From c8305dd3d89435e032d8e2b7dfa6e85f5af36cb8 Mon Sep 17 00:00:00 2001
From: Polen <polensky@pm.me>
Date: Sat, 14 Jun 2025 08:53:35 -0400
Subject: [PATCH] pi/server more observable

---
 Makefile                         |  2 +-
 devices/pi/configuration.nix     | 76 +++++++++++++++++++-------------
 devices/server/configuration.nix | 28 ++++++++++++
 devices/xps13/configuration.nix  |  4 +-
 4 files changed, 77 insertions(+), 33 deletions(-)

diff --git a/Makefile b/Makefile
index 8d99f63..69b63fc 100644
--- a/Makefile
+++ b/Makefile
@@ -3,7 +3,7 @@ build-pi-image:
 
 # Doest work yet
 rebuild-pi:
-	nixos-rebuild switch --flake .#pi --target-host polen@192.168.1.241 --use-remote-sudo
+	nixos-rebuild switch --flake .#pi --target-host pi --build-host server --use-remote-sudo
 
 deploy-server:
 	nixos-rebuild switch --flake .#server --target-host server --build-host server --use-remote-sudo
diff --git a/devices/pi/configuration.nix b/devices/pi/configuration.nix
index 6beb5e6..863d948 100644
--- a/devices/pi/configuration.nix
+++ b/devices/pi/configuration.nix
@@ -1,12 +1,16 @@
-{ inputs, config, pkgs, lib, ... }:
-
-let
+{
+  inputs,
+  config,
+  pkgs,
+  lib,
+  ...
+}: let
   user = "polen";
   hostname = "pi";
 in {
   boot = {
     kernelPackages = pkgs.linuxKernel.packages.linux_rpi3;
-    initrd.availableKernelModules = [ "xhci_pci" "usbhid" "usb_storage" ];
+    initrd.availableKernelModules = ["xhci_pci" "usbhid" "usb_storage"];
     loader = {
       grub.enable = false;
       generic-extlinux-compatible.enable = true;
@@ -17,51 +21,63 @@ in {
     "/" = {
       device = "/dev/disk/by-label/NIXOS_SD";
       fsType = "ext4";
-      options = [ "noatime" ];
+      options = ["noatime"];
     };
   };
 
-	#sops.defaultSopsFile = ../../secrets/secrets.yaml;
-	#sops.defaultSopsFormat = "yaml";
-	#sops.age.keyFile = "/home/polen/.config/sops/age/keys.txt";
-	#sops.secrets.pi_user_pass.neededForUsers = true;
+  swapDevices = [
+    {
+      device = "/var/lib/swapfile";
+      size = 10 * 1024;
+    }
+  ];
+
+  #sops.defaultSopsFile = ../../secrets/secrets.yaml;
+  #sops.defaultSopsFormat = "yaml";
+  #sops.age.keyFile = "/home/polen/.config/sops/age/keys.txt";
+  #sops.secrets.pi_user_pass.neededForUsers = true;
 
   networking = {
-		networkmanager.enable = true;
-		wireless.enable = false;
+    networkmanager.enable = true;
+    wireless.enable = false;
     hostName = hostname;
-		firewall.allowedTCPPorts = [ 80 443 ];
+    firewall.allowedTCPPorts = [80 443];
   };
 
-	services.caddy = {
-		enable = true;
-		virtualHosts."mealie.polensky.me".extraConfig = ''
-			reverse_proxy http://localhost:9925
-		'';
-	};
+  services.caddy = {
+    enable = true;
+    virtualHosts."mealie.polensky.me".extraConfig = ''
+      reverse_proxy http://localhost:9925
+    '';
+  };
 
-	nix.settings.trusted-users = [ user ];
+  services.prometheus.exporters = {
+    node.enable = true;
+    node.openFirewall = true;
+  };
 
-  environment.systemPackages = with pkgs; [ 
-		htop-vim
-		neovim 
-		tmux 
-		curl
-		wget
-		git
-		ranger
-	];
+  nix.settings.trusted-users = [user];
+
+  environment.systemPackages = with pkgs; [
+    htop-vim
+    neovim
+    tmux
+    curl
+    wget
+    git
+    ranger
+  ];
 
   services.openssh.enable = true;
 
-	virtualisation.docker.enable = true;
+  virtualisation.docker.enable = true;
 
   users = {
     mutableUsers = false;
     users."${user}" = {
       isNormalUser = true;
       #hashedPasswordFile = config.sops.secrets.pi_user_pass.path;
-      extraGroups = [ "wheel" "docker" ];
+      extraGroups = ["wheel" "docker"];
     };
   };
 
diff --git a/devices/server/configuration.nix b/devices/server/configuration.nix
index 29fd7f6..f0c644f 100644
--- a/devices/server/configuration.nix
+++ b/devices/server/configuration.nix
@@ -15,6 +15,8 @@
   };
   #boot.kernelModules = ["msr"];
 
+  boot.binfmt.emulatedSystems = ["aarch64-linux"];
+
   services.openssh.enable = true;
 
   services = {
@@ -29,6 +31,31 @@
         rpc-whitelist = "127.0.0.1,192.168.*.*";
       };
     };
+    prometheus = {
+      enable = true;
+      exporters = {
+        node.enable = true;
+      };
+      scrapeConfigs = [
+        {
+          job_name = "node-exporters-lan";
+          static_configs = [
+            {
+              targets = ["192.168.1.241:9100"];
+              labels = {
+                instance = "pi";
+              };
+            }
+            {
+              targets = ["127.0.0.1:9100"];
+              labels = {
+                instance = "server";
+              };
+            }
+          ];
+        }
+      ];
+    };
   };
 
   networking = {
@@ -36,6 +63,7 @@
     firewall.allowedTCPPorts = [
       8096 # jellyfin
       9091 # transmission
+      9090 # prometheus
     ];
   };
 
diff --git a/devices/xps13/configuration.nix b/devices/xps13/configuration.nix
index a07f4b5..21ad49d 100644
--- a/devices/xps13/configuration.nix
+++ b/devices/xps13/configuration.nix
@@ -29,14 +29,14 @@
   nix = {
     settings.experimental-features = ["nix-command" "flakes"];
     settings.trusted-users = ["polen"];
-    # settings.extra-platforms = config.boot.binfmt.emulatedSystems;
+    settings.extra-platforms = config.boot.binfmt.emulatedSystems;
     gc = {
       automatic = true;
       dates = "weekly";
       options = "--delete-older-than 15d";
     };
   };
-  # boot.binfmt.emulatedSystems = ["aarch64-linux"];
+  boot.binfmt.emulatedSystems = ["aarch64-linux"];
 
   # Configure network proxy if necessary
   # networking.proxy.default = "http://user:password@proxy:port/";