From 01c52573f07a274924d0c65fc044a44626b30902 Mon Sep 17 00:00:00 2001
From: Julien Malka <julien@malka.sh>
Date: Wed, 26 Jul 2023 19:35:08 +0200
Subject: [PATCH] update tower firewall
---
flake.lock | 726 +++++++++++++++++++++++++++++++++++++
machines/tower/default.nix | 22 +-
2 files changed, 742 insertions(+), 6 deletions(-)
create mode 100644 flake.lock
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..a2e7d5a
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,726 @@
+{
+ "nodes": {
+ "attic": {
+ "inputs": {
+ "crane": "crane",
+ "flake-compat": "flake-compat",
+ "flake-utils": [
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "unstable"
+ ],
+ "nixpkgs-stable": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1689457600,
+ "narHash": "sha256-1XLn2ZZMaqQx+Ys3eel5hQRkgUn3DeHcVb2JT8WYU0A=",
+ "owner": "zhaofengli",
+ "repo": "attic",
+ "rev": "4902d57f5dae8ec660ee9ee14c45c2192f9fe8b1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "zhaofengli",
+ "repo": "attic",
+ "type": "github"
+ }
+ },
+ "blobs": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1604995301,
+ "narHash": "sha256-wcLzgLec6SGJA8fx1OEN1yV/Py5b+U5iyYpksUY/yLw=",
+ "owner": "simple-nixos-mailserver",
+ "repo": "blobs",
+ "rev": "2cccdf1ca48316f2cfd1c9a0017e8de5a7156265",
+ "type": "gitlab"
+ },
+ "original": {
+ "owner": "simple-nixos-mailserver",
+ "repo": "blobs",
+ "type": "gitlab"
+ }
+ },
+ "crane": {
+ "inputs": {
+ "flake-compat": [
+ "attic",
+ "flake-compat"
+ ],
+ "flake-utils": [
+ "attic",
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "attic",
+ "nixpkgs"
+ ],
+ "rust-overlay": "rust-overlay"
+ },
+ "locked": {
+ "lastModified": 1677892403,
+ "narHash": "sha256-/Wi0L1spSWLFj+UQxN3j0mPYMoc7ZoAujpUF/juFVII=",
+ "owner": "ipetkov",
+ "repo": "crane",
+ "rev": "105e27adb70a9890986b6d543a67761cbc1964a2",
+ "type": "github"
+ },
+ "original": {
+ "owner": "ipetkov",
+ "repo": "crane",
+ "type": "github"
+ }
+ },
+ "deploy-rs": {
+ "inputs": {
+ "flake-compat": "flake-compat_2",
+ "nixpkgs": [
+ "unstable"
+ ],
+ "utils": [
+ "flake-utils"
+ ]
+ },
+ "locked": {
+ "lastModified": 1686747123,
+ "narHash": "sha256-XUQK9kwHpTeilHoad7L4LjMCCyY13Oq383CoFADecRE=",
+ "owner": "serokell",
+ "repo": "deploy-rs",
+ "rev": "724463b5a94daa810abfc64a4f87faef4e00f984",
+ "type": "github"
+ },
+ "original": {
+ "owner": "serokell",
+ "repo": "deploy-rs",
+ "type": "github"
+ }
+ },
+ "flake-compat": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1673956053,
+ "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-compat_2": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1668681692,
+ "narHash": "sha256-Ht91NGdewz8IQLtWZ9LCeNXMSXHUss+9COoqu6JLmXU=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "009399224d5e398d03b22badca40a37ac85412a1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-compat_3": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1673956053,
+ "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+ "type": "github"
+ },
+ "original": {
+ "owner": "edolstra",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-compat_4": {
+ "locked": {
+ "lastModified": 1688025799,
+ "narHash": "sha256-ktpB4dRtnksm9F5WawoIkEneh1nrEvuxb5lJFt1iOyw=",
+ "owner": "nix-community",
+ "repo": "flake-compat",
+ "rev": "8bf105319d44f6b9f0d764efa4fdef9f1cc9ba1c",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "flake-compat",
+ "type": "github"
+ }
+ },
+ "flake-parts": {
+ "inputs": {
+ "nixpkgs-lib": "nixpkgs-lib"
+ },
+ "locked": {
+ "lastModified": 1685662779,
+ "narHash": "sha256-cKDDciXGpMEjP1n6HlzKinN0H+oLmNpgeCTzYnsA2po=",
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "rev": "71fb97f0d875fd4de4994dfb849f2c75e17eb6c3",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hercules-ci",
+ "repo": "flake-parts",
+ "type": "github"
+ }
+ },
+ "flake-utils": {
+ "inputs": {
+ "systems": "systems"
+ },
+ "locked": {
+ "lastModified": 1689068808,
+ "narHash": "sha256-6ixXo3wt24N/melDWjq70UuHQLxGV8jZvooRanIHXw0=",
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "rev": "919d646de7be200f3bf08cb76ae1f09402b6f9b4",
+ "type": "github"
+ },
+ "original": {
+ "owner": "numtide",
+ "repo": "flake-utils",
+ "type": "github"
+ }
+ },
+ "home-manager": {
+ "inputs": {
+ "nixpkgs": [
+ "unstable"
+ ]
+ },
+ "locked": {
+ "lastModified": 1687871164,
+ "narHash": "sha256-bBFlPthuYX322xOlpJvkjUBz0C+MOBjZdDOOJJ+G2jU=",
+ "owner": "nix-community",
+ "repo": "home-manager",
+ "rev": "07c347bb50994691d7b0095f45ebd8838cf6bc38",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "ref": "release-23.05",
+ "repo": "home-manager",
+ "type": "github"
+ }
+ },
+ "homepage": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1639518131,
+ "narHash": "sha256-YuwHCXEbrzuEyRy1/2bX4Rux/nqmzRZ8H44+83JQNV8=",
+ "owner": "JulienMalka",
+ "repo": "homepage",
+ "rev": "29e779d8600b1c1e6235570a3614a54f8ec8126e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "JulienMalka",
+ "repo": "homepage",
+ "type": "github"
+ }
+ },
+ "hyprland": {
+ "inputs": {
+ "hyprland-protocols": "hyprland-protocols",
+ "nixpkgs": "nixpkgs",
+ "wlroots": "wlroots",
+ "xdph": "xdph"
+ },
+ "locked": {
+ "lastModified": 1690284788,
+ "narHash": "sha256-6QKfaqw6tU+VF6tLEduxyx+67+FGpsEtl3Rd7riU3uw=",
+ "owner": "hyprwm",
+ "repo": "Hyprland",
+ "rev": "a9b8e2159c2813a6951d0b0186fbb7f2f8554d3e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hyprwm",
+ "repo": "Hyprland",
+ "type": "github"
+ }
+ },
+ "hyprland-protocols": {
+ "inputs": {
+ "nixpkgs": [
+ "hyprland",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1684265364,
+ "narHash": "sha256-AxNnWbthsuNx73HDQr0eBxrcE3+yfl/WsaXZqUFmkpQ=",
+ "owner": "hyprwm",
+ "repo": "hyprland-protocols",
+ "rev": "8c279b9fb0f2b031427dc5ef4eab53f2ed835530",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hyprwm",
+ "repo": "hyprland-protocols",
+ "type": "github"
+ }
+ },
+ "hyprpaper": {
+ "inputs": {
+ "nixpkgs": "nixpkgs_2"
+ },
+ "locked": {
+ "lastModified": 1690361100,
+ "narHash": "sha256-e3V2avzF3yY+OBWr5fZ5jTHq6Jm2olnmd95E2jAkyCY=",
+ "owner": "hyprwm",
+ "repo": "hyprpaper",
+ "rev": "9261356bd74fadbc544bec22c16aec62ebba13bd",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hyprwm",
+ "repo": "hyprpaper",
+ "type": "github"
+ }
+ },
+ "linkal": {
+ "inputs": {
+ "flake-utils": [
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1688227218,
+ "narHash": "sha256-hlZlGblw7PDRlC4dBJVC3hwy+HZbXC+Mq4jbXP94ya4=",
+ "owner": "JulienMalka",
+ "repo": "Linkal",
+ "rev": "354b464cd6b6263f41b19ba05ab5163d0e8203db",
+ "type": "github"
+ },
+ "original": {
+ "owner": "JulienMalka",
+ "ref": "main",
+ "repo": "Linkal",
+ "type": "github"
+ }
+ },
+ "lowdown-src": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1633514407,
+ "narHash": "sha256-Dw32tiMjdK9t3ETl5fzGrutQTzh2rufgZV4A/BbxuD4=",
+ "owner": "kristapsdz",
+ "repo": "lowdown",
+ "rev": "d2c2b44ff6c27b936ec27358a2653caaef8f73b8",
+ "type": "github"
+ },
+ "original": {
+ "owner": "kristapsdz",
+ "repo": "lowdown",
+ "type": "github"
+ }
+ },
+ "nix-index-database": {
+ "inputs": {
+ "nixpkgs": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1690083300,
+ "narHash": "sha256-xnUtWO/5TuuHkIpmzMXGvHJqS06FSVADnAZ4bvqO4Zo=",
+ "owner": "Mic92",
+ "repo": "nix-index-database",
+ "rev": "c1e6fc40dd5c0d16940bc012421268b94e404b0b",
+ "type": "github"
+ },
+ "original": {
+ "owner": "Mic92",
+ "repo": "nix-index-database",
+ "type": "github"
+ }
+ },
+ "nix-rfc-92": {
+ "inputs": {
+ "flake-compat": "flake-compat_3",
+ "lowdown-src": "lowdown-src",
+ "nixpkgs": "nixpkgs_3",
+ "nixpkgs-regression": "nixpkgs-regression"
+ },
+ "locked": {
+ "lastModified": 1689947426,
+ "narHash": "sha256-acY4dEkac3LfE7ukTeJHWqwM0Jc2n5gAi901gOiNKKA=",
+ "owner": "obsidiansystems",
+ "repo": "nix",
+ "rev": "a4e676f1e31182234644fde3e3a823e94d02e163",
+ "type": "github"
+ },
+ "original": {
+ "owner": "obsidiansystems",
+ "ref": "dynamic-drvs",
+ "repo": "nix",
+ "type": "github"
+ }
+ },
+ "nixd": {
+ "inputs": {
+ "flake-parts": "flake-parts",
+ "nixpkgs": [
+ "unstable"
+ ]
+ },
+ "locked": {
+ "lastModified": 1690389899,
+ "narHash": "sha256-IZ8N++v1DMpQ0RGWzo+QFBZKtdPsLrAFlCzpgMqZsrg=",
+ "owner": "nix-community",
+ "repo": "nixd",
+ "rev": "c080d75976bdd77e2ab9cf1fdb003771ac4db4ec",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-community",
+ "repo": "nixd",
+ "type": "github"
+ }
+ },
+ "nixos-apple-silicon": {
+ "inputs": {
+ "flake-compat": "flake-compat_4",
+ "nixpkgs": "nixpkgs_4",
+ "rust-overlay": "rust-overlay_2"
+ },
+ "locked": {
+ "lastModified": 1689219568,
+ "narHash": "sha256-03oq6imX0mOidSmjoLjt/mSE2/6D6d4q0/UQcPn5/Zc=",
+ "owner": "tpwrules",
+ "repo": "nixos-apple-silicon",
+ "rev": "07eef29d1214b40da45ff2fae5d7e7498a0dd8ab",
+ "type": "github"
+ },
+ "original": {
+ "owner": "tpwrules",
+ "repo": "nixos-apple-silicon",
+ "type": "github"
+ }
+ },
+ "nixpkgs": {
+ "locked": {
+ "lastModified": 1690179384,
+ "narHash": "sha256-+arbgqFTAtoeKtepW9wCnA0njCOyoiDFyl0Q0SBSOtE=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "b12803b6d90e2e583429bb79b859ca53c348b39a",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs-lib": {
+ "locked": {
+ "dir": "lib",
+ "lastModified": 1685564631,
+ "narHash": "sha256-8ywr3AkblY4++3lIVxmrWZFzac7+f32ZEhH/A8pNscI=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "4f53efe34b3a8877ac923b9350c874e3dcd5dc0a",
+ "type": "github"
+ },
+ "original": {
+ "dir": "lib",
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs-regression": {
+ "locked": {
+ "lastModified": 1643052045,
+ "narHash": "sha256-uGJ0VXIhWKGXxkeNnq4TvV3CIOkUJ3PAoLZ3HMzNVMw=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "215d4d0fd80ca5163643b03a33fde804a29cc1e2",
+ "type": "github"
+ }
+ },
+ "nixpkgs_2": {
+ "locked": {
+ "lastModified": 1683014792,
+ "narHash": "sha256-6Va9iVtmmsw4raBc3QKvQT2KT/NGRWlvUlJj46zN8B8=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "1a411f23ba299db155a5b45d5e145b85a7aafc42",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_3": {
+ "locked": {
+ "lastModified": 1670461440,
+ "narHash": "sha256-jy1LB8HOMKGJEGXgzFRLDU1CBGL0/LlkolgnqIsF0D8=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "04a75b2eecc0acf6239acf9dd04485ff8d14f425",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-22.11-small",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "nixpkgs_4": {
+ "locked": {
+ "lastModified": 1689008574,
+ "narHash": "sha256-VFMgyHDiqsGDkRg73alv6OdHJAqhybryWHv77bSCGIw=",
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "4a729ce4b1fe5ec4fffc71c67c96aa5184ebb462",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nixos",
+ "repo": "nixpkgs",
+ "rev": "4a729ce4b1fe5ec4fffc71c67c96aa5184ebb462",
+ "type": "github"
+ }
+ },
+ "nixpkgs_5": {
+ "locked": {
+ "lastModified": 1690271650,
+ "narHash": "sha256-qwdsW8DBY1qH+9luliIH7VzgwvL+ZGI3LZWC0LTiDMI=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "6dc93f0daec55ee2f441da385aaf143863e3d671",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-23.05",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "root": {
+ "inputs": {
+ "attic": "attic",
+ "deploy-rs": "deploy-rs",
+ "flake-utils": "flake-utils",
+ "home-manager": "home-manager",
+ "homepage": "homepage",
+ "hyprland": "hyprland",
+ "hyprpaper": "hyprpaper",
+ "linkal": "linkal",
+ "nix-index-database": "nix-index-database",
+ "nix-rfc-92": "nix-rfc-92",
+ "nixd": "nixd",
+ "nixos-apple-silicon": "nixos-apple-silicon",
+ "nixpkgs": "nixpkgs_5",
+ "simple-nixos-mailserver": "simple-nixos-mailserver",
+ "sops-nix": "sops-nix",
+ "unstable": "unstable"
+ }
+ },
+ "rust-overlay": {
+ "inputs": {
+ "flake-utils": [
+ "attic",
+ "crane",
+ "flake-utils"
+ ],
+ "nixpkgs": [
+ "attic",
+ "crane",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1675391458,
+ "narHash": "sha256-ukDKZw922BnK5ohL9LhwtaDAdCsJL7L6ScNEyF1lO9w=",
+ "owner": "oxalica",
+ "repo": "rust-overlay",
+ "rev": "383a4acfd11d778d5c2efcf28376cbd845eeaedf",
+ "type": "github"
+ },
+ "original": {
+ "owner": "oxalica",
+ "repo": "rust-overlay",
+ "type": "github"
+ }
+ },
+ "rust-overlay_2": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1686795910,
+ "narHash": "sha256-jDa40qRZ0GRQtP9EMZdf+uCbvzuLnJglTUI2JoHfWDc=",
+ "owner": "oxalica",
+ "repo": "rust-overlay",
+ "rev": "5c2b97c0a9bc5217fc3dfb1555aae0fb756d99f9",
+ "type": "github"
+ },
+ "original": {
+ "owner": "oxalica",
+ "repo": "rust-overlay",
+ "type": "github"
+ }
+ },
+ "simple-nixos-mailserver": {
+ "inputs": {
+ "blobs": "blobs",
+ "nixpkgs": [
+ "unstable"
+ ],
+ "nixpkgs-22_11": [
+ "nixpkgs"
+ ],
+ "utils": [
+ "flake-utils"
+ ]
+ },
+ "locked": {
+ "lastModified": 1671659164,
+ "narHash": "sha256-DbpT+v1POwFOInbrDL+vMbYV3mVbTkMxmJ5j50QnOcA=",
+ "owner": "simple-nixos-mailserver",
+ "repo": "nixos-mailserver",
+ "rev": "bc667fb6afc45f6cc2d118ab77658faf2227cffd",
+ "type": "gitlab"
+ },
+ "original": {
+ "owner": "simple-nixos-mailserver",
+ "ref": "nixos-22.11",
+ "repo": "nixos-mailserver",
+ "type": "gitlab"
+ }
+ },
+ "sops-nix": {
+ "inputs": {
+ "nixpkgs": [
+ "unstable"
+ ],
+ "nixpkgs-stable": [
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1690199016,
+ "narHash": "sha256-yTLL72q6aqGmzHq+C3rDp3rIjno7EJZkFLof6Ika7cE=",
+ "owner": "Mic92",
+ "repo": "sops-nix",
+ "rev": "c36df4fe4bf4bb87759b1891cab21e7a05219500",
+ "type": "github"
+ },
+ "original": {
+ "owner": "Mic92",
+ "repo": "sops-nix",
+ "type": "github"
+ }
+ },
+ "systems": {
+ "locked": {
+ "lastModified": 1681028828,
+ "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+ "owner": "nix-systems",
+ "repo": "default",
+ "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+ "type": "github"
+ },
+ "original": {
+ "owner": "nix-systems",
+ "repo": "default",
+ "type": "github"
+ }
+ },
+ "unstable": {
+ "locked": {
+ "lastModified": 1690179384,
+ "narHash": "sha256-+arbgqFTAtoeKtepW9wCnA0njCOyoiDFyl0Q0SBSOtE=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "b12803b6d90e2e583429bb79b859ca53c348b39a",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "wlroots": {
+ "flake": false,
+ "locked": {
+ "host": "gitlab.freedesktop.org",
+ "lastModified": 1690165843,
+ "narHash": "sha256-gv5kjss6REeQG0BmvK2gTx7jHLRdCnP25po6It6I6N8=",
+ "owner": "wlroots",
+ "repo": "wlroots",
+ "rev": "e8d545a9770a2473db32e0a0bfa757b05d2af4f3",
+ "type": "gitlab"
+ },
+ "original": {
+ "host": "gitlab.freedesktop.org",
+ "owner": "wlroots",
+ "repo": "wlroots",
+ "rev": "e8d545a9770a2473db32e0a0bfa757b05d2af4f3",
+ "type": "gitlab"
+ }
+ },
+ "xdph": {
+ "inputs": {
+ "hyprland-protocols": [
+ "hyprland",
+ "hyprland-protocols"
+ ],
+ "nixpkgs": [
+ "hyprland",
+ "nixpkgs"
+ ]
+ },
+ "locked": {
+ "lastModified": 1685385764,
+ "narHash": "sha256-r+XMyOoRXq+hlfjayb+fyi9kq2JK48TrwuNIAXqlj7U=",
+ "owner": "hyprwm",
+ "repo": "xdg-desktop-portal-hyprland",
+ "rev": "4d9ff0c17716936e0b5ca577a39e263633901ed1",
+ "type": "github"
+ },
+ "original": {
+ "owner": "hyprwm",
+ "repo": "xdg-desktop-portal-hyprland",
+ "type": "github"
+ }
+ }
+ },
+ "root": "root",
+ "version": 7
+}
diff --git a/machines/tower/default.nix b/machines/tower/default.nix
index fdf9ac1..31df33a 100644
--- a/machines/tower/default.nix
+++ b/machines/tower/default.nix
@@ -25,7 +25,7 @@
luj.buildbot.enable = true;
luj.nginx.enable = true;
- environment.systemPackages = [ pkgs.tailscale ];
+ environment.systemPackages = with pkgs; [ tailscale attic ];
services.tailscale.enable = true;
@@ -102,8 +102,18 @@
services.grafana.enable = true;
services.grafana.settings.server.http_port = 3000;
- services.prometheus.enable = true;
- services.prometheus.pushgateway.enable = true;
+ services.prometheus = {
+ enable = true;
+ pushgateway.enable = true;
+ scrapeConfigs = [
+ {
+ job_name = "push";
+ static_configs = [{
+ targets = [ "127.0.0.1:9091" ];
+ }];
+ }
+ ];
+ };
services.nginx.virtualHosts."data.julienmalka.me" = {
forceSSL = true;
@@ -127,14 +137,14 @@
forceSSL = true;
enableACME = true;
locations."/" = {
- proxyPass = "http://localhost:9090";
+ proxyPass = "http://localhost:9091";
};
};
- networking.firewall.allowedTCPPorts = [ 80 443 1810 ];
- networking.firewall.allowedUDPPorts = [ 80 443 1810 ];
+ networking.firewall.allowedTCPPorts = [ 80 443 1810 9989 ];
+ networking.firewall.allowedUDPPorts = [ 80 443 1810 9989 ];
system.stateVersion = "22.11"; # Did you read the comment?