genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-27 09:27:44 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Everything is migrated! Now to clean up...

Browse source
This commit is contained in:
Gene Liverman 2024-06-21 23:29:49 -04:00
parent 3075248fc7
commit 3457194cdd
8 changed files with 168 additions and 145 deletions
Download patch file Download diff file Expand all files Collapse all files

8
modules/hosts/nixos/hetznix01/default.nix
View file

@ -24,8 +24,11 @@
# Open ports in the firewall.
firewall.allowedTCPPorts = [
22 # ssh
25 # SMTP (unencrypted)
80 # http to local Nginx
443 # https to local Nginx
465 # SMTP with TLS
587 # SMTP with STARTTLS
];
# firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
@ -45,6 +48,11 @@
enable = true;
package = pkgs.postgresql_16;
};
postgresqlBackup = {
enable = true;
backupAll = true;
startAt = "*-*-* 23:00:00";
};
uptime-kuma = {
enable = true;
settings = {

61
modules/hosts/nixos/hetznix01/owntracks.nix
View file

@ -1,61 +0,0 @@
{ config, pkgs, ... }: let
frontend_port = "8082";
in {
environment = {
etc = {
"default/ot-recorder".text = ''
OTR_USER="recorder"
OTR_PASS="toenail-madmen-nazareth-fum"
OTR_GEOKEY="opencage:b85db97221cc4239b34e0ca07e71471e"
OTR_TOPICS="owntracks/#"
OTR_HTTPHOST="127.0.0.1"
OTR_HTTPPREFIX="owntracks"
'';
};
};
services.mosquitto = {
enable = true;
persistence = true;
listeners = [
{
address = "127.0.0.1";
port = 1883;
users = {
recorder.passwordFile = config.sops.secrets.mqtt_recorder_pass.path;
};
}
];
};
users = {
groups.owntracks.gid = config.users.users.owntracks.uid;
users.owntracks = {
isSystemUser = true;
description = "OwnTracks";
group = "owntracks";
home = "/home/owntracks";
};
};
virtualisation.oci-containers.containers = {
"owntracks-frontend" = {
autoStart = true;
image = "docker.io/owntracks/frontend:2.15.3";
environment = {
LISTEN = frontend_port;
SERVER_HOST = "ot-recorder";
};
ports = [ "127.0.0.1:${frontend_port}:80" ];
};
"ot-recorder" = {
autoStart = true;
image = "docker.io/owntracks/frontend:2.15.3";
ports = [ "127.0.0.1:8083:8083" ];
volumes = [
"/etc/default/config:/config"
"/var/spool/owntracks/recorder/store:/store"
];
};
};
}

75
modules/hosts/nixos/hetznix01/owntracks.nix-back
View file

@ -1,75 +0,0 @@
{ config, pkgs, ... }: let
frontend_port = "8082";
in {
environment = {
etc = {
"default/ot-recorder".text = ''
OTR_USER="recorder"
OTR_PASS="toenail-madmen-nazareth-fum"
OTR_GEOKEY="opencage:b85db97221cc4239b34e0ca07e71471e"
OTR_TOPICS="owntracks/#"
OTR_HTTPHOST="127.0.0.1"
OTR_HTTPPREFIX="owntracks"
'';
};
systemPackages = with pkgs; [
owntracks-recorder
];
};
services.mosquitto = {
enable = true;
persistence = true;
listeners = [
{
address = "127.0.0.1";
port = 1883;
users = {
recorder.passwordFile = config.sops.secrets.mqtt_recorder_pass.path;
};
}
];
};
systemd.services.ot-recorder = {
name = "ot-recorder.service";
unitConfig = {
Description = "OwnTracks Recorder";
Wants = "network-online.target";
After = "network-online.target";
};
serviceConfig = {
Type = "simple";
User = "owntracks";
WorkingDirectory = "/";
ExecStartPre = "${pkgs.coreutils-full.out}/bin/sleep 15";
ExecStart = "${pkgs.owntracks-recorder.out}/bin/ot-recorder --debug";
};
wantedBy = [ "multi-user.target" ];
restartTriggers = [
config.environment.etc."default/ot-recorder".source
];
};
users = {
groups.owntracks.gid = config.users.users.owntracks.uid;
users.owntracks = {
isSystemUser = true;
description = "OwnTracks";
group = "owntracks";
home = "/home/owntracks";
};
};
virtualisation.oci-containers.containers = {
"owntracks-frontend" = {
autoStart = true;
image = "docker.io/owntracks/frontend:2.15.3";
environment = {
LISTEN = frontend_port;
SERVER_HOST = "host.containers.internal";
};
ports = [ "127.0.0.1:${frontend_port}:80" ];
};
};
}

33
modules/hosts/nixos/hetznix01/post-install/default.nix
View file

@ -1,12 +1,45 @@
{ config, username, ... }: {
imports = [
../../../../system/common/linux/lets-encrypt.nix
../../../../system/common/linux/restic.nix
./matrix-synapse.nix
./nginx.nix
];
mailserver = {
enable = true;
enableImap = false;
enableImapSsl = false;
fqdn = "mail.alt.technicalissues.us";
domains = [
"alt.technicalissues.us"
"indianspringsbsa.org"
];
forwards = {
"webmaster@indianspringsbsa.org" = "gene+indianspringsbsa.org@geneliverman.com";
"newsletter@indianspringsbsa.org" = "gene+indianspringsbsa.org@geneliverman.com";
"@alt.technicalissues.us" = "gene+alt.technicalissues.us@geneliverman.com";
};
# Use Let's Encrypt certificates from Nginx
certificateScheme = "acme";
};
# Cert for the mail server
security.acme.certs."alt.technicalissues.us" = {
extraDomainNames = [
"mail.alt.technicalissues.us"
"mail.indianspringsbsa.org"
];
reloadServices = [
"postfix.service"
];
};
services = {
restic.backups.daily.paths = [
"${config.users.users.${username}.home}/compose-files/owntracks"
"/var/backup/postgresql"
"/var/lib/uptime-kuma"
];
tailscale = {

4
modules/hosts/nixos/hetznix01/post-install/matrix-synapse.nix
View file

@ -1,6 +1,4 @@
{ config, pkgs, ... }: let
#
in {
{ config, ... }: {
services.matrix-synapse = {
enable = true;
configureRedisLocally = true;

4
modules/hosts/nixos/hetznix01/post-install/nginx.nix
View file

@ -1,12 +1,8 @@
{ config, ... }: let
domain = "technicalissues.us";
http_port = 80;
https_port = 443;
in {
imports = [
../../../../system/common/linux/lets-encrypt.nix
];
services.nginx = {
enable = true;
recommendedBrotliSettings = true;