mirror of
https://github.com/phfroidmont/self-hosting.git
synced 2025-12-25 05:36:59 +01:00
Move everyting to hel1 except emails
This commit is contained in:
Paul-Henri Froidmont
parent
0d3f1b4afc
commit
f18644f8a1
GPG key ID:
BE948AFD7E7873BE
18 changed files with 476 additions and 448 deletions
197
profiles/hel.nix
197
profiles/hel.nix
|
|
@ -1,7 +1,4 @@
|
|||
{
|
||||
config,
|
||||
...
|
||||
}:
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
../environment.nix
|
||||
|
|
@ -10,6 +7,10 @@
|
|||
];
|
||||
|
||||
sops.secrets = {
|
||||
borgSshKey = {
|
||||
owner = config.services.borgbackup.jobs.data.user;
|
||||
key = "borg/client_keys/storage1/private";
|
||||
};
|
||||
runnerRegistrationConfig = {
|
||||
owner = config.users.users.gitlab-runner.name;
|
||||
key = "gitlab/runner_registration_config/hel1";
|
||||
|
|
@ -18,10 +19,22 @@
|
|||
|
||||
time.timeZone = "Europe/Amsterdam";
|
||||
|
||||
networking.nat = {
|
||||
enable = true;
|
||||
internalInterfaces = [ "ve-+" ];
|
||||
externalInterface = "enp41s0";
|
||||
# Prevent mdmon from crashing
|
||||
boot.swraid.mdadmConf = ''
|
||||
HOMEHOST <ignore>
|
||||
PROGRAM true
|
||||
'';
|
||||
|
||||
networking = {
|
||||
firewall.allowedTCPPorts = [
|
||||
80
|
||||
443
|
||||
];
|
||||
nat = {
|
||||
enable = true;
|
||||
internalInterfaces = [ "ve-+" ];
|
||||
externalInterface = "enp41s0";
|
||||
};
|
||||
};
|
||||
|
||||
disko.devices = {
|
||||
|
|
@ -168,11 +181,179 @@
|
|||
};
|
||||
|
||||
custom = {
|
||||
services.nginx.enable = true;
|
||||
services.postgresql.enable = true;
|
||||
services.dokuwiki.enable = true;
|
||||
services.openssh.enable = true;
|
||||
services.gitlab-runner = {
|
||||
enable = true;
|
||||
runnerRegistrationConfigFile = config.sops.secrets.runnerRegistrationConfig.path;
|
||||
};
|
||||
services.jellyfin.enable = true;
|
||||
services.torrents.enable = true;
|
||||
services.foundryvtt.enable = true;
|
||||
services.jitsi.enable = true;
|
||||
services.stb.enable = true;
|
||||
services.murmur.enable = true;
|
||||
services.synapse.enable = true;
|
||||
services.nextcloud.enable = true;
|
||||
services.roundcube.enable = true;
|
||||
|
||||
services.backup-job = {
|
||||
enable = true;
|
||||
repoName = "bl";
|
||||
additionalPaths = [
|
||||
"/var/lib/acme"
|
||||
"/var/lib/nextcloud"
|
||||
];
|
||||
patterns = [
|
||||
"- /nix/var/data/media"
|
||||
"- /nix/var/data/transmission/downloads"
|
||||
"- /nix/var/data/transmission/.incomplete"
|
||||
];
|
||||
readWritePaths = [
|
||||
"/nix/var/data/murmur"
|
||||
"/nix/var/data/postgresql"
|
||||
"/nix/var/data/backup/"
|
||||
"/var/lib/containers/storage"
|
||||
"/run"
|
||||
];
|
||||
preHook = ''
|
||||
cp /var/lib/murmur/murmur.sqlite /nix/var/data/murmur/murmur.sqlite
|
||||
${config.services.postgresql.package}/bin/pg_dump -U synapse synapse > /nix/var/data/postgresql/synapse.dmp
|
||||
${config.services.postgresql.package}/bin/pg_dump -U nextcloud nextcloud > /nix/var/data/postgresql/nextcloud.dmp
|
||||
${config.services.postgresql.package}/bin/pg_dump -U roundcube roundcube > /nix/var/data/postgresql/roundcube.dmp
|
||||
${pkgs.podman}/bin/podman exec stb-mariadb sh -c 'mysqldump -u stb -pstb stb' > /nix/var/data/backup/stb_mariadb.sql
|
||||
${pkgs.systemd}/bin/systemctl stop jellyfin.service
|
||||
${pkgs.systemd}/bin/systemctl stop container@torrents
|
||||
'';
|
||||
postHook = ''
|
||||
${pkgs.systemd}/bin/systemctl start jellyfin.service
|
||||
${pkgs.systemd}/bin/systemctl start container@torrents
|
||||
'';
|
||||
startAt = "02:00";
|
||||
sshKey = config.sops.secrets.borgSshKey.path;
|
||||
};
|
||||
|
||||
services.monit = {
|
||||
enable = true;
|
||||
additionalConfig = ''
|
||||
check host nextcloud with address cloud.banditlair.com
|
||||
if failed port 443 protocol https with timeout 20 seconds then alert
|
||||
check host anderia-wiki with address anderia.banditlair.com
|
||||
if failed port 443 protocol https with timeout 20 seconds then alert
|
||||
check host arkadia-wiki with address arkadia.banditlair.com
|
||||
if failed port 443 protocol https with timeout 20 seconds then alert
|
||||
check host website-marie with address osteopathie.froidmont.org
|
||||
if failed port 443 protocol https with timeout 20 seconds then alert
|
||||
check host webmail with address webmail.banditlair.com
|
||||
if failed port 443 protocol https with timeout 20 seconds then alert
|
||||
check host jellyfin with address jellyfin.banditlair.com
|
||||
if failed port 443 protocol https with timeout 20 seconds then alert
|
||||
check host stb with address www.societe-de-tir-bertrix.com
|
||||
if failed port 443 protocol https with timeout 20 seconds then alert
|
||||
check host transmission with address transmission.banditlair.com
|
||||
if failed
|
||||
port 443
|
||||
protocol https
|
||||
status = 401
|
||||
with timeout 20 seconds
|
||||
then alert
|
||||
|
||||
check program raid-md126 with path "${pkgs.mdadm}/bin/mdadm --misc --detail --test /dev/md127"
|
||||
if status != 0 then alert
|
||||
check program raid-md127 with path "${pkgs.mdadm}/bin/mdadm --misc --detail --test /dev/md127"
|
||||
if status != 0 then alert
|
||||
|
||||
check filesystem data with path /nix/var/data
|
||||
if SPACE usage > 90% then alert
|
||||
|
||||
check host osteoview with address osteoview.app
|
||||
if failed
|
||||
port 443
|
||||
protocol https
|
||||
status = 200
|
||||
request "/api/_health"
|
||||
with timeout 5 seconds
|
||||
content = "Healthy"
|
||||
then alert
|
||||
|
||||
check host osteoview-demo with address demo.osteoview.app
|
||||
if failed
|
||||
port 443
|
||||
protocol https
|
||||
status = 200
|
||||
request "/api/_health"
|
||||
with timeout 5 seconds
|
||||
content = "Healthy"
|
||||
then alert
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
services.uptime-kuma = {
|
||||
enable = true;
|
||||
settings = {
|
||||
PORT = "3001";
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts = {
|
||||
"uptime.froidmont.org" = {
|
||||
serverAliases = [ "status.${config.networking.domain}" ];
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:${config.services.uptime-kuma.settings.PORT}";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
"osteopathie.froidmont.org" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
root = "/nix/var/data/website-marie";
|
||||
};
|
||||
"www.fautlfer.com" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
locations."= /".extraConfig = ''
|
||||
return 302 https://blogz.zaclys.com/faut-l-fer/;
|
||||
'';
|
||||
};
|
||||
"fautlfer.com" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
locations."= /".extraConfig = ''
|
||||
return 302 https://blogz.zaclys.com/faut-l-fer/;
|
||||
'';
|
||||
};
|
||||
};
|
||||
# virtualisation.oci-containers.containers = {
|
||||
# "minecraft" = {
|
||||
# image = "itzg/minecraft-server";
|
||||
# environment = {
|
||||
# EULA = "TRUE";
|
||||
# VERSION = "1.18.2";
|
||||
# TYPE = "AUTO_CURSEFORGE";
|
||||
# MEMORY = "4G";
|
||||
# CF_SLUG = "modecube"; # https://www.curseforge.com/minecraft/modpacks/modecube/files
|
||||
# };
|
||||
# ports = [ "25565:25565" ];
|
||||
# volumes = [ "/nix/var/data/minecraft-modded:/data" ];
|
||||
# autoStart = true;
|
||||
# };
|
||||
# };
|
||||
|
||||
users.users.www-data = {
|
||||
uid = 993;
|
||||
group = config.users.groups.www-data.name;
|
||||
};
|
||||
|
||||
users.groups.www-data = {
|
||||
gid = 991;
|
||||
};
|
||||
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue