summaryrefslogtreecommitdiffstats
path: root/krebs/2configs
diff options
context:
space:
mode:
Diffstat (limited to 'krebs/2configs')
-rw-r--r--krebs/2configs/container-networking.nix7
-rw-r--r--krebs/2configs/ircd.nix1
-rw-r--r--krebs/2configs/news-host.nix1
-rw-r--r--krebs/2configs/news.nix29
-rw-r--r--krebs/2configs/shack/prometheus/alert-rules.nix9
-rw-r--r--krebs/2configs/syncthing.nix4
6 files changed, 49 insertions, 2 deletions
diff --git a/krebs/2configs/container-networking.nix b/krebs/2configs/container-networking.nix
new file mode 100644
index 000000000..fa4488800
--- /dev/null
+++ b/krebs/2configs/container-networking.nix
@@ -0,0 +1,7 @@
+{ lib, ... }:
+{
+ networking.nat.enable = true;
+ networking.nat.internalInterfaces = ["ve-+"];
+ networking.nat.externalInterface = lib.mkDefault "et0";
+ networking.networkmanager.unmanaged = [ "interface-name:ve-*" ];
+}
diff --git a/krebs/2configs/ircd.nix b/krebs/2configs/ircd.nix
index 0de07a027..3ef2e7d2b 100644
--- a/krebs/2configs/ircd.nix
+++ b/krebs/2configs/ircd.nix
@@ -87,6 +87,7 @@
};
channel {
+ autochanmodes = "+t";
use_invex = yes;
use_except = yes;
use_forward = yes;
diff --git a/krebs/2configs/news-host.nix b/krebs/2configs/news-host.nix
index 82360a670..b7728986f 100644
--- a/krebs/2configs/news-host.nix
+++ b/krebs/2configs/news-host.nix
@@ -4,6 +4,7 @@
"shodan"
"mors"
"styx"
+ "puyak"
];
hostIp = "10.233.2.101";
localIp = "10.233.2.102";
diff --git a/krebs/2configs/news.nix b/krebs/2configs/news.nix
index 410beb041..2da3e6fcc 100644
--- a/krebs/2configs/news.nix
+++ b/krebs/2configs/news.nix
@@ -15,6 +15,16 @@
serverAliases = [
"news.r"
];
+ locations."/api".extraConfig = ''
+ proxy_pass http://127.0.0.1:7777/;
+ proxy_pass_header Server;
+ '';
+ locations."= /graph.html".extraConfig = ''
+ alias ${pkgs.fetchurl {
+ url = "https://raw.githubusercontent.com/kmein/brockman/05d33c8caaaf6255752f9600981974bb58390851/tools/graph.html";
+ sha256 = "0iw2vdzj6kzkix1c447ybmc953lns6z4ap6sr9pcib8bany4g43w";
+ }};
+ '';
locations."/".extraConfig = ''
root /var/lib/brockman;
index brockman.json;
@@ -27,6 +37,7 @@
};
systemd.tmpfiles.rules = [
"d /var/lib/brockman 1750 brockman nginx -"
+ "d /run/irc-api 1750 brockman nginx -"
];
systemd.services.brockman-graph = {
@@ -67,12 +78,28 @@
shortener = "http://go.r";
controller = {
nick = "brockman";
- channels = [ "#all" ];
+ extraChannels = [ "#all" ];
};
bots = {};
};
};
+ krebs.reaktor2.api = {
+ hostname = "localhost";
+ port = "6667";
+ nick = "api";
+ API.listen = "inet://127.0.0.1:7777";
+ plugins = [
+ {
+ plugin = "register";
+ config = {
+ channels = [
+ "#all"
+ ];
+ };
+ }
+ ];
+ };
krebs.reaktor2.news = let
name = "candyman";
in {
diff --git a/krebs/2configs/shack/prometheus/alert-rules.nix b/krebs/2configs/shack/prometheus/alert-rules.nix
index 12c691466..65e5d9005 100644
--- a/krebs/2configs/shack/prometheus/alert-rules.nix
+++ b/krebs/2configs/shack/prometheus/alert-rules.nix
@@ -14,7 +14,14 @@ in {
labels.severity = "warning";
annotations.summary = "{{ $labels.alias }} root disk full";
annotations.url = "http://grafana.shack/d/hb7fSE0Zz/shack-system-dashboard?orgId=1&var-job=node&var-hostname=All&var-node=wolf.shack:9100&var-device=All&var-maxmount=%2F&var-show_hostname=wolf";
- annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%). CI for deploying new configuration will seize working. Log in to the system and run `nix-collect-garbage -d` and clean up the shack share folder in `/home/share` .If this does not help you can check `du -hs /var/ | sort -h`, run `docker system prune` or if you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete'';
+ annotations.description = ''The root disk of {{ $labels.alias }} has {{ $value | printf "%.2f" }}% free disk space (Threshold at ${disk_free_threshold}%). CI for deploying new configuration will seize working. Log in to the system and try to clean up the obsolete files on the machine. There are a couple of things you can do:
+1. `nix-collect-garbage -d`
+2. clean up the shack share folder in `/home/share`
+3. check `du -hs /var/ | sort -h`.
+4. run `docker system prune`
+5. `find /var/lib/containers/news/var/lib/htgen-go/items -mtime +7 -delete;` to clean up the link shortener data
+5. If you are really desperate run `du -hs / | sort -h` and go through the folders recursively until you've found something to delete
+6. as a last resort the root disk can be expanded via `lvresize -L +10G /dev/pool/root && btrfs filesystem resize max /` '';
}
{
alert = "RootPartitionFull";
diff --git a/krebs/2configs/syncthing.nix b/krebs/2configs/syncthing.nix
index 31e33ad5e..125e2aea4 100644
--- a/krebs/2configs/syncthing.nix
+++ b/krebs/2configs/syncthing.nix
@@ -10,6 +10,10 @@ in {
configDir = "/var/lib/syncthing";
declarative = {
devices = mk_peers used_peers;
+ key = toString <secrets/syncthing.key>;
+ cert = toString <secrets/syncthing.cert>;
};
};
+
+ boot.kernel.sysctl."fs.inotify.max_user_watches" = 524288;
}