xengi/infra
0
1
Fork 0
Code Pull requests Activity Actions

fix

Browse source
This commit is contained in:
XenGi 2026-02-17 18:25:18 +01:00
parent 750cf209ee
commit 662f7d702e
Signed by: xengi
SSH key fingerprint: SHA256:jxWM2RTHvxxcncXycwwWkP7HCWb4VREN05UGJTbIPZg
4 changed files with 20 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

36
flake.nix
View file

@ -46,18 +46,6 @@
{ environment.systemPackages = [ (agenix.packages.${system}.default) ]; } { environment.systemPackages = [ (agenix.packages.${system}.default) ]; }
{ {
age.secrets = { age.secrets = {
pushover_app_token = {
file = ./secrets/pushover_app_token.age;
mode = "440";
owner = "root";
group = "root";
};
pushover_user_key = {
file = ./secrets/pushover_user_key.age;
mode = "440";
owner = "root";
group = "root";
};
matrix_registration_shared_secret = { matrix_registration_shared_secret = {
file = ./secrets/matrix_registration_shared_secret.age; file = ./secrets/matrix_registration_shared_secret.age;
mode = "440"; mode = "440";
@ -82,18 +70,6 @@
owner = "root"; owner = "root";
group = "root"; group = "root";
}; };
grafana_secret_key = {
file = ./secrets/grafana_secret_key.age;
mode = "440";
owner = "grafana";
group = "grafana";
};
grafana_admin_password = {
file = ./secrets/grafana_admin_password.age;
mode = "440";
owner = "grafana";
group = "grafana";
};
}; };
} }
./hosts/matrix ./hosts/matrix
@ -146,6 +122,18 @@
{ environment.systemPackages = [ (agenix.packages.${system}.default) ]; } { environment.systemPackages = [ (agenix.packages.${system}.default) ]; }
{ {
age.secrets = { age.secrets = {
grafana_secret_key = {
file = ./secrets/grafana_secret_key.age;
mode = "440";
owner = "grafana";
group = "grafana";
};
grafana_admin_password = {
file = ./secrets/grafana_admin_password.age;
mode = "440";
owner = "grafana";
group = "grafana";
};
}; };
} }
./hosts/monitoring ./hosts/monitoring

4
hosts/matrix/default.nix
View file

@ -21,10 +21,6 @@
allowedUDPPorts = [ allowedUDPPorts = [
443 # HTTP/3 443 # HTTP/3
]; ];
extraInputRules = ''
ip saddr 195.160.173.14/32 tcp dport 9009 accept comment "Allow monitoring to scrape"
ip6 saddr 2001:678:760:cccb::14/128 tcp dport 9009 accept comment "Allow monitoring to scrape"
'';
}; };
}; };

7
hosts/matrix/nginx.nix
View file

@ -18,6 +18,13 @@
proxy_http_version 1.1; proxy_http_version 1.1;
''; '';
}; };
"/metrics" = {
return = "204 \"🔍\"";
extraConfig = ''
allow 2001:678:760:cccb::14;
allow 195.160.173.14;
deny all;
};
}; };
}; };
} }

2
hosts/matrix/synapse.nix
View file

@ -32,7 +32,7 @@
type = "metrics"; type = "metrics";
tls = false; tls = false;
port = 9009; port = 9009;
bind_addresses = [ "::" "0.0.0.0" ]; bind_addresses = [ "::1" ];
resources = [ resources = [
{ {
compress = false; compress = false;