Add SD image pipeline, documentation overhaul, and fix module issues

- Add automatic SD image builds for Raspberry Pi via Forgejo Actions - Enable binfmt emulation on cryodev-main for aarch64 cross-builds - Add sd-image.nix module to cryodev-pi configuration - Create comprehensive docs/ structure with installation guides - Split installation docs into: first-install (server), reinstall, new-client (Pi) - Add lib/utils.nix and apps/rebuild from synix - Fix headplane module for new upstream API (tale/headplane) - Fix various module issues (mailserver stateVersion, option conflicts) - Add placeholder secrets.yaml files for both hosts - Remove old INSTRUCTIONS.md (content moved to docs/)
2026-03-11 08:41:58 +01:00 · 2026-03-11 08:41:58 +01:00 · 5ba78886d2
commit 5ba78886d2
parent a5261d8ff0
44 changed files with 3570 additions and 609 deletions
--- a/hosts/cryodev-pi/services/netdata.nix
+++ b/hosts/cryodev-pi/services/netdata.nix
@ -1,7 +1,5 @@
 {
  config,
-  pkgs,
-  outputs,
  constants,
  ...
 }:
@ -9,23 +7,48 @@
 {
  services.netdata = {
    enable = true;
-    config = {
-      stream = {
-        enabled = "yes";
-        destination = "${constants.hosts.cryodev-main.ip}:${toString constants.services.netdata.port}";
-        "api key" = config.sops.placeholder."netdata/stream/child-uuid";
+    config.global = {
+      "debug log" = "syslog";
+      "access log" = "syslog";
+      "error log" = "syslog";
+    };
+    configDir = {
+      "stream.conf" = config.sops.templates."netdata/stream.conf".path;
+    };
+  };
+
+  sops =
+    let
+      owner = config.services.netdata.user;
+      group = config.services.netdata.group;
+      mode = "0400";
+      restartUnits = [ "netdata.service" ];
+    in
+    {
+      # generate with `uuidgen`
+      secrets."netdata/stream/child-uuid" = {
+        inherit
+          owner
+          group
+          mode
+          restartUnits
+          ;
+      };
+
+      templates."netdata/stream.conf" = {
+        inherit
+          owner
+          group
+          mode
+          restartUnits
+          ;
+        # child node
+        content = ''
+          [stream]
+          enabled = yes
+          destination = ${constants.hosts.cryodev-main.ip}:${builtins.toString constants.services.netdata.port}
+          api key = ${config.sops.placeholder."netdata/stream/child-uuid"}
+        '';
      };
    };
-  };
-
-  # Make sure sops is enabled/imported for this host to handle the secret
-  imports = [ outputs.nixosModules.sops ];
-
-  sops = {
-    defaultSopsFile = ../secrets.yaml;
-    secrets."netdata/stream/child-uuid" = {
-      owner = "netdata";
-      group = "netdata";
-    };
-  };
 }