From a9714a1d6c907c59190100661f16c97a06423fae Mon Sep 17 00:00:00 2001 From: "Ricardo (XenGi) Band" Date: Fri, 5 Dec 2025 21:33:54 +0100 Subject: [PATCH 01/15] add tmux --- configuration.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/configuration.nix b/configuration.nix index 3b202e0..571d7e7 100644 --- a/configuration.nix +++ b/configuration.nix @@ -135,6 +135,13 @@ htop = { enable = true; }; + tmux = { + enable = true; + terminal = "screen-256color"; + shortcut = "a"; + newSession = true; + clock24 = true; + }; ssh.startAgent = true; }; From 736aa3a9ef63e8d8f96fd915840e8ed6993cdf07 Mon Sep 17 00:00:00 2001 From: "Ricardo (XenGi) Band" Date: Fri, 5 Dec 2025 21:37:10 +0100 Subject: [PATCH 02/15] fix typo --- configuration.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configuration.nix b/configuration.nix index c202c1a..0f7677a 100644 --- a/configuration.nix +++ b/configuration.nix @@ -35,7 +35,7 @@ }; gc = { automatic = true; - options = "--delete-older-then 14d"; + options = "--delete-older-than 14d"; }; }; From 3e6830369c6ae6a2f2fbbb75b1a3ac8a52b6414c Mon Sep 17 00:00:00 2001 From: xengi Date: Fri, 5 Dec 2025 22:11:27 +0100 Subject: [PATCH 03/15] Update README.md Signed-off-by: xengi --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e608ad8..1169c52 100644 --- a/README.md +++ b/README.md @@ -11,12 +11,12 @@ Configure `berlin.ccc.de` web server to send federation traffic to the matrix se ```nginx server { hostname berlin.ccc.de; - location "/.well-known/matrix/server" { + location = /.well-known/matrix/server { default_type application/json; add_header Access-Control-Allow-Origin "*"; return 200 '{"m.server":"matrix.berlin.ccc.de:443"}'; } - location "/.well-known/matrix/client" { + location = /.well-known/matrix/client { default_type application/json; add_header Access-Control-Allow-Origin "*"; return 200 '{"m.homeserver": {"base_url": "https://matrix.berlin.ccc.de"}}'; From b5c58f9c5b1fc69e268362df81cd905914f4ca39 Mon Sep 17 00:00:00 2001 From: "Ricardo (XenGi) Band" Date: Fri, 5 Dec 2025 23:40:43 +0100 Subject: [PATCH 04/15] add node exporter --- flake.nix | 6 ++++++ services/prometheus.nix | 20 +++++++++++++++++--- 2 files changed, 23 insertions(+), 3 deletions(-) diff --git a/flake.nix b/flake.nix index 3c84b12..a0d506b 100644 --- a/flake.nix +++ b/flake.nix @@ -25,6 +25,12 @@ in { formatter.${system} = pkgs.nixfmt-tree; + apps.${system}.connect = { + type = "app"; + program = "${pkgs.writeShellScript "connect.sh" '' + ${pkgs.openssh}/bin/ssh root@matrix.berlin.ccc.de -L 3000:[::1]:3000 -L 9090:[::1]:9090 -N + ''}"; + }; devShells.${system}.default = pkgs.mkShell { packages = [ (agenix.packages.${system}.default) diff --git a/services/prometheus.nix b/services/prometheus.nix index d70657c..8aed380 100644 --- a/services/prometheus.nix +++ b/services/prometheus.nix @@ -1,4 +1,4 @@ -{ pkgs, ... }: +{ pkgs, lib, ... }: { services.prometheus = { @@ -6,7 +6,10 @@ retentionTime = "14d"; listenAddress = "[::1]"; exporters = { - #node = {}; + node = { + enable = true; + listenAddress = services.prometheus.listenAddress; + }; #nginx = {}; #postgres = {}; }; @@ -16,10 +19,21 @@ scrape_interval = "15s"; static_configs = [ { - targets = [ "[::1]:9009" ]; + target = lib.pipe config.services.matrix-synapse.settings.listeners [ + (lib.filter (l: l.type == "metrics")) + builtins.head + (l: "[${l.listenAddress}]:${l.port}") + ]; } ]; } + { + job_name = "node"; + scrape_interval = "15s"; + static_configs = [ + { targets = [ "${config.services.prometheus.exporters.node.listenAddress}:${toString config.services.prometheus.exporters.node.port}" ]; } + ]; + } ]; ruleFiles = [ # https://github.com/element-hq/synapse/tree/master/contrib/prometheus From d386a151ddef7a5192dd82f3ce20c1021913c3e2 Mon Sep 17 00:00:00 2001 From: "Ricardo (XenGi) Band" Date: Fri, 5 Dec 2025 23:41:37 +0100 Subject: [PATCH 05/15] fix --- services/prometheus.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/prometheus.nix b/services/prometheus.nix index 8aed380..1151bf6 100644 --- a/services/prometheus.nix +++ b/services/prometheus.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ config, pkgs, lib, ... }: { services.prometheus = { From bb496bc2b507947a184f763ca0ec04ce75f0b958 Mon Sep 17 00:00:00 2001 From: "Ricardo (XenGi) Band" Date: Fri, 5 Dec 2025 23:42:09 +0100 Subject: [PATCH 06/15] fix --- services/prometheus.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/prometheus.nix b/services/prometheus.nix index 1151bf6..0e8343d 100644 --- a/services/prometheus.nix +++ b/services/prometheus.nix @@ -8,7 +8,7 @@ exporters = { node = { enable = true; - listenAddress = services.prometheus.listenAddress; + listenAddress = config.services.prometheus.listenAddress; }; #nginx = {}; #postgres = {}; From 8f8363a9b150a892642acc8dc60455ab3d0b23a4 Mon Sep 17 00:00:00 2001 From: "Ricardo (XenGi) Band" Date: Fri, 5 Dec 2025 23:43:06 +0100 Subject: [PATCH 07/15] typo --- services/prometheus.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/prometheus.nix b/services/prometheus.nix index 0e8343d..dc87004 100644 --- a/services/prometheus.nix +++ b/services/prometheus.nix @@ -22,7 +22,7 @@ target = lib.pipe config.services.matrix-synapse.settings.listeners [ (lib.filter (l: l.type == "metrics")) builtins.head - (l: "[${l.listenAddress}]:${l.port}") + (l: "[${l.bind_addresses}]:${l.port}") ]; } ]; From 6d5886c93d77cd13ab5b350efa28aacb6acb1200 Mon Sep 17 00:00:00 2001 From: "Ricardo (XenGi) Band" Date: Fri, 5 Dec 2025 23:45:50 +0100 Subject: [PATCH 08/15] typo --- services/prometheus.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/prometheus.nix b/services/prometheus.nix index dc87004..d7598d5 100644 --- a/services/prometheus.nix +++ b/services/prometheus.nix @@ -19,7 +19,7 @@ scrape_interval = "15s"; static_configs = [ { - target = lib.pipe config.services.matrix-synapse.settings.listeners [ + targets = lib.pipe config.services.matrix-synapse.settings.listeners [ (lib.filter (l: l.type == "metrics")) builtins.head (l: "[${l.bind_addresses}]:${l.port}") From 56821a155e7ff6599e875db6b306b548ed8ae564 Mon Sep 17 00:00:00 2001 From: "Ricardo (XenGi) Band" Date: Fri, 5 Dec 2025 23:47:58 +0100 Subject: [PATCH 09/15] ... --- services/prometheus.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/prometheus.nix b/services/prometheus.nix index d7598d5..f32e945 100644 --- a/services/prometheus.nix +++ b/services/prometheus.nix @@ -22,7 +22,7 @@ targets = lib.pipe config.services.matrix-synapse.settings.listeners [ (lib.filter (l: l.type == "metrics")) builtins.head - (l: "[${l.bind_addresses}]:${l.port}") + (l: "[${builtins.head l.bind_addresses}]:${l.port}") ]; } ]; From 404dba37bbad1dbb44b2c5cdca3d171f102e714a Mon Sep 17 00:00:00 2001 From: "Ricardo (XenGi) Band" Date: Fri, 5 Dec 2025 23:49:03 +0100 Subject: [PATCH 10/15] ... --- services/prometheus.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/prometheus.nix b/services/prometheus.nix index f32e945..0a04a31 100644 --- a/services/prometheus.nix +++ b/services/prometheus.nix @@ -22,7 +22,7 @@ targets = lib.pipe config.services.matrix-synapse.settings.listeners [ (lib.filter (l: l.type == "metrics")) builtins.head - (l: "[${builtins.head l.bind_addresses}]:${l.port}") + (l: "[${builtins.head l.bind_addresses}]:${toString l.port}") ]; } ]; From 8adfe0b55c138817d355ad5aa3798c1dd0b802c9 Mon Sep 17 00:00:00 2001 From: "Ricardo (XenGi) Band" Date: Fri, 5 Dec 2025 23:50:04 +0100 Subject: [PATCH 11/15] ... --- services/prometheus.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/services/prometheus.nix b/services/prometheus.nix index 0a04a31..2c56280 100644 --- a/services/prometheus.nix +++ b/services/prometheus.nix @@ -22,7 +22,7 @@ targets = lib.pipe config.services.matrix-synapse.settings.listeners [ (lib.filter (l: l.type == "metrics")) builtins.head - (l: "[${builtins.head l.bind_addresses}]:${toString l.port}") + (l: [ "[${builtins.head l.bind_addresses}]:${toString l.port}" ]) ]; } ]; From 4ebac37352faddcf9c0b71af9722fb8f6c77385e Mon Sep 17 00:00:00 2001 From: Ricardo Band Date: Sat, 6 Dec 2025 11:01:11 +0100 Subject: [PATCH 12/15] add matrix root user password --- secrets/matrix_admin_password.age | Bin 0 -> 827 bytes secrets/secrets.nix | 1 + 2 files changed, 1 insertion(+) create mode 100644 secrets/matrix_admin_password.age diff --git a/secrets/matrix_admin_password.age b/secrets/matrix_admin_password.age new file mode 100644 index 0000000000000000000000000000000000000000..2047157d972df154aeaa7ade971889f7e9379e88 GIT binary patch literal 827 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCSH_0Y~UELRAva;uEU z3n?oMadbCxbIQp}b#ijaaWqZN@K4Qks`ShbOUd>$%}?=h&*lnp$x5%vDJTud@yibl zsxaP~9w&GpGHNpjMT$n-48%|^G)wah0eyj&qWDI*}yJ>MkUMO)jz z+tF9w$;&vT$%4z&)4j6H$DqQ*!^6bKr_4JrQ@bc6 z)XT%EGC0^gFe=cX%GWc($T-9$#{k{76kqK$pFoB3q)hLu4EHK+Ur*yQ^BiOMk|-mi z)L@rLqZBU}4`-*OfNU4DuxtzcN>46r)8cI7$cog;T%RmQ=d6%I=YZfs7q_x<*W8NS zeDCxeBlE&Ezrrl-qDXYxvMR!TjRFaLjaf&oy$3$PUR)GIt8{3$!$~sPy#;_SP>n$xY00_VjfM zFANV!b+q8h4e?ElbT2IlsK|8+&vy;W_s&c!@bWM-4lGN{a4Yu+&h<%gPl=3j_fJQ+ z&CR{Q)G%G4$RJfa)j6xIq_WuAH@Py!y~-`D(9bEL#K$Ag!`#3nCDbG$zbrj3DL0)f z-zz83G{-B|$j3t4B|N<(Dl^lvAl)f1qujNmqADQF(6lH!GEBQPKP;U~S65ddEJfS9 zFg!#*r7|os-6t=zAT7w!sKCXfFgZI^JK4Zn-!LlJBGcH--6NUHy}Q^dW!dcfnd*CG zZ#w$PEfze!QR&Bj`wQ0>C_7wHUdDLcJv#KnlGAeyc5dnxXbtvUcq3uu@kI Date: Sat, 6 Dec 2025 11:04:34 +0100 Subject: [PATCH 13/15] enable draupnir --- secrets/draupnir_access_token.age | 17 +++++++++++++++++ secrets/secrets.nix | 1 + services/draupnir.nix | 2 +- 3 files changed, 19 insertions(+), 1 deletion(-) create mode 100644 secrets/draupnir_access_token.age diff --git a/secrets/draupnir_access_token.age b/secrets/draupnir_access_token.age new file mode 100644 index 0000000..5bdf5c3 --- /dev/null +++ b/secrets/draupnir_access_token.age @@ -0,0 +1,17 @@ +age-encryption.org/v1 +-> ssh-ed25519 uH+n1w 2hSmjOu7GxDfquW1HiyHi2Yyew1tnZqiFIxaeUhJymg +LqD/39jT1v7JjpgiiOwpHxrZvSIpmlEytBln+M6eL5I +-> ssh-ed25519 EvLbWw xaOrlq5mgR3i7XvE704FDt/0nhyb5GTOrps7S5LUIH8 +Va1xSbYhkwWJHSvL0QLIOrI0FHI+QxWYtU2VHlZbOCg +-> ssh-ed25519 dM+fLQ zqeBwPAbTMmDb3wgrlJQEtwV+1qQTLXpNc17zJt/BxU +i6FiCoPLYJ4bYPTLYO4WJwoOG9d/sJtr4vOuJ/xL9CY +-> ssh-ed25519 jxWM2Q R0GsQt6HBODYIV/hhNTqyFbQYEgiSTzjNdSA83EyVQg +Ud+hSYBNXGq0J0GkJJ+Z0aCtwv+nE8Z9BT+YcJ50e10 +-> ssh-ed25519 /yCUCg 46LBDK2i8Ra3FMYjPOXBKyyATWOjs5giuvs6xKZEvxo +3Ed22P9nimNYR81tiugg+TtNw/iHxIAGiTy7VNzCSqQ +-> ssh-ed25519 FGp51g 6xSucs4pAWiRpxJOE2hc+0poWbbqfkSoyPXnCFv73TM +xUx/7VuLnGjnqDK3V9vZRBFi6IUb2N70KtTRPahEg60 +-> ssh-ed25519 yoCmaA +DAPosKueugYv9XVTiOidCgPjauoIqlZVQeprxZjwFU +uhPNEu4nLw5v7E6ce6PWmlk+OZXt998eUQVY8A9kSp4 +--- bsh1fZUWEACxlxqk+VQQUzo7T4SunVJ67EC066G7Br4 + Hm&YӐG EJJg6k/0[gS!CiL;ֻ!I= \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 4329c66..c09b8c9 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -18,6 +18,7 @@ let in { "matrix_admin_password.age".publicKeys = users; + "draupnir_access_token.age".publicKeys = users ++ [ _matrix ]; "matrix_signing_key.age".publicKeys = users ++ [ _matrix ]; "matrix_registration_shared_secret.age".publicKeys = users ++ [ _matrix ]; "pushover_app_token.age".publicKeys = users ++ [ _matrix ]; diff --git a/services/draupnir.nix b/services/draupnir.nix index 8564d39..f184c97 100644 --- a/services/draupnir.nix +++ b/services/draupnir.nix @@ -2,7 +2,7 @@ { services.draupnir = { - enable = false; + enable = true; settings = { homeserverUrl = "https://matrix.berlin.ccc.de"; managementRoom = "!ZYWNuaQBkkenNklCSm:matrix.org"; # #cccb-moderators:berlin.ccc.de From b79d4e3477409117982d3b84e65ff276dae5b3f3 Mon Sep 17 00:00:00 2001 From: Ricardo Band Date: Sat, 6 Dec 2025 11:10:33 +0100 Subject: [PATCH 14/15] add secret --- flake.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/flake.nix b/flake.nix index a0d506b..791a00f 100644 --- a/flake.nix +++ b/flake.nix @@ -70,6 +70,12 @@ owner = "matrix-synapse"; group = "matrix-synapse"; }; + draupnir_access_token = { + file = ./secrets/draupnir_access_token.age; + mode = "440"; + owner = "draupnir"; + group = "draupnir"; + }; grafana_secret_key = { file = ./secrets/grafana_secret_key.age; mode = "440"; From 05ac053b66327f902648834eb1537e03c51f012c Mon Sep 17 00:00:00 2001 From: Ricardo Band Date: Sat, 6 Dec 2025 11:41:45 +0100 Subject: [PATCH 15/15] add nginx exporter --- services/prometheus.nix | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/services/prometheus.nix b/services/prometheus.nix index 2c56280..d8c18b8 100644 --- a/services/prometheus.nix +++ b/services/prometheus.nix @@ -10,7 +10,10 @@ enable = true; listenAddress = config.services.prometheus.listenAddress; }; - #nginx = {}; + nginx = { + enable = true; + listenAddress = config.services.prometheus.listenAddress; + }; #postgres = {}; }; scrapeConfigs = [ @@ -34,6 +37,13 @@ { targets = [ "${config.services.prometheus.exporters.node.listenAddress}:${toString config.services.prometheus.exporters.node.port}" ]; } ]; } + { + job_name = "nginx"; + scrape_interval = "15s"; + static_configs = [ + { targets = [ "${config.services.prometheus.exporters.nginx.listenAddress}:${toString config.services.prometheus.exporters.nginx.port}" ]; } + ]; + } ]; ruleFiles = [ # https://github.com/element-hq/synapse/tree/master/contrib/prometheus