zaphar/dotfiles
1
0
Fork 0
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
dotfiles/nix/base-system/darwin-configuration.nix

368 lines
13 KiB
Nix
Raw Blame History

{ pkgs, config, lib, ... }:
let
vfkit = pkgs.callPackage ../packages/vfkit.nix {};
in
{
nix = {
package = pkgs.nix;
# SEE: https://github.com/NixOS/nix/issues/4119#issuecomment-1734738812
settings.sandbox = "relaxed";
extraOptions = ''
experimental-features = nix-command flakes repl-flake
extra-platforms = x86_64-darwin aarch64-darwin x86_64-linux
trusted-users = root zaphar
'';
};
# Right now the documentation build is broken.
# TODO(jwall): Add this back when they work again.
documentation.enable = false;
# I'm not a zealot about this one.
nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [
(self: super: {
neovim = super.neovim.override {
viAlias = true;
vimAlias = true;
};
})
];
# TODO(zaphar): Move this to a module.
#launchd.user.agents.ipfs = {
# serviceConfig = {
# ProgramArguments = [
# "${pkgs.kubo}/bin/ipfs"
# "daemon"
# "--init"
# ];
# KeepAlive = true;
# RunAtLoad = true;
# };
#};
services.my-lorri.enable = true;
services.durnitisp.enable = true;
services.node-exporter.enable = true;
services.prometheus.enable = true;
services.heracles.enable = true;
services.heracles.settings = [
{
title = "Metrics";
span = {
end = "now";
duration = "1h";
step_duration = "1min";
};
graphs = [
{
title = "CPU and Mem Used";
query_type = "Range";
yaxes = [
{
anchor = "y";
tickformat = "~%";
}
];
plots = [
{ # Memory Usage
source = "http://${config.services.prometheus.listen}";
query = ''
(node_memory_wired_bytes
+ node_memory_compressed_bytes
+ node_memory_active_bytes)
/ node_memory_total_bytes
'';
config = {
name_format = "`\${labels.instance} - Memory`";
yaxis = "y";
fill = "tozeroy";
};
}
{ # CPU plot
source = "http://${config.services.prometheus.listen}";
query = ''
sum by (job,instance, mode)(irate(node_cpu_seconds_total{mode!="idle"}[5m]))
/ ignoring(mode) group_left
sum by (job,instance)(irate(node_cpu_seconds_total[5m]))
'';
config = {
name_format = "`\${labels.instance} - \${labels.mode}`";
axis = "y";
};
}
];
}
{
title = "Network Latency";
query_type = "Range";
d3_tick_format = "~s";
yaxes = [
{
anchor = "y";
type = "log";
}
];
plots = [
{
source = "http://${config.services.prometheus.listen}";
query = ''
stun_attempt_latency_ms
'';
config = {
name_format = "`UDP \${labels.domain} latency`";
yaxis = "y";
};
}
{
source = "http://${config.services.prometheus.listen}";
query = ''
ping_latency
'';
config = {
name_format = "`Ping \${labels.domain} latency`";
yaxis = "y";
};
}
];
}
{
title = "Network Errors 5m delta";
query_type = "Range";
d3_tick_format = "~s";
yaxes = [
{
anchor = "y";
}
];
plots = [
{
source = "http://${config.services.prometheus.listen}";
query = ''
delta(stun_attempt_counter{result="err"}[5m])
'';
config = {
name_format = "`UDP \${labels.domain} failure count`";
yaxis = "y1";
};
}
{
source = "http://${config.services.prometheus.listen}";
query = ''
delta(ping_counter{result="dropped"}[5m])
'';
config = {
name_format = "`icmp \${labels.domain} drop count`";
yaxis = "y1";
};
}
];
}
{
title = "Network Traffic Bytes";
query_type = "Range";
d3_tick_format = "~s";
yaxes = [
{
anchor = "y";
type = "log";
}
];
plots = [
{
source = "http://${config.services.prometheus.listen}";
query = ''
irate(node_network_receive_bytes_total{device=~"(lo|en).*"}[5m])
'';
config = {
name_format = "`\${labels.device} Rx`";
yaxis = "y";
};
}
{
source = "http://${config.services.prometheus.listen}";
query = ''
irate(node_network_transmit_bytes_total{device=~"(lo|en).*"}[5m])
'';
config = {
name_format = "`\${labels.device} Tx`";
yaxis = "y";
};
}
];
}
];
}
];
services.victoria-logs.enable = true;
services.vector.enable = true;
services.vector.settings = {
data_dir = "/var/lib/vector";
api = {
enabled = true;
address = "127.0.0.1:8686";
};
sources = {
prometheus = {
type = "file";
include = [
config.services.prometheus.stdoutPath
config.services.prometheus.stderrPath
];
};
#heracles = {
# type = "file";
# include = [
# config.services.heracles.stdoutPath
# config.services.heracles.stderrPath
# ];
#};
# TODO(zaphar): We should remap durnitisp output to strip the TTY control characters.
durnitisp = {
type = "file";
include = [
config.services.durnitisp.stdoutPath
config.services.durnitisp.stderrPath
];
};
vector = {
type = "internal_logs";
};
victoria-logs = {
type = "file";
include = [
config.services.victoria-logs.stdoutPath
config.services.victoria-logs.stderrPath
];
};
system = {
type = "file";
include = [
"/var/log/system.log"
"/var/log/com.apple.xpc.launchd/launchd.log"
];
};
syslog_source = {
type = "exec";
command = ["/usr/bin/log" "stream" "--style" "ndjson"];
mode = "streaming";
};
};
transforms = {
durnitisp_no_tty = {
type = "remap";
inputs = [
"durnitisp"
];
source = ''
.message = strip_ansi_escape_codes(.message) ?? .message
'';
};
syslog = {
type = "remap";
inputs = [
"syslog_source"
];
source = ''
.message = parse_json(.message) ?? .message
del(.command)
.syslog
.eventType = .message.eventType
.processImagePath = .message.processImagePath
'';
};
};
sinks = {
victoria_vector = {
type = "elasticsearch";
mode = "bulk";
endpoints = [
"http://${config.services.victoria-logs.listenAddr}/insert/elasticsearch"
];
inputs = [
"vector"
];
api_version = "v8";
healthcheck.enabled = false;
query = {
_msg_field = "message";
_time_field = "timestamp";
_stream_fields = "host,source_type";
};
};
victoria_syslog = {
type = "elasticsearch";
mode = "bulk";
endpoints = [
"http://${config.services.victoria-logs.listenAddr}/insert/elasticsearch"
];
inputs = [
"syslog"
];
api_version = "v8";
healthcheck.enabled = false;
query = {
_msg_field = "message";
_time_field = "timestamp";
_stream_fields = "host,processImagePath,eventType";
};
};
victoria_files = {
type = "elasticsearch";
mode = "bulk";
endpoints = [
"http://${config.services.victoria-logs.listenAddr}/insert/elasticsearch"
];
inputs = [
"prometheus"
#"heracles"
"durnitisp_no_tty"
"victoria-logs"
"system"
];
api_version = "v8";
healthcheck.enabled = false;
query = {
_msg_field = "message";
_time_field = "timestamp";
_stream_fields = "host,file";
};
};
};
};
# Use a custom configuration.nix location.
# $ darwin-rebuild switch -I darwin-config=$HOME/.config/nixpkgs/darwin/configuration.nix
# environment.darwinConfig = "$HOME/.config/nixpkgs/darwin/configuration.nix";
environment.systemPackages = [
# Required on darwin for podman machine to work.
vfkit
];
# Auto upgrade nix package and the daemon service.
services.nix-daemon.enable = true;
#services.spacebar.enable = true;
#services.spacebar.package = "${pkgs.spacebar}";
# Create /etc/bashrc that loads the nix-darwin environment.
# programs.bash.enable = true; # default shell on catalina
# programs.fish.enable = true;
system.defaults = {
finder.AppleShowAllExtensions = true;
};
system.systemBuilderArgs = lib.mkIf (config.nix.settings.sandbox == "relaxed") {
sandboxProfile = ''
(allow file-read* file-write* process-exec mach-lookup (subpath "${builtins.storeDir}"))
'';
};
# Used for backwards compatibility, please read the changelog before changing.
# $ darwin-rebuild changelog
system.stateVersion = 4;
}
Reference in New Issue View Git Blame Copy Permalink