Add Nginx

common/fragments/grafana.nix

@@ -15,13 +15,27 @@
     enable = true;
     port = 9001;
     retentionTime = "365d";
-    scrapeConfigs = [{
+    scrapeConfigs = [
-      job_name = "bloodletting";
+      {
-      static_configs = [{
+        job_name = "bloodletting";
-        targets = [
+        static_configs = [{
-          "localhost:${toString config.services.prometheus.exporters.node.port}"
+          targets = [
-        ];
+            "localhost:${
-      }];
+              toString config.services.prometheus.exporters.node.port
-    }];
+            }"
+          ];
+        }];
+      }
+      {
+        job_name = "nginx";
+        static_configs = [{
+          targets = [
+            "localhost:${
+              toString config.services.prometheus.exporters.nginx.port
+            }"
+          ];
+        }];
+      }
+    ];
   };
 }

common/fragments/prometheus_exporters.nix

@@ -7,10 +7,18 @@
         enabledCollectors = [ "systemd" ];
         port = 9002;
       };
+      nginx = {
+        enable = true;
+        port = 9003;
+        openFirewall = true;
+      };
     };
   };
 
   networking.firewall.allowedTCPPorts =
-    [ config.services.prometheus.exporters.node.port ];
+    map (name: config.services.prometheus.exporters.${name}.port) [
+      "node"
+      "nginx"
+    ];
 }
 

common/pkgs/vampysite.nix

@@ -0,0 +1,58 @@
+{ pkgs, lib, ... }:
+let
+  version = "10768ce069f5c08e8e4393c494f0c6900922170c";
+  repo = pkgs.fetchgit {
+    url = "https://git.lain.faith/sorceress/vampysite.git";
+    rev = version;
+    sha256 = "1lniwqyhj6r3pwwd4qp01yhfxjbwclw5dn58dgf4kk45f9qgniy3";
+  };
+
+  patched_pkgs = import (builtins.fetchTarball
+    "https://github.com/AgathaSorceress/nixpkgs/tarball/image-optim-pack-cleanup") {
+      inherit (pkgs) config;
+    };
+
+  jekyll_env = patched_pkgs.bundlerEnv {
+    name = "jekyll_env";
+    inherit (pkgs) ruby;
+
+    gemdir = "${repo}/.";
+  };
+  image_optim_deps = with pkgs; [
+    pngout
+    advancecomp
+    optipng
+    pngquant
+    jhead
+    jpegoptim
+    jpeg-archive
+    libjpeg
+  ];
+in pkgs.stdenv.mkDerivation {
+  inherit version;
+  name = "vampysite";
+
+  src = repo;
+
+  buildInputs = with pkgs; [
+    jekyll_env
+    # nokogiri dependencies
+    zlib
+    libiconv
+    libxml2
+    libxslt
+    # jekyll wants a JS runtime
+    nodejs-slim
+  ];
+
+  buildPhase = ''
+    export PATH="${lib.escapeShellArg (lib.makeBinPath image_optim_deps)}":$PATH
+
+    bundle exec jekyll build 
+  '';
+
+  installPhase = ''
+    mkdir -p $out
+    cp -r _site/* $out/
+  '';
+}

hosts/bloodletting/configuration.nix

@@ -9,11 +9,15 @@
     ../../common/fragments/matterbridge.nix
     ../../common/fragments/nyandroid.nix
     ../../common/fragments/prometheus_exporters.nix
+    ../../common/fragments/vsftpd.nix
     ../../common/home_manager/common.nix
   ];
 
   nixpkgs.overlays = [
-    (self: super: { bin = self.callPackage ../../common/pkgs/bin.nix { }; })
+    (self: super: {
+      bin = self.callPackage ../../common/pkgs/bin.nix { };
+      vampysite = self.callPackage ../../common/pkgs/vampysite.nix { };
+    })
   ];
 
   # Bootloader.
@@ -26,11 +30,6 @@
   # Enable networking
   networking.networkmanager.enable = true;
 
-  # System packages
-  environment.systemPackages = with pkgs; [ bin matterbridge vsftpd ];
-
-  environment.variables.EDITOR = "helix";
-
   # Enable the OpenSSH daemon.
   services.openssh = {
     enable = true;
@@ -66,6 +65,64 @@
     domain = "*.technogothic.net";
     dnsProvider = "rfc2136";
     credentialsFile = "/var/lib/secrets/rfc2136-technogothic-net";
+    group = "nginx";
+  };
+
+  security.acme.defaults.reloadServices = [ "nginx" "vsftpd" ];
+
+  # Nginx
+  services.nginx = {
+    enable = true;
+
+    statusPage = true;
+
+    # Use recommended settings
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts."technogothic.net" = {
+      useACMEHost = "technogothic.net";
+      forceSSL = true;
+      root = pkgs.vampysite;
+
+      locations."=/cv.pdf" = { alias = "/home/ftp/cv.pdf"; };
+
+      extraConfig = ''
+        error_page 404 /404.html;
+      '';
+    };
+
+    virtualHosts."grafana.technogothic.net" = {
+      useACMEHost = "technogothic.net";
+      forceSSL = true;
+
+      locations."/" = {
+        proxyPass = "http://localhost:2342";
+        proxyWebsockets = true;
+      };
+    };
+
+    virtualHosts."home.technogothic.net" = {
+      useACMEHost = "technogothic.net";
+      forceSSL = true;
+
+      locations."/" = {
+        proxyPass = "http://localhost:3000";
+        proxyWebsockets = true;
+      };
+    };
+
+    virtualHosts."thermalpaste.technogothic.net" = {
+      useACMEHost = "technogothic.net";
+      forceSSL = true;
+
+      locations."/" = {
+        proxyPass = "http://localhost:6162";
+        proxyWebsockets = true;
+      };
+    };
   };
 
   # This value determines the NixOS release from which the default

ops/home/network.nix

@@ -26,10 +26,11 @@
         };
       in [
         (testService "bin")
-        (testService "matterbridge")
-        (testService "grafana")
-        (testService "prometheus")
         (testService "fail2ban")
+        (testService "grafana")
+        (testService "matterbridge")
+        (testService "nginx")
+        (testService "prometheus")
       ];
     };
   };