@ibizaman this is so cool! I hope this idea can make its way into nixpkgs some day 
2 Likes
Very new to NixOS here😅, Also the first post here I’m replying to. I would love to know whether this project can or have aspirations like setting up a self hosted service with a single command via flake.
I wanted to know because, imagine people setting up and running a piped instance in minutes. Also with a pool of such instances downtime will be reduced. So setting up instances with a single command will be useful for various projects.
That’s a dream of course and there are many part needed to get it.
I’m not sure how this project would help in that because for what you describe to work in one command, you need a very opinionated configuration. Like you should let no choice to the user on how things are implemented, what services goes together, etc.
This project’s goal is pretty much the opposite. Its goal is to avoid coupling in nixpkgs and move the responsibility of choosing what services should go together to later. To let the final user be more free to choose what goes together.
I can see this project helping in a very indirect way. By avoiding service maintainers the burden of figuring out how to couple services together by providing them with contracts, I can see those maintainers have less work to do on that front. Maybe that will help them get more free time and do other work.
Also, by relying on contracts instead of implementing something themselves, maintainers would increase their velocity. So you could get more things packaged faster with more features.
But anyway if you want something like this, projects like the following are what you should be looking at now:
- GitHub - nix-community/nixos-anywhere: install nixos everywhere via ssh [maintainer=@numtide]
- GitHub - elitak/nixos-infect: [GPLv3+] install nixos over the existing OS in a DigitalOcean droplet (and others with minor modifications) and - GitHub - fort-nix/nix-bitcoin: A collection of Nix packages and NixOS modules for easily installing full-featured Bitcoin nodes with an emphasis on security.
3 Likes
Thanks for the elaborate reply. I get the gist of this project somewhat. And yes , if once such a large single command deployment thing is organised, users have to adjust the configuration files as to couple what and what. This is a really Great initiative. 
2 Likes
Added a dashboard for Nextcloud. It’s super useful to understand if performance is an issue and what’s causing it in the first place. I’m sure improvements can be done but it’s already a good starting dashboard.
The full explanation is in the manual but here are some pictures of it already.
It shows the ubiquitous CPU, memory, network I/O and disk I/O but also stall time which is IMO an often overlooked metric to know if a process is actually stuck waiting on a resource.
It shows PHP-FPM related metrics. The Nextcloud module adds the php-fpm exporter for the Nextcloud pool to get those.
Logs from backup jobs are shown. There can be one or multiple backups (to different locations, for example) and the dashboard will adapt.
The dashboard shows each request passing through Nginx and going to the Nextcloud backend with a handful of important headers and timing metrics.
Finally, the dashboard parses log output to figure out if there is a JSON error in it that should be parsed to extract the essential information. In the screenshot, top line is the original error and bottom is what is shown in the dashboard:
There’s more but I couldn’t post more than 5 pictures, the rest is in the manual 
This dashboard added to the previously available tracing option makes for a pretty complete
The commit adding this release is on version v0.2.7. Get that release with:
nix flake lock --override-input selfhostblocks github:ibizaman/selfhostblocks/v0.2.7
4 Likes
I added a new dashboard and alert to catch certificates that did not renew.
The new dashboard shows expiry time:
Legend is
$hostname - CN: $fqdn: $path_to_certificate
And the alert fires when the expiry time is in less than a week. This alert should usually never fire but in case it does, it means the certificate renewal process had an issue. I don’t like to add alerts but I deemed this one necessary because if the certificates ever expire, pretty much everything breaks.
2 Likes
It was long overdue but I created a pre-RFC to upstream contracts into nixpkgs Pre-RFC: Decouple services using structured typing
3 Likes
6 Likes