v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Actions Packages Projects Releases Activity

Updated mosquitto and formatted files

Browse source
This commit is contained in:
Vivian 2021-10-25 12:50:04 +02:00
parent f431bcd53c
commit a1190957f8
15 changed files with 116 additions and 145 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
common/default.nix
View file

@ -17,11 +17,8 @@
nix = {
package = pkgs.nixUnstable;
autoOptimiseStore = true;
binaryCaches = [
"https://cachix.cachix.org"
"https://nix-community.cachix.org"
"https://nixpkgs-review-bot.cachix.org"
];
binaryCaches =
[ "https://cachix.cachix.org" "https://nix-community.cachix.org" "https://nixpkgs-review-bot.cachix.org" ];
binaryCachePublicKeys = [
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="

6
common/generic-lxc.nix
View file

@ -2,11 +2,7 @@
# See also: https://blog.xirion.net/posts/nixos-proxmox-lxc/
# Supress systemd services that don't work (correctly) on LXC
systemd.suppressedSystemUnits = [
"dev-mqueue.mount"
"sys-kernel-debug.mount"
"sys-fs-fuse-connections.mount"
];
systemd.suppressedSystemUnits = [ "dev-mqueue.mount" "sys-kernel-debug.mount" "sys-fs-fuse-connections.mount" ];
# Enable SSH daemon support.
services.openssh.enable = true;

9
common/services/default.nix
View file

@ -1,8 +1 @@
{ config, lib, pkgs, ... }:
{
imports = [
./flood.nix
./unpackerr.nix
./vmagent.nix
];
}
{ config, lib, pkgs, ... }: { imports = [ ./flood.nix ./unpackerr.nix ./vmagent.nix ]; }

14
common/services/flood.nix
View file

@ -1,8 +1,7 @@
{ config, pkgs, lib, ... }:
with lib;
let cfg = config.services.flood;
in
{
in {
options.services.flood = {
enable = mkEnableOption "flood";
@ -111,9 +110,7 @@ in
config = mkIf cfg.enable {
# Create group if set to default
users.groups = mkIf (cfg.group == "rtorrent") {
rtorrent = { };
};
users.groups = mkIf (cfg.group == "rtorrent") { rtorrent = { }; };
# Create user if set to default
users.users = mkIf (cfg.user == "flood") {
@ -140,7 +137,12 @@ in
Type = "simple";
Restart = "on-failure";
WorkingDirectory = cfg.dataDir;
ExecStart = "${cfg.package}/bin/flood --baseuri ${cfg.baseURI} --rundir ${cfg.dataDir} --host ${cfg.host} --port ${toString cfg.port} ${if cfg.ssl then "--ssl" else ""} --auth ${cfg.authMode} --rtsocket ${cfg.rpcSocket} --allowedpath ${cfg.downloadDir}";
ExecStart =
"${cfg.package}/bin/flood --baseuri ${cfg.baseURI} --rundir ${cfg.dataDir} --host ${cfg.host} --port ${
toString cfg.port
} ${
if cfg.ssl then "--ssl" else ""
} --auth ${cfg.authMode} --rtsocket ${cfg.rpcSocket} --allowedpath ${cfg.downloadDir}";
};
};

33
common/services/unpackerr.nix
View file

@ -57,8 +57,7 @@ let
'';
};
};
in
{
in {
options.services.unpackerr = {
enable = mkEnableOption "unpackerr";
@ -151,13 +150,25 @@ in
'';
};
sonarr = mkStarrOptions { name = "Sonarr"; url = "http://localhost:8989"; };
sonarr = mkStarrOptions {
name = "Sonarr";
url = "http://localhost:8989";
};
radarr = mkStarrOptions { name = "Radarr"; url = "http://localhost:7878"; };
radarr = mkStarrOptions {
name = "Radarr";
url = "http://localhost:7878";
};
lidarr = mkStarrOptions { name = "Lidarr"; url = "http://localhost:8686"; };
lidarr = mkStarrOptions {
name = "Lidarr";
url = "http://localhost:8686";
};
readarr = mkStarrOptions { name = "Readarr"; url = "http://localhost:8787"; };
readarr = mkStarrOptions {
name = "Readarr";
url = "http://localhost:8787";
};
folder = {
path = mkOption {
@ -207,21 +218,17 @@ in
extraConfig = mkOption {
type = types.attrs;
default = {};
default = { };
description = ''
Extra environment variables
'';
example = {
UN_WEBHOOK_0_URL = "http://example.com";
};
example = { UN_WEBHOOK_0_URL = "http://example.com"; };
};
};
config = mkIf cfg.enable {
# Create group if set to default
users.groups = mkIf (cfg.group == "unpackerr") {
unpackerr = { };
};
users.groups = mkIf (cfg.group == "unpackerr") { unpackerr = { }; };
# Create user if set to default
users.users = mkIf (cfg.user == "unpackerr") {

13
common/services/vmagent.nix
View file

@ -1,8 +1,7 @@
{ config, pkgs, lib, ... }:
with lib;
let cfg = config.services.vmagent;
in
{
in {
options.services.vmagent = {
enable = mkEnableOption "vmagent";
@ -74,9 +73,7 @@ in
config = mkIf cfg.enable {
# Create group if set to default
users.groups = mkIf (cfg.group == "vmagent") {
vmagent = { };
};
users.groups = mkIf (cfg.group == "vmagent") { vmagent = { }; };
# Create user if set to default
users.users = mkIf (cfg.user == "vmagent") {
@ -93,8 +90,7 @@ in
networking.firewall.allowedTCPPorts = mkIf (cfg.openFirewall) [ 8429 ];
# The actual service
systemd.services.vmagent = let
prometheusConfig = pkgs.writeText "prometheus.yml" cfg.prometheusConfig;
systemd.services.vmagent = let prometheusConfig = pkgs.writeText "prometheus.yml" cfg.prometheusConfig;
in {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];
@ -105,7 +101,8 @@ in
Type = "simple";
Restart = "on-failure";
WorkingDirectory = cfg.dataDir;
ExecStart = "${cfg.package}/bin/vmagent -remoteWrite.url=${cfg.remoteWriteUrl} -promscrape.config=${prometheusConfig}";
ExecStart =
"${cfg.package}/bin/vmagent -remoteWrite.url=${cfg.remoteWriteUrl} -promscrape.config=${prometheusConfig}";
};
};

10
common/users/default.nix
View file

@ -55,13 +55,5 @@
};
# Setup packages available everywhere
environment.systemPackages = with pkgs; [
fzf
git
htop
rsync
ripgrep
vim
zoxide
];
environment.systemPackages = with pkgs; [ fzf git htop rsync ripgrep vim zoxide ];
}

6
flake.lock
View file

@ -54,11 +54,11 @@
},
"nixpkgs_2": {
"locked": {
"lastModified": 1634638999,
"narHash": "sha256-4TWC/3iXsMqTDUu2MJSaCn4xGJpBnlDR+/SL/Aaz2XU=",
"lastModified": 1635141467,
"narHash": "sha256-H+TVE6tBSm4nAepm7HRfW7AcrndI5e4+TJwCQo4/z+s=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a323570a264da96a0b0bcc1c9aa017794acdc752",
"rev": "38d21595b8fb0a744aa31c5794013bf42cf98fa9",
"type": "github"
},
"original": {

18
hosts/bastion/configuration.nix
View file

@ -5,14 +5,13 @@
{ config, pkgs, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
# Import common config
../../common/generic-vm.nix
../../common
];
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# Import common config
../../common/generic-vm.nix
../../common
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
@ -36,13 +35,14 @@
kubectl
kubectx
nodejs-14_x
nixfmt
ripgrep
rsync
tmux
vault
vim
];
#
programs.gnupg.agent = {
enable = true;
pinentryFlavor = "curses";

17
hosts/bastion/hardware-configuration.nix
View file

@ -4,23 +4,18 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
];
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/e8427097-8545-4924-b033-2659fcf9adca";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/e8427097-8545-4924-b033-2659fcf9adca";
fsType = "ext4";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }];
swapDevices = [{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }];
}

23
hosts/k3s/configuration.nix
View file

@ -1,13 +1,11 @@
{ config, pkgs, lib, ... }:
{
imports =
[
# Include the results of the hardware scan.
./hardware-configuration.nix
# Import common config
../../common/generic-vm.nix
../../common
];
{ config, pkgs, lib, ... }: {
imports = [
# Include the results of the hardware scan.
./hardware-configuration.nix
# Import common config
../../common/generic-vm.nix
../../common
];
# Use the GRUB 2 boot loader.
boot.loader.grub.enable = true;
@ -25,10 +23,7 @@
system.stateVersion = "21.05"; # Did you read the comment?
# Additional packages
environment.systemPackages = with pkgs; [
iptables
vim
];
environment.systemPackages = with pkgs; [ iptables vim ];
# Disable the firewall as we need all the ports
networking.firewall.enable = false;

17
hosts/k3s/hardware-configuration.nix
View file

@ -4,23 +4,18 @@
{ config, lib, pkgs, modulesPath, ... }:
{
imports =
[
(modulesPath + "/profiles/qemu-guest.nix")
];
imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ];
boot.extraModulePackages = [ ];
fileSystems."/" =
{
device = "/dev/disk/by-uuid/e8427097-8545-4924-b033-2659fcf9adca";
fsType = "ext4";
};
fileSystems."/" = {
device = "/dev/disk/by-uuid/e8427097-8545-4924-b033-2659fcf9adca";
fsType = "ext4";
};
swapDevices =
[{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }];
swapDevices = [{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }];
}

51
hosts/mosquitto/configuration.nix
View file

@ -3,14 +3,13 @@
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports =
[
# Import common config
../../common/generic-lxc.nix
../../common
];
let mosquittoPort = 1883;
in {
imports = [
# Import common config
../../common/generic-lxc.nix
../../common
];
networking.hostName = "mosquitto";
@ -23,24 +22,22 @@
system.stateVersion = "21.05"; # Did you read the comment?
# Additional packages
environment.systemPackages = with pkgs; [];
environment.systemPackages = with pkgs; [ ];
services.mosquitto = {
users = {
victor = {
acl = ["topic readwrite #"];
};
zigbee2mqtt = {
acl = ["topic readwrite #"];
};
};
enable = true;
port = 1883;
host = "0.0.0.0";
allowAnonymous = true;
aclExtraConf = "topic readwrite #";
listeners = [{
port = 1883;
settings.allow_anonymous = true;
acl = [ "topic readwrite #" ];
users = {
victor = { acl = [ "readwrite #" ]; };
zigbee2mqtt = { acl = [ "readwrite #" ]; };
};
}];
};
services.zigbee2mqtt = {
@ -50,17 +47,17 @@
homeassistant = true;
permit_join = true;
serial = {
port = "/dev/ttyUSB0";
};
serial = { port = "/dev/ttyUSB0"; };
mqtt = {
base_topic = "zigbee2mqtt";
server = "mqtt://localhost:${toString config.services.mosquitto.port}";
server = "mqtt://localhost:${toString mosquittoPort}";
user = "zigbee2mqtt";
};
frontend = { port = 8080; };
};
};
networking.firewall.allowedTCPPorts = [ config.services.mosquitto.port ];
networking.firewall.allowedTCPPorts = [ mosquittoPort config.services.zigbee2mqtt.settings.frontend.port ];
}

23
hosts/nginx/configuration.nix
View file

@ -5,13 +5,11 @@
{ config, pkgs, ... }:
{
imports =
[
# Import common config
../../common/generic-lxc.nix
../../common
];
imports = [
# Import common config
../../common/generic-lxc.nix
../../common
];
networking.hostName = "nginx";
@ -24,7 +22,7 @@
system.stateVersion = "21.05"; # Did you read the comment?
# Additional packages
environment.systemPackages = with pkgs; [];
environment.systemPackages = with pkgs; [ ];
networking.firewall.allowedTCPPorts = [ 80 443 ];
@ -41,6 +39,15 @@
proxyWebsockets = true;
};
};
virtualHosts."zookeeper.0x76.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.42.43.28:8085/";
proxyWebsockets = true;
};
};
};
security.acme.email = "victorheld12@gmail.com";

14
hosts/vault/configuration.nix
View file

@ -5,13 +5,11 @@
{ config, pkgs, ... }:
{
imports =
[
# Import common config
../../common/generic-lxc.nix
../../common
];
imports = [
# Import common config
../../common/generic-lxc.nix
../../common
];
networking.hostName = "vault";
@ -24,7 +22,7 @@
system.stateVersion = "21.05"; # Did you read the comment?
# Additional packages
environment.systemPackages = with pkgs; [];
environment.systemPackages = with pkgs; [ ];
# Vault
networking.firewall.allowedTCPPorts = [ 8200 ];