James/eve-psr-nix0
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Purr config; Add Miniflux service

Browse Source
This commit is contained in:
James Eversole
2024-02-24 12:01:51 -06:00
parent 606b54f843
commit 7293c065c1
8 changed files with 40 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
flake.nix
View File

@ -50,6 +50,7 @@
nix-serve-ng.nixosModules.default
./nix/application/containers.nix
./nix/application/miniflux.nix
./nix/application/nginx.nix
./nix/monitoring/nginx.nix

21
nix/application/containers.nix
View File

@ -53,22 +53,29 @@
};
purr = {
image = "docker.matri.cx/purr";
image = "docker.matri.cx/purr:4";
ports = [ "5195:3000" ];
volumes = [
"/home/sezycei/dev/purr/data/Purr.sqlite:/app/data/Purr.sqlite"
"/home/sezycei/dev/purr/config.dhall:/app/config.dhall"
"/home/sezycei/srv/containerdata/purr/data:/app/data"
];
environment = { };
environment = {
ENVIRONMENT = "production";
APPLICATIONHOST = "localhost";
APPLICATIONPORT = "3000";
DATADIR = "/app/";
LINKLENGTH = "24";
ADMINEMAIL = "james@eversole.co";
PURRNOFILE = "true";
};
};
registry = {
image = "registry:2.8.3";
ports = [ "3001:5000" ];
volumes = [
"/home/sezycei/srv/containerdata/registry/registry/data:/var/lib/registry"
"/home/sezycei/srv/containerdata/registry/registry/certs:/certs"
"/home/sezycei/srv/containerdata/registry/registry/auth:/auth"
"/home/sezycei/srv/containerdata/registry/data:/var/lib/registry"
"/home/sezycei/srv/containerdata/registry/certs:/certs"
"/home/sezycei/srv/containerdata/registry/auth:/auth"
];
environment = { };
};

11
nix/application/miniflux.nix Normal file
View File

@ -0,0 +1,11 @@
{ pkgs, config, ...}: {
services.miniflux = {
enable = true;
adminCredentialsFile = config.age.secrets.miniflux.path;
config = {
CLEANUP_FREQUENCY_HOURS = "72";
LISTEN_ADDR = "0.0.0.0:26343";
BASE_URL = "https://flux.matri.cx";
};
};
}

8
nix/application/nginx.nix
View File

@ -53,16 +53,18 @@
"docker.matri.cx" = proxiedAuth {
auth = config.age.secrets.htpasswd-dock.path;
target = "http://127.0.0.1:3001";
extra = ''
client_max_body_size 0;
'';
};
"eversole.co" = static { dir = "/var/www/jame.su"; };
"food.eversole.co" = proxied {
target = "http://127.0.0.1:52230";
"flux.matri.cx" = proxied {
target = "http://127.0.0.1:26343";
};
"git.eversole.co" = {
enableACME = true;
forceSSL = true;
locations."/" = { root = "/var/www/git.eversole.co"; tryFiles = "$uri $uri/ @git"; };
locations."/purr".return = "301 https://git.eversole.co";
locations."@git" = { proxyPass = "http://127.0.0.1:23232"; priority = 600; };
};
"graf.matri.cx" = { root = "/var/www/graf.matri.cx"; }; # refer to /monitoring/nginx.nix

8
nix/system/age.nix
View File

@ -10,8 +10,14 @@
owner = "grafana";
group = "grafana";
};
htpasswd-dock.file = ../../secrets/htpasswd-dock.age;
htpasswd-dock = {
file = ../../secrets/htpasswd-dock.age;
mode = "770";
owner = "nginx";
group = "nginx";
};
keys.file = ../../secrets/keys.age;
miniflux.file = ../../secrets/miniflux.age;
transmission-env.file = ../../secrets/transmission-env.age;
};
identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

2
nix/system/network.nix
View File

@ -2,7 +2,7 @@
networking = {
hostName = "eve-psr-nix0";
firewall = {
allowedTCPPorts = [ 22 80 443 7860 23231 23232 23233 9418 ];
allowedTCPPorts = [ 22 80 443 7860 23231 23232 23233 9418 3000 ];
allowedUDPPorts = [ 53 1194 ];
trustedInterfaces = [ "tun0" ];
};

1
secrets.nix
View File

@ -12,5 +12,6 @@ in
"secrets/graf-email.age" = { publicKeys = all; };
"secrets/htpasswd-dock.age" = { publicKeys = all; };
"secrets/keys.age" = { publicKeys = all; };
"secrets/miniflux.age" = { publicKeys = all; };
"secrets/transmission-env.age" = { publicKeys = all; };
}

BIN
secrets/miniflux.age Normal file
View File

Binary file not shown.