Update from updated-inputs-2025-08-18-01-03
This commit is contained in:
Flake Update Bot
@@ -237,7 +237,7 @@
|
|||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
clerie.system-auto-upgrade = {
|
services.bijwerken = {
|
||||||
autoUpgrade = true;
|
autoUpgrade = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -111,7 +111,7 @@
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
clerie.system-auto-upgrade = {
|
services.bijwerken = {
|
||||||
autoUpgrade = true;
|
autoUpgrade = true;
|
||||||
startAt = "*-*-* 06:22:00";
|
startAt = "*-*-* 06:22:00";
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -105,7 +105,7 @@
|
|||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
clerie.system-auto-upgrade = {
|
services.bijwerken = {
|
||||||
autoUpgrade = true;
|
autoUpgrade = true;
|
||||||
startAt = "*-*-* 07:22:00";
|
startAt = "*-*-* 07:22:00";
|
||||||
};
|
};
|
||||||
|
|||||||
@@ -161,7 +161,7 @@
|
|||||||
}
|
}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
clerie.system-auto-upgrade = {
|
services.bijwerken = {
|
||||||
autoUpgrade = true;
|
autoUpgrade = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -70,7 +70,7 @@
|
|||||||
|
|
||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
|
|
||||||
clerie.system-auto-upgrade = {
|
services.bijwerken = {
|
||||||
autoUpgrade = true;
|
autoUpgrade = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -89,7 +89,7 @@ groups:
|
|||||||
description: "GPG with fingerprint {{ $labels.fingerprint }} is expiring in less then six weeks"
|
description: "GPG with fingerprint {{ $labels.fingerprint }} is expiring in less then six weeks"
|
||||||
- alert: NadjaTopIPv4ProxyBroken
|
- alert: NadjaTopIPv4ProxyBroken
|
||||||
expr: probe_success{job="blackbox_local_http6", target="blog.nadja.top"} != on (target) probe_success{job="blackbox_local_http4", target="blog.nadja.top"}
|
expr: probe_success{job="blackbox_local_http6", target="blog.nadja.top"} != on (target) probe_success{job="blackbox_local_http4", target="blog.nadja.top"}
|
||||||
for: 5m
|
for: 15m
|
||||||
labels:
|
labels:
|
||||||
severity: critical
|
severity: critical
|
||||||
annotations:
|
annotations:
|
||||||
@@ -102,3 +102,11 @@ groups:
|
|||||||
annotations:
|
annotations:
|
||||||
summary: "Too many notification requests failed"
|
summary: "Too many notification requests failed"
|
||||||
description: "Too many notification requests to Alertmanager integration {{ $labels.integration }} failed"
|
description: "Too many notification requests to Alertmanager integration {{ $labels.integration }} failed"
|
||||||
|
- alert: FemSocialDown
|
||||||
|
expr: min(probe_success{target="fem.social", job=~"blackbox_local_http.*"}) == 0
|
||||||
|
for: 5m
|
||||||
|
labels:
|
||||||
|
severity: critical
|
||||||
|
annotations:
|
||||||
|
summary: "fem.social unavailable via HTTP"
|
||||||
|
description: "fem.social is not fully reachable via HTTP"
|
||||||
|
|||||||
@@ -41,7 +41,7 @@
|
|||||||
|
|
||||||
networking.firewall.allowedUDPPorts = [];
|
networking.firewall.allowedUDPPorts = [];
|
||||||
|
|
||||||
clerie.system-auto-upgrade = {
|
services.bijwerken = {
|
||||||
autoUpgrade = true;
|
autoUpgrade = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -58,7 +58,7 @@
|
|||||||
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
networking.firewall.allowedTCPPorts = [ 80 443 ];
|
||||||
networking.firewall.allowedUDPPorts = [];
|
networking.firewall.allowedUDPPorts = [];
|
||||||
|
|
||||||
clerie.system-auto-upgrade = {
|
services.bijwerken = {
|
||||||
autoUpgrade = true;
|
autoUpgrade = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -52,7 +52,7 @@
|
|||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
clerie.system-auto-upgrade = {
|
services.bijwerken = {
|
||||||
autoUpgrade = true;
|
autoUpgrade = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|||||||
@@ -3,13 +3,13 @@
|
|||||||
with lib;
|
with lib;
|
||||||
|
|
||||||
let
|
let
|
||||||
cfg = config.clerie.system-auto-upgrade;
|
cfg = config.services.bijwerken;
|
||||||
in
|
in
|
||||||
|
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
clerie.system-auto-upgrade = {
|
services.bijwerken = {
|
||||||
enable = mkEnableOption "clerie system upgrade";
|
enable = mkEnableOption "Automatic system upgrades";
|
||||||
autoUpgrade = mkOption {
|
autoUpgrade = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
@@ -20,10 +20,15 @@ in
|
|||||||
default = null;
|
default = null;
|
||||||
description = "Systemd time string for starting the unit";
|
description = "Systemd time string for starting the unit";
|
||||||
};
|
};
|
||||||
|
nodeExporterTextfilePath = mkOption {
|
||||||
|
type = with types; nullOr str;
|
||||||
|
default = null;
|
||||||
|
description = "Path to node exporter textfile for putting metrics";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
config = mkIf cfg.enable {
|
config = mkIf cfg.enable {
|
||||||
systemd.services.clerie-system-auto-upgrade = {
|
systemd.services.bijwerken-system-upgrade = {
|
||||||
requires = [ "network-online.target" ];
|
requires = [ "network-online.target" ];
|
||||||
after = [ "network-online.target" ];
|
after = [ "network-online.target" ];
|
||||||
|
|
||||||
@@ -33,10 +38,10 @@ in
|
|||||||
|
|
||||||
serviceConfig = {
|
serviceConfig = {
|
||||||
Type = "oneshot";
|
Type = "oneshot";
|
||||||
ExecStart = pkgs.clerie-system-upgrade + "/bin/clerie-system-upgrade --no-confirm${optionalString (config.clerie.monitoring.enable) " --node-exporter-metrics-path /var/lib/prometheus-node-exporter/textfiles/clerie-system-upgrade.prom"}";
|
ExecStart = (getExe pkgs.bijwerken-system-upgrade) + " --no-confirm${optionalString (cfg.nodeExporterTextfilePath != null) " --node-exporter-metrics-path ${cfg.nodeExporterTextfilePath}"}";
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
systemd.timers.clerie-system-auto-upgrade = mkIf cfg.autoUpgrade {
|
systemd.timers.bijwerken-system-upgrade = mkIf cfg.autoUpgrade {
|
||||||
wantedBy = [ "timers.target" ];
|
wantedBy = [ "timers.target" ];
|
||||||
timerConfig = {
|
timerConfig = {
|
||||||
OnCalendar = if cfg.startAt == null then "*-*-* 05:37:00" else cfg.startAt;
|
OnCalendar = if cfg.startAt == null then "*-*-* 05:37:00" else cfg.startAt;
|
||||||
@@ -46,7 +51,7 @@ in
|
|||||||
after = [ "network-online.target" ];
|
after = [ "network-online.target" ];
|
||||||
};
|
};
|
||||||
environment.systemPackages = with pkgs; [
|
environment.systemPackages = with pkgs; [
|
||||||
clerie-system-upgrade
|
bijwerken-system-upgrade
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
@@ -5,9 +5,9 @@
|
|||||||
./policyrouting
|
./policyrouting
|
||||||
./akne
|
./akne
|
||||||
./backup
|
./backup
|
||||||
|
./bijwerken
|
||||||
./clerie-firewall
|
./clerie-firewall
|
||||||
./clerie-gc-dir
|
./clerie-gc-dir
|
||||||
./clerie-system-upgrade
|
|
||||||
./dhcpcd-prefixdelegation
|
./dhcpcd-prefixdelegation
|
||||||
./minecraft-server
|
./minecraft-server
|
||||||
./monitoring
|
./monitoring
|
||||||
|
|||||||
@@ -75,6 +75,8 @@ in
|
|||||||
|
|
||||||
systemd.services."prometheus-node-exporter".serviceConfig.RestrictAddressFamilies = [ "AF_NETLINK" ];
|
systemd.services."prometheus-node-exporter".serviceConfig.RestrictAddressFamilies = [ "AF_NETLINK" ];
|
||||||
|
|
||||||
|
services.bijwerken.nodeExporterTextfilePath = "/var/lib/prometheus-node-exporter/textfiles/bijwerken-system-upgrade.prom";
|
||||||
|
|
||||||
services.prometheus.exporters.bird = mkIf cfg.bird {
|
services.prometheus.exporters.bird = mkIf cfg.bird {
|
||||||
enable = true;
|
enable = true;
|
||||||
};
|
};
|
||||||
|
|||||||
5
pkgs/bijwerken-poke/bijwerken-poke.sh
Executable file
5
pkgs/bijwerken-poke/bijwerken-poke.sh
Executable file
@@ -0,0 +1,5 @@
|
|||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
TARGETS="$(nix --extra-experimental-features "nix-command flakes" eval --raw ".#nixosConfigurations" --apply "nixosConfigurations: builtins.concatStringsSep \"\\n\" (builtins.attrValues (builtins.mapAttrs (name: host: host.config.networking.fqdn) nixosConfigurations))")"
|
||||||
|
|
||||||
|
pssh -h <(echo "${TARGETS}") -i -- sudo systemctl start bijwerken-system-upgrade.service --no-block
|
||||||
10
pkgs/bijwerken-poke/default.nix
Normal file
10
pkgs/bijwerken-poke/default.nix
Normal file
@@ -0,0 +1,10 @@
|
|||||||
|
{ pkgs, ... }:
|
||||||
|
|
||||||
|
pkgs.writeShellApplication {
|
||||||
|
name = "bijwerken-poke";
|
||||||
|
text = builtins.readFile ./bijwerken-poke.sh;
|
||||||
|
runtimeInputs = with pkgs; [
|
||||||
|
pssh
|
||||||
|
];
|
||||||
|
}
|
||||||
|
|
||||||
@@ -50,7 +50,7 @@ echo "Set as boot target"
|
|||||||
|
|
||||||
if [[ -n "$NODE_EXPORTER_METRICS_PATH" ]]; then
|
if [[ -n "$NODE_EXPORTER_METRICS_PATH" ]]; then
|
||||||
echo "Write monitoring check data"
|
echo "Write monitoring check data"
|
||||||
echo "clerie_system_upgrade_last_check $(date +%s)" > "$NODE_EXPORTER_METRICS_PATH"
|
echo "bijwerken_system_upgrade_last_check $(date +%s)" > "$NODE_EXPORTER_METRICS_PATH"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
BOOTED_SYSTEM_KERNEL="$(readlink /run/booted-system/{initrd,kernel,kernel-modules})"
|
BOOTED_SYSTEM_KERNEL="$(readlink /run/booted-system/{initrd,kernel,kernel-modules})"
|
||||||
@@ -1,8 +1,8 @@
|
|||||||
{ pkgs, ... }:
|
{ pkgs, ... }:
|
||||||
|
|
||||||
pkgs.writeShellApplication {
|
pkgs.writeShellApplication {
|
||||||
name = "clerie-system-upgrade";
|
name = "bijwerken-system-upgrade";
|
||||||
text = builtins.readFile ./clerie-system-upgrade.sh;
|
text = builtins.readFile ./bijwerken-system-upgrade.sh;
|
||||||
runtimeInputs = with pkgs; [
|
runtimeInputs = with pkgs; [
|
||||||
curl
|
curl
|
||||||
jq
|
jq
|
||||||
@@ -1,10 +1,11 @@
|
|||||||
final: prev: {
|
final: prev: {
|
||||||
|
bijwerken-poke = final.callPackage ./bijwerken-poke {};
|
||||||
|
bijwerken-system-upgrade = final.callPackage ./bijwerken-system-upgrade {};
|
||||||
clerie-backup = final.callPackage ./clerie-backup {};
|
clerie-backup = final.callPackage ./clerie-backup {};
|
||||||
clerie-cleanup-branches = final.callPackage ./clerie-update-nixfiles/clerie-cleanup-branches.nix {};
|
clerie-cleanup-branches = final.callPackage ./clerie-update-nixfiles/clerie-cleanup-branches.nix {};
|
||||||
clerie-keys = final.callPackage ./clerie-keys {};
|
clerie-keys = final.callPackage ./clerie-keys {};
|
||||||
clerie-ssh-known-hosts = final.callPackage ./clerie-ssh-known-hosts {};
|
clerie-ssh-known-hosts = final.callPackage ./clerie-ssh-known-hosts {};
|
||||||
clerie-system-remote-install = final.callPackage ./clerie-system-remote-install {};
|
clerie-system-remote-install = final.callPackage ./clerie-system-remote-install {};
|
||||||
clerie-system-upgrade = final.callPackage ./clerie-system-upgrade/clerie-system-upgrade.nix {};
|
|
||||||
clerie-merge-nixfiles-update = final.callPackage ./clerie-update-nixfiles/clerie-merge-nixfiles-update.nix {};
|
clerie-merge-nixfiles-update = final.callPackage ./clerie-update-nixfiles/clerie-merge-nixfiles-update.nix {};
|
||||||
clerie-sops = final.callPackage ./clerie-sops/clerie-sops.nix {};
|
clerie-sops = final.callPackage ./clerie-sops/clerie-sops.nix {};
|
||||||
clerie-sops-config = final.callPackage ./clerie-sops/clerie-sops-config.nix {};
|
clerie-sops-config = final.callPackage ./clerie-sops/clerie-sops-config.nix {};
|
||||||
|
|||||||
@@ -19,10 +19,10 @@ in {
|
|||||||
|
|
||||||
clerie.nixfiles.enable = true;
|
clerie.nixfiles.enable = true;
|
||||||
|
|
||||||
clerie.system-auto-upgrade.enable = true;
|
services.bijwerken.enable = true;
|
||||||
|
|
||||||
nix.settings = {
|
nix.settings = {
|
||||||
trusted-users = [ "@wheel" "@guests" ];
|
trusted-users = [ "@wheel" ];
|
||||||
auto-optimise-store = true;
|
auto-optimise-store = true;
|
||||||
# Keep buildtime dependencies
|
# Keep buildtime dependencies
|
||||||
keep-outputs = true;
|
keep-outputs = true;
|
||||||
|
|||||||
Reference in New Issue
Block a user