dump

nixos/modules/docker-host.nix

@@ -1,77 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-let
-  # ── Adjust these to your NAS settings ──────────────────────────────────────────
-  nasServer     = "192.168.1.100";          # your NAS IP or hostname
-  nasExportPath = "/export/docker-volumes"; # path on the NAS
-  nasMountPoint = "/mnt/nas";               # where to mount inside VM
-
-  # ── Where we drop your Compose file and run it ────────────────────────────────
-  composeDir  = "/etc/docker-compose-app";
-  composeText = lib.readFile ./docker-compose.yml;
-in {
-  ##############################################################################
-  # A) NETWORKING
-  #    (If you want DHCP, remove this block and let cloud-init assign an IP.)
-  ##############################################################################
-  # networking.interfaces.enp0s25 = {
-  #   useDHCP = false;
-  #   ipv4.addresses = [{
-  #     address = "192.168.1.50";
-  #     prefixLength = 24;
-  #   }];
-  #   ipv4.gateway = "192.168.1.1";
-  #   # optional: ipv4.dns = [ "1.1.1.1" "8.8.8.8" ];
-  # };
-
-  ##############################################################################
-  # B) MOUNT YOUR NAS VIA NFS
-  ##############################################################################
-  # fileSystems."${nasMountPoint}" = {
-  #   device = "${nasServer}:${nasExportPath}";
-  #   fsType = "nfs";
-  #   options = [ "defaults" "nofail" "x-systemd.requires=network-online.target" ];
-  # };
-  # fileSystems."${nasMountPoint}".requiredForBoot = false;
-
-  ##############################################################################
-  # C) INSTALL DOCKER & DOCKER-COMPOSE
-  ##############################################################################
-  environment.systemPackages = with pkgs; [
-    docker
-    docker-compose
-  ];
-  services.docker.enable = true;
-
-  ##############################################################################
-  # D) DROP IN YOUR docker-compose.yml
-  ##############################################################################
-  # systemd.tmpfiles.rules = [
-  #   # Ensure directory exists before we write the file.
-  #   "D! ${composeDir} 0755 root root - -"
-  # ];
-  # environment.etc."docker-compose-app/docker-compose.yml".text = composeText;
-
-  ##############################################################################
-  # E) RUN DOCKER-COMPOSE AS A SYSTEMD SERVICE
-  ##############################################################################
-  # systemd.services.dockerComposeApp = {
-  #   description = "Auto-start Docker-Compose stack for home server";
-  #   after = [ "network-online.target" "docker.service" ];
-  #   wants = [ "network-online.target" "docker.service" ];
-
-  #   serviceConfig = {
-  #     WorkingDirectory = composeDir;
-  #     ExecStart = "${pkgs.docker-compose}/bin/docker-compose -f ${composeDir}/docker-compose.yml up";
-  #     ExecStop  = "${pkgs.docker-compose}/bin/docker-compose -f ${composeDir}/docker-compose.yml down";
-  #     Restart = "always";
-  #     RestartSec = 10;
-  #   };
-
-  #   wantedBy = [ "multi-user.target" ];
-  # };
-
-
-
-
-}

nixos/modules/docker.nix

@@ -1,11 +0,0 @@
-{
-  config,
-  pkgs,
-  inputs,
-  ...
-}: {
-  virtualisation.docker = {
-    enable = true;
-    enableOnBoot = false;
-  };
-}

nixos/modules/forgejo.nix

@@ -1,54 +0,0 @@
-{ config, pkgs, ... }:
-
-let
-  # (Optional) name your Compose app’s directory on the VM:
-  composeDir = "/etc/docker-compose-app";
-
-in {
-  # 1) Install Docker engine and Docker‐Compose binary:
-  environment.systemPackages = with pkgs; [
-    docker
-    docker-compose      # pulls in the python-based compose
-  ];
-
-  # 2) Enable the Docker daemon:
-  services.docker.enable = true;
-
-  # 3) Create a directory for your Compose file and copy it from the flake:
-  #    If your flake repo has a sibling file `docker-compose.yml`, this will drop
-  #    it into /etc/docker-compose-app/docker-compose.yml on the VM.
-  environment.etc."docker-compose-app/docker-compose.yml".text = builtins.readFile ./docker-compose.yml;
-
-  # 4) Make sure that directory exists with the right permissions:
-  systemd.tmpfiles.rules = [
-    # D     = create directory if missing, mode 0755, owner root:root
-    "D! /etc/docker-compose-app 0755 root root - -"
-  ];
-
-  # 5) Define a systemd service to run `docker-compose up`:
-  systemd.services.dockerComposeApp = {
-    description = "docker-compose stack for my application";
-    after = [ "network-online.target" "docker.service" ];
-    wants = [ "network-online.target" "docker.service" ];
-
-    serviceConfig = {
-      # Run in foreground but let systemd restart if it crashes
-      ExecStart = "${pkgs.docker-compose}/bin/docker-compose -f ${composeDir}/docker-compose.yml up";
-      ExecStop  = "${pkgs.docker-compose}/bin/docker-compose -f ${composeDir}/docker-compose.yml down";
-      WorkingDirectory = composeDir;
-      Restart = "always";
-      RestartSec = 10;
-    };
-
-    # Make sure the directory exists before this service starts:
-    preStart = ''
-      mkdir -p ${composeDir}
-      chown root:root ${composeDir}
-    '';
-
-    wantedBy = [ "multi-user.target" ];
-  };
-
-  # 6) (Optional) If any volumes need to exist, define them here, for example:
-  #    environment.etc."docker-compose-app/data".source = "/path/to/local/data";
-}

nixos/modules/promtail.nix

@@ -1,9 +1,11 @@
-{ config, pkgs, ... }:
-let
-  promtail_port = 9080;
-in
 {
-  networking.firewall.allowedTCPPorts = [ promtail_port ];
+  config,
+  pkgs,
+  ...
+}: let
+  promtail_port = 9080;
+in {
+  networking.firewall.allowedTCPPorts = [promtail_port];
 
   systemd.tmpfiles.rules = [
     "d /var/lib/promtail 0755 promtail promtail -"
@@ -19,26 +21,60 @@ in
       positions = {
         filename = "/var/lib/promtail/positions.yaml";
       };
-      clients = [{
-        url = "http://monitor.lab:3100/loki/api/v1/push";
-      }];
-      scrape_configs = [{
-        job_name = "journal";
-        journal = {
-          path = "/var/log/journal";
-          labels = {
-            job = "promtail";
-            host = config.networking.hostName;
-            env = "proxmox";
-            instance = "${config.networking.hostName}.lab";
+      clients = [
+        {
+          url = "http://monitor.lab:3100/loki/api/v1/push";
+        }
+      ];
+      scrape_configs = [
+        {
+          job_name = "journal";
+          journal = {
+            path = "/var/log/journal";
+            labels = {
+              job = "promtail";
+              host = config.networking.hostName;
+              env = "proxmox";
+              instance = "${config.networking.hostName}.lab";
+            };
           };
-        };
-        relabel_configs = [{
-          source_labels = ["__journal__systemd_unit"];
-          target_label = "unit";
-        }];
-
-      }];
+          relabel_configs = [
+            {
+              source_labels = ["__journal__systemd_unit"];
+              target_label = "unit";
+            }
+            {
+              source_labels = ["__journal__hostname"];
+              target_label = "host";
+            }
+            {
+              source_labels = ["__journal__systemd_user_unit"];
+              target_label = "user_unit";
+            }
+            {
+              source_labels = ["__journal__transport"];
+              target_label = "transport";
+            }
+            {
+              source_labels = ["__journal_priority_keyword"];
+              target_label = "severity";
+            }
+          ];
+        }
+        # {
+        #   job_name = "secure";
+        #   static_configs = {
+        #     targets = ["localhost"];
+        #     labels = {
+        #       job = "secure";
+        #       host = config.networking.hostName;
+        #       env = "proxmox";
+        #       instance = "${config.networking.hostName}.lab";
+        #       __path__ = "/var/log/secure";
+        #     };
+        #   };
+        # }
+      ];
     };
   };
 }