servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Compare commits

base: servius:master
Branches Tags
servius:master
..
compare: servius:4041cc4c6eb68d994743009378411fe6c355d39f
Branches Tags
servius:master

1 Commits
master ... 4041cc4c6e

Author SHA1 Message Date
uttarayan21
4041cc4c6e chore(nixvim): disable stylix integration in neovim configuration
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2025-11-03 19:01:48 +05:30
125 changed files with 10511 additions and 3359 deletions
Expand all files Collapse all files

1
.gitattributes vendored
View File

@@ -1 +0,0 @@
*.png filter=lfs diff=lfs merge=lfs -text

215
DEVICE_ARCHITECTURE.md Normal file
View File

@@ -0,0 +1,215 @@
# Device Architecture Overview
This document provides a comprehensive overview of all devices managed by this NixOS/nix-darwin dotfiles repository.
> **Visual Diagram**: See [assets/devices-diagram.svg](assets/devices-diagram.svg) for a visual representation of this architecture.
## Device Categories
### 🖥️ Server Infrastructure (Headless)
#### mirai (Main Server)
- **Architecture**: x86_64-linux
- **User**: fs0c131y
- **Role**: Primary server hosting various services
- **Configuration**: NixOS + Home Manager
- **Hardware**: AMD CPU with NVME storage
- **Location**: Local network
- **Services**:
- Nextcloud (file storage and sync)
- Gitea (Git hosting)
- Minecraft server
- Immich (photo management)
- Paperless (document management)
- Tailscale VPN node
- ZeroTier network node
- Atuin (shell history sync)
- LLDAP (LDAP server)
- Navidrome (music streaming)
- Searxng (search engine)
- Syncthing
- And many more services
#### deoxys (VM Server)
- **Architecture**: x86_64-linux
- **User**: servius
- **Role**: Virtual machine server for testing and isolation
- **Configuration**: NixOS + Home Manager
- **Location**: Local network
#### tsuba (Raspberry Pi)
- **Architecture**: aarch64-linux
- **User**: servius
- **Role**: ARM-based server for lightweight services
- **Configuration**: NixOS + Home Manager (using stable channel)
- **Hardware**: Raspberry Pi
- **Access**: External via tsuba.darksailor.dev
- **Special**: Uses nixos-raspberrypi input for hardware support
### 💻 Development Workstations
#### ryu (Main Desktop)
- **Architecture**: x86_64-linux
- **User**: servius
- **Role**: Primary development workstation
- **Configuration**: NixOS + Home Manager
- **Desktop Environment**: Hyprland (primary) + GNOME (fallback)
- **Features**:
- Multi-monitor setup:
- Primary: HDMI-A-1 (Gigabyte FO27Q3)
- Secondary: DP-3 (Acer XV272U)
- Tertiary: DP-1 (Gigabyte M27Q)
- Audio production setup (musnix)
- Gaming support (Wine, Steam)
- Virtualization (virt-manager)
- Hardware acceleration (CUDA support)
- Secure boot with Lanzaboote
- TPM2 support
#### shiro (Mac Mini)
- **Architecture**: aarch64-darwin (Apple Silicon)
- **User**: servius
- **Role**: macOS desktop and build server
- **Configuration**: nix-darwin + Home Manager
- **Features**:
- ARM64 build server for distributed builds
- Samba file sharing
- Colima container runtime
- Aerospace window management
### 📱 Portable/Mobile Devices
#### kuro (MacBook)
- **Architecture**: aarch64-darwin (Apple Silicon)
- **User**: fs0c131y
- **Role**: macOS development machine
- **Configuration**: nix-darwin + Home Manager
- **Features**:
- Touch ID for sudo authentication
- Custom keyboard mappings
- Homebrew integration
#### SteamDeck (Gaming Handheld)
- **Architecture**: x86_64-linux
- **User**: deck
- **Role**: Portable gaming device
- **Configuration**: Home Manager only (no NixOS)
- **Special**: Uses SteamOS with Home Manager overlay
## Network Architecture
### VPN Networks
- **Tailscale**: Primary VPN connecting most devices
- Devices: mirai, deoxys, tsuba, deck
- **ZeroTier**: Secondary network layer
- Devices: mirai, ryu
### Local Network
- **Primary connection**: ryu (main desktop)
- **Wake-on-LAN**: Enabled for ryu (eno1 interface)
## Configuration Management
### NixOS Flake
- **Manages**: mirai, deoxys, tsuba, ryu
- **Features**: Unified configuration across Linux devices
- **Inputs**: Multiple flake inputs for extended functionality
### nix-darwin
- **Manages**: kuro, shiro
- **Features**: macOS system configuration
### Home Manager
- **Standalone**: deck (SteamDeck)
- **Integrated**: All other devices
- **Stable channel**: Used for tsuba
## Build Infrastructure
### Distributed Building
- **Build machines**:
- mirai (primary build server)
- shiro (macOS builds)
- tsuba (ARM builds, commented out)
- **Consumers**:
- ryu (uses remote builders)
- kuro (uses remote builders)
### Cache Strategy
- **Substituters**:
- nix-community.cachix.org
- nixos-raspberrypi.cachix.org (for ARM builds)
- **Build optimization**: Auto-optimise-store enabled
## Deployment Strategy
### SSH-based Deployment
Using deploy-rs for automated deployments:
```
ryu → mirai, deoxys, tsuba, deck
kuro → mirai, shiro
```
### Special Access
- **tsuba**: Accessed via external domain (tsuba.darksailor.dev)
- **All servers**: SSH key authentication with authorized_keys
## Hardware-Specific Features
### ryu (Desktop)
- **Graphics**: NVIDIA with CUDA support
- **Audio**: Professional audio setup with musnix
- **Input devices**: QMK keyboard support
- **Monitors**: DDC/CI control with ddcutil
- **Security**: TPM2, secure boot (Lanzaboote)
### mirai (Server)
- **CPU**: AMD with virtualization support
- **Storage**: Custom disk layout with disko
- **Containers**: Docker with custom mount points
- **Emulation**: aarch64-linux binfmt support
### macOS Devices (kuro - MacBook, shiro - Mac Mini)
- **Authentication**: Touch ID integration (kuro)
- **Keyboard**: Custom modifier key mappings
- **Package management**: Homebrew + Nix hybrid approach
- **Build server**: shiro provides ARM64 builds for the network
## Security Features
- **SOPS**: Secrets management across all devices
- **SSH keys**: Centralized key management
- **Fail2ban**: Enabled on mirai
- **Secure boot**: Implemented on ryu
- **TPM**: Hardware security on ryu
## Development Environment
### Shared Tools
- **Editor**: Nixvim (custom Neovim configuration)
- **Shell**: Fish + Nushell support
- **Terminal**: Various per-device preferences
- **Version control**: Git with shared configuration
### Language Support
- **Rust**: Custom overlay with latest toolchain
- **Python**: Python 3 with development tools
- **Nix**: Latest Nix with flakes enabled
- **Web**: Node.js and web development tools
## Monitoring and Observability
- **System metrics**: Collected across all NixOS devices
- **Shell history**: Synchronized via Atuin
- **File synchronization**: Syncthing for selective sync
## Backup and Data Management
- **Nextcloud**: Primary cloud storage on mirai
- **Syncthing**: Decentralized file sync
- **Git repositories**: Self-hosted on Gitea (mirai)
- **Photos**: Immich for photo management
- **Documents**: Paperless for document archival
This architecture provides a robust, scalable, and maintainable infrastructure for development, gaming, media consumption, and server hosting across multiple platforms and architectures.

268
README.md
View File

@@ -1,11 +1,259 @@
# Machines
# Personal Dotfiles & NixOS Configuration
1. Ryu Dektop (Intel i9-14900KS / Nvidia 5090 / 64GB CL36@6000MTs)
```
deploy -s .#ryu
```
2. Mirai Server (AMD Ryzen 7 7700 / 64GB@5200MHz)
3. Tako Server (Intel Xeon E-2236 / 64GB)
4. Tsuba Server (Raspberry Pi 5 / 8GB)
5. Kuro Laptop (Apple M4 Pro macbook / 24GB)
6. Shiro Desktop (Apple M4 macmini / 16GB)
A comprehensive, multi-platform dotfiles repository managing Linux, macOS, and specialized devices through Nix flakes, NixOS, nix-darwin, and Home Manager.
## 📊 Architecture Overview
This repository manages **7 devices** across multiple platforms and architectures:
- **3 Servers**: mirai (main), deoxys (VM), tsuba (Raspberry Pi)
- **1 Workstation**: ryu (primary desktop)
- **3 Portable devices**: kuro (MacBook), SteamDeck, and 1 desktop Mac Mini (shiro)
> 📈 **Visual Architecture**: See [Device Architecture Diagram](assets/devices-diagram.svg) for a complete visual overview.
## 🖥️ Device Portfolio
### Server Infrastructure
| Device | Architecture | Role | Services |
|--------|-------------|------|----------|
| **mirai** | x86_64-linux | Main Server | Nextcloud, Gitea, Minecraft, Immich, Paperless, +20 more |
| **deoxys** | x86_64-linux | VM Server | Testing & isolation environment |
| **tsuba** | aarch64-linux | Raspberry Pi | ARM-based lightweight services |
### Development Environment
| Device | Architecture | Setup | Features |
|--------|-------------|-------|----------|
| **ryu** | x86_64-linux | Main Desktop | Hyprland+GNOME, 3-monitor setup, gaming, audio production |
| **shiro** | aarch64-darwin | Mac Mini Desktop | nix-darwin + Home Manager, build server |
### Portable Devices
| Device | Architecture | Platform | Configuration |
|--------|-------------|----------|---------------|
| **kuro** | aarch64-darwin | MacBook | nix-darwin + Home Manager |
| **SteamDeck** | x86_64-linux | SteamOS | Home Manager only |
## 🚀 Quick Start
### Prerequisites
```bash
# Install Nix with flakes support
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
```
### Installation
#### NixOS (Linux)
```bash
sudo nixos-rebuild switch --flake .#<device-name>
```
#### macOS (nix-darwin)
```bash
nix run nix-darwin -- switch --flake .#<device-name>
```
#### Home Manager only (SteamDeck)
```bash
nix run home-manager/master -- switch --flake .#deck
```
### Available Devices
- `mirai` - Main server
- `ryu` - Primary desktop
- `deoxys` - VM server
- `tsuba` - Raspberry Pi
- `kuro` - MacBook (fs0c131y)
- `shiro` - MacBook (servius)
- `deck` - SteamDeck
## 🛠️ Development Tools
### Using Just (Recommended)
```bash
# Install on current system
just install
# Build without switching
just build
# Try Neovim configuration
just nvim
# Home Manager for non-NixOS
just home
```
### Core Technologies
- **OS**: NixOS, macOS, SteamOS
- **Shells**: Fish (primary), Nushell
- **Editor**: Neovim with custom nixvim configuration
- **Desktop**: Hyprland (Linux), Yabai + Aerospace (macOS)
- **Terminals**: Foot, Wezterm, Kitty
- **Package Management**: Nix Flakes with distributed building
## 🎯 Key Features
### 🔧 Multi-Platform Configuration Management
- **NixOS**: Complete system configuration for servers and workstations
- **nix-darwin**: macOS system management with Homebrew integration
- **Home Manager**: User environment configuration across all platforms
### 🌐 Network Infrastructure
- **Tailscale VPN**: Secure mesh networking across all devices
- **ZeroTier**: Secondary network layer for specific services
- **SSH Deployment**: Automated deployment via deploy-rs
### ⚡ Development Environment
- **Nixvim**: Custom Neovim configuration with LSP, tree-sitter, and plugins
- **Multi-monitor support**: Professional 3-monitor setup on ryu
- **Cross-compilation**: ARM64 and x86_64 support with distributed builds
### 🔒 Security & Secrets Management
- **SOPS**: Encrypted secrets management across all devices
- **SSH Keys**: Centralized key distribution
- **Secure Boot**: Lanzaboote implementation on ryu
- **TPM Support**: Hardware security module integration
### 🏗️ Build Infrastructure
- **Distributed Building**: mirai, shiro as build servers
- **Binary Caches**: nix-community and custom caches
- **Cross-platform**: ARM64 and x86_64 builds
## 📦 Self-Hosted Services (mirai)
### Core Services
- **Nextcloud**: File storage and synchronization
- **Gitea**: Self-hosted Git server
- **Immich**: Photo management and AI-powered search
- **Paperless**: Document management and OCR
### Development Tools
- **Atuin**: Shell history synchronization
- **LLDAP**: Lightweight LDAP server
- **VS Code Server**: Remote development environment
### Entertainment & Media
- **Minecraft Server**: Gaming server
- **Navidrome**: Music streaming server
- **Polaris**: Alternative music server
### Networking & Security
- **Tailscale**: VPN coordination node
- **ZeroTier**: Network management
- **Fail2ban**: Intrusion prevention
- **Caddy**: Reverse proxy and SSL termination
## 🎮 Gaming & Entertainment
### Gaming Setup (ryu)
- **Steam**: Native Linux gaming
- **Wine/Proton**: Windows game compatibility
- **Controller support**: Multiple gamepad configurations
- **Performance**: NVIDIA GPU with CUDA support
### Audio Production
- **Musnix**: Real-time audio kernel optimization
- **Professional audio**: Low-latency audio pipeline
- **Hardware support**: Audio interfaces and MIDI controllers
## 📱 Portable Configuration
### macOS Features (kuro - MacBook, shiro - Mac Mini)
- **Touch ID**: Sudo authentication integration (kuro)
- **Keyboard remapping**: Custom modifier key layouts
- **Aerospace/Yabai**: Tiling window management
- **Homebrew**: Package management for macOS-specific applications
- **Build server**: shiro serves as ARM64 build machine
### SteamDeck Integration
- **Home Manager**: User environment without system changes
- **Tailscale**: VPN connectivity for remote access
- **Development tools**: Portable development environment
## 🔄 Deployment & Management
### Automated Deployment
```bash
# Deploy to all servers from ryu
deploy .
# Deploy specific device
deploy .#mirai
```
### Build Management
- **Local builds**: Fast builds on powerful workstations
- **Remote builds**: Offload to build servers for efficiency
- **Binary caches**: Minimize rebuild times across devices
### Configuration Updates
- **Git-based**: All configurations version controlled
- **Atomic updates**: Rollback capability for all changes
- **Testing**: Safe deployment with easy rollback
## 📚 Try My Configurations
### Neovim Configuration
```bash
# Try my Neovim setup without installation
nix run github:uttarayan21/dotfiles#neovim
```
### Standalone Packages
The flake provides packages for:
- Custom Neovim configuration
- Development shells with tools
- Custom applications and scripts
## 🛡️ Security Practices
- **Encrypted secrets**: All sensitive data managed via SOPS
- **SSH hardening**: Key-based authentication only
- **Network segmentation**: VPN-based access control
- **Regular updates**: Automated security updates via Nix channels
- **Hardware security**: TPM and secure boot where available
## 📖 Documentation
- **[Device Architecture](DEVICE_ARCHITECTURE.md)**: Detailed device specifications and relationships
- **[Visual Diagram](assets/devices-diagram.svg)**: Complete infrastructure overview
- **Module documentation**: Inline documentation for custom Nix modules
## 🧰 Included Tools
### Command Line Utilities
| Tool | Purpose | Repository |
|------|---------|------------|
| `bat` | Enhanced cat with syntax highlighting | [sharkdp/bat](https://github.com/sharkdp/bat) |
| `dust` | Intuitive du replacement | [bootandy/dust](https://github.com/bootandy/dust) |
| `eza` | Modern ls replacement | [eza-community/eza](https://github.com/eza-community/eza) |
| `fd` | Simple, fast find alternative | [sharkdp/fd](https://github.com/sharkdp/fd) |
| `fzf` | Command-line fuzzy finder | [junegunn/fzf](https://github.com/junegunn/fzf) |
| `just` | Command runner | [casey/just](https://github.com/casey/just) |
| `ripgrep` | Fast text search | [BurntSushi/ripgrep](https://github.com/BurntSushi/ripgrep) |
| `starship` | Cross-shell prompt | [starship/starship](https://github.com/starship/starship) |
| `zoxide` | Smarter cd command | [ajeetdsouza/zoxide](https://github.com/ajeetdsouza/zoxide) |
### GUI Applications
- **Anyrun**: Application launcher for Hyprland
- **Hyprland**: Modern Wayland compositor
- **Ghostty**: GPU-accelerated terminal
- **Firefox**: Web browser with custom CSS
- **And many more...**
## 🤝 Contributing
This is a personal dotfiles repository, but feel free to:
- Use configurations as inspiration
- Report issues or suggest improvements
- Fork for your own use (please respect licenses)
## 📄 License
This repository contains configurations and scripts for personal use. Individual tools and applications maintain their respective licenses.
---
**Infrastructure Status**: 7 devices managed • 20+ services hosted • Multi-platform deployment ready

14
builders/mirai.nix
View File

@@ -1,7 +1,7 @@
# {
# hostName = "mirai.darksailor.dev";
# sshUser = "remotebuilder";
# systems = ["x86_64-linux" "aarch64-linux"];
# protocol = "ssh-ng";
# supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
# }
{
hostName = "sh.darksailor.dev";
sshUser = "remotebuilder";
systems = ["x86_64-linux" "aarch64-linux"];
protocol = "ssh-ng";
supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
}

7
builders/tako.nix
View File

@@ -1,7 +0,0 @@
{
hostName = "tako.darksailor.dev";
sshUser = "remotebuilder";
systems = ["x86_64-linux" "aarch64-linux"];
protocol = "ssh-ng";
supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
}

7
darwin/kuro/configuration.nix
View File

@@ -1,7 +1,6 @@
{
config,
pkgs,
device,
...
}: {
imports = [./services ./homebrew.nix ./programs];
@@ -13,7 +12,7 @@
# ids.gids.nixbld = 30000;
experimental-features = "nix-command flakes auto-allocate-uids";
max-jobs = 8;
trusted-users = ["root" device.user];
trusted-users = ["root" "fs0c131y"];
substituters = [
"https://nix-community.cachix.org"
# "https://sh.darksailor.dev"
@@ -30,7 +29,7 @@
'';
package = pkgs.nixVersions.latest;
buildMachines = [
../../builders/tako.nix
../../builders/mirai.nix
../../builders/shiro.nix
];
distributedBuilds = true;
@@ -59,7 +58,7 @@
# services.nix-daemon.enable = true;
system.stateVersion = 5;
system.primaryUser = device.user;
system.primaryUser = "fs0c131y";
system.keyboard.enableKeyMapping = true;
system.keyboard.remapCapsLockToControl = true;

12
darwin/shiro/configuration.nix
View File

@@ -8,7 +8,7 @@
# environment.systemPackages = with pkgs; [nix neovim];
nix = {
enable = true;
enable = false;
settings = {
experimental-features = "nix-command flakes auto-allocate-uids";
max-jobs = 8;
@@ -29,8 +29,8 @@
'';
package = pkgs.nixVersions.latest;
buildMachines = [
../../builders/tako.nix
../../builders/shiro.nix
../../builders/mirai.nix
# ../../builders/shiro.nix
];
distributedBuilds = true;
};
@@ -43,9 +43,9 @@
];
};
users.users.remotebuilder = {
description = "User for Nix remote builds";
name = "remotebuilder";
uid = 700;
# home = "/var/remotebuilder";
home = "/var/lib/remotebuilder";
createHome = true;
shell = "/bin/bash";
openssh.authorizedKeys.keyFiles = [
@@ -76,7 +76,7 @@
# services.nix-daemon.enable = true;
system.primaryUser = "servius";
system.stateVersion = 5;
system.stateVersion = 4;
system.keyboard.enableKeyMapping = true;
system.keyboard.remapCapsLockToControl = true;

4
darwin/shiro/homebrew.nix
View File

@@ -6,14 +6,14 @@
];
casks = [
"docker"
"librewolf"
"raycast"
"kunkun" # Soon
"lunar"
"virtual-desktop-streamer"
"kicad"
"shapr3d"
"orcaslicer"
"zed"
"zen"
];
};
}

14
darwin/shiro/services/caddy.nix
View File

@@ -4,31 +4,31 @@
...
}: {
sops = {
secrets."cloudflare/api_key".owner = config.services.caddy.user;
secrets."hetzner/api_key".owner = config.services.caddy.user;
templates = {
"CLOUDFLARE_API_KEY.env".content = ''
CLOUDFLARE_API_KEY=${config.sops.placeholder."cloudflare/api_key"}
"HETZNER_API_KEY.env".content = ''
HETZNER_API_KEY=${config.sops.placeholder."hetzner/api_key"}
'';
};
};
services = {
caddy = {
enable = true;
environmentFile = config.sops.templates."CLOUDFLARE_API_KEY.env".path;
environmentFile = config.sops.templates."HETZNER_API_KEY.env".path;
globalConfig = ''
debug
'';
extraConfig = ''
(cloudflare) {
(hetzner) {
tls {
propagation_timeout -1
propagation_delay 120s
dns cloudflare {env.CLOUDFLARE_API_KEY}
dns hetzner {env.HETZNER_API_KEY}
resolvers 1.1.1.1
}
}
'';
package = pkgs.caddyWithCloudflare;
package = pkgs.caddyWithHetzner;
};
};
}

4
darwin/shiro/services/default.nix
View File

@@ -1,11 +1,11 @@
{...}: {
imports = [
# ../../../modules/darwin/caddy
../../../modules/darwin/caddy
./yabai.nix
./skhd.nix
./tailscale.nix
./autossh.nix
# ./caddy.nix
./caddy.nix
./sops.nix
# ./lmstudio.nix
# ./colima.nix

2
darwin/shiro/services/lmstudio.nix
View File

@@ -1,7 +1,7 @@
{...}: {
services = {
caddy.virtualHosts."lmstudio.shiro.darksailor.dev" = ''
import cloudflare
import hetzner
reverse_proxy localhost:1234
'';
};

45
deploy.nix
View File

@@ -1,15 +1,14 @@
{
inputs,
self,
deploy-rs,
...
}: {
nodes = {
mirai = {
hostname = "mirai.darksailor.dev";
hostname = "mirai";
profiles.system = {
sshUser = "fs0c131y";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.mirai;
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.mirai;
user = "root";
};
};
@@ -17,7 +16,7 @@
hostname = "tsuba.darksailor.dev";
profiles.system = {
sshUser = "servius";
path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.tsuba;
path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.tsuba;
user = "root";
};
};
@@ -25,15 +24,7 @@
hostname = "ryu";
profiles.system = {
sshUser = "servius";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.ryu;
user = "root";
};
};
tako = {
hostname = "tako.darksailor.dev";
profiles.system = {
sshUser = "servius";
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.tako;
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.ryu;
user = "root";
};
};
@@ -42,7 +33,7 @@
interactiveSudo = true;
profiles.system = {
sshUser = "fs0c131y";
path = deploy-rs.lib.aarch64-darwin.activate.darwin self.darwinConfigurations.kuro;
path = inputs.deploy-rs.lib.aarch64-darwin.activate.darwin self.darwinConfigurations.kuro;
user = "root";
};
};
@@ -51,17 +42,25 @@
interactiveSudo = true;
profiles.system = {
sshUser = "servius";
path = deploy-rs.lib.aarch64-darwin.activate.darwin self.darwinConfigurations.shiro;
path = inputs.deploy-rs.lib.aarch64-darwin.activate.darwin self.darwinConfigurations.shiro;
user = "root";
};
};
# deck = {
# hostname = "steamdeck";
# profiles.system = {
# sshUser = "deck";
# path = deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations.deck;
# user = "deck";
# };
# };
deoxys = {
hostname = "deoxys";
profiles.system = {
sshUser = "servius";
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.deoxys;
user = "root";
};
};
deck = {
hostname = "steamdeck";
profiles.system = {
sshUser = "deck";
path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations.deck;
user = "deck";
};
};
};
}

1243
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

66
flake.nix
View File

@@ -10,7 +10,7 @@
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager/release-25.11";
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
};
stylix = {
@@ -34,7 +34,7 @@
inputs.nixpkgs.follows = "nixpkgs";
};
ironbar = {
url = "github:JakeStanger/ironbar";
url = "github:da-x/ironbar/correct-gdk-monitor";
inputs.nixpkgs.follows = "nixpkgs";
};
lanzaboote = {
@@ -43,7 +43,7 @@
};
nixvim = {
url = "github:nix-community/nixvim";
# inputs.nixpkgs.follows = "nixpkgs";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-index-database.url = "github:Mic92/nix-index-database";
music-player = {
@@ -174,7 +174,7 @@
inputs.nixpkgs.follows = "nixpkgs";
};
onepassword-shell-plugins = {
url = "github:1Password/shell-plugins";
url = "github:uttarayan21/shell-plugins";
inputs.nixpkgs.follows = "nixpkgs";
};
zeronsd = {
@@ -195,7 +195,7 @@
inputs.nixpkgs.follows = "nixpkgs";
};
hyprmonitors = {
url = "git+https://git.darksailor.dev/servius/hyprmonitors";
url = "git+ssh://gitea@git.darksailor.dev/servius/hyprmonitors";
# url = "path:/home/servius/Projects/hyprmonitors";
inputs.nixpkgs.follows = "nixpkgs";
};
@@ -214,31 +214,22 @@
url = "github:ggml-org/llama.cpp/b6178?submodules=1";
inputs.nixpkgs.follows = "nixpkgs";
};
immich = {
url = "github:immich-app/immich/v1.142.0";
flake = false;
};
yabai = {
url = "github:koekeishiya/yabai";
flake = false;
};
lfca = {
url = "git+ssh://gitea@git.darksailor.dev/servius/lfca";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-auth = {
url = "github:numtide/nix-auth";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs-xr = {
url = "github:nix-community/nixpkgs-xr";
inputs.nixpkgs.follows = "nixpkgs";
};
handoff = {
url = "github:xatuke/handoff";
inputs.nixpkgs.follows = "nixpkgs";
};
crates-nix.url = "github:uttarayan21/crates.nix";
headplane = {
url = "github:tale/headplane";
inputs.nixpkgs.follows = "nixpkgs";
};
vicinae = {
url = "github:vicinaehq/vicinae";
# inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
@@ -255,19 +246,11 @@
...
} @ inputs: let
devices = {
# mirai = mkDevice {
# name = "mirai";
# system = "x86_64-linux";
# user = "fs0c131y";
# hasGui = false; # Don't wan't to run GUI apps on a headless server
# isNix = true;
# isServer = true;
# };
tako = mkDevice {
name = "tako";
mirai = mkDevice {
name = "mirai";
system = "x86_64-linux";
user = "servius";
hasGui = false;
user = "fs0c131y";
hasGui = false; # Don't wan't to run GUI apps on a headless server
isNix = true;
isServer = true;
};
@@ -285,6 +268,14 @@
tertiary = "DP-1";
};
};
deoxys = mkDevice {
name = "deoxys";
system = "x86_64-linux";
user = "servius";
hasGui = false; # It's a vm so no GUI apps are used
isNix = true;
isServer = true;
};
tsuba = mkDevice {
name = "tsuba";
system = "aarch64-linux";
@@ -349,7 +340,7 @@
};
nixos_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isNix) devices;
# linux_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isLinux) devices;
linux_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isLinux) devices;
darwin_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isDarwin) devices;
rpi_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isArm && x.isLinux) devices;
@@ -357,7 +348,7 @@
inherit inputs;
};
in
{
rec {
nixosConfigurations =
(import ./nixos {
inherit inputs nixpkgs home-manager overlays nur;
@@ -403,8 +394,7 @@
in {
tsuba = mkImage nixos.tsuba;
};
deploy = import ./deploy.nix {inherit inputs self deploy-rs;};
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
deploy = import ./deploy.nix {inherit inputs self;};
inherit devices;
}
// flake-utils.lib.eachDefaultSystem (

1
home/apps/blueman.nix
View File

@@ -5,6 +5,7 @@
}: {
home.packages = lib.optionals pkgs.stdenv.isLinux [
pkgs.blueman
pkgs.webcord
];
services.blueman-applet.enable = pkgs.stdenv.isLinux;
}

22
home/apps/default.nix
View File

@@ -7,38 +7,36 @@ lib.optionalAttrs device.hasGui {
imports = [
# ./audacity.nix
./blueman.nix
# ./bottles.nix
./bottles.nix
./chromium.nix
# ./cursor.nix
./cursor.nix
./discord.nix
./firefox.nix
./ghostty.nix
./gimp.nix
# ./guitarix.nix
# ./gimp.nix
./guitarix.nix
./hyprpicker.nix
# ./jellyflix.nix
# ./kicad.nix
./jellyflix.nix
./kicad.nix
./kitty.nix
./lmstudio.nix
./mpv.nix
# ./neovide.nix
./neovide.nix
./nextcloud.nix
./obs-studio.nix
# ./openscad.nix
./orcaslicer.nix
# ./pcsx2.nix
./pcsx2.nix
# ./rpcs3.nix
# ./shadps4.nix
./slack.nix
# ./thunderbird.nix
# ./tsukimi.nix
# ./vial.nix
./thunderbird.nix
./vlc.nix
./vscode.nix
./wezterm.nix
./zathura.nix
./zed.nix
./zen.nix
./vicinae.nix
./vial.nix
];
}

4
home/apps/discord.nix
View File

@@ -5,8 +5,6 @@
}: {
home.packages = lib.optionals pkgs.stdenv.isLinux [
pkgs.discord
pkgs.vesktop
pkgs.discord-canary
pkgs.discord-ptb
pkgs.webcord
];
}

4
home/apps/firefox.nix
View File

@@ -53,8 +53,6 @@
};
};
in {
stylix.targets.librewolf.profileNames = ["default"];
stylix.targets.zen-browser.profileNames = ["default"];
# programs.librewolf = config // {package = stablePkgs.librewolf;};
programs.librewolf = config // {package = stablePkgs.librewolf;};
# programs.firefox = config;
}

9
home/apps/gimp.nix
View File

@@ -1,8 +1,3 @@
{
pkgs,
device,
lib,
...
}: {
home.packages = with pkgs; lib.optionals (device.is "ryu") [gimp];
{pkgs, ...}: {
home.packages = with pkgs; [gimp];
}

4
home/apps/kitty.nix
View File

@@ -1,8 +1,8 @@
{
lib,
pkgs,
# device,
# inputs,
device,
inputs,
...
}: {
stylix.targets.kitty.enable = false;

5
home/apps/tsukimi.nix
View File

@@ -1,5 +0,0 @@
{pkgs, ...}: {
home.packages = with pkgs; [
tsukimi
];
}

16
home/apps/vicinae.nix
View File

@@ -1,16 +0,0 @@
{
pkgs,
inputs,
device,
...
}: {
imports = [inputs.vicinae.homeManagerModules.default];
services.vicinae = {
enable = device.is "ryu";
autoStart = true;
extensions = [];
# package = pkgs.vicinae.overrideAttrs (old: {
# patches = [../../patches/vicinae-ctrl-np.patch];
# });
};
}

5
home/programs/aichat.nix
View File

@@ -17,7 +17,6 @@
settings = {
save_session = true;
model = "openai:gpt-4o";
# model = "ryu:qwen3-coder-30b";
rag_embedding_model = "ollama:RobinBially/nomic-embed-text-8k";
clients = [
{
@@ -51,7 +50,7 @@
api_base = "https://llama.ryu.darksailor.dev/v1";
models = [
{
name = "qwen3-coder-30b";
name = "gpt-oss-20b";
type = "chat";
}
# {
@@ -176,7 +175,7 @@
---
model: openai:gpt-4o
---
Your task is to generate a concise and informative commit message based on the provided diff. Use the conventional commit format, which includes a type (feat, fix, chore, docs, style, refactor, perf, test) and an optional scope. The message should be in the imperative mood and should not exceed 72 characters in the subject line. Do not under any circumstance include any additional text or explanations, just add the commit message.
Your task is to generate a concise and informative commit message based on the provided diff. Use the conventional commit format, which includes a type (feat, fix, chore, docs, style, refactor, perf, test) and an optional scope. The message should be in the imperative mood and should not exceed 72 characters in the subject line. Don't include any additional text or explanations, just the commit message.
'';
};
};

10
home/programs/default.nix
View File

@@ -42,7 +42,6 @@
./yt-dlp.nix
./zoxide.nix
./neovim.nix
./opencode.nix
# ./goread.nix
# ./helix.nix
@@ -65,7 +64,7 @@
bottom
btop
cachix
deploy-rs.deploy-rs
deploy-rs
dust
fd
file
@@ -90,13 +89,6 @@
nerd-fonts.fira-code
nerd-fonts.hasklug
nerd-fonts.symbols-only
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
liberation_ttf
fira-code
fira-code-symbols
mplus-outline-fonts.githubRelease
]
++ lib.optionals device.isLinux []
++ lib.optionals device.isDarwin [];

19
home/programs/neovim.nix
View File

@@ -1,21 +1,8 @@
{
pkgs,
device,
stablePkgs,
lib,
...
}: {
{pkgs, ...}: {
stylix.targets.nixvim.enable = false;
programs = lib.optionalAttrs (device.is "ryu" || device.is "kuro" || device.is "mirai" || device.is "tako" || device.is "shiro") {
nixvim =
programs.nixvim =
{
enable = true;
nixpkgs = {
config = {
allowUnfree = true;
};
};
}
// (import ./../../neovim {inherit pkgs stablePkgs;});
};
// (import ./../../neovim {inherit pkgs;});
}

10
home/programs/opencode.nix
View File

@@ -1,10 +0,0 @@
{
device,
lib,
...
}:
lib.optionalAttrs (device.is "ryu") {
programs.opencode = {
enable = true;
};
}

18
home/programs/ssh.nix
View File

@@ -9,25 +9,25 @@
matchBlocks = {
tsuba = {
user = "servius";
hostname = "tsuba.darksailor.dev";
hostname = "tsuba";
};
github = {
user = "git";
host = "github.com";
};
# mirai = {
# user = "fs0c131y";
# hostname = "mirai.darksailor.dev";
# forwardAgent = true;
# };
tako = {
deoxys = {
user = "servius";
hostname = "tako.darksailor.dev";
hostname = "deoxys";
forwardAgent = true;
};
mirai = {
user = "fs0c131y";
hostname = "sh.darksailor.dev";
forwardAgent = true;
};
ryu = {
user = "servius";
hostname = "ryu.darksailor.dev";
hostname = "ryu";
forwardAgent = true;
};
kuro = {

2
home/services/default.nix
View File

@@ -5,7 +5,7 @@
./kdeconnect.nix
./gtk.nix
./anyrun.nix
# ./ironbar
./ironbar
./gui.nix
./eww.nix
./xdg.nix

18
home/services/eww.nix
View File

@@ -1,15 +1,19 @@
{
pkgs,
device,
config,
lib,
...
}: {
}: let
activate_linux = pkgs.fetchFromGitHub {
owner = "Nycta-b424b3c7";
repo = "eww_activate-linux";
rev = "master";
sha256 = "sha256-CHNkRYR4F9JGMrNubHu+XzkwwI3IHzh93nuS7/Plhe4=";
};
in {
programs.eww = {
enable = device.is "ryu";
enableFishIntegration = true;
configDir = activate_linux;
};
# xdg.configFile = {
# eww = {
# source = "${config.home.homeDirectory}/Projects/dotfiles/home/services/eww";
# };
# };
}

5
home/services/eww/README.md
View File

@@ -1,5 +0,0 @@
# "Activate Linux"
"Activate Linux" text for [Eww](https://github.com/elkowar/eww/)
![Activate Linux](activate-linux.png)

BIN
home/services/eww/activate-linux.png LFS
View File

Binary file not shown.

7
home/services/eww/eww.scss
View File

@@ -1,7 +0,0 @@
.activate-linux {
color: rgba(250, 250, 250, 0.5);
&.background {
background: none;
}
}

41
home/services/eww/eww.yuck
View File

@@ -1,41 +0,0 @@
(defwidget activate-linux []
(box
:orientation "v"
:halign "start"
:valign "start"
(label :xalign 0 :markup "<span font_size=\"large\">Activate Linux</span>")
(label :xalign 0 :text "Go to Settings to activate Linux")))
(defwindow activate-linux
:monitor 0
:stacking "fg"
:geometry (geometry :x "96px" :y "96px" :width "250px" :anchor "bottom right")
(activate-linux))
(defwidget bar []
(centerbox :orientation "h"
(workspaces)
(music)
(tray)))
;; (defwidget tray []
;; (box :sclass "tray" :orientation "h" :space-evenly false :haligh "end"
;; (system-tray)
;; (battery)
;; (clock)))
(defwidgets workspaces []
(box :class "workspaces" :orientation "h" :space-evenly true :halign "start" :spacing 10
(workspace-indicator :index 0)
(workspace-indicator :index 1)
(workspace-indicator :index 2)
(workspace-indicator :index 3)
(workspace-indicator :index 4)
(workspace-indicator :index 5)
(workspace-indicator :index 6)
(workspace-indicator :index 7)
(workspace-indicator :index 8)
(workspace-indicator :index 9)))

3
home/services/gtk.nix
View File

@@ -7,7 +7,6 @@
lib.optionalAttrs (device.is "ryu") {
gtk = {
enable = device.is "ryu";
colorScheme = lib.mkForce "dark";
theme = {
name = "catppuccin-mocha-mauve-standard+normal";
package = pkgs.catppuccinThemes.gtk;
@@ -39,7 +38,5 @@ lib.optionalAttrs (device.is "ryu") {
# pkgs.catppuccinThemes.gtk
pkgs.catppuccinThemes.papirus-folders
];
# stylix.targets.gtk.enable = false;
stylix.targets.gtk.enable = false;
stylix.targets.gnome.enable = false;
}

25
home/services/gui.nix
View File

@@ -5,6 +5,9 @@
inputs,
...
}: {
# imports = [
# inputs.lfca.homeManagerModules
# ];
systemd.user.services.onepassword-gui = lib.optionalAttrs (device.is "ryu") {
Unit = {
Description = "1Password GUI";
@@ -20,26 +23,28 @@
WantedBy = ["graphical-session.target"];
};
};
# programs.linux-file-converter-addon.enable = true;
home.packages = with pkgs;
lib.optionals (device.is "ryu") [
nautilus
linux-file-converter-addon
totem
ffmpegthumbnailer
# polkit_gnome
polkit_gnome
seahorse
signal-desktop
# sony-headphones-client
spotify
steam-run
wl-clipboard
# (prismlauncher.override {
# additionalPrograms = [ffmpeg zenity];
# jdks = [
# # graalvm-ce
# zulu8
# zulu17
# zulu
# ];
# })
(prismlauncher.override {
additionalPrograms = [ffmpeg zenity];
jdks = [
graalvm-ce
zulu8
zulu17
zulu
];
})
];
}

12
home/services/hyprland.nix
View File

@@ -51,8 +51,8 @@
transform = 0;
supports_wide_color = 1;
supports_hdr = 1;
bitdepth = 10;
cm = "hdr";
# bitdepth = 10;
# cm = "hdr";
# sdrbrightness = 0.005;
# sdrsaturation = 200;
}
@@ -192,18 +192,18 @@
"$mainModShift, Return, exec, ${lib.getExe pkgs.wezterm}"
# "$mainModShift, Return, exec, ${pkgs.foot}/bin/foot"
"$mainModShift, Q, killactive,"
"$mainModShift, s, exec, ${lib.getExe pkgs.hyprshot} -m region -o ~/Pictures/Screenshots/"
"$mainModShift, s, exec, ${lib.getExe pkgs.hyprshot} -m region"
# "$mainMod, M, exit,"
"$mainModShift, f, togglefloating,"
"$mainModShift, f, pin"
"$mainModShift, f, alterzorder, top"
"$mainMod, f, fullscreen,"
"$mainMod, g, fullscreenstate,0,2"
"$mainMod, d, exec, ${lib.getExe pkgs.vicinae} toggle"
"$mainMod, Space, exec, ${lib.getExe pkgs.vicinae} toggle"
"$mainMod, d, exec, ${lib.getExe pkgs.anyrun}"
"$mainMod, Space, exec, ${lib.getExe pkgs.anyrun}"
"$mainMod, p, pseudo, # dwindle"
"$mainMod, v, togglesplit,"
"$mainMod, a, exec, ${pkgs.swaynotificationcenter}/bin/swaync-client -t"
# "$mainMod, a, exec, swaync-client -t"
"$mainMod, Tab, cyclenext"
# Audio
",xf86audiomute, exec, ${pkgs.swayosd}/bin/swayosd-client --output-volume mute-toggle"

2
home/services/ironbar/default.nix
View File

@@ -7,7 +7,7 @@
imports = [inputs.ironbar.homeManagerModules.default];
programs.ironbar = {
enable = device.is "ryu";
package = inputs.ironbar.packages.${pkgs.system}.ironbar;
package = inputs.ironbar.packages.${pkgs.system}.default;
systemd = true;
config.monitors = {
"${device.monitors.secondary}" = {

10
home/services/xdg.nix
View File

@@ -7,14 +7,12 @@
lib.optionalAttrs (device.is "ryu") {
xdg.portal = {
enable = pkgs.stdenv.isLinux;
config = {
hyprland.default = ["kde" "hyprland"];
common.default = ["*" "hyprland"];
};
# config = {
#
# };
extraPortals = with pkgs; [
# xdg-desktop-portal-hyprland
kdePackages.xdg-desktop-portal-kde
xdg-desktop-portal-hyprland
xdg-desktop-portal-gtk
];
};
}

2
justfile
View File

@@ -6,7 +6,7 @@ install:
[linux]
install:
sudo nixos-rebuild switch --flake . --builders '' --max-jobs 1
sudo nixos-rebuild switch --flake . --builders ''
[macos]
build:

28
neovim/default.nix
View File

@@ -1,8 +1,4 @@
{
pkgs,
stablePkgs,
...
}: let
{pkgs, ...}: let
mkMappings = mappings:
[]
++ (pkgs.lib.optionals (builtins.hasAttr "normal" mappings) (mkMode mappings.normal "n"))
@@ -107,7 +103,6 @@ in {
"<C-q>x" = "[[<cmd>tabclose<cr>]]";
"<C-q>n" = "[[<cmd>tabnext<cr>]]";
"<C-q>p" = "[[<cmd>tabprevious<cr>]]";
"<c-.>" = "require('sidekick.cli').toggle";
};
terminal = {
"<C-\\>" = "require('FTerm').toggle";
@@ -178,16 +173,6 @@ in {
trouble.enable = true;
ts-context-commentstring.enable = true;
which-key.enable = true;
sidekick = {
enable = true;
settings = {
nes = {
enabled = false;
};
};
};
conform-nvim = {
enable = true;
settings = {
@@ -214,7 +199,7 @@ in {
enable = true;
settings = {
panel = {
enabled = false;
enabled = true;
};
suggestion = {
enabled = true;
@@ -255,7 +240,6 @@ in {
lualine = {
enable = true;
# package = stablePkgs.vimPlugins.lualine-nvim;
};
neotest = {
@@ -545,7 +529,6 @@ in {
slint_lsp.enable = true;
# sourcekit.enable = true;
openscad_lsp.enable = true;
tinymist.enable = true;
rust_analyzer = {
enable = false;
installCargo = false;
@@ -734,12 +717,6 @@ in {
end,
{})
vim.api.nvim_create_user_command('DapUiToggle',
function()
require('dapui').toggle()
end,
{})
local iron = require("iron.core")
iron.setup({
config = {
@@ -851,6 +828,5 @@ in {
pkgs.lua
pkgs.ripgrep
pkgs.nodejs-slim
pkgs.qwen-code
];
}

5
nixos/default.nix
View File

@@ -11,23 +11,18 @@
specialArgs = {
inherit device inputs;
stablePkgs = inputs.nixpkgs-stable.legacyPackages.${device.system};
masterPkgs = inputs.nixpkgs-master.legacyPackages.${device.system};
lanzaboote = inputs.lanzaboote;
cratesNix = inputs.crates-nix.mkLib {pkgs = nixpkgs.legacyPackages.${device.system};};
};
modules = [
inputs.arion.nixosModules.arion
inputs.disko.nixosModules.disko
inputs.handoff.nixosModules.default
inputs.home-manager.nixosModules.home-manager
inputs.lanzaboote.nixosModules.lanzaboote
inputs.musnix.nixosModules.musnix
inputs.nix-minecraft.nixosModules.minecraft-servers
inputs.nixpkgs-xr.nixosModules.nixpkgs-xr
inputs.nur.modules.nixos.default
inputs.sops-nix.nixosModules.sops
inputs.stylix.nixosModules.stylix
inputs.headplane.nixosModules.headplane
./${device.name}/configuration.nix
../home/module.nix

127
nixos/deoxys/configuration.nix Normal file
View File

@@ -0,0 +1,127 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
pkgs,
lib,
...
}: {
imports = [
# Include the results of the hardware scan.
./deoxys.nix
./services
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
systemd.services.NetworkManager-wait-online.enable = lib.mkForce false;
nix = {
settings = {
auto-optimise-store = true;
extra-experimental-features = "nix-command flakes auto-allocate-uids";
trusted-users = ["root" "servius" "fs0c131y"];
};
extraOptions = ''
build-users-group = nixbld
extra-nix-path = nixpkgs=flake:nixpkgs
builders-use-substitutes = true
'';
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than +5";
};
package = pkgs.nixVersions.latest;
buildMachines = [];
distributedBuilds = true;
};
networking.hostName = "deoxys"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Asia/Kolkata";
# Select internationalisation properties.
i18n.defaultLocale = "en_US";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US";
LC_IDENTIFICATION = "en_US";
LC_MEASUREMENT = "en_US";
LC_MONETARY = "en_US";
LC_NAME = "en_US";
LC_NUMERIC = "en_US";
LC_PAPER = "en_US";
LC_TELEPHONE = "en_US";
LC_TIME = "en_US";
};
# Configure keymap in X11
services.xserver = {
xkb = {
layout = "us";
variant = "";
};
};
security.sudo.wheelNeedsPassword = false;
# Define a user account. Don't forget to set a password with passwd.
users.users.servius = {
isNormalUser = true;
description = "servius";
extraGroups = ["networkmanager" "wheel"];
packages = with pkgs; [];
openssh.authorizedKeys.keyFiles = [
../../secrets/id_ed25519.pub
../../secrets/id_ios.pub
];
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.tailscale.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [22];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}

45
nixos/tako/tako.nix → nixos/deoxys/deoxys.nix
View File

@@ -4,51 +4,28 @@
{
config,
lib,
# pkgs,
pkgs,
modulesPath,
...
}: {
imports = [
(modulesPath + "/installer/scan/not-detected.nix")
./disk-config.nix
];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "sd_mod"];
boot.initrd.kernelModules = ["dm-snapshot"];
boot.initrd.availableKernelModules = ["xhci_pci" "nvme" "usb_storage" "sd_mod"];
boot.initrd.kernelModules = [];
boot.kernelModules = ["kvm-intel"];
boot.extraModulePackages = [];
boot.binfmt.emulatedSystems = ["aarch64-linux"];
fileSystems."/var/lib/nextcloud" = {
device = "/media/nextcloud";
options = [
"bind"
];
};
fileSystems."/var/lib/docker" = {
device = "/media/docker";
options = [
"bind"
];
fileSystems."/" = {
device = "/dev/disk/by-uuid/1f72dde1-a713-4e69-a272-39a8324368c2";
fsType = "ext4";
};
fileSystems."/home".neededForBoot = true;
# fileSystems."/" = {
# device = "/dev/disk/by-uuid/8f805d1b-a469-4db8-9ee1-b98ea220714a";
# fsType = "ext4";
# };
#
# fileSystems."/boot" = {
# device = "/dev/disk/by-uuid/D840-A590";
# fsType = "vfat";
# options = ["fmask=0022" "dmask=0022"];
# };
#
# fileSystems."/media" = {
# device = "/dev/disk/by-uuid/cad22fc7-08d2-4650-8d5e-a101e3fd1bd1";
# fsType = "ext4";
# };
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/2CFD-2F25";
fsType = "vfat";
};
swapDevices = [];
@@ -57,7 +34,7 @@
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp6s0.useDHCP = lib.mkDefault true;
# networking.interfaces.wlp0s20f3.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;

3
nixos/deoxys/services/default.nix Normal file
View File

@@ -0,0 +1,3 @@
{...}: {
imports = [];
}

6
nixos/mirai/configuration.nix
View File

@@ -42,7 +42,7 @@
cores = 8;
auto-optimise-store = true;
extra-experimental-features = "nix-command flakes auto-allocate-uids";
trusted-users = [device.user "remotebuilder"];
trusted-users = ["root" "fs0c131y" "remotebuilder"];
trusted-substituters = [
"https://nix-community.cachix.org"
"https://nixos-raspberrypi.cachix.org"
@@ -65,11 +65,11 @@
dates = "daily";
options = "--delete-older-than 5d";
};
package = pkgs.nixVersions.latest; # deploy-rs doesn't work with nix >= 2.32
package = pkgs.nixVersions.nix_2_31; # deploy-rs doesn't work with nix >= 2.32
distributedBuilds = true;
};
users.users.${device.user} = {
users.users.fs0c131y = {
isNormalUser = true;
extraGroups = ["wheel" "docker" "media"];
openssh.authorizedKeys.keyFiles = [

912
nixos/mirai/services/dashboards/enhanced-overview.json Normal file
View File

@@ -0,0 +1,912 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"max": 100,
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "yellow",
"value": 70
},
{
"color": "red",
"value": 85
}
]
},
"unit": "percent"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "100 - (avg by (instance) (irate(node_cpu_seconds_total{job=\"tsuba-node\",mode=\"idle\"}[5m])) * 100)",
"legendFormat": "Tsuba CPU Usage",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "100 - (avg by (instance) (irate(node_cpu_seconds_total{job=\"ryu-node\",mode=\"idle\"}[5m])) * 100)",
"legendFormat": "Ryu CPU Usage",
"range": true,
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "100 - (avg by (instance) (irate(node_cpu_seconds_total{job=\"mirai-node\",mode=\"idle\"}[5m])) * 100)",
"legendFormat": "Mirai CPU Usage",
"range": true,
"refId": "C"
}
],
"title": "CPU Usage - All Devices",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "percent"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 8
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "(node_memory_MemTotal_bytes{job=\"tsuba-node\"} - node_memory_MemAvailable_bytes{job=\"tsuba-node\"}) / node_memory_MemTotal_bytes{job=\"tsuba-node\"} * 100",
"legendFormat": "Tsuba Memory Usage",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "(node_memory_MemTotal_bytes{job=\"ryu-node\"} - node_memory_MemAvailable_bytes{job=\"ryu-node\"}) / node_memory_MemTotal_bytes{job=\"ryu-node\"} * 100",
"legendFormat": "Ryu Memory Usage",
"range": true,
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "(node_memory_MemTotal_bytes{job=\"mirai-node\"} - node_memory_MemAvailable_bytes{job=\"mirai-node\"}) / node_memory_MemTotal_bytes{job=\"mirai-node\"} * 100",
"legendFormat": "Mirai Memory Usage",
"range": true,
"refId": "C"
}
],
"title": "Memory Usage - All Devices",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "yellow",
"value": 5
},
{
"color": "red",
"value": 10
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Failed Services"
},
"properties": [
{
"id": "unit",
"value": "short"
},
{
"id": "custom.cellOptions",
"value": {
"type": "color-background"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Active Services"
},
"properties": [
{
"id": "unit",
"value": "short"
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 16
},
"id": 3,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": ["sum"],
"show": false
},
"showHeader": true
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "systemd_units{job=~\"tsuba-systemd|ryu-systemd|mirai-systemd\",state=\"active\"}",
"format": "table",
"legendFormat": "__auto",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "systemd_units{job=~\"tsuba-systemd|ryu-systemd|mirai-systemd\",state=\"failed\"}",
"format": "table",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "B"
}
],
"title": "SystemD Service Status",
"transformations": [
{
"id": "merge",
"options": {}
},
{
"id": "groupBy",
"options": {
"fields": {
"Value #A": {
"aggregations": ["sum"],
"operation": "aggregate"
},
"Value #B": {
"aggregations": ["sum"],
"operation": "aggregate"
},
"job": {
"aggregations": [],
"operation": "groupby"
}
}
}
},
{
"id": "organize",
"options": {
"excludeByName": {},
"indexByName": {},
"renameByName": {
"Value #A (sum)": "Active Services",
"Value #B (sum)": "Failed Services",
"job": "Device"
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "percent"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 16
},
"id": 4,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "zfs_dataset_used_bytes{job=~\"tsuba-zfs|ryu-zfs|mirai-zfs\"} / zfs_dataset_available_bytes{job=~\"tsuba-zfs|ryu-zfs|mirai-zfs\"} * 100",
"legendFormat": "{{job}} - {{dataset}}",
"range": true,
"refId": "A"
}
],
"title": "ZFS Pool Usage",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "yellow",
"value": 40
},
{
"color": "red",
"value": 60
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Temperature"
},
"properties": [
{
"id": "unit",
"value": "celsius"
},
{
"id": "custom.cellOptions",
"value": {
"type": "gauge"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Health"
},
"properties": [
{
"id": "mappings",
"value": [
{
"options": {
"0": {
"color": "red",
"index": 1,
"text": "FAIL"
},
"1": {
"color": "green",
"index": 0,
"text": "OK"
}
},
"type": "value"
}
]
},
{
"id": "custom.cellOptions",
"value": {
"type": "color-background"
}
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 24
},
"id": 5,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": ["sum"],
"show": false
},
"showHeader": true
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "smartctl_device_smart_healthy{job=~\"tsuba-smartctl|ryu-smartctl|mirai-smartctl\"}",
"format": "table",
"legendFormat": "__auto",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "smartctl_device_temperature{job=~\"tsuba-smartctl|ryu-smartctl|mirai-smartctl\"}",
"format": "table",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "B"
}
],
"title": "Disk Health & Temperature",
"transformations": [
{
"id": "merge",
"options": {}
},
{
"id": "organize",
"options": {
"excludeByName": {
"__name__": true,
"instance": true,
"Time": true
},
"indexByName": {},
"renameByName": {
"Value #A": "Health",
"Value #B": "Temperature",
"device": "Device",
"job": "System"
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "reqps"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 32
},
"id": 6,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "rate(nginx_http_requests_total{job=\"mirai-nginx\"}[5m])",
"legendFormat": "{{server}} - {{status}}",
"range": true,
"refId": "A"
}
],
"title": "Nginx Request Rate",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 32
},
"id": 7,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "nginx_connections_active{job=\"mirai-nginx\"}",
"legendFormat": "Active Connections",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "nginx_connections_reading{job=\"mirai-nginx\"}",
"legendFormat": "Reading",
"range": true,
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "nginx_connections_writing{job=\"mirai-nginx\"}",
"legendFormat": "Writing",
"range": true,
"refId": "C"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "nginx_connections_waiting{job=\"mirai-nginx\"}",
"legendFormat": "Waiting",
"range": true,
"refId": "D"
}
],
"title": "Nginx Connections",
"type": "timeseries"
}
],
"refresh": "30s",
"schemaVersion": 38,
"style": "dark",
"tags": ["monitoring", "overview", "enhanced"],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Enhanced Infrastructure Overview",
"uid": "enhanced-overview",
"version": 0,
"weekStart": ""
}

601
nixos/mirai/services/dashboards/mirai-monitoring.json Normal file
View File

@@ -0,0 +1,601 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"max": 100,
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "percent"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "100 - (avg by (instance) (irate(node_cpu_seconds_total{job=\"mirai-node\",mode=\"idle\"}[5m])) * 100)",
"legendFormat": "CPU Usage",
"range": true,
"refId": "A"
}
],
"title": "Mirai CPU Usage",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "bytes"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 0
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_memory_MemTotal_bytes{job=\"mirai-node\"} - node_memory_MemAvailable_bytes{job=\"mirai-node\"}",
"legendFormat": "Used Memory",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_memory_MemTotal_bytes{job=\"mirai-node\"}",
"legendFormat": "Total Memory",
"range": true,
"refId": "B"
}
],
"title": "Mirai Memory Usage",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Memory"
},
"properties": [
{
"id": "unit",
"value": "bytes"
}
]
},
{
"matcher": {
"id": "byName",
"options": "Count"
},
"properties": [
{
"id": "unit",
"value": "short"
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 8
},
"id": 3,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": ["sum"],
"show": false
},
"showHeader": true,
"sortBy": [
{
"desc": true,
"displayName": "Memory"
}
]
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "namedprocess_namegroup_memory_bytes{job=\"mirai-process\"} > 0",
"format": "table",
"legendFormat": "__auto",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "namedprocess_namegroup_num_procs{job=\"mirai-process\"} > 0",
"format": "table",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "B"
}
],
"title": "Mirai Running Processes",
"transformations": [
{
"id": "merge",
"options": {}
},
{
"id": "organize",
"options": {
"excludeByName": {
"__name__": true,
"instance": true,
"job": true,
"Time": true
},
"indexByName": {},
"renameByName": {
"Value #A": "Memory",
"Value #B": "Count",
"groupname": "Process Name"
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 16
},
"id": 4,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load1{job=\"mirai-node\"}",
"legendFormat": "1m load",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load5{job=\"mirai-node\"}",
"legendFormat": "5m load",
"range": true,
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load15{job=\"mirai-node\"}",
"legendFormat": "15m load",
"range": true,
"refId": "C"
}
],
"title": "Mirai System Load",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "bytes"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 16
},
"id": 5,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "rate(node_network_receive_bytes_total{job=\"mirai-node\",device!~\"lo|veth.*|docker.*|virbr.*|br-.*\"}[5m])",
"legendFormat": "{{device}} - Inbound",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "rate(node_network_transmit_bytes_total{job=\"mirai-node\",device!~\"lo|veth.*|docker.*|virbr.*|br-.*\"}[5m])",
"legendFormat": "{{device}} - Outbound",
"range": true,
"refId": "B"
}
],
"title": "Mirai Network I/O",
"type": "timeseries"
}
],
"refresh": "30s",
"schemaVersion": 38,
"style": "dark",
"tags": ["monitoring", "mirai"],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Mirai System Monitoring",
"uid": "mirai-monitoring",
"version": 0,
"weekStart": ""
}

689
nixos/mirai/services/dashboards/overview-monitoring.json Normal file
View File

@@ -0,0 +1,689 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"max": 100,
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "yellow",
"value": 70
},
{
"color": "red",
"value": 85
}
]
},
"unit": "percent"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "100 - (avg by (instance) (irate(node_cpu_seconds_total{job=\"tsuba-node\",mode=\"idle\"}[5m])) * 100)",
"legendFormat": "Tsuba CPU Usage",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "100 - (avg by (instance) (irate(node_cpu_seconds_total{job=\"ryu-node\",mode=\"idle\"}[5m])) * 100)",
"legendFormat": "Ryu CPU Usage",
"range": true,
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "100 - (avg by (instance) (irate(node_cpu_seconds_total{job=\"mirai-node\",mode=\"idle\"}[5m])) * 100)",
"legendFormat": "Mirai CPU Usage",
"range": true,
"refId": "C"
}
],
"title": "All Devices - CPU Usage",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "percent"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 8
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "(node_memory_MemTotal_bytes{job=\"tsuba-node\"} - node_memory_MemAvailable_bytes{job=\"tsuba-node\"}) / node_memory_MemTotal_bytes{job=\"tsuba-node\"} * 100",
"legendFormat": "Tsuba Memory Usage",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "(node_memory_MemTotal_bytes{job=\"ryu-node\"} - node_memory_MemAvailable_bytes{job=\"ryu-node\"}) / node_memory_MemTotal_bytes{job=\"ryu-node\"} * 100",
"legendFormat": "Ryu Memory Usage",
"range": true,
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "(node_memory_MemTotal_bytes{job=\"mirai-node\"} - node_memory_MemAvailable_bytes{job=\"mirai-node\"}) / node_memory_MemTotal_bytes{job=\"mirai-node\"} * 100",
"legendFormat": "Mirai Memory Usage",
"range": true,
"refId": "C"
}
],
"title": "All Devices - Memory Usage",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "CPU %"
},
"properties": [
{
"id": "unit",
"value": "percent"
},
{
"id": "custom.cellOptions",
"value": {
"type": "gauge"
}
},
{
"id": "max",
"value": 100
}
]
},
{
"matcher": {
"id": "byName",
"options": "Memory %"
},
"properties": [
{
"id": "unit",
"value": "percent"
},
{
"id": "custom.cellOptions",
"value": {
"type": "gauge"
}
},
{
"id": "max",
"value": 100
}
]
},
{
"matcher": {
"id": "byName",
"options": "Load 1m"
},
"properties": [
{
"id": "unit",
"value": "short"
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 16
},
"id": 3,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "100 - (avg by (instance) (irate(node_cpu_seconds_total{job=~\"tsuba-node|ryu-node|mirai-node\",mode=\"idle\"}[5m])) * 100)",
"format": "table",
"legendFormat": "__auto",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "(node_memory_MemTotal_bytes{job=~\"tsuba-node|ryu-node|mirai-node\"} - node_memory_MemAvailable_bytes{job=~\"tsuba-node|ryu-node|mirai-node\"}) / node_memory_MemTotal_bytes{job=~\"tsuba-node|ryu-node|mirai-node\"} * 100",
"format": "table",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load1{job=~\"tsuba-node|ryu-node|mirai-node\"}",
"format": "table",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "C"
}
],
"title": "System Overview",
"transformations": [
{
"id": "merge",
"options": {}
},
{
"id": "organize",
"options": {
"excludeByName": {
"__name__": true,
"instance": true
},
"indexByName": {},
"renameByName": {
"Value #A": "CPU %",
"Value #B": "Memory %",
"Value #C": "Load 1m",
"job": "Device"
}
}
},
{
"id": "filterFieldsByName",
"options": {
"include": {
"names": [
"Device",
"CPU %",
"Memory %",
"Load 1m"
]
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 24
},
"id": 4,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load1{job=\"tsuba-node\"}",
"legendFormat": "Tsuba 1m load",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load1{job=\"ryu-node\"}",
"legendFormat": "Ryu 1m load",
"range": true,
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load1{job=\"mirai-node\"}",
"legendFormat": "Mirai 1m load",
"range": true,
"refId": "C"
}
],
"title": "System Load Average (1m)",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Process Count"
},
"properties": [
{
"id": "unit",
"value": "short"
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 24
},
"id": 5,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "count by (job) (namedprocess_namegroup_num_procs{job=~\"tsuba-process|ryu-process|mirai-process\"})",
"format": "table",
"legendFormat": "__auto",
"range": true,
"refId": "A"
}
],
"title": "Active Process Count by Device",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"__name__": true,
"Time": true
},
"indexByName": {},
"renameByName": {
"Value": "Process Count",
"job": "Device"
}
}
}
],
"type": "table"
}
],
"refresh": "30s",
"schemaVersion": 38,
"style": "dark",
"tags": [
"monitoring",
"overview"
],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Infrastructure Overview",
"uid": "overview-monitoring",
"version": 0,
"weekStart": ""
}

601
nixos/mirai/services/dashboards/ryu-monitoring.json Normal file
View File

@@ -0,0 +1,601 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"max": 100,
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "percent"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "100 - (avg by (instance) (irate(node_cpu_seconds_total{job=\"ryu-node\",mode=\"idle\"}[5m])) * 100)",
"legendFormat": "CPU Usage",
"range": true,
"refId": "A"
}
],
"title": "Ryu CPU Usage",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "bytes"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 0
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_memory_MemTotal_bytes{job=\"ryu-node\"} - node_memory_MemAvailable_bytes{job=\"ryu-node\"}",
"legendFormat": "Used Memory",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_memory_MemTotal_bytes{job=\"ryu-node\"}",
"legendFormat": "Total Memory",
"range": true,
"refId": "B"
}
],
"title": "Ryu Memory Usage",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Memory"
},
"properties": [
{
"id": "unit",
"value": "bytes"
}
]
},
{
"matcher": {
"id": "byName",
"options": "Count"
},
"properties": [
{
"id": "unit",
"value": "short"
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 8
},
"id": 3,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": ["sum"],
"show": false
},
"showHeader": true,
"sortBy": [
{
"desc": true,
"displayName": "Memory"
}
]
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "namedprocess_namegroup_memory_bytes{job=\"ryu-process\"} > 0",
"format": "table",
"legendFormat": "__auto",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "namedprocess_namegroup_num_procs{job=\"ryu-process\"} > 0",
"format": "table",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "B"
}
],
"title": "Ryu Running Processes",
"transformations": [
{
"id": "merge",
"options": {}
},
{
"id": "organize",
"options": {
"excludeByName": {
"__name__": true,
"instance": true,
"job": true,
"Time": true
},
"indexByName": {},
"renameByName": {
"Value #A": "Memory",
"Value #B": "Count",
"groupname": "Process Name"
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 16
},
"id": 4,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load1{job=\"ryu-node\"}",
"legendFormat": "1m load",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load5{job=\"ryu-node\"}",
"legendFormat": "5m load",
"range": true,
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load15{job=\"ryu-node\"}",
"legendFormat": "15m load",
"range": true,
"refId": "C"
}
],
"title": "Ryu System Load",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "binBps"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 16
},
"id": 5,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "rate(node_network_receive_bytes_total{job=\"ryu-node\",device!~\"lo|veth.*|docker.*|virbr.*|br-.*\"}[5m])",
"legendFormat": "{{device}} - Inbound",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "rate(node_network_transmit_bytes_total{job=\"ryu-node\",device!~\"lo|veth.*|docker.*|virbr.*|br-.*\"}[5m])",
"legendFormat": "{{device}} - Outbound",
"range": true,
"refId": "B"
}
],
"title": "Ryu Network I/O",
"type": "timeseries"
}
],
"refresh": "30s",
"schemaVersion": 38,
"style": "dark",
"tags": ["monitoring", "ryu"],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Ryu System Monitoring",
"uid": "ryu-monitoring",
"version": 0,
"weekStart": ""
}

616
nixos/mirai/services/dashboards/systemd-monitoring.json Normal file
View File

@@ -0,0 +1,616 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [
{
"options": {
"0": {
"color": "red",
"index": 1,
"text": "FAILED"
},
"1": {
"color": "green",
"index": 0,
"text": "ACTIVE"
}
},
"type": "value"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 0.5
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Status"
},
"properties": [
{
"id": "custom.cellOptions",
"value": {
"type": "color-background"
}
}
]
}
]
},
"gridPos": {
"h": 12,
"w": 24,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": ["sum"],
"show": false
},
"showHeader": true,
"sortBy": [
{
"desc": false,
"displayName": "Device"
}
]
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "systemd_unit_state{job=~\"tsuba-systemd|ryu-systemd|mirai-systemd\",state=~\"active|failed\",name=~\".+\\.(service|timer)$\"}",
"format": "table",
"legendFormat": "__auto",
"range": true,
"refId": "A"
}
],
"title": "SystemD Services Status",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"__name__": true,
"instance": true,
"Time": true
},
"indexByName": {},
"renameByName": {
"Value": "Status",
"job": "Device",
"name": "Service",
"state": "State"
}
}
},
{
"id": "filterFieldsByName",
"options": {
"include": {
"names": [
"Device",
"Service",
"Status"
]
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 12
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "count by (job) (systemd_unit_state{job=~\"tsuba-systemd|ryu-systemd|mirai-systemd\",state=\"active\",name=~\".+\\.service$\"})",
"legendFormat": "{{job}} - Active Services",
"range": true,
"refId": "A"
}
],
"title": "Active Services Count",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": [
{
"matcher": {
"id": "byRegexp",
"options": ".*Failed.*"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "red",
"mode": "fixed"
}
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 12
},
"id": 3,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "count by (job) (systemd_unit_state{job=~\"tsuba-systemd|ryu-systemd|mirai-systemd\",state=\"failed\",name=~\".+\\.service$\"})",
"legendFormat": "{{job}} - Failed Services",
"range": true,
"refId": "A"
}
],
"title": "Failed Services Count",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Restart Count"
},
"properties": [
{
"id": "unit",
"value": "short"
},
{
"id": "custom.cellOptions",
"value": {
"type": "color-background"
}
},
{
"id": "thresholds",
"value": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "yellow",
"value": 5
},
{
"color": "red",
"value": 10
}
]
}
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 20
},
"id": 4,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": ["sum"],
"show": false
},
"showHeader": true,
"sortBy": [
{
"desc": true,
"displayName": "Restart Count"
}
]
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "systemd_unit_restart_total{job=~\"tsuba-systemd|ryu-systemd|mirai-systemd\",name=~\".+\\.service$\"} > 0",
"format": "table",
"legendFormat": "__auto",
"range": true,
"refId": "A"
}
],
"title": "Service Restart Count",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"__name__": true,
"instance": true,
"Time": true
},
"indexByName": {},
"renameByName": {
"Value": "Restart Count",
"job": "Device",
"name": "Service"
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Next Run"
},
"properties": [
{
"id": "unit",
"value": "dateTimeAsIso"
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 28
},
"id": 5,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": ["sum"],
"show": false
},
"showHeader": true
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "systemd_timer_last_trigger_seconds{job=~\"tsuba-systemd|ryu-systemd|mirai-systemd\",name=~\".+\\.timer$\"}",
"format": "table",
"legendFormat": "__auto",
"range": true,
"refId": "A"
}
],
"title": "SystemD Timers",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"__name__": true,
"instance": true,
"Time": true
},
"indexByName": {},
"renameByName": {
"Value": "Last Trigger",
"job": "Device",
"name": "Timer"
}
}
}
],
"type": "table"
}
],
"refresh": "30s",
"schemaVersion": 38,
"style": "dark",
"tags": ["monitoring", "systemd", "services"],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "SystemD Services Monitoring",
"uid": "systemd-monitoring",
"version": 0,
"weekStart": ""
}

624
nixos/mirai/services/dashboards/tsuba-monitoring.json Normal file
View File

@@ -0,0 +1,624 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"max": 100,
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "percent"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "100 - (avg by (instance) (irate(node_cpu_seconds_total{job=\"tsuba-node\",mode=\"idle\"}[5m])) * 100)",
"legendFormat": "CPU Usage",
"range": true,
"refId": "A"
}
],
"title": "Tsuba CPU Usage",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "bytes"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 0
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_memory_MemTotal_bytes{job=\"tsuba-node\"} - node_memory_MemAvailable_bytes{job=\"tsuba-node\"}",
"legendFormat": "Used Memory",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_memory_MemTotal_bytes{job=\"tsuba-node\"}",
"legendFormat": "Total Memory",
"range": true,
"refId": "B"
}
],
"title": "Tsuba Memory Usage",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "CPU %"
},
"properties": [
{
"id": "unit",
"value": "percent"
},
{
"id": "custom.cellOptions",
"value": {
"type": "gauge"
}
},
{
"id": "max",
"value": 100
}
]
},
{
"matcher": {
"id": "byName",
"options": "Memory"
},
"properties": [
{
"id": "unit",
"value": "bytes"
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 8
},
"id": 3,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": ["sum"],
"show": false
},
"showHeader": true,
"sortBy": [
{
"desc": true,
"displayName": "CPU %"
}
]
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "rate(namedprocess_namegroup_cpu_seconds_total{job=\"tsuba-process\"}[5m]) * 100",
"format": "table",
"legendFormat": "__auto",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "namedprocess_namegroup_num_procs{job=\"tsuba-process\"} > 0",
"format": "table",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "namedprocess_namegroup_num_procs{job=\"tsuba-process\"}",
"format": "table",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "C"
}
],
"title": "Tsuba Running Processes",
"transformations": [
{
"id": "merge",
"options": {}
},
{
"id": "organize",
"options": {
"excludeByName": {
"__name__": true,
"instance": true,
"job": true
},
"indexByName": {},
"renameByName": {
"Value #A": "CPU %",
"Value #B": "Memory",
"Value #C": "Count",
"groupname": "Process Name"
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 16
},
"id": 4,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load1{job=\"tsuba-node\"}",
"legendFormat": "1m load",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load5{job=\"tsuba-node\"}",
"legendFormat": "5m load",
"range": true,
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load15{job=\"tsuba-node\"}",
"legendFormat": "15m load",
"range": true,
"refId": "C"
}
],
"title": "Tsuba System Load",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "bytes"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 16
},
"id": 5,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "rate(node_network_receive_bytes_total{job=\"tsuba-node\",device!~\"lo|veth.*|docker.*|virbr.*|br-.*\"}[5m])",
"legendFormat": "{{device}} - Inbound",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "rate(node_network_transmit_bytes_total{job=\"tsuba-node\",device!~\"lo|veth.*|docker.*|virbr.*|br-.*\"}[5m])",
"legendFormat": "{{device}} - Outbound",
"range": true,
"refId": "B"
}
],
"title": "Tsuba Network I/O",
"type": "timeseries"
}
],
"refresh": "30s",
"schemaVersion": 38,
"style": "dark",
"tags": ["monitoring", "tsuba"],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Tsuba System Monitoring",
"uid": "tsuba-monitoring",
"version": 0,
"weekStart": ""
}

37
nixos/mirai/services/default.nix
View File

@@ -1,26 +1,25 @@
{...}: {
imports = [
# ./atuin.nix
# ./authelia.nix
# ./caddy.nix
# ./excalidraw.nix
# ./fail2ban.nix
# ./flaresolverr.nix
# ./games
# ./gitea.nix
# ./homepage.nix
# # ./immich.nix
./atuin.nix
./authelia.nix
./caddy.nix
./excalidraw.nix
./fail2ban.nix
./flaresolverr.nix
./gitea.nix
./homepage.nix
./immich.nix
# ./llama.nix
# ./immich.nix
# # ./llama.nix
# ./lldap.nix
# ./nextcloud.nix
# # ./paperless.nix
# ./prowlarr.nix
# ./resolved.nix
# ./searxng.nix
./lldap.nix
./monitoring.nix
./nextcloud.nix
./prowlarr.nix
./resolved.nix
./searxng.nix
./tailscale.nix
# ./headscale.nix
# ./shitpost.nix
./games
# ./paperless.nix
];
services = {
nix-serve = {

79
nixos/mirai/services/headscale.nix
View File

@@ -1,79 +0,0 @@
{config, ...}: {
sops = {
secrets.headscale-secret = {
owner = config.systemd.services.headscale.serviceConfig.User;
mode = "0440";
restartUnits = ["headscale.service" "authelia-darksailor.service"];
key = "authelia/oidc/headscale/client_secret";
};
secrets.headscale-authelia = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = ["headscale.service" "authelia-darksailor.service"];
key = "authelia/oidc/headscale/client_secret";
};
};
services = {
headscale = {
enable = true;
port = 8095;
settings = {
dns = {
magic_dns = true;
base_domain = "headscale.darksailor.dev";
nameservers.global = ["1.1.1.1"];
};
oidc = {
issuer = "https://auth.darksailor.dev";
client_id = "headscale";
client_secret_path = "${config.sops.secrets.headscale-secret.path}";
pkce = {
enabled = true;
method = "S256";
};
};
};
};
# headplane = {
# enable = true;
# settings = {
# server.port = 42562;
# };
# };
caddy = {
virtualHosts."headscale.darksailor.dev".extraConfig = ''
reverse_proxy localhost:${toString config.services.headplane.settings.server.port}
'';
};
authelia = {
instances.darksailor = {
settings = {
identity_providers = {
oidc = {
clients = [
{
client_name = "HeadScale";
client_id = "headscale";
client_secret = ''{{ secret "${config.sops.secrets.headscale-authelia.path}" }}'';
public = false;
authorization_policy = "one_factor";
require_pkce = true;
pkce_challenge_method = "S256";
redirect_uris = [
"https://headscale.darksailor.dev/oidc/callback"
];
scopes = ["openid" "email" "profile" "groups"];
response_types = ["code"];
grant_types = ["authorization_code"];
access_token_signed_response_alg = "none";
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_basic";
}
];
};
};
};
};
};
};
}

249
nixos/mirai/services/monitoring.nix Normal file
View File

@@ -0,0 +1,249 @@
{
config,
pkgs,
lib,
# devices,
...
}: {
sops.secrets = {
"grafana/adminPassword" = {
owner = "grafana";
group = "grafana";
};
oauth-client-secret-grafana-authelia = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
key = "authelia/oidc/grafana/client_secret";
restartUnits = [
"authelia-darksailor.service"
];
};
oauth-client-secret-grafana = {
owner = config.systemd.services.grafana.serviceConfig.User;
key = "authelia/oidc/grafana/client_secret";
restartUnits = [
"grafana"
];
};
};
services = {
prometheus = {
enable = true;
port = 9090;
listenAddress = "0.0.0.0";
scrapeConfigs = [];
# ++ (lib.mapAttrsToList (name: cfg: {
# job_name = "mirai-" + name;
# static_configs = [
# {
# targets = [("localhost:" + (builtins.toString cfg.port))];
# }
# ];
# })
# (config.services.prometheus.exporters));
retentionTime = "30d";
globalConfig = {
scrape_interval = "15s";
evaluation_interval = "15s";
};
};
prometheus.exporters = {
ping = {
enable = true;
settings = {
targets = [
"1.1.1.1"
"ryu"
"tsuba"
"shiro"
];
ping = {
interval = "5s";
timeout = "5s";
};
};
openFirewall = true;
};
node = {
enable = true;
enabledCollectors = [
"systemd"
"textfile"
"filesystem"
"loadavg"
"meminfo"
"netdev"
"stat"
"time"
"uname"
"vmstat"
];
openFirewall = true;
};
process = {
enable = true;
settings.process_names = [
{
name = "{{.Comm}}";
cmdline = [".*"];
}
];
openFirewall = true;
};
systemd = {
enable = true;
openFirewall = true;
};
};
grafana = {
enable = true;
settings = {
server = {
http_addr = "0.0.0.0";
http_port = 3333;
domain = "monitoring.darksailor.dev";
root_url = "https://monitoring.darksailor.dev";
};
security = {
admin_user = "admin";
admin_password = "$__file{${config.sops.secrets."grafana/adminPassword".path}}";
};
auth = {
disable_login_form = true;
};
"auth.basic" = {
enabled = false;
};
"auth.generic_oauth" = {
enabled = true;
name = "Authelia";
client_id = "grafana";
client_secret = "$__file{${config.sops.secrets.oauth-client-secret-grafana.path}}";
scopes = "openid profile email groups";
empty_scopes = false;
auth_url = "https://auth.darksailor.dev/api/oidc/authorization";
token_url = "https://auth.darksailor.dev/api/oidc/token";
api_url = "https://auth.darksailor.dev/api/oidc/userinfo";
login_attribute_path = "email";
groups_attribute_path = "groups";
name_attribute_path = "name";
email_attribute_path = "email";
username_attribute_path = "preferred_username";
use_pkce = true;
auto_login = true;
allow_sign_up = true;
role_attribute_path = "contains(groups[*], 'sso_admin') && 'Admin' || Viewer";
use_refresh_token = false;
id_token_attribute_name = "";
signout_redirect_url = "https://auth.darksailor.dev/logout";
};
};
provision = {
enable = true;
datasources.settings.datasources = [
{
name = "Prometheus";
type = "prometheus";
access = "proxy";
url = "http://localhost:9090";
isDefault = true;
jsonData = {
timeInterval = "15s";
};
}
];
dashboards.settings = {
apiVersion = 1;
providers = [
{
name = "default";
type = "file";
options.path = "/var/lib/grafana/dashboards";
}
];
};
};
};
caddy.virtualHosts."monitoring.darksailor.dev".extraConfig = ''
reverse_proxy localhost:${builtins.toString config.services.grafana.settings.server.http_port}
'';
authelia = {
instances.darksailor = {
settings = {
identity_providers = {
oidc = {
claims_policies = {
grafana = {
id_token = [
"email"
"name"
"groups"
"preferred_username"
];
};
};
clients = [
{
client_name = "Grafana";
client_id = "grafana";
claims_policy = "grafana";
client_secret = ''{{ secret "${config.sops.secrets.oauth-client-secret-grafana-authelia.path}" }}'';
public = false;
authorization_policy = "one_factor";
require_pkce = true;
pkce_challenge_method = "S256";
redirect_uris = [
"https://monitoring.darksailor.dev/login/generic_oauth"
];
scopes = [
"openid"
"profile"
"email"
"groups"
];
response_types = ["code"];
grant_types = ["authorization_code"];
userinfo_signed_response_alg = "none";
id_token_signed_response_alg = "RS256";
access_token_signed_response_alg = "RS256";
token_endpoint_auth_method = "client_secret_basic";
}
];
};
};
};
};
};
};
# SOPS secrets for Grafana
# Create dashboard directory and copy dashboards
systemd.tmpfiles.rules = [
"d /var/lib/grafana/dashboards 0755 grafana grafana"
"C /var/lib/grafana/dashboards/tsuba-monitoring.json 0644 grafana grafana - ${./dashboards/tsuba-monitoring.json}"
"C /var/lib/grafana/dashboards/ryu-monitoring.json 0644 grafana grafana - ${./dashboards/ryu-monitoring.json}"
"C /var/lib/grafana/dashboards/mirai-monitoring.json 0644 grafana grafana - ${./dashboards/mirai-monitoring.json}"
"C /var/lib/grafana/dashboards/overview-monitoring.json 0644 grafana grafana - ${./dashboards/overview-monitoring.json}"
"C /var/lib/grafana/dashboards/enhanced-overview.json 0644 grafana grafana - ${./dashboards/enhanced-overview.json}"
"C /var/lib/grafana/dashboards/systemd-monitoring.json 0644 grafana grafana - ${./dashboards/systemd-monitoring.json}"
];
# Open firewall ports
networking.firewall = {
# Allow Tailscale traffic for metrics scraping
trustedInterfaces = ["tailscale0"];
};
# Ensure Grafana service starts after PostgreSQL
# systemd.services.grafana.after = ["postgresql.service"];
# systemd.services.grafana.requires = ["postgresql.service"];
}

12
nixos/mirai/services/shitpost.nix
View File

@@ -1,12 +0,0 @@
{pkgs, ...}: let
src = pkgs.fetchgit {
url = "https://git.darksailor.dev/servius/adarkdayinmylife.public";
rev = "68d972f68cab8f68916b94df05b7ab6a7da4a1da";
sha256 = "sha256-EVis06rmHq1jJK0FVsbgi7TOru7GtEUpbx0PjU2AKEo=";
};
in {
services.caddy.virtualHosts."adarkdayinmy.life".extraConfig = ''
root * ${src}/
file_server
'';
}

3
nixos/mirai/services/tailscale.nix
View File

@@ -1,9 +1,8 @@
{masterPkgs, ...}: {
{...}: {
services.tailscale = {
enable = true;
useRoutingFeatures = "server";
extraUpFlags = "--advertise-exit-node";
package = masterPkgs.tailscale;
};
networking.firewall.trustedInterfaces = [
"tailscale0"

1
nixos/ryu/apps/default.nix
View File

@@ -6,6 +6,5 @@
imports = [
# ./alvr.nix
./easyeffects.nix
./vr.nix
];
}

9
nixos/ryu/apps/vr.nix
View File

@@ -1,9 +0,0 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
wlx-overlay-s
wayvr-dashboard
bs-manager
monado-vulkan-layers
envision
];
}

26
nixos/ryu/configuration.nix
View File

@@ -10,7 +10,6 @@
./programs
./containers
./apps
# ./vms
];
security.tpm2 = {
@@ -22,7 +21,7 @@
programs = {
hyprland = {
enable = true;
withUWSM = true;
# withUWSM = true;
xwayland.enable = true;
};
};
@@ -40,10 +39,10 @@
nix = {
settings = {
max-jobs = 1;
cores = 24;
cores = 12;
auto-optimise-store = true;
extra-experimental-features = "nix-command flakes auto-allocate-uids";
trusted-users = [device.user];
trusted-users = ["root" "servius"];
trusted-substituters = [
"https://nix-community.cachix.org"
"https://nixos-raspberrypi.cachix.org"
@@ -67,9 +66,9 @@
dates = "daily";
options = "--delete-older-than +5";
};
package = pkgs.nixVersions.latest; # deploy-rs doesn't work with nix >= 2.32
package = pkgs.nixVersions.nix_2_31; # deploy-rs doesn't work with nix >= 2.32
buildMachines = [
../../builders/tako.nix
../../builders/mirai.nix
../../builders/shiro.nix
# ../../builders/tsuba.nix
];
@@ -78,7 +77,7 @@
users.users.${device.user} = {
isNormalUser = true;
extraGroups = ["wheel" "audio" "i2c" "media" "video" "tss"];
extraGroups = ["wheel" "audio" "i2c" "media" "openrazer" "video" "tss"];
openssh.authorizedKeys.keyFiles = [
../../secrets/id_ed25519.pub
../../secrets/id_ios.pub
@@ -168,6 +167,8 @@
};
};
services.openssh.enable = true;
networking = {
interfaces.eno1.wakeOnLan = {
policy = ["magic"];
@@ -193,16 +194,15 @@
# firewall.enable = false;
nftables.enable = true;
firewall = {
enable = false;
enable = true;
trustedInterfaces = [
"tailscale0"
];
allowedUDPPorts = [
9 # Wake on LAN
4950 # Warframe
4955 # Warframe
3113 # Other
];
4950
4955
3113
]; # Warframe
allowedTCPPortRanges = [
{
from = 1714;

21
nixos/ryu/programs/gamemode.nix
View File

@@ -1,24 +1,5 @@
{
pkgs,
device,
...
}: {
{...}: {
programs.gamemode = {
enable = true;
settings = {
general = {
renice = 10;
};
custom = {
start = let
out = pkgs.writeScriptBin "gamemode-start" ''
${pkgs.lmstudio}/bin/lms unload
${pkgs.libnotify}/bin/notify-send 'GameMode started'
'';
in "${out}/bin/gamemode-start";
end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
};
};
};
users.users.${device.user}.extraGroups = ["gamemode"];
}

4
nixos/ryu/programs/obs-studio.nix
View File

@@ -5,9 +5,7 @@
enableVirtualCamera = true;
plugins = [
pkgs.obs-studio-plugins.wlrobs
pkgs.obs-studio-plugins.input-overlay
pkgs.obs-studio-plugins.obs-vkcapture
# pkgs.obs-studio-plugins.droidcam-obs
pkgs.obs-studio-plugins.droidcam-obs
];
};
};

29
nixos/ryu/ryu.nix
View File

@@ -17,13 +17,10 @@
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [
vpl-gpu-rt
intel-media-driver
# intel-vaapi-driver
nvidia-vaapi-driver
cudatoolkit
# vaapiVdpau
# libvdpau-va-gl
# nvidia-utils
];
};
nvidia = {
@@ -50,15 +47,20 @@
# nixpkgs.localSystem = {system = "x86_64-linux";};
# nixpkgs.crossSystem = {system = "aarch64-linux";};
boot.binfmt.emulatedSystems = ["aarch64-linux"];
services.fprintd.enable = true;
services.sshd.enable = true;
boot.loader.systemd-boot.consoleMode = "max";
environment.sessionVariables = {
# LIBVA_DRIVER_NAME = "i965";
# __EGL_VENDOR_LIBRARY_FILENAMES = "/run/opengl-driver/share/glvnd/egl_vendor.d/50_mesa.json";
LIBVA_DRIVER_NAME = "nvidia";
NVD_BACKEND = "direct";
__GLX_VENDOR_LIBRARY_NAME = "nvidia";
NIXOS_OZONE_WL = "1";
};
virtualisation.libvirtd.enable = true;
users.extraUsers.servius.extraGroups = ["libvirtd" "adbusers" "kvm"];
boot.extraModprobeConfig = ''
@@ -100,19 +102,20 @@
'';
fileSystems."/" = {
device = "/dev/disk/by-uuid/7b488da9-49d3-44d1-b11b-bc6dcd418b1d";
device = "/dev/disk/by-uuid/11d8beef-2a63-4231-af35-b9b8d3a17e9b";
fsType = "ext4";
};
fileSystems."/nix" = {
device = "/dev/disk/by-uuid/ef734595-a856-4207-8da1-1f0bde4bad61";
device = "/dev/disk/by-uuid/64099f91-d4d6-44fa-92d4-9e905b3e7829";
fsType = "ext4";
neededForBoot = true;
options = ["noatime"];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/4E27-DAC0";
fsType = "vfat";
options = ["fmask=0007" "dmask=0007"];
};
fileSystems."/home" = {
@@ -121,18 +124,18 @@
neededForBoot = true;
};
# fileSystems."/media" = {
# device = "/dev/storage/media";
# fsType = "ext4";
# options = ["users" "nofail"];
# };
fileSystems."/games" = {
device = "/dev/storage/games";
fsType = "ext4";
options = ["nofail"];
};
fileSystems."/volumes/windows-games" = {
device = "/dev/disk/by-partuuid/56359fb7-7d33-44d2-bebd-b0c53daeeb73";
fsType = "ntfs3";
options = ["nofail"];
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking

20
nixos/ryu/services/caddy.nix
View File

@@ -4,10 +4,10 @@
...
}: {
sops = {
secrets."cloudflare/api_key".owner = config.services.caddy.user;
secrets."hetzner/api_key".owner = config.services.caddy.user;
templates = {
"CLOUDFLARE_API_KEY.env".content = ''
CLOUDFLARE_API_KEY=${config.sops.placeholder."cloudflare/api_key"}
"HETZNER_API_KEY.env".content = ''
HETZNER_API_KEY=${config.sops.placeholder."hetzner/api_key"}
'';
};
};
@@ -15,22 +15,28 @@
caddy = {
enable = true;
extraConfig = ''
(cloudflare) {
(hetzner) {
tls {
propagation_timeout -1
propagation_delay 120s
dns cloudflare {env.CLOUDFLARE_API_KEY}
dns hetzner {env.HETZNER_API_KEY}
resolvers 1.1.1.1
}
}
'';
package = pkgs.caddyWithCloudflare;
package = pkgs.caddyWithHetzner;
# package = pkgs.caddy.withPlugins {
# plugins = ["github.com/caddy-dns/hetzner@v1.0.0"];
# # hash = "sha256-9ea0CfOHG7JhejB73HjfXQpnonn+ZRBqLNz1fFRkcDQ=";
# # hash = "sha256-9ea0CfOHG7JhejB73HjfXQpnonn+ZRBqLNz1fFRkcDQ="
# hash = "sha256-YUrprDZQL+cX3P8fVLKHouXTMG4rw3sCaQdGqiq37uA=";
# };
};
};
systemd.services.caddy = {
after = ["sops-install-secrets.service"];
serviceConfig = {
EnvironmentFile = config.sops.templates."CLOUDFLARE_API_KEY.env".path;
EnvironmentFile = config.sops.templates."HETZNER_API_KEY.env".path;
};
};
}

7
nixos/ryu/services/default.nix
View File

@@ -16,12 +16,5 @@
./fwupd.nix
./caddy.nix
./monitoring.nix
./wivrn.nix
./sshd.nix
./fprintd.nix
./handoff.nix
./gstreamer.nix
./dualsense.nix
./openssh.nix
];
}

11
nixos/ryu/services/dualsense.nix
View File

@@ -1,11 +0,0 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
dualsensectl
];
services.udev.extraRules = ''
# USB
ATTRS{name}=="Sony Interactive Entertainment DualSense Wireless Controller Touchpad", ENV{LIBINPUT_IGNORE_DEVICE}="1"
# Bluetooth
ATTRS{name}=="DualSense Wireless Controller", ENV{LIBINPUT_IGNORE_DEVICE}="1"
'';
}

3
nixos/ryu/services/fprintd.nix
View File

@@ -1,3 +0,0 @@
{...}: {
services.fprintd.enable = true;
}

22
nixos/ryu/services/gstreamer.nix
View File

@@ -1,22 +0,0 @@
{pkgs, ...}: {
environment = {
systemPackages = with pkgs; [
gst_all_1.gst-libav
gst_all_1.gst-plugins-bad
gst_all_1.gst-plugins-base
gst_all_1.gst-plugins-good
gst_all_1.gst-plugins-rs
gst_all_1.gst-plugins-ugly
gst_all_1.gstreamer
gst_all_1.gstreamermm
gst_all_1.gst-rtsp-server
gst_all_1.gst-vaapi
# gst_all_1.icamerasrc-ipu6
# gst_all_1.icamerasrc-ipu6ep
# gst_all_1.icamerasrc-ipu6epmtl
];
sessionVariables = {
GST_PLUGIN_PATH = "/run/current-system/sw/lib/gstreamer-1.0/";
};
};
}

7
nixos/ryu/services/handoff.nix
View File

@@ -1,7 +0,0 @@
{...}: {
services.airpods-handoff = {
enable = true;
user = "servius";
macAddress = "14:14:7D:E5:1A:AC";
};
}

19
nixos/ryu/services/llama.nix
View File

@@ -8,26 +8,25 @@
llama-cpp = {
enable = false;
port = 11345;
# model = "/nix/store/ch6z9di3l0k54ad29pzv8k3zv47q30d1-Qwen3-Coder-30B-A3B-Instruct-Q4_K_M.gguf";
model = pkgs.fetchurl {
# url = "https://huggingface.co/lmstudio-community/gpt-oss-20b-GGUF/resolve/main/gpt-oss-20b-MXFP4.gguf";
# sha256 = "65d06d31a3977d553cb3af137b5c26b5f1e9297a6aaa29ae7caa98788cde53ab";
url = "https://huggingface.co/lmstudio-community/Qwen3-Coder-30B-A3B-Instruct-GGUF/resolve/main/Qwen3-Coder-30B-A3B-Instruct-Q4_K_M.gguf";
sha256 = "79ad15a5ee3caddc3f4ff0db33a14454a5a3eb503d7fa1c1e35feafc579de486";
};
model = "/nix/store/ch6z9di3l0k54ad29pzv8k3zv47q30d1-Qwen3-Coder-30B-A3B-Instruct-Q4_K_M.gguf";
# model = pkgs.fetchurl {
# # url = "https://huggingface.co/lmstudio-community/gpt-oss-20b-GGUF/resolve/main/gpt-oss-20b-MXFP4.gguf";
# # sha256 = "65d06d31a3977d553cb3af137b5c26b5f1e9297a6aaa29ae7caa98788cde53ab";
# url = "https://huggingface.co/lmstudio-community/Qwen3-Coder-30B-A3B-Instruct-GGUF/resolve/main/Qwen3-Coder-30B-A3B-Instruct-Q4_K_M.gguf";
# sha256 = "79ad15a5ee3caddc3f4ff0db33a14454a5a3eb503d7fa1c1e35feafc579de486";
# };
extraFlags = [
"-c"
"98304"
"--jinja"
"--chat-template-file"
"${../../../assets/chat.hbs}"
# "--chat-template-file"
# "/nix/store/4zk1p50hrzghp3jzzysz96pa64i2kmjl-promp.hbs"
];
# package = inputs.llama-cpp.packages.${pkgs.system}.cuda;
};
caddy = {
virtualHosts."llama.ryu.darksailor.dev".extraConfig = ''
import cloudflare
import hetzner
reverse_proxy localhost:${builtins.toString config.services.llama-cpp.port}
'';
};

6
nixos/ryu/services/ollama.nix
View File

@@ -41,15 +41,15 @@
# };
caddy = {
# virtualHosts."llama.ryu.darksailor.dev".extraConfig = ''
# import cloudflare
# forward_auth tako:5555 {
# import hetzner
# forward_auth mirai:5555 {
# uri /api/authz/forward-auth
# copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
# }
# reverse_proxy localhost:${builtins.toString config.services.open-webui.port}
# '';
virtualHosts."ollama.ryu.darksailor.dev".extraConfig = ''
import cloudflare
import hetzner
reverse_proxy localhost:${builtins.toString config.services.ollama.port}
'';
};

7
nixos/ryu/services/openssh.nix
View File

@@ -1,7 +0,0 @@
{...}: {
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.PermitRootLogin = "prohibit-password";
};
}

3
nixos/ryu/services/sshd.nix
View File

@@ -1,3 +0,0 @@
{...}: {
services.sshd.enable = true;
}

18
nixos/ryu/services/tailscale.nix
View File

@@ -1,8 +1,22 @@
{masterPkgs, ...}: {
{
pkgs,
lib,
...
}: {
services = {
tailscale = {
enable = true;
package = masterPkgs.tailscale;
# useRoutingFeatures = "both";
# extraUpFlags = ["--advertise-routes=192.168.0.0/24"];
};
# networkd-dispatcher = {
# enable = true;
# rules."50-tailscale" = {
# onState = ["routable"];
# script = ''
# ${lib.getExe pkgs.ethtool} -K en01 rx-udp-gro-forwarding on rg-xgro-list off
# '';
# };
# };
};
}

13
nixos/ryu/services/wivrn.nix
View File

@@ -1,13 +0,0 @@
{pkgs, ...}: {
services.wivrn = {
enable = true;
openFirewall = true;
defaultRuntime = true;
autoStart = true;
steam = {
importOXRRuntimes = true;
};
highPriority = true;
# package = pkgs.wivrn;
};
}

12
nixos/ryu/vms/default.nix
View File

@@ -1,16 +1,4 @@
{
virtualisation = {
libvirtd = {
enable = true;
qemu = {
runAsRoot = true;
swtpm.enable = true;
# ovmf = {
# enable = true;
# };
};
};
};
imports = [
./win11.nix
];

4
nixos/ryu/vms/win11.nix
View File

@@ -4,6 +4,10 @@
lib,
...
}: {
virtualisation.libvirtd.enable = true;
virtualisation.libvirtd.qemu.ovmf.enable = true;
virtualisation.libvirtd.qemu.swtpm.enable = true;
# IOMMU and VFIO settings
# boot.kernelParams = [
# "amd_iommu=on" # Use "intel_iommu=on" for Intel CPUs

186
nixos/tako/configuration.nix
View File

@@ -1,186 +0,0 @@
{
config,
pkgs,
device,
...
}: {
imports = [
# Include the results of the hardware scan.
./services
./tako.nix
# ./docker.nix
];
virtualisation.docker.enable = true;
# virtualisation.podman = {
# enable = true;
# dockerSocket.enable = true;
# defaultNetwork.dnsname.enable = true;
# };
users.extraUsers.${device.user}.extraGroups = ["docker"];
environment.systemPackages = with pkgs; [
arion
];
security.sudo.wheelNeedsPassword = false;
sops = {
secrets."builder/mirai/cache/private" = {};
secrets.users = {
sopsFile = ../../secrets/users.yaml;
format = "yaml";
key = "";
};
};
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
nix = {
settings = {
max-jobs = 1;
cores = 8;
auto-optimise-store = true;
extra-experimental-features = "nix-command flakes auto-allocate-uids";
trusted-users = [device.user "remotebuilder"];
trusted-substituters = [
"https://nix-community.cachix.org"
"https://nixos-raspberrypi.cachix.org"
# "https://sh.darksailor.dev"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
# "tako:bcVPoFGBZ0i7JAKMXIqLj2GY3CulLC4kP7rQyqes1RM="
];
};
extraOptions = ''
build-users-group = nixbld
extra-nix-path = nixpkgs=flake:nixpkgs
builders-use-substitutes = true
secret-key-files = ${config.sops.secrets."builder/mirai/cache/private".path}
'';
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 5d";
};
package = pkgs.nixVersions.latest; # deploy-rs doesn't work with nix >= 2.32
distributedBuilds = true;
};
users.users.${device.user} = {
isNormalUser = true;
extraGroups = ["wheel" "docker" "media"];
openssh.authorizedKeys.keyFiles = [
../../secrets/id_ed25519.pub
../../secrets/id_ios.pub
];
};
users.users.remotebuilder = {
isNormalUser = true;
openssh.authorizedKeys.keyFiles = [
../../secrets/id_ed25519.pub
];
};
users.groups.media = {};
nixpkgs.config.allowUnfree = true;
networking.hostName = "tako"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Asia/Singapore";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# hardware.pulseaudio.enable = true;
# OR
# services.pipewire = {
# enable = true;
# pulse.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# firefox
# tree
# ];
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [22 80 443];
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}

96
nixos/tako/disk-config.nix
View File

@@ -1,96 +0,0 @@
{...}: {
disko.devices = {
disk = {
one = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["umask=0077"];
};
};
primary = {
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
two = {
type = "disk";
device = "/dev/sdb";
content = {
type = "gpt";
partitions = {
primary = {
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "128G";
lvm_type = "mirror";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
nix = {
size = "256G";
lvm_type = "raid0";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/nix";
};
};
home = {
size = "64G";
lvm_type = "raid0";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/home";
};
};
media = {
size = "100%";
lvm_type = "raid0";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/media";
};
};
};
};
};
};
}

69
nixos/tako/docker.nix
View File

@@ -1,69 +0,0 @@
{
config,
lib,
pkgs,
...
}: {
# virtualisation = {
# docker.enable = true;
# podman.enable = true;
# oci-containers = {
# backend = "podman";
# containers.homeassistant = {
# volumes = ["home-assistant:/config"];
# environment.TZ = "Asia/Kolkata";
# image = "ghcr.io/home-assistant/home-assistant:stable"; # Warning: if the tag does not change, the image will not be updated
# extraOptions = [
# "--network=ha-net"
# ];
# };
# };
# };
# networking.firewall.allowedTCPPorts = [8123];
# environment.systemPackages = with pkgs; [
# docker
# podman
# ];
# services.caddy = {
# enable = true;
# virtualHosts."home.darksailor.dev".extraConfig = ''
# reverse_proxy localhost:8123
# '';
# };
# containers.llama = {
# autoStart = true;
# privateNetwork = true;
# hostAddress = "192.168.100.10";
# localAddress = "192.168.100.11";
# hostAddress6 = "fc00::1";
# localAddress6 = "fc00::2";
# config = {
# config,
# pkgs,
# libs,
# ...
# }: {
# system.stateVersion = "24.11";
# networking = {
# firewall = {
# enable = true;
# allowedTCPPorts = [4000];
# };
# # Use systemd-resolved inside the container
# # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
# useHostResolvConf = lib.mkForce false;
# };
# services.resolved.enable = true;
# services.llama-cpp = {
# enable = true;
# host = "127.0.0.1";
# port = 4000;
# model = builtins.fetchurl {
# name = "qwen_2.5.1_coder_7b_instruct_gguf";
# sha256 = "61834b88c1a1ce5c277028a98c4a0c94a564210290992a7ba301bbef96ef8eba";
# url = "https://huggingface.co/bartowski/Qwen2.5.1-Coder-7B-Instruct-GGUF/resolve/main/Qwen2.5.1-Coder-7B-Instruct-Q8_0.gguf?download=true";
# };
# };
# };
# };
}

17
nixos/tako/services/attic.nix
View File

@@ -1,17 +0,0 @@
{...}: {
services = {
atticd = {
enable = false;
listen = "/run/attic.sock";
};
caddy = {
virtualHosts."cache.darksailor.dev".extraConfig = ''
reverse_proxy /run/attic.sock {
transport http {
protocol = "fd"
}
}
'';
};
};
}

13
nixos/tako/services/atuin.nix
View File

@@ -1,13 +0,0 @@
{...}: {
services = {
atuin = {
enable = true;
openRegistration = false;
};
caddy = {
virtualHosts."atuin.darksailor.dev".extraConfig = ''
reverse_proxy localhost:8888
'';
};
};
}

109
nixos/tako/services/authelia.nix
View File

@@ -1,109 +0,0 @@
{config, ...}: let
port = 5555;
in {
sops = {
secrets = let
user = config.systemd.services.authelia-darksailor.serviceConfig.User;
in {
"authelia/servers/darksailor/jwtSecret".owner = user;
"authelia/servers/darksailor/storageEncryptionSecret".owner = user;
"authelia/servers/darksailor/sessionSecret".owner = user;
"authelia/users/servius".owner = user;
"lldap/users/authelia".owner = user;
users.owner = user;
"authelia/oidc/jwks".owner = user;
};
};
services = {
authelia = {
instances.darksailor = {
enable = true;
settings = {
authentication_backend = {
password_reset.disable = false;
password_change.disable = false;
ldap = {
address = "ldap://localhost:389";
timeout = "5s";
base_dn = "dc=darksailor,dc=dev";
user = "cn=authelia,ou=people,dc=darksailor,dc=dev";
users_filter = "(&({username_attribute}={input})(objectClass=person))";
groups_filter = "(&(member={dn})(objectClass=groupOfNames))";
additional_users_dn = "OU=people";
additional_groups_dn = "OU=groups";
};
};
session = {
cookies = [
{
domain = "darksailor.dev";
authelia_url = "https://auth.darksailor.dev";
name = "authelia_session";
}
];
};
access_control = {
default_policy = "one_factor";
rules = let
bypass_api = domain: [
{
inherit domain;
policy = "bypass";
resources = [
"^/api([/?].*)?$"
];
}
{
inherit domain;
policy = "one_factor";
}
];
in
(bypass_api "sonarr.tsuba.darksailor.dev")
++ (bypass_api "radarr.tsuba.darksailor.dev")
++ (bypass_api "lidarr.tsuba.darksailor.dev")
++ (bypass_api "bazarr.tsuba.darksailor.dev")
++ (bypass_api "prowlarr.tsuba.darksailor.dev");
};
storage = {
local = {
path = "/var/lib/authelia-darksailor/authelia.sqlite3";
};
};
theme = "dark";
notifier.filesystem.filename = "/var/lib/authelia-darksailor/authelia-notifier.log";
server = {
address = "0.0.0.0:${toString port}";
endpoints.authz = {
forward-auth = {
implementation = "ForwardAuth";
};
auth-request = {
implementation = "AuthRequest";
};
};
};
};
secrets = {
jwtSecretFile = config.sops.secrets."authelia/servers/darksailor/jwtSecret".path;
storageEncryptionKeyFile = config.sops.secrets."authelia/servers/darksailor/storageEncryptionSecret".path;
sessionSecretFile = config.sops.secrets."authelia/servers/darksailor/sessionSecret".path;
oidcHmacSecretFile = config.sops.secrets."authelia/servers/darksailor/sessionSecret".path;
oidcIssuerPrivateKeyFile = config.sops.secrets."authelia/oidc/jwks".path;
};
environmentVariables = {
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE = config.sops.secrets."lldap/users/authelia".path;
};
};
};
caddy = {
virtualHosts."auth.darksailor.dev".extraConfig = ''
reverse_proxy localhost:${toString port} {
# header_up Host {http.request.header.X-Forwarded-Host}
# header_up X-Forwarded-Host {http.request.header.X-Forwarded-Host}
# header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
}
'';
};
};
}

15
nixos/tako/services/caddy.nix
View File

@@ -1,15 +0,0 @@
{...}: {
services = {
caddy = {
enable = true;
extraConfig = ''
(auth) {
forward_auth localhost:5555 {
uri /api/authz/forward-auth?authelia_url=https://auth.darksailor.dev
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}
}
'';
};
};
}

31
nixos/tako/services/default.nix
View File

@@ -1,31 +0,0 @@
{...}: {
imports = [
# ./games
# ./headscale.nix
# ./llama.nix
# ./monitoring.nix
# ./paperless.nix
./shitpost.nix
./atuin.nix
./authelia.nix
./caddy.nix
./excalidraw.nix
./fail2ban.nix
./flaresolverr.nix
./gitea.nix
./homepage.nix
./immich.nix
./lldap.nix
./nextcloud.nix
./openssh.nix
./prowlarr.nix
./resolved.nix
./searxng.nix
./tailscale.nix
];
services = {
nix-serve = {
enable = true;
};
};
}

30
nixos/tako/services/excalidraw.nix
View File

@@ -1,30 +0,0 @@
{...}: {
virtualisation.oci-containers = {
backend = "docker";
containers = {
excalidraw = {
image = "excalidraw/excalidraw:latest";
ports = ["127.0.0.1:5959:80"];
volumes = [];
};
};
};
services.caddy.virtualHosts."draw.darksailor.dev".extraConfig = ''
import auth
reverse_proxy localhost:5959
'';
services.authelia = {
instances.darksailor = {
settings = {
access_control = {
rules = [
{
domain = "draw.darksailor.dev";
policy = "one_factor";
}
];
};
};
};
};
}

21
nixos/tako/services/fail2ban.nix
View File

@@ -1,21 +0,0 @@
{...}: {
# sops = {
# secrets."ryu/public" = {};
# };
services = {
fail2ban = {
enable = true;
bantime = "24h"; # Ban IPs for one day on the first ban
bantime-increment = {
enable = true; # Enable increment of bantime after each violation
# formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
multipliers = "1 2 4 8 16 32 64";
maxtime = "168h"; # Do not ban for more than 1 week
overalljails = true; # Calculate the bantime based on all the violations
};
ignoreIP = [
"106.219.121.52"
];
};
};
}

8
nixos/tako/services/flaresolverr.nix
View File

@@ -1,8 +0,0 @@
{stablePkgs, ...}: {
services = {
flaresolverr = {
enable = true;
package = stablePkgs.flaresolverr;
};
};
}

7
nixos/tako/services/games/default.nix
View File

@@ -1,7 +0,0 @@
{...}: {
imports = [
# ./minecraft.nix
# ./satisfactory.nix
# ./terraria.nix
];
}

56
nixos/tako/services/games/minecraft.nix
View File

@@ -1,56 +0,0 @@
{
pkgs,
inputs,
...
}: {
# imports = [inputs.nix-minecraft.nixosModules.minecraft-servers];
services = let
whitelist = {
"AbhinavSE" = "8b6c052e-69b3-4bee-b9dc-12eb94653c9e";
"Serveus" = "79882fb6-d594-4073-a3d0-70a01d0abb67";
"__Shun__" = "1c7a300f-98e4-402c-8741-432f3494bb25";
"shashikant" = "20891e82-203c-4d04-9868-79a5879ecfc3";
};
in {
minecraft-server = {
inherit whitelist;
enable = false;
openFirewall = true;
eula = true;
declarative = true;
serverProperties = {
motd = "Servius's Minecraft Server";
level-seed = "4504535438041489910";
view-distance = 24;
white-list = true;
};
package = let
getJavaVersion = v: (builtins.getAttr "openjdk${toString v}" pkgs.javaPackages.compiler).headless;
in
pkgs.minecraft-server.override {
url = "https://piston-data.mojang.com/v1/objects/6e64dcabba3c01a7271b4fa6bd898483b794c59b/server.jar";
sha1 = "sha1-bmTcq7o8AacnG0+mvYmEg7eUxZs=";
version = "1.21.6";
jre_headless = getJavaVersion 21;
};
};
# minecraft-servers = {
# enable = true;
# eula = true;
# openFirewall = true;
# servers.fabric = {
# inherit whitelist;
# enable = true;
# jvmOpts = "-Xmx4G -Xms4G";
# package = pkgs.fabricServers.fabric-1_21_7;
# serverProperties = {
# motd = "Servius's Fabric Minecraft Server";
# server-port = 25567;
# level-seed = "4504535438041489910";
# view-distance = 24;
# white-list = true;
# };
# };
# };
};
}

10
nixos/tako/services/games/satisfactory.nix
View File

@@ -1,10 +0,0 @@
{...}: {
imports = [
../../../../modules/nixos/satisfactory.nix
];
services.satisfactory = {
# enable = true;
enable = false;
maxPlayers = 4;
};
}

7
nixos/tako/services/games/terraria.nix
View File

@@ -1,7 +0,0 @@
{...}: {
services.terraria = {
enable = true;
# port = 7777;
autoCreatedWorldSize = "large";
};
}

185
nixos/tako/services/gitea.nix
View File

@@ -1,185 +0,0 @@
{
lib,
config,
pkgs,
...
}: {
virtualisation.docker.enable = true;
sops = {
# secrets."gitea/registration".owner = config.systemd.services.gitea-actions-tako.serviceConfig.User;
secrets."gitea/registration" = {};
secrets."authelia/oidc/gitea/client_secret" = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = [
"gitea.service"
"authelia-darksailor.service"
];
};
secrets."authelia/oidc/gitea/client_id" = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = [
"gitea.service"
"authelia-darksailor.service"
];
};
templates = {
"GITEA_REGISTRATION_TOKEN.env".content = ''
TOKEN=${config.sops.placeholder."gitea/registration"}
'';
"GITEA_OAUTH_SETUP.env".content = ''
CLIENT_ID=${config.sops.placeholder."authelia/oidc/gitea/client_id"}
CLIENT_SECRET=${config.sops.placeholder."authelia/oidc/gitea/client_secret"}
'';
};
};
services = {
gitea = {
enable = true;
lfs.enable = true;
settings = {
service = {
DISABLE_REGISTRATION = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
SHOW_REGISTRATION_BUTTON = false;
ENABLE_REVERSE_PROXY_AUTHENTICATION = false;
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false;
ENABLE_PASSWORD_SIGNIN_FORM = false;
};
repository = {
ENABLE_PUSH_CREATE_USER = true;
};
mailer = {
ENABLED = true;
PROTOCOL = "sendmail";
};
security = {
REVERSE_PROXY_AUTHENTICATION_USER = "REMOTE-USER";
};
server = {
ROOT_URL = "https://git.darksailor.dev";
DOMAIN = "git.darksailor.dev";
# LFS_START_SERVER = true;
LFS_ALLOW_PURE_SSH = true;
};
oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
ACCOUNT_LINKING = "auto";
OPENID_CONNECT_SCOPES = "openid profile email";
};
openid = {
ENABLE_OPENID_SIGNIN = false;
ENABLE_OPENID_SIGNUP = true;
WHITELISTED_URIS = "auth.darksailor.dev";
};
};
};
# gitea-actions-runner = {
# instances = {
# tako = {
# enable = true;
# name = "tako";
# url = "https://git.darksailor.dev";
# labels = [
# "ubuntu-latest:docker://catthehacker/ubuntu:full-latest"
# "ubuntu-22.04:docker://catthehacker/ubuntu:full-22.04"
# "ubuntu-20.04:docker://catthehacker/ubuntu:full-20.04"
# "native:host"
# ];
# tokenFile = "${config.sops.templates."GITEA_REGISTRATION_TOKEN.env".path}";
# };
# };
# };
caddy = {
virtualHosts."git.darksailor.dev".extraConfig = ''
reverse_proxy localhost:3000
'';
};
authelia = {
instances.darksailor = {
settings = {
# access_control = {
# rules = [
# {
# domain = "git.darksailor.dev";
# policy = "bypass";
# resources = [
# "^/api([/?].*)?$"
# ];
# }
# {
# domain = "git.darksailor.dev";
# policy = "one_factor";
# }
# ];
# };
identity_providers = {
oidc = {
clients = [
{
client_name = "Gitea: Darksailor";
client_id = ''{{ secret "${config.sops.secrets."authelia/oidc/gitea/client_id".path}" }}'';
client_secret = ''{{ secret "${config.sops.secrets."authelia/oidc/gitea/client_secret".path}" }}'';
public = false;
authorization_policy = "one_factor";
require_pkce = false;
# pkce_challenge_method = "S256";
redirect_uris = [
"https://git.darksailor.dev/user/oauth2/authelia/callback"
];
scopes = [
"openid"
"email"
"profile"
];
response_types = ["code"];
grant_types = ["authorization_code"];
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_post";
}
];
};
};
};
};
};
};
systemd.services.gitea = {
after = ["sops-install-secrets.service"];
};
# systemd.services."gitea-actions-tako" = {
# after = ["gitea.service"];
# };
# systemd.services.gitea-oauth-setup = let
# name = "authelia";
# gitea_oauth_script = pkgs.writeShellApplication {
# name = "gitea_oauth2_script";
# runtimeInputs = [config.services.gitea.package];
# text = ''
# gitea admin auth delete --id "$(gitea admin auth list | grep "${name}" | cut -d "$(printf '\t')" -f1)"
# gitea admin auth add-oauth --provider=openidConnect --name=${name} --key="$CLIENT_ID" --secret="$CLIENT_SECRET" --auto-discover-url=https://auth.darksailor.dev/.well-known/openid-configuration --scopes='openid email profile'
# '';
# };
# in {
# description = "Configure Gitea OAuth with Authelia";
# after = ["gitea.service"];
# wants = ["gitea.service"];
# wantedBy = ["multi-user.target"];
# serviceConfig = {
# Type = "oneshot";
# User = config.services.gitea.user;
# Group = config.services.gitea.group;
# RemainAfterExit = true;
# ExecStart = "${lib.getExe gitea_oauth_script}";
# WorkingDirectory = config.services.gitea.stateDir;
# EnvironmentFile = config.sops.templates."GITEA_OAUTH_SETUP.env".path;
# };
# environment = {
# GITEA_WORK_DIR = config.services.gitea.stateDir;
# GITEA_CUSTOM = config.services.gitea.customDir;
# };
# };
}

79
nixos/tako/services/headscale.nix
View File

@@ -1,79 +0,0 @@
{config, ...}: {
sops = {
secrets.headscale-secret = {
owner = config.systemd.services.headscale.serviceConfig.User;
mode = "0440";
restartUnits = ["headscale.service" "authelia-darksailor.service"];
key = "authelia/oidc/headscale/client_secret";
};
secrets.headscale-authelia = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = ["headscale.service" "authelia-darksailor.service"];
key = "authelia/oidc/headscale/client_secret";
};
};
services = {
headscale = {
enable = true;
port = 8095;
settings = {
dns = {
magic_dns = true;
base_domain = "headscale.darksailor.dev";
nameservers.global = ["1.1.1.1"];
};
oidc = {
issuer = "https://auth.darksailor.dev";
client_id = "headscale";
client_secret_path = "${config.sops.secrets.headscale-secret.path}";
pkce = {
enabled = true;
method = "S256";
};
};
};
};
# headplane = {
# enable = true;
# settings = {
# server.port = 42562;
# };
# };
caddy = {
virtualHosts."headscale.darksailor.dev".extraConfig = ''
reverse_proxy localhost:${toString config.services.headplane.settings.server.port}
'';
};
authelia = {
instances.darksailor = {
settings = {
identity_providers = {
oidc = {
clients = [
{
client_name = "HeadScale";
client_id = "headscale";
client_secret = ''{{ secret "${config.sops.secrets.headscale-authelia.path}" }}'';
public = false;
authorization_policy = "one_factor";
require_pkce = true;
pkce_challenge_method = "S256";
redirect_uris = [
"https://headscale.darksailor.dev/oidc/callback"
];
scopes = ["openid" "email" "profile" "groups"];
response_types = ["code"];
grant_types = ["authorization_code"];
access_token_signed_response_alg = "none";
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_basic";
}
];
};
};
};
};
};
};
}

181
nixos/tako/services/homepage.nix
View File

@@ -1,181 +0,0 @@
{config, ...}: {
services = {
homepage-dashboard = {
enable = true;
allowedHosts = "dashboard.darksailor.dev";
settings = {
title = "Servius' Dashboard";
description = "A collection of services and links for quick access.";
};
widgets = [
{
resources = {
cpu = true;
disk = "/";
memory = true;
};
}
];
services = [
{
"Tsuba" = [
{
"Jellyfin" = {
icon = "jellyfin.png";
description = "Jellyfin Media Server";
href = "https://jellyfin.tsuba.darksailor.dev";
};
}
{
"Sonarr" = {
icon = "sonarr.png";
description = "Sonarr: TV Series Management";
href = "https://sonarr.tsuba.darksailor.dev";
};
}
{
"Bazarr" = {
icon = "bazarr.png";
description = "Bazarr: Subtitles and Metadata";
href = "https://bazarr.tsuba.darksailor.dev";
};
}
{
"Radarr" = {
icon = "radarr.png";
description = "Radarr: Movie Management";
href = "https://radarr.tsuba.darksailor.dev";
};
}
{
"Deluge" = {
icon = "deluge.png";
description = "Deluge: Torrent Client";
href = "https://deluge.tsuba.darksailor.dev";
};
}
{
"Prowlarr" = {
icon = "prowlarr.png";
description = "Prowlarr: Indexer Manager";
href = "https://prowlarr.tsuba.darksailor.dev";
};
}
{
"Home Assistant" = {
icon = "home-assistant.png";
description = "Home Automation";
href = "https://home.darksailor.dev";
};
}
];
}
{
"Tako" = [
{
"Gitea" = {
icon = "gitea.png";
description = "Gitea Code Hosting";
href = "https://git.darksailor.dev";
};
}
{
"Nextcloud" = {
icon = "nextcloud.png";
description = "Nextcloud Suite";
href = "https://cloud.darksailor.dev";
};
}
# {
# "Open WebUI" = {
# icon = "open-webui.png";
# description = "Open WebUI for self hosted llms";
# href = "https://llama.darksailor.dev";
# };
# }
{
"Immich" = {
icon = "immich.png";
description = "Immich: Self-hosted Photo and Video Backup";
href = "https://photos.darksailor.dev";
};
}
{
"Excalidraw" = {
icon = "excalidraw.png";
description = "Excalidraw: Self-hosted Collaborative Whiteboard";
href = "https://draw.darksailor.dev";
};
}
];
}
];
bookmarks = [
{
"Nix" = [
{
"Nixpkgs" = [
{
abbr = "pkgs";
href = "https://search.nixos.org/packages?channel=unstable";
}
];
}
{
"NixOS" = [
{
abbr = "nixos";
href = "https://search.nixos.org/options?channel=unstable";
}
];
}
{
"Home Manager" = [
{
abbr = "hm";
href = "https://home-manager-options.extranix.com";
}
];
}
{
"NixVim" = [
{
abbr = "nixvim";
href = "https://nix-community.github.io/nixvim/search";
}
];
}
{
"Tailscale" = [
{
abbr = "ts";
href = "https://login.tailscale.com";
}
];
}
];
}
];
};
caddy = {
virtualHosts."dashboard.darksailor.dev".extraConfig = ''
# import auth
reverse_proxy localhost:${builtins.toString config.services.homepage-dashboard.listenPort}
'';
};
authelia = {
instances.darksailor = {
settings = {
access_control = {
rules = [
{
domain = "dashboard.darksailor.dev";
policy = "one_factor";
}
];
};
};
};
};
};
}

118
nixos/tako/services/immich.nix
View File

@@ -1,118 +0,0 @@
{
pkgs,
config,
...
}: {
sops = {
secrets."authelia/oidc/immich/client_id" = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = ["immich-server.service" "authelia-darksailor.service"];
};
secrets."authelia/oidc/immich/client_secret" = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = ["immich-server.service" "authelia-darksailor.service"];
};
templates = {
"immich-config.json" = {
content =
/*
json
*/
''
{
"oauth": {
"clientId": "${config.sops.placeholder."authelia/oidc/immich/client_id"}",
"clientSecret": "${config.sops.placeholder."authelia/oidc/immich/client_secret"}",
"enabled": true,
"autoLaunch": true,
"autoRegister": true,
"buttonText": "Login with Authelia",
"scope": "openid email profile",
"issuerUrl": "https://auth.darksailor.dev"
},
"passwordLogin" : {
"enabled": false
},
"server": {
"externalDomain": "https://photos.darksailor.dev"
},
{
"machineLearning": {
"enabled": true,
"urls": [
"http://ryu.darksailor.dev:3003",
"http://localhost:3003"
],
}
}
}
'';
mode = "0400";
owner = "immich";
restartUnits = ["immich-server.service"];
};
};
};
virtualisation.oci-containers = {
backend = "docker";
containers = {
immich-machine-learning = {
image = "ghcr.io/immich-app/immich-machine-learning:v${pkgs.immich.version}";
ports = [
"127.0.0.1:3003:3003"
];
volumes = [
"model-cache:/cache"
];
};
};
};
services.immich = {
enable = true;
mediaLocation = "/media/photos/immich";
accelerationDevices = null;
machine-learning.enable = false;
environment = {
IMMICH_CONFIG_FILE = config.sops.templates."immich-config.json".path;
};
package = pkgs.immich;
};
services.caddy = {
virtualHosts."photos.darksailor.dev".extraConfig = ''
reverse_proxy localhost:${builtins.toString config.services.immich.port}
'';
};
services.authelia = {
instances.darksailor = {
settings = {
identity_providers = {
oidc = {
clients = [
{
client_name = "immich";
client_id = ''{{ secret "${config.sops.secrets."authelia/oidc/immich/client_id".path}" }}'';
client_secret = ''{{ secret "${config.sops.secrets."authelia/oidc/immich/client_secret".path}" }}'';
public = false;
authorization_policy = "one_factor";
require_pkce = false;
redirect_uris = [
"https://photos.darksailor.dev/auth/login"
"https://photos.darksailor.dev/user-settings"
"app.immich:///oauth-callback"
];
scopes = ["openid" "profile" "email"];
response_types = ["code"];
grant_types = ["authorization_code"];
# access_token_signed_response_alg = "none";
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_post";
}
];
};
};
};
};
};
}

103
nixos/tako/services/llama.nix
View File

@@ -1,103 +0,0 @@
{
config,
pkgs,
inputs,
...
}: {
sops = {
secrets."llama/api_key".owner = config.services.caddy.user;
secrets."llama/user".owner = config.services.caddy.user;
secrets."openai/api_key" = {};
templates = {
"LLAMA_API_KEY.env".content = ''
LLAMA_API_KEY=${config.sops.placeholder."llama/api_key"}
'';
api_key_env.owner = config.services.caddy.user;
"OPENAI_API_KEY.env".content = ''
OPENAI_API_KEY="${config.sops.placeholder."openai/api_key"}"
'';
};
};
services = {
llama-cpp = {
enable = false;
port = 11435;
model = pkgs.fetchurl {
url = "https://huggingface.co/lmstudio-community/gpt-oss-20b-GGUF/resolve/main/gpt-oss-20b-MXFP4.gguf";
sha256 = "65d06d31a3977d553cb3af137b5c26b5f1e9297a6aaa29ae7caa98788cde53ab";
};
# package = pkgs.ik_llama;
};
ollama = {
enable = false;
loadModels = [
"deepseek-r1:7b"
"deepseek-r1:14b"
"RobinBially/nomic-embed-text-8k"
"qwen3:8b"
];
port = 11434;
host = "0.0.0.0";
environmentVariables = {
OLLAMA_ORIGINS = "*";
};
};
open-webui = {
enable = false;
port = 7070;
environment = {
SCARF_NO_ANALYTICS = "True";
DO_NOT_TRACK = "True";
ANONYMIZED_TELEMETRY = "False";
WEBUI_AUTH = "False";
ENABLE_LOGIN_FORM = "False";
WEBUI_URL = "https://llama.darksailor.dev";
OPENAI_BASE_URL = "https://ollama.darksailor.dev/v1";
OLLAMA_API_BASE_URL = "https://ollama.ryu.darksailor.dev";
};
environmentFile = "${config.sops.templates."LLAMA_API_KEY.env".path}";
};
caddy = {
virtualHosts."llama.darksailor.dev".extraConfig = ''
import auth
reverse_proxy localhost:${builtins.toString config.services.open-webui.port}
'';
virtualHosts."ollama.darksailor.dev".extraConfig = ''
@apikey {
header Authorization "Bearer {env.LLAMA_API_KEY}"
}
handle @apikey {
header {
# Set response headers or proxy to a different service if API key is valid
Access-Control-Allow-Origin *
-Authorization "Bearer {env.LLAMA_API_KEY}" # Remove the header after validation
}
reverse_proxy localhost:${builtins.toString config.services.llama-cpp.port}
}
respond "Unauthorized" 403
'';
};
authelia = {
instances.darksailor = {
settings = {
access_control = {
rules = [
{
domain = "llama.darksailor.dev";
policy = "one_factor";
}
];
};
};
};
};
};
systemd.services.caddy = {
serviceConfig = {
EnvironmentFile = config.sops.templates."LLAMA_API_KEY.env".path;
};
};
}

56
nixos/tako/services/lldap.nix
View File

@@ -1,56 +0,0 @@
{
config,
lib,
...
}: {
services.lldap = {
enable = true;
settings = {
force_ldap_user_pass_reset = "always";
ldap_user_dn = "admin";
ldap_base_dn = "dc=darksailor,dc=dev";
ldap_user_email = "admin@darksailor.dev";
http_host = "127.0.0.1";
http_port = 5090;
ldap_port = 389;
ldap_host = "::";
ldap_user_pass_file = config.sops.secrets."lldap/admin".path;
jwt_secret_file = "${config.sops.secrets."lldap/jwt".path}";
};
environment = {
LLDAP_JWT_SECRET_FILE = "${config.sops.secrets."lldap/jwt".path}";
# LLDAP_FORCE_UPDATE_PRIVATE_KEY = "true";
# LLDAP_KEY_SEED_FILE = "${config.sops.secrets."lldap/seed".path}";
};
};
users.users.lldap = {
name = "lldap";
group = "lldap";
description = "LDAP Server User";
isSystemUser = true;
};
users.groups.lldap = {};
systemd.services.lldap = {
serviceConfig = {
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
DynamicUser = lib.mkForce false;
User = "lldap";
Group = "lldap";
};
};
sops = {
secrets = let
owner = config.systemd.services.lldap.serviceConfig.User;
group = config.systemd.services.lldap.serviceConfig.Group;
restartUnits = ["lldap.service"];
cfg = {
inherit owner group restartUnits;
};
in {
"lldap/jwt" = cfg;
"lldap/seed" = cfg;
"lldap/admin" = cfg;
};
};
}

18
nixos/tako/services/navidrome.nix
View File

@@ -1,18 +0,0 @@
{...}: {
services = {
navidrome = {
enable = true;
settings = {
MusicFolder = "/media/music";
ReverseProxyUserHeader = "Remote-User";
ReverseProxyWhitelist = "127.0.0.1/32";
};
};
caddy = {
virtualHosts."music.darksailor.dev".extraConfig = ''
import auth
reverse_proxy localhost:4533
'';
};
};
}

104
nixos/tako/services/nextcloud.nix
View File

@@ -1,104 +0,0 @@
{
config,
pkgs,
...
}: {
sops = {
secrets."nextcloud/adminpass".owner = config.users.users.nextcloud.name;
# secrets."authelia/oidc/nextcloud/client_id".owner = config.users.users.nextcloud.name;
secrets."authelia/oidc/nextcloud/client_secret".owner = config.users.users.nextcloud.name;
};
imports = [
"${fetchTarball {
url = "https://github.com/onny/nixos-nextcloud-testumgebung/archive/fa6f062830b4bc3cedb9694c1dbf01d5fdf775ac.tar.gz";
sha256 = "0gzd0276b8da3ykapgqks2zhsqdv4jjvbv97dsxg0hgrhb74z0fs";
}}/nextcloud-extras.nix"
];
services = {
nextcloud = {
enable = true;
package = pkgs.nextcloud32;
extraApps = {
inherit (config.services.nextcloud.package.packages.apps) contacts calendar bookmarks user_oidc;
};
extraAppsEnable = true;
hostName = "cloud.darksailor.dev";
config.adminuser = "servius";
config.adminpassFile = config.sops.secrets."nextcloud/adminpass".path;
config.dbtype = "sqlite";
configureRedis = true;
https = true;
caching = {
redis = true;
apcu = true;
memcached = true;
};
webserver = "caddy";
settings = {};
};
# caddy = {
# virtualHosts."cloud.darksailor.dev".extraConfig = ''
# reverse_proxy localhost:8080
# '';
# };
# nginx.virtualHosts."${config.services.nextcloud.hostName}".listen = [
# {
# addr = "127.0.0.1";
# port = 8080; # NOT an exposed port
# }
# ];
# authelia.instances.darksailor = {
# settings = {
# definitions = {
# user_attributes = {
# is_nextcloud_admin = {
# expression = ''"nextcloud-admins" in groups"'';
# };
# };
# };
# identity_providers = {
# oidc = {
# claims_policies = {
# custom_claims = {
# is_nextcloud_admin = {};
# };
# };
# scopes = {
# nextcloud_userinfo = {
# claims = ["is_nextcloud_admin"];
# };
# };
# clients = [
# {
# client_name = "Nextcloud";
# client_id = "nextcloud";
# client_secret = ''{{ secret "${config.sops.secrets."authelia/oidc/nextcloud/client_secret".path}" }}'';
# public = false;
# authorization_policy = "one_factor";
# require_pkce = true;
# pkce_challenge_method = "S256";
# claims_policy = "nextcloud_userinfo";
# redirect_uris = [
# "https://cloud.darksailor.dev/apps/oidc_login/oidc"
# ];
# scopes = [
# "openid"
# "profile"
# "email"
# "groups"
# "nextcloud_userinfo"
# ];
# response_types = ["code"];
# grant_types = ["authorization_code"];
# # access_token_signed_response_alg = "none";
# userinfo_signed_response_alg = "none";
# token_endpoint_auth_method = "client_secret_basic";
# }
# ];
# };
# };
# };
# };
};
}

7
nixos/tako/services/openssh.nix
View File

@@ -1,7 +0,0 @@
{...}: {
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.PermitRootLogin = "prohibit-password";
};
}

Some files were not shown because too many files have changed in this diff Show More