use bezel flake

2025-11-18 23:33:32 -06:00 · 2025-11-18 23:33:32 -06:00 · 4a3e0290d0
commit 4a3e0290d0
parent df3057b347
12 changed files with 68 additions and 326 deletions
--- a/hosts/h001/flake.nix
+++ b/hosts/h001/flake.nix
@ -17,6 +17,8 @@
    common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/common";
    # secrets.url = "path:../../flakes/secrets";
    secrets.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/secrets";
+    # beszel.url = "path:../../flakes/beszel";
+    beszel.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/beszel";

    ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";

@ -29,6 +31,7 @@
      home-manager,
      common,
      secrets,
+      beszel,
      ros_neovim,
      nixarr,
      ...
@ -38,6 +41,7 @@
      system = "x86_64-linux";
      stateVersion = "24.11";
      primaryUser = "luser";
+      overlayIp = "100.64.0.13";
      lib = nixpkgs.lib;
    in
    {
@ -71,6 +75,17 @@
              common.nixosModules.tty_caps_esc
              common.nixosModules.zsh

+              beszel.nixosModules.agent
+              (
+                { ... }:
+                {
+                  beszelAgent = {
+                    listen = "${overlayIp}:45876";
+                    token = "20208198-87c2-4bd1-ab09-b97c3b9c6a6e";
+                  };
+                }
+              )
+
              nixarr.nixosModules.default
              ./hardware-configuration.nix
              ./mods
--- a/hosts/h001/mods/default.nix
+++ b/hosts/h001/mods/default.nix
@ -5,9 +5,7 @@
  imports = [
    ./litellm.nix
    ./nixarr.nix
-    # ./monitoring.nix # disabling
    ./monitoring_hub.nix
-    ./monitoring_agent.nix
    ./pinchflat.nix
    ./openwebui.nix
    ./trilium.nix
--- a/hosts/h001/mods/monitoring.nix
+++ b/hosts/h001/mods/monitoring.nix
@ -1,156 +0,0 @@
-{
-  config,
-  ...
-}:
-{
-  config = {
-    services.prometheus = {
-      enable = true;
-      scrapeConfigs = [
-        {
-          job_name = "node";
-          static_configs = [
-            {
-              targets = [ "localhost:9100" ];
-              labels.instance = config.networking.hostName; # h001
-            }
-            {
-              targets = [ "lio.net.joshuabell.xyz:9100" ];
-              labels.instance = "lio";
-            }
-            {
-              targets = [ "oren.net.joshuabell.xyz:9100" ];
-              labels.instance = "oren";
-            }
-            {
-              targets = [ "gp3.net.joshuabell.xyz:9100" ];
-              labels.instance = "gp3";
-            }
-            {
-              targets = [ "h002.net.joshuabell.xyz:9100" ];
-              labels.instance = "h002";
-            }
-            {
-              targets = [ "o001.net.joshuabell.xyz:9100" ];
-              labels.instance = "o001";
-            }
-          ];
-        }
-      ];
-    };
-
-    services.grafana = {
-      enable = true;
-      dataDir = "/var/lib/grafana";
-      settings = {
-        server = {
-          http_port = 3001;
-          http_addr = "127.0.0.1";
-          serve_from_sub_path = true;
-          domain = "h001.net.joshuabell.xyz";
-          root_url = "http://h001.net.joshuabell.xyz/grafana/";
-          enforce_domain = true;
-          enable_gzip = true;
-        };
-      };
-      provision = {
-        datasources.settings.datasources = [
-          {
-            name = "Prometheus";
-            type = "prometheus";
-            url = "http://localhost:9090";
-            access = "proxy";
-            isDefault = true; # Set as default, if you want
-          }
-          {
-            name = "Loki";
-            type = "loki";
-            url = "http://localhost:3100";
-            access = "proxy";
-            isDefault = false;
-          }
-        ];
-      };
-    };
-
-    # Loki for log aggregation
-    systemd.tmpfiles.rules = [
-      "d /var/lib/loki 0755 loki loki -"
-      "d /var/lib/loki/chunks 0755 loki loki -"
-      "d /var/lib/loki/rules 0755 loki loki -"
-      "d /var/lib/loki/compactor 0755 loki loki -"
-    ];
-    services.loki = {
-      enable = true;
-      configuration = {
-        auth_enabled = false;
-
-        server = {
-          http_listen_port = 3100;
-        };
-
-        common = {
-          path_prefix = "/var/lib/loki";
-          storage = {
-            filesystem = {
-              chunks_directory = "/var/lib/loki/chunks";
-              rules_directory = "/var/lib/loki/rules";
-            };
-          };
-          replication_factor = 1;
-          ring = {
-            kvstore = {
-              store = "inmemory";
-            };
-          };
-        };
-
-        schema_config = {
-          configs = [
-            {
-              from = "2023-01-01";
-              store = "boltdb-shipper";
-              object_store = "filesystem";
-              schema = "v12"; # Updated schema version
-              index = {
-                prefix = "index_";
-                period = "24h"; # Set to 24h period as recommended
-              };
-            }
-          ];
-        };
-
-        limits_config = {
-          allow_structured_metadata = false; # Disable structured metadata until we upgrade to v13
-        };
-
-        ruler = {
-          storage = {
-            type = "local";
-            local = {
-              directory = "/var/lib/loki/rules";
-            };
-          };
-          rule_path = "/var/lib/loki/rules";
-          ring = {
-            kvstore = {
-              store = "inmemory";
-            };
-          };
-        };
-
-        compactor = {
-          working_directory = "/var/lib/loki/compactor"; # Set working directory
-          retention_enabled = true;
-          compaction_interval = "5m";
-          delete_request_store = "filesystem"; # Add this line for retention configuration
-          delete_request_cancel_period = "24h";
-        };
-
-        analytics = {
-          reporting_enabled = false;
-        };
-      };
-    };
-  };
-}
--- a/hosts/h001/mods/monitoring_agent.nix
+++ b/hosts/h001/mods/monitoring_agent.nix
@ -1,31 +0,0 @@
-{
-  inputs,
-  config,
-  ...
-}:
-let
-  declaration = "services/monitoring/beszel-agent.nix";
-  nixpkgs = inputs.beszel-nixpkgs;
-  pkgs = import nixpkgs {
-    system = "x86_64-linux";
-    config.allowUnfree = true;
-  };
-in
-{
-  disabledModules = [ declaration ];
-  imports = [ "${nixpkgs}/nixos/modules/${declaration}" ];
-  config = {
-    services.beszel.agent = {
-      package = pkgs.beszel;
-      enable = true;
-      environment = {
-        SYSTEM_NAME = config.networking.hostName;
-        LISTEN = "100.64.0.13:45876";
-        HUB_URL = "http://100.64.0.13:8090";
-        # TODO this is only safe since I am running it in the overlay network only, rotate all keys if we change that.
-        TOKEN = "20208198-87c2-4bd1-ab09-b97c3b9c6a6e";
-        KEY = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDcAr8fbW4XyfL/tCMeMtD+Ou/FFywCNfsHdyvYs3qXf";
-      };
-    };
-  };
-}
--- a/hosts/h003/flake.nix
+++ b/hosts/h003/flake.nix
@ -8,6 +8,8 @@
    common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/common";
    # secrets.url = "path:../../flakes/secrets";
    secrets.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/secrets";
+    # beszel.url = "path:../../flakes/beszel";
+    beszel.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/beszel";

    ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
  };
@ -18,28 +20,25 @@
      home-manager,
      common,
      secrets,
+      beszel,
      ros_neovim,
      ...
    }@inputs:
    let
-      hostConfig = {
-        configurationName = "h003";
-        system = "x86_64-linux";
-        stateVersion = "25.05";
-        primaryUser = "luser";
-
-        overlayIp = "100.64.0.14";
-      };
+      configurationName = "h003";
+      system = "x86_64-linux";
+      stateVersion = "25.05";
+      primaryUser = "luser";
+      overlayIp = "100.64.0.14";
      lib = nixpkgs.lib;
    in
-    with hostConfig;
    {
      nixosConfigurations = {
        "${configurationName}" = (
          lib.nixosSystem {
            inherit system;
            specialArgs = {
-              inherit inputs hostConfig;
+              inherit inputs;
            };
            modules = [
              home-manager.nixosModules.default
@ -58,6 +57,17 @@
              common.nixosModules.tty_caps_esc
              common.nixosModules.zsh

+              beszel.nixosModules.agent
+              (
+                { ... }:
+                {
+                  beszelAgent = {
+                    listen = "${overlayIp}:45876";
+                    token = "20208198-87c2-4bd1-ab09-b97c3b9c6a6e";
+                  };
+                }
+              )
+
              ./hardware-configuration.nix
              ./mods
              (
--- a/hosts/h003/monitoring_agent.nix
+++ b/hosts/h003/monitoring_agent.nix
@ -1,32 +0,0 @@
-{
-  inputs,
-  config,
-  hostConfig,
-  ...
-}:
-let
-  declaration = "services/monitoring/beszel-agent.nix";
-  nixpkgs = inputs.beszel-nixpkgs;
-  pkgs = import nixpkgs {
-    system = "x86_64-linux";
-    config.allowUnfree = true;
-  };
-in
-{
-  disabledModules = [ declaration ];
-  imports = [ "${nixpkgs}/nixos/modules/${declaration}" ];
-  config = {
-    services.beszel.agent = {
-      package = pkgs.beszel;
-      enable = true;
-      environment = {
-        SYSTEM_NAME = config.networking.hostName;
-        LISTEN = "${hostConfig.overlayIp}:45876";
-        HUB_URL = "http://100.64.0.13:8090";
-        # TODO this is only safe since I am running it in the overlay network only, rotate all keys if we change that.
-        TOKEN = "20208198-87c2-4bd1-ab09-b97c3b9c6a6e";
-        KEY = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDcAr8fbW4XyfL/tCMeMtD+Ou/FFywCNfsHdyvYs3qXf";
-      };
-    };
-  };
-}
--- a/hosts/linode/l001/monitoring_agent.nix
+++ b/hosts/linode/l001/monitoring_agent.nix
@ -1,31 +0,0 @@
-{
-  inputs,
-  config,
-  ...
-}:
-let
-  declaration = "services/monitoring/beszel-agent.nix";
-  nixpkgs = inputs.beszel-nixpkgs;
-  pkgs = import nixpkgs {
-    system = "x86_64-linux";
-    config.allowUnfree = true;
-  };
-in
-{
-  disabledModules = [ declaration ];
-  imports = [ "${nixpkgs}/nixos/modules/${declaration}" ];
-  config = {
-    services.beszel.agent = {
-      package = pkgs.beszel;
-      enable = true;
-      environment = {
-        SYSTEM_NAME = config.networking.hostName;
-        LISTEN = "100.64.0.13:45876";
-        HUB_URL = "http://100.64.0.13:8090";
-        # TODO this is only safe since I am running it in the overlay network only, rotate all keys if we change that.
-        TOKEN = "20208198-87c2-4bd1-ab09-b97c3b9c6a6e";
-        KEY = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDcAr8fbW4XyfL/tCMeMtD+Ou/FFywCNfsHdyvYs3qXf";
-      };
-    };
-  };
-}
--- a/hosts/lio/flake.nix
+++ b/hosts/lio/flake.nix
@ -33,6 +33,7 @@
      configuration_name = "lio";
      system = "x86_64-linux";
      primaryUser = "josh";
+      overlayIp = "100.64.0.1";
      lib = nixpkgs.lib;
    in
    {
@ -82,7 +83,7 @@
                { ... }:
                {
                  beszelAgent = {
-                    listen = "100.64.0.1:45876";
+                    listen = "${overlayIp}:45876";
                    token = "20208198-87c2-4bd1-ab09-b97c3b9c6a6e";
                  };
                }
--- a/hosts/oracle/o001/flake.nix
+++ b/hosts/oracle/o001/flake.nix
@ -10,6 +10,8 @@
    common.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/common";
    # secrets.url = "path:../../../flakes/secrets";
    secrets.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/secrets";
+    # beszel.url = "path:../../flakes/beszel";
+    beszel.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/beszel";
  };

  outputs =
@ -19,6 +21,7 @@
      home-manager,
      common,
      secrets,
+      beszel,
      ros_neovim,
      deploy-rs,
      ...
@ -28,6 +31,7 @@
      system = "aarch64-linux";
      stateVersion = "23.11";
      primaryUser = "root";
+      overlayIp = "100.64.0.11";
      lib = nixpkgs.lib;
    in
    {
@ -66,6 +70,17 @@
              common.nixosModules.tailnet
              common.nixosModules.zsh

+              beszel.nixosModules.agent
+              (
+                { ... }:
+                {
+                  beszelAgent = {
+                    listen = "${overlayIp}:45876";
+                    token = "20208198-87c2-4bd1-ab09-b97c3b9c6a6e";
+                  };
+                }
+              )
+
              ros_neovim.nixosModules.default
              ./configuration.nix
              ./hardware-configuration.nix
--- a/hosts/oracle/o001/monitoring_agent.nix
+++ b/hosts/oracle/o001/monitoring_agent.nix
@ -1,31 +0,0 @@
-{
-  inputs,
-  config,
-  ...
-}:
-let
-  declaration = "services/monitoring/beszel-agent.nix";
-  nixpkgs = inputs.beszel-nixpkgs;
-  pkgs = import nixpkgs {
-    system = "x86_64-linux";
-    config.allowUnfree = true;
-  };
-in
-{
-  disabledModules = [ declaration ];
-  imports = [ "${nixpkgs}/nixos/modules/${declaration}" ];
-  config = {
-    services.beszel.agent = {
-      package = pkgs.beszel;
-      enable = true;
-      environment = {
-        SYSTEM_NAME = config.networking.hostName;
-        LISTEN = "100.64.0.13:45876";
-        HUB_URL = "http://100.64.0.13:8090";
-        # TODO this is only safe since I am running it in the overlay network only, rotate all keys if we change that.
-        TOKEN = "20208198-87c2-4bd1-ab09-b97c3b9c6a6e";
-        KEY = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDcAr8fbW4XyfL/tCMeMtD+Ou/FFywCNfsHdyvYs3qXf";
-      };
-    };
-  };
-}
--- a/hosts/oren/flake.nix
+++ b/hosts/oren/flake.nix
@ -12,6 +12,8 @@
    flatpaks.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/flatpaks";
    # hyprland.url = "path:../../flakes/hyprland";
    hyprland.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/hyprland";
+    # beszel.url = "path:../../flakes/beszel";
+    beszel.url = "git+https://git.joshuabell.xyz/ringofstorms/dotfiles?dir=flakes/beszel";

    ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
  };
@ -24,6 +26,7 @@
      secrets,
      flatpaks,
      hyprland,
+      beszel,
      ros_neovim,
      ...
    }:
@ -32,6 +35,7 @@
      system = "x86_64-linux";
      stateVersion = "25.05";
      primaryUser = "josh";
+      overlayIp = "100.64.0.5";
      lib = nixpkgs.lib;
    in
    {
@ -67,6 +71,17 @@
              common.nixosModules.tty_caps_esc
              common.nixosModules.zsh

+              beszel.nixosModules.agent
+              (
+                { ... }:
+                {
+                  beszelAgent = {
+                    listen = "${overlayIp}:45876";
+                    token = "20208198-87c2-4bd1-ab09-b97c3b9c6a6e";
+                  };
+                }
+              )
+
              ./configuration.nix
              ./hardware-configuration.nix
              # ./sway_customizations.nix
--- a/hosts/oren/monitoring_agent.nix
+++ b/hosts/oren/monitoring_agent.nix
@ -1,31 +0,0 @@
-{
-  inputs,
-  config,
-  ...
-}:
-let
-  declaration = "services/monitoring/beszel-agent.nix";
-  nixpkgs = inputs.beszel-nixpkgs;
-  pkgs = import nixpkgs {
-    system = "x86_64-linux";
-    config.allowUnfree = true;
-  };
-in
-{
-  disabledModules = [ declaration ];
-  imports = [ "${nixpkgs}/nixos/modules/${declaration}" ];
-  config = {
-    services.beszel.agent = {
-      package = pkgs.beszel;
-      enable = true;
-      environment = {
-        SYSTEM_NAME = config.networking.hostName;
-        LISTEN = "100.64.0.13:45876";
-        HUB_URL = "http://100.64.0.13:8090";
-        # TODO this is only safe since I am running it in the overlay network only, rotate all keys if we change that.
-        TOKEN = "20208198-87c2-4bd1-ab09-b97c3b9c6a6e";
-        KEY = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDcAr8fbW4XyfL/tCMeMtD+Ou/FFywCNfsHdyvYs3qXf";
-      };
-    };
-  };
-}