Add Nginx

2023-03-06 20:43:10 +01:00 · 2023-03-06 20:43:10 +01:00 · 5e44abf3b6
parent f334b2027a
commit 5e44abf3b6
5 changed files with 156 additions and 18 deletions
--- a/common/fragments/grafana.nix
+++ b/common/fragments/grafana.nix
@ -15,13 +15,27 @@
    enable = true;
    port = 9001;
    retentionTime = "365d";
-    scrapeConfigs = [{
+    scrapeConfigs = [
+      {
        job_name = "bloodletting";
        static_configs = [{
          targets = [
-          "localhost:${toString config.services.prometheus.exporters.node.port}"
+            "localhost:${
+              toString config.services.prometheus.exporters.node.port
+            }"
          ];
        }];
+      }
+      {
+        job_name = "nginx";
+        static_configs = [{
+          targets = [
+            "localhost:${
+              toString config.services.prometheus.exporters.nginx.port
+            }"
+          ];
        }];
+      }
+    ];
  };
 }
--- a/common/fragments/prometheus_exporters.nix
+++ b/common/fragments/prometheus_exporters.nix
@ -7,10 +7,18 @@
        enabledCollectors = [ "systemd" ];
        port = 9002;
      };
+      nginx = {
+        enable = true;
+        port = 9003;
+        openFirewall = true;
+      };
    };
  };

  networking.firewall.allowedTCPPorts =
-    [ config.services.prometheus.exporters.node.port ];
+    map (name: config.services.prometheus.exporters.${name}.port) [
+      "node"
+      "nginx"
+    ];
 }

--- a/common/pkgs/vampysite.nix
+++ b/common/pkgs/vampysite.nix
@ -0,0 +1,58 @@
+{ pkgs, lib, ... }:
+let
+  version = "10768ce069f5c08e8e4393c494f0c6900922170c";
+  repo = pkgs.fetchgit {
+    url = "https://git.lain.faith/sorceress/vampysite.git";
+    rev = version;
+    sha256 = "1lniwqyhj6r3pwwd4qp01yhfxjbwclw5dn58dgf4kk45f9qgniy3";
+  };
+
+  patched_pkgs = import (builtins.fetchTarball
+    "https://github.com/AgathaSorceress/nixpkgs/tarball/image-optim-pack-cleanup") {
+      inherit (pkgs) config;
+    };
+
+  jekyll_env = patched_pkgs.bundlerEnv {
+    name = "jekyll_env";
+    inherit (pkgs) ruby;
+
+    gemdir = "${repo}/.";
+  };
+  image_optim_deps = with pkgs; [
+    pngout
+    advancecomp
+    optipng
+    pngquant
+    jhead
+    jpegoptim
+    jpeg-archive
+    libjpeg
+  ];
+in pkgs.stdenv.mkDerivation {
+  inherit version;
+  name = "vampysite";
+
+  src = repo;
+
+  buildInputs = with pkgs; [
+    jekyll_env
+    # nokogiri dependencies
+    zlib
+    libiconv
+    libxml2
+    libxslt
+    # jekyll wants a JS runtime
+    nodejs-slim
+  ];
+
+  buildPhase = ''
+    export PATH="${lib.escapeShellArg (lib.makeBinPath image_optim_deps)}":$PATH
+
+    bundle exec jekyll build 
+  '';
+
+  installPhase = ''
+    mkdir -p $out
+    cp -r _site/* $out/
+  '';
+}
--- a/hosts/bloodletting/configuration.nix
+++ b/hosts/bloodletting/configuration.nix
@ -9,11 +9,15 @@
    ../../common/fragments/matterbridge.nix
    ../../common/fragments/nyandroid.nix
    ../../common/fragments/prometheus_exporters.nix
+    ../../common/fragments/vsftpd.nix
    ../../common/home_manager/common.nix
  ];

  nixpkgs.overlays = [
-    (self: super: { bin = self.callPackage ../../common/pkgs/bin.nix { }; })
+    (self: super: {
+      bin = self.callPackage ../../common/pkgs/bin.nix { };
+      vampysite = self.callPackage ../../common/pkgs/vampysite.nix { };
+    })
  ];

  # Bootloader.
@ -26,11 +30,6 @@
  # Enable networking
  networking.networkmanager.enable = true;

-  # System packages
-  environment.systemPackages = with pkgs; [ bin matterbridge vsftpd ];
-
-  environment.variables.EDITOR = "helix";
-
  # Enable the OpenSSH daemon.
  services.openssh = {
    enable = true;
@ -66,6 +65,64 @@
    domain = "*.technogothic.net";
    dnsProvider = "rfc2136";
    credentialsFile = "/var/lib/secrets/rfc2136-technogothic-net";
+    group = "nginx";
+  };
+
+  security.acme.defaults.reloadServices = [ "nginx" "vsftpd" ];
+
+  # Nginx
+  services.nginx = {
+    enable = true;
+
+    statusPage = true;
+
+    # Use recommended settings
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts."technogothic.net" = {
+      useACMEHost = "technogothic.net";
+      forceSSL = true;
+      root = pkgs.vampysite;
+
+      locations."=/cv.pdf" = { alias = "/home/ftp/cv.pdf"; };
+
+      extraConfig = ''
+        error_page 404 /404.html;
+      '';
+    };
+
+    virtualHosts."grafana.technogothic.net" = {
+      useACMEHost = "technogothic.net";
+      forceSSL = true;
+
+      locations."/" = {
+        proxyPass = "http://localhost:2342";
+        proxyWebsockets = true;
+      };
+    };
+
+    virtualHosts."home.technogothic.net" = {
+      useACMEHost = "technogothic.net";
+      forceSSL = true;
+
+      locations."/" = {
+        proxyPass = "http://localhost:3000";
+        proxyWebsockets = true;
+      };
+    };
+
+    virtualHosts."thermalpaste.technogothic.net" = {
+      useACMEHost = "technogothic.net";
+      forceSSL = true;
+
+      locations."/" = {
+        proxyPass = "http://localhost:6162";
+        proxyWebsockets = true;
+      };
+    };
  };

  # This value determines the NixOS release from which the default
--- a/ops/home/network.nix
+++ b/ops/home/network.nix
@ -26,10 +26,11 @@
        };
      in [
        (testService "bin")
-        (testService "matterbridge")
-        (testService "grafana")
-        (testService "prometheus")
        (testService "fail2ban")
+        (testService "grafana")
+        (testService "matterbridge")
+        (testService "nginx")
+        (testService "prometheus")
      ];
    };
  };