Add Nginx

This commit is contained in:
Agatha Lovelace 2023-03-06 20:43:10 +01:00
parent f334b2027a
commit 5e44abf3b6
Signed by: sorceress
GPG Key ID: 01D0B3AB10CED4F8
5 changed files with 156 additions and 18 deletions

View File

@ -15,13 +15,27 @@
enable = true; enable = true;
port = 9001; port = 9001;
retentionTime = "365d"; retentionTime = "365d";
scrapeConfigs = [{ scrapeConfigs = [
job_name = "bloodletting"; {
static_configs = [{ job_name = "bloodletting";
targets = [ static_configs = [{
"localhost:${toString config.services.prometheus.exporters.node.port}" targets = [
]; "localhost:${
}]; toString config.services.prometheus.exporters.node.port
}]; }"
];
}];
}
{
job_name = "nginx";
static_configs = [{
targets = [
"localhost:${
toString config.services.prometheus.exporters.nginx.port
}"
];
}];
}
];
}; };
} }

View File

@ -7,10 +7,18 @@
enabledCollectors = [ "systemd" ]; enabledCollectors = [ "systemd" ];
port = 9002; port = 9002;
}; };
nginx = {
enable = true;
port = 9003;
openFirewall = true;
};
}; };
}; };
networking.firewall.allowedTCPPorts = networking.firewall.allowedTCPPorts =
[ config.services.prometheus.exporters.node.port ]; map (name: config.services.prometheus.exporters.${name}.port) [
"node"
"nginx"
];
} }

58
common/pkgs/vampysite.nix Normal file
View File

@ -0,0 +1,58 @@
{ pkgs, lib, ... }:
let
version = "10768ce069f5c08e8e4393c494f0c6900922170c";
repo = pkgs.fetchgit {
url = "https://git.lain.faith/sorceress/vampysite.git";
rev = version;
sha256 = "1lniwqyhj6r3pwwd4qp01yhfxjbwclw5dn58dgf4kk45f9qgniy3";
};
patched_pkgs = import (builtins.fetchTarball
"https://github.com/AgathaSorceress/nixpkgs/tarball/image-optim-pack-cleanup") {
inherit (pkgs) config;
};
jekyll_env = patched_pkgs.bundlerEnv {
name = "jekyll_env";
inherit (pkgs) ruby;
gemdir = "${repo}/.";
};
image_optim_deps = with pkgs; [
pngout
advancecomp
optipng
pngquant
jhead
jpegoptim
jpeg-archive
libjpeg
];
in pkgs.stdenv.mkDerivation {
inherit version;
name = "vampysite";
src = repo;
buildInputs = with pkgs; [
jekyll_env
# nokogiri dependencies
zlib
libiconv
libxml2
libxslt
# jekyll wants a JS runtime
nodejs-slim
];
buildPhase = ''
export PATH="${lib.escapeShellArg (lib.makeBinPath image_optim_deps)}":$PATH
bundle exec jekyll build
'';
installPhase = ''
mkdir -p $out
cp -r _site/* $out/
'';
}

View File

@ -9,11 +9,15 @@
../../common/fragments/matterbridge.nix ../../common/fragments/matterbridge.nix
../../common/fragments/nyandroid.nix ../../common/fragments/nyandroid.nix
../../common/fragments/prometheus_exporters.nix ../../common/fragments/prometheus_exporters.nix
../../common/fragments/vsftpd.nix
../../common/home_manager/common.nix ../../common/home_manager/common.nix
]; ];
nixpkgs.overlays = [ nixpkgs.overlays = [
(self: super: { bin = self.callPackage ../../common/pkgs/bin.nix { }; }) (self: super: {
bin = self.callPackage ../../common/pkgs/bin.nix { };
vampysite = self.callPackage ../../common/pkgs/vampysite.nix { };
})
]; ];
# Bootloader. # Bootloader.
@ -26,11 +30,6 @@
# Enable networking # Enable networking
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
# System packages
environment.systemPackages = with pkgs; [ bin matterbridge vsftpd ];
environment.variables.EDITOR = "helix";
# Enable the OpenSSH daemon. # Enable the OpenSSH daemon.
services.openssh = { services.openssh = {
enable = true; enable = true;
@ -66,6 +65,64 @@
domain = "*.technogothic.net"; domain = "*.technogothic.net";
dnsProvider = "rfc2136"; dnsProvider = "rfc2136";
credentialsFile = "/var/lib/secrets/rfc2136-technogothic-net"; credentialsFile = "/var/lib/secrets/rfc2136-technogothic-net";
group = "nginx";
};
security.acme.defaults.reloadServices = [ "nginx" "vsftpd" ];
# Nginx
services.nginx = {
enable = true;
statusPage = true;
# Use recommended settings
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
root = pkgs.vampysite;
locations."=/cv.pdf" = { alias = "/home/ftp/cv.pdf"; };
extraConfig = ''
error_page 404 /404.html;
'';
};
virtualHosts."grafana.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:2342";
proxyWebsockets = true;
};
};
virtualHosts."home.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3000";
proxyWebsockets = true;
};
};
virtualHosts."thermalpaste.technogothic.net" = {
useACMEHost = "technogothic.net";
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:6162";
proxyWebsockets = true;
};
};
}; };
# This value determines the NixOS release from which the default # This value determines the NixOS release from which the default

View File

@ -26,10 +26,11 @@
}; };
in [ in [
(testService "bin") (testService "bin")
(testService "matterbridge")
(testService "grafana")
(testService "prometheus")
(testService "fail2ban") (testService "fail2ban")
(testService "grafana")
(testService "matterbridge")
(testService "nginx")
(testService "prometheus")
]; ];
}; };
}; };