!coeAONBrWyDJnYMbMi:nixos.org

NixOS System Operations

588 Members
About system administration for running NixOS systems in production. Declaratively manage your operations. | Room recommendations: #networking:nixos.org156 Servers

Load older messages

SenderMessageTime
20 Jan 2025
@federicodschonborn:matrix.orgFederico Damián Schonborn changed their display name from LEGO® Worm™ to Leg O'Worm.01:31:46
@kaczus:matrix.ujwie.cokaczus joined the room.07:26:07
@abyxcos:beeper.comabyxcos set a profile picture.18:01:03
23 Jan 2025
@3pnetja:matrix.org3pnetja joined the room.20:51:49
24 Jan 2025
@mutantmell:matrix.orgmutantmell joined the room.17:57:06
@mutantmell:matrix.orgmutantmell set a profile picture.18:13:50
@mutantmell:matrix.orgmutantmell changed their profile picture.18:14:00
25 Jan 2025
@scrumplex:duckhub.ioScrumplex I am running a server with impermanence. When adding /var/lib/postgres as a persistent path. The actual service still writes to tmpfs on root. My suspicion is the ReadWritePaths= setting on the systemd service. Does anyone have an idea what I could do about this? 14:36:20
@scrumplex:duckhub.ioScrumplex 
# cat /proc/<pid of postgres>/mounts
none / tmpfs ro,nosuid,noexec,relatime,size=131072k,mode=755 0 0
tmpfs /run tmpfs rw,nosuid,nodev,size=971276k,nr_inodes=819200,mode=755 0 0
ramfs /run/keys ramfs rw,nosuid,nodev,relatime,mode=750 0 0
none /run/agenix.d ramfs rw,nosuid,nodev,relatime,mode=751 0 0
tmpfs /run/wrappers tmpfs rw,nosuid,nodev,relatime,mode=755 0 0
/dev/sda2 /nix ext4 ro,nosuid,relatime 0 0
/dev/sda2 /nix/store ext4 ro,nosuid,relatime 0 0
/dev/sda2 /var/log ext4 ro,nosuid,relatime 0 0
/dev/sda2 /var/lib/nixos ext4 ro,nosuid,relatime 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,relatime 0 0
securityfs /sys/kernel/security securityfs rw,nosuid,nodev,noexec,relatime 0 0
cgroup2 /sys/fs/cgroup cgroup2 ro,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot 0 0
pstore /sys/fs/pstore pstore rw,nosuid,nodev,noexec,relatime 0 0
efivarfs /sys/firmware/efi/efivars efivarfs rw,nosuid,nodev,noexec,relatime 0 0
bpf /sys/fs/bpf bpf ro,nosuid,nodev,noexec,relatime,mode=700 0 0
debugfs /sys/kernel/debug debugfs ro,nosuid,nodev,noexec,relatime 0 0
fusectl /sys/fs/fuse/connections fusectl rw,nosuid,nodev,noexec,relatime 0 0
configfs /sys/kernel/config configfs rw,nosuid,nodev,noexec,relatime 0 0
/dev/sda2 /etc/machine-id ext4 ro,nosuid,relatime 0 0
/dev/sda2 /etc/ssh/ssh_host_ed25519_key ext4 ro,nosuid,relatime 0 0
/dev/sda2 /etc/ssh/ssh_host_ed25519_key.pub ext4 ro,nosuid,relatime 0 0
/dev/sda2 /tmp ext4 rw,nosuid,relatime 0 0
/dev/sda1 /boot vfat ro,nosuid,relatime,fmask=0077,dmask=0077,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro 0 0
/dev/sda2 /var/lib/postgres ext4 ro,nosuid,relatime 0 0
/dev/sda2 /var/lib/systemd/coredump ext4 ro,nosuid,relatime 0 0
/dev/sda2 /var/lib/blockgame-meta ext4 ro,nosuid,relatime 0 0
/dev/sda2 /var/cache/blockgame-meta ext4 ro,nosuid,relatime 0 0
tmpfs /dev tmpfs ro,nosuid,noexec,size=4096k,nr_inodes=65536,mode=755 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=3,mode=620,ptmxmode=666 0 0
tmpfs /dev/shm tmpfs rw,nosuid,nodev 0 0
mqueue /dev/mqueue mqueue rw,nosuid,nodev,noexec,relatime 0 0
hugetlbfs /dev/hugepages hugetlbfs rw,nosuid,nodev,relatime,pagesize=2M 0 0
tmpfs /home tmpfs ro,nosuid,nodev,noexec,size=971276k,nr_inodes=819200,mode=755 0 0
proc /proc proc rw,nosuid,nodev,noexec,relatime,hidepid=invisible,subset=pid 0 0
tmpfs /root tmpfs ro,nosuid,nodev,noexec,size=971276k,nr_inodes=819200,mode=755 0 0
tmpfs /run/credentials tmpfs ro,nosuid,nodev,noexec,size=971276k,nr_inodes=819200,mode=755 0 0
tmpfs /run/postgresql tmpfs rw,nosuid,nodev,size=971276k,nr_inodes=819200,mode=755 0 0
tmpfs /run/systemd/incoming tmpfs ro,nosuid,nodev,size=971276k,nr_inodes=819200,mode=755 0 0
tmpfs /run/user tmpfs ro,nosuid,nodev,noexec,size=971276k,nr_inodes=819200,mode=755 0 0
cgroup2 /sys/fs/cgroup/system.slice/postgresql.service/memory.pressure cgroup2 rw,nosuid,nodev,noexec,relatime,nsdelegate,memory_recursiveprot 0 0
sysfs /sys/kernel/tracing sysfs ro,nosuid,nodev,noexec,relatime 0 0
/dev/sda2 /tmp ext4 rw,nosuid,relatime 0 0
none /var/lib/postgresql tmpfs rw,nosuid,noexec,relatime,size=131072k,mode=755 0 0
none /var/lib/postgresql/17 tmpfs rw,nosuid,noexec,relatime,size=131072k,mode=755 0 0
none /var/tmp tmpfs rw,nosuid,noexec,relatime,size=131072k,mode=755 0 0
tmpfs /run/credentials/getty@tty1.service tmpfs ro,nosuid,nodev,noexec,relatime,nosymfollow,size=1024k,nr_inodes=1024,mode=700,noswap 0 0
tmpfs /run/credentials/serial-getty@ttyAMA0.service tmpfs ro,nosuid,nodev,noexec,relatime,nosymfollow,size=1024k,nr_inodes=1024,mode=700,noswap 0 0
tmpfs /run/credentials/serial-getty@ttyS0.service tmpfs ro,nosuid,nodev,noexec,relatime,nosymfollow,size=1024k,nr_inodes=1024,mode=700,noswap 0 0
tmpfs /run/user/0 tmpfs rw,nosuid,nodev,relatime,size=388508k,nr_inodes=97127,mode=700 0 0
14:36:58
@k900:0upti.meK900It's /var/lib/postgresql14:37:36
@scrumplex:duckhub.ioScrumplex👀 Thank you for lending me your pair of eyes 😅14:38:04
28 Jan 2025
@syxal:syxal.io@syxal:syxal.io left the room.09:35:04
@adam:robins.wtfadamcstephensLet Encrypt is ending expiration emails. Since I rely on this in case automation is failing unexpectedly, I'd like an alternative. Any suggestions for something self hosted you like?19:21:14
@magic_rb:matrix.redalder.orgmagic_rbopenssl in a cron job with some regex? /partial s19:21:55
@adam:robins.wtfadamcstephenssure, i could script something19:22:45
@adam:robins.wtfadamcstephensthough i wouldn't probably use openssl cli for it :)19:23:06
@magic_rb:matrix.redalder.orgmagic_rb https://github.com/serokell/serokell.nix/blob/master/modules/acme-sh.nix im using this for automatic renewal 19:23:46
@dgrig:erethon.comdgrighttps://github.com/prometheus/blackbox_exporter is what's commonly used (but it assumes you have prometheus already and alertmanager setup)19:23:47
@magic_rb:matrix.redalder.orgmagic_rb Well, my own fork in my dotfiles 19:23:54
@adam:robins.wtfadamcstephensi don't need the renewal itself. just monitoring of installed certs19:37:43
@k900:0upti.meK900 blackbox-exporter can do that 19:38:02
@k900:0upti.meK900But you do need a working LGTM stack for it to be nice19:38:16
@k900:0upti.meK900Unless you're willing to raw dog Prometheus I guess 19:38:31
@adam:robins.wtfadamcstephensi converted to alloy recently which has a blackbox exporter19:39:18
@adam:robins.wtfadamcstephensso i have a working LGM setup. no T because I'm not generating that many traces yet :)19:40:48
@k900:0upti.meK900Then yeah it just has a metric for certificate expiration date 19:41:10
@adam:robins.wtfadamcstephensthanks. i'll use that then19:41:28
@adam:robins.wtfadamcstephensthough i may write a custom setup to expose an RSS feed instead. :)19:42:14
@adam:robins.wtfadamcstephensanybody switch to 7 day certs yet?19:42:26
@k900:0upti.meK900Can lego even do those yet? 19:42:53

Show newer messages

Back to Room ListRoom Version: 10