nixops - cleaning comet

author: Miguel <m.i@gmx.at> 2022-04-15 17:00:02 +0200
committer: Miguel <m.i@gmx.at> 2022-04-15 17:00:02 +0200
commit: 0b37a18abad566242221ef71d17a75539037406b (patch)
tree: d61cfd3352b5288268074ddfa5acc9ba24c4906e /nix/nixops/comet/configuration.nix
parent: f40dcbf0b7289c63e26756b2f6d747120d303b6f (diff)
1 files changed, 37 insertions, 98 deletions
diff --git a/nix/nixops/comet/configuration.nix b/nix/nixops/comet/configuration.nix
index c873a33..4e9ac73 100644
--- a/nix/nixops/comet/configuration.nix
+++ b/nix/nixops/comet/configuration.nix
@@ -10,48 +10,9 @@ in
   imports = [ ./hardware-configuration.nix ];
 
   # SYS PACKAGES
-  environment.systemPackages = with pkgs; [mc highlight adminer icinga2 monitoring-plugins tmux htop];
-
-  # compare with nginx etc and consider publishing this shit (along instructions how to run with mariadb+icingaweb2 admin..)
-  environment.etc = with pkgs;
-	let defaultIcinga2Const = builtins.readFile "${icinga2}/etc/icinga2/constants.conf";
-	in
-	{
-		"icinga2/features-available".source="${icinga2}/etc/icinga2/features-available";
-		"icinga2/scripts".source="${icinga2}/etc/icinga2/scripts";
-		"icinga2/zones.d".source="${icinga2}/etc/icinga2/zones.d";
-		"icinga2/conf.d".source="${icinga2}/etc/icinga2/conf.d";
-		"icinga2/constants.conf".text=builtins.replaceStrings ["bin"] ["${monitoring-plugins}/bin"] defaultIcinga2Const;
-		"icinga2/icinga2.conf".source="${icinga2}/etc/icinga2/icinga2.conf";
-		"icinga2/zones.conf".source="${icinga2}/etc/icinga2/zones.conf";
-		"icinga2/features-enabled/checker.conf".source="${icinga2}/etc/icinga2/features-available/checker.conf";
-		"icinga2/features-enabled/mainlog.conf".source="${icinga2}/etc/icinga2/features-available/mainlog.conf";
-		"icinga2/features-enabled/notification.conf".source="${icinga2}/etc/icinga2/features-available/notification.conf";
-		"icinga2/features-enabled/ido-mysql.conf".text='' object IdoMysqlConnection "ido-mysql" { user = "icinga", password = "8fg$1%X58G4geX", host = "comet.softwarefools.com", database = "ICINGA_IDO" } '';
-	};
-   systemd.services.icinga2 = {
-     enable = true;
-     description = "Icinga host/service/network monitoring system";
-     #After=postgresql.service mariadb.service carbon-cache.service mysql.service yslog.target
- 
-     serviceConfig = with pkgs; {
- 	Type="simple";
- 	User="icinga2";
- 	Group="icinga2";
- 	UMask=0007; #what is this good for?
- 	ExecStart="${icinga2}/bin/icinga2 daemon -c /etc/icinga2/icinga2.conf";
- 	ExecReload="${icinga2}/lib/icinga2/safe-reload /usr/lib/icinga2/icinga2";
- 	PIDFile="/run/icinga2/icinga2.pid";
- 	RuntimeDirectory="icinga2";
- 	CacheDirectory="icinga2";
- 	LogsDirectory="icinga2";
- 	StateDirectory="icinga2";
-     };
- 
-     wantedBy=[ "multi-user.target" ];
-   };
-
-  # AUTOMATIC UPGRADES 
+  environment.systemPackages = with pkgs; [mc highlight monitoring-plugins tmux htop];
+
+  # AUTOMATIC UPGRADES - clash with NixOps
   # system.autoUpgrade.enable = true;
   # system.autoUpgrade.allowReboot = true;
 
@@ -77,24 +38,11 @@ in
 
   users.extraUsers.root.openssh.authorizedKeys.keys = [ my_ssh_pub_key ];
 
-  users.groups.icinga2 = {};
-  users.users.icinga2 = {
-        isSystemUser = true;
-	extraGroups = ["icinga2"];
-        group = "icinga2";
-  };
-
-
   # NEOVIM
   programs.neovim.enable = true;
   programs.neovim.vimAlias = true;
   programs.neovim.viAlias = true;
 
-  # MARIADB
-  services.mysql.enable = true;
-  services.mysql.package = pkgs.mariadb;
-  services.mysql.bind = "0.0.0.0";
-
   # XMPP
   services.ejabberd.enable = true;
   services.ejabberd.configFile = "/etc/ejabberd.yaml";
@@ -108,6 +56,21 @@ in
 		                      "; 
   services.gitolite.adminPubkey = my_ssh_pub_key;
 
+  # NGINX
+  services.nginx.enable = true;
+  services.nginx.appendHttpConfig = "server_names_hash_bucket_size 64;";
+
+  # CERTS
+  security.acme.acceptTerms = true;
+  security.acme.email = "m.i@gmx.at";
+
+ # WWW
+  services.nginx.virtualHosts."comet.softwarefools.com" = {
+    forceSSL = true;
+    enableACME = true;
+    root = "/var/www/comet.softwarefools.com";
+  };
+
   # GITWEB
   services.gitweb.projectroot = "/var/lib/gitolite/repositories";
   services.gitweb.gitwebTheme = true;
@@ -132,57 +95,39 @@ in
 				push @stylesheets, "https://comet.softwarefools.com/highlight.css";
 				'';
 
-  # CERTS
-  security.acme.acceptTerms = true;
-  security.acme.email = "m.i@gmx.at";
-
-  # NGINX
-  services.nginx.enable = true;
-  services.nginx.appendHttpConfig = "server_names_hash_bucket_size 64;";
+  services.nginx.gitweb.enable = true;
+  services.nginx.gitweb.group = "gitolite";
+  services.nginx.gitweb.virtualHost = "gitweb.softwarefools.com";
+  services.nginx.gitweb.location = "";
 
-  services.nginx.virtualHosts."comet.softwarefools.com" = {
+  services.nginx.virtualHosts."gitweb.softwarefools.com" = {
     forceSSL = true;
     enableACME = true;
-    root = "/var/www/comet.softwarefools.com";
-  };
-
-  services.nginx.virtualHosts."aquarius.softwarefools.com" = {
-#    forceSSL = true;
-#    enableACME = true;
-    locations."/" = { proxyPass = "http://192.168.122.72/"; };
+    locations."/static/" = {
+	extraConfig = "expires 5m;";
+    };
   };
 
-  # ICINGAWEB2
-   services.icingaweb2.enable = true;
-   services.icingaweb2.modules.monitoring.enable = false;
-   services.icingaweb2.virtualHost = "icinga.softwarefools.com";
-   services.nginx.virtualHosts."icinga.softwarefools.com" = {
-     forceSSL = true;
-     enableACME = true;
-   };
-
-
   # DOKUWIKI
   services.dokuwiki.sites."dokuwiki.softwarefools.com" = {
    	enable = true;
   };
+
   services.nginx.virtualHosts."dokuwiki.softwarefools.com" = {
     forceSSL = true;
     enableACME = true;
   };
 
-  # GITWEB
-  services.nginx.gitweb.enable = true;
-  services.nginx.gitweb.group = "gitolite";
-  services.nginx.gitweb.virtualHost = "gitweb.softwarefools.com";
-  services.nginx.gitweb.location = "";
-
-  services.nginx.virtualHosts."gitweb.softwarefools.com" = {
-    forceSSL = true;
-    enableACME = true;
-    locations."/static/" = {
-	extraConfig = "expires 5m;";
-    };
+  # MARIADB
+  services.mysql.enable = true;
+  services.mysql.package = pkgs.mariadb;
+  services.mysql.bind = "0.0.0.0";
+  
+  # AQUARIUS REV PROXY
+  services.nginx.virtualHosts."aquarius.softwarefools.com" = {
+#    forceSSL = true;
+#    enableACME = true;
+    locations."/" = { proxyPass = "http://192.168.122.72/"; };
   };
 
   # Use the GRUB 2 boot loader.
@@ -223,12 +168,6 @@ in
   # Set your time zone.
   time.timeZone = "Europe/Warsaw";
 
-  # List packages installed in system profile. To search, run:
-  # $ nix search wget
-  # environment.systemPackages = with pkgs; [
-  #   wget vim
-  # ];
-
   # Some programs need SUID wrappers, can be configured further or are
   # started in user sessions.
   # programs.mtr.enable = true;
author	Miguel <m.i@gmx.at>	2022-04-15 17:00:02 +0200
committer	Miguel <m.i@gmx.at>	2022-04-15 17:00:02 +0200
commit	0b37a18abad566242221ef71d17a75539037406b (patch)
tree	d61cfd3352b5288268074ddfa5acc9ba24c4906e /nix/nixops/comet/configuration.nix
parent	f40dcbf0b7289c63e26756b2f6d747120d303b6f (diff)