Fix infinite recursion in modules/stats.nix <-> nixos-modules, remove nginx tcp fast open code moved to nixos-modules
This commit is contained in:
parent
525edf5bc5
commit
a88e1e00c8
|
@ -21,9 +21,6 @@
|
|||
# reset 60 seconds after a kernel panic
|
||||
"kernel.panic" = 60;
|
||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||
# enable tcp fastopen for outgoing and incoming connections
|
||||
# used by haproxy and nginx
|
||||
"net.ipv4.tcp_fastopen" = 3;
|
||||
};
|
||||
# recommend to turn off, only on by default for backwards compatibility
|
||||
zfs.forceImportRoot = false;
|
||||
|
@ -200,21 +197,6 @@
|
|||
proxy_set_header X-Real-IP $proxy_protocol_addr;
|
||||
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
|
||||
'';
|
||||
virtualHosts."_".listen = let
|
||||
extraParameters = [
|
||||
"reuseport"
|
||||
|
||||
# net.core.somaxconn is set to 4096
|
||||
# see https://www.nginx.com/blog/tuning-nginx/#:~:text=to%20a%20value-,greater%20than%20512,-%2C%20change%20the%20backlog
|
||||
"backlog=1024"
|
||||
|
||||
"deferred"
|
||||
"fastopen=256" # requires nginx to be compiled with -DTCP_FASTOPEN=23
|
||||
];
|
||||
in lib.mkDefault [
|
||||
{ addr = "[::]"; port = 80; inherit extraParameters; }
|
||||
{ addr = "[::]"; port = 443; ssl = true; inherit extraParameters; }
|
||||
];
|
||||
};
|
||||
|
||||
openssh = {
|
||||
|
|
18
flake.lock
18
flake.lock
|
@ -362,11 +362,11 @@
|
|||
},
|
||||
"nixos": {
|
||||
"locked": {
|
||||
"lastModified": 1694342461,
|
||||
"narHash": "sha256-/0NhpfW6cSd3k39QhQoSchKt3UGG2n/o4qmg75h/8cY=",
|
||||
"lastModified": 1694346869,
|
||||
"narHash": "sha256-3rom5sUg5Euqiq3XdnxISy++iRafclsIT191KriTQv0=",
|
||||
"owner": "SuperSandro2000",
|
||||
"repo": "nixpkgs",
|
||||
"rev": "607451c9283d51c259662d37d50e9a7984a08579",
|
||||
"rev": "c6c94ddf0a33eae72051a4fe4543609c9de1eff9",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -398,11 +398,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694293408,
|
||||
"narHash": "sha256-5Mka4G5nYSlOALiBGv3kMTS7XWCFE6DFz8xdl+tYcrw=",
|
||||
"lastModified": 1694347645,
|
||||
"narHash": "sha256-4REU1NpRvtD8CO/UZ3sAP5mE7C9HmP5RjO2XFIHT2Gk=",
|
||||
"owner": "SuperSandro2000",
|
||||
"repo": "nixos-modules",
|
||||
"rev": "0274bc775d2496ce95aec10b4cbb786ee0737dfb",
|
||||
"rev": "7adbab67fd91b05095b46221b3772b1e8cd01d0b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
@ -452,11 +452,11 @@
|
|||
]
|
||||
},
|
||||
"locked": {
|
||||
"lastModified": 1694252381,
|
||||
"narHash": "sha256-TkwNC+30EMjselnwg3OCZ29gNLqqkPskeQVC8s9Khaw=",
|
||||
"lastModified": 1694342626,
|
||||
"narHash": "sha256-wbNZq57MUGVXBVyPD0+JFGAIW7a0NUYMCM6dOHCWG50=",
|
||||
"owner": "astro",
|
||||
"repo": "nix-openwrt-imagebuilder",
|
||||
"rev": "2239e2b0b4d4af0bec3edc379449ed8aec1f32fc",
|
||||
"rev": "cceaa22c6e7f027569ec29c466e63d7fbb7b3356",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
|
|
|
@ -1,11 +1,10 @@
|
|||
{ config, lib, libC, pkgs, ... }:
|
||||
{ config, lib, libC, ... }:
|
||||
|
||||
let
|
||||
cfg = config.c3d2.hq.statistics;
|
||||
|
||||
isMetal =
|
||||
!config.boot.isContainer &&
|
||||
!(config ? microvm);
|
||||
isMetal = !config.boot.isContainer && !(config ? microvm);
|
||||
supportsNodeExporter = config.nixpkgs.system != "riscv64-linux";
|
||||
|
||||
nginxStatusPort = 9100;
|
||||
in
|
||||
|
@ -57,9 +56,24 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
nginx = lib.mkMerge [
|
||||
(lib.mkIf config.services.nginx.enable {
|
||||
virtualHosts.localhost = {
|
||||
nginx = {
|
||||
# nginx only needs to be explicitly enabled when proxing node_exporter
|
||||
enable = lib.mkIf supportsNodeExporter true;
|
||||
|
||||
virtualHosts = {
|
||||
# only required when proxying node_exporter
|
||||
"_" = lib.mkIf supportsNodeExporter {
|
||||
listen = [
|
||||
{ addr = "0.0.0.0"; port = nginxStatusPort; }
|
||||
{ addr = "[::]"; port = nginxStatusPort; }
|
||||
];
|
||||
locations."/metrics" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.prometheus.exporters.node.port}/metrics";
|
||||
extraConfig = libC.hqNetworkOnly;
|
||||
};
|
||||
};
|
||||
|
||||
localhost = lib.mkIf cfg.enable {
|
||||
listen = [
|
||||
{ addr = "127.0.0.1"; port = nginxStatusPort; }
|
||||
{ addr = "[::1]"; port = nginxStatusPort; }
|
||||
|
@ -73,24 +87,10 @@ in
|
|||
deny all;
|
||||
'';
|
||||
};
|
||||
})
|
||||
};
|
||||
};
|
||||
|
||||
(lib.mkIf (pkgs.system != "riscv64-linux") {
|
||||
enable = true;
|
||||
virtualHosts."_" = {
|
||||
listen = [
|
||||
{ addr = "0.0.0.0"; port = nginxStatusPort; }
|
||||
{ addr = "[::]"; port = nginxStatusPort; }
|
||||
];
|
||||
locations."/metrics" = {
|
||||
proxyPass = "http://127.0.0.1:${toString config.services.prometheus.exporters.node.port}/metrics";
|
||||
extraConfig = libC.hqNetworkOnly;
|
||||
};
|
||||
};
|
||||
})
|
||||
];
|
||||
|
||||
prometheus.exporters.node = lib.mkIf (pkgs.system != "riscv64-linux") {
|
||||
prometheus.exporters.node = lib.mkIf supportsNodeExporter {
|
||||
enable = true;
|
||||
enabledCollectors = [ "ethtool" "systemd" ];
|
||||
listenAddress = "127.0.0.1";
|
||||
|
|
|
@ -92,10 +92,6 @@ with final; {
|
|||
|
||||
mlat-client = python3Packages.callPackage ./mlat-client.nix { };
|
||||
|
||||
nginx = prev.nginx.override {
|
||||
configureFlags = [ "-DTCP_FASTOPEN=23" ];
|
||||
};
|
||||
|
||||
nixVersions = prev.nixVersions // {
|
||||
stable = prev.nixVersions.stable.overrideAttrs (oldAttrs: {
|
||||
patches = oldAttrs.patches or [ ] ++ [
|
||||
|
|
Loading…
Reference in New Issue