From f82013c2c60d63f1867add9089076df78bd25af0 Mon Sep 17 00:00:00 2001
From: makefu <github@syntax-fehler.de>
Date: Wed, 19 Oct 2016 12:17:04 +0200
Subject: [PATCH] m 2 elchos: init
---
makefu/2configs/elchos/stats.nix | 96 ++++++++++++++++++++++++++++++++
makefu/2configs/urlwatch.nix | 2 +
2 files changed, 98 insertions(+)
create mode 100644 makefu/2configs/elchos/stats.nix
diff --git a/makefu/2configs/elchos/stats.nix b/makefu/2configs/elchos/stats.nix
new file mode 100644
index 000000000..0282b04cf
--- /dev/null
+++ b/makefu/2configs/elchos/stats.nix
@@ -0,0 +1,96 @@
+{ config, lib, pkgs, ... }:
+
+# graphite-web on port 8080
+# carbon cache on port 2003 (tcp/udp)
+with config.krebs.lib;
+let
+ sec = toString <secrets>;
+ acmepath = "/var/lib/acme/";
+ acmechall = acmepath + "/challenges/";
+ ext-dom = "stats.nsupdate.info";
+ #ssl_cert = "${sec}/wildcard.krebsco.de.crt";
+ #ssl_key = "${sec}/wildcard.krebsco.de.key";
+ ssl_cert = "${acmepath}/${ext-dom}/fullchain.pem";
+ ssl_key = "${acmepath}/${ext-dom}/key.pem";
+in {
+ networking.firewall = {
+ allowedTCPPorts = [ 2003 80 443 ];
+ allowedUDPPorts = [ 2003 ];
+ };
+
+ services.grafana = {
+ enable = true;
+ addr = "127.0.0.1";
+ extraOptions = { "AUTH_ANONYMOUS_ENABLED" = "true"; };
+ users.allowSignUp = false;
+ users.allowOrgCreate = false;
+ users.autoAssignOrg = false;
+ security = import <secrets/grafana_security.nix>; # { AdminUser = ""; adminPassword = ""}
+ };
+ krebs.nginx = {
+ enable = true;
+ servers.elch-stats = {
+ server-names = [ ext-dom ];
+ listen = [ "80" "443 ssl" ];
+ ssl = {
+ enable = true;
+ # these certs will be needed if acme has not yet created certificates:
+ certificate = ssl_cert;
+ certificate_key = ssl_key;
+ force_encryption = true;
+ };
+
+ locations = [
+ (nameValuePair "/" ''
+ proxy_set_header Host $host;
+ proxy_set_header X-Real-IP $remote_addr;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_pass http://localhost:3000/;
+ '')
+ (nameValuePair "/.well-known/acme-challenge" ''
+ root ${acmechall}/${ext-dom}/;
+ '')
+ ];
+ };
+ };
+
+ security.acme.certs."${ext-dom}" = {
+ email = "acme@syntax-fehler.de";
+ webroot = "${acmechall}/${ext-dom}/";
+ group = "nginx";
+ allowKeysForGroup = true;
+ postRun = "systemctl reload nginx.service";
+ extraDomains."${ext-dom}" = null ;
+ };
+
+ services.graphite = {
+ web = {
+ enable = true;
+ host = "127.0.0.1";
+ port = 8080;
+ };
+ carbon = {
+ enableCache = true;
+ # save disk usage by restricting to 1 bulk update per second
+ config = ''
+ [cache]
+ MAX_CACHE_SIZE = inf
+ MAX_UPDATES_PER_SECOND = 1
+ MAX_CREATES_PER_MINUTE = 500
+ '';
+ storageSchemas = ''
+ [carbon]
+ pattern = ^carbon\.
+ retentions = 60:90d
+
+ [elchos]
+ patterhn = ^elchos\.
+ retention = 10s:30d,60s:1y
+
+ [default]
+ pattern = .*
+ retentions = 30s:30d,300s:1y
+ '';
+ };
+ };
+}
diff --git a/makefu/2configs/urlwatch.nix b/makefu/2configs/urlwatch.nix
index e0fbefa36..189167f71 100644
--- a/makefu/2configs/urlwatch.nix
+++ b/makefu/2configs/urlwatch.nix
@@ -14,6 +14,8 @@
https://pypi.python.org/simple/xstatic/
http://guest:derpi@cvs2svn.tigris.org/svn/cvs2svn/tags/
http://ftp.debian.org/debian/pool/main/a/apt-cacher-ng/
+ https://github.com/amadvance/snapraid/releases.atom
+ https://erdgeist.org/gitweb/opentracker/log/
];
};
}