torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
cf55d07ce5d7f42d08810f1fa1e78e9d56c78a72
nixos-servers/services/nats/default.nix
Torjus Håkestad ed1821b073
Some checks failed
Run nix flake check / flake-check (push) Failing after 5m7s
Details
Periodic flake update / flake-update (push) Successful in 2m18s
Details
nix-cache02: add scheduled builds timer 
Add a systemd timer that triggers builds for all hosts every 2 hours
via NATS, keeping the binary cache warm.

- Add scheduler.nix with timer (every 2h) and oneshot service
- Add scheduler NATS user to DEPLOY account
- Add Vault secret and variable for scheduler NKey
- Increase nix-cache02 memory from 16GB to 20GB

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-02-12 00:50:09 +01:00

127 lines
3.5 KiB
Nix
Raw Blame History

{ ... }:
{
homelab.monitoring.scrapeTargets = [
{
job_name = "nats";
port = 7777;
}
];
services.prometheus.exporters.nats = {
enable = true;
url = "http://localhost:8222";
extraFlags = [
"-varz" # General server info
"-connz" # Connection info
"-jsz=all" # JetStream info
];
};
services.nats = {
enable = true;
jetstream = true;
serverName = "nats1";
settings = {
http_port = 8222;
accounts = {
ADMIN = {
users = [
{
nkey = "UA44ZINQKUBTV7CX3RE7MVHOEQOQK2VQGCI4GL4M7XBJB4S66URHLW7A";
}
];
};
HOMELAB = {
jetstream = "enabled";
users = [
# alerttonotify (full access to HOMELAB account)
{
nkey = "UASLNKLWGICRTZMIXVD3RXLQ57XRIMCKBHP5V3PYFFRNO3E3BIJBCYMZ";
}
# nixos-exporter (restricted to nixos-exporter subjects)
{
nkey = "UBCL3ODHVERVZJNGUJ567YBBKHQZOV3LK3WO6TVVSGQOCTK2NQ3IJVRV"; # Replace with public key from: nix develop -c nk -gen user -pubout
permissions = {
publish = [ "nixos-exporter.>" ];
subscribe = [ "nixos-exporter.>" ];
};
}
];
};
DEPLOY = {
users = [
# Shared listener (all hosts use this)
{
nkey = "UCCZJSUGLCSLBBKHBPL4QA66TUMQUGIXGLIFTWDEH43MGWM3LDD232X4";
permissions = {
subscribe = [
"deploy.test.>"
"deploy.prod.>"
"deploy.discover"
];
publish = [
"deploy.responses.>"
"deploy.discover"
];
};
}
# Test deployer (MCP without admin)
{
nkey = "UBR66CX2ZNY5XNVQF5VBG4WFAF54LSGUYCUNNCEYRILDQ4NXDAD2THZU";
permissions = {
publish = [
"deploy.test.>"
"deploy.discover"
"build.>"
];
subscribe = [
"deploy.responses.>"
"deploy.discover"
"build.responses.>"
];
};
}
# Admin deployer (full access)
{
nkey = "UD2BFB7DLM67P5UUVCKBUJMCHADIZLGGVUNSRLZE2ZC66FW2XT44P73Y";
permissions = {
publish = [
"deploy.>"
"build.>"
];
subscribe = [
"deploy.>"
"build.responses.>"
];
};
}
# Builder (subscribes to build requests, publishes responses)
{
nkey = "UB4PUHGKAWAK6OS62FX7DOQTPFFJTLZZBTKCOCAXDP75H3NSMWAEDJ7E";
permissions = {
subscribe = [ "build.>" ];
publish = [ "build.responses.>" ];
};
}
# Scheduler (publishes build requests, subscribes to responses)
{
nkey = "UDQ5SFEGDM66AQGLK7KQDW6ZOC2QCXE2P6EJQ6VPBSR2CRCABPOVWRI4";
permissions = {
publish = [ "build.>" ];
subscribe = [ "build.responses.>" ];
};
}
];
};
};
system_account = "ADMIN";
jetstream = {
max_mem = "1G";
max_file = "1G";
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink