{ pkgs, config, lib, ... }: let vfkit = pkgs.callPackage ../packages/vfkit.nix {}; in { nix = { package = pkgs.nix; enable = true; # SEE: https://github.com/NixOS/nix/issues/4119#issuecomment-1734738812 settings.sandbox = "relaxed"; extraOptions = '' experimental-features = nix-command flakes extra-platforms = x86_64-darwin aarch64-darwin x86_64-linux trusted-users = root zaphar ''; }; # Right now the documentation build is broken. # TODO(jwall): Add this back when they work again. documentation.enable = false; # I'm not a zealot about this one. nixpkgs.config.allowUnfree = true; nixpkgs.overlays = [ (self: super: { neovim = super.neovim.override { viAlias = true; vimAlias = true; }; }) ]; # TODO(zaphar): Move this to a module. #launchd.user.agents.ipfs = { # serviceConfig = { # ProgramArguments = [ # "${pkgs.kubo}/bin/ipfs" # "daemon" # "--init" # ]; # KeepAlive = true; # RunAtLoad = true; # }; #}; services.ollama = { enable = true; user="zaphar"; }; services.my-lorri.enable = true; services.durnitisp.enable = true; services.node-exporter.enable = true; services.prometheus.enable = true; services.heracles.enable = true; services.heracles.settings = [ { title = "Metrics"; span = { end = "now"; duration = "1h"; step_duration = "1min"; }; graphs = [ { title = "CPU and Mem Used"; query_type = "Range"; yaxes = [ { anchor = "y"; tickformat = "~%"; } ]; plots = [ { # Memory Usage source = "http://${config.services.prometheus.listen}"; query = '' (node_memory_wired_bytes + node_memory_compressed_bytes + node_memory_active_bytes) / node_memory_total_bytes ''; config = { name_format = "`\${labels.instance} - Memory`"; yaxis = "y"; fill = "tozeroy"; }; } { # CPU plot source = "http://${config.services.prometheus.listen}"; query = '' sum by (job,instance, mode)(irate(node_cpu_seconds_total{mode!="idle"}[5m])) / ignoring(mode) group_left sum by (job,instance)(irate(node_cpu_seconds_total[5m])) ''; config = { name_format = "`\${labels.instance} - \${labels.mode}`"; axis = "y"; }; } ]; } { title = "Network Latency"; query_type = "Range"; d3_tick_format = "~s"; yaxes = [ { anchor = "y"; type = "log"; } ]; plots = [ { source = "http://${config.services.prometheus.listen}"; query = '' stun_attempt_latency_ms ''; config = { name_format = "`UDP \${labels.domain} latency`"; yaxis = "y"; }; } { source = "http://${config.services.prometheus.listen}"; query = '' ping_latency ''; config = { name_format = "`Ping \${labels.domain} latency`"; yaxis = "y"; }; } ]; } { title = "Network Errors 5m delta"; query_type = "Range"; d3_tick_format = "~s"; yaxes = [ { anchor = "y"; } ]; plots = [ { source = "http://${config.services.prometheus.listen}"; query = '' delta(stun_attempt_counter{result="err"}[5m]) ''; config = { name_format = "`UDP \${labels.domain} failure count`"; yaxis = "y1"; }; } { source = "http://${config.services.prometheus.listen}"; query = '' delta(ping_counter{result="dropped"}[5m]) ''; config = { name_format = "`icmp \${labels.domain} drop count`"; yaxis = "y1"; }; } ]; } { title = "Network Traffic Bytes"; query_type = "Range"; d3_tick_format = "~s"; yaxes = [ { anchor = "y"; type = "log"; } ]; plots = [ { source = "http://${config.services.prometheus.listen}"; query = '' irate(node_network_receive_bytes_total{device=~"(lo|en).*"}[5m]) ''; config = { name_format = "`\${labels.device} Rx`"; yaxis = "y"; }; } { source = "http://${config.services.prometheus.listen}"; query = '' irate(node_network_transmit_bytes_total{device=~"(lo|en).*"}[5m]) ''; config = { name_format = "`\${labels.device} Tx`"; yaxis = "y"; }; } ]; } ]; } ]; services.victoria-logs.enable = true; services.vector.enable = true; services.vector.settings = { data_dir = "/var/lib/vector"; api = { enabled = true; address = "127.0.0.1:8686"; }; sources = { prometheus = { type = "file"; include = [ config.services.prometheus.stdoutPath config.services.prometheus.stderrPath ]; }; #heracles = { # type = "file"; # include = [ # config.services.heracles.stdoutPath # config.services.heracles.stderrPath # ]; #}; # TODO(zaphar): We should remap durnitisp output to strip the TTY control characters. durnitisp = { type = "file"; include = [ config.services.durnitisp.stdoutPath config.services.durnitisp.stderrPath ]; }; vector = { type = "internal_logs"; }; victoria-logs = { type = "file"; include = [ config.services.victoria-logs.stdoutPath config.services.victoria-logs.stderrPath ]; }; system = { type = "file"; include = [ "/var/log/system.log" "/var/log/com.apple.xpc.launchd/launchd.log" ]; }; syslog_source = { type = "exec"; command = ["/usr/bin/log" "stream" "--style" "ndjson"]; mode = "streaming"; }; }; transforms = { durnitisp_no_tty = { type = "remap"; inputs = [ "durnitisp" ]; source = '' .message = strip_ansi_escape_codes(.message) ?? .message ''; }; syslog = { type = "remap"; inputs = [ "syslog_source" ]; source = '' .message = parse_json(.message) ?? .message del(.command) .syslog .eventType = .message.eventType .processImagePath = .message.processImagePath ''; }; }; sinks = { victoria_vector = { type = "elasticsearch"; mode = "bulk"; endpoints = [ "http://${config.services.victoria-logs.listenAddr}/insert/elasticsearch" ]; inputs = [ "vector" ]; api_version = "v8"; healthcheck.enabled = false; query = { _msg_field = "message"; _time_field = "timestamp"; _stream_fields = "host,source_type"; }; }; victoria_syslog = { type = "elasticsearch"; mode = "bulk"; endpoints = [ "http://${config.services.victoria-logs.listenAddr}/insert/elasticsearch" ]; inputs = [ "syslog" ]; api_version = "v8"; healthcheck.enabled = false; query = { _msg_field = "message"; _time_field = "timestamp"; _stream_fields = "host,processImagePath,eventType"; }; }; victoria_files = { type = "elasticsearch"; mode = "bulk"; endpoints = [ "http://${config.services.victoria-logs.listenAddr}/insert/elasticsearch" ]; inputs = [ "prometheus" #"heracles" "durnitisp_no_tty" "victoria-logs" "system" ]; api_version = "v8"; healthcheck.enabled = false; query = { _msg_field = "message"; _time_field = "timestamp"; _stream_fields = "host,file"; }; }; }; }; # Use a custom configuration.nix location. # $ darwin-rebuild switch -I darwin-config=$HOME/.config/nixpkgs/darwin/configuration.nix # environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix"; environment.systemPackages = [ # Required on darwin for podman machine to work. vfkit ]; #services.spacebar.enable = true; #services.spacebar.package = "${pkgs.spacebar}"; # Create /etc/bashrc that loads the nix-darwin environment. # programs.bash.enable = true; # default shell on catalina # programs.fish.enable = true; system.defaults = { finder.AppleShowAllExtensions = true; }; system.systemBuilderArgs = lib.mkIf (config.nix.settings.sandbox == "relaxed") { sandboxProfile = '' (allow file-read* file-write* process-exec mach-lookup (subpath "${builtins.storeDir}")) ''; }; system.primaryUser = "zaphar"; # Used for backwards compatibility, please read the changelog before changing. # $ darwin-rebuild changelog system.stateVersion = 4; }