modified: grafana.nix

modified:   modules/common.nix
	modified:   modules/grafana.nix
	modified:   modules/users.nix

hosts/services/common.nix

@@ -1,13 +0,0 @@
-{ config, pkgs, ...}:
-{
-  environment.variables.EDITOR = "nvim";
-  environment.systemPackages = with pkgs; [
-    gitAndTools.gitFull
-    unzip
-    zip
-    tmux
-    lshw
-    bc
-    neovim
-  ];
-}

hosts/services/configuration.nix

@@ -1,11 +1,14 @@
 { ... }: {
   imports = [
     ./hardware-configuration.nix
+    ./firewall-services.nix
     ../modules/users.nix
     ../modules/common.nix
+    ../modules/grafana.nix
     
   ];
 
+  system.stateVersion = "21.05";
   boot.cleanTmpDir = true;
   zramSwap.enable = true;
   networking.hostName = "services";

hosts/services/firewall-services.nix

@@ -0,0 +1,17 @@
+{ config, lib, pkgs, ... }:
+
+{
+  networking.firewall = {
+    allowPing = true;
+    # allowed TCP range
+    allowedTCPPorts = [ 22 80 2342 9001 9002];
+  };
+  services.fail2ban = {
+    enable = true;
+    maxretry = 2;
+    ignoreIP = [
+      "127.0.0.0/8" 
+      "212.114.16.52"
+    ];
+  };
+}

hosts/services/users.nix

@@ -1,41 +0,0 @@
-{ config, pkgs, ...}:
-{
-  users = { 
-    groups = {
-      alexandre = {};
-    };
-    users = {
-      alexandre = {
-        isNormalUser = true;
-	createHome = true;
-        home = "/home/alexandre";
-        description = "Alexandre LUCAZEAU";
-        extraGroups = [ "wheel" ];
-        group = "alexandre";
-        shell = pkgs.fish;
-	openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKUA1RW6JwZasspAp8qmFRFnlV5WXjhLfStAAkM+KYLv lucazeau.alexandre@gmail.com" ];
-      };
-    };
-  };
-  programs.git = {
-	enable = true;
-	config.user.email = "lucazeau.alexandre@gmail.com";
-	config.user.name = "Alexandre LUCAZEAU";
-	config.init.defaultBranch = "main";
-	config.core.sshCommand = "ssh -i ~/.ssh/id_ed25519-perso";
-  };
-  programs.fish.enable = true;
-  programs.fish.shellAliases = {
-	ll = "ls -l";
-	ls = "ls --color=tty";
-	vi = "nvim";
-	vim = "nvim";
-  };
-  security.sudo = {
-	enable = true;
-	execWheelOnly = true;
-	extraRules = [
-	{ users = [ "alexandre" ]; commands = [ { command = "ALL"; options = [ "NOPASSWD" ]; } ]; }
-	];
-  };
-}

modules/common.nix

@@ -9,5 +9,10 @@
     lshw
     bc
     neovim
+    ncdu
+    nixos-option
+    bat
+    procs
+    exa
   ];
 }

modules/grafana.nix

@@ -0,0 +1,40 @@
+{ config, pkgs, ...}:
+  let
+     caddyDir = "/var/lib/caddy";
+  in
+  {
+  services.grafana = {
+      enable = true;
+      domain = "sup.atlanticaweb.fr";
+      port = 2342;
+      addr = "192.168.10.109";
+  };
+  services.prometheus = {
+    enable = true;
+    port = 9001;
+    exporters = {
+      node = {
+        enable = true;
+        enabledCollectors = [ "systemd" ];
+        port = 9002;
+      };
+    };
+    scrapeConfigs = [
+      {
+        job_name = "services";
+        static_configs = [{
+          targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ];
+        }];
+      }
+    ];
+  };
+  users.users.caddy = {
+    group = "caddy";
+    uid = config.ids.uids.caddy;
+    home = caddyDir;
+    createHome = true;
+    extraGroups = [ "users" ];
+  };
+  
+  users.groups.caddy.gid = config.ids.uids.caddy;
+}

modules/users.nix

@@ -27,7 +27,7 @@
   programs.fish.enable = true;
   programs.fish.shellAliases = {
 	ll = "ls -l";
-	ls = "ls --color=tty";
+	ls = "exa";
 	vi = "nvim";
 	vim = "nvim";
   };