diff options
Diffstat (limited to 'krebs/2configs')
-rw-r--r-- | krebs/2configs/container-networking.nix | 7 | ||||
-rw-r--r-- | krebs/2configs/ircd.nix | 1 | ||||
-rw-r--r-- | krebs/2configs/news-host.nix | 1 | ||||
-rw-r--r-- | krebs/2configs/news.nix | 29 | ||||
-rw-r--r-- | krebs/2configs/shack/prometheus/alert-rules.nix | 9 | ||||
-rw-r--r-- | krebs/2configs/syncthing.nix | 4 |
6 files changed, 49 insertions, 2 deletions
diff --git a/krebs/2configs/container-networking.nix b/krebs/2configs/container-networking.nix new file mode 100644 index 000000000..fa4488800 --- /dev/null +++ b/krebs/2configs/container-networking.nix @@ -0,0 +1,7 @@ +{ lib, ... }: +{ + networking.nat.enable = true; + networking.nat.internalInterfaces = ["ve-+"]; + networking.nat.externalInterface = lib.mkDefault "et0"; + networking.networkmanager.unmanaged = [ "interface-name:ve-*" ]; +} diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix index 0de07a027..3ef2e7d2b 100644 --- a/krebs/2configs/ircd.nix +++ b/krebs/2configs/ircd.nix @@ -87,6 +87,7 @@ }; channel { + autochanmodes = "+t"; use_invex = yes; use_except = yes; use_forward = yes; diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix index 82360a670..b7728986f 100644 --- a/krebs/2configs/news-host.nix +++ b/krebs/2configs/news-host.nix @@ -4,6 +4,7 @@ "shodan" "mors" "styx" + "puyak" ]; hostIp = "10.233.2.101"; localIp = "10.233.2.102"; diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix index 410beb041..2da3e6fcc 100644 --- a/krebs/2configs/news.nix +++ b/krebs/2configs/news.nix @@ -15,6 +15,16 @@ serverAliases = [ "news.r" ]; + locations."/api".extraConfig = '' + proxy_pass http://127.0.0.1:7777/; + proxy_pass_header Server; + ''; + locations."= /graph.html".extraConfig = '' + alias ${pkgs.fetchurl { + url = "https://raw.githubusercontent.com/kmein/brockman/05d33c8caaaf6255752f9600981974bb58390851/tools/graph.html"; + sha256 = "0iw2vdzj6kzkix1c447ybmc953lns6z4ap6sr9pcib8bany4g43w"; + }}; + ''; locations."/".extraConfig = '' root /var/lib/brockman; index brockman.json; @@ -27,6 +37,7 @@ }; systemd.tmpfiles.rules = [ "d /var/lib/brockman 1750 brockman nginx -" + "d /run/irc-api 1750 brockman nginx -" ]; systemd.services.brockman-graph = { @@ -67,12 +78,28 @@ shortener = "http://go.r"; controller = { nick = "brockman"; - channels = [ "#all" ]; + extraChannels = [ "#all" ]; }; bots = {}; }; }; + krebs.reaktor2.api = { + hostname = "localhost"; + port = "6667"; + nick = "api"; + API.listen = "inet://127.0.0.1:7777"; + plugins = [ + { + plugin = "register"; + config = { + channels = [ + "#all" + ]; + }; + } + ]; + }; krebs.reaktor2.news = let name = "candyman"; in { diff --git a/krebs/2configs/shack/prometheus/alert-rules.nix b/krebs/2configs/shack/prometheus/alert-rules.nix index 12c691466..65e5d9005 100644 --- a/krebs/2configs/shack/prometheus/alert-rules.nix +++ b/krebs/2configs/shack/prometheus/alert-rules.nix @@ -14,7 +14,14 @@ in { labels.severity = "warning"; annotations.summary = "{{ $labels.alias }} root disk full"; annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=wolf"; - annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%). CI for deploying new configuration will seize working. Log in to the system and run `nix-collect-garbage -d` and clean up the shack share folder in `/home/share` .If this does not help you can check `du -hs /var/ | sort -h`, run `docker system prune` or if you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete''; + annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%). CI for deploying new configuration will seize working. Log in to the system and try to clean up the obsolete files on the machine. There are a couple of things you can do: +1. `nix-collect-garbage -d` +2. clean up the shack share folder in `/home/share` +3. check `du -hs /var/ | sort -h`. +4. run `docker system prune` +5. `find /var/lib/containers/news/var/lib/htgen-go/items -mtime +7 -delete;` to clean up the link shortener data +5. If you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete +6. as a last resort the root disk can be expanded via `lvresize -L +10G /dev/pool/root && btrfs filesystem resize max /` ''; } { alert = "RootPartitionFull"; diff --git a/krebs/2configs/syncthing.nix b/krebs/2configs/syncthing.nix index 31e33ad5e..125e2aea4 100644 --- a/krebs/2configs/syncthing.nix +++ b/krebs/2configs/syncthing.nix @@ -10,6 +10,10 @@ in { configDir = "/var/lib/syncthing"; declarative = { devices = mk_peers used_peers; + key = toString <secrets/syncthing.key>; + cert = toString <secrets/syncthing.cert>; }; }; + + boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288; } |