James/eve-psr-nix0
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Grafana & Loki & Promtail monitoring stack

Browse Source
This commit is contained in:
James Eversole
2023-06-26 20:05:48 -05:00
parent 6081557b6b
commit db6195695e
18 changed files with 454 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

91
application/containers.nix Normal file
View File

@ -0,0 +1,91 @@
{
virtualisation.oci-containers = {
containers = {
bind = {
image = "sameersbn/bind:latest";
ports =
[ "0.0.0.0:53:53/tcp" "0.0.0.0:53:53/udp" "0.0.0.0:5053:10000/tcp" ];
volumes = [ "/home/sezycei/srv/containerdata/bind/bind:/data" ];
environmentFiles = [ /home/sezycei/srv/containerdata/bind/.env ];
};
jellyfin = {
image = "linuxserver/jellyfin";
ports = [ "0.0.0.0:8096:8096" "0.0.0.0:8920:8920" ];
volumes = [
"/home/sezycei/srv/containerdata/jellyfin/config:/config"
"/home/torrent/data/completed:/data/unsorted"
"/home/torrent/data/TV:/data/tvshows"
"/home/torrent/data/Movies:/data/movies"
"/home/torrent/data/transcode:/data/transcode"
"/home/torrent/data/Music:/data/music"
];
environment = {
PGID = "1000";
PUID = "1000";
TZ = "America/Chicago";
UMASK_SET = "022";
};
};
legit = {
image = "docker.matri.cx/legit";
ports = [ "0.0.0.0:5121:8080" ];
volumes = [
"/home/sezycei/srv/containerdata/legit/static:/static"
"/home/sezycei/srv/containerdata/legit/templates:/templates"
"/home/sezycei/srv/containerdata/legit/legit.yml:/legit.yml"
"/home/sezycei/srv/containerdata/legit/repos:/var/www/git"
];
environment = { };
};
murmur = {
image = "goofball222/murmur";
ports = [ "0.0.0.0:64738:64738" "0.0.0.0:64738:64738/udp" ];
volumes = [
"/home/sezycei/srv/containerdata/registry/registry/data:/var/lib/registry"
"/home/sezycei/srv/containerdata/registry/registry/certs:/certs"
"/home/sezycei/srv/containerdata/registry/registry/auth:/auth"
];
environment = { };
};
purr = {
image = "docker.matri.cx/purr";
ports = [ "0.0.0.0:5195:3000" ];
volumes = [
"/home/sezycei/dev/purr/data/Purr.sqlite:/app/data/Purr.sqlite"
"/home/sezycei/dev/purr/config.dhall:/app/config.dhall"
];
environment = { };
};
registry = {
image = "registry:2";
ports = [ "0.0.0.0:3001:5000" ];
volumes = [
"/home/sezycei/srv/containerdata/registry/registry/data:/var/lib/registry"
"/home/sezycei/srv/containerdata/registry/registry/certs:/certs"
"/home/sezycei/srv/containerdata/registry/registry/auth:/auth"
];
environment = { };
};
transmission = {
image = "haugene/transmission-openvpn";
ports = [ "0.0.0.0:9091:9091" ];
volumes = [
"/home/sezycei/srv/scripts/transmission/settings.json:/etc/transmission-daemon/settings.json"
"/etc/localtime:/etc/localtime:ro"
"/home/torrent/data:/data"
];
environmentFiles =
[ /home/sezycei/srv/containerdata/transmission/.env ];
extraOptions = [ "--cap-add=NET_ADMIN" "--privileged" ];
};
};
};
}

121
application/nginx.nix Normal file
View File

@ -0,0 +1,121 @@
{ config, ... }: {
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedOptimisation = true;
recommendedGzipSettings = true;
virtualHosts."cache.matri.cx" = {
enableACME = true;
forceSSL = true;
root = "/var/www/cache.matri.cx";
locations."/".proxyPass = "http://${config.services.nix-serve.bindAddress}:${toString config.services.nix-serve.port}";
};
virtualHosts."caitlynncox.com" = {
enableACME = true;
forceSSL = true;
root = "/var/www/caitlynncox.com";
};
virtualHosts."dallasmed65.com" = {
enableACME = true;
forceSSL = true;
root = "/var/www/dallasmed65.com";
};
virtualHosts."docker.matri.cx" = {
enableACME = true;
forceSSL = true;
root = "/var/www/docker.matri.cx";
locations."/" = {
basicAuthFile = config.age.secrets.htpasswd-dock.path;
proxyPass = "http://192.168.0.130:3001";
};
};
virtualHosts."eversole.co" = {
enableACME = true;
forceSSL = true;
root = "/var/www/jame.su";
locations = {
"/.well-known/openpgpkey/hu/".extraConfig = ''
default_type "application/octet-stream";
add_header Access-Control-Allow-Origin * always;
'';
"/ip".proxyPass = "http://192.168.0.130:5001";
"/pw".proxyPass = "http://192.168.0.130:5002";
};
};
virtualHosts."git.eversole.co" = {
enableACME = true;
forceSSL = true;
root = "/var/www/git.eversole.co";
locations = {
"/James".extraConfig = ''
if ($request_uri ~* "([^/]*$)" ) {
return 301 https://$server_name/$1;
}
'';
"/".proxyPass = "http://192.168.0.130:5121";
};
};
# refer to /monitoring/nginx.nix
virtualHosts."graf.eversole.co" = {
root = "/var/www/graf.eversole.co";
};
virtualHosts."hydra.matri.cx" = {
enableACME = true;
forceSSL = true;
root = "/var/www/hydra.matri.cx";
locations."/" = {
proxyPass = "http://192.168.0.130:3034";
extraConfig = ''
proxy_set_header X-Request-Base "https://hydra.matri.cx";
'';
};
};
virtualHosts."jame.su" = {
enableACME = true;
forceSSL = true;
root = "/var/www/jame.su";
};
virtualHosts."matri.cx" = {
enableACME = true;
forceSSL = true;
root = "/var/www/matri.cx";
};
virtualHosts."media.matri.cx" = {
enableACME = true;
forceSSL = true;
root = "/var/www/media.matri.cx";
locations."/".proxyPass = "http://192.168.0.130:8096";
};
virtualHosts."sezycei.com" = {
enableACME = true;
forceSSL = true;
root = "/var/www/sezycei.com";
};
virtualHosts."snakebelmont.com" = {
enableACME = true;
forceSSL = true;
root = "/var/www/snakebelmont.com";
};
virtualHosts."purr.eversole.co" = {
enableACME = true;
forceSSL = true;
root = "/var/www/purr.eversole.co";
locations."/".proxyPass = "http://192.168.0.130:5195";
};
};
}