From 94d19278c305c085af4951b23b06c76facd484c4 Mon Sep 17 00:00:00 2001 From: Tyler Mayoff Date: Sat, 6 Dec 2025 19:58:16 -0500 Subject: [PATCH] added monitoring and updated nameservers --- .../flake/machines/kaylee/configuration.nix | 2 +- .../flake/machines/saffron/configuration.nix | 27 +++++++++++++++++-- .../saffron/encrypted_secrets.toml.age | 10 +++++++ 3 files changed, 36 insertions(+), 3 deletions(-) create mode 100644 dot_config/flake/machines/saffron/encrypted_secrets.toml.age diff --git a/dot_config/flake/machines/kaylee/configuration.nix b/dot_config/flake/machines/kaylee/configuration.nix index 9db5b3b..5fa5cbc 100644 --- a/dot_config/flake/machines/kaylee/configuration.nix +++ b/dot_config/flake/machines/kaylee/configuration.nix @@ -35,7 +35,6 @@ in { nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs; }; - # forgejo virtualisation.oci-containers = { backend = "docker"; containers = { @@ -52,6 +51,7 @@ in { "/var/run/docker.sock:/var/run/docker.sock" ]; }; + # forgejo forgejo-runner = { # serviceName = "forgejo-runner"; autoStart = true; diff --git a/dot_config/flake/machines/saffron/configuration.nix b/dot_config/flake/machines/saffron/configuration.nix index 7769e5b..95216fe 100644 --- a/dot_config/flake/machines/saffron/configuration.nix +++ b/dot_config/flake/machines/saffron/configuration.nix @@ -2,7 +2,9 @@ pkgs, outputs, ... -}: { +}: let + secrets = builtins.fromTOML (builtins.readFile ./secrets.toml); +in { imports = [ # Include the results of the hardware scan. ./hardware-configuration.nix @@ -31,7 +33,28 @@ }; networking.hostName = "saffron"; # Define your hostname. - networking.firewall.allowedTCPPorts = [ 443 ]; + networking.firewall.allowedTCPPorts = [443]; + + networking.nameservers = ["8.8.8.8" "8.8.4.4" "1.1.1.1"]; + + virtualisation.oci-containers = { + backend = "docker"; + containers = { + baszel = { + image = "henrygd/beszel-agent:latest"; + autoStart = true; + environment = { + PORT = "45876"; + KEY = secrets.baszel_key; + HUB_URL = "http://10.0.0.2:8090"; + TOKEN = secrets.baszel_token; + }; + volumes = [ + "/var/run/docker.sock:/var/run/docker.sock" + ]; + }; + }; + }; # Caddy reverse proxy with DNS challenge services.caddy = { diff --git a/dot_config/flake/machines/saffron/encrypted_secrets.toml.age b/dot_config/flake/machines/saffron/encrypted_secrets.toml.age new file mode 100644 index 0000000..4d91ea2 --- /dev/null +++ b/dot_config/flake/machines/saffron/encrypted_secrets.toml.age @@ -0,0 +1,10 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArRGUxV3NNc2FkeHMyZkor +Mko4d0ZvM1hvUCtva2hOU1E5VGVUd1pqVWtRCmZxU25vUi9lcmhxYUxDMmhmVUFD +blJQdVlhdk13eE1uVTRnNDZyNzZSSlEKLS0tIDVsRlA4ZXlsTGtZMlo0YnUzdjhT +eTc5QXlsTkF6M3MzTk1nTUNZY01ucU0KhlDO4/OL7hJE+AvaeyocZRNlYEPDgAeD +4XeSTJOzVJcP9kHpTOgaEGwuhmUhuLoq6bHLcwgX5cl25Mdr5sB7+wpAfqEtIzyd +wluXOCjoRiqmzH2xk31isrmLt7sMAgtwnkQ3uhqmiq767SNoNZOPtvDy8+OOZMhZ +v57gqKBNAISkYo6qQCTyez/rlh7fv0d0W+G7d67Tp7SvmLM03ChfXRmWUqLTzanM +6BZ68TdTWXogOzy5LHI= +-----END AGE ENCRYPTED FILE-----