From bd5f0bad2eaea8f02eef960950fa77e7e2d7ec28 Mon Sep 17 00:00:00 2001 From: Sam Date: Mon, 27 Jan 2025 13:37:52 +0000 Subject: [PATCH 01/13] change jellyfin to oci container --- .../optional/arion-containers/jellyfin.nix | 5 ++++- .../common/optional/nixos-containers/docker.nix | 16 ++++------------ 2 files changed, 8 insertions(+), 13 deletions(-) diff --git a/hosts/common/optional/arion-containers/jellyfin.nix b/hosts/common/optional/arion-containers/jellyfin.nix index 0792ea3..600eefe 100644 --- a/hosts/common/optional/arion-containers/jellyfin.nix +++ b/hosts/common/optional/arion-containers/jellyfin.nix @@ -20,8 +20,11 @@ PUID = "1000"; PGID = "1000"; DOCKER_MODS = "linuxserver/mods:jellyfin-opencl-intel"; + NVIDIA_VISIBLE_DEVICES = "all"; }; - extraOptions = ["--gpus=all"]; + extraOptions = [ + "--device=nvidia.com/gpu=all" + ]; }; }; }; diff --git a/hosts/common/optional/nixos-containers/docker.nix b/hosts/common/optional/nixos-containers/docker.nix index cc74b46..6b1f7b2 100644 --- a/hosts/common/optional/nixos-containers/docker.nix +++ b/hosts/common/optional/nixos-containers/docker.nix @@ -53,6 +53,10 @@ in { node = "/dev/nvidiactl"; modifier = "rwm"; } + { + node = "/dev/nvidia-uvm"; + modifier = "rwm"; + } { node = "/dev/fuse"; modifier = "rwm"; @@ -204,18 +208,6 @@ in { networking.firewall.interfaces."podman+".allowedUDPPorts = [53]; - systemd.services.podman-autostart = { - enable = true; - after = ["podman.service"]; - wantedBy = ["multi-user.target"]; - description = "Automatically start containers with --restart=always tag"; - serviceConfig = { - Type = "idle"; - ExecStartPre = ''${pkgs.coreutils}/bin/sleep 1''; - ExecStart = ''/run/current-system/sw/bin/podman start --all --filter restart-policy=always''; - }; - }; - services.prometheus = { exporters = { node = { From 05deaa9181c1efb2f2868ab5f0e0b0e3ed3c8b33 Mon Sep 17 00:00:00 2001 From: Sam Date: Mon, 27 Jan 2025 20:09:34 +0000 Subject: [PATCH 02/13] add vlc --- home/common/optional/desktop/common/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/home/common/optional/desktop/common/default.nix b/home/common/optional/desktop/common/default.nix index 1c0bbad..79ccb19 100644 --- a/home/common/optional/desktop/common/default.nix +++ b/home/common/optional/desktop/common/default.nix @@ -29,5 +29,6 @@ pkgs.R pkgs.gimp pkgs.gajim + pkgs.vlc ]; } From 14d24641c36d1d5ead56b7183a813d3022d10986 Mon Sep 17 00:00:00 2001 From: Sam Date: Mon, 27 Jan 2025 20:25:51 +0000 Subject: [PATCH 03/13] change semita worker to use oci containers --- .../semitamaps-tileserver.nix | 46 ++++++++----------- 1 file changed, 20 insertions(+), 26 deletions(-) diff --git a/hosts/common/optional/arion-containers/semitamaps-tileserver.nix b/hosts/common/optional/arion-containers/semitamaps-tileserver.nix index c8c1d8f..5cd6e50 100644 --- a/hosts/common/optional/arion-containers/semitamaps-tileserver.nix +++ b/hosts/common/optional/arion-containers/semitamaps-tileserver.nix @@ -1,31 +1,25 @@ { - virtualisation.arion = { - backend = "podman-socket"; - projects.semitamaps-tileserver = { - settings = { - services.tileserver-gl.service = { - ports = [ - "8080:8080" - ]; - container_name = "tileserver-gl"; - image = "maptiler/tileserver-gl"; - restart = "always"; - volumes = [ - "/data/semitamaps-data/tileserver-gl/data:/data" - ]; - command = "-c /data/config.json --public_url https://tiles.semitamaps.com/"; - }; - - services.mbgl-renderer.service = { - ports = [ - "8081:80" - ]; - container_name = "mbgl-renderer"; - image = "mbgl-renderer"; - restart = "always"; - }; + config.virtualisation.oci-containers = { + backend = "podman"; + containers = { + tileserver-gl = { + image = "maptiler/tileserver-gl"; + ports = [ + "8080:8080" + ]; + volumes = [ + "/data/semitamaps-data/tileserver-gl/data:/data" + ]; + }; + mbgl-renderer = { + image = "mbgl-renderer"; + ports = [ + "8081:80" + ]; + volumes = [ + "/data/semitamaps-data/tileserver-gl/data:/data" + ]; }; }; }; } - From 5d8cb735302ace4e3249a2e4574dbb9aca4a5e9c Mon Sep 17 00:00:00 2001 From: Sam Date: Thu, 30 Jan 2025 15:06:26 +0000 Subject: [PATCH 04/13] remove lnd and rtl from nix-bitcoin --- .../optional/nixos-containers/nix-bitcoin.nix | 47 +++++++++---------- 1 file changed, 23 insertions(+), 24 deletions(-) diff --git a/hosts/common/optional/nixos-containers/nix-bitcoin.nix b/hosts/common/optional/nixos-containers/nix-bitcoin.nix index 0bfd532..2788a60 100644 --- a/hosts/common/optional/nixos-containers/nix-bitcoin.nix +++ b/hosts/common/optional/nixos-containers/nix-bitcoin.nix @@ -62,7 +62,7 @@ in { }: { imports = [ inputs.nix-bitcoin.nixosModules.default - inputs.lnbits.nixosModules.default + # inputs.lnbits.nixosModules.default ]; environment.systemPackages = with pkgs; [ vim @@ -80,14 +80,13 @@ in { firewall = { enable = true; allowedTCPPorts = [ - 80 - 443 - 22 + # 80 + # 443 config.containers.bitcoin-node.config.services.bitcoind.rpc.port config.containers.bitcoin-node.config.services.mempool.frontend.port config.containers.bitcoin-node.config.services.electrs.port - config.containers.bitcoin-node.config.services.rtl.port - config.containers.bitcoin-node.config.services.lnd.port + # config.containers.bitcoin-node.config.services.rtl.port + # config.containers.bitcoin-node.config.services.lnd.port ]; }; useHostResolvConf = lib.mkForce false; @@ -144,7 +143,7 @@ in { }; }; lnd = { - enable = true; + enable = false; lndconnect = { enable = true; onion = true; @@ -156,34 +155,34 @@ in { ''; }; rtl = { - enable = true; + enable = false; nodes.lnd.enable = true; address = "0.0.0.0"; }; - lnbits = { - enable = true; - openFirewall = true; - host = "0.0.0.0"; - port = 8231; - env = { - LNBITS_ADMIN_UI = "true"; - LNBITS_BACKEND_WALLET_CLASS = "LndRestWallet"; - LND_REST_ENDPOINT = "https://127.0.0.1:8080"; - LND_REST_CERT = "/etc/nix-bitcoin-secrets/lnd-cert"; - LND_REST_MACAROON = "/var/lib/lnbits/admin.macaroon"; - AUTH_ALLOWED_METHODS = "user-id-only, username-password"; - }; - }; + # lnbits = { + # enable = false; + # openFirewall = true; + # host = "0.0.0.0"; + # port = 8231; + # env = { + # LNBITS_ADMIN_UI = "true"; + # LNBITS_BACKEND_WALLET_CLASS = "LndRestWallet"; + # LND_REST_ENDPOINT = "https://127.0.0.1:8080"; + # LND_REST_CERT = "/etc/nix-bitcoin-secrets/lnd-cert"; + # LND_REST_MACAROON = "/var/lib/lnbits/admin.macaroon"; + # AUTH_ALLOWED_METHODS = "user-id-only, username-password"; + # }; + # }; }; # Add custom systemd overrides for above services - systemd.services.lnbits.after = ["lnd.service"]; + # systemd.services.lnbits.after = ["lnd.service"]; nix-bitcoin.onionServices = { bitcoind.enable = true; electrs.enable = true; mempool-frontend.enable = true; - lnd.public = true; + # lnd.public = true; }; services.prometheus = { From 822b85695712262884d6213006c1f3dadc4ac567 Mon Sep 17 00:00:00 2001 From: Sam Date: Fri, 31 Jan 2025 21:17:49 +0000 Subject: [PATCH 05/13] add restic-exporter to prometheus metrics --- flake.lock | 8 ++-- .../nixos-containers/metrics-server.nix | 43 ++++++++++++++++++- 2 files changed, 46 insertions(+), 5 deletions(-) diff --git a/flake.lock b/flake.lock index 550380e..0b5877e 100644 --- a/flake.lock +++ b/flake.lock @@ -539,11 +539,11 @@ }, "nix-secrets": { "locked": { - "lastModified": 1737899664, - "narHash": "sha256-iZpzTSERNQ5UvFfEzrBLuEmcRUGjBSal7ShtXurYq8Q=", + "lastModified": 1738356588, + "narHash": "sha256-mb3P2bNaZuCz1is4NR05r2xm66n6ABQAkYLP5U5/eCY=", "ref": "refs/heads/master", - "rev": "a9844a78dcbdc8a84679835112970d80822b113c", - "revCount": 257, + "rev": "3ae59d3cfe419e10087da719129cca5c01b8cbcd", + "revCount": 267, "type": "git", "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" }, diff --git a/hosts/common/optional/nixos-containers/metrics-server.nix b/hosts/common/optional/nixos-containers/metrics-server.nix index 50417f4..148fbac 100644 --- a/hosts/common/optional/nixos-containers/metrics-server.nix +++ b/hosts/common/optional/nixos-containers/metrics-server.nix @@ -2,6 +2,7 @@ pkgs, lib, configVars, + inputs, ... }: let containerName = "metrics-server"; @@ -15,6 +16,7 @@ bitcoinNode = configVars.networking.addresses.bitcoin-node.ip; postres = configVars.networking.addresses.postgres.ip; backupServer = configVars.networking.addresses.backup-server.ip; + sops-nix = inputs.sops-nix; http_endpoints = configVars.metrics-server.blackbox.http_endpoints; @@ -52,6 +54,10 @@ in { hostPath = metricsServerContainerData; isReadOnly = false; }; + "/etc/ssh/ssh_host_ed25519_key" = { + hostPath = "/etc/ssh/ssh_host_ed25519_key"; + isReadOnly = true; + }; }; config = { @@ -59,7 +65,10 @@ in { lib, config, ... - }: { + }: let + secretsDirectory = builtins.toString inputs.nix-secrets; + secretsFile = "${secretsDirectory}/secrets.yaml"; + in { networking = { defaultGateway = "${gatewayIp}"; interfaces.eth0.ipv4.addresses = [ @@ -79,9 +88,23 @@ in { useHostResolvConf = lib.mkForce false; }; + sops = { + defaultSopsFile = "${secretsFile}"; + validateSopsFiles = false; + + age = { + sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; + }; + secrets = { + "software/restic-passphrase" = {}; + "software/restic-exporter-credentials" = {}; + }; + }; + services.resolved.enable = true; imports = [ + sops-nix.nixosModules.sops ]; environment.systemPackages = [ @@ -110,6 +133,16 @@ in { } ]; } + { + job_name = "restic-exporter"; + static_configs = [ + { + targets = [ + "0.0.0.0:8001" + ]; + } + ]; + } { job_name = "blackbox"; @@ -175,6 +208,14 @@ in { enabledCollectors = ["systemd"]; port = 9002; }; + restic = { + enable = true; + repository = ""; + environmentFile = config.sops.secrets."software/restic-exporter-credentials".path; + passwordFile = config.sops.secrets."software/restic-passphrase".path; + refreshInterval = 10800; # refresh every 3 hours + port = 8001; + }; }; }; From 022fc3813ddd2cfa9d296c7b19ac3150588153a6 Mon Sep 17 00:00:00 2001 From: Sam Date: Tue, 4 Feb 2025 13:15:18 +0000 Subject: [PATCH 06/13] add baikal oci container to docker --- flake.lock | 8 ++++---- .../common/optional/arion-containers/baikal.nix | 17 +++++++++++++++++ .../common/optional/nixos-containers/docker.nix | 1 + 3 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 hosts/common/optional/arion-containers/baikal.nix diff --git a/flake.lock b/flake.lock index 0b5877e..9d5a28c 100644 --- a/flake.lock +++ b/flake.lock @@ -539,11 +539,11 @@ }, "nix-secrets": { "locked": { - "lastModified": 1738356588, - "narHash": "sha256-mb3P2bNaZuCz1is4NR05r2xm66n6ABQAkYLP5U5/eCY=", + "lastModified": 1738358831, + "narHash": "sha256-BFkqC7xQwGpA7mYYGDBkzw9iehWao+BkR5Bp/dFicWY=", "ref": "refs/heads/master", - "rev": "3ae59d3cfe419e10087da719129cca5c01b8cbcd", - "revCount": 267, + "rev": "e7311c8f523ad3ffe187efe63f6438140fa0cf45", + "revCount": 268, "type": "git", "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" }, diff --git a/hosts/common/optional/arion-containers/baikal.nix b/hosts/common/optional/arion-containers/baikal.nix new file mode 100644 index 0000000..5e41de5 --- /dev/null +++ b/hosts/common/optional/arion-containers/baikal.nix @@ -0,0 +1,17 @@ +{ + config.virtualisation.oci-containers = { + backend = "podman"; + containers = { + baikal = { + image = "ckulka/baikal:nginx"; + ports = [ + "6734:80" + ]; + volumes = [ + "/srv/docker/baikal/config:/var/www/baikal/config" + "/srv/docker/baikal/data:/var/www/baikal/Specific" + ]; + }; + }; + }; +} diff --git a/hosts/common/optional/nixos-containers/docker.nix b/hosts/common/optional/nixos-containers/docker.nix index 6b1f7b2..12659aa 100644 --- a/hosts/common/optional/nixos-containers/docker.nix +++ b/hosts/common/optional/nixos-containers/docker.nix @@ -182,6 +182,7 @@ in { ../arion-containers/jellyfin.nix ../arion-containers/photoprism.nix ../arion-containers/syncthing.nix + ../arion-containers/baikal.nix (import ../arion-containers/searxng.nix {configVars = configVars;}) ]; From 1b9547d1206de55cd42e553245bc22c914fd3fe2 Mon Sep 17 00:00:00 2001 From: Sam Date: Tue, 4 Feb 2025 16:28:59 +0000 Subject: [PATCH 07/13] setup prometheus alertmanager --- flake.lock | 8 +- .../nixos-containers/metrics-server.nix | 149 +++++++++++++----- vars/default.nix | 1 + 3 files changed, 114 insertions(+), 44 deletions(-) diff --git a/flake.lock b/flake.lock index 9d5a28c..70e52a9 100644 --- a/flake.lock +++ b/flake.lock @@ -539,11 +539,11 @@ }, "nix-secrets": { "locked": { - "lastModified": 1738358831, - "narHash": "sha256-BFkqC7xQwGpA7mYYGDBkzw9iehWao+BkR5Bp/dFicWY=", + "lastModified": 1738685297, + "narHash": "sha256-JOv3+toYlftzBm47QF5tzaBhTbQIm1IBq1tKeQrQLyM=", "ref": "refs/heads/master", - "rev": "e7311c8f523ad3ffe187efe63f6438140fa0cf45", - "revCount": 268, + "rev": "3be1d509f9823292dd9ca6b396743fbf722bd8b9", + "revCount": 269, "type": "git", "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" }, diff --git a/hosts/common/optional/nixos-containers/metrics-server.nix b/hosts/common/optional/nixos-containers/metrics-server.nix index 148fbac..dd7c746 100644 --- a/hosts/common/optional/nixos-containers/metrics-server.nix +++ b/hosts/common/optional/nixos-containers/metrics-server.nix @@ -8,6 +8,9 @@ containerName = "metrics-server"; containerIp = configVars.networking.addresses.metrics-server.ip; + notifybotJid = configVars.xmpp.notifybotJid; + receiverJid = configVars.xmpp.personalAccount; + dockerContainerIp = configVars.networking.addresses.docker.ip; smWorkerIp = configVars.networking.addresses.sm-worker.ip; merlinIp = configVars.networking.addresses.merlin.ip; @@ -83,6 +86,7 @@ in { config.services.prometheus.port config.services.grafana.port config.services.prometheus.exporters.blackbox.port + 9199 #xmpp listen port ]; }; useHostResolvConf = lib.mkForce false; @@ -98,6 +102,9 @@ in { secrets = { "software/restic-passphrase" = {}; "software/restic-exporter-credentials" = {}; + "comms/xmpp/notifybot/password" = { + mode = "0644"; + }; }; }; @@ -112,9 +119,48 @@ in { pkgs.git ]; + services.grafana = { + enable = true; + settings.server = { + http_port = 2342; + http_addr = "0.0.0.0"; + }; + }; + + # main prometheus service services.prometheus = { enable = true; port = 9001; + alertmanagers = [ + { + scheme = "http"; + path_prefix = "/"; + static_configs = [ + { + targets = [ + "0.0.0.0:9093" + ]; + } + ]; + } + ]; + ruleFiles = [ + "${pkgs.writeText + "alert_rule.yml" + '' + groups: + - name: blackbox_alert + rules: + - alert: EndpointDown + expr: probe_success{job="blackbox"} == 0 + for: 1m + labels: + severity: critical + annotations: + summary: "Endpoint {{ $labels.instance }} down" + description: "An endpoint has been down for more than 1 minute." + ''}" + ]; scrapeConfigs = [ { job_name = "node_exporter"; @@ -171,51 +217,74 @@ in { ]; }; - services.grafana = { + # setup alertmanager + services.prometheus.xmpp-alerts = { enable = true; - settings.server = { - http_port = 2342; - http_addr = "0.0.0.0"; + settings = { + jid = notifybotJid; + password_command = "cat ${config.sops.secrets."comms/xmpp/notifybot/password".path}"; + to_jid = receiverJid; + listen_address = "0.0.0.0"; + listen_port = 9199; }; }; + services.prometheus.alertmanager = { + webExternalUrl = containerIp; + enable = true; + openFirewall = true; + port = 9093; + configText = '' + global: + resolve_timeout: 1m - services.prometheus = { - exporters = { - blackbox = { - enable = true; - configFile = pkgs.writeText "blackbox-conf.yaml" '' - modules: - http_basic: - prober: http - timeout: 5s - http: - preferred_ip_protocol: ip4 - valid_http_versions: ["HTTP/1.1", "HTTP/2"] - method: GET - # fail_if_ssl: false - # fail_if_not_ssl: true - # tls_config: - # insecure_skip_verify: true - tcp_connect: - prober: tcp - tcp: - preferred_ip_protocol: ip4 + route: + group_by: ['...'] + repeat_interval: 1h + receiver: 'xmpp-alerts' - ''; - }; - node = { - enable = true; - enabledCollectors = ["systemd"]; - port = 9002; - }; - restic = { - enable = true; - repository = ""; - environmentFile = config.sops.secrets."software/restic-exporter-credentials".path; - passwordFile = config.sops.secrets."software/restic-passphrase".path; - refreshInterval = 10800; # refresh every 3 hours - port = 8001; - }; + receivers: + - name: 'xmpp-alerts' + webhook_configs: + - url: 'http://0.0.0.0:9199/alert' + ''; + }; + + # prometheus exporters + services.prometheus.exporters = { + blackbox = { + enable = true; + configFile = pkgs.writeText "blackbox-conf.yaml" '' + modules: + http_basic: + prober: http + timeout: 5s + http: + preferred_ip_protocol: ip4 + valid_http_versions: ["HTTP/1.1", "HTTP/2"] + method: GET + # fail_if_ssl: false + # fail_if_not_ssl: true + # tls_config: + # insecure_skip_verify: true + tcp_connect: + prober: tcp + tcp: + preferred_ip_protocol: ip4 + + ''; + }; + node = { + enable = true; + enabledCollectors = ["systemd"]; + port = 9002; + }; + restic = { + enable = true; + repository = ""; + environmentFile = config.sops.secrets."software/restic-exporter-credentials".path; + passwordFile = config.sops.secrets."software/restic-passphrase".path; + refreshInterval = 10800; # refresh every 3 hours + port = 8001; }; }; diff --git a/vars/default.nix b/vars/default.nix index f6973cc..82b6969 100644 --- a/vars/default.nix +++ b/vars/default.nix @@ -4,6 +4,7 @@ networking email metrics-server + xmpp ; locations = { mediaDataMountPoint = "/media/media"; From 65ea26f124694399b03acde66ed1d58f15d88e7a Mon Sep 17 00:00:00 2001 From: Sam Date: Tue, 4 Feb 2025 16:47:32 +0000 Subject: [PATCH 08/13] metrics-server add externalURL to prometheus --- hosts/common/optional/nixos-containers/metrics-server.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/common/optional/nixos-containers/metrics-server.nix b/hosts/common/optional/nixos-containers/metrics-server.nix index dd7c746..a880109 100644 --- a/hosts/common/optional/nixos-containers/metrics-server.nix +++ b/hosts/common/optional/nixos-containers/metrics-server.nix @@ -130,6 +130,7 @@ in { # main prometheus service services.prometheus = { enable = true; + webExternalUrl = "http://${containerIp}:9001"; port = 9001; alertmanagers = [ { @@ -229,7 +230,7 @@ in { }; }; services.prometheus.alertmanager = { - webExternalUrl = containerIp; + webExternalUrl = "http://${containerIp}:9093"; enable = true; openFirewall = true; port = 9093; From e0129dee3bcdaa9e43fba8869d3d6c3f96a25a07 Mon Sep 17 00:00:00 2001 From: Sam Date: Fri, 14 Feb 2025 17:43:14 +0000 Subject: [PATCH 09/13] rebase to master --- flake.lock | 8 +++++++ .../nixos-containers/metrics-server.nix | 21 +++++++++++++++++++ 2 files changed, 29 insertions(+) diff --git a/flake.lock b/flake.lock index 70e52a9..d9358fa 100644 --- a/flake.lock +++ b/flake.lock @@ -539,11 +539,19 @@ }, "nix-secrets": { "locked": { +<<<<<<< HEAD "lastModified": 1738685297, "narHash": "sha256-JOv3+toYlftzBm47QF5tzaBhTbQIm1IBq1tKeQrQLyM=", "ref": "refs/heads/master", "rev": "3be1d509f9823292dd9ca6b396743fbf722bd8b9", "revCount": 269, +======= + "lastModified": 1738356588, + "narHash": "sha256-mb3P2bNaZuCz1is4NR05r2xm66n6ABQAkYLP5U5/eCY=", + "ref": "refs/heads/master", + "rev": "3ae59d3cfe419e10087da719129cca5c01b8cbcd", + "revCount": 267, +>>>>>>> 24e1bc1 (add restic-exporter to prometheus metrics) "type": "git", "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" }, diff --git a/hosts/common/optional/nixos-containers/metrics-server.nix b/hosts/common/optional/nixos-containers/metrics-server.nix index a880109..0865aa2 100644 --- a/hosts/common/optional/nixos-containers/metrics-server.nix +++ b/hosts/common/optional/nixos-containers/metrics-server.nix @@ -102,9 +102,12 @@ in { secrets = { "software/restic-passphrase" = {}; "software/restic-exporter-credentials" = {}; +<<<<<<< HEAD "comms/xmpp/notifybot/password" = { mode = "0644"; }; +======= +>>>>>>> 24e1bc1 (add restic-exporter to prometheus metrics) }; }; @@ -243,6 +246,7 @@ in { repeat_interval: 1h receiver: 'xmpp-alerts' +<<<<<<< HEAD receivers: - name: 'xmpp-alerts' webhook_configs: @@ -286,6 +290,23 @@ in { passwordFile = config.sops.secrets."software/restic-passphrase".path; refreshInterval = 10800; # refresh every 3 hours port = 8001; +======= + ''; + }; + node = { + enable = true; + enabledCollectors = ["systemd"]; + port = 9002; + }; + restic = { + enable = true; + repository = ""; + environmentFile = config.sops.secrets."software/restic-exporter-credentials".path; + passwordFile = config.sops.secrets."software/restic-passphrase".path; + refreshInterval = 10800; # refresh every 3 hours + port = 8001; + }; +>>>>>>> 24e1bc1 (add restic-exporter to prometheus metrics) }; }; From a563b419530b063fb8a5ecc76d425f87d4c5b5cc Mon Sep 17 00:00:00 2001 From: Sam Date: Tue, 4 Feb 2025 16:28:59 +0000 Subject: [PATCH 10/13] setup prometheus alertmanager --- flake.lock | 16 +- .../nixos-containers/metrics-server.nix | 184 +++--------------- 2 files changed, 30 insertions(+), 170 deletions(-) diff --git a/flake.lock b/flake.lock index d9358fa..550380e 100644 --- a/flake.lock +++ b/flake.lock @@ -539,19 +539,11 @@ }, "nix-secrets": { "locked": { -<<<<<<< HEAD - "lastModified": 1738685297, - "narHash": "sha256-JOv3+toYlftzBm47QF5tzaBhTbQIm1IBq1tKeQrQLyM=", + "lastModified": 1737899664, + "narHash": "sha256-iZpzTSERNQ5UvFfEzrBLuEmcRUGjBSal7ShtXurYq8Q=", "ref": "refs/heads/master", - "rev": "3be1d509f9823292dd9ca6b396743fbf722bd8b9", - "revCount": 269, -======= - "lastModified": 1738356588, - "narHash": "sha256-mb3P2bNaZuCz1is4NR05r2xm66n6ABQAkYLP5U5/eCY=", - "ref": "refs/heads/master", - "rev": "3ae59d3cfe419e10087da719129cca5c01b8cbcd", - "revCount": 267, ->>>>>>> 24e1bc1 (add restic-exporter to prometheus metrics) + "rev": "a9844a78dcbdc8a84679835112970d80822b113c", + "revCount": 257, "type": "git", "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" }, diff --git a/hosts/common/optional/nixos-containers/metrics-server.nix b/hosts/common/optional/nixos-containers/metrics-server.nix index 0865aa2..50417f4 100644 --- a/hosts/common/optional/nixos-containers/metrics-server.nix +++ b/hosts/common/optional/nixos-containers/metrics-server.nix @@ -2,15 +2,11 @@ pkgs, lib, configVars, - inputs, ... }: let containerName = "metrics-server"; containerIp = configVars.networking.addresses.metrics-server.ip; - notifybotJid = configVars.xmpp.notifybotJid; - receiverJid = configVars.xmpp.personalAccount; - dockerContainerIp = configVars.networking.addresses.docker.ip; smWorkerIp = configVars.networking.addresses.sm-worker.ip; merlinIp = configVars.networking.addresses.merlin.ip; @@ -19,7 +15,6 @@ bitcoinNode = configVars.networking.addresses.bitcoin-node.ip; postres = configVars.networking.addresses.postgres.ip; backupServer = configVars.networking.addresses.backup-server.ip; - sops-nix = inputs.sops-nix; http_endpoints = configVars.metrics-server.blackbox.http_endpoints; @@ -57,10 +52,6 @@ in { hostPath = metricsServerContainerData; isReadOnly = false; }; - "/etc/ssh/ssh_host_ed25519_key" = { - hostPath = "/etc/ssh/ssh_host_ed25519_key"; - isReadOnly = true; - }; }; config = { @@ -68,10 +59,7 @@ in { lib, config, ... - }: let - secretsDirectory = builtins.toString inputs.nix-secrets; - secretsFile = "${secretsDirectory}/secrets.yaml"; - in { + }: { networking = { defaultGateway = "${gatewayIp}"; interfaces.eth0.ipv4.addresses = [ @@ -86,35 +74,14 @@ in { config.services.prometheus.port config.services.grafana.port config.services.prometheus.exporters.blackbox.port - 9199 #xmpp listen port ]; }; useHostResolvConf = lib.mkForce false; }; - sops = { - defaultSopsFile = "${secretsFile}"; - validateSopsFiles = false; - - age = { - sshKeyPaths = ["/etc/ssh/ssh_host_ed25519_key"]; - }; - secrets = { - "software/restic-passphrase" = {}; - "software/restic-exporter-credentials" = {}; -<<<<<<< HEAD - "comms/xmpp/notifybot/password" = { - mode = "0644"; - }; -======= ->>>>>>> 24e1bc1 (add restic-exporter to prometheus metrics) - }; - }; - services.resolved.enable = true; imports = [ - sops-nix.nixosModules.sops ]; environment.systemPackages = [ @@ -122,49 +89,9 @@ in { pkgs.git ]; - services.grafana = { - enable = true; - settings.server = { - http_port = 2342; - http_addr = "0.0.0.0"; - }; - }; - - # main prometheus service services.prometheus = { enable = true; - webExternalUrl = "http://${containerIp}:9001"; port = 9001; - alertmanagers = [ - { - scheme = "http"; - path_prefix = "/"; - static_configs = [ - { - targets = [ - "0.0.0.0:9093" - ]; - } - ]; - } - ]; - ruleFiles = [ - "${pkgs.writeText - "alert_rule.yml" - '' - groups: - - name: blackbox_alert - rules: - - alert: EndpointDown - expr: probe_success{job="blackbox"} == 0 - for: 1m - labels: - severity: critical - annotations: - summary: "Endpoint {{ $labels.instance }} down" - description: "An endpoint has been down for more than 1 minute." - ''}" - ]; scrapeConfigs = [ { job_name = "node_exporter"; @@ -183,16 +110,6 @@ in { } ]; } - { - job_name = "restic-exporter"; - static_configs = [ - { - targets = [ - "0.0.0.0:8001" - ]; - } - ]; - } { job_name = "blackbox"; @@ -221,76 +138,36 @@ in { ]; }; - # setup alertmanager - services.prometheus.xmpp-alerts = { + services.grafana = { enable = true; - settings = { - jid = notifybotJid; - password_command = "cat ${config.sops.secrets."comms/xmpp/notifybot/password".path}"; - to_jid = receiverJid; - listen_address = "0.0.0.0"; - listen_port = 9199; + settings.server = { + http_port = 2342; + http_addr = "0.0.0.0"; }; }; - services.prometheus.alertmanager = { - webExternalUrl = "http://${containerIp}:9093"; - enable = true; - openFirewall = true; - port = 9093; - configText = '' - global: - resolve_timeout: 1m - route: - group_by: ['...'] - repeat_interval: 1h - receiver: 'xmpp-alerts' + services.prometheus = { + exporters = { + blackbox = { + enable = true; + configFile = pkgs.writeText "blackbox-conf.yaml" '' + modules: + http_basic: + prober: http + timeout: 5s + http: + preferred_ip_protocol: ip4 + valid_http_versions: ["HTTP/1.1", "HTTP/2"] + method: GET + # fail_if_ssl: false + # fail_if_not_ssl: true + # tls_config: + # insecure_skip_verify: true + tcp_connect: + prober: tcp + tcp: + preferred_ip_protocol: ip4 -<<<<<<< HEAD - receivers: - - name: 'xmpp-alerts' - webhook_configs: - - url: 'http://0.0.0.0:9199/alert' - ''; - }; - - # prometheus exporters - services.prometheus.exporters = { - blackbox = { - enable = true; - configFile = pkgs.writeText "blackbox-conf.yaml" '' - modules: - http_basic: - prober: http - timeout: 5s - http: - preferred_ip_protocol: ip4 - valid_http_versions: ["HTTP/1.1", "HTTP/2"] - method: GET - # fail_if_ssl: false - # fail_if_not_ssl: true - # tls_config: - # insecure_skip_verify: true - tcp_connect: - prober: tcp - tcp: - preferred_ip_protocol: ip4 - - ''; - }; - node = { - enable = true; - enabledCollectors = ["systemd"]; - port = 9002; - }; - restic = { - enable = true; - repository = ""; - environmentFile = config.sops.secrets."software/restic-exporter-credentials".path; - passwordFile = config.sops.secrets."software/restic-passphrase".path; - refreshInterval = 10800; # refresh every 3 hours - port = 8001; -======= ''; }; node = { @@ -298,15 +175,6 @@ in { enabledCollectors = ["systemd"]; port = 9002; }; - restic = { - enable = true; - repository = ""; - environmentFile = config.sops.secrets."software/restic-exporter-credentials".path; - passwordFile = config.sops.secrets."software/restic-passphrase".path; - refreshInterval = 10800; # refresh every 3 hours - port = 8001; - }; ->>>>>>> 24e1bc1 (add restic-exporter to prometheus metrics) }; }; From fbe4f025e7cfe07a09a307706422629f50876d2e Mon Sep 17 00:00:00 2001 From: Sam Date: Thu, 6 Feb 2025 08:34:27 +0000 Subject: [PATCH 11/13] rename arion-containers dir to docker-containers --- .../arrstack.nix | 0 .../baikal.nix | 0 .../jellyfin.nix | 0 .../photoprism.nix | 0 .../pihole.nix | 0 .../searxng.nix | 0 .../semitamaps-tileserver.nix | 0 .../syncthing.nix | 0 hosts/common/optional/nixos-containers/docker.nix | 12 ++++++------ hosts/common/optional/nixos-containers/pihole.nix | 2 +- .../optional/nixos-containers/semitamaps-worker.nix | 2 +- 11 files changed, 8 insertions(+), 8 deletions(-) rename hosts/common/optional/{arion-containers => docker-containers}/arrstack.nix (100%) rename hosts/common/optional/{arion-containers => docker-containers}/baikal.nix (100%) rename hosts/common/optional/{arion-containers => docker-containers}/jellyfin.nix (100%) rename hosts/common/optional/{arion-containers => docker-containers}/photoprism.nix (100%) rename hosts/common/optional/{arion-containers => docker-containers}/pihole.nix (100%) rename hosts/common/optional/{arion-containers => docker-containers}/searxng.nix (100%) rename hosts/common/optional/{arion-containers => docker-containers}/semitamaps-tileserver.nix (100%) rename hosts/common/optional/{arion-containers => docker-containers}/syncthing.nix (100%) diff --git a/hosts/common/optional/arion-containers/arrstack.nix b/hosts/common/optional/docker-containers/arrstack.nix similarity index 100% rename from hosts/common/optional/arion-containers/arrstack.nix rename to hosts/common/optional/docker-containers/arrstack.nix diff --git a/hosts/common/optional/arion-containers/baikal.nix b/hosts/common/optional/docker-containers/baikal.nix similarity index 100% rename from hosts/common/optional/arion-containers/baikal.nix rename to hosts/common/optional/docker-containers/baikal.nix diff --git a/hosts/common/optional/arion-containers/jellyfin.nix b/hosts/common/optional/docker-containers/jellyfin.nix similarity index 100% rename from hosts/common/optional/arion-containers/jellyfin.nix rename to hosts/common/optional/docker-containers/jellyfin.nix diff --git a/hosts/common/optional/arion-containers/photoprism.nix b/hosts/common/optional/docker-containers/photoprism.nix similarity index 100% rename from hosts/common/optional/arion-containers/photoprism.nix rename to hosts/common/optional/docker-containers/photoprism.nix diff --git a/hosts/common/optional/arion-containers/pihole.nix b/hosts/common/optional/docker-containers/pihole.nix similarity index 100% rename from hosts/common/optional/arion-containers/pihole.nix rename to hosts/common/optional/docker-containers/pihole.nix diff --git a/hosts/common/optional/arion-containers/searxng.nix b/hosts/common/optional/docker-containers/searxng.nix similarity index 100% rename from hosts/common/optional/arion-containers/searxng.nix rename to hosts/common/optional/docker-containers/searxng.nix diff --git a/hosts/common/optional/arion-containers/semitamaps-tileserver.nix b/hosts/common/optional/docker-containers/semitamaps-tileserver.nix similarity index 100% rename from hosts/common/optional/arion-containers/semitamaps-tileserver.nix rename to hosts/common/optional/docker-containers/semitamaps-tileserver.nix diff --git a/hosts/common/optional/arion-containers/syncthing.nix b/hosts/common/optional/docker-containers/syncthing.nix similarity index 100% rename from hosts/common/optional/arion-containers/syncthing.nix rename to hosts/common/optional/docker-containers/syncthing.nix diff --git a/hosts/common/optional/nixos-containers/docker.nix b/hosts/common/optional/nixos-containers/docker.nix index 12659aa..833ef00 100644 --- a/hosts/common/optional/nixos-containers/docker.nix +++ b/hosts/common/optional/nixos-containers/docker.nix @@ -178,12 +178,12 @@ in { imports = [ arion.nixosModules.arion sops-nix.nixosModules.sops - ../arion-containers/arrstack.nix - ../arion-containers/jellyfin.nix - ../arion-containers/photoprism.nix - ../arion-containers/syncthing.nix - ../arion-containers/baikal.nix - (import ../arion-containers/searxng.nix {configVars = configVars;}) + ../docker-containers/arrstack.nix + ../docker-containers/jellyfin.nix + ../docker-containers/photoprism.nix + ../docker-containers/syncthing.nix + ../docker-containers/baikal.nix + (import ../docker-containers/searxng.nix {configVars = configVars;}) ]; environment.systemPackages = [ diff --git a/hosts/common/optional/nixos-containers/pihole.nix b/hosts/common/optional/nixos-containers/pihole.nix index 1f648fd..31d5a13 100644 --- a/hosts/common/optional/nixos-containers/pihole.nix +++ b/hosts/common/optional/nixos-containers/pihole.nix @@ -72,7 +72,7 @@ in { imports = [ arion.nixosModules.arion - ../arion-containers/pihole.nix + ../docker-containers/pihole.nix ]; environment.systemPackages = [ diff --git a/hosts/common/optional/nixos-containers/semitamaps-worker.nix b/hosts/common/optional/nixos-containers/semitamaps-worker.nix index 9270136..c3ee543 100644 --- a/hosts/common/optional/nixos-containers/semitamaps-worker.nix +++ b/hosts/common/optional/nixos-containers/semitamaps-worker.nix @@ -101,7 +101,7 @@ in { imports = [ sops-nix.nixosModules.sops arion.nixosModules.arion - ../arion-containers/semitamaps-tileserver.nix + ../docker-containers/semitamaps-tileserver.nix ]; environment.systemPackages = [ From caac8e68c91fc7396497f91e10ed93f3f6fa3f47 Mon Sep 17 00:00:00 2001 From: Sam Date: Thu, 13 Feb 2025 14:39:18 +0000 Subject: [PATCH 12/13] persist machineid --- hosts/common/optional/persistence.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/common/optional/persistence.nix b/hosts/common/optional/persistence.nix index 1f2f8c4..260686a 100644 --- a/hosts/common/optional/persistence.nix +++ b/hosts/common/optional/persistence.nix @@ -12,6 +12,7 @@ files = [ "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/machine-id" ]; }; } From a7c6598a0f01f298bed87fded0b2b42da60f6acf Mon Sep 17 00:00:00 2001 From: Sam Date: Sat, 15 Feb 2025 10:46:49 +0000 Subject: [PATCH 13/13] add tmux config --- .tmux.conf | 20 ++++++++ flake.lock | 83 +++++++++++++++++++++------------- flake.nix | 5 ++ home/common/core/default.nix | 1 + home/common/core/tmux.nix | 25 ++++++++++ home/common/optional/notes.nix | 8 +++- 6 files changed, 109 insertions(+), 33 deletions(-) create mode 100644 .tmux.conf create mode 100644 home/common/core/tmux.nix diff --git a/.tmux.conf b/.tmux.conf new file mode 100644 index 0000000..177d393 --- /dev/null +++ b/.tmux.conf @@ -0,0 +1,20 @@ +# improve colors +set -g default-terminal 'screen-256color + +# remap leader key to ctrl-s +set -g prefix2 C-s + +# vim keymaps for switching panes +setw -g mode-keys vi +bind-key h select-pane -L +bind-key j select-pane -D +bind-key k select-pane -U +bind-key l select-pane -R +bind-key r C-h select-window -t :- +bind-key r C-h select-window -t :+ + +# plugins +set -g @plugin 'tmux-plugins/tpm' +set -g @plugin 'Nybkox/tmux-kanagawa' + +run '~/.tmux/plugins/tpm/tpm' diff --git a/flake.lock b/flake.lock index 0470bad..5ae691e 100644 --- a/flake.lock +++ b/flake.lock @@ -170,11 +170,11 @@ ] }, "locked": { - "lastModified": 1738453229, - "narHash": "sha256-7H9XgNiGLKN1G1CgRh0vUL4AheZSYzPm+zmZ7vxbJdo=", + "lastModified": 1736143030, + "narHash": "sha256-+hu54pAoLDEZT9pjHlqL9DNzWz0NbUn8NEAHP7PQPzU=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "32ea77a06711b758da0ad9bd6a844c5740a87abd", + "rev": "b905f6fc23a9051a6e1b741e1438dbfc0634c6de", "type": "github" }, "original": { @@ -450,6 +450,26 @@ "type": "github" } }, + "minimal-tmux": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1730695632, + "narHash": "sha256-JtbuSxWFR94HiUdQL9uIm2V/kwGz0gbVbqvYWmEncbc=", + "owner": "niksingh710", + "repo": "minimal-tmux-status", + "rev": "d7188c1aeb1c7dd03230982445b7360f5e230131", + "type": "github" + }, + "original": { + "owner": "niksingh710", + "repo": "minimal-tmux-status", + "type": "github" + } + }, "nix-bitcoin": { "inputs": { "extra-container": "extra-container", @@ -539,11 +559,11 @@ }, "nix-secrets": { "locked": { - "lastModified": 1739387047, - "narHash": "sha256-KpogJP00vwuMIKkGJff3zp0YfV9GfOG//UzMK4nWWUw=", + "lastModified": 1737899664, + "narHash": "sha256-iZpzTSERNQ5UvFfEzrBLuEmcRUGjBSal7ShtXurYq8Q=", "ref": "refs/heads/master", - "rev": "be51e237b5b3d441a194f3e516175f6a543aee35", - "revCount": 280, + "rev": "a9844a78dcbdc8a84679835112970d80822b113c", + "revCount": 257, "type": "git", "url": "ssh://git@git.bitlab21.com/sam/nix-secrets.git" }, @@ -601,11 +621,11 @@ }, "nixpkgs-unstable_2": { "locked": { - "lastModified": 1739446958, - "narHash": "sha256-+/bYK3DbPxMIvSL4zArkMX0LQvS7rzBKXnDXLfKyRVc=", + "lastModified": 1737746512, + "narHash": "sha256-nU6AezEX4EuahTO1YopzueAXfjFfmCHylYEFCagduHU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2ff53fe64443980e139eaa286017f53f88336dd0", + "rev": "825479c345a7f806485b7f00dbe3abb50641b083", "type": "github" }, "original": { @@ -633,11 +653,11 @@ }, "nixpkgs_3": { "locked": { - "lastModified": 1739552784, - "narHash": "sha256-d5fnrNapcIBuSn+nu8FHvjCk3+mV7r2aEtlJvnq+o68=", + "lastModified": 1737893696, + "narHash": "sha256-FV16HsdY2KY/6ixpizYH+SVuLdDCa5WvJVHglMtvQ74=", "owner": "nixos", "repo": "nixpkgs", - "rev": "628d2d6abc21aac6729beff7f2f592acb64bb970", + "rev": "7db27bab4129d44b0433dd45fa9a30f7a0795db3", "type": "github" }, "original": { @@ -649,11 +669,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1739446958, - "narHash": "sha256-+/bYK3DbPxMIvSL4zArkMX0LQvS7rzBKXnDXLfKyRVc=", + "lastModified": 1737746512, + "narHash": "sha256-nU6AezEX4EuahTO1YopzueAXfjFfmCHylYEFCagduHU=", "owner": "nixos", "repo": "nixpkgs", - "rev": "2ff53fe64443980e139eaa286017f53f88336dd0", + "rev": "825479c345a7f806485b7f00dbe3abb50641b083", "type": "github" }, "original": { @@ -678,11 +698,11 @@ "treefmt-nix": "treefmt-nix_2" }, "locked": { - "lastModified": 1739018339, - "narHash": "sha256-/J2H70Gsi13nh8vGEV6aBr+e5avFaGOSr2TF4VjnVAk=", + "lastModified": 1737731711, + "narHash": "sha256-6ubhKkCkBMuqFMjzeg+/2L5dNipKKf1KE9i8r8inyEg=", "owner": "nix-community", "repo": "nixvim", - "rev": "9f0cb35c26a7dbc0acce0658f73b08b2198487c6", + "rev": "841155edf9c4578f2f9a7bd6993e1da2ce73b35c", "type": "github" }, "original": { @@ -699,11 +719,11 @@ "treefmt-nix": "treefmt-nix_3" }, "locked": { - "lastModified": 1739557017, - "narHash": "sha256-S8pgqw8deCjOCB91sqE/yUOV5zPmd3d0ZY9DaPlgMf4=", + "lastModified": 1737896356, + "narHash": "sha256-JVZPYiBjllZqFjb6mmmdEQDmAkZCbXSNjOGRJWO52PA=", "owner": "nix-community", "repo": "NUR", - "rev": "a69f8f0c7c2c9e19046c41570770f90914eb7d56", + "rev": "5ee047c2c9ca4400689d913843351c2c7e4f56fb", "type": "github" }, "original": { @@ -722,11 +742,11 @@ ] }, "locked": { - "lastModified": 1738508923, - "narHash": "sha256-4DaDrQDAIxlWhTjH6h/+xfG05jt3qDZrZE/7zDLQaS4=", + "lastModified": 1737372689, + "narHash": "sha256-nH3zK2ki0fd5o5qvbGHxukE4qnOLJa1uCzoDObG5vrE=", "owner": "NuschtOS", "repo": "search", - "rev": "86e2038290859006e05ca7201425ea5b5de4aecb", + "rev": "570cc17bbc25650eb7d69e4fcda8cfd2f1656922", "type": "github" }, "original": { @@ -767,6 +787,7 @@ "home-manager": "home-manager", "impermanence": "impermanence", "lnbits": "lnbits", + "minimal-tmux": "minimal-tmux", "nix-bitcoin": "nix-bitcoin", "nix-colors": "nix-colors", "nix-secrets": "nix-secrets", @@ -784,11 +805,11 @@ ] }, "locked": { - "lastModified": 1739262228, - "narHash": "sha256-7JAGezJ0Dn5qIyA2+T4Dt/xQgAbhCglh6lzCekTVMeU=", + "lastModified": 1737411508, + "narHash": "sha256-j9IdflJwRtqo9WpM0OfAZml47eBblUHGNQTe62OUqTw=", "owner": "mic92", "repo": "sops-nix", - "rev": "07af005bb7d60c7f118d9d9f5530485da5d1e975", + "rev": "015d461c16678fc02a2f405eb453abb509d4e1d4", "type": "github" }, "original": { @@ -886,11 +907,11 @@ ] }, "locked": { - "lastModified": 1738953846, - "narHash": "sha256-yrK3Hjcr8F7qS/j2F+r7C7o010eVWWlm4T1PrbKBOxQ=", + "lastModified": 1737483750, + "narHash": "sha256-5An1wq5U8sNycOBBg3nsDDgpwBmR9liOpDGlhliA6Xo=", "owner": "numtide", "repo": "treefmt-nix", - "rev": "4f09b473c936d41582dd744e19f34ec27592c5fd", + "rev": "f2cc121df15418d028a59c9737d38e3a90fbaf8f", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index bece91f..121eded 100644 --- a/flake.nix +++ b/flake.nix @@ -59,6 +59,11 @@ url = "git+ssh://git@git.bitlab21.com/sam/nix-secrets.git"; inputs = {}; }; + + minimal-tmux = { + url = "github:niksingh710/minimal-tmux-status"; + inputs.nixpkgs.follows = "nixpkgs"; + }; }; outputs = { diff --git a/home/common/core/default.nix b/home/common/core/default.nix index 6638cf7..0be0d08 100644 --- a/home/common/core/default.nix +++ b/home/common/core/default.nix @@ -4,6 +4,7 @@ inputs.nix-colors.homeManagerModules.default ./zsh.nix ./nixvim + ./tmux.nix ]; nixpkgs.overlays = [ diff --git a/home/common/core/tmux.nix b/home/common/core/tmux.nix new file mode 100644 index 0000000..58c4a82 --- /dev/null +++ b/home/common/core/tmux.nix @@ -0,0 +1,25 @@ +{ + pkgs, + inputs, + ... +}: { + + programs.tmux = { + enable = true; + clock24 = true; + extraConfig = '' + # vim keymaps for switching panes + setw -g mode-keys vi + bind-key h select-pane -L + bind-key j select-pane -D + bind-key k select-pane -U + bind-key l select-pane -R + bind-key -r C-h select-window -t :- + bind-key -r C-h select-window -t :+ + ''; + plugins = [ + { plugin = inputs.minimal-tmux.packages.${pkgs.system}.default; } + pkgs.tmuxPlugins.yank + ]; + }; +} diff --git a/home/common/optional/notes.nix b/home/common/optional/notes.nix index d855881..2b7255c 100644 --- a/home/common/optional/notes.nix +++ b/home/common/optional/notes.nix @@ -3,7 +3,8 @@ let user = config.home.username; in { - home.activation.get-notes = lib.hm.dag.entryAfter [ "installPackages" ] '' + home.activation.getNotes = lib.hm.dag.entryAfter [ "writeBoundary" ] '' + touch /tmp/notes notes_dir=/home/${user}/.local/share/notes remote=git@git.bitlab21.com:sam/notes if [ -d "$notes_dir" ]; @@ -13,6 +14,9 @@ in else mkdir -p "$notes_dir" && PATH="${pkgs.git}/bin:${pkgs.openssh}/bin:$PATH" git clone "$remote" "$notes_dir" fi - exit 0 + ''; + + home.activation.foo = lib.hm.dag.entryAfter [ "writeBoundary" ] '' + touch /tmp/foo ''; }