From a1190957f8f791525d1fede4103379a5277e8f37 Mon Sep 17 00:00:00 2001 From: Victor Date: Mon, 25 Oct 2021 12:50:04 +0200 Subject: [PATCH] Updated mosquitto and formatted files --- common/default.nix | 7 +--- common/generic-lxc.nix | 6 +-- common/services/default.nix | 9 +---- common/services/flood.nix | 14 ++++--- common/services/unpackerr.nix | 33 +++++++++------ common/services/vmagent.nix | 13 +++--- common/users/default.nix | 10 +---- flake.lock | 6 +-- hosts/bastion/configuration.nix | 18 ++++----- hosts/bastion/hardware-configuration.nix | 17 +++----- hosts/k3s/configuration.nix | 23 +++++------ hosts/k3s/hardware-configuration.nix | 17 +++----- hosts/mosquitto/configuration.nix | 51 +++++++++++------------- hosts/nginx/configuration.nix | 23 +++++++---- hosts/vault/configuration.nix | 14 +++---- 15 files changed, 116 insertions(+), 145 deletions(-) diff --git a/common/default.nix b/common/default.nix index e6d82f9..0ed836c 100644 --- a/common/default.nix +++ b/common/default.nix @@ -17,11 +17,8 @@ nix = { package = pkgs.nixUnstable; autoOptimiseStore = true; - binaryCaches = [ - "https://cachix.cachix.org" - "https://nix-community.cachix.org" - "https://nixpkgs-review-bot.cachix.org" - ]; + binaryCaches = + [ "https://cachix.cachix.org" "https://nix-community.cachix.org" "https://nixpkgs-review-bot.cachix.org" ]; binaryCachePublicKeys = [ "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" diff --git a/common/generic-lxc.nix b/common/generic-lxc.nix index 8de709a..1bf6c58 100644 --- a/common/generic-lxc.nix +++ b/common/generic-lxc.nix @@ -2,11 +2,7 @@ # See also: https://blog.xirion.net/posts/nixos-proxmox-lxc/ # Supress systemd services that don't work (correctly) on LXC - systemd.suppressedSystemUnits = [ - "dev-mqueue.mount" - "sys-kernel-debug.mount" - "sys-fs-fuse-connections.mount" - ]; + systemd.suppressedSystemUnits = [ "dev-mqueue.mount" "sys-kernel-debug.mount" "sys-fs-fuse-connections.mount" ]; # Enable SSH daemon support. services.openssh.enable = true; diff --git a/common/services/default.nix b/common/services/default.nix index 9fa6e60..192c835 100644 --- a/common/services/default.nix +++ b/common/services/default.nix @@ -1,8 +1 @@ -{ config, lib, pkgs, ... }: -{ - imports = [ - ./flood.nix - ./unpackerr.nix - ./vmagent.nix - ]; -} +{ config, lib, pkgs, ... }: { imports = [ ./flood.nix ./unpackerr.nix ./vmagent.nix ]; } diff --git a/common/services/flood.nix b/common/services/flood.nix index 3616bfa..cd698d8 100644 --- a/common/services/flood.nix +++ b/common/services/flood.nix @@ -1,8 +1,7 @@ { config, pkgs, lib, ... }: with lib; let cfg = config.services.flood; -in -{ +in { options.services.flood = { enable = mkEnableOption "flood"; @@ -111,9 +110,7 @@ in config = mkIf cfg.enable { # Create group if set to default - users.groups = mkIf (cfg.group == "rtorrent") { - rtorrent = { }; - }; + users.groups = mkIf (cfg.group == "rtorrent") { rtorrent = { }; }; # Create user if set to default users.users = mkIf (cfg.user == "flood") { @@ -140,7 +137,12 @@ in Type = "simple"; Restart = "on-failure"; WorkingDirectory = cfg.dataDir; - ExecStart = "${cfg.package}/bin/flood --baseuri ${cfg.baseURI} --rundir ${cfg.dataDir} --host ${cfg.host} --port ${toString cfg.port} ${if cfg.ssl then "--ssl" else ""} --auth ${cfg.authMode} --rtsocket ${cfg.rpcSocket} --allowedpath ${cfg.downloadDir}"; + ExecStart = + "${cfg.package}/bin/flood --baseuri ${cfg.baseURI} --rundir ${cfg.dataDir} --host ${cfg.host} --port ${ + toString cfg.port + } ${ + if cfg.ssl then "--ssl" else "" + } --auth ${cfg.authMode} --rtsocket ${cfg.rpcSocket} --allowedpath ${cfg.downloadDir}"; }; }; diff --git a/common/services/unpackerr.nix b/common/services/unpackerr.nix index 7135b06..e1d88c3 100644 --- a/common/services/unpackerr.nix +++ b/common/services/unpackerr.nix @@ -57,8 +57,7 @@ let ''; }; }; -in -{ +in { options.services.unpackerr = { enable = mkEnableOption "unpackerr"; @@ -151,13 +150,25 @@ in ''; }; - sonarr = mkStarrOptions { name = "Sonarr"; url = "http://localhost:8989"; }; + sonarr = mkStarrOptions { + name = "Sonarr"; + url = "http://localhost:8989"; + }; - radarr = mkStarrOptions { name = "Radarr"; url = "http://localhost:7878"; }; + radarr = mkStarrOptions { + name = "Radarr"; + url = "http://localhost:7878"; + }; - lidarr = mkStarrOptions { name = "Lidarr"; url = "http://localhost:8686"; }; + lidarr = mkStarrOptions { + name = "Lidarr"; + url = "http://localhost:8686"; + }; - readarr = mkStarrOptions { name = "Readarr"; url = "http://localhost:8787"; }; + readarr = mkStarrOptions { + name = "Readarr"; + url = "http://localhost:8787"; + }; folder = { path = mkOption { @@ -207,21 +218,17 @@ in extraConfig = mkOption { type = types.attrs; - default = {}; + default = { }; description = '' Extra environment variables ''; - example = { - UN_WEBHOOK_0_URL = "http://example.com"; - }; + example = { UN_WEBHOOK_0_URL = "http://example.com"; }; }; }; config = mkIf cfg.enable { # Create group if set to default - users.groups = mkIf (cfg.group == "unpackerr") { - unpackerr = { }; - }; + users.groups = mkIf (cfg.group == "unpackerr") { unpackerr = { }; }; # Create user if set to default users.users = mkIf (cfg.user == "unpackerr") { diff --git a/common/services/vmagent.nix b/common/services/vmagent.nix index 677b3d1..5ca3e4c 100644 --- a/common/services/vmagent.nix +++ b/common/services/vmagent.nix @@ -1,8 +1,7 @@ { config, pkgs, lib, ... }: with lib; let cfg = config.services.vmagent; -in -{ +in { options.services.vmagent = { enable = mkEnableOption "vmagent"; @@ -74,9 +73,7 @@ in config = mkIf cfg.enable { # Create group if set to default - users.groups = mkIf (cfg.group == "vmagent") { - vmagent = { }; - }; + users.groups = mkIf (cfg.group == "vmagent") { vmagent = { }; }; # Create user if set to default users.users = mkIf (cfg.user == "vmagent") { @@ -93,8 +90,7 @@ in networking.firewall.allowedTCPPorts = mkIf (cfg.openFirewall) [ 8429 ]; # The actual service - systemd.services.vmagent = let - prometheusConfig = pkgs.writeText "prometheus.yml" cfg.prometheusConfig; + systemd.services.vmagent = let prometheusConfig = pkgs.writeText "prometheus.yml" cfg.prometheusConfig; in { wantedBy = [ "multi-user.target" ]; after = [ "network.target" ]; @@ -105,7 +101,8 @@ in Type = "simple"; Restart = "on-failure"; WorkingDirectory = cfg.dataDir; - ExecStart = "${cfg.package}/bin/vmagent -remoteWrite.url=${cfg.remoteWriteUrl} -promscrape.config=${prometheusConfig}"; + ExecStart = + "${cfg.package}/bin/vmagent -remoteWrite.url=${cfg.remoteWriteUrl} -promscrape.config=${prometheusConfig}"; }; }; diff --git a/common/users/default.nix b/common/users/default.nix index 459cce4..4514f13 100644 --- a/common/users/default.nix +++ b/common/users/default.nix @@ -55,13 +55,5 @@ }; # Setup packages available everywhere - environment.systemPackages = with pkgs; [ - fzf - git - htop - rsync - ripgrep - vim - zoxide - ]; + environment.systemPackages = with pkgs; [ fzf git htop rsync ripgrep vim zoxide ]; } diff --git a/flake.lock b/flake.lock index 6ad1d49..018b202 100644 --- a/flake.lock +++ b/flake.lock @@ -54,11 +54,11 @@ }, "nixpkgs_2": { "locked": { - "lastModified": 1634638999, - "narHash": "sha256-4TWC/3iXsMqTDUu2MJSaCn4xGJpBnlDR+/SL/Aaz2XU=", + "lastModified": 1635141467, + "narHash": "sha256-H+TVE6tBSm4nAepm7HRfW7AcrndI5e4+TJwCQo4/z+s=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "a323570a264da96a0b0bcc1c9aa017794acdc752", + "rev": "38d21595b8fb0a744aa31c5794013bf42cf98fa9", "type": "github" }, "original": { diff --git a/hosts/bastion/configuration.nix b/hosts/bastion/configuration.nix index ca7c418..06bd4fc 100644 --- a/hosts/bastion/configuration.nix +++ b/hosts/bastion/configuration.nix @@ -5,14 +5,13 @@ { config, pkgs, ... }: { - imports = - [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - # Import common config - ../../common/generic-vm.nix - ../../common - ]; + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + # Import common config + ../../common/generic-vm.nix + ../../common + ]; # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; @@ -36,13 +35,14 @@ kubectl kubectx nodejs-14_x + nixfmt ripgrep rsync tmux vault vim ]; - + # programs.gnupg.agent = { enable = true; pinentryFlavor = "curses"; diff --git a/hosts/bastion/hardware-configuration.nix b/hosts/bastion/hardware-configuration.nix index 9c5d168..9c6082b 100644 --- a/hosts/bastion/hardware-configuration.nix +++ b/hosts/bastion/hardware-configuration.nix @@ -4,23 +4,18 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = - [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { - device = "/dev/disk/by-uuid/e8427097-8545-4924-b033-2659fcf9adca"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/e8427097-8545-4924-b033-2659fcf9adca"; + fsType = "ext4"; + }; - swapDevices = - [{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }]; + swapDevices = [{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }]; } diff --git a/hosts/k3s/configuration.nix b/hosts/k3s/configuration.nix index 5fa03fa..0af4b9e 100644 --- a/hosts/k3s/configuration.nix +++ b/hosts/k3s/configuration.nix @@ -1,13 +1,11 @@ -{ config, pkgs, lib, ... }: -{ - imports = - [ - # Include the results of the hardware scan. - ./hardware-configuration.nix - # Import common config - ../../common/generic-vm.nix - ../../common - ]; +{ config, pkgs, lib, ... }: { + imports = [ + # Include the results of the hardware scan. + ./hardware-configuration.nix + # Import common config + ../../common/generic-vm.nix + ../../common + ]; # Use the GRUB 2 boot loader. boot.loader.grub.enable = true; @@ -25,10 +23,7 @@ system.stateVersion = "21.05"; # Did you read the comment? # Additional packages - environment.systemPackages = with pkgs; [ - iptables - vim - ]; + environment.systemPackages = with pkgs; [ iptables vim ]; # Disable the firewall as we need all the ports networking.firewall.enable = false; diff --git a/hosts/k3s/hardware-configuration.nix b/hosts/k3s/hardware-configuration.nix index 9c5d168..9c6082b 100644 --- a/hosts/k3s/hardware-configuration.nix +++ b/hosts/k3s/hardware-configuration.nix @@ -4,23 +4,18 @@ { config, lib, pkgs, modulesPath, ... }: { - imports = - [ - (modulesPath + "/profiles/qemu-guest.nix") - ]; + imports = [ (modulesPath + "/profiles/qemu-guest.nix") ]; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; boot.initrd.kernelModules = [ ]; boot.kernelModules = [ ]; boot.extraModulePackages = [ ]; - fileSystems."/" = - { - device = "/dev/disk/by-uuid/e8427097-8545-4924-b033-2659fcf9adca"; - fsType = "ext4"; - }; + fileSystems."/" = { + device = "/dev/disk/by-uuid/e8427097-8545-4924-b033-2659fcf9adca"; + fsType = "ext4"; + }; - swapDevices = - [{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }]; + swapDevices = [{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }]; } diff --git a/hosts/mosquitto/configuration.nix b/hosts/mosquitto/configuration.nix index dfd29b8..b4ec43b 100644 --- a/hosts/mosquitto/configuration.nix +++ b/hosts/mosquitto/configuration.nix @@ -3,14 +3,13 @@ # and in the NixOS manual (accessible by running ‘nixos-help’). { config, pkgs, ... }: - -{ - imports = - [ - # Import common config - ../../common/generic-lxc.nix - ../../common - ]; +let mosquittoPort = 1883; +in { + imports = [ + # Import common config + ../../common/generic-lxc.nix + ../../common + ]; networking.hostName = "mosquitto"; @@ -23,24 +22,22 @@ system.stateVersion = "21.05"; # Did you read the comment? # Additional packages - environment.systemPackages = with pkgs; []; + environment.systemPackages = with pkgs; [ ]; services.mosquitto = { - users = { - victor = { - acl = ["topic readwrite #"]; - }; - zigbee2mqtt = { - acl = ["topic readwrite #"]; - }; - }; + enable = true; - port = 1883; - host = "0.0.0.0"; - - allowAnonymous = true; - aclExtraConf = "topic readwrite #"; + listeners = [{ + port = 1883; + settings.allow_anonymous = true; + acl = [ "topic readwrite #" ]; + users = { + victor = { acl = [ "readwrite #" ]; }; + zigbee2mqtt = { acl = [ "readwrite #" ]; }; + }; + }]; + }; services.zigbee2mqtt = { @@ -50,17 +47,17 @@ homeassistant = true; permit_join = true; - serial = { - port = "/dev/ttyUSB0"; - }; + serial = { port = "/dev/ttyUSB0"; }; mqtt = { base_topic = "zigbee2mqtt"; - server = "mqtt://localhost:${toString config.services.mosquitto.port}"; + server = "mqtt://localhost:${toString mosquittoPort}"; user = "zigbee2mqtt"; }; + + frontend = { port = 8080; }; }; }; - networking.firewall.allowedTCPPorts = [ config.services.mosquitto.port ]; + networking.firewall.allowedTCPPorts = [ mosquittoPort config.services.zigbee2mqtt.settings.frontend.port ]; } diff --git a/hosts/nginx/configuration.nix b/hosts/nginx/configuration.nix index 6137c15..f986249 100644 --- a/hosts/nginx/configuration.nix +++ b/hosts/nginx/configuration.nix @@ -5,13 +5,11 @@ { config, pkgs, ... }: { - imports = - [ - # Import common config - ../../common/generic-lxc.nix - ../../common - ]; - + imports = [ + # Import common config + ../../common/generic-lxc.nix + ../../common + ]; networking.hostName = "nginx"; @@ -24,7 +22,7 @@ system.stateVersion = "21.05"; # Did you read the comment? # Additional packages - environment.systemPackages = with pkgs; []; + environment.systemPackages = with pkgs; [ ]; networking.firewall.allowedTCPPorts = [ 80 443 ]; @@ -41,6 +39,15 @@ proxyWebsockets = true; }; }; + + virtualHosts."zookeeper.0x76.dev" = { + enableACME = true; + forceSSL = true; + locations."/" = { + proxyPass = "http://10.42.43.28:8085/"; + proxyWebsockets = true; + }; + }; }; security.acme.email = "victorheld12@gmail.com"; diff --git a/hosts/vault/configuration.nix b/hosts/vault/configuration.nix index 6ba1188..19c46c0 100644 --- a/hosts/vault/configuration.nix +++ b/hosts/vault/configuration.nix @@ -5,13 +5,11 @@ { config, pkgs, ... }: { - imports = - [ - # Import common config - ../../common/generic-lxc.nix - ../../common - ]; - + imports = [ + # Import common config + ../../common/generic-lxc.nix + ../../common + ]; networking.hostName = "vault"; @@ -24,7 +22,7 @@ system.stateVersion = "21.05"; # Did you read the comment? # Additional packages - environment.systemPackages = with pkgs; []; + environment.systemPackages = with pkgs; [ ]; # Vault networking.firewall.allowedTCPPorts = [ 8200 ];