James/eve-psr-nix0
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update Purr config; Add Miniflux service

Browse Source
This commit is contained in:
James Eversole 2024-02-24 12:01:51 -06:00
parent 606b54f843
commit 7293c065c1
8 changed files with 40 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
flake.nix
View File

@ -50,6 +50,7 @@
nix-serve-ng.nixosModules.default nix-serve-ng.nixosModules.default
./nix/application/containers.nix ./nix/application/containers.nix
./nix/application/miniflux.nix
./nix/application/nginx.nix ./nix/application/nginx.nix
./nix/monitoring/nginx.nix ./nix/monitoring/nginx.nix

21
nix/application/containers.nix
View File

@ -53,22 +53,29 @@
}; };
purr = { purr = {
image = "docker.matri.cx/purr"; image = "docker.matri.cx/purr:4";
ports = [ "5195:3000" ]; ports = [ "5195:3000" ];
volumes = [ volumes = [
"/home/sezycei/dev/purr/data/Purr.sqlite:/app/data/Purr.sqlite" "/home/sezycei/srv/containerdata/purr/data:/app/data"
"/home/sezycei/dev/purr/config.dhall:/app/config.dhall"
]; ];
environment = { }; environment = {
ENVIRONMENT = "production";
APPLICATIONHOST = "localhost";
APPLICATIONPORT = "3000";
DATADIR = "/app/";
LINKLENGTH = "24";
ADMINEMAIL = "james@eversole.co";
PURRNOFILE = "true";
};
}; };
registry = { registry = {
image = "registry:2.8.3"; image = "registry:2.8.3";
ports = [ "3001:5000" ]; ports = [ "3001:5000" ];
volumes = [ volumes = [
"/home/sezycei/srv/containerdata/registry/registry/data:/var/lib/registry" "/home/sezycei/srv/containerdata/registry/data:/var/lib/registry"
"/home/sezycei/srv/containerdata/registry/registry/certs:/certs" "/home/sezycei/srv/containerdata/registry/certs:/certs"
"/home/sezycei/srv/containerdata/registry/registry/auth:/auth" "/home/sezycei/srv/containerdata/registry/auth:/auth"
]; ];
environment = { }; environment = { };
}; };

11
nix/application/miniflux.nix Normal file
View File

@ -0,0 +1,11 @@
{ pkgs, config, ...}: {
services.miniflux = {
enable = true;
adminCredentialsFile = config.age.secrets.miniflux.path;
config = {
CLEANUP_FREQUENCY_HOURS = "72";
LISTEN_ADDR = "0.0.0.0:26343";
BASE_URL = "https://flux.matri.cx";
};
};
}

8
nix/application/nginx.nix
View File

@ -53,16 +53,18 @@
"docker.matri.cx" = proxiedAuth { "docker.matri.cx" = proxiedAuth {
auth = config.age.secrets.htpasswd-dock.path; auth = config.age.secrets.htpasswd-dock.path;
target = "http://127.0.0.1:3001"; target = "http://127.0.0.1:3001";
extra = ''
client_max_body_size 0;
'';
}; };
"eversole.co" = static { dir = "/var/www/jame.su"; }; "eversole.co" = static { dir = "/var/www/jame.su"; };
"food.eversole.co" = proxied { "flux.matri.cx" = proxied {
target = "http://127.0.0.1:52230"; target = "http://127.0.0.1:26343";
}; };
"git.eversole.co" = { "git.eversole.co" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/" = { root = "/var/www/git.eversole.co"; tryFiles = "$uri $uri/ @git"; }; locations."/" = { root = "/var/www/git.eversole.co"; tryFiles = "$uri $uri/ @git"; };
locations."/purr".return = "301 https://git.eversole.co";
locations."@git" = { proxyPass = "http://127.0.0.1:23232"; priority = 600; }; locations."@git" = { proxyPass = "http://127.0.0.1:23232"; priority = 600; };
}; };
"graf.matri.cx" = { root = "/var/www/graf.matri.cx"; }; # refer to /monitoring/nginx.nix "graf.matri.cx" = { root = "/var/www/graf.matri.cx"; }; # refer to /monitoring/nginx.nix

8
nix/system/age.nix
View File

@ -10,8 +10,14 @@
owner = "grafana"; owner = "grafana";
group = "grafana"; group = "grafana";
}; };
htpasswd-dock.file = ../../secrets/htpasswd-dock.age; htpasswd-dock = {
file = ../../secrets/htpasswd-dock.age;
mode = "770";
owner = "nginx";
group = "nginx";
};
keys.file = ../../secrets/keys.age; keys.file = ../../secrets/keys.age;
miniflux.file = ../../secrets/miniflux.age;
transmission-env.file = ../../secrets/transmission-env.age; transmission-env.file = ../../secrets/transmission-env.age;
}; };
identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; identityPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

2
nix/system/network.nix
View File

@ -2,7 +2,7 @@
networking = { networking = {
hostName = "eve-psr-nix0"; hostName = "eve-psr-nix0";
firewall = { firewall = {
allowedTCPPorts = [ 22 80 443 7860 23231 23232 23233 9418 ]; allowedTCPPorts = [ 22 80 443 7860 23231 23232 23233 9418 3000 ];
allowedUDPPorts = [ 53 1194 ]; allowedUDPPorts = [ 53 1194 ];
trustedInterfaces = [ "tun0" ]; trustedInterfaces = [ "tun0" ];
}; };

1
secrets.nix
View File

@ -12,5 +12,6 @@ in
"secrets/graf-email.age" = { publicKeys = all; }; "secrets/graf-email.age" = { publicKeys = all; };
"secrets/htpasswd-dock.age" = { publicKeys = all; }; "secrets/htpasswd-dock.age" = { publicKeys = all; };
"secrets/keys.age" = { publicKeys = all; }; "secrets/keys.age" = { publicKeys = all; };
"secrets/miniflux.age" = { publicKeys = all; };
"secrets/transmission-env.age" = { publicKeys = all; }; "secrets/transmission-env.age" = { publicKeys = all; };
} }

BIN
secrets/miniflux.age Normal file
View File

Binary file not shown.