From 5e44abf3b6c7d47db2c827ce0f4cd07039d78113 Mon Sep 17 00:00:00 2001 From: Agatha Lovelace Date: Mon, 6 Mar 2023 20:43:10 +0100 Subject: [PATCH] Add Nginx --- common/fragments/grafana.nix | 30 +++++++--- common/fragments/prometheus_exporters.nix | 10 +++- common/pkgs/vampysite.nix | 58 +++++++++++++++++++ hosts/bloodletting/configuration.nix | 69 +++++++++++++++++++++-- ops/home/network.nix | 7 ++- 5 files changed, 156 insertions(+), 18 deletions(-) create mode 100644 common/pkgs/vampysite.nix diff --git a/common/fragments/grafana.nix b/common/fragments/grafana.nix index 7df700f..bea024d 100644 --- a/common/fragments/grafana.nix +++ b/common/fragments/grafana.nix @@ -15,13 +15,27 @@ enable = true; port = 9001; retentionTime = "365d"; - scrapeConfigs = [{ - job_name = "bloodletting"; - static_configs = [{ - targets = [ - "localhost:${toString config.services.prometheus.exporters.node.port}" - ]; - }]; - }]; + scrapeConfigs = [ + { + job_name = "bloodletting"; + static_configs = [{ + targets = [ + "localhost:${ + toString config.services.prometheus.exporters.node.port + }" + ]; + }]; + } + { + job_name = "nginx"; + static_configs = [{ + targets = [ + "localhost:${ + toString config.services.prometheus.exporters.nginx.port + }" + ]; + }]; + } + ]; }; } diff --git a/common/fragments/prometheus_exporters.nix b/common/fragments/prometheus_exporters.nix index 69831a1..58c891b 100644 --- a/common/fragments/prometheus_exporters.nix +++ b/common/fragments/prometheus_exporters.nix @@ -7,10 +7,18 @@ enabledCollectors = [ "systemd" ]; port = 9002; }; + nginx = { + enable = true; + port = 9003; + openFirewall = true; + }; }; }; networking.firewall.allowedTCPPorts = - [ config.services.prometheus.exporters.node.port ]; + map (name: config.services.prometheus.exporters.${name}.port) [ + "node" + "nginx" + ]; } diff --git a/common/pkgs/vampysite.nix b/common/pkgs/vampysite.nix new file mode 100644 index 0000000..040a6a0 --- /dev/null +++ b/common/pkgs/vampysite.nix @@ -0,0 +1,58 @@ +{ pkgs, lib, ... }: +let + version = "10768ce069f5c08e8e4393c494f0c6900922170c"; + repo = pkgs.fetchgit { + url = "https://git.lain.faith/sorceress/vampysite.git"; + rev = version; + sha256 = "1lniwqyhj6r3pwwd4qp01yhfxjbwclw5dn58dgf4kk45f9qgniy3"; + }; + + patched_pkgs = import (builtins.fetchTarball + "https://github.com/AgathaSorceress/nixpkgs/tarball/image-optim-pack-cleanup") { + inherit (pkgs) config; + }; + + jekyll_env = patched_pkgs.bundlerEnv { + name = "jekyll_env"; + inherit (pkgs) ruby; + + gemdir = "${repo}/."; + }; + image_optim_deps = with pkgs; [ + pngout + advancecomp + optipng + pngquant + jhead + jpegoptim + jpeg-archive + libjpeg + ]; +in pkgs.stdenv.mkDerivation { + inherit version; + name = "vampysite"; + + src = repo; + + buildInputs = with pkgs; [ + jekyll_env + # nokogiri dependencies + zlib + libiconv + libxml2 + libxslt + # jekyll wants a JS runtime + nodejs-slim + ]; + + buildPhase = '' + export PATH="${lib.escapeShellArg (lib.makeBinPath image_optim_deps)}":$PATH + + bundle exec jekyll build + ''; + + installPhase = '' + mkdir -p $out + cp -r _site/* $out/ + ''; +} diff --git a/hosts/bloodletting/configuration.nix b/hosts/bloodletting/configuration.nix index cf14763..9dbfd0c 100644 --- a/hosts/bloodletting/configuration.nix +++ b/hosts/bloodletting/configuration.nix @@ -9,11 +9,15 @@ ../../common/fragments/matterbridge.nix ../../common/fragments/nyandroid.nix ../../common/fragments/prometheus_exporters.nix + ../../common/fragments/vsftpd.nix ../../common/home_manager/common.nix ]; nixpkgs.overlays = [ - (self: super: { bin = self.callPackage ../../common/pkgs/bin.nix { }; }) + (self: super: { + bin = self.callPackage ../../common/pkgs/bin.nix { }; + vampysite = self.callPackage ../../common/pkgs/vampysite.nix { }; + }) ]; # Bootloader. @@ -26,11 +30,6 @@ # Enable networking networking.networkmanager.enable = true; - # System packages - environment.systemPackages = with pkgs; [ bin matterbridge vsftpd ]; - - environment.variables.EDITOR = "helix"; - # Enable the OpenSSH daemon. services.openssh = { enable = true; @@ -66,6 +65,64 @@ domain = "*.technogothic.net"; dnsProvider = "rfc2136"; credentialsFile = "/var/lib/secrets/rfc2136-technogothic-net"; + group = "nginx"; + }; + + security.acme.defaults.reloadServices = [ "nginx" "vsftpd" ]; + + # Nginx + services.nginx = { + enable = true; + + statusPage = true; + + # Use recommended settings + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + + virtualHosts."technogothic.net" = { + useACMEHost = "technogothic.net"; + forceSSL = true; + root = pkgs.vampysite; + + locations."=/cv.pdf" = { alias = "/home/ftp/cv.pdf"; }; + + extraConfig = '' + error_page 404 /404.html; + ''; + }; + + virtualHosts."grafana.technogothic.net" = { + useACMEHost = "technogothic.net"; + forceSSL = true; + + locations."/" = { + proxyPass = "http://localhost:2342"; + proxyWebsockets = true; + }; + }; + + virtualHosts."home.technogothic.net" = { + useACMEHost = "technogothic.net"; + forceSSL = true; + + locations."/" = { + proxyPass = "http://localhost:3000"; + proxyWebsockets = true; + }; + }; + + virtualHosts."thermalpaste.technogothic.net" = { + useACMEHost = "technogothic.net"; + forceSSL = true; + + locations."/" = { + proxyPass = "http://localhost:6162"; + proxyWebsockets = true; + }; + }; }; # This value determines the NixOS release from which the default diff --git a/ops/home/network.nix b/ops/home/network.nix index f7d817b..4630282 100644 --- a/ops/home/network.nix +++ b/ops/home/network.nix @@ -26,10 +26,11 @@ }; in [ (testService "bin") - (testService "matterbridge") - (testService "grafana") - (testService "prometheus") (testService "fail2ban") + (testService "grafana") + (testService "matterbridge") + (testService "nginx") + (testService "prometheus") ]; }; };