From 7e06d5eeaf21375163631486ac44175716a33ba7 Mon Sep 17 00:00:00 2001
From: Victor <victor@xirion.net>
Date: Sun, 12 Dec 2021 15:51:56 +0100
Subject: [PATCH] nixos: prelim plausible

---
 flake.lock                              | 18 ++++-----
 hosts.nix                               |  5 +++
 nixos/.gitignore                        |  1 +
 nixos/hosts/bastion/configuration.nix   |  1 +
 nixos/hosts/nginx/configuration.nix     |  9 ++---
 nixos/hosts/plausible/configuration.nix | 42 +++++++++++++++++++++
 nixos/pkgs/clickhouse/.gitignore        |  1 +
 nixos/pkgs/clickhouse/clickhouse.nix    |  1 +
 nixos/pkgs/clickhouse/default.nix       | 49 +++++++++++++++++++++++++
 nixos/pkgs/default.nix                  |  2 +
 result                                  |  1 -
 11 files changed, 115 insertions(+), 15 deletions(-)
 create mode 100644 nixos/.gitignore
 create mode 100644 nixos/hosts/plausible/configuration.nix
 create mode 100644 nixos/pkgs/clickhouse/.gitignore
 create mode 100644 nixos/pkgs/clickhouse/clickhouse.nix
 create mode 100644 nixos/pkgs/clickhouse/default.nix
 delete mode 120000 result

diff --git a/flake.lock b/flake.lock
index c592880..b0fc4cb 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1632822684,
-        "narHash": "sha256-lt7eayYmgsD5OQwpb1XYfHpxttn43bWo7G7hIJs+zJw=",
+        "lastModified": 1638665590,
+        "narHash": "sha256-nhtfL3z4TizWHemyZvgLvq11FhYX5Ya4ke+t6Np5PKQ=",
         "owner": "serokell",
         "repo": "deploy-rs",
-        "rev": "9a02de4373e0ec272d08a417b269a28ac8b961b4",
+        "rev": "715e92a13018bc1745fb680b5860af0c5641026a",
         "type": "github"
       },
       "original": {
@@ -196,11 +196,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1637605846,
-        "narHash": "sha256-Llelj1pYeAhGLftPxM2ixSgAfdPBAZOnpBZtpvaZ3Xo=",
+        "lastModified": 1638918949,
+        "narHash": "sha256-HDAM4N7dBB0zVgoflnWyVDrGx4oiIUaEjI8YDwk0FFU=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "d00918ccaf7e1532d35db2f1e3d44db3da39b851",
+        "rev": "4d07862ea6ed637ee85f868d1bf8a833878bc05e",
         "type": "github"
       },
       "original": {
@@ -285,11 +285,11 @@
         "nixpkgs": "nixpkgs_4"
       },
       "locked": {
-        "lastModified": 1637273221,
-        "narHash": "sha256-ByBCiWlVprVgYGGy2ma7W0DKbtp4Xmj7S5whFrIzO3Q=",
+        "lastModified": 1638383949,
+        "narHash": "sha256-k7oMUrp1cMBj59uihyocJVqi4jbU16ycHQqGTJxH1b0=",
         "owner": "serokell",
         "repo": "serokell.nix",
-        "rev": "1649eceabbe6e148b3c1b322b716e873d312599f",
+        "rev": "faebe5b14155d045ae5d3f76193c8e99e664af1b",
         "type": "github"
       },
       "original": {
diff --git a/hosts.nix b/hosts.nix
index 8b12632..038d037 100644
--- a/hosts.nix
+++ b/hosts.nix
@@ -82,6 +82,11 @@
     ip = "10.42.42.17";
     mac = "0A:06:5E:E7:9A:0C";
   }
+  {
+    hostname = "plausible";
+    ip = "10.42.42.18";
+    mac = "82:34:70:FA:44:6F";
+  }
   {
     hostname = "victoriametrics";
     ip = "10.42.42.19";
diff --git a/nixos/.gitignore b/nixos/.gitignore
new file mode 100644
index 0000000..1cd791b
--- /dev/null
+++ b/nixos/.gitignore
@@ -0,0 +1 @@
+result/
diff --git a/nixos/hosts/bastion/configuration.nix b/nixos/hosts/bastion/configuration.nix
index 7b5cc72..5668c0b 100644
--- a/nixos/hosts/bastion/configuration.nix
+++ b/nixos/hosts/bastion/configuration.nix
@@ -36,6 +36,7 @@ in {
 
   # Additional packages
   environment.systemPackages = with pkgs; [
+    binutils
     fix-vscode
     fluxcd
     k9s
diff --git a/nixos/hosts/nginx/configuration.nix b/nixos/hosts/nginx/configuration.nix
index 9816352..81f8937 100644
--- a/nixos/hosts/nginx/configuration.nix
+++ b/nixos/hosts/nginx/configuration.nix
@@ -8,10 +8,8 @@ let
       proxyWebsockets = true;
     };
   };
-  k8s_proxy = proxy "http://10.42.42.150:8000/";
+  k8s_proxy = proxy "http://10.42.42.10:8000/";
 in {
-  imports = [ ];
-
   networking.hostName = "nginx";
 
   # This value determines the NixOS release from which the default
@@ -34,7 +32,8 @@ in {
 
     # Reverse Proxies
     virtualHosts."ha.0x76.dev" = proxy "http://10.42.42.8:8123/";
-    virtualHosts."zookeeper-dev.0x76.dev" = proxy "http://10.42.43.28:8085/";
+    virtualHosts."zookeeper-dev.0x76.dev" = proxy "http://eevee.olympus:8085/";
+    virtualHosts."analytics.0x76.dev" = proxy "http://plausible.olympus:8000/";
 
     # Kubernetes endpoints
     virtualHosts."0x76.dev" = k8s_proxy;
@@ -45,5 +44,5 @@ in {
 
   security.acme.email = "victorheld12@gmail.com";
   security.acme.acceptTerms = true;
-  security.acme.preliminarySelfsigned = false;
+  security.acme.preliminarySelfsigned = true;
 }
diff --git a/nixos/hosts/plausible/configuration.nix b/nixos/hosts/plausible/configuration.nix
new file mode 100644
index 0000000..a4c0b25
--- /dev/null
+++ b/nixos/hosts/plausible/configuration.nix
@@ -0,0 +1,42 @@
+# Edit this configuration file to define what should be installed on
+# your system.  Help is available in the configuration.nix(5) man page
+# and in the NixOS manual (accessible by running ‘nixos-help’).
+
+{ config, pkgs, ... }:
+let 
+  vs = config.vault-secrets.secrets;
+  cfg = config.services.plausible;
+in {
+  imports = [ ];
+
+  networking.hostName = "plausible";
+
+  # This value determines the NixOS release from which the default
+  # settings for stateful data, like file locations and database versions
+  # on your system were taken. It‘s perfectly fine and recommended to leave
+  # this value at the release version of the first install of this system.
+  # Before changing this value read the documentation for this option
+  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
+  system.stateVersion = "21.11"; # Did you read the comment?
+
+  # Additional packages
+  environment.systemPackages = with pkgs; [ ];
+
+  networking.firewall.allowedTCPPorts = [ cfg.server.port ];
+  networking.firewall.allowedUDPPorts = [ ];
+
+  vault-secrets.secrets.plausible = { };
+
+  services.plausible = {
+    enable = false;
+    server = {
+      baseUrl = "https://analytics.0x76.dev";
+      secretKeybaseFile = "${vs.plausible}/secretkeybase";
+    };
+    adminUser = {
+      activate = true;
+      email = "plausible@xirion.net";
+      passwordFile = "${vs.plausible}/password";
+    };
+  };
+}
diff --git a/nixos/pkgs/clickhouse/.gitignore b/nixos/pkgs/clickhouse/.gitignore
new file mode 100644
index 0000000..b2be92b
--- /dev/null
+++ b/nixos/pkgs/clickhouse/.gitignore
@@ -0,0 +1 @@
+result
diff --git a/nixos/pkgs/clickhouse/clickhouse.nix b/nixos/pkgs/clickhouse/clickhouse.nix
new file mode 100644
index 0000000..be3c3bf
--- /dev/null
+++ b/nixos/pkgs/clickhouse/clickhouse.nix
@@ -0,0 +1 @@
+let pkgs = import <nixpkgs> {}; in pkgs.callPackage (./default.nix) { }
diff --git a/nixos/pkgs/clickhouse/default.nix b/nixos/pkgs/clickhouse/default.nix
new file mode 100644
index 0000000..7ed89cd
--- /dev/null
+++ b/nixos/pkgs/clickhouse/default.nix
@@ -0,0 +1,49 @@
+{ stdenv, dpkg, autoPatchelfHook, fetchurl, lib, glibc }:
+stdenv.mkDerivation rec {
+  pname = "clickhouse";
+  version = "21.11.5.33";
+
+  broken = stdenv.buildPlatform.is32bit;
+
+  sourceRoot = ".";
+
+  srcs = [
+    (fetchurl {
+      url =
+        "https://github.com/ClickHouse/ClickHouse/releases/download/v${version}-stable/clickhouse-common-static-${version}.tgz";
+      sha256 = "sha256-WYSxRQWj6We5v3trMZ0r9xr0kyApyEL444os7yTw8fI=";
+    })
+    (fetchurl {
+      url =
+        "https://github.com/ClickHouse/ClickHouse/releases/download/v${version}-stable/clickhouse-server-${version}.tgz";
+      sha256 = "sha256-mxEObzTlW1A7p8END24H/ovxF/PsmmoPWvEjbRmS9X0=";
+    })
+  ];
+
+  nativeBuildInputs = [ autoPatchelfHook ];
+  buildInputs = [
+    glibc
+  ];
+  # hardeningDisable = [ "format" ];
+
+  installPhase = ''
+    mkdir -p $out/{bin,etc}
+    cp -av clickhouse-server-${version}/usr/bin/* $out/bin/
+    cp -av clickhouse-server-${version}/etc/clickhouse-server $out/etc/
+    cp -av clickhouse-common-static-${version}/usr/bin/* $out/bin/
+
+    runHook postInstall
+  '';
+
+  postInstall = ''
+    sed -i -e '\!<log>/var/log/clickhouse-server/clickhouse-server\.log</log>!d' $out/etc/clickhouse-server/config.xml
+    substituteInPlace $out/etc/clickhouse-server/config.xml --replace "<errorlog>/var/log/clickhouse-server/clickhouse-server.err.log</errorlog>" "<console>1</console>"
+  '';
+
+  meta = with lib; {
+    homepage = "https://clickhouse.tech/";
+    description = "Column-oriented database management system";
+    license = licenses.asl20;
+    platforms = platforms.linux;
+  };
+}
diff --git a/nixos/pkgs/default.nix b/nixos/pkgs/default.nix
index 42fa93a..0e944e3 100644
--- a/nixos/pkgs/default.nix
+++ b/nixos/pkgs/default.nix
@@ -1,4 +1,6 @@
 final: prev: {
+  clickhouse = prev.callPackage ./clickhouse { };
+  
   v = {
     unbound = prev.unbound.override {
       withSystemd = true;
diff --git a/result b/result
deleted file mode 120000
index aa1e5b2..0000000
--- a/result
+++ /dev/null
@@ -1 +0,0 @@
-/nix/store/0z1qg2m6fjz3wpb93z3cjrvkr198rp6y-tf
\ No newline at end of file