From 0b37a18abad566242221ef71d17a75539037406b Mon Sep 17 00:00:00 2001 From: Miguel Date: Fri, 15 Apr 2022 17:00:02 +0200 Subject: nixops - cleaning comet --- nix/nixops/comet/configuration.nix | 135 ++++++++++--------------------------- 1 file changed, 37 insertions(+), 98 deletions(-) (limited to 'nix/nixops/comet/configuration.nix') diff --git a/nix/nixops/comet/configuration.nix b/nix/nixops/comet/configuration.nix index c873a33..4e9ac73 100644 --- a/nix/nixops/comet/configuration.nix +++ b/nix/nixops/comet/configuration.nix @@ -10,48 +10,9 @@ in imports = [ ./hardware-configuration.nix ]; # SYS PACKAGES - environment.systemPackages = with pkgs; [mc highlight adminer icinga2 monitoring-plugins tmux htop]; - - # compare with nginx etc and consider publishing this shit (along instructions how to run with mariadb+icingaweb2 admin..) - environment.etc = with pkgs; - let defaultIcinga2Const = builtins.readFile "${icinga2}/etc/icinga2/constants.conf"; - in - { - "icinga2/features-available".source="${icinga2}/etc/icinga2/features-available"; - "icinga2/scripts".source="${icinga2}/etc/icinga2/scripts"; - "icinga2/zones.d".source="${icinga2}/etc/icinga2/zones.d"; - "icinga2/conf.d".source="${icinga2}/etc/icinga2/conf.d"; - "icinga2/constants.conf".text=builtins.replaceStrings ["bin"] ["${monitoring-plugins}/bin"] defaultIcinga2Const; - "icinga2/icinga2.conf".source="${icinga2}/etc/icinga2/icinga2.conf"; - "icinga2/zones.conf".source="${icinga2}/etc/icinga2/zones.conf"; - "icinga2/features-enabled/checker.conf".source="${icinga2}/etc/icinga2/features-available/checker.conf"; - "icinga2/features-enabled/mainlog.conf".source="${icinga2}/etc/icinga2/features-available/mainlog.conf"; - "icinga2/features-enabled/notification.conf".source="${icinga2}/etc/icinga2/features-available/notification.conf"; - "icinga2/features-enabled/ido-mysql.conf".text='' object IdoMysqlConnection "ido-mysql" { user = "icinga", password = "8fg$1%X58G4geX", host = "comet.softwarefools.com", database = "ICINGA_IDO" } ''; - }; - systemd.services.icinga2 = { - enable = true; - description = "Icinga host/service/network monitoring system"; - #After=postgresql.service mariadb.service carbon-cache.service mysql.service yslog.target - - serviceConfig = with pkgs; { - Type="simple"; - User="icinga2"; - Group="icinga2"; - UMask=0007; #what is this good for? - ExecStart="${icinga2}/bin/icinga2 daemon -c /etc/icinga2/icinga2.conf"; - ExecReload="${icinga2}/lib/icinga2/safe-reload /usr/lib/icinga2/icinga2"; - PIDFile="/run/icinga2/icinga2.pid"; - RuntimeDirectory="icinga2"; - CacheDirectory="icinga2"; - LogsDirectory="icinga2"; - StateDirectory="icinga2"; - }; - - wantedBy=[ "multi-user.target" ]; - }; - - # AUTOMATIC UPGRADES + environment.systemPackages = with pkgs; [mc highlight monitoring-plugins tmux htop]; + + # AUTOMATIC UPGRADES - clash with NixOps # system.autoUpgrade.enable = true; # system.autoUpgrade.allowReboot = true; @@ -77,24 +38,11 @@ in users.extraUsers.root.openssh.authorizedKeys.keys = [ my_ssh_pub_key ]; - users.groups.icinga2 = {}; - users.users.icinga2 = { - isSystemUser = true; - extraGroups = ["icinga2"]; - group = "icinga2"; - }; - - # NEOVIM programs.neovim.enable = true; programs.neovim.vimAlias = true; programs.neovim.viAlias = true; - # MARIADB - services.mysql.enable = true; - services.mysql.package = pkgs.mariadb; - services.mysql.bind = "0.0.0.0"; - # XMPP services.ejabberd.enable = true; services.ejabberd.configFile = "/etc/ejabberd.yaml"; @@ -108,6 +56,21 @@ in "; services.gitolite.adminPubkey = my_ssh_pub_key; + # NGINX + services.nginx.enable = true; + services.nginx.appendHttpConfig = "server_names_hash_bucket_size 64;"; + + # CERTS + security.acme.acceptTerms = true; + security.acme.email = "m.i@gmx.at"; + + # WWW + services.nginx.virtualHosts."comet.softwarefools.com" = { + forceSSL = true; + enableACME = true; + root = "/var/www/comet.softwarefools.com"; + }; + # GITWEB services.gitweb.projectroot = "/var/lib/gitolite/repositories"; services.gitweb.gitwebTheme = true; @@ -132,57 +95,39 @@ in push @stylesheets, "https://comet.softwarefools.com/highlight.css"; ''; - # CERTS - security.acme.acceptTerms = true; - security.acme.email = "m.i@gmx.at"; - - # NGINX - services.nginx.enable = true; - services.nginx.appendHttpConfig = "server_names_hash_bucket_size 64;"; + services.nginx.gitweb.enable = true; + services.nginx.gitweb.group = "gitolite"; + services.nginx.gitweb.virtualHost = "gitweb.softwarefools.com"; + services.nginx.gitweb.location = ""; - services.nginx.virtualHosts."comet.softwarefools.com" = { + services.nginx.virtualHosts."gitweb.softwarefools.com" = { forceSSL = true; enableACME = true; - root = "/var/www/comet.softwarefools.com"; - }; - - services.nginx.virtualHosts."aquarius.softwarefools.com" = { -# forceSSL = true; -# enableACME = true; - locations."/" = { proxyPass = "http://192.168.122.72/"; }; + locations."/static/" = { + extraConfig = "expires 5m;"; + }; }; - # ICINGAWEB2 - services.icingaweb2.enable = true; - services.icingaweb2.modules.monitoring.enable = false; - services.icingaweb2.virtualHost = "icinga.softwarefools.com"; - services.nginx.virtualHosts."icinga.softwarefools.com" = { - forceSSL = true; - enableACME = true; - }; - - # DOKUWIKI services.dokuwiki.sites."dokuwiki.softwarefools.com" = { enable = true; }; + services.nginx.virtualHosts."dokuwiki.softwarefools.com" = { forceSSL = true; enableACME = true; }; - # GITWEB - services.nginx.gitweb.enable = true; - services.nginx.gitweb.group = "gitolite"; - services.nginx.gitweb.virtualHost = "gitweb.softwarefools.com"; - services.nginx.gitweb.location = ""; - - services.nginx.virtualHosts."gitweb.softwarefools.com" = { - forceSSL = true; - enableACME = true; - locations."/static/" = { - extraConfig = "expires 5m;"; - }; + # MARIADB + services.mysql.enable = true; + services.mysql.package = pkgs.mariadb; + services.mysql.bind = "0.0.0.0"; + + # AQUARIUS REV PROXY + services.nginx.virtualHosts."aquarius.softwarefools.com" = { +# forceSSL = true; +# enableACME = true; + locations."/" = { proxyPass = "http://192.168.122.72/"; }; }; # Use the GRUB 2 boot loader. @@ -223,12 +168,6 @@ in # Set your time zone. time.timeZone = "Europe/Warsaw"; - # List packages installed in system profile. To search, run: - # $ nix search wget - # environment.systemPackages = with pkgs; [ - # wget vim - # ]; - # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; -- cgit v1.2.3