home-manager/sajenim/features/cli/default.nix

@@ -15,7 +15,7 @@
     matchBlocks."viridian" = {
       hostname = "viridian.kanto.dev";
       identityFile = "/home/sajenim/.ssh/sajenim_sk";
-      port = 22;
+      port = 62841;
     };
 
     matchBlocks."lavender" = {

home-manager/sajenim/features/cli/git.nix

@@ -11,7 +11,7 @@
     userEmail = "its.jassy@pm.me";
     extraConfig = {
       init.defaultBranch = "master";
-      core.sshCommand = "ssh -i ~/.ssh/forgejo_sk -F /dev/null";
+      core.sshCommand = "ssh -i ~/.ssh/forgejo_sk -p 62841 -F /dev/null";
       commit.gpgsign = "true";
       user.signingkey = "8563E358D4E8040E";
     };

nixos/common/global/env.nix

@@ -18,7 +18,6 @@
       direnv  # load environment
       jq      # JSON processor
       git     # version control
-      nmap    # network mapper
 
       # HTTP
       curl    # transfer dato to/from server

nixos/common/global/ssh.nix

@@ -8,7 +8,7 @@
       PasswordAuthentication = false;
       LogLevel = "VERBOSE";
     };
-    ports = [ 22 ];
+    ports = [ 62841 ];
     openFirewall = true;
   };
 

nixos/viridian/services/default.nix

@@ -13,5 +13,8 @@
     ./grafana.nix
     ./mysql.nix
     ./prometheus.nix
+    ./endlessh-go.nix
+    ./promtail.nix
+    ./loki.nix
   ];
 }

nixos/viridian/services/endlessh-go.nix

@@ -0,0 +1,30 @@
+{ config, ... }:
+
+{
+  services.endlessh-go = {
+    enable = true;
+    port = 22;  # SSH port
+    prometheus = {
+      enable = true;
+      listenAddress = "127.0.0.1";
+      port = 2112; # Prometheus metrics port
+    };
+    extraOptions = [
+      "-interval_ms=1000"
+      "-logtostderr"
+      "-v=1"
+      "-geoip_supplier=ip-api"
+    ];
+    openFirewall = true;
+  };
+
+  services.prometheus.scrapeConfigs = [
+    {
+      job_name = "endlessh";
+      static_configs = [{
+        targets = [ "127.0.0.1:${toString config.services.endlessh-go.prometheus.port}" ];
+      }];
+    }
+  ];
+}
+

nixos/viridian/services/loki.nix

@@ -0,0 +1,81 @@
+{ ... }:
+
+{
+  services.loki = {
+    enable = true;
+    configuration = {
+      server.http_listen_port = 3030;
+      auth_enabled = false;
+
+      ingester = {
+        lifecycler = {
+          address = "127.0.0.1";
+          ring = {
+            kvstore = {
+              store = "inmemory";
+            };
+            replication_factor = 1;
+          };
+        };
+        chunk_idle_period = "1h";
+        max_chunk_age = "1h";
+        chunk_target_size = 999999;
+        chunk_retain_period = "30s";
+        # max_transfer_retries = 0;
+      };
+
+      schema_config = {
+        configs = [{
+          from = "2022-06-06";
+          store = "boltdb-shipper";
+          object_store = "filesystem";
+          schema = "v13";
+          index = {
+            prefix = "index_";
+            period = "24h";
+          };
+        }];
+      };
+
+      storage_config = {
+        boltdb_shipper = {
+          active_index_directory = "/var/lib/loki/boltdb-shipper-active";
+          cache_location = "/var/lib/loki/boltdb-shipper-cache";
+          cache_ttl = "24h";
+          # shared_store = "filesystem";
+        };
+
+        filesystem = {
+          directory = "/var/lib/loki/chunks";
+        };
+      };
+
+      limits_config = {
+        reject_old_samples = true;
+        reject_old_samples_max_age = "168h";
+        allow_structured_metadata = false;  # IDK it said add this to fix some error
+      };
+
+      # chunk_store_config = {
+      #   max_look_back_period = "0s";
+      # };
+
+      table_manager = {
+        retention_deletes_enabled = false;
+        retention_period = "0s";
+      };
+
+      compactor = {
+        working_directory = "/var/lib/loki";
+        # shared_store = "filesystem";
+        compactor_ring = {
+          kvstore = {
+            store = "inmemory";
+          };
+        };
+      };
+    };
+    # user, group, dataDir, extraFlags, (configFile)
+  };
+}
+

nixos/viridian/services/promtail.nix

@@ -0,0 +1,31 @@
+{ config, ... }:
+
+{
+  services.promtail = {
+    enable = true;
+    configuration = {
+      server = {
+        http_listen_port = 9080;
+        grpc_listen_port = 0;
+      };
+      positions = {
+        filename = "/tmp/positions.yaml";
+      };
+      clients = [{
+        url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
+      }];
+      scrape_configs = [{
+        job_name = "system";
+        static_configs = [{
+          targets = [ "localhost" ]; # Promtail target is localhost
+          labels = {
+            instance = "viridian.kanto.dev"; # Label identifier for instance
+            env = "kanto"; # Environment label
+            job = "secure"; # Job label
+            __path__ = "/var/log/sshd.log";
+          };
+        }];
+      }];
+    };
+  };
+}