4o1x5/infrastructure
4o1x5/infrastructure
Archived
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

🚀 big update:

Browse source 
added logging to all nginx routes
added loki, promtail to scrape nginx logs
turned i2pd back on,
updated my websites version
upgraded all hosts to 24.05
forgejo added bigger limit to upload limit due to docker images
privacy frontends:
    added priviblur
    libreddit -> redlib
    added biblioreads

ddns-updater, changed credentials but there is a bug with porkbun
added penpot
brought back anonymousoverflow
added readme privacy respecting frontends
This commit is contained in:
2005 2024-06-03 02:05:38 +02:00
parent 9463db2058
commit b6107679d1
19 changed files with 940 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

39
hosts/carbon/services/monitoring/promtail.nix Normal file
View file

@ -0,0 +1,39 @@
{ pkgs, ... }: {
services.promtail = {
enable = true;
configuration =
{
server = {
http_listen_port = 0;
grpc_listen_port = 0;
};
clients = [
{ url = "https//32.54.31.99:3100/api/prom/push"; }
];
scrape_configs = [
{
job_name = "system";
pipeline_stages = [
{ replace = { expression = "(?:[0-9]{1,3}\\.){3}([0-9]{1,3})"; replace = "***"; }; }
];
static_configs = [
{
targets = [ "localhost" ];
labels = {
job = "nginx_access_log";
host = "carbon";
agent = "promtail";
__path__ = "/var/log/nginx/json_access.log";
};
}
];
}
];
};
};
}

29
hosts/carbon/services/privacy/biblioreads.nix Normal file
View file

@ -0,0 +1,29 @@
{ pkgs, config, ... }: {
virtualisation.oci-containers.containers = {
biblioreads = {
image = "nesaku/biblioreads:latest";
ports = [
"5484:3000"
];
};
};
services.nginx = {
virtualHosts = {
"biblioreads.${config.networking.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = " http://127.0.0.1:5484";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
};
};
}

28
hosts/carbon/services/privacy/priviblur.nix Normal file
View file

@ -0,0 +1,28 @@
{ pkgs, config, ... }: {
virtualisation.oci-containers.containers = {
priviblur = {
image = "quay.io/pussthecatorg/priviblur:latest";
ports = [
"1484:8000"
];
};
};
services.nginx = {
virtualHosts = {
"priviblur.${config.networking.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = " http://127.0.0.1:1484";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
};
};
}

169
hosts/carbon/services/privacy/proxitok.nix Normal file
View file

@ -0,0 +1,169 @@
# Auto-generated using compose2nix v0.2.0-pre.
{ pkgs, lib, ... }:
{
services.nginx = {
virtualHosts = {
"proxitok.${config.networking.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = " http://127.0.0.1:4772";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
};
};
# Containers
virtualisation.oci-containers.containers."proxitok-redis" = {
image = "redis:7-alpine";
cmd = [ "redis-server" "--save" "60" "1" "--loglevel" "warning" ];
user = "nobody";
log-driver = "journald";
extraOptions = [
"--cap-drop=ALL"
"--network-alias=redis"
"--network=docker-compose_proxitok"
"--security-opt=no-new-privileges:true"
];
};
systemd.services."podman-proxitok-redis" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-docker-compose_proxitok.service"
];
requires = [
"podman-network-docker-compose_proxitok.service"
];
partOf = [
"podman-compose-docker-compose-root.target"
];
wantedBy = [
"podman-compose-docker-compose-root.target"
];
};
virtualisation.oci-containers.containers."proxitok-signer" = {
image = "ghcr.io/pablouser1/signtok:master";
user = "nobody";
log-driver = "journald";
extraOptions = [
"--cap-drop=ALL"
"--network-alias=signer"
"--network=docker-compose_proxitok"
"--security-opt=no-new-privileges:true"
];
};
systemd.services."podman-proxitok-signer" = {
serviceConfig = {
Restart = lib.mkOverride 500 "\"no\"";
};
after = [
"podman-network-docker-compose_proxitok.service"
];
requires = [
"podman-network-docker-compose_proxitok.service"
];
partOf = [
"podman-compose-docker-compose-root.target"
];
wantedBy = [
"podman-compose-docker-compose-root.target"
];
};
virtualisation.oci-containers.containers."proxitok-web" = {
image = "ghcr.io/pablouser1/proxitok:master";
environment = {
API_CACHE = "redis";
API_SIGNER = "remote";
API_SIGNER_URL = "http://proxitok-signer:8080/signature";
LATTE_CACHE = "/cache";
REDIS_HOST = "proxitok-redis";
REDIS_PORT = "6379";
};
volumes = [
"proxitok-cache:/cache:rw"
];
ports = [
"4772:8080/tcp"
];
dependsOn = [
"proxitok-redis"
"proxitok-signer"
];
log-driver = "journald";
extraOptions = [
"--cap-add=CHOWN"
"--cap-add=SETGID"
"--cap-add=SETUID"
"--cap-drop=ALL"
"--network-alias=web"
"--network=docker-compose_proxitok"
"--security-opt=no-new-privileges:true"
];
};
systemd.services."podman-proxitok-web" = {
serviceConfig = {
Restart = lib.mkOverride 500 "\"no\"";
};
after = [
"podman-network-docker-compose_proxitok.service"
"podman-volume-docker-compose_proxitok-cache.service"
];
requires = [
"podman-network-docker-compose_proxitok.service"
"podman-volume-docker-compose_proxitok-cache.service"
];
partOf = [
"podman-compose-docker-compose-root.target"
];
wantedBy = [
"podman-compose-docker-compose-root.target"
];
};
# Networks
systemd.services."podman-network-docker-compose_proxitok" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "${pkgs.podman}/bin/podman network rm -f docker-compose_proxitok";
};
script = ''
podman network inspect docker-compose_proxitok || podman network create docker-compose_proxitok
'';
partOf = [ "podman-compose-docker-compose-root.target" ];
wantedBy = [ "podman-compose-docker-compose-root.target" ];
};
# Volumes
systemd.services."podman-volume-docker-compose_proxitok-cache" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
podman volume inspect docker-compose_proxitok-cache || podman volume create docker-compose_proxitok-cache
'';
partOf = [ "podman-compose-docker-compose-root.target" ];
wantedBy = [ "podman-compose-docker-compose-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."podman-compose-docker-compose-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}

31
hosts/carbon/services/privacy/scribe.nix Normal file
View file

@ -0,0 +1,31 @@
{ pkgs, config, ... }: {
services.scribe = {
enable = true;
appDomain = "scribe.${config.networking.domain}";
port = 7283;
# TODO fix since it's readable by nix store...
environmentFile = ''
GITHUB_PERSONAL_ACCESS_TOKEN= ${builtins.readFile config.age.secrets.github-token.path}
GITHUB_USERNAME= ${builtins.readFile config.age.secrets.github-username.path}
'';
};
services.nginx = {
virtualHosts = {
"scribe.${config.networking.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = " http://127.0.0.1:7283";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
};
};
}

118
hosts/carbon/services/privacy/wikiless.nix Normal file
View file

@ -0,0 +1,118 @@
# Auto-generated using compose2nix v0.2.0-pre.
{ pkgs, lib, ... }:
{
services.nginx = {
virtualHosts = {
"wikiless.${config.networking.domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = " http://127.0.0.1:8180";
extraConfig = ''
access_log /var/log/nginx/$server_name-access.log json_analytics;
'';
};
};
};
};
# Containers
virtualisation.oci-containers.containers."wikiless" = {
image = "ghcr.io/metastem/wikiless:latest";
environment = {
REDIS_HOST = "redis://172.4.0.5:6379";
};
ports = [
"127.0.0.1:8180:8080/tcp"
];
dependsOn = [
"wikiless_redis"
];
log-driver = "journald";
extraOptions = [
"--cap-drop=ALL"
"--hostname=wikiless"
"--ip=172.4.0.6"
"--network-alias=wikiless"
"--network=docker-compose_wikiless_net"
"--security-opt=no-new-privileges:true"
];
};
systemd.services."podman-wikiless" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-docker-compose_wikiless_net.service"
];
requires = [
"podman-network-docker-compose_wikiless_net.service"
];
partOf = [
"podman-compose-docker-compose-root.target"
];
wantedBy = [
"podman-compose-docker-compose-root.target"
];
};
virtualisation.oci-containers.containers."wikiless_redis" = {
image = "redis:latest";
user = "nobody";
log-driver = "journald";
extraOptions = [
"--cap-add=DAC_OVERRIDE"
"--cap-add=SETGID"
"--cap-add=SETUID"
"--cap-drop=ALL"
"--hostname=wikiless_redis"
"--ip=172.4.0.5"
"--network-alias=wikiless_redis"
"--network=docker-compose_wikiless_net"
"--security-opt=no-new-privileges:true"
];
};
systemd.services."podman-wikiless_redis" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-docker-compose_wikiless_net.service"
];
requires = [
"podman-network-docker-compose_wikiless_net.service"
];
partOf = [
"podman-compose-docker-compose-root.target"
];
wantedBy = [
"podman-compose-docker-compose-root.target"
];
};
# Networks
systemd.services."podman-network-docker-compose_wikiless_net" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "${pkgs.podman}/bin/podman network rm -f docker-compose_wikiless_net";
};
script = ''
podman network inspect docker-compose_wikiless_net || podman network create docker-compose_wikiless_net --subnet=172.4.0.0/16
'';
partOf = [ "podman-compose-docker-compose-root.target" ];
wantedBy = [ "podman-compose-docker-compose-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."podman-compose-docker-compose-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}

23
hosts/carbon/services/routes/learningpulsedev.nix Normal file
View file

@ -0,0 +1,23 @@
{ pkgs, config, ... }: {
services.nginx = {
virtualHosts = {
"lpdev.${config.networking.domain}" =
{
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = " http://32.54.31.99:8181";
};
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
};
}

21
hosts/carbon/services/routes/penpot.nix Normal file
View file

@ -0,0 +1,21 @@
{ pkgs, config, ... }: {
services.nginx = {
virtualHosts = {
"penpot.${config.networking.domain}" =
{
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = " http://32.54.31.241:9032";
extraConfig = ''
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
'';
};
};
};
};
}

283
hosts/lime/services/penpot/docker-compose.nix Normal file
View file

@ -0,0 +1,283 @@
# Auto-generated using compose2nix v0.1.9.
{ pkgs, lib, ... }:
{
# Runtime
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
defaultNetwork.settings = {
# Required for container networking to be able to use names.
dns_enabled = true;
};
};
virtualisation.oci-containers.backend = "podman";
# Containers
virtualisation.oci-containers.containers."docker-compose-penpot-backend" = {
image = "penpotapp/backend:latest";
environment = {
PENPOT_ASSETS_STORAGE_BACKEND = "assets-fs";
PENPOT_DATABASE_PASSWORD = "penpot";
PENPOT_DATABASE_URI = "postgresql://penpot-postgres/penpot";
PENPOT_DATABASE_USERNAME = "penpot";
PENPOT_FLAGS = "enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server";
PENPOT_PUBLIC_URI = "https://penpot.4o1x5.dev";
PENPOT_REDIS_URI = "redis://penpot-redis/0";
PENPOT_SMTP_DEFAULT_FROM = "no-reply@example.com";
PENPOT_SMTP_DEFAULT_REPLY_TO = "no-reply@example.com";
PENPOT_SMTP_HOST = "penpot-mailcatch";
PENPOT_SMTP_PASSWORD = "";
PENPOT_SMTP_PORT = "1025";
PENPOT_SMTP_SSL = "false";
PENPOT_SMTP_TLS = "false";
PENPOT_SMTP_USERNAME = "";
PENPOT_STORAGE_ASSETS_FS_DIRECTORY = "/opt/data/assets";
PENPOT_TELEMETRY_ENABLED = "false";
};
volumes = [
"penpot_assets:/opt/data/assets:rw"
];
dependsOn = [
"docker-compose-penpot-postgres"
"docker-compose-penpot-redis"
];
log-driver = "journald";
extraOptions = [
"--network-alias=penpot-backend"
"--network=docker-compose_penpot"
];
};
systemd.services."podman-docker-compose-penpot-backend" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-docker-compose_penpot.service"
"podman-volume-docker-compose_penpot_assets.service"
];
requires = [
"podman-network-docker-compose_penpot.service"
"podman-volume-docker-compose_penpot_assets.service"
];
partOf = [
"podman-compose-docker-compose-root.target"
];
wantedBy = [
"podman-compose-docker-compose-root.target"
];
};
virtualisation.oci-containers.containers."docker-compose-penpot-exporter" = {
image = "penpotapp/exporter:latest";
environment = {
PENPOT_PUBLIC_URI = "http://penpot-frontend";
PENPOT_REDIS_URI = "redis://penpot-redis/0";
};
log-driver = "journald";
extraOptions = [
"--network-alias=penpot-exporter"
"--network=docker-compose_penpot"
];
};
systemd.services."podman-docker-compose-penpot-exporter" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-docker-compose_penpot.service"
];
requires = [
"podman-network-docker-compose_penpot.service"
];
partOf = [
"podman-compose-docker-compose-root.target"
];
wantedBy = [
"podman-compose-docker-compose-root.target"
];
};
virtualisation.oci-containers.containers."docker-compose-penpot-frontend" = {
image = "penpotapp/frontend:latest";
environment = {
PENPOT_FLAGS = "enable-registration enable-login-with-password";
};
volumes = [
"penpot_assets:/opt/data/assets:rw"
];
ports = [
"9032:80/tcp"
];
labels = {
"traefik.enable" = "true";
};
dependsOn = [
"docker-compose-penpot-backend"
"docker-compose-penpot-exporter"
];
log-driver = "journald";
extraOptions = [
"--network-alias=penpot-frontend"
"--network=docker-compose_penpot"
];
};
systemd.services."podman-docker-compose-penpot-frontend" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-docker-compose_penpot.service"
"podman-volume-docker-compose_penpot_assets.service"
];
requires = [
"podman-network-docker-compose_penpot.service"
"podman-volume-docker-compose_penpot_assets.service"
];
partOf = [
"podman-compose-docker-compose-root.target"
];
wantedBy = [
"podman-compose-docker-compose-root.target"
];
};
virtualisation.oci-containers.containers."docker-compose-penpot-mailcatch" = {
image = "sj26/mailcatcher:latest";
ports = [
"1080:1080/tcp"
];
log-driver = "journald";
extraOptions = [
"--network-alias=penpot-mailcatch"
"--network=docker-compose_penpot"
];
};
systemd.services."podman-docker-compose-penpot-mailcatch" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-docker-compose_penpot.service"
];
requires = [
"podman-network-docker-compose_penpot.service"
];
partOf = [
"podman-compose-docker-compose-root.target"
];
wantedBy = [
"podman-compose-docker-compose-root.target"
];
};
virtualisation.oci-containers.containers."docker-compose-penpot-postgres" = {
image = "postgres:15";
environment = {
POSTGRES_DB = "penpot";
POSTGRES_INITDB_ARGS = "--data-checksums";
POSTGRES_PASSWORD = "penpot";
POSTGRES_USER = "penpot";
};
volumes = [
"penpot_postgres_v15:/var/lib/postgresql/data:rw"
];
log-driver = "journald";
extraOptions = [
"--network-alias=penpot-postgres"
"--network=docker-compose_penpot"
];
};
systemd.services."podman-docker-compose-penpot-postgres" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-docker-compose_penpot.service"
"podman-volume-docker-compose_penpot_postgres_v15.service"
];
requires = [
"podman-network-docker-compose_penpot.service"
"podman-volume-docker-compose_penpot_postgres_v15.service"
];
partOf = [
"podman-compose-docker-compose-root.target"
];
wantedBy = [
"podman-compose-docker-compose-root.target"
];
};
virtualisation.oci-containers.containers."docker-compose-penpot-redis" = {
image = "redis:7";
log-driver = "journald";
extraOptions = [
"--network-alias=penpot-redis"
"--network=docker-compose_penpot"
];
};
systemd.services."podman-docker-compose-penpot-redis" = {
serviceConfig = {
Restart = lib.mkOverride 500 "always";
};
after = [
"podman-network-docker-compose_penpot.service"
];
requires = [
"podman-network-docker-compose_penpot.service"
];
partOf = [
"podman-compose-docker-compose-root.target"
];
wantedBy = [
"podman-compose-docker-compose-root.target"
];
};
# Networks
systemd.services."podman-network-docker-compose_penpot" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStop = "${pkgs.podman}/bin/podman network rm -f docker-compose_penpot";
};
script = ''
podman network inspect docker-compose_penpot || podman network create docker-compose_penpot
'';
partOf = [ "podman-compose-docker-compose-root.target" ];
wantedBy = [ "podman-compose-docker-compose-root.target" ];
};
# Volumes
systemd.services."podman-volume-docker-compose_penpot_assets" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
podman volume inspect docker-compose_penpot_assets || podman volume create docker-compose_penpot_assets
'';
partOf = [ "podman-compose-docker-compose-root.target" ];
wantedBy = [ "podman-compose-docker-compose-root.target" ];
};
systemd.services."podman-volume-docker-compose_penpot_postgres_v15" = {
path = [ pkgs.podman ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
};
script = ''
podman volume inspect docker-compose_penpot_postgres_v15 || podman volume create docker-compose_penpot_postgres_v15
'';
partOf = [ "podman-compose-docker-compose-root.target" ];
wantedBy = [ "podman-compose-docker-compose-root.target" ];
};
# Root service
# When started, this will automatically create all resources and start
# the containers. When stopped, this will teardown all resources.
systemd.targets."podman-compose-docker-compose-root" = {
unitConfig = {
Description = "Root target generated by compose2nix.";
};
wantedBy = [ "multi-user.target" ];
};
}

114
hosts/lime/services/penpot/docker-compose.yml Normal file
View file

@ -0,0 +1,114 @@
version: "3.8"
networks:
penpot:
volumes:
penpot_postgres_v15:
penpot_assets:
services:
penpot-frontend:
image: "penpotapp/frontend:latest"
restart: always
ports:
- 9032:80
volumes:
- penpot_assets:/opt/data/assets
depends_on:
- penpot-backend
- penpot-exporter
networks:
- penpot
labels:
- "traefik.enable=true"
environment:
- PENPOT_FLAGS=enable-registration enable-login-with-password
penpot-backend:
image: "penpotapp/backend:latest"
restart: always
volumes:
- penpot_assets:/opt/data/assets
depends_on:
- penpot-postgres
- penpot-redis
networks:
- penpot
## Configuration envronment variables for backend the
## container.
environment:
- PENPOT_FLAGS=enable-registration enable-login-with-password disable-email-verification enable-smtp enable-prepl-server
- PENPOT_PUBLIC_URI=https://penpot.4o1x5.dev
- PENPOT_DATABASE_URI=postgresql://penpot-postgres/penpot
- PENPOT_DATABASE_USERNAME=penpot
- PENPOT_DATABASE_PASSWORD=penpot
- PENPOT_REDIS_URI=redis://penpot-redis/0
- PENPOT_ASSETS_STORAGE_BACKEND=assets-fs
- PENPOT_STORAGE_ASSETS_FS_DIRECTORY=/opt/data/assets
- PENPOT_TELEMETRY_ENABLED=false
- PENPOT_SMTP_DEFAULT_FROM=no-reply@example.com
- PENPOT_SMTP_DEFAULT_REPLY_TO=no-reply@example.com
- PENPOT_SMTP_HOST=penpot-mailcatch
- PENPOT_SMTP_PORT=1025
- PENPOT_SMTP_USERNAME=
- PENPOT_SMTP_PASSWORD=
- PENPOT_SMTP_TLS=false
- PENPOT_SMTP_SSL=false
penpot-exporter:
image: "penpotapp/exporter:latest"
restart: always
networks:
- penpot
environment:
- PENPOT_PUBLIC_URI=http://penpot-frontend
- PENPOT_REDIS_URI=redis://penpot-redis/0
penpot-postgres:
image: "postgres:15"
restart: always
stop_signal: SIGINT
volumes:
- penpot_postgres_v15:/var/lib/postgresql/data
networks:
- penpot
environment:
- POSTGRES_INITDB_ARGS=--data-checksums
- POSTGRES_DB=penpot
- POSTGRES_USER=penpot
- POSTGRES_PASSWORD=penpot
penpot-redis:
image: redis:7
restart: always
networks:
- penpot
penpot-mailcatch:
image: sj26/mailcatcher:latest
restart: always
expose:
- "1025"
ports:
- "1080:1080"
networks:
- penpot

46
hosts/pink/services/monitoring/loki.nix Normal file
View file

@ -0,0 +1,46 @@
{ pkgs, ... }: {
#
services.loki = {
enable = false;
configuration = {
auth_enabled = false;
server = {
http_listen_port = 3100;
};
ingester = {
lifecycler = {
address = "0.0.0.0";
ring = {
kvstore.store = "inmemory";
replication_factor = 1;
};
};
chunk_idle_period = "15m";
};
schema_config.configs = [
{
from = "2020-02-25";
store = "boltdb";
object_store = "filesystem";
schema = "v11";
index = {
prefix = "index_";
period = "24h";
};
}
];
storage_config = {
boltdb.directory = "/tmp/loki/index";
};
limits_config = {
enforce_metric_name = false;
reject_old_samples = true;
reject_old_samples_max_age = "500h";
};
chunk_store_config.max_look_back_period = "0s";
};
};
}

6
secrets/carbon.nix
View file

@ -1,3 +1,9 @@
{ pkgs, ... }: {
age.secrets.forgejo-runner.file = ./forgejo-runner.age;
age.secrets.github-username.file = ./github-username.age;
age.secrets.github-token.file = ./github-token.age;
age.secrets.scribe-secret.file = ./scribe-secret.age;
age.secrets.piped.file = ./piped.age;
age.secrets.anonymousoverflow.file = ./anonymousoverflow.age;
}

7
secrets/github-token.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 VxAJjg BcQSeT5FRJ12Pk0e9j1Mv0D/0uG8T/UE51B49KYYe1I
xSU3OJoeb6xPAG2DkRZvuTaclzPvQMCg/tTbOOvU/QM
-> ssh-ed25519 pw11Hg L/r4k+wx7Vb2HimVLh8dmd+ZeICaNF26OCtKuzgc/Xo
NZYAc3uOtJRXsWPgbCq6DfCpH5N4mi9kqh4YloWYPzs
--- Cv+Cc5Qdi6Z72vq7suNXVeQ20fqzh+qYRrhW24Q9sEM
ªsoFØ:„RˆS†¥ Ç„Dt3jíëƒ:žÇP³Ð5zFëæxTL´<4C>ij¬sõí¼ÇR½Pü_à[Ú~³ï(—<>•À>ôÖí

7
secrets/github-username.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 VxAJjg BPlZOaOlG/dT+mxNHrCtGXffhUlkSMyCXYiz3ehePBM
ApUQIhgKA6wrHPAixEChyWFze2BuYqtWoXGETIx/xkM
-> ssh-ed25519 pw11Hg Wm2qEsBZnq43+Pv20CxOr91wRQFkHKKcQskc962sGXk
i9gnpoR2yr+sRwCwM1ImQpN6AVvRg3MlBS9nPG2+MuY
--- NzFMu6okyjRaNQ1lOYYwT5QXmERZaXHtewsSystDRzk
}¼«ÚšÃdS±aÇXÁ=ëzµIŒ2®t¡/ò—õÿúH#

BIN
secrets/piped.age Normal file
View file

Binary file not shown.

12
secrets/porkbun-user.age
View file

@ -1,7 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 VxAJjg SAzffPLeKmWwiPBrxqb8b1lSjnvX0xXGoErceOwrfz8
qOu9fsxq0yneo5Wx0S6sJriYl9I+0geuD85ZVK8LEUg
-> ssh-ed25519 2+o3cg ODYd9WzF/r4ScnLNmnxne3NiuqlAQ4E3koozu4EKBQE
iiLf5yuAnGDTSFXLTbxm0PsQQBjnoFPVS7rh9v91GzY
--- BT5nFRlqsSubodxJI5M1+xE8yD/vzSHkvUTKhwOScWQ
<EFBFBD>ˉôÀ©(1ÝOßþÉ¥vfÜ"(r<>Ÿ¸ï$5)Ðb;©t1†‹‹°
-> ssh-ed25519 VxAJjg PovEnAxpyfLvVb0w/TaEY7anN5NsfkV+OodD8mu+IQ0
x4mHqwXQ/sf7tuXkS146P/mrM/ShtGnZtLD3ap6FBzQ
-> ssh-ed25519 2+o3cg I5NXmiKJfzguoDvYd13yOlfiIUuXwZUHNFKh+CSK3GU
RuDsCnHg0CBsdYaPrALI+sJlY3q3Z2hM92G6btMdJPk
--- Om0oMnr4C6xQMSvvz1J3veLMoEXzyPYtWrPpwks4Vmo
V<EFBFBD>L¤CžKŔT_°<EFBFBD>o)ěqĄ:"°ÍË.qęA<C499>ônůť}wŞ@Ĺ9bŢOĚÓI2ÂÎŞdf2:řß‹†Őq<C590>ĽoGE'´“Z”aV“¨&ţwö<77>M<> Í7ĚŁ 

BIN
secrets/porkbun.age
View file

Binary file not shown.

7
secrets/scribe-secret.age Normal file
View file

@ -0,0 +1,7 @@
age-encryption.org/v1
-> ssh-ed25519 VxAJjg xDv23IBlJ1lrNTPQkOlVrg8Hufc0NDOpFALrbUMgSB4
s0U4Iylpghexez0uA6o6OaNBBa27RrdlcrabwC1Na6s
-> ssh-ed25519 pw11Hg SAYnexlOt8B7YnqGN4+gaRl1zrcMpnLHRhb0arlwZRI
mw2AXbMDzU7y1ieDqFfEsJLiqXi6W3I1KAUEVUDXUKw
--- 6wz/46U1kEIvlYl6PXmRVE3dh1Jqs+7D8A4EbDucy/w
nõì}Ré:\2ôƒvÂYÿÖG¼VÄ¢vì(óhhæ%)P¦†ac$§A¿$*®|<4E>Ìð*<æîñr~Í 7

6
secrets/secrets.nix
View file

@ -11,6 +11,12 @@ in
"anonymousoverflow.age".publicKeys = [ grape carbon ];
"forgejo-runner.age".publicKeys = [ grape carbon ];
"piped.age".publicKeys = [ grape carbon ];
# scribe
"github-username.age".publicKeys = [ grape carbon ];
"github-token.age".publicKeys = [ grape carbon ];
"scribe-secret.age".publicKeys = [ grape carbon ];
"porkbun.age".publicKeys = [ grape lime ];
"porkbun-user.age".publicKeys = [ grape lime ];