genebean/dots
1
0
Fork 0
mirror of https://github.com/genebean/dots.git synced 2026-03-27 09:27:44 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Setup plausible analytics

Browse source 
fixes #423
fixes #424
This commit is contained in:
Gene Liverman 2024-06-29 11:11:29 -04:00
parent 7a662ef20f
commit 741309d38e
4 changed files with 53 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

6
modules/hosts/nixos/hetznix01/default.nix
View file

@ -23,9 +23,9 @@
networking = { networking = {
# Open ports in the firewall. # Open ports in the firewall.
firewall.allowedTCPPorts = [ firewall.allowedTCPPorts = [
22 # ssh 22 # ssh
25 # SMTP (unencrypted) 25 # SMTP (unencrypted)
80 # http to local Nginx 80 # http to local Nginx
443 # https to local Nginx 443 # https to local Nginx
465 # SMTP with TLS 465 # SMTP with TLS
587 # SMTP with STARTTLS 587 # SMTP with STARTTLS

52
modules/hosts/nixos/hetznix01/post-install/default.nix
View file

@ -1,4 +1,6 @@
{ config, username, ... }: { { config, username, ... }: let
domain = "technicalissues.us";
in {
imports = [ imports = [
../../../../system/common/linux/lets-encrypt.nix ../../../../system/common/linux/lets-encrypt.nix
../../../../system/common/linux/restic.nix ../../../../system/common/linux/restic.nix
@ -10,33 +12,51 @@
enable = true; enable = true;
enableImap = false; enableImap = false;
enableImapSsl = false; enableImapSsl = false;
fqdn = "mail.alt.technicalissues.us"; fqdn = "mail.alt.${domain}";
domains = [ domains = [
"alt.technicalissues.us" "alt.${domain}"
"indianspringsbsa.org" "indianspringsbsa.org"
]; ];
forwards = { forwards = {
"webmaster@indianspringsbsa.org" = "gene+indianspringsbsa.org@geneliverman.com"; "webmaster@indianspringsbsa.org" = "gene+indianspringsbsa.org@geneliverman.com";
"newsletter@indianspringsbsa.org" = "gene+indianspringsbsa.org@geneliverman.com"; "newsletter@indianspringsbsa.org" = "gene+indianspringsbsa.org@geneliverman.com";
"@alt.technicalissues.us" = "gene+alt.technicalissues.us@geneliverman.com"; "@alt.${domain}" = "gene+alt.${domain}@geneliverman.com";
"${username}@localhost" = "${username}@technicalissues.us";
"root@localhost" = "root@technicalissues.us";
"root@${config.networking.hostName}" = "root@technicalissues.us";
}; };
# Use Let's Encrypt certificates from Nginx # Use Let's Encrypt certificates from Nginx
certificateScheme = "acme"; certificateScheme = "acme";
}; };
# Cert for the mail server
security.acme.certs."alt.technicalissues.us" = {
extraDomainNames = [
"mail.alt.technicalissues.us"
"mail.indianspringsbsa.org"
];
reloadServices = [
"postfix.service"
];
};
services = { services = {
plausible = {
enable = true;
adminUser = {
# activate is used to skip the email verification of the admin-user that's
# automatically created by plausible. This is only supported if
# postgresql is configured by the module. This is done by default, but
# can be turned off with services.plausible.database.postgres.setup.
activate = true;
email = "${username}@technicalissues.us";
name = username;
passwordFile = config.sops.secrets.plausible_admin_pass.path;
};
database = {
clickhouse.setup = true;
postgres.setup = true;
};
mail.email = "stats@${domain}";
server = {
baseUrl = "https://stats.${domain}";
disableRegistration = true;
port = 8001;
# secretKeybaseFile is a path to the file which contains the secret generated
# with openssl as described above.
secretKeybaseFile = config.sops.secrets.plausible_secret_key_base.path;
};
};
restic.backups.daily.paths = [ restic.backups.daily.paths = [
"${config.users.users.${username}.home}/compose-files/owntracks" "${config.users.users.${username}.home}/compose-files/owntracks"
"/var/backup/postgresql" "/var/backup/postgresql"
@ -77,6 +97,8 @@
owner = config.users.users.nginx.name; owner = config.users.users.nginx.name;
restartUnits = ["nginx.service"]; restartUnits = ["nginx.service"];
}; };
plausible_admin_pass.owner = config.users.users.nginx.name;
plausible_secret_key_base.owner = config.users.users.nginx.name;
tailscale_key = { tailscale_key = {
restartUnits = [ "tailscaled-autoconnect.service" ]; restartUnits = [ "tailscaled-autoconnect.service" ];
}; };

9
modules/hosts/nixos/hetznix01/post-install/nginx.nix
View file

@ -26,6 +26,9 @@ in {
"hetznix01.${domain}" = { "hetznix01.${domain}" = {
serverAliases = [ serverAliases = [
"technicalissues.us" "technicalissues.us"
"alt.technicalissues.us"
"mail.alt.technicalissues.us"
"mail.indianspringsbsa.org"
]; ];
default = true; default = true;
enableACME = true; enableACME = true;
@ -120,6 +123,12 @@ in {
}; };
}; };
}; };
"stats.${domain}" = {
enableACME = true;
acmeRoot = null;
forceSSL = true;
locations."/".proxyPass = "http://127.0.0.1:8001";
};
"utk.${domain}" = { "utk.${domain}" = {
enableACME = true; enableACME = true;
acmeRoot = null; acmeRoot = null;

6
modules/hosts/nixos/hetznix01/secrets.yaml
View file

@ -4,6 +4,8 @@ matrix_secrets_yaml: ENC[AES256_GCM,data:6DLtAZIYBlL7iQVS/FBeUEhHyAOFZ5JRNqFBqi5
matrix_homeserver_signing_key: ENC[AES256_GCM,data:+RflNxFfS2w9LbavT7YnCQIhJWI49kN7pOa9/dH0BpDWxKQaLE4ZYBYq0ikAgcHaF3+rBL3f6KxUacw=,iv:6+nZzuxBUwjM74XHCD89YWfyuMRcoIwQlHLiNN4NWdc=,tag:91yigynRz6QdEd4rF7d/9g==,type:str] matrix_homeserver_signing_key: ENC[AES256_GCM,data:+RflNxFfS2w9LbavT7YnCQIhJWI49kN7pOa9/dH0BpDWxKQaLE4ZYBYq0ikAgcHaF3+rBL3f6KxUacw=,iv:6+nZzuxBUwjM74XHCD89YWfyuMRcoIwQlHLiNN4NWdc=,tag:91yigynRz6QdEd4rF7d/9g==,type:str]
mqtt_recorder_pass: ENC[AES256_GCM,data:N44nv2mk5zguWXNHdKsxhoKUjiduD1hzsAb6,iv:aLudKuUBTPXgtAF33exELH/PESD0CqoDaydeqdhcmbA=,tag:3lhrqO8jxJiRHWZjWSRa0g==,type:str] mqtt_recorder_pass: ENC[AES256_GCM,data:N44nv2mk5zguWXNHdKsxhoKUjiduD1hzsAb6,iv:aLudKuUBTPXgtAF33exELH/PESD0CqoDaydeqdhcmbA=,tag:3lhrqO8jxJiRHWZjWSRa0g==,type:str]
owntracks_basic_auth: ENC[AES256_GCM,data:GX1U1uf7+erE+g9GzhXK5ED2QicfcbpRCwpJDw6Zr9X2FtdMYleH5mhLxw==,iv:PflRq+P50+oFf4wv5wwlY6V9bApGuJ3tlYTvJZ5mg0E=,tag:VHBY5qv7rX74DGURsYaWpw==,type:str] owntracks_basic_auth: ENC[AES256_GCM,data:GX1U1uf7+erE+g9GzhXK5ED2QicfcbpRCwpJDw6Zr9X2FtdMYleH5mhLxw==,iv:PflRq+P50+oFf4wv5wwlY6V9bApGuJ3tlYTvJZ5mg0E=,tag:VHBY5qv7rX74DGURsYaWpw==,type:str]
plausible_admin_pass: ENC[AES256_GCM,data:nMGHMTp3YsDGP3YA9qmZqRCBA5BonS7SaLo=,iv:gN9qu+35DHiJVKh8vHF6KAwrFqgfdNNCC0+q3L/mBGg=,tag:XKlzT4Bp9IIKTSAmjDhd1Q==,type:str]
plausible_secret_key_base: ENC[AES256_GCM,data:6Co3VO9Ocmd6cppRpm763jjpRE9yCb75FnrrvCD5XtQPoq6c7ZnCPfSPzWF7jOv6e0g+ghao015myEe3pmNlPcx55KE4LpPwNGHdGbFHmNsGiIDrDUC3Hw==,iv:0FXSF//7FAGrQKiMOfHFoWE539MzCnz7xUTHxxatTCI=,tag:cKMFwyLYScKVM3v+6hvwzg==,type:str]
tailscale_key: ENC[AES256_GCM,data:Bl00WuIrLvxmt7aNsoXC6G7XFls7waZMzdfo/MsEOZl/i3wHwrjrmgwd3V4GkaJ42UjrC1OLobrkuLves4w=,iv:tlCu0EWgvhvs1ANdtQr7KWHJ2RjpHniUm/rFC4L/MHs=,tag:+8eov9w+SPGZPnjMdrN8gA==,type:str] tailscale_key: ENC[AES256_GCM,data:Bl00WuIrLvxmt7aNsoXC6G7XFls7waZMzdfo/MsEOZl/i3wHwrjrmgwd3V4GkaJ42UjrC1OLobrkuLves4w=,iv:tlCu0EWgvhvs1ANdtQr7KWHJ2RjpHniUm/rFC4L/MHs=,tag:+8eov9w+SPGZPnjMdrN8gA==,type:str]
sops: sops:
kms: [] kms: []
@ -20,8 +22,8 @@ sops:
WkI4ejBaODI0d0tjWHpTT3VWTXNyaXcKMDtvHN4gcZqBNslyC+NwYW05zgs8QuPV WkI4ejBaODI0d0tjWHpTT3VWTXNyaXcKMDtvHN4gcZqBNslyC+NwYW05zgs8QuPV
W6EktAz+xu6kx5BJbli5GkUFmj52AtEGIqZ1Sr4a0pKQACC87XcTQA== W6EktAz+xu6kx5BJbli5GkUFmj52AtEGIqZ1Sr4a0pKQACC87XcTQA==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-06-19T01:44:04Z" lastmodified: "2024-06-29T04:40:44Z"
mac: ENC[AES256_GCM,data:PU4r7DhcG6OgqTCeKBtxyAHDErGH6Eh33sOd+KuImQ74ajgahFNfd4zO27OldZbSERkOYLuFqw7w9+zblV3eaaXRQx97Ek3z4oMtJFv2t9lnNfG0lm45c1eECKV742mzTDi6/bcnQMdn/CaGli8DL45IGGctW+beXRJza0S3wEY=,iv:51WymgQc4OWcannaD4g+fjp4vc75WonWsOMS3Jyz7Xo=,tag:dmNFFgkuKQxy2Snb/HjX/A==,type:str] mac: ENC[AES256_GCM,data:94kylK+CFinvS2tjvu9vIanSjyVGkzu4IfDWvXvzxazR2U61IXuuaykPF3iDFKA9bC2cV4symPLmx7hAHFdN87mycOvkprUQzJTXORLdPjW90piaMvlETOH/lrjDq7R0TeIFfwj1hOrj0HrCg8tR6g49agl8uO/HoZQUtarZAf0=,iv:azMsvPUrR95r+dEWlBFilTdh+Zx26FNVcECX315njkI=,tag:DFZSHW3zq7ZD2KliTjL31A==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1