Torjus Håkestad
fa4a418007
Some checks failed
Run nix flake check / flake-check (push) Failing after 23m42s
Prevents lock conflicts when multiple backup jobs targeting the same repository run concurrently. Jobs will now retry acquiring the lock every 10 seconds for up to 5 minutes before failing. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
115 lines
2.6 KiB
Nix
115 lines
2.6 KiB
Nix
{
|
|
pkgs,
|
|
...
|
|
}:
|
|
|
|
{
|
|
imports = [
|
|
./hardware-configuration.nix
|
|
|
|
../../system
|
|
../../common/vm
|
|
];
|
|
|
|
homelab.host.role = "monitoring";
|
|
|
|
nixpkgs.config.allowUnfree = true;
|
|
# Use the systemd-boot EFI boot loader.
|
|
boot.loader.grub = {
|
|
enable = true;
|
|
device = "/dev/sda";
|
|
configurationLimit = 3;
|
|
};
|
|
|
|
networking.hostName = "monitoring01";
|
|
networking.domain = "home.2rjus.net";
|
|
networking.useNetworkd = true;
|
|
networking.useDHCP = false;
|
|
services.resolved.enable = true;
|
|
networking.nameservers = [
|
|
"10.69.13.5"
|
|
"10.69.13.6"
|
|
];
|
|
|
|
systemd.network.enable = true;
|
|
systemd.network.networks."ens18" = {
|
|
matchConfig.Name = "ens18";
|
|
address = [
|
|
"10.69.13.13/24"
|
|
];
|
|
routes = [
|
|
{ Gateway = "10.69.13.1"; }
|
|
];
|
|
linkConfig.RequiredForOnline = "routable";
|
|
};
|
|
time.timeZone = "Europe/Oslo";
|
|
|
|
nix.settings.experimental-features = [
|
|
"nix-command"
|
|
"flakes"
|
|
];
|
|
nix.settings.tarball-ttl = 0;
|
|
environment.systemPackages = with pkgs; [
|
|
vim
|
|
wget
|
|
git
|
|
sqlite
|
|
];
|
|
|
|
services.qemuGuest.enable = true;
|
|
|
|
# Vault secrets management
|
|
vault.enable = true;
|
|
homelab.deploy.enable = true;
|
|
vault.secrets.backup-helper = {
|
|
secretPath = "shared/backup/password";
|
|
extractKey = "password";
|
|
outputDir = "/run/secrets/backup_helper_secret";
|
|
services = [ "restic-backups-grafana" "restic-backups-grafana-db" ];
|
|
};
|
|
|
|
services.restic.backups.grafana = {
|
|
repository = "rest:http://10.69.12.52:8000/backup-nix";
|
|
passwordFile = "/run/secrets/backup_helper_secret";
|
|
paths = [ "/var/lib/grafana/plugins" ];
|
|
timerConfig = {
|
|
OnCalendar = "daily";
|
|
Persistent = true;
|
|
RandomizedDelaySec = "2h";
|
|
};
|
|
pruneOpts = [
|
|
"--keep-daily 7"
|
|
"--keep-weekly 4"
|
|
"--keep-monthly 6"
|
|
"--keep-within 1d"
|
|
];
|
|
extraOptions = [ "--retry-lock=5m" ];
|
|
};
|
|
|
|
services.restic.backups.grafana-db = {
|
|
repository = "rest:http://10.69.12.52:8000/backup-nix";
|
|
passwordFile = "/run/secrets/backup_helper_secret";
|
|
command = [ "${pkgs.sqlite}/bin/sqlite3" "/var/lib/grafana/data/grafana.db" ".dump" ];
|
|
timerConfig = {
|
|
OnCalendar = "daily";
|
|
Persistent = true;
|
|
RandomizedDelaySec = "2h";
|
|
};
|
|
pruneOpts = [
|
|
"--keep-daily 7"
|
|
"--keep-weekly 4"
|
|
"--keep-monthly 6"
|
|
"--keep-within 1d"
|
|
];
|
|
extraOptions = [ "--retry-lock=5m" ];
|
|
};
|
|
|
|
# Open ports in the firewall.
|
|
# networking.firewall.allowedTCPPorts = [ ... ];
|
|
# networking.firewall.allowedUDPPorts = [ ... ];
|
|
# Or disable the firewall altogether.
|
|
networking.firewall.enable = false;
|
|
|
|
system.stateVersion = "23.11"; # Did you read the comment?
|
|
}
|