vps-arm-2024-07-10-12-27-30

2024-07-10 12:27:30 +02:00
parent 1ce3dc6971
commit bfe63888a6
7 changed files with 140 additions and 28 deletions
--- a/services/gitea.nix
+++ b/services/gitea.nix
@@ -1,6 +1,16 @@
 { config, lib, pkgs, ... }:
 {
  services = {
+    nginx = {
+      virtualHosts = {
+        ${config.services.gitea.settings.server.DOMAIN} = {
+          forceSSL = true;
+          enableACME = true;
+          locations = { "/" = { proxyPass = "http://127.0.0.1:3001/"; }; };
+        };
+      };
+    };
+
    postgresql = {
      enable = true;
      ensureDatabases = [
@@ -23,8 +33,8 @@
      };
      settings = {
        server = {
-          DOMAIN = "git.v220240679185274666.nicesrv.de";
-          ROOT_URL = "https://git.v220240679185274666.nicesrv.de/";
+          DOMAIN = "git.szczepan.ski";
+          ROOT_URL = "https://git.szczepan.ski/";
          HTTP_PORT = 3001;
          HTTP_ADDR = "127.0.0.1";
        };
--- a/services/goaccess.nix
+++ b/services/goaccess.nix
@@ -0,0 +1,49 @@
+{ config, lib, pkgs, ... }:
+let
+  secrets = import ../configs/secrets.nix;
+in
+{
+  services = {
+    nginx = {
+      virtualHosts = {
+        "goaccess.szczepan.ski" = {
+          forceSSL = true;
+          enableACME = true;
+          basicAuth = { alex = secrets.goaccess-password; };
+          locations = {
+            "/" = { root = "/var/www/goaccess"; };
+            "/ws" = {
+              proxyPass = "http://127.0.0.1:7890/";
+              proxyWebsockets = true;
+            };
+          };
+        };
+      };
+    };
+  };
+
+  systemd = {
+    tmpfiles.settings = {
+      "goaccess" = {
+        "/var/www/goaccess" = { d.mode = "0755"; };
+      };
+    };
+
+    services = {
+      # Limit stack size to reduce memory usage
+      fail2ban.serviceConfig.LimitSTACK = 256 * 1024;
+
+      goaccess = {
+        description = "GoAccess real-time web log analysis";
+        after = [ "network.target" ];
+        wantedBy = [ "multi-user.target" ];
+        script = "${pkgs.gzip}/bin/zcat -f /var/log/nginx/access.* | ${pkgs.goaccess}/bin/goaccess - -o /var/www/goaccess/index.html --log-format='%v %h %^[%d:%t %^]%^\"%r\" %s %b \"%R\" \"%u\"' --real-time-html --ws-url=wss://goaccess.szczepan.ski:443/ws --port 7890 --time-format \"%H:%M:%S\" --date-format \"%d/%b/%Y\"";
+        # serviceConfig = {
+        #   StateDirectory = "/var/www/goaccess";
+        #   # ExecStart = "${pkgs.bash}/bin/bash -c "${pkgs.gzip}/bin/zcat -f /var/log/nginx/access.* | ${pkgs.goaccess}/bin/goaccess -o /var/www/goaccess/index.html --log-format='%v %h %^[%d:%t %^]%^\"%r\" %s %b \"%R\" \"%u\"' --real-time-html --ws-url=wss://goaccess.szczepan.ski:443/ws --port 7890 --time-format \"%H:%M:%S\" --date-format \"%d/%b/%Y\"'";
+        #   # ExecStop = "/bin/kill -9 ${MAINPID}";
+        # };
+      };
+    };
+  };
+}
--- a/services/headscale.nix
+++ b/services/headscale.nix
@@ -1,6 +1,24 @@
 { config, lib, pkgs, ... }:
 {
+  environment.systemPackages = with pkgs; [ headscale ];
+
  services = {
+    nginx = {
+      virtualHosts = {
+        # ${config.services.headscale.settings.dns_config.domains} = {
+        "headscale.szczepan.ski" = {
+          forceSSL = true;
+          enableACME = true;
+          locations = {
+            "/" = {
+              proxyPass = "http://127.0.0.1:8088/";
+              proxyWebsockets = true;
+            };
+          };
+        };
+      };
+    };
+
    headscale = {
      enable = true;
      address = "127.0.0.1";
--- a/services/nextcloud.nix
+++ b/services/nextcloud.nix
@@ -1,6 +1,15 @@
 { config, lib, pkgs, ... }:
 {
  services = {
+    nginx = {
+      virtualHosts = {
+        ${config.services.nextcloud.hostName} = {
+          forceSSL = true;
+          enableACME = true;
+        };
+      };
+    };
+
    postgresql = {
      enable = true;
      ensureDatabases = [
@@ -17,7 +26,7 @@

    nextcloud = {
      enable = true;
-      hostName = "nextcloud.v220240679185274666.nicesrv.de";
+      hostName = "nextcloud.szczepan.ski";

      # Need to manually increment with every major upgrade.
      package = pkgs.nextcloud29;
@@ -58,12 +67,26 @@
          previewgenerator
          tasks
          unroundedcorners;
+        # user_migration = pkgs.fetchNextcloudApp {
+        #   sha256 = "sha256-OwALAM/WPJ4gXHQado0njfJL+ciDsvfbPjqGWk23Pm8=";
+        #   url = "https://github.com/nextcloud-releases/user_migration/releases/download/v6.0.0/user_migration-v6.0.0.tar.gz";
+        #   license = "agpl3Plus";
+        # };
+      };
+
+      phpOptions = {
+        "opcache.interned_strings_buffer" = "64";
      };

      settings = {
        overwriteProtocol = "https";
        default_phone_region = "DE";
        log_type = "file";
+        "memories.exiftool" = "${lib.getExe pkgs.exiftool}";
+        "memories.vod.ffmpeg" = "${lib.getExe pkgs.ffmpeg-headless}";
+        "memories.vod.ffprobe" = "${pkgs.ffmpeg-headless}/bin/ffprobe";
+        "overwrite.cli.url" = "${config.services.nextcloud.hostName}";
+        "maintenance_window_start" = "1";
      };

      config = {
@@ -73,4 +96,8 @@
      };
    };
  };
+
+  systemd.services.nextcloud-cron = {
+    path = [ pkgs.perl ];
+  };
 }