parent
4d58ae60b0
commit
8102d1d009
17 changed files with 371 additions and 273 deletions
|
|
@ -19,7 +19,7 @@
|
|||
host all all 10.0.0.0/24 trust
|
||||
|
||||
# and the local network
|
||||
host all all 192.168.0.0/24 trust
|
||||
host all all 192.168.178.0/24 trust
|
||||
'';
|
||||
settings = {
|
||||
listen_addresses = "*";
|
||||
|
|
@ -58,6 +58,10 @@
|
|||
name = "immich";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
{
|
||||
name = "homepage";
|
||||
ensureDBOwnership = true;
|
||||
}
|
||||
];
|
||||
ensureDatabases = map (i: i.name) ensureUsers;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -146,118 +146,6 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
systemd.services.promtail.serviceConfig.User = lib.mkForce "nginx";
|
||||
services.promtail = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
server = {
|
||||
http_listen_port = 3031;
|
||||
grpc_listen_port = 0;
|
||||
};
|
||||
positions = {
|
||||
filename = "/tmp/positions.yaml";
|
||||
};
|
||||
clients = [
|
||||
{
|
||||
url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
|
||||
}
|
||||
];
|
||||
scrape_configs = [
|
||||
{
|
||||
job_name = "nginx";
|
||||
static_configs = [
|
||||
{
|
||||
targets = [ "localhost" ];
|
||||
labels = {
|
||||
job = "nginx";
|
||||
host = "fili";
|
||||
__path__ = "/var/log/nginx/json_access.log";
|
||||
};
|
||||
}
|
||||
];
|
||||
pipeline_stages = [
|
||||
{
|
||||
json = {
|
||||
expressions = {
|
||||
msec = "msec";
|
||||
connection = "connection";
|
||||
connection_requests = "connection_requests";
|
||||
pid = "pid";
|
||||
request_id = "request_id";
|
||||
request_length = "request_length";
|
||||
remote_addr = "remote_addr";
|
||||
remote_user = "remote_user";
|
||||
remote_port = "remote_port";
|
||||
time_local = "time_local";
|
||||
time_iso8601 = "time_iso8601";
|
||||
request = "request";
|
||||
request_uri = "request_uri";
|
||||
args = "args";
|
||||
status = "status";
|
||||
body_bytes_sent = "body_bytes_sent";
|
||||
bytes_sent = "bytes_sent";
|
||||
http_referer = "http_referer";
|
||||
http_user_agent = "http_user_agent";
|
||||
http_x_forwarded_for = "http_x_forwarded_for";
|
||||
http_host = "http_host";
|
||||
server_name = "server_name";
|
||||
request_time = "request_time";
|
||||
upstream = "upstream";
|
||||
upstream_connect_time = "upstream_connect_time";
|
||||
upstream_header_time = "upstream_header_time";
|
||||
upstream_response_time = "upstream_response_time";
|
||||
upstream_response_length = "upstream_response_length";
|
||||
upstream_cache_status = "upstream_cache_status";
|
||||
ssl_protocol = "ssl_protocol";
|
||||
ssl_cipher = "ssl_cipher";
|
||||
scheme = "scheme";
|
||||
request_method = "request_method";
|
||||
server_protocol = "server_protocol";
|
||||
pipe = "pipe";
|
||||
gzip_ratio = "gzip_ratio";
|
||||
http_cf_ray = "http_cf_ray";
|
||||
};
|
||||
};
|
||||
}
|
||||
{
|
||||
timestamp = {
|
||||
source = "msec";
|
||||
format = "Unix";
|
||||
};
|
||||
}
|
||||
# {
|
||||
# geoip = {
|
||||
# db = "/var/lib/geoip-databases/GeoLite2-City.mmdb";
|
||||
# source = "remote_addr";
|
||||
# db_type = "city";
|
||||
# };
|
||||
# }
|
||||
# {
|
||||
# pack = {
|
||||
# labels = [ "geoip_country_name" ];
|
||||
# };
|
||||
# }
|
||||
];
|
||||
}
|
||||
{
|
||||
job_name = "journal";
|
||||
journal = {
|
||||
max_age = "12h";
|
||||
labels = {
|
||||
job = "systemd-journal";
|
||||
host = "fili";
|
||||
};
|
||||
};
|
||||
relabel_configs = [
|
||||
{
|
||||
source_labels = [ "__journal__systemd_unit" ];
|
||||
target_label = "unit";
|
||||
}
|
||||
];
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
services.grafana = {
|
||||
enable = false;
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,10 @@
|
|||
{ flakes, pkgs, ... }:
|
||||
{
|
||||
flakes,
|
||||
pkgs,
|
||||
config,
|
||||
secrets,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cache = pkg: ''
|
||||
location ~* \.(png|jpg|jpeg|gif|svg|ico|woff|woff2|ttf)$ {
|
||||
|
|
@ -32,15 +38,52 @@ let
|
|||
locations."/".return = return;
|
||||
}
|
||||
// ssl;
|
||||
|
||||
package = flakes.homepage.packages.${pkgs.system};
|
||||
in
|
||||
{
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"donsz.nl" = site regular;
|
||||
"jdonszelmann.nl" = site regular;
|
||||
"blog.donsz.nl" = redirect "301 https://donsz.nl/blog";
|
||||
"gay.donsz.nl" = site gay;
|
||||
"jana.is.fckn.gay" = site gay;
|
||||
sops.secrets.homepage = {
|
||||
sopsFile = "${secrets}/homepage.env";
|
||||
};
|
||||
|
||||
systemd.services.homepage = {
|
||||
description = "homepage";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig = {
|
||||
DynamicUser = "yes";
|
||||
ExecStart = "${pkgs.bash}/bin/bash ${package.website}/bin/run";
|
||||
Restart = "on-failure";
|
||||
RestartSec = "5s";
|
||||
EnvironmentFile = config.sops.secrets.homepage.path;
|
||||
WorkingDirectory = "${package.website}";
|
||||
StateDirectory = "homepage";
|
||||
};
|
||||
|
||||
environment = {
|
||||
BETTER_AUTH_URL = "https://donsz.nl";
|
||||
DATABASE_LOCATION = "/var/lib/homepage/db.sqlite";
|
||||
HOST = "localhost";
|
||||
PORT = "11020";
|
||||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts = {
|
||||
"donsz.nl" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
extraConfig = ''
|
||||
${cache "${package.website}/homepage/client"}
|
||||
'';
|
||||
locations."/".proxyPass = "http://localhost:${toString 11020}";
|
||||
};
|
||||
"blog.donsz.nl" = redirect "301 https://donsz.nl/blog";
|
||||
};
|
||||
# services.nginx = {
|
||||
# virtualHosts = {
|
||||
# "donsz.nl" = site regular;
|
||||
# "jdonszelmann.nl" = site regular;
|
||||
# "gay.donsz.nl" = site gay;
|
||||
# "jana.is.fckn.gay" = site gay;
|
||||
# };
|
||||
# };
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue