diff options
Diffstat (limited to 'modules/nixos/services')
| -rw-r--r-- | modules/nixos/services/cloudflared.nix | 38 | ||||
| -rw-r--r-- | modules/nixos/services/default.nix | 7 | ||||
| -rw-r--r-- | modules/nixos/services/hercules.nix | 55 | ||||
| -rw-r--r-- | modules/nixos/services/promtail.nix | 47 |
4 files changed, 0 insertions, 147 deletions
diff --git a/modules/nixos/services/cloudflared.nix b/modules/nixos/services/cloudflared.nix deleted file mode 100644 index 42f5908..0000000 --- a/modules/nixos/services/cloudflared.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ - config, - lib, - secretsDir, - ... -}: let - cfg = config.server.services.cloudflared; - inherit (lib) mkEnableOption mkIf; - inherit (config.services) nginx; -in { - options.server.services.cloudflared = { - enable = mkEnableOption "cloudflared"; - }; - - config = mkIf cfg.enable { - age.secrets.cloudflaredCreds = { - file = secretsDir + "/cloudflaredCreds.age"; - mode = "400"; - owner = "cloudflared"; - group = "cloudflared"; - }; - - services.cloudflared = { - enable = true; - tunnels = { - "${config.networking.hostName}-nginx" = { - default = "http_status:404"; - - ingress = lib.genAttrs (builtins.attrNames nginx.virtualHosts) ( - _: {service = "http://localhost:${toString nginx.defaultHTTPListenPort}";} - ); - - credentialsFile = config.age.secrets.cloudflaredCreds.path; - }; - }; - }; - }; -} diff --git a/modules/nixos/services/default.nix b/modules/nixos/services/default.nix deleted file mode 100644 index 3423b79..0000000 --- a/modules/nixos/services/default.nix +++ /dev/null @@ -1,7 +0,0 @@ -{ - imports = [ - ./cloudflared.nix - ./hercules.nix - ./promtail.nix - ]; -} diff --git a/modules/nixos/services/hercules.nix b/modules/nixos/services/hercules.nix deleted file mode 100644 index 879367c..0000000 --- a/modules/nixos/services/hercules.nix +++ /dev/null @@ -1,55 +0,0 @@ -{ - config, - lib, - unstable, - secretsDir, - ... -}: let - cfg = config.server.services.hercules-ci; - inherit (lib) mkEnableOption mkIf; - - hercArgs = { - mode = "400"; - owner = "hercules-ci-agent"; - group = "hercules-ci-agent"; - }; -in { - options.server.services.hercules-ci = { - enable = mkEnableOption "hercules-ci"; - secrets.enable = mkEnableOption "secrets management for hercules-ci"; - }; - - config = mkIf cfg.enable { - age.secrets = mkIf cfg.secrets.enable { - binaryCache = - { - file = secretsDir + "/binaryCache.age"; - } - // hercArgs; - - clusterToken = - { - file = secretsDir + "/clusterToken.age"; - } - // hercArgs; - - secretsJson = - { - file = secretsDir + "/secretsJson.age"; - } - // hercArgs; - }; - - services = { - hercules-ci-agent = { - enable = true; - package = unstable.hercules-ci-agent; - settings = { - binaryCachesPath = config.age.secrets.binaryCache.path; - clusterJoinTokenPath = config.age.secrets.clusterToken.path; - secretsJsonPath = config.age.secrets.secretsJson.path; - }; - }; - }; - }; -} diff --git a/modules/nixos/services/promtail.nix b/modules/nixos/services/promtail.nix deleted file mode 100644 index ced1ece..0000000 --- a/modules/nixos/services/promtail.nix +++ /dev/null @@ -1,47 +0,0 @@ -{ - config, - lib, - ... -}: let - cfg = config.server.services.promtail; - inherit (lib) mkEnableOption mkIf mkOption types; -in { - options.server.services.promtail = { - enable = mkEnableOption "Promtail"; - - clients = mkOption { - type = types.listOf types.attrs; - default = [{}]; - description = "clients for promtail"; - }; - }; - - config.services.promtail = mkIf cfg.enable { - enable = true; - configuration = { - inherit (cfg) clients; - server.disable = true; - - scrape_configs = [ - { - job_name = "journal"; - - journal = { - max_age = "12h"; - labels = { - job = "systemd-journal"; - host = "${config.networking.hostName}"; - }; - }; - - relabel_configs = [ - { - source_labels = ["__journal__systemd_unit"]; - target_label = "unit"; - } - ]; - } - ]; - }; - }; -} |