Update nixpkgs 2025-09-09-01-03

hosts/astatine: Add stack to monitor zte hypermobile 5g
pkgs/curl-timings: Add curl shortcut to show connection timings
2025-09-09 03:03:18 +02:00 · 2025-09-08 23:32:57 +02:00 · 2025-09-03 13:05:55 +02:00
11 changed files with 186 additions and 10 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -404,6 +404,26 @@
        "url": "https://git.clerie.de/clerie/mitel_ommclient2.git"
      }
    },
+    "mu5001tool": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1757364612,
+        "narHash": "sha256-6MSqlWHH15qbWbvS9b6OTGdtIkW6GVb9SSLkEYAMdDw=",
+        "ref": "refs/heads/main",
+        "rev": "cb758d9bc97baa11e80a048e666c99986cabed43",
+        "revCount": 6,
+        "type": "git",
+        "url": "https://git.clerie.de/clerie/mu5001tool.git"
+      },
+      "original": {
+        "type": "git",
+        "url": "https://git.clerie.de/clerie/mu5001tool.git"
+      }
+    },
    "nix2container": {
      "flake": false,
      "locked": {
@@ -646,11 +666,11 @@
    },
    "nixpkgs_5": {
      "locked": {
-        "lastModified": 1756542300,
-        "narHash": "sha256-tlOn88coG5fzdyqz6R93SQL5Gpq+m/DsWpekNFhqPQk=",
+        "lastModified": 1757068644,
+        "narHash": "sha256-NOrUtIhTkIIumj1E/Rsv1J37Yi3xGStISEo8tZm3KW4=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d7600c775f877cd87b4f5a831c28aa94137377aa",
+        "rev": "8eb28adfa3dc4de28e792e3bf49fcf9007ca8ac9",
        "type": "github"
      },
      "original": {
@@ -743,6 +763,7 @@
        "hydra": "hydra",
        "lix": "lix_2",
        "lix-module": "lix-module",
+        "mu5001tool": "mu5001tool",
        "nixos-exporter": "nixos-exporter",
        "nixos-hardware": "nixos-hardware",
        "nixpkgs": "nixpkgs_5",
--- a/flake.nix
+++ b/flake.nix
@@ -40,6 +40,10 @@
      inputs.nixpkgs.follows = "nixpkgs";
    };
    fieldpoc.url = "git+https://git.clerie.de/clerie/fieldpoc.git";
+    mu5001tool = {
+      url = "git+https://git.clerie.de/clerie/mu5001tool.git";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
    nixos-exporter = {
      url = "git+https://git.clerie.de/clerie/nixos-exporter.git";
      inputs.nixpkgs.follows = "nixpkgs";
--- a/flake/inputs-overlay.nix
+++ b/flake/inputs-overlay.nix
@@ -5,6 +5,7 @@
 , chaosevents
 , harmonia
 , hydra
+, mu5001tool
 , nurausstieg
 , rainbowrss
 , scan-to-gpg
@@ -25,6 +26,8 @@ final: prev: {
    harmonia;
  inherit (hydra.packages.${final.system})
    hydra;
+  inherit (mu5001tool.packages.${final.system})
+    mu5001tool;
  inherit (nurausstieg.packages.${final.system})
    nurausstieg;
  inherit (rainbowrss.packages.${final.system})
--- a/hosts/astatine/configuration.nix
+++ b/hosts/astatine/configuration.nix
@@ -4,6 +4,10 @@
  imports =
    [
      ./hardware-configuration.nix
+
+      ./grafana.nix
+      ./mu5001tool.nix
+      ./prometheus.nix
    ];

  profiles.clerie.network-fallback-dhcp.enable = true;
@@ -18,6 +22,16 @@
    terminal_output serial
  ";

+  sops.secrets.monitoring-htpasswd = {
+    owner = "nginx";
+    group = "nginx";
+  };
+  services.nginx = {
+    enable = true;
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
  profiles.clerie.wg-clerie = {
    enable = true;
    ipv6s = [ "2a01:4f8:c0c:15f1::8108/128" ];
--- a/hosts/astatine/grafana.nix
+++ b/hosts/astatine/grafana.nix
@@ -0,0 +1,45 @@
+{ config, ... }:
+{
+  services.grafana = {
+    enable  = true;
+    settings = {
+      server = {
+        domain = "grafana.astatine.net.clerie.de";
+        root_url = "https://grafana.astatine.net.clerie.de";
+        http_port = 3001;
+        http_addr = "::1";
+      };
+      "auth.anonymous" = {
+        enabled = true;
+      };
+    };
+
+    provision = {
+      enable = true;
+      datasources.settings.datasources = [
+        {
+          type = "prometheus";
+          name = "Prometheus";
+          url = "http://[::1]:9090";
+          isDefault = true;
+        }
+      ];
+    };
+  };
+
+  services.nginx = {
+    virtualHosts = {
+      "grafana.astatine.net.clerie.de" = {
+        enableACME = true;
+        forceSSL   = true;
+        basicAuthFile = config.sops.secrets.monitoring-htpasswd.path;
+        locations."/".proxyPass = "http://[::1]:3001/";
+        locations."= /api/live/ws" = {
+          proxyPass = "http://[::1]:3001";
+          proxyWebsockets = true;
+        };
+      };
+    };
+  };
+
+}
--- a/hosts/astatine/mu5001tool.nix
+++ b/hosts/astatine/mu5001tool.nix
@@ -0,0 +1,16 @@
+{ config, pkgs, lib, ... }:
+
+{
+
+  systemd.services."mu5001tool" = {
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      DynamicUser = true;
+      LoadCredential = "zte-hypermobile-5g-password:${config.sops.secrets."zte-hypermobile-5g-password".path}";
+    };
+    script = ''
+      ${lib.getExe pkgs.mu5001tool} --password-file ''${CREDENTIALS_DIRECTORY}/zte-hypermobile-5g-password prometheus-exporter --listen-port 9242
+    '';
+  };
+
+}
--- a/hosts/astatine/prometheus.nix
+++ b/hosts/astatine/prometheus.nix
@@ -0,0 +1,46 @@
+{ config, ... }:
+
+{
+  services.prometheus = {
+    enable = true;
+    enableReload = true;
+    listenAddress = "[::1]";
+    scrapeConfigs = [
+      {
+        job_name = "prometheus";
+        scrape_interval = "20s";
+        scheme = "http";
+        static_configs = [
+          {
+            targets = [
+              "[::1]:9090"
+            ];
+          }
+        ];
+      }
+      {
+        job_name = "mu5001tool";
+        scrape_interval = "20s";
+        static_configs = [
+          {
+            targets = [
+              "[::1]:9242"
+            ];
+          }
+        ];
+      }
+    ];
+  };
+
+  services.nginx = {
+    virtualHosts = {
+      "prometheus.astatine.net.clerie.de" = {
+        enableACME = true;
+        forceSSL   = true;
+        basicAuthFile = config.sops.secrets.monitoring-htpasswd.path;
+        locations."/".proxyPass = "http://[::1]:9090/";
+      };
+    };
+  };
+
+}
--- a/hosts/astatine/secrets.json
+++ b/hosts/astatine/secrets.json
@@ -1,19 +1,17 @@
 {
 	"wg-clerie": "ENC[AES256_GCM,data:DbchcO6GTmSFyoHrRAkfu2flaKYrQHPk+rIerekYO4Cto9sqaWLgaSigpS8=,iv:no1xNRVqsKzAN6ssYA0Ir+utOM9tg8OBUT9PY2v0HPA=,tag:lZj1wEPFWHaf52N7YHEQKQ==,type:str]",
 	"wg-monitoring": "ENC[AES256_GCM,data:dTKKeieaGvECkHUpATLorhOgr9Re5CAH25y1WTcSqJZDsvnwD4CBbqMv2QQ=,iv:u1n1wyAW5aNcVYfGN8BmrEhIhtA3EfRDBNu65IdBZMI=,tag:RJYgOpel9uy6dC72MmqS5A==,type:str]",
+	"monitoring-htpasswd": "ENC[AES256_GCM,data:0uQ+Gwedi9kTaOzrwVzkNkS9qL0Dwmph1leK2sj/TndfSn3yaq7ur7ZHoPjWUl5Oy1poxU2rIUxWHajYC0n3yHv2AuGT,iv:FyH4MHcgW5iHkAsahNFtshnqqPOMlukg8aYfhcN9onw=,tag:q3BsnyKLrKYi/xDP6GmSkA==,type:str]",
+	"zte-hypermobile-5g-password": "ENC[AES256_GCM,data:lqxQICmWYwMejn8=,iv:TPYOs/cL/ETw7Ee0+YG/+Fhd7ASi0kr4rDLEiste+2Y=,tag:6O6AXIHkIjPm7hJVC4Y/1g==,type:str]",
 	"sops": {
-		"kms": null,
-		"gcp_kms": null,
-		"azure_kv": null,
-		"hc_vault": null,
 		"age": [
 			{
 				"recipient": "age1fffvnazdv3ys9ww8v4g832hv5nkvnk6d728syerzvpgskfmfkq8q00whpv",
 				"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMQUF5dkRwdXRmUkJ1SXN5\nLzdOVkhWYUJGdFd4Qklsa1BXeVZlTGx0eDE0ClZmYWNLMEVzaVVXWGkwQUt5ZHF5\nS1c5OU9PWjBTelM5R2phNFdVNncxUUkKLS0tIDlwSXFyZWNVT1dtdGU5dVFSRHNE\nUUpJZHJZRTd6TnBUU2dCWW90UTRVb0UKCWrHWmQTNhez16wgEKj4EQA4+UBRmGQn\n+NHSjBCMBmmTdHb05nENYVK515Z0T/60+9N3VlNyHWS9IgC3mZRUBg==\n-----END AGE ENCRYPTED FILE-----\n"
 			}
 		],
-		"lastmodified": "2024-04-21T16:03:13Z",
-		"mac": "ENC[AES256_GCM,data:fA8fhOZbX30TYgwZXB7sQDNmck0JRDyAnEXf5nCYtli/Qvs78fTs4DdC08VOpOni8uAVARkFsGSo6Fjo/MpTSDVA8VNYZig/we/bWF+LQlEMCmiqwOI1R6eQ3GPxcRXltlO2aPPlT9BpLwIVZjGGjIsmjpVE8xjkCbLUUqj+UxY=,iv:fHLyw96QLVRrAQky2kR7TDDxf8CNXDV9lVQ5RETzJEI=,tag:y+cG9u3d6vCUmPyNMDRWpA==,type:str]",
+		"lastmodified": "2025-09-08T21:03:41Z",
+		"mac": "ENC[AES256_GCM,data:ztS/Z6mn8hFAPsks2evJRJFocw/3oz22O2HeSEkY7Mu+bfNvClsJuvuTbnDadB0IwKiLDFWRMGs/UPFmNP6J/euro4cFHDWXopdXg7eDFGDoJDKIg4fBUtofdXIqWvDoQ9LeZNvc5Z4EEQYhs3LwFnAU0x15acwIIxr5TB9l8g8=,iv:WVjavmcrEs2CyYTfoTTP44c9TqFubUdE+PBN2jRPR+s=,tag:fBXzU69Q9MwD3o/Nyu5OZA==,type:str]",
 		"pgp": [
 			{
 				"created_at": "2024-04-21T16:02:41Z",
--- a/pkgs/curl-timings/curl-timings.sh
+++ b/pkgs/curl-timings/curl-timings.sh
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+curl -w "Request to %{url}
+
+time_namelookup: %{time_namelookup}s
+time_connect: %{time_connect}s
+time_appconnect: %{time_appconnect}s
+time_pretransfer: %{time_pretransfer}s
+time_starttransfer: %{time_starttransfer}s
+time_posttransfer: %{time_posttransfer}s
+time_queue: %{time_queue}s
+time_redirect: %{time_redirect}s
+time_starttransfer: %{time_starttransfer}s
+
+time_total: %{time_total}s
+" -o /dev/null -s "$@"
--- a/pkgs/curl-timings/default.nix
+++ b/pkgs/curl-timings/default.nix
@@ -0,0 +1,12 @@
+{
+  curl,
+  writeShellApplication,
+}:
+
+writeShellApplication {
+  name = "curl-timings";
+  text = builtins.readFile ./curl-timings.sh;
+  runtimeInputs = [
+    curl
+  ];
+}
--- a/pkgs/overlay.nix
+++ b/pkgs/overlay.nix
@@ -12,6 +12,7 @@ final: prev: {
  clerie-sops-edit = final.callPackage ./clerie-sops/clerie-sops-edit.nix {};
  clerie-update-nixfiles = final.callPackage ./clerie-update-nixfiles/clerie-update-nixfiles.nix {};
  chromium-incognito = final.callPackage ./chromium-incognito {};
+  curl-timings = final.callPackage ./curl-timings {};
  factorio-launcher = final.callPackage ./factorio-launcher {};
  feeds-dir = final.callPackage ./feeds-dir {};
  generate-blocked-prefixes = final.callPackage ./generate-blocked-prefixes {};
Author	SHA1	Message	Date
Flake Update Bot	27c6d13fb8	Update nixpkgs 2025-09-09-01-03	2025-09-09 03:03:18 +02:00
clerie	e82132b86e	hosts/astatine: Add stack to monitor zte hypermobile 5g	2025-09-08 23:32:57 +02:00
clerie	503dca182e	pkgs/curl-timings: Add curl shortcut to show connection timings	2025-09-03 13:05:55 +02:00