       
4

       
+

       
  spec:


     

       

       
5

       
+

       
    permissions:


     

       

       
6

       
+

       
    - actions:


     

       

       
7

       
+

       
      - 'read'


     

       

       
8

       
+

       
      scopes:


     

       

       
9

       
+

       
      - 'Dashboard'


     

       

       
10

       
+

       
      - 'Project'


     

       

       
11

       
+

       
      - 'Datasource'


     

       

       
12

       
+

       
      - 'GlobalDatasource'
+8
hosts/trimounts/modules/perses.nix/provision/7-guest-role-bind.yaml 
···

       

       
1

       
+

       
- kind: GlobalRoleBinding


     

       

       
2

       
+

       
  metadata:


     

       

       
3

       
+

       
    name: guest


     

       

       
4

       
+

       
  spec:


     

       

       
5

       
+

       
    role: guest


     

       

       
6

       
+

       
    subjects:


     

       

       
7

       
+

       
    - kind: User


     

       

       
8

       
+

       
      name: sorryu02
+454
hosts/trimounts/modules/perses.nix/provision/90-wolumonde.yaml 
···

       

       
1

       
+

       
kind: Dashboard


     

       

       
2

       
+

       
metadata:


     

       

       
3

       
+

       
    name: wolumonde


     

       

       
4

       
+

       
    createdAt: 0001-01-01T00:00:00Z


     

       

       
5

       
+

       
    updatedAt: 0001-01-01T00:00:00Z


     

       

       
6

       
+

       
    version: 0


     

       

       
7

       
+

       
    project: private-infra


     

       

       
8

       
+

       
spec:


     

       

       
9

       
+

       
    panels:


     

       

       
10

       
+

       
        "0_0":


     

       

       
11

       
+

       
            kind: Panel


     

       

       
12

       
+

       
            spec:


     

       

       
13

       
+

       
                display:


     

       

       
14

       
+

       
                    name: load over 5 min


     

       

       
15

       
+

       
                plugin:


     

       

       
16

       
+

       
                    kind: GaugeChart


     

       

       
17

       
+

       
                    spec:


     

       

       
18

       
+

       
                        calculation: mean


     

       

       
19

       
+

       
                        format:


     

       

       
20

       
+

       
                            unit: percent


     

       

       
21

       
+

       
                        max: 100


     

       

       
22

       
+

       
                queries:


     

       

       
23

       
+

       
                    - kind: TimeSeriesQuery


     

       

       
24

       
+

       
                      spec:


     

       

       
25

       
+

       
                        plugin:


     

       

       
26

       
+

       
                            kind: PrometheusTimeSeriesQuery


     

       

       
27

       
+

       
                            spec:


     

       

       
28

       
+

       
                                query: node_load5 * 100 / count(count(node_cpu_seconds_total) by (cpu))


     

       

       
29

       
+

       
                                seriesNameFormat: load %


     

       

       
30

       
+

       
        "0_1":


     

       

       
31

       
+

       
            kind: Panel


     

       

       
32

       
+

       
            spec:


     

       

       
33

       
+

       
                display:


     

       

       
34

       
+

       
                    name: cpu usage


     

       

       
35

       
+

       
                plugin:


     

       

       
36

       
+

       
                    kind: GaugeChart


     

       

       
37

       
+

       
                    spec:


     

       

       
38

       
+

       
                        calculation: mean


     

       

       
39

       
+

       
                        format:


     

       

       
40

       
+

       
                            unit: percent


     

       

       
41

       
+

       
                        max: 100


     

       

       
42

       
+

       
                queries:


     

       

       
43

       
+

       
                    - kind: TimeSeriesQuery


     

       

       
44

       
+

       
                      spec:


     

       

       
45

       
+

       
                        plugin:


     

       

       
46

       
+

       
                            kind: PrometheusTimeSeriesQuery


     

       

       
47

       
+

       
                            spec:


     

       

       
48

       
+

       
                                query: sum by (cpu) (rate(node_cpu_seconds_total{mode=~"user|system"}[1m])) * 100


     

       

       
49

       
+

       
                                seriesNameFormat: cpu {{cpu}}


     

       

       
50

       
+

       
        "0_2":


     

       

       
51

       
+

       
            kind: Panel


     

       

       
52

       
+

       
            spec:


     

       

       
53

       
+

       
                display:


     

       

       
54

       
+

       
                    name: memory usage


     

       

       
55

       
+

       
                plugin:


     

       

       
56

       
+

       
                    kind: GaugeChart


     

       

       
57

       
+

       
                    spec:


     

       

       
58

       
+

       
                        calculation: mean


     

       

       
59

       
+

       
                        format:


     

       

       
60

       
+

       
                            unit: percent


     

       

       
61

       
+

       
                        max: 100


     

       

       
62

       
+

       
                queries:


     

       

       
63

       
+

       
                    - kind: TimeSeriesQuery


     

       

       
64

       
+

       
                      spec:


     

       

       
65

       
+

       
                        plugin:


     

       

       
66

       
+

       
                            kind: PrometheusTimeSeriesQuery


     

       

       
67

       
+

       
                            spec:


     

       

       
68

       
+

       
                                query: (node_memory_MemTotal_bytes - node_memory_MemAvailable_bytes) * 100 / node_memory_MemTotal_bytes


     

       

       
69

       
+

       
                                seriesNameFormat: memory usage %


     

       

       
70

       
+

       
        "0_3":


     

       

       
71

       
+

       
            kind: Panel


     

       

       
72

       
+

       
            spec:


     

       

       
73

       
+

       
                display:


     

       

       
74

       
+

       
                    name: disk usage /


     

       

       
75

       
+

       
                plugin:


     

       

       
76

       
+

       
                    kind: GaugeChart


     

       

       
77

       
+

       
                    spec:


     

       

       
78

       
+

       
                        calculation: last


     

       

       
79

       
+

       
                        format:


     

       

       
80

       
+

       
                            unit: percent


     

       

       
81

       
+

       
                        max: 100


     

       

       
82

       
+

       
                queries:


     

       

       
83

       
+

       
                    - kind: TimeSeriesQuery


     

       

       
84

       
+

       
                      spec:


     

       

       
85

       
+

       
                        plugin:


     

       

       
86

       
+

       
                            kind: PrometheusTimeSeriesQuery


     

       

       
87

       
+

       
                            spec:


     

       

       
88

       
+

       
                                query: (node_filesystem_size_bytes{mountpoint="/"} - node_filesystem_free_bytes{mountpoint="/"}) * 100 / node_filesystem_size_bytes{mountpoint="/"}


     

       

       
89

       
+

       
                                seriesNameFormat: disk usage %


     

       

       
90

       
+

       
        "0_4":


     

       

       
91

       
+

       
            kind: Panel


     

       

       
92

       
+

       
            spec:


     

       

       
93

       
+

       
                display:


     

       

       
94

       
+

       
                    name: load over 5 min


     

       

       
95

       
+

       
                plugin:


     

       

       
96

       
+

       
                    kind: TimeSeriesChart


     

       

       
97

       
+

       
                    spec:


     

       

       
98

       
+

       
                        yAxis:


     

       

       
99

       
+

       
                            max: 2


     

       

       
100

       
+

       
                queries:


     

       

       
101

       
+

       
                    - kind: TimeSeriesQuery


     

       

       
102

       
+

       
                      spec:


     

       

       
103

       
+

       
                        plugin:


     

       

       
104

       
+

       
                            kind: PrometheusTimeSeriesQuery


     

       

       
105

       
+

       
                            spec:


     

       

       
106

       
+

       
                                query: node_load5


     

       

       
107

       
+

       
                                seriesNameFormat: load


     

       

       
108

       
+

       
        "0_5":


     

       

       
109

       
+

       
            kind: Panel


     

       

       
110

       
+

       
            spec:


     

       

       
111

       
+

       
                display:


     

       

       
112

       
+

       
                    name: cpu usage


     

       

       
113

       
+

       
                plugin:


     

       

       
114

       
+

       
                    kind: TimeSeriesChart


     

       

       
115

       
+

       
                    spec:


     

       

       
116

       
+

       
                        yAxis:


     

       

       
117

       
+

       
                            format:


     

       

       
118

       
+

       
                                unit: percent


     

       

       
119

       
+

       
                            max: 100


     

       

       
120

       
+

       
                queries:


     

       

       
121

       
+

       
                    - kind: TimeSeriesQuery


     

       

       
122

       
+

       
                      spec:


     

       

       
123

       
+

       
                        plugin:


     

       

       
124

       
+

       
                            kind: PrometheusTimeSeriesQuery


     

       

       
125

       
+

       
                            spec:


     

       

       
126

       
+

       
                                query: sum by (cpu) (rate(node_cpu_seconds_total{mode=~"user|system"}[1m])) * 100


     

       

       
127

       
+

       
                                seriesNameFormat: cpu {{cpu}}


     

       

       
128

       
+

       
        "0_6":


     

       

       
129

       
+

       
            kind: Panel


     

       

       
130

       
+

       
            spec:


     

       

       
131

       
+

       
                display:


     

       

       
132

       
+

       
                    name: memory usage


     

       

       
133

       
+

       
                plugin:


     

       

       
134

       
+

       
                    kind: TimeSeriesChart


     

       

       
135

       
+

       
                    spec:


     

       

       
136

       
+

       
                        yAxis:


     

       

       
137

       
+

       
                            format:


     

       

       
138

       
+

       
                                unit: bytes


     

       

       
139

       
+

       
                            max: 4e+09


     

       

       
140

       
+

       
                queries:


     

       

       
141

       
+

       
                    - kind: TimeSeriesQuery


     

       

       
142

       
+

       
                      spec:


     

       

       
143

       
+

       
                        plugin:


     

       

       
144

       
+

       
                            kind: PrometheusTimeSeriesQuery


     

       

       
145

       
+

       
                            spec:


     

       

       
146

       
+

       
                                query: node_memory_MemTotal_bytes - node_memory_MemAvailable_bytes


     

       

       
147

       
+

       
                                seriesNameFormat: current memory usage


     

       

       
148

       
+

       
        "0_7":


     

       

       
149

       
+

       
            kind: Panel


     

       

       
150

       
+

       
            spec:


     

       

       
151

       
+

       
                display:


     

       

       
152

       
+

       
                    name: disk usage /


     

       

       
153

       
+

       
                plugin:


     

       

       
154

       
+

       
                    kind: TimeSeriesChart


     

       

       
155

       
+

       
                    spec:


     

       

       
156

       
+

       
                        yAxis:


     

       

       
157

       
+

       
                            format:


     

       

       
158

       
+

       
                                unit: bytes


     

       

       
159

       
+

       
                            max: 3.8e+10


     

       

       
160

       
+

       
                queries:


     

       

       
161

       
+

       
                    - kind: TimeSeriesQuery


     

       

       
162

       
+

       
                      spec:


     

       

       
163

       
+

       
                        plugin:


     

       

       
164

       
+

       
                            kind: PrometheusTimeSeriesQuery


     

       

       
165

       
+

       
                            spec:


     

       

       
166

       
+

       
                                query: node_filesystem_size_bytes{mountpoint="/"} - node_filesystem_free_bytes{mountpoint="/"}


     

       

       
167

       
+

       
                                seriesNameFormat: disk usage


     

       

       
168

       
+

       
        "1_0":


     

       

       
169

       
+

       
            kind: Panel


     

       

       
170

       
+

       
            spec:


     

       

       
171

       
+

       
                display:


     

       

       
172

       
+

       
                    name: nginx requests / min


     

       

       
173

       
+

       
                plugin:


     

       

       
174

       
+

       
                    kind: TimeSeriesChart


     

       

       
175

       
+

       
                    spec:


     

       

       
176

       
+

       
                        legend:


     

       

       
177

       
+

       
                            position: bottom


     

       

       
178

       
+

       
                            size: small


     

       

       
179

       
+

       
                        yAxis:


     

       

       
180

       
+

       
                            format:


     

       

       
181

       
+

       
                                unit: decimal


     

       

       
182

       
+

       
                        visual:


     

       

       
183

       
+

       
                            display: bar


     

       

       
184

       
+

       
                            palette:


     

       

       
185

       
+

       
                                mode: categorical


     

       

       
186

       
+

       
                            stack: all


     

       

       
187

       
+

       
                queries:


     

       

       
188

       
+

       
                    - kind: TimeSeriesQuery


     

       

       
189

       
+

       
                      spec:


     

       

       
190

       
+

       
                        plugin:


     

       

       
191

       
+

       
                            kind: PrometheusTimeSeriesQuery


     

       

       
192

       
+

       
                            spec:


     

       

       
193

       
+

       
                                query: nginx_request_count


     

       

       
194

       
+

       
                                seriesNameFormat: '{{res.statusCode}}'


     

       

       
195

       
+

       
        "1_1":


     

       

       
196

       
+

       
            kind: Panel


     

       

       
197

       
+

       
            spec:


     

       

       
198

       
+

       
                display:


     

       

       
199

       
+

       
                    name: nginx latency / min


     

       

       
200

       
+

       
                plugin:


     

       

       
201

       
+

       
                    kind: TimeSeriesChart


     

       

       
202

       
+

       
                    spec:


     

       

       
203

       
+

       
                        yAxis:


     

       

       
204

       
+

       
                            format:


     

       

       
205

       
+

       
                                unit: seconds


     

       

       
206

       
+

       
                            max: 0.5


     

       

       
207

       
+

       
                queries:


     

       

       
208

       
+

       
                    - kind: TimeSeriesQuery


     

       

       
209

       
+

       
                      spec:


     

       

       
210

       
+

       
                        plugin:


     

       

       
211

       
+

       
                            kind: PrometheusTimeSeriesQuery


     

       

       
212

       
+

       
                            spec:


     

       

       
213

       
+

       
                                query: nginx_request_latency


     

       

       
214

       
+

       
                                seriesNameFormat: '{{stats_result}}'


     

       

       
215

       
+

       
        "2_0":


     

       

       
216

       
+

       
            kind: Panel


     

       

       
217

       
+

       
            spec:


     

       

       
218

       
+

       
                display:


     

       

       
219

       
+

       
                    name: pds requests / min


     

       

       
220

       
+

       
                plugin:


     

       

       
221

       
+

       
                    kind: TimeSeriesChart


     

       

       
222

       
+

       
                    spec:


     

       

       
223

       
+

       
                        legend:


     

       

       
224

       
+

       
                            position: bottom


     

       

       
225

       
+

       
                            size: small


     

       

       
226

       
+

       
                        yAxis:


     

       

       
227

       
+

       
                            format:


     

       

       
228

       
+

       
                                unit: decimal


     

       

       
229

       
+

       
                        visual:


     

       

       
230

       
+

       
                            display: bar


     

       

       
231

       
+

       
                            palette:


     

       

       
232

       
+

       
                                mode: categorical


     

       

       
233

       
+

       
                            stack: all


     

       

       
234

       
+

       
                queries:


     

       

       
235

       
+

       
                    - kind: TimeSeriesQuery


     

       

       
236

       
+

       
                      spec:


     

       

       
237

       
+

       
                        plugin:


     

       

       
238

       
+

       
                            kind: PrometheusTimeSeriesQuery


     

       

       
239

       
+

       
                            spec:


     

       

       
240

       
+

       
                                query: pds_request_count


     

       

       
241

       
+

       
                                seriesNameFormat: '{{res.statusCode}}'


     

       

       
242

       
+

       
        "2_1":


     

       

       
243

       
+

       
            kind: Panel


     

       

       
244

       
+

       
            spec:


     

       

       
245

       
+

       
                display:


     

       

       
246

       
+

       
                    name: pds latency / min


     

       

       
247

       
+

       
                plugin:


     

       

       
248

       
+

       
                    kind: TimeSeriesChart


     

       

       
249

       
+

       
                    spec:


     

       

       
250

       
+

       
                        yAxis:


     

       

       
251

       
+

       
                            format:


     

       

       
252

       
+

       
                                unit: milliseconds


     

       

       
253

       
+

       
                            max: 500


     

       

       
254

       
+

       
                queries:


     

       

       
255

       
+

       
                    - kind: TimeSeriesQuery


     

       

       
256

       
+

       
                      spec:


     

       

       
257

       
+

       
                        plugin:


     

       

       
258

       
+

       
                            kind: PrometheusTimeSeriesQuery


     

       

       
259

       
+

       
                            spec:


     

       

       
260

       
+

       
                                query: pds_response_latency


     

       

       
261

       
+

       
                                seriesNameFormat: '{{stats_result}}'


     

       

       
262

       
+

       
        "3_0":


     

       

       
263

       
+

       
            kind: Panel


     

       

       
264

       
+

       
            spec:


     

       

       
265

       
+

       
                display:


     

       

       
266

       
+

       
                    name: gazesys visits


     

       

       
267

       
+

       
                plugin:


     

       

       
268

       
+

       
                    kind: BarChart


     

       

       
269

       
+

       
                    spec:


     

       

       
270

       
+

       
                        calculation: last


     

       

       
271

       
+

       
                queries:


     

       

       
272

       
+

       
                    - kind: TimeSeriesQuery


     

       

       
273

       
+

       
                      spec:


     

       

       
274

       
+

       
                        plugin:


     

       

       
275

       
+

       
                            kind: PrometheusTimeSeriesQuery


     

       

       
276

       
+

       
                            spec:


     

       

       
277

       
+

       
                                query: gazesys_visit_real_total + gazesys_visit_fake_total


     

       

       
278

       
+

       
                                seriesNameFormat: total visits


     

       

       
279

       
+

       
                    - kind: TimeSeriesQuery


     

       

       
280

       
+

       
                      spec:


     

       

       
281

       
+

       
                        plugin:


     

       

       
282

       
+

       
                            kind: PrometheusTimeSeriesQuery


     

       

       
283

       
+

       
                            spec:


     

       

       
284

       
+

       
                                query: gazesys_visit_fake_total


     

       

       
285

       
+

       
                                seriesNameFormat: (ai) bot visits


     

       

       
286

       
+

       
                    - kind: TimeSeriesQuery


     

       

       
287

       
+

       
                      spec:


     

       

       
288

       
+

       
                        plugin:


     

       

       
289

       
+

       
                            kind: PrometheusTimeSeriesQuery


     

       

       
290

       
+

       
                            spec:


     

       

       
291

       
+

       
                                query: gazesys_visit_real_total


     

       

       
292

       
+

       
                                seriesNameFormat: real visits


     

       

       
293

       
+

       
        "3_1":


     

       

       
294

       
+

       
            kind: Panel


     

       

       
295

       
+

       
            spec:


     

       

       
296

       
+

       
                display:


     

       

       
297

       
+

       
                    name: gazesys pet


     

       

       
298

       
+

       
                plugin:


     

       

       
299

       
+

       
                    kind: StatChart


     

       

       
300

       
+

       
                    spec:


     

       

       
301

       
+

       
                        calculation: last


     

       

       
302

       
+

       
                        format:


     

       

       
303

       
+

       
                            unit: decimal


     

       

       
304

       
+

       
                            shortValues: true


     

       

       
305

       
+

       
                queries:


     

       

       
306

       
+

       
                    - kind: TimeSeriesQuery


     

       

       
307

       
+

       
                      spec:


     

       

       
308

       
+

       
                        plugin:


     

       

       
309

       
+

       
                            kind: PrometheusTimeSeriesQuery


     

       

       
310

       
+

       
                            spec:


     

       

       
311

       
+

       
                                query: gazesys_pet_bounce_total


     

       

       
312

       
+

       
                                seriesNameFormat: bounce count


     

       

       
313

       
+

       
                    - kind: TimeSeriesQuery


     

       

       
314

       
+

       
                      spec:


     

       

       
315

       
+

       
                        plugin:


     

       

       
316

       
+

       
                            kind: PrometheusTimeSeriesQuery


     

       

       
317

       
+

       
                            spec:


     

       

       
318

       
+

       
                                query: gazesys_pet_distance_total


     

       

       
319

       
+

       
                                seriesNameFormat: distance travelled


     

       

       
320

       
+

       
        "4_0":


     

       

       
321

       
+

       
            kind: Panel


     

       

       
322

       
+

       
            spec:


     

       

       
323

       
+

       
                display:


     

       

       
324

       
+

       
                    name: anubis policy actions


     

       

       
325

       
+

       
                plugin:


     

       

       
326

       
+

       
                    kind: BarChart


     

       

       
327

       
+

       
                    spec:


     

       

       
328

       
+

       
                        calculation: last


     

       

       
329

       
+

       
                queries:


     

       

       
330

       
+

       
                    - kind: TimeSeriesQuery


     

       

       
331

       
+

       
                      spec:


     

       

       
332

       
+

       
                        plugin:


     

       

       
333

       
+

       
                            kind: PrometheusTimeSeriesQuery


     

       

       
334

       
+

       
                            spec:


     

       

       
335

       
+

       
                                query: anubis_policy_results


     

       

       
336

       
+

       
                                seriesNameFormat: '{{action}}: {{rule}}'


     

       

       
337

       
+

       
    layouts:


     

       

       
338

       
+

       
        - kind: Grid


     

       

       
339

       
+

       
          spec:


     

       

       
340

       
+

       
            display:


     

       

       
341

       
+

       
                title: resource usage


     

       

       
342

       
+

       
            items:


     

       

       
343

       
+

       
                - x: 0


     

       

       
344

       
+

       
                  "y": 0


     

       

       
345

       
+

       
                  width: 6


     

       

       
346

       
+

       
                  height: 6


     

       

       
347

       
+

       
                  content:


     

       

       
348

       
+

       
                    $ref: '#/spec/panels/0_0'


     

       

       
349

       
+

       
                - x: 6


     

       

       
350

       
+

       
                  "y": 0


     

       

       
351

       
+

       
                  width: 6


     

       

       
352

       
+

       
                  height: 6


     

       

       
353

       
+

       
                  content:


     

       

       
354

       
+

       
                    $ref: '#/spec/panels/0_1'


     

       

       
355

       
+

       
                - x: 12


     

       

       
356

       
+

       
                  "y": 0


     

       

       
357

       
+

       
                  width: 6


     

       

       
358

       
+

       
                  height: 6


     

       

       
359

       
+

       
                  content:


     

       

       
360

       
+

       
                    $ref: '#/spec/panels/0_2'


     

       

       
361

       
+

       
                - x: 18


     

       

       
362

       
+

       
                  "y": 0


     

       

       
363

       
+

       
                  width: 6


     

       

       
364

       
+

       
                  height: 6


     

       

       
365

       
+

       
                  content:


     

       

       
366

       
+

       
                    $ref: '#/spec/panels/0_3'


     

       

       
367

       
+

       
                - x: 0


     

       

       
368

       
+

       
                  "y": 6


     

       

       
369

       
+

       
                  width: 6


     

       

       
370

       
+

       
                  height: 6


     

       

       
371

       
+

       
                  content:


     

       

       
372

       
+

       
                    $ref: '#/spec/panels/0_4'


     

       

       
373

       
+

       
                - x: 6


     

       

       
374

       
+

       
                  "y": 6


     

       

       
375

       
+

       
                  width: 6


     

       

       
376

       
+

       
                  height: 6


     

       

       
377

       
+

       
                  content:


     

       

       
378

       
+

       
                    $ref: '#/spec/panels/0_5'


     

       

       
379

       
+

       
                - x: 12


     

       

       
380

       
+

       
                  "y": 6


     

       

       
381

       
+

       
                  width: 6


     

       

       
382

       
+

       
                  height: 6


     

       

       
383

       
+

       
                  content:


     

       

       
384

       
+

       
                    $ref: '#/spec/panels/0_6'


     

       

       
385

       
+

       
                - x: 18


     

       

       
386

       
+

       
                  "y": 6


     

       

       
387

       
+

       
                  width: 6


     

       

       
388

       
+

       
                  height: 6


     

       

       
389

       
+

       
                  content:


     

       

       
390

       
+

       
                    $ref: '#/spec/panels/0_7'


     

       

       
391

       
+

       
        - kind: Grid


     

       

       
392

       
+

       
          spec:


     

       

       
393

       
+

       
            display:


     

       

       
394

       
+

       
                title: nginx metrics


     

       

       
395

       
+

       
            items:


     

       

       
396

       
+

       
                - x: 0


     

       

       
397

       
+

       
                  "y": 0


     

       

       
398

       
+

       
                  width: 8


     

       

       
399

       
+

       
                  height: 6


     

       

       
400

       
+

       
                  content:


     

       

       
401

       
+

       
                    $ref: '#/spec/panels/1_0'


     

       

       
402

       
+

       
                - x: 8


     

       

       
403

       
+

       
                  "y": 0


     

       

       
404

       
+

       
                  width: 8


     

       

       
405

       
+

       
                  height: 6


     

       

       
406

       
+

       
                  content:


     

       

       
407

       
+

       
                    $ref: '#/spec/panels/1_1'


     

       

       
408

       
+

       
        - kind: Grid


     

       

       
409

       
+

       
          spec:


     

       

       
410

       
+

       
            display:


     

       

       
411

       
+

       
                title: pds metrics


     

       

       
412

       
+

       
            items:


     

       

       
413

       
+

       
                - x: 0


     

       

       
414

       
+

       
                  "y": 0


     

       

       
415

       
+

       
                  width: 8


     

       

       
416

       
+

       
                  height: 6


     

       

       
417

       
+

       
                  content:


     

       

       
418

       
+

       
                    $ref: '#/spec/panels/2_0'


     

       

       
419

       
+

       
                - x: 8


     

       

       
420

       
+

       
                  "y": 0


     

       

       
421

       
+

       
                  width: 8


     

       

       
422

       
+

       
                  height: 6


     

       

       
423

       
+

       
                  content:


     

       

       
424

       
+

       
                    $ref: '#/spec/panels/2_1'


     

       

       
425

       
+

       
        - kind: Grid


     

       

       
426

       
+

       
          spec:


     

       

       
427

       
+

       
            display:


     

       

       
428

       
+

       
                title: gazesys


     

       

       
429

       
+

       
            items:


     

       

       
430

       
+

       
                - x: 0


     

       

       
431

       
+

       
                  "y": 0


     

       

       
432

       
+

       
                  width: 8


     

       

       
433

       
+

       
                  height: 6


     

       

       
434

       
+

       
                  content:


     

       

       
435

       
+

       
                    $ref: '#/spec/panels/3_0'


     

       

       
436

       
+

       
                - x: 8


     

       

       
437

       
+

       
                  "y": 0


     

       

       
438

       
+

       
                  width: 8


     

       

       
439

       
+

       
                  height: 6


     

       

       
440

       
+

       
                  content:


     

       

       
441

       
+

       
                    $ref: '#/spec/panels/3_1'


     

       

       
442

       
+

       
        - kind: Grid


     

       

       
443

       
+

       
          spec:


     

       

       
444

       
+

       
            display:


     

       

       
445

       
+

       
                title: forgejo


     

       

       
446

       
+

       
            items:


     

       

       
447

       
+

       
                - x: 0


     

       

       
448

       
+

       
                  "y": 0


     

       

       
449

       
+

       
                  width: 8


     

       

       
450

       
+

       
                  height: 6


     

       

       
451

       
+

       
                  content:


     

       

       
452

       
+

       
                    $ref: '#/spec/panels/4_0'


     

       

       
453

       
+

       
    duration: 30m


     

       

       
454

       
+

       
    refreshInterval: 1m
+6
hosts/trimounts/modules/tangled.nix/default.nix 
···

       

       
1

       
+

       
{


     

       

       
2

       
+

       
  imports = [


     

       

       
3

       
+

       
    ./knot.nix


     

       

       
4

       
+

       
    ./spindle.nix


     

       

       
5

       
+

       
  ];


     

       

       
6

       
+

       
}
+39
hosts/trimounts/modules/tangled.nix/knot.nix 
···

       

       
1

       
+

       
{


     

       

       
2

       
+

       
  config,


     

       

       
3

       
+

       
  inputs,


     

       

       
4

       
+

       
  terra,


     

       

       
5

       
+

       
  ...


     

       

       
6

       
+

       
}:


     

       

       
7

       
+

       
let


     

       

       
8

       
+

       
  knotCfg = config.services.tangled.knot;


     

       

       
9

       
+

       
in


     

       

       
10

       
+

       
{


     

       

       
11

       
+

       
  imports = [


     

       

       
12

       
+

       
    "${inputs.tangled}/nix/modules/knot.nix"


     

       

       
13

       
+

       
  ];


     

       

       
14

       
+

       



     

       

       
15

       
+

       
  services.tangled.knot = {


     

       

       
16

       
+

       
    enable = true;


     

       

       
17

       
+

       
    package = terra.tangled-knot;


     

       

       
18

       
+

       
    gitUser = "git";


     

       

       
19

       
+

       
    motdFile = ./motd;


     

       

       
20

       
+

       
    server = {


     

       

       
21

       
+

       
      listenAddr = "0.0.0.0:7777";


     

       

       
22

       
+

       
      hostname = "knot.gaze.systems";


     

       

       
23

       
+

       
      owner = "did:plc:dfl62fgb7wtjj3fcbb72naae";


     

       

       
24

       
+

       
    };


     

       

       
25

       
+

       
  };


     

       

       
26

       
+

       



     

       

       
27

       
+

       
  security.acme.certs."gaze.systems".extraDomainNames = [ knotCfg.server.hostname ];


     

       

       
28

       
+

       



     

       

       
29

       
+

       
  services.nginx.virtualHosts.${knotCfg.server.hostname} = {


     

       

       
30

       
+

       
    useACMEHost = "gaze.systems";


     

       

       
31

       
+

       
    forceSSL = true;


     

       

       
32

       
+

       
    quic = true;


     

       

       
33

       
+

       
    kTLS = true;


     

       

       
34

       
+

       
    locations."/" = {


     

       

       
35

       
+

       
      proxyPass = "http://${knotCfg.server.listenAddr}";


     

       

       
36

       
+

       
      proxyWebsockets = true;


     

       

       
37

       
+

       
    };


     

       

       
38

       
+

       
  };


     

       

       
39

       
+

       
}
+5
hosts/trimounts/modules/tangled.nix/motd 
···

       

       
1

       
+

       



     

       

       
2

       
+

       
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓


     

       

       
3

       
+

       
┃ *paws at your commits* arf :3c ┃


     

       

       
4

       
+

       
┗━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛


     

       

       
5

       
+
+64
hosts/trimounts/modules/tangled.nix/spindle.nix 
···

       

       
1

       
+

       
{


     

       

       
2

       
+

       
  lib,


     

       

       
3

       
+

       
  config,


     

       

       
4

       
+

       
  inputs,


     

       

       
5

       
+

       
  terra,


     

       

       
6

       
+

       
  ...


     

       

       
7

       
+

       
}:


     

       

       
8

       
+

       
let


     

       

       
9

       
+

       
  spindleCfg = config.services.tangled.spindle;


     

       

       
10

       
+

       
in


     

       

       
11

       
+

       
{


     

       

       
12

       
+

       
  imports = [


     

       

       
13

       
+

       
    "${inputs.tangled}/nix/modules/spindle.nix"


     

       

       
14

       
+

       
  ];


     

       

       
15

       
+

       



     

       

       
16

       
+

       
  services.tangled.spindle = {


     

       

       
17

       
+

       
    enable = true;


     

       

       
18

       
+

       
    package = terra.tangled-spindle;


     

       

       
19

       
+

       
    server = {


     

       

       
20

       
+

       
      listenAddr = "0.0.0.0:7391";


     

       

       
21

       
+

       
      hostname = "spindle.gaze.systems";


     

       

       
22

       
+

       
      owner = "did:plc:dfl62fgb7wtjj3fcbb72naae";


     

       

       
23

       
+

       
      # secrets = {


     

       

       
24

       
+

       
      #   provider = "openbao";


     

       

       
25

       
+

       
      #   openbao.proxyAddr = "http://spindle.bao.lan.gaze.systems";


     

       

       
26

       
+

       
      # };


     

       

       
27

       
+

       
      secrets.provider = "sqlite";


     

       

       
28

       
+

       
    };


     

       

       
29

       
+

       
  };


     

       

       
30

       
+

       
  users.users.spindle = {


     

       

       
31

       
+

       
    group = "spindle";


     

       

       
32

       
+

       
    isSystemUser = true;


     

       

       
33

       
+

       
  };


     

       

       
34

       
+

       
  users.groups.spindle = { };


     

       

       
35

       
+

       
  users.groups.podman.members = [ "spindle" ];


     

       

       
36

       
+

       
  systemd.services.spindle = {


     

       

       
37

       
+

       
    # after = lib.mkForce [ "network.target" "openbao-proxy-spindle.service" ];


     

       

       
38

       
+

       
    serviceConfig = {


     

       

       
39

       
+

       
      User = "spindle";


     

       

       
40

       
+

       
      Group = "spindle";


     

       

       
41

       
+

       
    };


     

       

       
42

       
+

       
  };


     

       

       
43

       
+

       



     

       

       
44

       
+

       
  security.acme.certs."gaze.systems".extraDomainNames = [ spindleCfg.server.hostname ];


     

       

       
45

       
+

       



     

       

       
46

       
+

       
  services.nginx.virtualHosts.${spindleCfg.server.hostname} = {


     

       

       
47

       
+

       
    useACMEHost = "gaze.systems";


     

       

       
48

       
+

       
    forceSSL = true;


     

       

       
49

       
+

       
    quic = true;


     

       

       
50

       
+

       
    kTLS = true;


     

       

       
51

       
+

       
    locations."/" = {


     

       

       
52

       
+

       
      proxyPass = "http://${spindleCfg.server.listenAddr}";


     

       

       
53

       
+

       
      proxyWebsockets = true;


     

       

       
54

       
+

       
    };


     

       

       
55

       
+

       
  };


     

       

       
56

       
+

       



     

       

       
57

       
+

       
  virtualisation.docker.enable = lib.mkForce false;


     

       

       
58

       
+

       
  virtualisation.podman = {


     

       

       
59

       
+

       
    enable = true;


     

       

       
60

       
+

       
    autoPrune.enable = true;


     

       

       
61

       
+

       
    dockerCompat = true;


     

       

       
62

       
+

       
    dockerSocket.enable = true;


     

       

       
63

       
+

       
  };


     

       

       
64

       
+

       
}
+85
hosts/trimounts/modules/website.nix 
···

       

       
1

       
+

       
{


     

       

       
2

       
+

       
  config,


     

       

       
3

       
+

       
  pkgs,


     

       

       
4

       
+

       
  inputs,


     

       

       
5

       
+

       
  ...


     

       

       
6

       
+

       
}:


     

       

       
7

       
+

       
let


     

       

       
8

       
+

       
  PUBLIC_BASE_URL = "https://gaze.systems";


     

       

       
9

       
+

       
  modules = (pkgs.callPackage "${inputs.blog}/nix/modules.nix" { }).overrideAttrs (_: {


     

       

       
10

       
+

       
    outputHash = "sha256-rzfSfiK8FSNFR+1QTwM/ltLZBprG9BoQsPmOt6IdXFc=";


     

       

       
11

       
+

       
  });


     

       

       
12

       
+

       
  pkg = pkgs.callPackage "${inputs.blog}/nix" {


     

       

       
13

       
+

       
    inherit PUBLIC_BASE_URL;


     

       

       
14

       
+

       
    gazesys-modules = modules;


     

       

       
15

       
+

       
  };


     

       

       
16

       
+

       
  port = 3003;


     

       

       
17

       
+

       
in


     

       

       
18

       
+

       
{


     

       

       
19

       
+

       
  users.users.website = {


     

       

       
20

       
+

       
    isSystemUser = true;


     

       

       
21

       
+

       
    group = "website";


     

       

       
22

       
+

       
  };


     

       

       
23

       
+

       
  users.groups.website = { };


     

       

       
24

       
+

       



     

       

       
25

       
+

       
  age.secrets.websiteConfig.file = ../../../secrets/websiteConfig.age;


     

       

       
26

       
+

       



     

       

       
27

       
+

       
  systemd.services.website = {


     

       

       
28

       
+

       
    description = "website";


     

       

       
29

       
+

       
    wantedBy = [ "multi-user.target" ];


     

       

       
30

       
+

       
    after = [ "network.target" ];


     

       

       
31

       
+

       
    environment = {


     

       

       
32

       
+

       
      HOME = "/var/lib/website";


     

       

       
33

       
+

       
      ORIGIN = PUBLIC_BASE_URL;


     

       

       
34

       
+

       
      PORT = toString port;


     

       

       
35

       
+

       
      WEBSITE_DATA_DIR = "/var/lib/website";


     

       

       
36

       
+

       
      VITE_CLOUDINARY_CLOUD_NAME = "dgtwf7mar";


     

       

       
37

       
+

       
    };


     

       

       
38

       
+

       
    serviceConfig = {


     

       

       
39

       
+

       
      User = "website";


     

       

       
40

       
+

       
      ExecStart = "${pkg}/bin/website";


     

       

       
41

       
+

       
      Restart = "on-failure";


     

       

       
42

       
+

       
      RestartSec = 5;


     

       

       
43

       
+

       
      WorkingDirectory = "/var/lib/website";


     

       

       
44

       
+

       
      EnvironmentFile = config.age.secrets.websiteConfig.path;


     

       

       
45

       
+

       
      KillSignal = "SIGKILL";


     

       

       
46

       
+

       
    };


     

       

       
47

       
+

       
  };


     

       

       
48

       
+

       



     

       

       
49

       
+

       
  # systemd.services.annoy-keep-alive = {


     

       

       
50

       
+

       
  #   description = "keeps annoy peer connection alive";


     

       

       
51

       
+

       
  #   wantedBy = [ "multi-user.target" ];


     

       

       
52

       
+

       
  #   after = [ "network.target" ];


     

       

       
53

       
+

       
  #   serviceConfig = {


     

       

       
54

       
+

       
  #     Type = "oneshot";


     

       

       
55

       
+

       
  #     ExecStart = "${pkgs.curl}/bin/curl http://100.64.0.1:3111/";


     

       

       
56

       
+

       
  #   };


     

       

       
57

       
+

       
  # };


     

       

       
58

       
+

       
  # systemd.timers.annoy-keep-alive.timerConfig = {


     

       

       
59

       
+

       
  #   OnBootSec = "5 min";


     

       

       
60

       
+

       
  #   OnUnitActiveSec = "5 min";


     

       

       
61

       
+

       
  #   Unit = "annoy-keep-alive.service";


     

       

       
62

       
+

       
  # };


     

       

       
63

       
+

       



     

       

       
64

       
+

       
  services.nginx.virtualHosts."gaze.systems" = {


     

       

       
65

       
+

       
    locations."/".proxyPass = "http://localhost:${toString port}";


     

       

       
66

       
+

       
    locations."/annoy/ws/" = {


     

       

       
67

       
+

       
      proxyWebsockets = true;


     

       

       
68

       
+

       
      proxyPass = "http://100.64.0.9:3111/";


     

       

       
69

       
+

       
      extraConfig = ''


     

       

       
70

       
+

       
        rewrite ^/annoy/ws/(.*) /$1 break;


     

       

       
71

       
+

       
      '';


     

       

       
72

       
+

       
    };


     

       

       
73

       
+

       
    locations."/annoy/ws" = {


     

       

       
74

       
+

       
      proxyWebsockets = true;


     

       

       
75

       
+

       
      proxyPass = "http://100.64.0.9:3111/";


     

       

       
76

       
+

       
      extraConfig = ''


     

       

       
77

       
+

       
        rewrite ^/annoy/ws(.*) /$1 break;


     

       

       
78

       
+

       
      '';


     

       

       
79

       
+

       
    };


     

       

       
80

       
+

       
  };


     

       

       
81

       
+

       



     

       

       
82

       
+

       
  services.nginx.virtualHosts."poor.dog" = {


     

       

       
83

       
+

       
    locations."/".return = "301 https://gaze.systems$request_uri";


     

       

       
84

       
+

       
  };


     

       

       
85

       
+

       
}
+28
hosts/wolumonde/modules/arpa.disabled 
···

       

       
1

       
+

       
{ pkgs, ... }:


     

       

       
2

       
+

       
let


     

       

       
3

       
+

       
  index = pkgs.writeText "index.txt" ''


     

       

       
4

       
+

       
    hi there~


     

       

       
5

       
+

       



     

       

       
6

       
+

       
    you are currently interfacing with one of the data endpoints


     

       

       
7

       
+

       
    of entity with serial id /90008/. you may want to open a


     

       

       
8

       
+

       
    connection to https://gaze.systems/about for more data.


     

       

       
9

       
+

       



     

       

       
10

       
+

       
    /discord           90.008/


     

       

       
11

       
+

       
    /bsky           @poor.dog/


     

       

       
12

       
+

       
    /email 90008@gaze.systems/


     

       

       
13

       
+

       



     

       

       
14

       
+

       
    /dig +short TXT 9.0.0.0.8.e.f.1.5.0.7.4.0.1.0.0.2.ip6.arpa/


     

       

       
15

       
+

       
  '';


     

       

       
16

       
+

       
  root = pkgs.runCommand "root" { } ''


     

       

       
17

       
+

       
    mkdir -p $out


     

       

       
18

       
+

       
    ln -s ${index} $out/index.txt


     

       

       
19

       
+

       
  '';


     

       

       
20

       
+

       
in


     

       

       
21

       
+

       
{


     

       

       
22

       
+

       
  services.nginx.virtualHosts."9.0.0.0.8.e.f.1.5.0.7.4.0.1.0.0.2.ip6.arpa" = {


     

       

       
23

       
+

       
    inherit root;


     

       

       
24

       
+

       
    locations."/".index = "index.txt";


     

       

       
25

       
+

       
    quic = true;


     

       

       
26

       
+

       
    kTLS = true;


     

       

       
27

       
+

       
  };


     

       

       
28

       
+

       
}
hosts/wolumonde/modules/arpa.nix hosts/trimounts/modules/arpa.nix
hosts/wolumonde/modules/atproto.nix hosts/wolumonde/modules/atproto.disabled
+2
hosts/wolumonde/modules/blog.nix hosts/wolumonde/modules/website.nix 
···

       
22

       
22

       
 

       
  };


     

       
23

       
23

       
 

       
  users.groups.website = { };


     

       
24

       
24

       
 

       



     

       

       
25

       
+

       
  age.secrets.websiteConfig.file = ../../../secrets/websiteConfig.age;


     

       

       
26

       
+

       



     

       
25

       
27

       
 

       
  systemd.services.website = {


     

       
26

       
28

       
 

       
    description = "website";


     

       
27

       
29

       
 

       
    wantedBy = [ "multi-user.target" ];
+29
hosts/wolumonde/modules/clickee-proxy.disabled 
···

       

       
1

       
+

       
{ config, terra, ... }:


     

       

       
2

       
+

       
let


     

       

       
3

       
+

       
  port = 7145;


     

       

       
4

       
+

       
in


     

       

       
5

       
+

       
{


     

       

       
6

       
+

       
  age.secrets.clickeeProxyConfig = {


     

       

       
7

       
+

       
    file = ../../../secrets/clickeeProxyConfig.age;


     

       

       
8

       
+

       
  };


     

       

       
9

       
+

       



     

       

       
10

       
+

       
  systemd.services.clickee-proxy = {


     

       

       
11

       
+

       
    description = "clickee-proxy";


     

       

       
12

       
+

       
    wantedBy = [ "multi-user.target" ];


     

       

       
13

       
+

       
    after = [ "network.target" ];


     

       

       
14

       
+

       
    environment = {


     

       

       
15

       
+

       
      PORT = toString port;


     

       

       
16

       
+

       
    };


     

       

       
17

       
+

       
    serviceConfig = {


     

       

       
18

       
+

       
      DynamicUser = true;


     

       

       
19

       
+

       
      ExecStart = "${terra.clickee-proxy}/bin/clickee-proxy";


     

       

       
20

       
+

       
      Restart = "on-failure";


     

       

       
21

       
+

       
      RestartSec = 5;


     

       

       
22

       
+

       
      EnvironmentFile = config.age.secrets.clickeeProxyConfig.path;


     

       

       
23

       
+

       
    };


     

       

       
24

       
+

       
  };


     

       

       
25

       
+

       



     

       

       
26

       
+

       
  services.nginx.virtualHosts."poor.dog" = {


     

       

       
27

       
+

       
    locations."/click".proxyPass = "http://localhost:${toString port}";


     

       

       
28

       
+

       
  };


     

       

       
29

       
+

       
}
hosts/wolumonde/modules/clickee-proxy.nix hosts/trimounts/modules/clickee-proxy.nix
hosts/wolumonde/modules/email.nix hosts/wolumonde/modules/email.disabled
+33
hosts/wolumonde/modules/fluentbit.disabled 
···

       

       
1

       
+

       
{


     

       

       
2

       
+

       
  pkgs,


     

       

       
3

       
+

       
  config,


     

       

       
4

       
+

       
  lib,


     

       

       
5

       
+

       
  ...


     

       

       
6

       
+

       
}:


     

       

       
7

       
+

       
{


     

       

       
8

       
+

       
  services.fluent-bit = {


     

       

       
9

       
+

       
    enable = true;


     

       

       
10

       
+

       
    settings = {


     

       

       
11

       
+

       
      service.flush = 1;


     

       

       
12

       
+

       
      pipeline.inputs = [


     

       

       
13

       
+

       
        {


     

       

       
14

       
+

       
          name = "node_exporter_metrics";


     

       

       
15

       
+

       
          tag = "metrics.node";


     

       

       
16

       
+

       
          scrape_interval = 5;


     

       

       
17

       
+

       
        }


     

       

       
18

       
+

       
        # {


     

       

       
19

       
+

       
        #   name = "dummy";


     

       

       
20

       
+

       
        #   tag = "logs.dummy";


     

       

       
21

       
+

       
        #   dummy = ''{"_msg": "dummy"}'';


     

       

       
22

       
+

       
        # }


     

       

       
23

       
+

       
        {


     

       

       
24

       
+

       
          name = "fluentbit_metrics";


     

       

       
25

       
+

       
          tag = "metrics.fluentbit";


     

       

       
26

       
+

       
          scrape_interval = 5;


     

       

       
27

       
+

       
        }


     

       

       
28

       
+

       
      ];


     

       

       
29

       
+

       
    };


     

       

       
30

       
+

       
  };


     

       

       
31

       
+

       



     

       

       
32

       
+

       
  systemd.services.fluent-bit.serviceConfig.StateDirectory = "fluent-bit";


     

       

       
33

       
+

       
}
hosts/wolumonde/modules/fluentbit.nix hosts/trimounts/modules/fluentbit.nix
hosts/wolumonde/modules/forgejo.nix/default.nix hosts/wolumonde/modules/forgejo.disabled/default.nix
hosts/wolumonde/modules/forgejo.nix/public/assets/css/theme-edge-dark.css hosts/wolumonde/modules/forgejo.disabled/public/assets/css/theme-edge-dark.css
hosts/wolumonde/modules/forgejo.nix/public/assets/fonts/comic.woff2 hosts/wolumonde/modules/forgejo.disabled/public/assets/fonts/comic.woff2
hosts/wolumonde/modules/forgejo.nix/public/assets/fonts/comicbd.woff2 hosts/wolumonde/modules/forgejo.disabled/public/assets/fonts/comicbd.woff2
hosts/wolumonde/modules/forgejo.nix/public/assets/fonts/comici.woff2 hosts/wolumonde/modules/forgejo.disabled/public/assets/fonts/comici.woff2
hosts/wolumonde/modules/forgejo.nix/public/assets/img/favicon.png hosts/wolumonde/modules/forgejo.disabled/public/assets/img/favicon.png
hosts/wolumonde/modules/forgejo.nix/public/assets/img/grrr.webp hosts/wolumonde/modules/forgejo.disabled/public/assets/img/grrr.webp
hosts/wolumonde/modules/forgejo.nix/public/assets/img/logo.png hosts/wolumonde/modules/forgejo.disabled/public/assets/img/logo.png
hosts/wolumonde/modules/forgejo.nix/public/assets/img/wecode.gif hosts/wolumonde/modules/forgejo.disabled/public/assets/img/wecode.gif
hosts/wolumonde/modules/forgejo.nix/templates/base/head.tmpl hosts/wolumonde/modules/forgejo.disabled/templates/base/head.tmpl
hosts/wolumonde/modules/forgejo.nix/templates/base/head_navbar.tmpl hosts/wolumonde/modules/forgejo.disabled/templates/base/head_navbar.tmpl
hosts/wolumonde/modules/forgejo.nix/templates/home.tmpl hosts/wolumonde/modules/forgejo.disabled/templates/home.tmpl
+28
hosts/wolumonde/modules/hedgedoc.disabled 
···

       

       
1

       
+

       
{ config, ... }:


     

       

       
2

       
+

       
let


     

       

       
3

       
+

       
  cfg = config.services.hedgedoc.settings;


     

       

       
4

       
+

       
in


     

       

       
5

       
+

       
{


     

       

       
6

       
+

       
  services.hedgedoc = {


     

       

       
7

       
+

       
    enable = true;


     

       

       
8

       
+

       
    settings = {


     

       

       
9

       
+

       
      port = 3333;


     

       

       
10

       
+

       
      domain = "doc.gaze.systems";


     

       

       
11

       
+

       
      protocolUseSSL = true;


     

       

       
12

       
+

       
      allowEmailRegister = false;


     

       

       
13

       
+

       
      allowAnonymous = false;


     

       

       
14

       
+

       
      allowAnonymousEdits = true;


     

       

       
15

       
+

       
      allowFreeURL = true;


     

       

       
16

       
+

       
      requireFreeURLAuthentication = true;


     

       

       
17

       
+

       
    };


     

       

       
18

       
+

       
  };


     

       

       
19

       
+

       



     

       

       
20

       
+

       
  security.acme.certs."gaze.systems".extraDomainNames = [ cfg.domain ];


     

       

       
21

       
+

       
  services.nginx.virtualHosts.${cfg.domain} = {


     

       

       
22

       
+

       
    useACMEHost = "gaze.systems";


     

       

       
23

       
+

       
    forceSSL = true;


     

       

       
24

       
+

       
    quic = true;


     

       

       
25

       
+

       
    kTLS = true;


     

       

       
26

       
+

       
    locations."/".proxyPass = "http://${cfg.host}:${toString cfg.port}";


     

       

       
27

       
+

       
  };


     

       

       
28

       
+

       
}
hosts/wolumonde/modules/hedgedoc.nix hosts/trimounts/modules/hedgedoc.nix
hosts/wolumonde/modules/limbusart.nix hosts/wolumonde/modules/limbusart.disabled
+67 -61
hosts/wolumonde/modules/nginx.nix 
···

       
1

       
1

       
 

       
{


     

       

       
2

       
+

       
  config,


     

       
2

       
3

       
 

       
  lib,


     

       
3

       
4

       
 

       
  inputs,


     

       
4

       

       
-

       
  pkgs,


     

       
5

       
5

       
 

       
  ...


     

       
6

       
6

       
 

       
}:


     

       
7

       
7

       
 

       
{


     

       
8

       
8

       
 

       
  services.nginx = {


     

       
9

       
9

       
 

       
    enable = true;


     

       
10

       

       
-

       
    package = pkgs.nginxQuic;


     

       
11

       
10

       
 

       
    recommendedTlsSettings = true;


     

       
12

       
11

       
 

       
    recommendedOptimisation = true;


     

       
13

       
12

       
 

       
    recommendedGzipSettings = true;


     
···

       
40

       
39

       
 

       



     

       
41

       
40

       
 

       
  users.users.nginx.extraGroups = [ "acme" ];


     

       
42

       
41

       
 

       



     

       

       
42

       
+

       
  age.secrets.cfDnsEditToken.file = ../../../secrets/cloudflareDnsEdit.age;


     

       
43

       
43

       
 

       
  security.acme = {


     

       
44

       
44

       
 

       
    acceptTerms = true;


     

       
45

       

       
-

       
    defaults.email = (import "${inputs.self}/personal.nix").emails.primary;


     

       
46

       

       
-

       
    defaults.webroot = "/var/lib/acme/acme-challenge";


     

       

       
45

       
+

       
    defaults = {


     

       

       
46

       
+

       
      group = "nginx";


     

       

       
47

       
+

       
      email = (import "${inputs.self}/personal.nix").emails.primary;


     

       

       
48

       
+

       
      dnsProvider = "cloudflare";


     

       

       
49

       
+

       
      credentialFiles = {


     

       

       
50

       
+

       
        CF_DNS_API_TOKEN_FILE = config.age.secrets.cfDnsEditToken.path;


     

       

       
51

       
+

       
      };


     

       

       
52

       
+

       
    };


     

       
47

       
53

       
 

       
    certs."poor.dog" = { };


     

       
48

       
54

       
 

       
    certs."ptr.pet" = { };


     

       
49

       
55

       
 

       
    certs."gaze.systems" = { };


     
···

       
67

       
73

       
 

       
    forceSSL = true;


     

       
68

       
74

       
 

       
  };


     

       
69

       
75

       
 

       



     

       
70

       

       
-

       
  services.fluent-bit.settings = {


     

       
71

       

       
-

       
    parsers = [


     

       
72

       

       
-

       
      {


     

       
73

       

       
-

       
        name = "nginx_json";


     

       
74

       

       
-

       
        format = "json";


     

       
75

       

       
-

       
        time_key = "time";


     

       
76

       

       
-

       
        time_format = "%d/%b/%Y:%H:%M:%S %z";


     

       
77

       

       
-

       
      }


     

       
78

       

       
-

       
    ];


     

       
79

       

       
-

       
    pipeline = {


     

       
80

       

       
-

       
      inputs = [


     

       
81

       

       
-

       
        {


     

       
82

       

       
-

       
          name = "nginx_metrics";


     

       
83

       

       
-

       
          tag = "metrics.nginx";


     

       
84

       

       
-

       
          status_url = "/nginx_status";


     

       
85

       

       
-

       
          nginx_plus = false;


     

       
86

       

       
-

       
        }


     

       
87

       

       
-

       
        {


     

       
88

       

       
-

       
          name = "tail";


     

       
89

       

       
-

       
          tag = "logs.nginx";


     

       
90

       

       
-

       
          path = "/var/log/nginx/*.log";


     

       
91

       

       
-

       
          db = "/var/lib/fluent-bit/nginx-access.db";


     

       
92

       

       
-

       
          "db.locking" = true;


     

       
93

       

       
-

       
          buffer_chunk_size = "4m";


     

       
94

       

       
-

       
          buffer_max_size = "32m";


     

       
95

       

       
-

       
          parser = "nginx_json";


     

       
96

       

       
-

       
        }


     

       
97

       

       
-

       
      ];


     

       
98

       

       
-

       
      filters = [


     

       
99

       

       
-

       
        {


     

       
100

       

       
-

       
          name = "modify";


     

       
101

       

       
-

       
          match = "logs.nginx";


     

       
102

       

       
-

       
          Add = [ "name nginx" ];


     

       
103

       

       
-

       
        }


     

       
104

       

       
-

       
      ];


     

       
105

       

       
-

       
    };


     

       
106

       

       
-

       
  };


     

       

       
76

       
+

       
  # services.fluent-bit.settings = {


     

       

       
77

       
+

       
  #   parsers = [


     

       

       
78

       
+

       
  #     {


     

       

       
79

       
+

       
  #       name = "nginx_json";


     

       

       
80

       
+

       
  #       format = "json";


     

       

       
81

       
+

       
  #       time_key = "time";


     

       

       
82

       
+

       
  #       time_format = "%d/%b/%Y:%H:%M:%S %z";


     

       

       
83

       
+

       
  #     }


     

       

       
84

       
+

       
  #   ];


     

       

       
85

       
+

       
  #   pipeline = {


     

       

       
86

       
+

       
  #     inputs = [


     

       

       
87

       
+

       
  #       {


     

       

       
88

       
+

       
  #         name = "nginx_metrics";


     

       

       
89

       
+

       
  #         tag = "metrics.nginx";


     

       

       
90

       
+

       
  #         status_url = "/nginx_status";


     

       

       
91

       
+

       
  #         nginx_plus = false;


     

       

       
92

       
+

       
  #       }


     

       

       
93

       
+

       
  #       {


     

       

       
94

       
+

       
  #         name = "tail";


     

       

       
95

       
+

       
  #         tag = "logs.nginx";


     

       

       
96

       
+

       
  #         path = "/var/log/nginx/*.log";


     

       

       
97

       
+

       
  #         db = "/var/lib/fluent-bit/nginx-access.db";


     

       

       
98

       
+

       
  #         "db.locking" = true;


     

       

       
99

       
+

       
  #         buffer_chunk_size = "4m";


     

       

       
100

       
+

       
  #         buffer_max_size = "32m";


     

       

       
101

       
+

       
  #         parser = "nginx_json";


     

       

       
102

       
+

       
  #       }


     

       

       
103

       
+

       
  #     ];


     

       

       
104

       
+

       
  #     filters = [


     

       

       
105

       
+

       
  #       {


     

       

       
106

       
+

       
  #         name = "modify";


     

       

       
107

       
+

       
  #         match = "logs.nginx";


     

       

       
108

       
+

       
  #         Add = [ "name nginx" ];


     

       

       
109

       
+

       
  #       }


     

       

       
110

       
+

       
  #     ];


     

       

       
111

       
+

       
  #   };


     

       

       
112

       
+

       
  # };


     

       
107

       
113

       
 

       



     

       
108

       

       
-

       
  # need so fluent-bit can access nginx


     

       
109

       

       
-

       
  systemd.services.fluent-bit.serviceConfig.SupplementaryGroups = lib.mkForce "systemd-journal nginx";


     

       

       
114

       
+

       
  # # need so fluent-bit can access nginx


     

       

       
115

       
+

       
  # systemd.services.fluent-bit.serviceConfig.SupplementaryGroups = lib.mkForce "systemd-journal nginx";


     

       
110

       
116

       
 

       



     

       
111

       

       
-

       
  services.vmalert.instances."".rules.groups = [


     

       
112

       

       
-

       
    {


     

       
113

       

       
-

       
      name = "nginx-logs";


     

       
114

       

       
-

       
      type = "vlogs";


     

       
115

       

       
-

       
      interval = "1m";


     

       
116

       

       
-

       
      rules = [


     

       
117

       

       
-

       
        {


     

       
118

       

       
-

       
          record = "nginx_request_count";


     

       
119

       

       
-

       
          expr = "name:nginx | stats (res.statusCode) count() as total_requests";


     

       
120

       

       
-

       
        }


     

       
121

       

       
-

       
        {


     

       
122

       

       
-

       
          record = "nginx_request_latency";


     

       
123

       

       
-

       
          # filter out subscribeRepos requests because they are long polling http L


     

       
124

       

       
-

       
          expr = "name:nginx | filter req.url:!/xrpc/com.atproto.sync.subscribeRepos | stats avg(requestTime) avg, quantile(0.5, requestTime) p50, quantile(0.9, requestTime) p90, quantile(0.99, requestTime) p99";


     

       
125

       

       
-

       
        }


     

       
126

       

       
-

       
      ];


     

       
127

       

       
-

       
    }


     

       
128

       

       
-

       
  ];


     

       

       
117

       
+

       
  # services.vmalert.instances."".rules.groups = [


     

       

       
118

       
+

       
  #   {


     

       

       
119

       
+

       
  #     name = "nginx-logs";


     

       

       
120

       
+

       
  #     type = "vlogs";


     

       

       
121

       
+

       
  #     interval = "1m";


     

       

       
122

       
+

       
  #     rules = [


     

       

       
123

       
+

       
  #       {


     

       

       
124

       
+

       
  #         record = "nginx_request_count";


     

       

       
125

       
+

       
  #         expr = "name:nginx | stats (res.statusCode) count() as total_requests";


     

       

       
126

       
+

       
  #       }


     

       

       
127

       
+

       
  #       {


     

       

       
128

       
+

       
  #         record = "nginx_request_latency";


     

       

       
129

       
+

       
  #         # filter out subscribeRepos requests because they are long polling http L


     

       

       
130

       
+

       
  #         expr = "name:nginx | filter req.url:!/xrpc/com.atproto.sync.subscribeRepos | stats avg(requestTime) avg, quantile(0.5, requestTime) p50, quantile(0.9, requestTime) p90, quantile(0.99, requestTime) p99";


     

       

       
131

       
+

       
  #       }


     

       

       
132

       
+

       
  #     ];


     

       

       
133

       
+

       
  #   }


     

       

       
134

       
+

       
  # ];


     

       
129

       
135

       
 

       
}
hosts/wolumonde/modules/nsid-tracker.nix hosts/wolumonde/modules/nsid-tracker.disabled
+152
hosts/wolumonde/modules/pds.disabled 
···

       

       
1

       
+

       
{ lib, config, ... }:


     

       

       
2

       
+

       
let


     

       

       
3

       
+

       
  pdsLocalhost = "http://localhost:${toString config.services.bluesky-pds.settings.PDS_PORT}";


     

       

       
4

       
+

       
in


     

       

       
5

       
+

       
{


     

       

       
6

       
+

       
  services.nginx.virtualHosts.${config.services.bluesky-pds.settings.PDS_HOSTNAME} = {


     

       

       
7

       
+

       
    useACMEHost = "gaze.systems";


     

       

       
8

       
+

       
    forceSSL = true;


     

       

       
9

       
+

       
    locations = {


     

       

       
10

       
+

       
      # we need to proxy /xrpc for pds to work


     

       

       
11

       
+

       
      # silly but i want root domain >:3


     

       

       
12

       
+

       
      "/xrpc" = {


     

       

       
13

       
+

       
        proxyPass = pdsLocalhost;


     

       

       
14

       
+

       
        proxyWebsockets = true;


     

       

       
15

       
+

       
        # pass ws headers so we can actually proxy the ws


     

       

       
16

       
+

       
        extraConfig = ''


     

       

       
17

       
+

       
          proxy_set_header id $request_id;


     

       

       
18

       
+

       
          client_max_body_size 100M;


     

       

       
19

       
+

       
        '';


     

       

       
20

       
+

       
        # higher prio just to make sure


     

       

       
21

       
+

       
        priority = 100;


     

       

       
22

       
+

       
      };


     

       

       
23

       
+

       
      "/xrpc/app.bsky.unspecced.getAgeAssuranceState".extraConfig = ''


     

       

       
24

       
+

       
    		default_type application/json;


     

       

       
25

       
+

       
    		add_header access-control-allow-headers "authorization,dpop,atproto-accept-labelers,atproto-proxy" always;


     

       

       
26

       
+

       
    		add_header access-control-allow-origin "*" always;


     

       

       
27

       
+

       
    		return 200 '{"lastInitiatedAt":"2025-07-14T14:22:43.912Z","status":"assured"}';


     

       

       
28

       
+

       
      '';


     

       

       
29

       
+

       
    }


     

       

       
30

       
+

       
    # others


     

       

       
31

       
+

       
    // (lib.genAttrs


     

       

       
32

       
+

       
      [


     

       

       
33

       
+

       
        "/account"


     

       

       
34

       
+

       
        "/@atproto"


     

       

       
35

       
+

       
        "/oauth"


     

       

       
36

       
+

       
        "=/.well-known/oauth-protected-resource"


     

       

       
37

       
+

       
        "=/.well-known/oauth-authorization-server"


     

       

       
38

       
+

       
      ]


     

       

       
39

       
+

       
      (_: {


     

       

       
40

       
+

       
        proxyPass = pdsLocalhost;


     

       

       
41

       
+

       
        # higher prio just to make sure


     

       

       
42

       
+

       
        priority = 100;


     

       

       
43

       
+

       
      })


     

       

       
44

       
+

       
    );


     

       

       
45

       
+

       
  };


     

       

       
46

       
+

       
  # setup pds stuff


     

       

       
47

       
+

       
  services.bluesky-pds = {


     

       

       
48

       
+

       
    enable = true;


     

       

       
49

       
+

       
    settings = {


     

       

       
50

       
+

       
      PDS_HOSTNAME = "gaze.systems";


     

       

       
51

       
+

       
      PDS_PORT = 1334;


     

       

       
52

       
+

       



     

       

       
53

       
+

       
      PDS_SERVICE_NAME = ''"gazing at the sky"'';


     

       

       
54

       
+

       
      PDS_LOGO_URL = "https://gaze.systems/icons/gaze_site.webp";


     

       

       
55

       
+

       



     

       

       
56

       
+

       
      PDS_RATE_LIMITS_ENABLED = "true";


     

       

       
57

       
+

       
      PDS_INVITE_REQUIRED = "true";


     

       

       
58

       
+

       



     

       

       
59

       
+

       
      PDS_DID_PLC_URL = "https://plc.directory";


     

       

       
60

       
+

       
      PDS_BSKY_APP_VIEW_URL = "https://api.bsky.app";


     

       

       
61

       
+

       
      PDS_BSKY_APP_VIEW_DID = "did:web:api.bsky.app";


     

       

       
62

       
+

       
      PDS_REPORT_SERVICE_URL = "https://mod.bsky.app";


     

       

       
63

       
+

       
      PDS_REPORT_SERVICE_DID = "did:plc:ar7c4by46qjdydhdevvrndac";


     

       

       
64

       
+

       
      PDS_CRAWLERS = "https://bsky.network";


     

       

       
65

       
+

       
    };


     

       

       
66

       
+

       
    environmentFiles = [ config.age.secrets.pdsConfig.path ];


     

       

       
67

       
+

       
  };


     

       

       
68

       
+

       



     

       

       
69

       
+

       
  # services.fluent-bit.settings = {


     

       

       
70

       
+

       
  #   parsers = [


     

       

       
71

       
+

       
  #     {


     

       

       
72

       
+

       
  #       name = "pds_json";


     

       

       
73

       
+

       
  #       format = "json";


     

       

       
74

       
+

       
  #       time_key = "time";


     

       

       
75

       
+

       
  #       time_strict = false;


     

       

       
76

       
+

       
  #     }


     

       

       
77

       
+

       
  #   ];


     

       

       
78

       
+

       
  #   pipeline = {


     

       

       
79

       
+

       
  #     inputs = [


     

       

       
80

       
+

       
  #       {


     

       

       
81

       
+

       
  #         name = "systemd";


     

       

       
82

       
+

       
  #         tag = "logs.pds";


     

       

       
83

       
+

       
  #         systemd_filter = "_SYSTEMD_UNIT=bluesky-pds.service";


     

       

       
84

       
+

       
  #       }


     

       

       
85

       
+

       
  #     ];


     

       

       
86

       
+

       
  #     filters = [


     

       

       
87

       
+

       
  #       {


     

       

       
88

       
+

       
  #         name = "parser";


     

       

       
89

       
+

       
  #         match = "logs.pds";


     

       

       
90

       
+

       
  #         key_name = "MESSAGE";


     

       

       
91

       
+

       
  #         parser = "pds_json";


     

       

       
92

       
+

       
  #       }


     

       

       
93

       
+

       
  #       {


     

       

       
94

       
+

       
  #         name = "modify";


     

       

       
95

       
+

       
  #         match = "logs.pds";


     

       

       
96

       
+

       
  #         Rename = [ "msg _msg" ];


     

       

       
97

       
+

       
  #       }


     

       

       
98

       
+

       
  #     ];


     

       

       
99

       
+

       
  #   };


     

       

       
100

       
+

       
  # };


     

       

       
101

       
+

       



     

       

       
102

       
+

       
  # services.vmalert.instances."".rules.groups = [


     

       

       
103

       
+

       
  #   {


     

       

       
104

       
+

       
  #     name = "pds-logs";


     

       

       
105

       
+

       
  #     type = "vlogs";


     

       

       
106

       
+

       
  #     interval = "1m";


     

       

       
107

       
+

       
  #     rules = [


     

       

       
108

       
+

       
  #       {


     

       

       
109

       
+

       
  #         record = "pds_request_count";


     

       

       
110

       
+

       
  #         expr = "name:pds | stats (res.statusCode) count() as total_requests";


     

       

       
111

       
+

       
  #       }


     

       

       
112

       
+

       
  #       {


     

       

       
113

       
+

       
  #         record = "pds_response_latency";


     

       

       
114

       
+

       
  #         expr = "name:pds | stats avg(responseTime) avg, quantile(0.5, responseTime) p50, quantile(0.9, responseTime) p90, quantile(0.99, responseTime) p99";


     

       

       
115

       
+

       
  #       }


     

       

       
116

       
+

       
  #     ];


     

       

       
117

       
+

       
  #   }


     

       

       
118

       
+

       
  # ];


     

       

       
119

       
+

       



     

       

       
120

       
+

       
  # virtualisation = {


     

       

       
121

       
+

       
  #   podman = {


     

       

       
122

       
+

       
  #     enable = true;


     

       

       
123

       
+

       
  #     dockerCompat = true;


     

       

       
124

       
+

       
  #     defaultNetwork.settings.dns_enabled = true;


     

       

       
125

       
+

       
  #   };


     

       

       
126

       
+

       
  #   oci-containers.containers = {


     

       

       
127

       
+

       
  #     pds = {


     

       

       
128

       
+

       
  #       image = "ghcr.io/bluesky-social/pds:0.4";


     

       

       
129

       
+

       
  #       autoStart = true;


     

       

       
130

       
+

       
  #       environmentFiles = [ ./pds.env config.age.secrets.pdsConfig.path ];


     

       

       
131

       
+

       
  #       ports = [ "1334:1334" ];


     

       

       
132

       
+

       
  #       volumes = [


     

       

       
133

       
+

       
  #         "/var/lib/pds:/pds"


     

       

       
134

       
+

       
  #       ];


     

       

       
135

       
+

       
  #       extraOptions = [


     

       

       
136

       
+

       
  #         #"--network=host"


     

       

       
137

       
+

       
  #         "--label=io.containers.autoupdate=registry"


     

       

       
138

       
+

       
  #       ];


     

       

       
139

       
+

       
  #     };


     

       

       
140

       
+

       
  #   };


     

       

       
141

       
+

       
  # };


     

       

       
142

       
+

       
  # # This is the podman auto-update systemd timer.


     

       

       
143

       
+

       
  # # If I start to rely on podman auto-update more, I should move this out of the PDS definition.


     

       

       
144

       
+

       
  # systemd.timers."podman-auto-update" = {


     

       

       
145

       
+

       
  #   enable = true;


     

       

       
146

       
+

       
  #   timerConfig = {


     

       

       
147

       
+

       
  #     OnCalendar = "*-*-* 4:00:00";


     

       

       
148

       
+

       
  #     Persistent = true;


     

       

       
149

       
+

       
  #   };


     

       

       
150

       
+

       
  #   wantedBy = [ "timers.target" ];


     

       

       
151

       
+

       
  # };


     

       

       
152

       
+

       
}
+2 -33
hosts/wolumonde/modules/pds.nix hosts/trimounts/modules/pds.nix 
···

       
3

       
3

       
 

       
  pdsLocalhost = "http://localhost:${toString config.services.bluesky-pds.settings.PDS_PORT}";


     

       
4

       
4

       
 

       
in


     

       
5

       
5

       
 

       
{


     

       

       
6

       
+

       
  age.secrets.pdsConfig.file = ../../../secrets/pdsConfig.age;


     

       

       
7

       
+

       
  


     

       
6

       
8

       
 

       
  services.nginx.virtualHosts.${config.services.bluesky-pds.settings.PDS_HOSTNAME} = {


     

       
7

       
9

       
 

       
    useACMEHost = "gaze.systems";


     

       
8

       
10

       
 

       
    forceSSL = true;


     
···

       
116

       
118

       
 

       
      ];


     

       
117

       
119

       
 

       
    }


     

       
118

       
120

       
 

       
  ];


     

       
119

       

       
-

       



     

       
120

       

       
-

       
  # virtualisation = {


     

       
121

       

       
-

       
  #   podman = {


     

       
122

       

       
-

       
  #     enable = true;


     

       
123

       

       
-

       
  #     dockerCompat = true;


     

       
124

       

       
-

       
  #     defaultNetwork.settings.dns_enabled = true;


     

       
125

       

       
-

       
  #   };


     

       
126

       

       
-

       
  #   oci-containers.containers = {


     

       
127

       

       
-

       
  #     pds = {


     

       
128

       

       
-

       
  #       image = "ghcr.io/bluesky-social/pds:0.4";


     

       
129

       

       
-

       
  #       autoStart = true;


     

       
130

       

       
-

       
  #       environmentFiles = [ ./pds.env config.age.secrets.pdsConfig.path ];


     

       
131

       

       
-

       
  #       ports = [ "1334:1334" ];


     

       
132

       

       
-

       
  #       volumes = [


     

       
133

       

       
-

       
  #         "/var/lib/pds:/pds"


     

       
134

       

       
-

       
  #       ];


     

       
135

       

       
-

       
  #       extraOptions = [


     

       
136

       

       
-

       
  #         #"--network=host"


     

       
137

       

       
-

       
  #         "--label=io.containers.autoupdate=registry"


     

       
138

       

       
-

       
  #       ];


     

       
139

       

       
-

       
  #     };


     

       
140

       

       
-

       
  #   };


     

       
141

       

       
-

       
  # };


     

       
142

       

       
-

       
  # # This is the podman auto-update systemd timer.


     

       
143

       

       
-

       
  # # If I start to rely on podman auto-update more, I should move this out of the PDS definition.


     

       
144

       

       
-

       
  # systemd.timers."podman-auto-update" = {


     

       
145

       

       
-

       
  #   enable = true;


     

       
146

       

       
-

       
  #   timerConfig = {


     

       
147

       

       
-

       
  #     OnCalendar = "*-*-* 4:00:00";


     

       
148

       

       
-

       
  #     Persistent = true;


     

       
149

       

       
-

       
  #   };


     

       
150

       

       
-

       
  #   wantedBy = [ "timers.target" ];


     

       
151

       

       
-

       
  # };


     

       
152

       
121

       
 

       
}
+2
hosts/wolumonde/modules/perses.disabled/dashboards/.gitignore 
···

       

       
1

       
+

       
# folder used to store the results of the `percli dac build` command


     

       

       
2

       
+

       
built
+28
hosts/wolumonde/modules/perses.disabled/dashboards/go.mod 
···

       

       
1

       
+

       
module dash


     

       

       
2

       
+

       



     

       

       
3

       
+

       
go 1.24.2


     

       

       
4

       
+

       



     

       

       
5

       
+

       
require (


     

       

       
6

       
+

       
	github.com/beorn7/perks v1.0.1 // indirect


     

       

       
7

       
+

       
	github.com/cespare/xxhash/v2 v2.3.0 // indirect


     

       

       
8

       
+

       
	github.com/go-jose/go-jose/v4 v4.0.5 // indirect


     

       

       
9

       
+

       
	github.com/jpillora/backoff v1.0.0 // indirect


     

       

       
10

       
+

       
	github.com/muhlemmer/gu v0.3.1 // indirect


     

       

       
11

       
+

       
	github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect


     

       

       
12

       
+

       
	github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f // indirect


     

       

       
13

       
+

       
	github.com/perses/perses v0.50.3 // indirect


     

       

       
14

       
+

       
	github.com/prometheus/client_golang v1.20.5 // indirect


     

       

       
15

       
+

       
	github.com/prometheus/client_model v0.6.1 // indirect


     

       

       
16

       
+

       
	github.com/prometheus/common v0.63.0 // indirect


     

       

       
17

       
+

       
	github.com/prometheus/procfs v0.15.1 // indirect


     

       

       
18

       
+

       
	github.com/zitadel/oidc/v3 v3.36.1 // indirect


     

       

       
19

       
+

       
	github.com/zitadel/schema v1.3.0 // indirect


     

       

       
20

       
+

       
	golang.org/x/crypto v0.36.0 // indirect


     

       

       
21

       
+

       
	golang.org/x/net v0.35.0 // indirect


     

       

       
22

       
+

       
	golang.org/x/oauth2 v0.28.0 // indirect


     

       

       
23

       
+

       
	golang.org/x/sys v0.31.0 // indirect


     

       

       
24

       
+

       
	golang.org/x/text v0.23.0 // indirect


     

       

       
25

       
+

       
	google.golang.org/protobuf v1.36.5 // indirect


     

       

       
26

       
+

       
	gopkg.in/yaml.v2 v2.4.0 // indirect


     

       

       
27

       
+

       
	gopkg.in/yaml.v3 v3.0.1 // indirect


     

       

       
28

       
+

       
)
+45
hosts/wolumonde/modules/perses.disabled/dashboards/go.sum 
···

       

       
1

       
+

       
github.com/beorn7/perks v1.0.1 h1:VlbKKnNfV8bJzeqoa4cOKqO6bYr3WgKZxO8Z16+hsOM=


     

       

       
2

       
+

       
github.com/beorn7/perks v1.0.1/go.mod h1:G2ZrVWU2WbWT9wwq4/hrbKbnv/1ERSJQ0ibhJ6rlkpw=


     

       

       
3

       
+

       
github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs=


     

       

       
4

       
+

       
github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=


     

       

       
5

       
+

       
github.com/go-jose/go-jose/v4 v4.0.5 h1:M6T8+mKZl/+fNNuFHvGIzDz7BTLQPIounk/b9dw3AaE=


     

       

       
6

       
+

       
github.com/go-jose/go-jose/v4 v4.0.5/go.mod h1:s3P1lRrkT8igV8D9OjyL4WRyHvjB6a4JSllnOrmmBOA=


     

       

       
7

       
+

       
github.com/jpillora/backoff v1.0.0 h1:uvFg412JmmHBHw7iwprIxkPMI+sGQ4kzOWsMeHnm2EA=


     

       

       
8

       
+

       
github.com/jpillora/backoff v1.0.0/go.mod h1:J/6gKK9jxlEcS3zixgDgUAsiuZ7yrSoa/FX5e0EB2j4=


     

       

       
9

       
+

       
github.com/muhlemmer/gu v0.3.1 h1:7EAqmFrW7n3hETvuAdmFmn4hS8W+z3LgKtrnow+YzNM=


     

       

       
10

       
+

       
github.com/muhlemmer/gu v0.3.1/go.mod h1:YHtHR+gxM+bKEIIs7Hmi9sPT3ZDUvTN/i88wQpZkrdM=


     

       

       
11

       
+

       
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA=


     

       

       
12

       
+

       
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ=


     

       

       
13

       
+

       
github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f h1:KUppIJq7/+SVif2QVs3tOP0zanoHgBEVAwHxUSIzRqU=


     

       

       
14

       
+

       
github.com/mwitkow/go-conntrack v0.0.0-20190716064945-2f068394615f/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=


     

       

       
15

       
+

       
github.com/perses/perses v0.50.3 h1:BHlU9qkCFCUSP4HP5p9GwophWcxm5Vnu6Fsrx8Fb/+w=


     

       

       
16

       
+

       
github.com/perses/perses v0.50.3/go.mod h1:oqfHLOrXERvEqECShqXPjHXqVukQxcoaaTM6ySRF7hU=


     

       

       
17

       
+

       
github.com/prometheus/client_golang v1.20.5 h1:cxppBPuYhUnsO6yo/aoRol4L7q7UFfdm+bR9r+8l63Y=


     

       

       
18

       
+

       
github.com/prometheus/client_golang v1.20.5/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE=


     

       

       
19

       
+

       
github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E=


     

       

       
20

       
+

       
github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY=


     

       

       
21

       
+

       
github.com/prometheus/common v0.63.0 h1:YR/EIY1o3mEFP/kZCD7iDMnLPlGyuU2Gb3HIcXnA98k=


     

       

       
22

       
+

       
github.com/prometheus/common v0.63.0/go.mod h1:VVFF/fBIoToEnWRVkYoXEkq3R3paCoxG9PXP74SnV18=


     

       

       
23

       
+

       
github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc=


     

       

       
24

       
+

       
github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk=


     

       

       
25

       
+

       
github.com/zitadel/oidc/v3 v3.36.1 h1:1AT1NqKKEqAwx4GmKJZ9fYkWH2WIn/VKMfQ46nBtRf0=


     

       

       
26

       
+

       
github.com/zitadel/oidc/v3 v3.36.1/go.mod h1:dApGZLvWZTHRuxmcbQlW5d2XVjVYR3vGOdq536igmTs=


     

       

       
27

       
+

       
github.com/zitadel/schema v1.3.0 h1:kQ9W9tvIwZICCKWcMvCEweXET1OcOyGEuFbHs4o5kg0=


     

       

       
28

       
+

       
github.com/zitadel/schema v1.3.0/go.mod h1:NptN6mkBDFvERUCvZHlvWmmME+gmZ44xzwRXwhzsbtc=


     

       

       
29

       
+

       
golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=


     

       

       
30

       
+

       
golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=


     

       

       
31

       
+

       
golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8=


     

       

       
32

       
+

       
golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk=


     

       

       
33

       
+

       
golang.org/x/oauth2 v0.28.0 h1:CrgCKl8PPAVtLnU3c+EDw6x11699EWlsDeWNWKdIOkc=


     

       

       
34

       
+

       
golang.org/x/oauth2 v0.28.0/go.mod h1:onh5ek6nERTohokkhCD/y2cV4Do3fxFHFuAejCkRWT8=


     

       

       
35

       
+

       
golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=


     

       

       
36

       
+

       
golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=


     

       

       
37

       
+

       
golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=


     

       

       
38

       
+

       
golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=


     

       

       
39

       
+

       
google.golang.org/protobuf v1.36.5 h1:tPhr+woSbjfYvY6/GPufUoYizxw1cF/yFoxJ2fmpwlM=


     

       

       
40

       
+

       
google.golang.org/protobuf v1.36.5/go.mod h1:9fA7Ob0pmnwhb644+1+CVWFRbNajQ6iRojtC/QF5bRE=


     

       

       
41

       
+

       
gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=


     

       

       
42

       
+

       
gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY=


     

       

       
43

       
+

       
gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ=


     

       

       
44

       
+

       
gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=


     

       

       
45

       
+

       
gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+334
hosts/wolumonde/modules/perses.disabled/dashboards/wolumonde.go 
···

       

       
1

       
+

       
package main


     

       

       
2

       
+

       



     

       

       
3

       
+

       
import (


     

       

       
4

       
+

       
	"flag"


     

       

       
5

       
+

       
	"time"


     

       

       
6

       
+

       



     

       

       
7

       
+

       
	"github.com/perses/perses/go-sdk"


     

       

       
8

       
+

       
	"github.com/perses/perses/go-sdk/common"


     

       

       
9

       
+

       
	dash "github.com/perses/perses/go-sdk/dashboard"


     

       

       
10

       
+

       
	"github.com/perses/perses/go-sdk/panel"


     

       

       
11

       
+

       
	panels "github.com/perses/perses/go-sdk/panel-group"


     

       

       
12

       
+

       
	"github.com/perses/perses/go-sdk/panel/bar"


     

       

       
13

       
+

       
	"github.com/perses/perses/go-sdk/panel/gauge"


     

       

       
14

       
+

       
	"github.com/perses/perses/go-sdk/panel/stat"


     

       

       
15

       
+

       
	"github.com/perses/perses/go-sdk/prometheus/query"


     

       

       
16

       
+

       



     

       

       
17

       
+

       
	timeSeries "github.com/perses/perses/go-sdk/panel/time-series"


     

       

       
18

       
+

       
	// promDs "github.com/perses/perses/go-sdk/prometheus/datasource"


     

       

       
19

       
+

       
)


     

       

       
20

       
+

       



     

       

       
21

       
+

       
func main() {


     

       

       
22

       
+

       
	flag.Parse()


     

       

       
23

       
+

       
	exec := sdk.NewExec()


     

       

       
24

       
+

       



     

       

       
25

       
+

       
	var loadPanel = panels.AddPanel("load over 5 min",


     

       

       
26

       
+

       
		timeSeries.Chart(


     

       

       
27

       
+

       
			timeSeries.WithYAxis(


     

       

       
28

       
+

       
				timeSeries.YAxis{


     

       

       
29

       
+

       
					Max: 2.0,


     

       

       
30

       
+

       
				},


     

       

       
31

       
+

       
			),


     

       

       
32

       
+

       
		),


     

       

       
33

       
+

       
		panel.AddQuery(


     

       

       
34

       
+

       
			query.PromQL(


     

       

       
35

       
+

       
				"node_load5",


     

       

       
36

       
+

       
				query.SeriesNameFormat("load"),


     

       

       
37

       
+

       
			),


     

       

       
38

       
+

       
		),


     

       

       
39

       
+

       
	)


     

       

       
40

       
+

       
	var cpuPanel = panels.AddPanel("cpu usage",


     

       

       
41

       
+

       
		timeSeries.Chart(


     

       

       
42

       
+

       
			timeSeries.WithYAxis(


     

       

       
43

       
+

       
				timeSeries.YAxis{


     

       

       
44

       
+

       
					Format: &common.Format{


     

       

       
45

       
+

       
						Unit: "percent",


     

       

       
46

       
+

       
					},


     

       

       
47

       
+

       
					Max: 100.0,


     

       

       
48

       
+

       
				},


     

       

       
49

       
+

       
			),


     

       

       
50

       
+

       
		),


     

       

       
51

       
+

       
		panel.AddQuery(


     

       

       
52

       
+

       
			query.PromQL(


     

       

       
53

       
+

       
				`sum by (cpu) (rate(node_cpu_seconds_total{mode=~"user|system"}[1m])) * 100`,


     

       

       
54

       
+

       
				query.SeriesNameFormat("cpu {{cpu}}"),


     

       

       
55

       
+

       
			),


     

       

       
56

       
+

       
		),


     

       

       
57

       
+

       
	)


     

       

       
58

       
+

       
	var memoryPanel = panels.AddPanel("memory usage",


     

       

       
59

       
+

       
		timeSeries.Chart(


     

       

       
60

       
+

       
			timeSeries.WithYAxis(


     

       

       
61

       
+

       
				timeSeries.YAxis{


     

       

       
62

       
+

       
					Format: &common.Format{


     

       

       
63

       
+

       
						Unit: "bytes",


     

       

       
64

       
+

       
					},


     

       

       
65

       
+

       
					Max: 4000000000,


     

       

       
66

       
+

       
				},


     

       

       
67

       
+

       
			),


     

       

       
68

       
+

       
		),


     

       

       
69

       
+

       
		panel.AddQuery(


     

       

       
70

       
+

       
			query.PromQL(


     

       

       
71

       
+

       
				"node_memory_MemTotal_bytes - node_memory_MemAvailable_bytes",


     

       

       
72

       
+

       
				query.SeriesNameFormat("current memory usage"),


     

       

       
73

       
+

       
			),


     

       

       
74

       
+

       
		),


     

       

       
75

       
+

       
	)


     

       

       
76

       
+

       



     

       

       
77

       
+

       
	var diskPanel = panels.AddPanel("disk usage /",


     

       

       
78

       
+

       
		timeSeries.Chart(


     

       

       
79

       
+

       
			timeSeries.WithYAxis(


     

       

       
80

       
+

       
				timeSeries.YAxis{


     

       

       
81

       
+

       
					Format: &common.Format{


     

       

       
82

       
+

       
						Unit: "bytes",


     

       

       
83

       
+

       
					},


     

       

       
84

       
+

       
					Max: 38000000000,


     

       

       
85

       
+

       
				},


     

       

       
86

       
+

       
			),


     

       

       
87

       
+

       
		),


     

       

       
88

       
+

       
		panel.AddQuery(


     

       

       
89

       
+

       
			query.PromQL(


     

       

       
90

       
+

       
				`node_filesystem_size_bytes{mountpoint="/"} - node_filesystem_free_bytes{mountpoint="/"}`,


     

       

       
91

       
+

       
				query.SeriesNameFormat("disk usage"),


     

       

       
92

       
+

       
			),


     

       

       
93

       
+

       
		),


     

       

       
94

       
+

       
	)


     

       

       
95

       
+

       



     

       

       
96

       
+

       
	// Gauge versions (percent unit)


     

       

       
97

       
+

       
	var loadGaugePanel = panels.AddPanel("load over 5 min",


     

       

       
98

       
+

       
		gauge.Chart(


     

       

       
99

       
+

       
			gauge.Format(common.Format{Unit: "percent"}),


     

       

       
100

       
+

       
			gauge.Max(100),


     

       

       
101

       
+

       
			gauge.Calculation(common.MeanCalculation),


     

       

       
102

       
+

       
		),


     

       

       
103

       
+

       
		panel.AddQuery(


     

       

       
104

       
+

       
			query.PromQL(


     

       

       
105

       
+

       
				"node_load5 * 100 / count(count(node_cpu_seconds_total) by (cpu))",


     

       

       
106

       
+

       
				query.SeriesNameFormat("load %"),


     

       

       
107

       
+

       
			),


     

       

       
108

       
+

       
		),


     

       

       
109

       
+

       
	)


     

       

       
110

       
+

       
	var cpuGaugePanel = panels.AddPanel("cpu usage",


     

       

       
111

       
+

       
		gauge.Chart(


     

       

       
112

       
+

       
			gauge.Format(common.Format{Unit: "percent"}),


     

       

       
113

       
+

       
			gauge.Max(100),


     

       

       
114

       
+

       
			gauge.Calculation(common.MeanCalculation),


     

       

       
115

       
+

       
		),


     

       

       
116

       
+

       
		panel.AddQuery(


     

       

       
117

       
+

       
			query.PromQL(


     

       

       
118

       
+

       
				`sum by (cpu) (rate(node_cpu_seconds_total{mode=~"user|system"}[1m])) * 100`,


     

       

       
119

       
+

       
				query.SeriesNameFormat("cpu {{cpu}}"),


     

       

       
120

       
+

       
			),


     

       

       
121

       
+

       
		),


     

       

       
122

       
+

       
	)


     

       

       
123

       
+

       
	var memoryGaugePanel = panels.AddPanel("memory usage",


     

       

       
124

       
+

       
		gauge.Chart(


     

       

       
125

       
+

       
			gauge.Format(common.Format{Unit: "percent"}),


     

       

       
126

       
+

       
			gauge.Max(100),


     

       

       
127

       
+

       
			gauge.Calculation(common.MeanCalculation),


     

       

       
128

       
+

       
		),


     

       

       
129

       
+

       
		panel.AddQuery(


     

       

       
130

       
+

       
			query.PromQL(


     

       

       
131

       
+

       
				"(node_memory_MemTotal_bytes - node_memory_MemAvailable_bytes) * 100 / node_memory_MemTotal_bytes",


     

       

       
132

       
+

       
				query.SeriesNameFormat("memory usage %"),


     

       

       
133

       
+

       
			),


     

       

       
134

       
+

       
		),


     

       

       
135

       
+

       
	)


     

       

       
136

       
+

       
	var diskGaugePanel = panels.AddPanel("disk usage /",


     

       

       
137

       
+

       
		gauge.Chart(


     

       

       
138

       
+

       
			gauge.Format(common.Format{Unit: "percent"}),


     

       

       
139

       
+

       
			gauge.Max(100),


     

       

       
140

       
+

       
		),


     

       

       
141

       
+

       
		panel.AddQuery(


     

       

       
142

       
+

       
			query.PromQL(


     

       

       
143

       
+

       
				`(node_filesystem_size_bytes{mountpoint="/"} - node_filesystem_free_bytes{mountpoint="/"}) * 100 / node_filesystem_size_bytes{mountpoint="/"}`,


     

       

       
144

       
+

       
				query.SeriesNameFormat("disk usage %"),


     

       

       
145

       
+

       
			),


     

       

       
146

       
+

       
		),


     

       

       
147

       
+

       
	)


     

       

       
148

       
+

       



     

       

       
149

       
+

       
	var resPanels = dash.AddPanelGroup("resource usage",


     

       

       
150

       
+

       
		panels.PanelsPerLine(4),


     

       

       
151

       
+

       
		loadGaugePanel, cpuGaugePanel, memoryGaugePanel, diskGaugePanel,


     

       

       
152

       
+

       
		loadPanel, cpuPanel, memoryPanel, diskPanel,


     

       

       
153

       
+

       
	)


     

       

       
154

       
+

       



     

       

       
155

       
+

       
	var nginxPanel = panels.AddPanel("nginx requests / min",


     

       

       
156

       
+

       
		timeSeries.Chart(


     

       

       
157

       
+

       
			timeSeries.WithYAxis(


     

       

       
158

       
+

       
				timeSeries.YAxis{


     

       

       
159

       
+

       
					Format: &common.Format{


     

       

       
160

       
+

       
						Unit: "decimal",


     

       

       
161

       
+

       
					},


     

       

       
162

       
+

       
				},


     

       

       
163

       
+

       
			),


     

       

       
164

       
+

       
			timeSeries.WithVisual(timeSeries.Visual{


     

       

       
165

       
+

       
				Display: timeSeries.BarDisplay,


     

       

       
166

       
+

       
				Palette: timeSeries.Palette{


     

       

       
167

       
+

       
					Mode: timeSeries.CategoricalMode,


     

       

       
168

       
+

       
				},


     

       

       
169

       
+

       
				Stack: timeSeries.AllStack,


     

       

       
170

       
+

       
			}),


     

       

       
171

       
+

       
			timeSeries.WithLegend(timeSeries.Legend{


     

       

       
172

       
+

       
				Position: timeSeries.BottomPosition,


     

       

       
173

       
+

       
				Size:     timeSeries.SmallSize,


     

       

       
174

       
+

       
			}),


     

       

       
175

       
+

       
		),


     

       

       
176

       
+

       
		panel.AddQuery(


     

       

       
177

       
+

       
			query.PromQL(


     

       

       
178

       
+

       
				"nginx_request_count",


     

       

       
179

       
+

       
				query.SeriesNameFormat("{{res.statusCode}}"),


     

       

       
180

       
+

       
			),


     

       

       
181

       
+

       
		),


     

       

       
182

       
+

       
	)


     

       

       
183

       
+

       



     

       

       
184

       
+

       
	var nginxLatencyPanel = panels.AddPanel("nginx latency / min",


     

       

       
185

       
+

       
		timeSeries.Chart(


     

       

       
186

       
+

       
			timeSeries.WithYAxis(


     

       

       
187

       
+

       
				timeSeries.YAxis{


     

       

       
188

       
+

       
					Format: &common.Format{


     

       

       
189

       
+

       
						Unit: "seconds",


     

       

       
190

       
+

       
					},


     

       

       
191

       
+

       
					Max: 0.5,


     

       

       
192

       
+

       
				},


     

       

       
193

       
+

       
			),


     

       

       
194

       
+

       
		),


     

       

       
195

       
+

       
		panel.AddQuery(


     

       

       
196

       
+

       
			query.PromQL(


     

       

       
197

       
+

       
				"nginx_request_latency",


     

       

       
198

       
+

       
				query.SeriesNameFormat("{{stats_result}}"),


     

       

       
199

       
+

       
			),


     

       

       
200

       
+

       
		),


     

       

       
201

       
+

       
	)


     

       

       
202

       
+

       



     

       

       
203

       
+

       
	var nginxPanels = dash.AddPanelGroup("nginx metrics",


     

       

       
204

       
+

       
		panels.PanelsPerLine(3),


     

       

       
205

       
+

       
		nginxPanel,


     

       

       
206

       
+

       
		nginxLatencyPanel,


     

       

       
207

       
+

       
	)


     

       

       
208

       
+

       



     

       

       
209

       
+

       
	var pdsPanel = panels.AddPanel("pds requests / min",


     

       

       
210

       
+

       
		timeSeries.Chart(


     

       

       
211

       
+

       
			timeSeries.WithYAxis(


     

       

       
212

       
+

       
				timeSeries.YAxis{


     

       

       
213

       
+

       
					Format: &common.Format{


     

       

       
214

       
+

       
						Unit: "decimal",


     

       

       
215

       
+

       
					},


     

       

       
216

       
+

       
				},


     

       

       
217

       
+

       
			),


     

       

       
218

       
+

       
			timeSeries.WithVisual(timeSeries.Visual{


     

       

       
219

       
+

       
				Display: timeSeries.BarDisplay,


     

       

       
220

       
+

       
				Palette: timeSeries.Palette{


     

       

       
221

       
+

       
					Mode: timeSeries.CategoricalMode,


     

       

       
222

       
+

       
				},


     

       

       
223

       
+

       
				Stack: timeSeries.AllStack,


     

       

       
224

       
+

       
			}),


     

       

       
225

       
+

       
			timeSeries.WithLegend(timeSeries.Legend{


     

       

       
226

       
+

       
				Position: timeSeries.BottomPosition,


     

       

       
227

       
+

       
				Size:     timeSeries.SmallSize,


     

       

       
228

       
+

       
			}),


     

       

       
229

       
+

       
		),


     

       

       
230

       
+

       
		panel.AddQuery(


     

       

       
231

       
+

       
			query.PromQL(


     

       

       
232

       
+

       
				"pds_request_count",


     

       

       
233

       
+

       
				query.SeriesNameFormat("{{res.statusCode}}"),


     

       

       
234

       
+

       
			),


     

       

       
235

       
+

       
		),


     

       

       
236

       
+

       
	)


     

       

       
237

       
+

       



     

       

       
238

       
+

       
	var pdsLatencyPanel = panels.AddPanel("pds latency / min",


     

       

       
239

       
+

       
		timeSeries.Chart(


     

       

       
240

       
+

       
			timeSeries.WithYAxis(


     

       

       
241

       
+

       
				timeSeries.YAxis{


     

       

       
242

       
+

       
					Format: &common.Format{


     

       

       
243

       
+

       
						Unit: "milliseconds",


     

       

       
244

       
+

       
					},


     

       

       
245

       
+

       
					Max: 500,


     

       

       
246

       
+

       
				},


     

       

       
247

       
+

       
			),


     

       

       
248

       
+

       
		),


     

       

       
249

       
+

       
		panel.AddQuery(


     

       

       
250

       
+

       
			query.PromQL(


     

       

       
251

       
+

       
				"pds_response_latency",


     

       

       
252

       
+

       
				query.SeriesNameFormat("{{stats_result}}"),


     

       

       
253

       
+

       
			),


     

       

       
254

       
+

       
		),


     

       

       
255

       
+

       
	)


     

       

       
256

       
+

       



     

       

       
257

       
+

       
	var pdsPanels = dash.AddPanelGroup("pds metrics",


     

       

       
258

       
+

       
		panels.PanelsPerLine(3),


     

       

       
259

       
+

       
		pdsPanel,


     

       

       
260

       
+

       
		pdsLatencyPanel,


     

       

       
261

       
+

       
	)


     

       

       
262

       
+

       



     

       

       
263

       
+

       
	var anubisForgejoPanel = panels.AddPanel("anubis policy actions",


     

       

       
264

       
+

       
		bar.Chart(),


     

       

       
265

       
+

       
		panel.AddQuery(


     

       

       
266

       
+

       
			query.PromQL(


     

       

       
267

       
+

       
				"anubis_policy_results",


     

       

       
268

       
+

       
				query.SeriesNameFormat("{{action}}: {{rule}}"),


     

       

       
269

       
+

       
			),


     

       

       
270

       
+

       
		),


     

       

       
271

       
+

       
	)


     

       

       
272

       
+

       



     

       

       
273

       
+

       
	var forgejoPanels = dash.AddPanelGroup("forgejo",


     

       

       
274

       
+

       
		panels.PanelsPerLine(3),


     

       

       
275

       
+

       
		anubisForgejoPanel,


     

       

       
276

       
+

       
	)


     

       

       
277

       
+

       



     

       

       
278

       
+

       
	var gazesys_visit_panel = panels.AddPanel("gazesys visits",


     

       

       
279

       
+

       
		bar.Chart(),


     

       

       
280

       
+

       
		panel.AddQuery(


     

       

       
281

       
+

       
			query.PromQL(


     

       

       
282

       
+

       
				"gazesys_visit_real_total + gazesys_visit_fake_total",


     

       

       
283

       
+

       
				query.SeriesNameFormat("total visits"),


     

       

       
284

       
+

       
			),


     

       

       
285

       
+

       
		),


     

       

       
286

       
+

       
		panel.AddQuery(


     

       

       
287

       
+

       
			query.PromQL(


     

       

       
288

       
+

       
				"gazesys_visit_fake_total",


     

       

       
289

       
+

       
				query.SeriesNameFormat("(ai) bot visits"),


     

       

       
290

       
+

       
			),


     

       

       
291

       
+

       
		),


     

       

       
292

       
+

       
		panel.AddQuery(


     

       

       
293

       
+

       
			query.PromQL(


     

       

       
294

       
+

       
				"gazesys_visit_real_total",


     

       

       
295

       
+

       
				query.SeriesNameFormat("real visits"),


     

       

       
296

       
+

       
			),


     

       

       
297

       
+

       
		),


     

       

       
298

       
+

       
	)


     

       

       
299

       
+

       



     

       

       
300

       
+

       
	var gazesys_pet_panel = panels.AddPanel("gazesys pet",


     

       

       
301

       
+

       
		stat.Chart(


     

       

       
302

       
+

       
			stat.Format(common.Format{


     

       

       
303

       
+

       
				Unit:          "decimal",


     

       

       
304

       
+

       
				ShortValues:   true,


     

       

       
305

       
+

       
				DecimalPlaces: 0,


     

       

       
306

       
+

       
			}),


     

       

       
307

       
+

       
		),


     

       

       
308

       
+

       
		panel.AddQuery(


     

       

       
309

       
+

       
			query.PromQL(


     

       

       
310

       
+

       
				"gazesys_pet_bounce_total",


     

       

       
311

       
+

       
				query.SeriesNameFormat("bounce count"),


     

       

       
312

       
+

       
			),


     

       

       
313

       
+

       
		),


     

       

       
314

       
+

       
		panel.AddQuery(


     

       

       
315

       
+

       
			query.PromQL(


     

       

       
316

       
+

       
				"gazesys_pet_distance_total",


     

       

       
317

       
+

       
				query.SeriesNameFormat("distance travelled"),


     

       

       
318

       
+

       
			),


     

       

       
319

       
+

       
		),


     

       

       
320

       
+

       
	)


     

       

       
321

       
+

       



     

       

       
322

       
+

       
	var gazesys_panels = dash.AddPanelGroup("gazesys",


     

       

       
323

       
+

       
		panels.PanelsPerLine(3),


     

       

       
324

       
+

       
		gazesys_visit_panel, gazesys_pet_panel,


     

       

       
325

       
+

       
	)


     

       

       
326

       
+

       



     

       

       
327

       
+

       
	builder, buildErr := dash.New("wolumonde",


     

       

       
328

       
+

       
		dash.ProjectName("private-infra"),


     

       

       
329

       
+

       
		dash.Duration(30*time.Minute),


     

       

       
330

       
+

       
		dash.RefreshInterval(time.Minute),


     

       

       
331

       
+

       
		resPanels, nginxPanels, pdsPanels, gazesys_panels, forgejoPanels,


     

       

       
332

       
+

       
	)


     

       

       
333

       
+

       
	exec.BuildDashboard(builder, buildErr)


     

       

       
334

       
+

       
}
hosts/wolumonde/modules/perses.nix/dashboards/.gitignore hosts/trimounts/modules/perses.nix/dashboards/.gitignore
hosts/wolumonde/modules/perses.nix/dashboards/go.mod hosts/trimounts/modules/perses.nix/dashboards/go.mod
hosts/wolumonde/modules/perses.nix/dashboards/go.sum hosts/trimounts/modules/perses.nix/dashboards/go.sum
hosts/wolumonde/modules/perses.nix/dashboards/wolumonde.go hosts/trimounts/modules/perses.nix/dashboards/wolumonde.go
hosts/wolumonde/modules/perses.nix/default.nix hosts/wolumonde/modules/perses.disabled/default.nix
hosts/wolumonde/modules/perses.nix/provision/1-private-infra.yaml hosts/wolumonde/modules/perses.disabled/provision/1-private-infra.yaml
hosts/wolumonde/modules/perses.nix/provision/2-admin-role.yaml hosts/wolumonde/modules/perses.disabled/provision/2-admin-role.yaml
hosts/wolumonde/modules/perses.nix/provision/3-admin-bind-role.yaml hosts/wolumonde/modules/perses.disabled/provision/3-admin-bind-role.yaml
hosts/wolumonde/modules/perses.nix/provision/4-victoria.yaml hosts/wolumonde/modules/perses.disabled/provision/4-victoria.yaml
hosts/wolumonde/modules/perses.nix/provision/6-guest-role.yaml hosts/wolumonde/modules/perses.disabled/provision/6-guest-role.yaml
hosts/wolumonde/modules/perses.nix/provision/7-guest-role-bind.yaml hosts/wolumonde/modules/perses.disabled/provision/7-guest-role-bind.yaml
hosts/wolumonde/modules/perses.nix/provision/90-wolumonde.yaml hosts/wolumonde/modules/perses.disabled/provision/90-wolumonde.yaml
+30
hosts/wolumonde/modules/pocket-id.disabled 
···

       

       
1

       
+

       
{ config, ... }:


     

       

       
2

       
+

       
let


     

       

       
3

       
+

       
  domain = "id.gaze.systems";


     

       

       
4

       
+

       
in


     

       

       
5

       
+

       
{


     

       

       
6

       
+

       
  services.pocket-id = {


     

       

       
7

       
+

       
    enable = true;


     

       

       
8

       
+

       
    settings = {


     

       

       
9

       
+

       
      APP_URL = "https://${domain}";


     

       

       
10

       
+

       
      TRUST_PROXY = true;


     

       

       
11

       
+

       
      PORT = 6823;


     

       

       
12

       
+

       
      ANALYTICS_DISABLED = true;


     

       

       
13

       
+

       
    };


     

       

       
14

       
+

       
  };


     

       

       
15

       
+

       



     

       

       
16

       
+

       
  security.acme.certs."gaze.systems".extraDomainNames = [ domain ];


     

       

       
17

       
+

       



     

       

       
18

       
+

       
  services.nginx.virtualHosts.${domain} = {


     

       

       
19

       
+

       
    useACMEHost = "gaze.systems";


     

       

       
20

       
+

       
    forceSSL = true;


     

       

       
21

       
+

       
    quic = true;


     

       

       
22

       
+

       
    kTLS = true;


     

       

       
23

       
+

       
    locations."/".proxyPass = "http://localhost:${toString config.services.pocket-id.settings.PORT}";


     

       

       
24

       
+

       
    locations."/".extraConfig = ''


     

       

       
25

       
+

       
      proxy_busy_buffers_size 512k;


     

       

       
26

       
+

       
      proxy_buffers 4 512k;


     

       

       
27

       
+

       
      proxy_buffer_size 256k;


     

       

       
28

       
+

       
    '';


     

       

       
29

       
+

       
  };


     

       

       
30

       
+

       
}
hosts/wolumonde/modules/pocket-id.nix hosts/trimounts/modules/pocket-id.nix
-1
hosts/wolumonde/modules/secrets.nix 
···

       
1

       
1

       
 

       
{ lib, ... }:


     

       
2

       
2

       
 

       
{


     

       
3

       
3

       
 

       
  # age.secrets.bernbotToken.file = ../../../secrets/bernbotToken.age;


     

       
4

       

       
-

       
  age.secrets.websiteConfig.file = ../../../secrets/websiteConfig.age;


     

       
5

       
4

       
 

       
  age.secrets.pdsConfig.file = ../../../secrets/pdsConfig.age;


     

       
6

       
5

       
 

       
  # age.secrets.wgWolumondeKey = {


     

       
7

       
6

       
 

       
  #   file = ../../../secrets/wgWolumondeKey.age;
hosts/wolumonde/modules/tangled.nix/default.nix hosts/wolumonde/modules/tangled.disabled/default.nix
hosts/wolumonde/modules/tangled.nix/knot.nix hosts/wolumonde/modules/tangled.disabled/knot.nix
hosts/wolumonde/modules/tangled.nix/motd hosts/wolumonde/modules/tangled.disabled/motd
hosts/wolumonde/modules/tangled.nix/spindle.nix hosts/wolumonde/modules/tangled.disabled/spindle.nix
hosts/wolumonde/modules/unbound.nix hosts/wolumonde/modules/unbound.disabled
+70
hosts/wolumonde/modules/victoria.disabled 
···

       

       
1

       
+

       
{ lib, config, ... }:


     

       

       
2

       
+

       
let


     

       

       
3

       
+

       
  # syslogUdp = 5113;


     

       

       
4

       
+

       
  metricsPort = 8428;


     

       

       
5

       
+

       
  logsPort = 9428;


     

       

       
6

       
+

       
in


     

       

       
7

       
+

       
{


     

       

       
8

       
+

       
  services.victoriametrics = {


     

       

       
9

       
+

       
    enable = true;


     

       

       
10

       
+

       
    listenAddress = ":${toString metricsPort}";


     

       

       
11

       
+

       
  };


     

       

       
12

       
+

       



     

       

       
13

       
+

       
  services.victorialogs = {


     

       

       
14

       
+

       
    enable = true;


     

       

       
15

       
+

       
    listenAddress = ":${toString logsPort}";


     

       

       
16

       
+

       
    # extraOptions = ["-syslog.listenAddr.udp=:${toString syslogUdp}" "-journald.maxRequestSize=1024000000"];


     

       

       
17

       
+

       
  };


     

       

       
18

       
+

       



     

       

       
19

       
+

       
  services.vmalert.instances."" = {


     

       

       
20

       
+

       
    enable = true;


     

       

       
21

       
+

       
    settings =


     

       

       
22

       
+

       
      let


     

       

       
23

       
+

       
        l = "http://localhost";


     

       

       
24

       
+

       
      in


     

       

       
25

       
+

       
      {


     

       

       
26

       
+

       
        "datasource.url" = "${l}${config.services.victorialogs.listenAddress}";


     

       

       
27

       
+

       
        "remoteWrite.url" = "${l}${config.services.victoriametrics.listenAddress}";


     

       

       
28

       
+

       
        "remoteRead.url" = "${l}${config.services.victoriametrics.listenAddress}";


     

       

       
29

       
+

       
        "rule.defaultRuleType" = "vlogs";


     

       

       
30

       
+

       
      };


     

       

       
31

       
+

       
  };


     

       

       
32

       
+

       



     

       

       
33

       
+

       
  services.fluent-bit.settings.pipeline.outputs = [


     

       

       
34

       
+

       
    # write metrics to victoriametrics via prometheus


     

       

       
35

       
+

       
    {


     

       

       
36

       
+

       
      name = "prometheus_remote_write";


     

       

       
37

       
+

       
      match = "metrics.*";


     

       

       
38

       
+

       
      port = lib.removePrefix ":" config.services.victoriametrics.listenAddress;


     

       

       
39

       
+

       
      uri = "/api/v1/write";


     

       

       
40

       
+

       
    }


     

       

       
41

       
+

       
    {


     

       

       
42

       
+

       
      name = "http";


     

       

       
43

       
+

       
      match = "logs.*";


     

       

       
44

       
+

       
      port = lib.removePrefix ":" config.services.victorialogs.listenAddress;


     

       

       
45

       
+

       
      uri = "/insert/jsonline?_stream_fields=stream&_msg_field=log&_time_field=date";


     

       

       
46

       
+

       
      format = "json_lines";


     

       

       
47

       
+

       
      json_date_format = "iso8601";


     

       

       
48

       
+

       
    }


     

       

       
49

       
+

       
    # write logs via syslog


     

       

       
50

       
+

       
    # {


     

       

       
51

       
+

       
    #   name = "syslog";


     

       

       
52

       
+

       
    #   match = "*.log";


     

       

       
53

       
+

       
    #   port = syslogUdp;


     

       

       
54

       
+

       
    #   syslog_maxsize = 4096;


     

       

       
55

       
+

       
    #   syslog_severity_key = "severity";


     

       

       
56

       
+

       
    #   syslog_facility_key = "facility";


     

       

       
57

       
+

       
    #   syslog_hostname_key = "hostname";


     

       

       
58

       
+

       
    #   syslog_appname_key = "appname";


     

       

       
59

       
+

       
    #   syslog_procid_key = "procid";


     

       

       
60

       
+

       
    #   syslog_msgid_key = "msgid";


     

       

       
61

       
+

       
    #   syslog_sd_key = "sd";


     

       

       
62

       
+

       
    #   syslog_message_key = "message";


     

       

       
63

       
+

       
    # }


     

       

       
64

       
+

       
  ];


     

       

       
65

       
+

       



     

       

       
66

       
+

       
  # services.journald.upload = {


     

       

       
67

       
+

       
  #   enable = true;


     

       

       
68

       
+

       
  #   settings.Upload.URL = "http://localhost${config.services.victorialogs.listenAddress}/insert/journald";


     

       

       
69

       
+

       
  # };


     

       

       
70

       
+

       
}
hosts/wolumonde/modules/victoria.nix hosts/trimounts/modules/victoria.nix
secrets/clickeeProxyConfig.age

This is a binary file and will not be displayed.

+22
secrets/cloudflareDnsEdit.age 
···

       

       
1

       
+

       
age-encryption.org/v1


     

       

       
2

       
+

       
-> ssh-rsa Abmvag


     

       

       
3

       
+

       
RLzSHns6rm+PKThSJC768KmC2a9odftJWSSWqNR36LA5wb1wU5YpP/EHt6P50AY/


     

       

       
4

       
+

       
JsFPydPP+XTso4rSclWuW1gjEEzfQdwBJy0c9QNo6WRwtLsR2jLC/VBULqTPsHUH


     

       

       
5

       
+

       
bSR138+wtdICBLRMY71VvEcdrtONMm8dqc/STV5e270yDU+HtCW2Vwxu837CpUzQ


     

       

       
6

       
+

       
6xHV1NDURR5NugjQspW3mVBrFSx7OpE2iGrSYsCzXNpFK9JsC40yG/YZzqf2ktM4


     

       

       
7

       
+

       
BlWTNGRd2M/QOXwCOOdsgQHfN4DtHBR/nrC+sdauJahKxSR0RVB2jQgrH2LsmnB9


     

       

       
8

       
+

       
Xh8ttoYKwkVHQmOEUbtCnqKpzf7qGqyRX2+smkGaB2RzSxhNmUEmdV0dAEMXtGZd


     

       

       
9

       
+

       
aBFMw233WioqNygHxfgYkUtA2jFjBEVeAp74iKH7fB1/8fKa+SSeLEcv/IuIAOSp


     

       

       
10

       
+

       
WjqI7El5U882SviAyMuQ6hzWBLejCNBueZTgJVR0Iyk0fTjeLNM4rhqTQswyDjBh


     

       

       
11

       
+

       
7jnjAgVMaqZTRHrQFkBimkjX3QXutvRcjyutY3niUNRCZacvJ8bVIuIhNbqFOLJR


     

       

       
12

       
+

       
Io/bRwys/qR1a44GFMxbQG6Hm0NRIIK791cxxilZpnNiJHs02TLTXzuIq0bfTssz


     

       

       
13

       
+

       
3FjUZa6Oaerum2I/BidWJuYm4Cm6tJuftYn7XS1q+4I


     

       

       
14

       
+

       
-> ssh-ed25519 y5W/qA /qpByEN29ydHS/WgwLlOQjby7fYCI7hDOUSMJ+s0ZHA


     

       

       
15

       
+

       
Je4qhR22hERajFv/7EbQodKo4ldYqsrUgFdtt1KbXUA


     

       

       
16

       
+

       
-> ssh-ed25519 KjIL7g v+JVYql3+Tm/eam/1Vl/VSN97rq/8idFMcea1u7JEgE


     

       

       
17

       
+

       
bqgK9JhL1CF9O/35WzOj3J2fHSUQcMesbamMatJRBbk


     

       

       
18

       
+

       
-> ssh-ed25519 LaQclg u0qjpT1TcL0sAapagUr6opDbr3FRFsTtnK9wEoIJvxM


     

       

       
19

       
+

       
Uof2ZOkgEtdY301j0Ql6i9+WjQusspUvn1kMGgaSfp0


     

       

       
20

       
+

       
--- 8kcgq1sQjU2uSmskmkb3SUmsXubI1HtWBhs2RuuVJcE


     

       

       
21

       
+

       
�5��;�h9���#`c֎�


     

       

       
22

       
+

       
����9�k�4�S鯘��L:�/����׀P}a��oՇ:$��.����
secrets/develMobiTailscaleAuthKey.age

This is a binary file and will not be displayed.

secrets/headscaleOidcSecret.age

This is a binary file and will not be displayed.

secrets/nixGithubAccessToken.age

This is a binary file and will not be displayed.

+19 -17
secrets/pdsConfig.age 
···

       
1

       
1

       
 

       
age-encryption.org/v1


     

       
2

       
2

       
 

       
-> ssh-rsa Abmvag


     

       
3

       

       
-

       
Ti+WByG/+vCEtMtvVSUYqnjhLnL6gmVHj+8+ARD12zrfV+l0LZxW7TFGqWvtQ+9N


     

       
4

       

       
-

       
0aCa5AGao4ngjom0JHhFm+DzklR13V6FyB1zAQugBuPDlJFPPZmRH9jTMpbiRWK0


     

       
5

       

       
-

       
+uAFreWIkRtsYrOYaFOWIVOUxAl7immdbx7y55Q6u55y936t8aRRP+r8LCIsd+5E


     

       
6

       

       
-

       
dlWmxTRyYBXG4MNkCfyDeuvCnFxGFlmPXVqJeXyHBL+/Gw4nLzMvRM0PQqlkOLeS


     

       
7

       

       
-

       
DfJUpeWT0fptykuf7nmYr0sYembv4pks9E4lLNJ51PcdR2NqC4Aaq6s9+dM+b9Yg


     

       
8

       

       
-

       
p8Zg7HvCWxlSeNuf/gnu5jisj93ImrwJJSpkSv+AqThGkVtRpN6gzErSXPOQe9tn


     

       
9

       

       
-

       
RuESiumGO+Thh8+1F9iMitCm9pvVDkBrVDPmTBZS5xT8v67VcIcCmkmfh1Svq/di


     

       
10

       

       
-

       
dWhMereLu9oXd9Nudtg3uvlzWp68kCAQFjOVyhi6Li15FuPw+vvkc72c2OPv9AeZ


     

       
11

       

       
-

       
vNmIuaCHLa5VIPqOPJEaLGMuHSd80TFCAhYq4laca9gg6cgufyGlFCR4SVXA9qy8


     

       
12

       

       
-

       
Gi8SI+wdBbi5+RKveju2/58Wbas6oIqmP6IOgTibwYl3uQ8EE4YhG1QocChN553X


     

       
13

       

       
-

       
0pjhtSBTyXgVuy3bqz5eA4QAkCcDocwT/4R4eaNGLW0


     

       
14

       

       
-

       
-> ssh-ed25519 KjIL7g QPvc+LbTi8URL1atJNHHalHRyVGlz7pmrbOeMtjP6gM


     

       
15

       

       
-

       
lH3IhynTXpQ3Z4hFGn4bJZ/vEWte7qZqeAhixghjoe8


     

       
16

       

       
-

       
--- rIrWSZf0Q7b4fWtd9+gXxJpD9AoC0xWE7iWkUGCekDc


     

       
17

       

       
-

       
��)����ϲX� 0)��J�!���x�'E���vp�O�N~�23x��"��(Q�0�f_]7��ב��V�e���]+_/;:ؿ�g<.rJ��>W�R�K"�L#��/��+�Ƴ3M*Õ��:�Q'L��-}�#�Y�p������I


     

       
18

       

       
-

       
��Dm���{��ܫ�L��s��b�;�


     

       
19

       

       
-

       
c*�ݷ�u�m�����+^d�ؓ�0k2yty��>����������F�L&����qk����Ⱦ��c�Y'{�,�G�V��tS�I���7�W�� ��Qp���a�f{f�2O`x�=��y��7�ߓ�}��{=﷋�Í�O����P0�=f�P�B\p���l�.��F�����bm|Oл;-��ǾS�����Ғ�_Ԥ

     

       

       
3

       
+

       
SbNEqnr2eT0YR293LnQtJInXLmx7g+iCJwnZ4GmmEM2euePiEY69s8lRQUb7MQU8


     

       

       
4

       
+

       
xghOLEo/gr74/wtrOUf+4Ge3OM8KiAZt3QLuREJYz1xI6+gnMaievWbinAA+Ly0L


     

       

       
5

       
+

       
KdmFyshVGl+xKA0QPpc6fTO4XnAEH0g5Rg5upZoAfRARmOYeIQvXaWW2ehjI1Izw


     

       

       
6

       
+

       
RINcoszonp5egzZ9QJ6huruT2actz2XIAsZX/0NYQdjC6xmChxfTOxuXQskbzzyK


     

       

       
7

       
+

       
42eholIkf/5fYre4HmB7ePKuZeUeVRhK0RYemBq/ZNNUCf1ExjE/wDKTWpuPOafV


     

       

       
8

       
+

       
J2/7kP7OkwIEeEYXvLPvYM2HRasIbDUBmLOlj7L4E8BgMzKV7FmCr2n27m7iCjhz


     

       

       
9

       
+

       
y0sTpEk1y2N/rDvc/GCuZNtGNZIrbfzGaz5fhgegvO0Jogc2km4LVaEOQlA+AI5w


     

       

       
10

       
+

       
fxew6hCZkISaw+CjNaBOk45XXhMsONfW63uba6kgzj3h2+9jG1UmEPJAuNdgkjze


     

       

       
11

       
+

       
32lBZ58np+cA+aENt4sZu5nKk90Rsq54aNntfaHuFMFIfvK4RZj3HwHCAND+9XJ1


     

       

       
12

       
+

       
SNkNetcehX9jzZYm5Npnlhleft92TACYbtIIoi/zqgYMLDaHeAW6ZDAnW9sgO7mo


     

       

       
13

       
+

       
uSVwa8Gf5SwUY6v8IgVDwQVHiq8WTtRgRJmImP/mvS4


     

       

       
14

       
+

       
-> ssh-ed25519 KjIL7g tRXe9XXGtJyjCQuHU4oD7L5veJ8BKCFHUdXuSAa6/D4


     

       

       
15

       
+

       
vjVwtS7dKxTkjGHeLzV0G2uzIyEYaaSLplxOvfApIa0


     

       

       
16

       
+

       
-> ssh-ed25519 LaQclg 81iLpPZTOiW2ZNnfy8lErpeHiQoTtIpariQ5153Nwl4


     

       

       
17

       
+

       
5wqZUoo5CxEPHwVy9SSspvECTWAQ8qgjbj44WCx/kdw


     

       

       
18

       
+

       
--- z1wPplzF3WsIHxojXxcZnq91akMO+Hj1WFth2ujJAvY


     

       

       
19

       
+

       
�X RM�V˛a^�Z2A욓ר)h���h��	hV�Z��e&�.��l��ɉ/n�aIد-��q��(�id�
DT


     

       

       
20

       
+

       
�d�e��T�cHiɂ*^�4��+�?� �����y��-nD=��]��(������ѝG�Z���ɲ���P�w9�g��j>��d��Ϥ�������F�t�~��P�QS�,z�%Ad�E�t=�R�B�ُܱ~����7��ެ{1=������kOV=W3���e��CN��q�Ϥ���.\���n�wW����c�R;G


     

       

       
21

       
+

       
�6�f"�W����7f_�MZ;���.Х�Ѓ�@���3���Ǫ&,��1�ܕ�����]l�J�L!a֟��r��}9	��o@�.]��ƈ�fS����=�@��
+17 -16
secrets/persesSecret.age 
···

       
1

       
1

       
 

       
age-encryption.org/v1


     

       
2

       
2

       
 

       
-> ssh-rsa Abmvag


     

       
3

       

       
-

       
gnRXwWRObKH5JCBDDPVRDHsgSj4m3zwOHAFLDAXTmWjs0mVNKSu5AFtKkoJuUuzs


     

       
4

       

       
-

       
RQFGn3b4pv6duPjpEW4t0DBkAOCwgqTqvF3oSKNBSDuhNU4+XzCJgBZDesO3VZ/S


     

       
5

       

       
-

       
zZxM8kq14sM484pZSRI0A86VNSlR7q8lyF1kth+bn5dum7Ihq87Re6jW+OyFwL7L


     

       
6

       

       
-

       
tkTON5L4aMqjI4fMQl/PcRU+04sYkKug6JQO/DDyFXvjvROuO43ZChjqGGj4ol9b


     

       
7

       

       
-

       
mXPOJuabzUtWGoTwg7+IHhbyUbanoO+2gCMejRGbZbBTh+bOftNx0bvNj8lrxgit


     

       
8

       

       
-

       
oE5sXhqPeI9BhOGWiJvR+32YdHl2WRYQ/7nNdWsnA0UuiPRHPu827g91NrVgjxBk


     

       
9

       

       
-

       
SpgoabwZpCUl8GlfihtTvw3NbV6WnIUv0ew9bwlyf129uvH7Rn61o0JMnq5m37Zt


     

       
10

       

       
-

       
rJjLJ262zIdb4eS1QgycI+ugeb290Vh22niTLLKoJxAFdLyzSr84XsfUVyrjhJfz


     

       
11

       

       
-

       
Ll+12c7ApTcgwhuhOkFLmU8SUNwxhH523fV8zcQ/1E9yjpa26qQcTF+ujRV8FIwb


     

       
12

       

       
-

       
kVGLDHUXehU5gm/nsuQVaULYHRC50pvu7wKKZsj0UqdQeKCx1CwBOdFk6Qctxl9N


     

       
13

       

       
-

       
VvAenIra/FVImcrimQ/sNCeg8UasT+gvbY5KjhwPzkY


     

       
14

       

       
-

       
-> ssh-ed25519 KjIL7g +FQdRCFxlkayD4Hq9xb4WCE139upxkpSrvh7412gqlo


     

       
15

       

       
-

       
jxDJlUgJZfftyeyhikKi4zLhtM6fVXxAGMmD7gcQZgM


     

       
16

       

       
-

       
--- OXRvMmNqRzo4NGF4ihpPSHu77W8dH45HwJJIDI3hUCY


     

       
17

       

       
-

       
&}͘8��;YX5


     

       
18

       

       
-

       
�$m3�1r['�%<7�����W�D��h�0�%��C$�Il1;ɛl�1�i�A��E�z��,n݆�|b�?2N�}�m/Ӈ�	

     

       

       
3

       
+

       
IC9ZInud32ueWR3owngph/eKReklaRfgY6bDKDmA0OT5IEvisOYK8lhGwAzOZdIq


     

       

       
4

       
+

       
i+K5p7C30qe1+1fmZ3ZNcQMKeIq79LdpiR7Xb6DT+BAT5g++wsXqqsvxZYyR4Ux7


     

       

       
5

       
+

       
dPxr05VJXE6HkoUQ2gcG/rlED1M7EoRq1TBm1UV4wIDiWy/ZdZZRvM8C++CD2h4V


     

       

       
6

       
+

       
d4cLoDzVZxYdi3s+NRXpbg62fIO//suAYvlMjbKQasEBWv88R8rwj5br+o/AbCR8


     

       

       
7

       
+

       
hkjctI+EuMHzq7hwlZ211hb/HDLnFckWmIao9Hvw6PpyFMIUmuQWsgn6yHQ6zJQx


     

       

       
8

       
+

       
zIXNgAYpX5bR8i0VXvwNwlfWOOqNcOU4QD7ZO4qFs+ZYTlHvo1m1RNhDIBbhC9UM


     

       

       
9

       
+

       
v3C8fU0RTaWhUkcacXn3VXBiJIHXzFLiAfxQ1ft5HPOjsOOhHwphMFwblCukTJ45


     

       

       
10

       
+

       
SNVErkK32YeW6J0nyQGHRNHNSgbZC274caZ8R3nlTynkYRoF6/dy7Q1OLNILF4Vd


     

       

       
11

       
+

       
qW54oLZs9A6ralFkDfObl4rxOcz4HPdwH9p/kWzW1C1IrfZk0m5eOppFzZ2fUHra


     

       

       
12

       
+

       
FED8mJ0vH5E0oCL7JBDVx3A+Ss5vj7zpJePL10UQvfWI8qUIXHZT6wbIt/XfRvtq


     

       

       
13

       
+

       
rbr0g9tQtnnpOMJwgu1GzL1xQWGelAS8pvV8GPb5Vvg


     

       

       
14

       
+

       
-> ssh-ed25519 KjIL7g 0DtiBKi0aL82kjE3AgAbwkCw+fuIWXMvzi52eem0JgM


     

       

       
15

       
+

       
ujkcowuy/vokA+jqV7d5RcZGeg2yhzh8IdQQHJ/wZns


     

       

       
16

       
+

       
-> ssh-ed25519 LaQclg m/1lrK8ks3LlAQYG0/85pZiyQvhh16/Y5bX+k9HPpgU


     

       

       
17

       
+

       
zJD9xgF9GuHGHYSkczPGllccYqW7y/+UZrlCveFJIt4


     

       

       
18

       
+

       
--- ZM1sl++OddBxYlx8/57o/BWcSsU3rHQ41q7cJCoZiPs


     

       

       
19

       
+

       
�C{���9�C�yC��'�]����P�X��n��ZD��}�q2�[�@�R8�h���'����a�:�B2X��}<5��D�����6�������p���*��
+11 -1
secrets/secrets.nix 
···

       
2

       
2

       
 

       
  yusdacra = builtins.readFile ./yusdacra.key.pub;


     

       
3

       
3

       
 

       
  wolumonde = builtins.readFile ./wolumonde.key.pub;


     

       
4

       
4

       
 

       
  dzwonek = builtins.readFile ./dzwonek.key.pub;


     

       

       
5

       
+

       
  trimounts = builtins.readFile ./trimounts.key.pub;


     

       
5

       
6

       
 

       
  develMobi = builtins.readFile ./develMobi.key.pub;


     

       
6

       
7

       
 

       
in


     

       
7

       
8

       
 

       
{


     
···

       
9

       
10

       
 

       
  "websiteConfig.age".publicKeys = [


     

       
10

       
11

       
 

       
    yusdacra


     

       
11

       
12

       
 

       
    wolumonde


     

       

       
13

       
+

       
    trimounts


     

       
12

       
14

       
 

       
  ];


     

       
13

       
15

       
 

       
  "pdsConfig.age".publicKeys = [


     

       
14

       
16

       
 

       
    yusdacra


     

       
15

       
17

       
 

       
    wolumonde


     

       

       
18

       
+

       
    trimounts


     

       
16

       
19

       
 

       
  ];


     

       
17

       
20

       
 

       
  "clickeeProxyConfig.age".publicKeys = [


     

       
18

       
21

       
 

       
    yusdacra


     

       
19

       
22

       
 

       
    wolumonde


     

       

       
23

       
+

       
    trimounts


     

       
20

       
24

       
 

       
  ];


     

       
21

       

       
-

       
  "deployWebhook.age".publicKeys = [ yusdacra ];


     

       
22

       
25

       
 

       
  "persesSecret.age".publicKeys = [


     

       
23

       
26

       
 

       
    yusdacra


     

       
24

       
27

       
 

       
    wolumonde


     

       

       
28

       
+

       
    trimounts


     

       
25

       
29

       
 

       
  ];


     

       
26

       
30

       
 

       
  "headscaleOidcSecret.age".publicKeys = [


     

       
27

       
31

       
 

       
    yusdacra


     
···

       
30

       
34

       
 

       
  "develMobiTailscaleAuthKey.age".publicKeys = [


     

       
31

       
35

       
 

       
    yusdacra


     

       
32

       
36

       
 

       
    develMobi


     

       

       
37

       
+

       
  ];


     

       

       
38

       
+

       
  "cloudflareDnsEdit.age".publicKeys = [


     

       

       
39

       
+

       
    yusdacra


     

       

       
40

       
+

       
    dzwonek


     

       

       
41

       
+

       
    wolumonde


     

       

       
42

       
+

       
    trimounts


     

       
33

       
43

       
 

       
  ];


     

       
34

       
44

       
 

       
}
+1
secrets/trimounts.key.pub 
···

       

       
1

       
+

       
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDLuA1/cZ/xTN4dv5U0fvD9Glo6HlF5YA4U1pvFjxx6V
secrets/websiteConfig.age

This is a binary file and will not be displayed.

+1 -1
users/modules/discord/default.nix 
···

       
39

       
39

       
 

       



     

       
40

       
40

       
 

       
    Service = {


     

       
41

       
41

       
 

       
      Type = "simple";


     

       
42

       

       
-

       
      ExecStart = "${pkgs.openssh}/bin/ssh -N -D 127.0.0.1:1337 root@wolumonde";


     

       

       
42

       
+

       
      ExecStart = "${pkgs.openssh}/bin/ssh -N -D 127.0.0.1:1337 root@trimounts";


     

       
43

       
43

       
 

       
      Restart = "on-failure";


     

       
44

       
44

       
 

       
      RestartSec = "3s";


     

       
45

       
45

       
 

       
    };