titaniumtown/server-config
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
This repository has been archived on 2026-04-18. You can view files and clone it. You cannot open issues or pull requests or push a commit.
Files
1f2886d35c74b5e7d405e730d64d82fb2e6f622d
server-config/service-configs.nix
Simon Gardling a3a6700106 grafana: replace disk-usage-collector with prometheus-zfs-exporter 
The custom disk-usage-collector shell script + minutely timer is replaced
by prometheus-zfs-exporter (pdf/zfs_exporter, packaged in nixpkgs as
services.prometheus.exporters.zfs). The exporter provides pool capacity
metrics (allocated/free/size) natively.

Partition metrics (/boot, /persistent, /nix) now use node_exporter's
built-in filesystem collector (node_filesystem_*_bytes) which already
runs and collects these metrics.

Also fixes a latent race condition in serviceMountWithZpool: the -mounts
service now orders after zfs-mount.service (which runs 'zfs mount -a'),
not just after pool import. Without this, the mount check could run
before datasets are actually mounted.
2026-04-09 19:54:57 -04:00

359 lines
7.5 KiB
Nix
Raw Blame History

rec {
zpool_ssds = "tank";
zpool_hdds = "hdds";
torrents_path = "/torrents";
services_dir = "/services";
music_dir = "/${zpool_ssds}/music";
media_group = "media";
cpu_arch = "znver3";
ports = {
# Ports exposed to the internet. The flake asserts every public port
# appears in the corresponding firewall allow-list (TCP, UDP, or both).
public = {
http = {
port = 80;
proto = "tcp";
};
https = {
port = 443;
proto = "both";
}; # HTTP/3 QUIC
minecraft = {
port = 25565;
proto = "tcp";
};
syncthing_protocol = {
port = 22000;
proto = "both";
}; # QUIC
syncthing_discovery = {
port = 21027;
proto = "udp";
};
matrix_federation = {
port = 8448;
proto = "both";
}; # HTTP/3 QUIC
coturn = {
port = 3478;
proto = "both";
};
coturn_tls = {
port = 5349;
proto = "both";
};
livekit = {
port = 7880;
proto = "tcp";
};
soulseek_listen = {
port = 50300;
proto = "tcp";
};
monero = {
port = 18080;
proto = "tcp";
};
monero_rpc = {
port = 18081;
proto = "tcp";
}; # restricted public RPC
p2pool_p2p = {
port = 37889;
proto = "tcp";
};
murmur = {
port = 64738;
proto = "both";
};
};
# Ports bound to localhost / VPN only. The flake asserts none of
# these appear in the firewall allow-lists.
private = {
jellyfin = {
port = 8096;
proto = "tcp";
};
torrent = {
port = 6011;
proto = "tcp";
};
bitmagnet = {
port = 3333;
proto = "tcp";
};
gitea = {
port = 2283;
proto = "tcp";
};
immich = {
port = 2284;
proto = "tcp";
};
soulseek_web = {
port = 5030;
proto = "tcp";
};
vaultwarden = {
port = 8222;
proto = "tcp";
};
syncthing_gui = {
port = 8384;
proto = "tcp";
};
matrix = {
port = 6167;
proto = "tcp";
};
ntfy = {
port = 2586;
proto = "tcp";
};
lk_jwt = {
port = 8081;
proto = "tcp";
};
prowlarr = {
port = 9696;
proto = "tcp";
};
sonarr = {
port = 8989;
proto = "tcp";
};
radarr = {
port = 7878;
proto = "tcp";
};
bazarr = {
port = 6767;
proto = "tcp";
};
jellyseerr = {
port = 5055;
proto = "tcp";
};
monero_zmq = {
port = 18083;
proto = "tcp";
};
p2pool_stratum = {
port = 3334;
proto = "tcp";
};
firefox_syncserver = {
port = 5000;
proto = "tcp";
};
mollysocket = {
port = 8020;
proto = "tcp";
};
grafana = {
port = 3000;
proto = "tcp";
};
prometheus = {
port = 9090;
proto = "tcp";
};
prometheus_node = {
port = 9100;
proto = "tcp";
};
prometheus_apcupsd = {
port = 9162;
proto = "tcp";
};
llama_cpp = {
port = 6688;
proto = "tcp";
};
trilium = {
port = 8787;
proto = "tcp";
};
jellyfin_exporter = {
port = 9594;
proto = "tcp";
};
qbittorrent_exporter = {
port = 9561;
proto = "tcp";
};
igpu_exporter = {
port = 9563;
proto = "tcp";
};
prometheus_zfs = {
port = 9134;
proto = "tcp";
};
harmonia = {
port = 5500;
proto = "tcp";
};
};
};
https = {
certs = services_dir + "/http_certs";
domain = "sigkill.computer";
old_domain = "gardling.com"; # Redirect traffic from old domain
};
gitea = {
dir = services_dir + "/gitea";
domain = "git.${https.domain}";
};
postgres = {
socket = "/run/postgresql";
dataDir = services_dir + "/sql";
shared_buffers_m = 128; # PostgreSQL default; update if you change shared_buffers
};
immich = {
dir = services_dir + "/immich";
};
minecraft = {
parent_dir = services_dir + "/minecraft";
server_name = "main";
memory = {
heap_size_m = 4000;
large_page_size_m = 2;
};
};
torrent = {
SavePath = torrents_path;
TempPath = torrents_path + "/incomplete";
categories = {
anime = torrents_path + "/anime";
archive = torrents_path + "/archive";
audiobooks = torrents_path + "/audiobooks";
books = torrents_path + "/books";
games = torrents_path + "/games";
movies = torrents_path + "/movies";
music = torrents_path + "/music";
musicals = torrents_path + "/musicals";
tvshows = torrents_path + "/tvshows";
};
};
jellyfin = {
dataDir = services_dir + "/jellyfin";
cacheDir = services_dir + "/jellyfin_cache";
};
slskd = rec {
base = "/var/lib/slskd";
downloads = base + "/downloads";
incomplete = base + "/incomplete";
};
vaultwarden = {
path = "/var/lib/vaultwarden";
};
monero = {
dataDir = services_dir + "/monero";
};
p2pool = {
dataDir = services_dir + "/p2pool";
walletAddress = "49b6NT2k7fQHs8JvF7naUvchYwTQmRpoMMXb1KJTg5UcZVmyPJ7n6jgiH8DrvEsMg5GvMjJqPB1c1PTBAYtUTsbeHe5YMBx";
};
matrix = {
dataDir = "/var/lib/continuwuity";
domain = "matrix.${https.domain}";
};
ntfy = {
domain = "ntfy.${https.domain}";
};
mollysocket = {
domain = "mollysocket.${https.domain}";
};
livekit = {
domain = "livekit.${https.domain}";
};
syncthing = {
dataDir = services_dir + "/syncthing";
signalBackupDir = "/${zpool_ssds}/bak/signal";
grayjayBackupDir = "/${zpool_ssds}/bak/grayjay";
};
prowlarr = {
dataDir = services_dir + "/prowlarr";
};
sonarr = {
dataDir = services_dir + "/sonarr";
};
radarr = {
dataDir = services_dir + "/radarr";
};
bazarr = {
dataDir = services_dir + "/bazarr";
};
jellyseerr = {
configDir = services_dir + "/jellyseerr";
};
recyclarr = {
dataDir = services_dir + "/recyclarr";
};
firefox_syncserver = {
domain = "firefox-sync.${https.domain}";
};
grafana = {
dir = services_dir + "/grafana";
domain = "grafana.${https.domain}";
};
trilium = {
dataDir = services_dir + "/trilium";
};
media = {
moviesDir = torrents_path + "/media/movies";
tvDir = torrents_path + "/media/tv";
};
# Per-service 2MB hugepage budget.
# Each value is the service's hugepage consumption in MB, derived from
# its actual memory configuration. The kernel sysctl vm.nr_hugepages
# is set to total_pages so every service gets what it needs.
hugepages_2m = rec {
page_size_m = 2;
# RandomX dataset (2048MB) + cache (256MB) = 2304MB per instance.
# Both monerod and p2pool allocate their own full copy via MAP_HUGETLB.
randomx_instance_m = 2048 + 256;
services = {
minecraft_m = minecraft.memory.heap_size_m; # JVM heap via -XX:+UseLargePages
monerod_m = randomx_instance_m; # block verification dataset
p2pool_m = randomx_instance_m; # mining dataset
postgres_m = postgres.shared_buffers_m; # huge_pages = try (default)
};
total_pages = builtins.foldl' (a: b: a + b) 0 (builtins.attrValues services) / page_size_m;
};
}
Reference in New Issue View Git Blame Copy Permalink