genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-05-31 23:55:20 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Extend dots.ports module to remaining NixOS hosts

Browse source 
- hetznix02: import shared ports, derive firewall via lib.pipe, wire
  node-exporter and nginx-exporter port references in monitoring.nix
- kiosk-entryway: import shared ports, wire node-exporter port in monitoring.nix
- kiosk-gene-desk: import shared ports, make node-exporter port explicit
- bigboy, rainbow-planet: import shared ports for consistency

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Gene Liverman 2026-05-31 21:13:42 -04:00
parent fb33d4db15
commit d433d77ee1
No known key found for this signature in database
7 changed files with 26 additions and 15 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/hosts/nixos/bigboy/default.nix
View file

@ -17,6 +17,7 @@ in
# Include the results of the hardware scan. # Include the results of the hardware scan.
./hardware-configuration.nix ./hardware-configuration.nix
../../../shared/linux/flatpaks.nix ../../../shared/linux/flatpaks.nix
../../../shared/nixos/ports.nix
../../../shared/nixos/ripping.nix ../../../shared/nixos/ripping.nix
]; ];

22
modules/hosts/nixos/hetznix02/default.nix
View file

@ -1,5 +1,7 @@
{ {
config,
inputs, inputs,
lib,
pkgs, pkgs,
username, username,
... ...
@ -7,6 +9,7 @@
{ {
imports = [ imports = [
../../../shared/nixos/nixroutes.nix ../../../shared/nixos/nixroutes.nix
../../../shared/nixos/ports.nix
./disk-config.nix ./disk-config.nix
./hardware-configuration.nix ./hardware-configuration.nix
./post-install ./post-install
@ -33,15 +36,18 @@
]; ];
networking = { networking = {
# Open ports in the firewall. firewall = {
firewall.allowedTCPPorts = [ allowedTCPPorts = lib.pipe config.dots.ports [
22 # ssh builtins.attrValues
80 # Nginx (builtins.filter (e: e.openFirewall && e.protocol == "tcp"))
443 # Nginx (map (e: e.port))
]; ];
# firewall.allowedUDPPorts = [ ... ]; allowedUDPPorts = lib.pipe config.dots.ports [
# Or disable the firewall altogether. builtins.attrValues
# firewall.enable = false; (builtins.filter (e: e.openFirewall && e.protocol == "udp"))
(map (e: e.port))
];
};
hostId = "89bbb3e6"; # head -c4 /dev/urandom | od -A none -t x4 hostId = "89bbb3e6"; # head -c4 /dev/urandom | od -A none -t x4

8
modules/hosts/nixos/hetznix02/post-install/monitoring.nix
View file

@ -16,7 +16,7 @@ in
{ {
job_name = "node"; job_name = "node";
static_configs = [ static_configs = [
{ targets = [ "127.0.0.1:9100" ]; } { targets = [ "127.0.0.1:${toString config.dots.ports.node-exporter.port}" ]; }
]; ];
metric_relabel_configs = [ metric_relabel_configs = [
{ {
@ -37,7 +37,7 @@ in
{ {
job_name = "nginx"; job_name = "nginx";
static_configs = [ static_configs = [
{ targets = [ "127.0.0.1:9113" ]; } { targets = [ "127.0.0.1:${toString config.dots.ports.nginx-exporter.port}" ]; }
]; ];
metric_relabel_configs = [ metric_relabel_configs = [
{ {
@ -84,7 +84,7 @@ in
prometheus.exporters.node = { prometheus.exporters.node = {
enable = true; enable = true;
listenAddress = "127.0.0.1"; listenAddress = "127.0.0.1";
port = 9100; inherit (config.dots.ports.node-exporter) port;
enabledCollectors = [ enabledCollectors = [
"systemd" "systemd"
]; ];
@ -98,7 +98,7 @@ in
prometheus.exporters.nginx = { prometheus.exporters.nginx = {
enable = true; enable = true;
listenAddress = "127.0.0.1"; listenAddress = "127.0.0.1";
port = 9113; inherit (config.dots.ports.nginx-exporter) port;
scrapeUri = "https://127.0.0.1/server_status"; scrapeUri = "https://127.0.0.1/server_status";
sslVerify = false; sslVerify = false;
}; };

1
modules/hosts/nixos/kiosk-entryway/default.nix
View file

@ -7,6 +7,7 @@
}: }:
{ {
imports = [ imports = [
../../../shared/nixos/ports.nix
./disk-config.nix ./disk-config.nix
./hardware-configuration.nix ./hardware-configuration.nix
./monitoring.nix ./monitoring.nix

4
modules/hosts/nixos/kiosk-entryway/monitoring.nix
View file

@ -16,7 +16,7 @@ in
{ {
job_name = "node"; job_name = "node";
static_configs = [ static_configs = [
{ targets = [ "127.0.0.1:9100" ]; } { targets = [ "127.0.0.1:${toString config.dots.ports.node-exporter.port}" ]; }
]; ];
metric_relabel_configs = [ metric_relabel_configs = [
{ {
@ -63,7 +63,7 @@ in
prometheus.exporters.node = { prometheus.exporters.node = {
enable = true; enable = true;
listenAddress = "127.0.0.1"; listenAddress = "127.0.0.1";
port = 9100; inherit (config.dots.ports.node-exporter) port;
extraFlags = [ extraFlags = [
"--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|run|tmp|var/lib/docker/.+)($|/)" "--collector.filesystem.mount-points-exclude=^/(sys|proc|dev|run|tmp|var/lib/docker/.+)($|/)"
"--collector.diskstats.device-exclude=^(loop|ram|fd|sr|dm-|nvme[0-9]n[0-9]p[0-9]+_crypt)$" "--collector.diskstats.device-exclude=^(loop|ram|fd|sr|dm-|nvme[0-9]n[0-9]p[0-9]+_crypt)$"

2
modules/hosts/nixos/kiosk-gene-desk/default.nix
View file

@ -10,6 +10,7 @@
imports = [ imports = [
# SD card image # SD card image
"${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix" "${inputs.nixpkgs}/nixos/modules/installer/sd-card/sd-image-aarch64.nix"
../../../shared/nixos/ports.nix
./read-only-root.nix ./read-only-root.nix
]; ];
@ -92,6 +93,7 @@
}; };
prometheus.exporters.node = { prometheus.exporters.node = {
enable = true; enable = true;
inherit (config.dots.ports.node-exporter) port;
enabledCollectors = [ enabledCollectors = [
"logind" "logind"
"systemd" "systemd"

1
modules/hosts/nixos/rainbow-planet/default.nix
View file

@ -9,6 +9,7 @@
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../../../shared/linux/flatpaks.nix ../../../shared/linux/flatpaks.nix
../../../shared/nixos/ports.nix
../../../shared/nixos/ripping.nix ../../../shared/nixos/ripping.nix
]; ];