nixos: prelim plausible

2021-12-12 15:51:56 +01:00 · 2021-12-12 15:51:56 +01:00 · 7e06d5eeaf
parent a427307797
commit 7e06d5eeaf
11 changed files with 115 additions and 15 deletions
--- a/flake.lock
+++ b/flake.lock
@ -7,11 +7,11 @@
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1632822684,
-        "narHash": "sha256-lt7eayYmgsD5OQwpb1XYfHpxttn43bWo7G7hIJs+zJw=",
+        "lastModified": 1638665590,
+        "narHash": "sha256-nhtfL3z4TizWHemyZvgLvq11FhYX5Ya4ke+t6Np5PKQ=",
        "owner": "serokell",
        "repo": "deploy-rs",
-        "rev": "9a02de4373e0ec272d08a417b269a28ac8b961b4",
+        "rev": "715e92a13018bc1745fb680b5860af0c5641026a",
        "type": "github"
      },
      "original": {
@ -196,11 +196,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1637605846,
-        "narHash": "sha256-Llelj1pYeAhGLftPxM2ixSgAfdPBAZOnpBZtpvaZ3Xo=",
+        "lastModified": 1638918949,
+        "narHash": "sha256-HDAM4N7dBB0zVgoflnWyVDrGx4oiIUaEjI8YDwk0FFU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "d00918ccaf7e1532d35db2f1e3d44db3da39b851",
+        "rev": "4d07862ea6ed637ee85f868d1bf8a833878bc05e",
        "type": "github"
      },
      "original": {
@ -285,11 +285,11 @@
        "nixpkgs": "nixpkgs_4"
      },
      "locked": {
-        "lastModified": 1637273221,
-        "narHash": "sha256-ByBCiWlVprVgYGGy2ma7W0DKbtp4Xmj7S5whFrIzO3Q=",
+        "lastModified": 1638383949,
+        "narHash": "sha256-k7oMUrp1cMBj59uihyocJVqi4jbU16ycHQqGTJxH1b0=",
        "owner": "serokell",
        "repo": "serokell.nix",
-        "rev": "1649eceabbe6e148b3c1b322b716e873d312599f",
+        "rev": "faebe5b14155d045ae5d3f76193c8e99e664af1b",
        "type": "github"
      },
      "original": {
--- a/hosts.nix
+++ b/hosts.nix
@ -82,6 +82,11 @@
    ip = "10.42.42.17";
    mac = "0A:06:5E:E7:9A:0C";
  }
+  {
+    hostname = "plausible";
+    ip = "10.42.42.18";
+    mac = "82:34:70:FA:44:6F";
+  }
  {
    hostname = "victoriametrics";
    ip = "10.42.42.19";
--- a/nixos/.gitignore
+++ b/nixos/.gitignore
@ -0,0 +1 @@
+result/
--- a/nixos/hosts/bastion/configuration.nix
+++ b/nixos/hosts/bastion/configuration.nix
@ -36,6 +36,7 @@ in {

  # Additional packages
  environment.systemPackages = with pkgs; [
+    binutils
    fix-vscode
    fluxcd
    k9s
--- a/nixos/hosts/nginx/configuration.nix
+++ b/nixos/hosts/nginx/configuration.nix
@ -8,10 +8,8 @@ let
      proxyWebsockets = true;
    };
  };
-  k8s_proxy = proxy "http://10.42.42.150:8000/";
+  k8s_proxy = proxy "http://10.42.42.10:8000/";
 in {
-  imports = [ ];
-
  networking.hostName = "nginx";

  # This value determines the NixOS release from which the default
@ -34,7 +32,8 @@ in {

    # Reverse Proxies
    virtualHosts."ha.0x76.dev" = proxy "http://10.42.42.8:8123/";
-    virtualHosts."zookeeper-dev.0x76.dev" = proxy "http://10.42.43.28:8085/";
+    virtualHosts."zookeeper-dev.0x76.dev" = proxy "http://eevee.olympus:8085/";
+    virtualHosts."analytics.0x76.dev" = proxy "http://plausible.olympus:8000/";

    # Kubernetes endpoints
    virtualHosts."0x76.dev" = k8s_proxy;
@ -45,5 +44,5 @@ in {

  security.acme.email = "victorheld12@gmail.com";
  security.acme.acceptTerms = true;
-  security.acme.preliminarySelfsigned = false;
+  security.acme.preliminarySelfsigned = true;
 }
--- a/nixos/hosts/plausible/configuration.nix
+++ b/nixos/hosts/plausible/configuration.nix
@ -0,0 +1,42 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+let 
+  vs = config.vault-secrets.secrets;
+  cfg = config.services.plausible;
+in {
+  imports = [ ];
+
+  networking.hostName = "plausible";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.11"; # Did you read the comment?
+
+  # Additional packages
+  environment.systemPackages = with pkgs; [ ];
+
+  networking.firewall.allowedTCPPorts = [ cfg.server.port ];
+  networking.firewall.allowedUDPPorts = [ ];
+
+  vault-secrets.secrets.plausible = { };
+
+  services.plausible = {
+    enable = false;
+    server = {
+      baseUrl = "https://analytics.0x76.dev";
+      secretKeybaseFile = "${vs.plausible}/secretkeybase";
+    };
+    adminUser = {
+      activate = true;
+      email = "plausible@xirion.net";
+      passwordFile = "${vs.plausible}/password";
+    };
+  };
+}
--- a/nixos/pkgs/clickhouse/.gitignore
+++ b/nixos/pkgs/clickhouse/.gitignore
@ -0,0 +1 @@
+result
--- a/nixos/pkgs/clickhouse/clickhouse.nix
+++ b/nixos/pkgs/clickhouse/clickhouse.nix
@ -0,0 +1 @@
+let pkgs = import <nixpkgs> {}; in pkgs.callPackage (./default.nix) { }
--- a/nixos/pkgs/clickhouse/default.nix
+++ b/nixos/pkgs/clickhouse/default.nix
@ -0,0 +1,49 @@
+{ stdenv, dpkg, autoPatchelfHook, fetchurl, lib, glibc }:
+stdenv.mkDerivation rec {
+  pname = "clickhouse";
+  version = "21.11.5.33";
+
+  broken = stdenv.buildPlatform.is32bit;
+
+  sourceRoot = ".";
+
+  srcs = [
+    (fetchurl {
+      url =
+        "https://github.com/ClickHouse/ClickHouse/releases/download/v${version}-stable/clickhouse-common-static-${version}.tgz";
+      sha256 = "sha256-WYSxRQWj6We5v3trMZ0r9xr0kyApyEL444os7yTw8fI=";
+    })
+    (fetchurl {
+      url =
+        "https://github.com/ClickHouse/ClickHouse/releases/download/v${version}-stable/clickhouse-server-${version}.tgz";
+      sha256 = "sha256-mxEObzTlW1A7p8END24H/ovxF/PsmmoPWvEjbRmS9X0=";
+    })
+  ];
+
+  nativeBuildInputs = [ autoPatchelfHook ];
+  buildInputs = [
+    glibc
+  ];
+  # hardeningDisable = [ "format" ];
+
+  installPhase = ''
+    mkdir -p $out/{bin,etc}
+    cp -av clickhouse-server-${version}/usr/bin/* $out/bin/
+    cp -av clickhouse-server-${version}/etc/clickhouse-server $out/etc/
+    cp -av clickhouse-common-static-${version}/usr/bin/* $out/bin/
+
+    runHook postInstall
+  '';
+
+  postInstall = ''
+    sed -i -e '\!<log>/var/log/clickhouse-server/clickhouse-server\.log</log>!d' $out/etc/clickhouse-server/config.xml
+    substituteInPlace $out/etc/clickhouse-server/config.xml --replace "<errorlog>/var/log/clickhouse-server/clickhouse-server.err.log</errorlog>" "<console>1</console>"
+  '';
+
+  meta = with lib; {
+    homepage = "https://clickhouse.tech/";
+    description = "Column-oriented database management system";
+    license = licenses.asl20;
+    platforms = platforms.linux;
+  };
+}
--- a/nixos/pkgs/default.nix
+++ b/nixos/pkgs/default.nix
@ -1,4 +1,6 @@
 final: prev: {
+  clickhouse = prev.callPackage ./clickhouse { };
+  
  v = {
    unbound = prev.unbound.override {
      withSystemd = true;
--- a/1
+++ b/1
@ -1 +0,0 @@
-/nix/store/0z1qg2m6fjz3wpb93z3cjrvkr198rp6y-tf
				`@ -0,0 +1 @@`
				`let pkgs = import <nixpkgs> {}; in pkgs.callPackage (./default.nix) { }`
				`@ -1 +0,0 @@`
				`/nix/store/0z1qg2m6fjz3wpb93z3cjrvkr198rp6y-tf`