added monitoring and updated nameservers

2025-12-08 01:38:34 -05:00 · 2025-12-06 19:58:16 -05:00 · 2025-12-06 19:58:16 -05:00 · 94d19278c3
commit 94d19278c3
parent ac85fbfa4e
3 changed files with 36 additions and 3 deletions
--- a/dot_config/flake/machines/kaylee/configuration.nix
+++ b/dot_config/flake/machines/kaylee/configuration.nix
@ -35,7 +35,6 @@ in {
    nixPath = lib.mapAttrsToList (n: _: "${n}=flake:${n}") flakeInputs;
  };

-  # forgejo
  virtualisation.oci-containers = {
    backend = "docker";
    containers = {
@ -52,6 +51,7 @@ in {
          "/var/run/docker.sock:/var/run/docker.sock"
        ];
      };
+      # forgejo
      forgejo-runner = {
        # serviceName = "forgejo-runner";
        autoStart = true;
--- a/dot_config/flake/machines/saffron/configuration.nix
+++ b/dot_config/flake/machines/saffron/configuration.nix
@ -2,7 +2,9 @@
  pkgs,
  outputs,
  ...
-}: {
+}: let
+  secrets = builtins.fromTOML (builtins.readFile ./secrets.toml);
+in {
  imports = [
    # Include the results of the hardware scan.
    ./hardware-configuration.nix
@ -31,7 +33,28 @@
  };

  networking.hostName = "saffron"; # Define your hostname.
-  networking.firewall.allowedTCPPorts = [ 443 ];
+  networking.firewall.allowedTCPPorts = [443];
+
+  networking.nameservers = ["8.8.8.8" "8.8.4.4" "1.1.1.1"];
+
+  virtualisation.oci-containers = {
+    backend = "docker";
+    containers = {
+      baszel = {
+        image = "henrygd/beszel-agent:latest";
+        autoStart = true;
+        environment = {
+          PORT = "45876";
+          KEY = secrets.baszel_key;
+          HUB_URL = "http://10.0.0.2:8090";
+          TOKEN = secrets.baszel_token;
+        };
+        volumes = [
+          "/var/run/docker.sock:/var/run/docker.sock"
+        ];
+      };
+    };
+  };

  # Caddy reverse proxy with DNS challenge
  services.caddy = {
--- a/dot_config/flake/machines/saffron/encrypted_secrets.toml.age
+++ b/dot_config/flake/machines/saffron/encrypted_secrets.toml.age
@ -0,0 +1,10 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArRGUxV3NNc2FkeHMyZkor
+Mko4d0ZvM1hvUCtva2hOU1E5VGVUd1pqVWtRCmZxU25vUi9lcmhxYUxDMmhmVUFD
+blJQdVlhdk13eE1uVTRnNDZyNzZSSlEKLS0tIDVsRlA4ZXlsTGtZMlo0YnUzdjhT
+eTc5QXlsTkF6M3MzTk1nTUNZY01ucU0KhlDO4/OL7hJE+AvaeyocZRNlYEPDgAeD
+4XeSTJOzVJcP9kHpTOgaEGwuhmUhuLoq6bHLcwgX5cl25Mdr5sB7+wpAfqEtIzyd
+wluXOCjoRiqmzH2xk31isrmLt7sMAgtwnkQ3uhqmiq767SNoNZOPtvDy8+OOZMhZ
+v57gqKBNAISkYo6qQCTyez/rlh7fv0d0W+G7d67Tp7SvmLM03ChfXRmWUqLTzanM
+6BZ68TdTWXogOzy5LHI=
+-----END AGE ENCRYPTED FILE-----