BeiNacht/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

vps-arm-2024-07-10-12-27-30

Browse Source
This commit is contained in:
Alexander Szczepanski
2024-07-10 12:27:30 +02:00
parent 1ce3dc6971
commit bfe63888a6
7 changed files with 140 additions and 28 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
README.md Normal file
View File

@ -0,0 +1,5 @@
# Most stuff
sudo nix-channel --add https://github.com/nix-community/home-manager/archive/release-24.05.tar.gz home-manager
sudo nix-channel --update
sudo nix-channel --add https://nixos.org/channels/nixos-unstable-small nixos-unstable

3
configs/user.nix
View File

@ -30,7 +30,8 @@ in {
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDPSzeNjfkz7/B/18TcJxxmNFUhvTKoieBcexdzebWH7oncvyBXNRJp8vAqSIVFLzz5UUFQNFuilggs8/N48U84acmFOxlbUmxlkf8KZgeB/G6uQ8ncQh6M1HNNPH+9apTURgfctr7eEZe9seLIEBISQLXB2Sf3F1ogfDj25S8kH9RM4wM1/jDFK5IecWHScKxwQPmCoXeGE1LEJq6nkQLXMDsWhSihtWouaTxSR0p7/wp/Rqt/hzLEWj8e3+qLMc5JrrdaWksupUCysme7CnSfGSzNUv9RKiRCTFofYPT9tbRn5JzdpQ55v22S6OvmmXUHjST1MOzI8MpVPZCCqd/ZQ1E+gErFiMwjG4sn/xxdPK9/jbQaXMjLklbKtR+C5090Ew2u2kj78jqGk/8COhF1MXh/9qjcG+C51uD1AS9d410kfjPwkaUt4U2KktDMQ942nWywrvIWM0Gt2kgDLYotsy/70q/aTJ8bvaCoWoDOGmpWcyNNBalz4OYYGI2Z0WHrVTs0FpzSk/XeQz0OLkmueoh5GDGd8zrfO6Nf5LWI17aWGRePTpQP5mJIg6jC3j8/QVrthEP6QyIIkZsnfsmvSiMWVfXqEy1BxVlu3T6aLffaj679KCsxY+mx5mTH2hwd4ZdbSI4F0GCIt+WGaFhHs2V3ZQitoEZuraRPEc4HGw== alexander@szczepan.ski"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOYEaT0gH9yJM2Al0B+VGXdZB/b2qjZK7n01Weq0TcmQ alex@framework"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEgLFUQH6BNW/m7GdZjIoewTWSSGH7vD+OAKE/4rqksT alex@desktop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIN99h5reZdz9+DOyTRh8bPYWO+Dtv7TbkLbMdvi+Beio alex@desktop"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIkURF5v9vRyEPhsK80kUgYh1vsS0APL4XyH4F3Fpyic alex@macbook"
];
};
};

50
machine/vps-arm.nix
View File

@ -4,20 +4,21 @@ let
unstable = import <nixos-unstable> { config.allowUnfree = true; };
in
{
imports =
[
/etc/nixos/hardware-configuration.nix
../configs/common.nix
../configs/docker.nix
../configs/user.nix
imports = [
/etc/nixos/hardware-configuration.nix
../configs/common.nix
../configs/docker.nix
../configs/user.nix
../services/adguardhome.nix
../services/frigate.nix
../services/gitea.nix
../services/nextcloud.nix
../services/rustdesk-server.nix
../services/uptime-kuma.nix
];
../services/adguardhome.nix
../services/frigate.nix
../services/gitea.nix
../services/nextcloud.nix
../services/rustdesk-server.nix
../services/uptime-kuma.nix
../services/headscale.nix
../services/goaccess.nix
];
boot.loader = {
systemd-boot.enable = true;
@ -97,17 +98,6 @@ in
'';
virtualHosts = {
${config.services.gitea.settings.server.DOMAIN} = {
forceSSL = true;
enableACME = true;
locations = { "/" = { proxyPass = "http://127.0.0.1:3001/"; }; };
};
${config.services.nextcloud.hostName} = {
forceSSL = true;
enableACME = true;
};
${config.services.adguardhome.settings.tls.server_name} = {
forceSSL = true;
enableACME = true;
@ -115,6 +105,18 @@ in
"/" = { proxyPass = "https://127.0.0.1:3003/"; };
};
};
"homeassistant.szczepan.ski" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://mini.main.szczepan.ski:8123/";
proxyWebsockets = true;
};
};
};
};
};

14
services/gitea.nix
View File

@ -1,6 +1,16 @@
{ config, lib, pkgs, ... }:
{
services = {
nginx = {
virtualHosts = {
${config.services.gitea.settings.server.DOMAIN} = {
forceSSL = true;
enableACME = true;
locations = { "/" = { proxyPass = "http://127.0.0.1:3001/"; }; };
};
};
};
postgresql = {
enable = true;
ensureDatabases = [
@ -23,8 +33,8 @@
};
settings = {
server = {
DOMAIN = "git.v220240679185274666.nicesrv.de";
ROOT_URL = "https://git.v220240679185274666.nicesrv.de/";
DOMAIN = "git.szczepan.ski";
ROOT_URL = "https://git.szczepan.ski/";
HTTP_PORT = 3001;
HTTP_ADDR = "127.0.0.1";
};

49
services/goaccess.nix Normal file
View File

@ -0,0 +1,49 @@
{ config, lib, pkgs, ... }:
let
secrets = import ../configs/secrets.nix;
in
{
services = {
nginx = {
virtualHosts = {
"goaccess.szczepan.ski" = {
forceSSL = true;
enableACME = true;
basicAuth = { alex = secrets.goaccess-password; };
locations = {
"/" = { root = "/var/www/goaccess"; };
"/ws" = {
proxyPass = "http://127.0.0.1:7890/";
proxyWebsockets = true;
};
};
};
};
};
};
systemd = {
tmpfiles.settings = {
"goaccess" = {
"/var/www/goaccess" = { d.mode = "0755"; };
};
};
services = {
# Limit stack size to reduce memory usage
fail2ban.serviceConfig.LimitSTACK = 256 * 1024;
goaccess = {
description = "GoAccess real-time web log analysis";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
script = "${pkgs.gzip}/bin/zcat -f /var/log/nginx/access.* | ${pkgs.goaccess}/bin/goaccess - -o /var/www/goaccess/index.html --log-format='%v %h %^[%d:%t %^]%^\"%r\" %s %b \"%R\" \"%u\"' --real-time-html --ws-url=wss://goaccess.szczepan.ski:443/ws --port 7890 --time-format \"%H:%M:%S\" --date-format \"%d/%b/%Y\"";
# serviceConfig = {
# StateDirectory = "/var/www/goaccess";
# # ExecStart = "${pkgs.bash}/bin/bash -c "${pkgs.gzip}/bin/zcat -f /var/log/nginx/access.* | ${pkgs.goaccess}/bin/goaccess -o /var/www/goaccess/index.html --log-format='%v %h %^[%d:%t %^]%^\"%r\" %s %b \"%R\" \"%u\"' --real-time-html --ws-url=wss://goaccess.szczepan.ski:443/ws --port 7890 --time-format \"%H:%M:%S\" --date-format \"%d/%b/%Y\"'";
# # ExecStop = "/bin/kill -9 ${MAINPID}";
# };
};
};
};
}

18
services/headscale.nix
View File

@ -1,6 +1,24 @@
{ config, lib, pkgs, ... }:
{
environment.systemPackages = with pkgs; [ headscale ];
services = {
nginx = {
virtualHosts = {
# ${config.services.headscale.settings.dns_config.domains} = {
"headscale.szczepan.ski" = {
forceSSL = true;
enableACME = true;
locations = {
"/" = {
proxyPass = "http://127.0.0.1:8088/";
proxyWebsockets = true;
};
};
};
};
};
headscale = {
enable = true;
address = "127.0.0.1";

29
services/nextcloud.nix
View File

@ -1,6 +1,15 @@
{ config, lib, pkgs, ... }:
{
services = {
nginx = {
virtualHosts = {
${config.services.nextcloud.hostName} = {
forceSSL = true;
enableACME = true;
};
};
};
postgresql = {
enable = true;
ensureDatabases = [
@ -17,7 +26,7 @@
nextcloud = {
enable = true;
hostName = "nextcloud.v220240679185274666.nicesrv.de";
hostName = "nextcloud.szczepan.ski";
# Need to manually increment with every major upgrade.
package = pkgs.nextcloud29;
@ -58,12 +67,26 @@
previewgenerator
tasks
unroundedcorners;
# user_migration = pkgs.fetchNextcloudApp {
# sha256 = "sha256-OwALAM/WPJ4gXHQado0njfJL+ciDsvfbPjqGWk23Pm8=";
# url = "https://github.com/nextcloud-releases/user_migration/releases/download/v6.0.0/user_migration-v6.0.0.tar.gz";
# license = "agpl3Plus";
# };
};
phpOptions = {
"opcache.interned_strings_buffer" = "64";
};
settings = {
overwriteProtocol = "https";
default_phone_region = "DE";
log_type = "file";
"memories.exiftool" = "${lib.getExe pkgs.exiftool}";
"memories.vod.ffmpeg" = "${lib.getExe pkgs.ffmpeg-headless}";
"memories.vod.ffprobe" = "${pkgs.ffmpeg-headless}/bin/ffprobe";
"overwrite.cli.url" = "${config.services.nextcloud.hostName}";
"maintenance_window_start" = "1";
};
config = {
@ -73,4 +96,8 @@
};
};
};
systemd.services.nextcloud-cron = {
path = [ pkgs.perl ];
};
}