dp/nixcfg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Activity

Move modules to own directory

Browse Source
This commit is contained in:
Daniel Patterson
2022-07-26 16:55:45 +01:00
parent 9954c0f177
commit cc11f89374
6 changed files with 30 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
modules/caddy/default.nix Normal file
View File

@@ -0,0 +1,90 @@
{
pkgs,
lib,
...
}: {
networking.firewall.allowedTCPPorts = [80 8448 443];
services.tailscale.permitCertUid = "caddy";
services.caddy = {
enable = true;
virtualHosts = {
"http://metrics.town" = {
extraConfig = ''
reverse_proxy http://localhost:3000
'';
};
"matrix.broccoli.town" = {
extraConfig = ''
reverse_proxy /_matrix/* http://localhost:8008
reverse_proxy /_synapse/client/* http://localhost:8008
'';
};
"broccoli.town:8448" = {
extraConfig = ''
reverse_proxy http://localhost:8008
'';
};
"broccoli.town" = {
extraConfig = ''
header /.well-known/* "Access-Control-Allow-Origin" "*"
respond /.well-known/matrix/client "{\"m.homeserver\": {\"base_url\": \"https://broccoli.town\"}}"
reverse_proxy /_matrix/* http://localhost:8008
reverse_proxy /_synapse/client/* http://localhost:8008
redir / https://chat.broccoli.town
'';
};
"chat.broccoli.town" = {
extraConfig = ''
header {
X-Frame-Options "SAMEORIGIN"
X-XSS-Protection "1; mode=block"
X-Content-Type-Options "nosniff"
X-Robots-Tag "noindex, noarchive, nofollow"
}
root * ${
pkgs.element-web.override {
conf = {
default_server_config."m.homeserver" = {
"base_url" = "https://broccoli.town";
"server_name" = "broccoli.town";
};
};
}
}
file_server
'';
};
"danielpatterson.dev" = {
extraConfig = ''
root * /srv/site/danielpatterson.dev
encode zstd gzip
file_server
'';
};
"movies.danielpatterson.dev" = {
extraConfig = ''
reverse_proxy localhost:8096
'';
};
"bigding.squirrel-clownfish.ts.net" = {
extraConfig = ''
tls {
get_certificate tailscale
}
reverse_proxy localhost:9091
'';
};
};
};
}

10
modules/default.nix Normal file
View File

@@ -0,0 +1,10 @@
{
bigding = {
imports = [
./caddy
./dungflix
./monitoring
./synapse
];
};
}

68
modules/dungflix/default.nix Normal file
View File

@@ -0,0 +1,68 @@
{
pkgs,
config,
...
}: let
mountdir = "/var/media/dungflix";
rclone_config = pkgs.writeText "" ''
[dungflix]
type = b2
[dungflix-vault]
type = crypt
remote = dungflix:dungflix-bucket
'';
in {
age.secrets = {
dungflix_bucket_account_id.file = ../../secrets/dungflix_bucket_account_id.age;
dungflix_bucket_account_key.file = ../../secrets/dungflix_bucket_account_key.age;
dungflix_crypt_remote_obscured_pass.file = ../../secrets/dungflix_crypt_remote_obscured_pass.age;
};
services = {
jellyfin.enable = true;
transmission = {
enable = true;
settings = {
rpc-host-whitelist-enable = true;
rpc-host-whitelist = "bigding.squirrel-clownfish.ts.net";
};
};
};
users.users."daniel".extraGroups = ["transmission"];
systemd.services.dungflix-mount = {
description = "Mount the Backblaze B2 media store";
wantedBy = ["multi-user.target"];
path = [pkgs.fuse];
preStart = ''
mkdir -p -m 777 ${mountdir}
'';
script = ''
export RCLONE_B2_ACCOUNT=''$(cat ${config.age.secrets.dungflix_bucket_account_id.path})
export RCLONE_B2_KEY=''$(cat ${config.age.secrets.dungflix_bucket_account_key.path})
export RCLONE_CRYPT_PASSWORD=''$(cat ${config.age.secrets.dungflix_crypt_remote_obscured_pass.path})
${pkgs.rclone}/bin/rclone --config="${rclone_config}" mount dungflix-vault: ${mountdir} \
--transfers 32 \
--vfs-cache-mode full \
--vfs-cache-max-age 168h \
--vfs-cache-max-size 200G \
--allow-other \
--no-modtime \
--buffer-size 4G \
--rc \
--rc-no-auth \
-vv
'';
postStart = ''
sleep 5
${pkgs.rclone}/bin/rclone --config="${rclone_config}" rc vfs/refresh recursive=true _async=true
'';
serviceConfig = {
Restart = "on-failure";
};
};
}

28
modules/monitoring/default.nix Normal file
View File

@@ -0,0 +1,28 @@
{
config,
pkgs,
lib,
...
}: {
services.grafana = {
enable = true;
};
services.prometheus = {
enable = true;
exporters = {
};
scrapeConfigs = [
{
job_name = "synapse";
metrics_path = "/_synapse/metrics";
static_configs = [
{
targets = ["localhost:9000"];
}
];
}
];
};
}

63
modules/synapse/default.nix Normal file
View File

@@ -0,0 +1,63 @@
{
config,
pkgs,
lib,
...
}: let
fqdn = "matrix.broccoli.town";
in {
services.postgresql = {
enable = true;
ensureUsers = [
{
name = "matrix-synapse";
ensurePermissions = {
"DATABASE synapse" = "ALL PRIVILEGES";
};
}
];
ensureDatabases = [
"synapse"
];
};
services.matrix-synapse = {
enable = true;
settings = {
enable_metrics = true;
server_name = "broccoli.town";
database = {
name = "psycopg2";
args = {
database = "synapse";
user = "matrix-synapse";
};
};
max_upload_size = "50M";
listeners = [
{
port = 8008;
type = "http";
tls = false;
x_forwarded = true;
resources = [
{
names = ["client" "federation"];
compress = false;
}
];
}
{
port = 9000;
type = "metrics";
tls = false;
bind_addresses = [
"0.0.0.0"
];
resources = [
];
}
];
};
};
}