v/infrastructure
1
0
Fork 0
Code Issues 13 Pull requests 1 Actions Packages Projects Releases Activity

Updated mosquitto and formatted files

Browse source
This commit is contained in:
Vivian 2021-10-25 12:50:04 +02:00
parent f431bcd53c
commit a1190957f8
15 changed files with 116 additions and 145 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
common/default.nix
View file

@ -17,11 +17,8 @@
nix = { nix = {
package = pkgs.nixUnstable; package = pkgs.nixUnstable;
autoOptimiseStore = true; autoOptimiseStore = true;
binaryCaches = [ binaryCaches =
"https://cachix.cachix.org" [ "https://cachix.cachix.org" "https://nix-community.cachix.org" "https://nixpkgs-review-bot.cachix.org" ];
"https://nix-community.cachix.org"
"https://nixpkgs-review-bot.cachix.org"
];
binaryCachePublicKeys = [ binaryCachePublicKeys = [
"cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM=" "cachix.cachix.org-1:eWNHQldwUO7G2VkjpnjDbWwy4KQ/HNxht7H4SSoMckM="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="

6
common/generic-lxc.nix
View file

@ -2,11 +2,7 @@
# See also: https://blog.xirion.net/posts/nixos-proxmox-lxc/ # See also: https://blog.xirion.net/posts/nixos-proxmox-lxc/
# Supress systemd services that don't work (correctly) on LXC # Supress systemd services that don't work (correctly) on LXC
systemd.suppressedSystemUnits = [ systemd.suppressedSystemUnits = [ "dev-mqueue.mount" "sys-kernel-debug.mount" "sys-fs-fuse-connections.mount" ];
"dev-mqueue.mount"
"sys-kernel-debug.mount"
"sys-fs-fuse-connections.mount"
];
# Enable SSH daemon support. # Enable SSH daemon support.
services.openssh.enable = true; services.openssh.enable = true;

9
common/services/default.nix
View file

@ -1,8 +1 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }: { imports = [ ./flood.nix ./unpackerr.nix ./vmagent.nix ]; }
{
imports = [
./flood.nix
./unpackerr.nix
./vmagent.nix
];
}

14
common/services/flood.nix
View file

@ -1,8 +1,7 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with lib; with lib;
let cfg = config.services.flood; let cfg = config.services.flood;
in in {
{
options.services.flood = { options.services.flood = {
enable = mkEnableOption "flood"; enable = mkEnableOption "flood";
@ -111,9 +110,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
# Create group if set to default # Create group if set to default
users.groups = mkIf (cfg.group == "rtorrent") { users.groups = mkIf (cfg.group == "rtorrent") { rtorrent = { }; };
rtorrent = { };
};
# Create user if set to default # Create user if set to default
users.users = mkIf (cfg.user == "flood") { users.users = mkIf (cfg.user == "flood") {
@ -140,7 +137,12 @@ in
Type = "simple"; Type = "simple";
Restart = "on-failure"; Restart = "on-failure";
WorkingDirectory = cfg.dataDir; WorkingDirectory = cfg.dataDir;
ExecStart = "${cfg.package}/bin/flood --baseuri ${cfg.baseURI} --rundir ${cfg.dataDir} --host ${cfg.host} --port ${toString cfg.port} ${if cfg.ssl then "--ssl" else ""} --auth ${cfg.authMode} --rtsocket ${cfg.rpcSocket} --allowedpath ${cfg.downloadDir}"; ExecStart =
"${cfg.package}/bin/flood --baseuri ${cfg.baseURI} --rundir ${cfg.dataDir} --host ${cfg.host} --port ${
toString cfg.port
} ${
if cfg.ssl then "--ssl" else ""
} --auth ${cfg.authMode} --rtsocket ${cfg.rpcSocket} --allowedpath ${cfg.downloadDir}";
}; };
}; };

33
common/services/unpackerr.nix
View file

@ -57,8 +57,7 @@ let
''; '';
}; };
}; };
in in {
{
options.services.unpackerr = { options.services.unpackerr = {
enable = mkEnableOption "unpackerr"; enable = mkEnableOption "unpackerr";
@ -151,13 +150,25 @@ in
''; '';
}; };
sonarr = mkStarrOptions { name = "Sonarr"; url = "http://localhost:8989"; }; sonarr = mkStarrOptions {
name = "Sonarr";
url = "http://localhost:8989";
};
radarr = mkStarrOptions { name = "Radarr"; url = "http://localhost:7878"; }; radarr = mkStarrOptions {
name = "Radarr";
url = "http://localhost:7878";
};
lidarr = mkStarrOptions { name = "Lidarr"; url = "http://localhost:8686"; }; lidarr = mkStarrOptions {
name = "Lidarr";
url = "http://localhost:8686";
};
readarr = mkStarrOptions { name = "Readarr"; url = "http://localhost:8787"; }; readarr = mkStarrOptions {
name = "Readarr";
url = "http://localhost:8787";
};
folder = { folder = {
path = mkOption { path = mkOption {
@ -207,21 +218,17 @@ in
extraConfig = mkOption { extraConfig = mkOption {
type = types.attrs; type = types.attrs;
default = {}; default = { };
description = '' description = ''
Extra environment variables Extra environment variables
''; '';
example = { example = { UN_WEBHOOK_0_URL = "http://example.com"; };
UN_WEBHOOK_0_URL = "http://example.com";
};
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
# Create group if set to default # Create group if set to default
users.groups = mkIf (cfg.group == "unpackerr") { users.groups = mkIf (cfg.group == "unpackerr") { unpackerr = { }; };
unpackerr = { };
};
# Create user if set to default # Create user if set to default
users.users = mkIf (cfg.user == "unpackerr") { users.users = mkIf (cfg.user == "unpackerr") {

13
common/services/vmagent.nix
View file

@ -1,8 +1,7 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
with lib; with lib;
let cfg = config.services.vmagent; let cfg = config.services.vmagent;
in in {
{
options.services.vmagent = { options.services.vmagent = {
enable = mkEnableOption "vmagent"; enable = mkEnableOption "vmagent";
@ -74,9 +73,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
# Create group if set to default # Create group if set to default
users.groups = mkIf (cfg.group == "vmagent") { users.groups = mkIf (cfg.group == "vmagent") { vmagent = { }; };
vmagent = { };
};
# Create user if set to default # Create user if set to default
users.users = mkIf (cfg.user == "vmagent") { users.users = mkIf (cfg.user == "vmagent") {
@ -93,8 +90,7 @@ in
networking.firewall.allowedTCPPorts = mkIf (cfg.openFirewall) [ 8429 ]; networking.firewall.allowedTCPPorts = mkIf (cfg.openFirewall) [ 8429 ];
# The actual service # The actual service
systemd.services.vmagent = let systemd.services.vmagent = let prometheusConfig = pkgs.writeText "prometheus.yml" cfg.prometheusConfig;
prometheusConfig = pkgs.writeText "prometheus.yml" cfg.prometheusConfig;
in { in {
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
after = [ "network.target" ]; after = [ "network.target" ];
@ -105,7 +101,8 @@ in
Type = "simple"; Type = "simple";
Restart = "on-failure"; Restart = "on-failure";
WorkingDirectory = cfg.dataDir; WorkingDirectory = cfg.dataDir;
ExecStart = "${cfg.package}/bin/vmagent -remoteWrite.url=${cfg.remoteWriteUrl} -promscrape.config=${prometheusConfig}"; ExecStart =
"${cfg.package}/bin/vmagent -remoteWrite.url=${cfg.remoteWriteUrl} -promscrape.config=${prometheusConfig}";
}; };
}; };

10
common/users/default.nix
View file

@ -55,13 +55,5 @@
}; };
# Setup packages available everywhere # Setup packages available everywhere
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ fzf git htop rsync ripgrep vim zoxide ];
fzf
git
htop
rsync
ripgrep
vim
zoxide
];
} }

6
flake.lock
View file

@ -54,11 +54,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1634638999, "lastModified": 1635141467,
"narHash": "sha256-4TWC/3iXsMqTDUu2MJSaCn4xGJpBnlDR+/SL/Aaz2XU=", "narHash": "sha256-H+TVE6tBSm4nAepm7HRfW7AcrndI5e4+TJwCQo4/z+s=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "a323570a264da96a0b0bcc1c9aa017794acdc752", "rev": "38d21595b8fb0a744aa31c5794013bf42cf98fa9",
"type": "github" "type": "github"
}, },
"original": { "original": {

18
hosts/bastion/configuration.nix
View file

@ -5,14 +5,13 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = imports = [
[ # Include the results of the hardware scan.
# Include the results of the hardware scan. ./hardware-configuration.nix
./hardware-configuration.nix # Import common config
# Import common config ../../common/generic-vm.nix
../../common/generic-vm.nix ../../common
../../common ];
];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
@ -36,13 +35,14 @@
kubectl kubectl
kubectx kubectx
nodejs-14_x nodejs-14_x
nixfmt
ripgrep ripgrep
rsync rsync
tmux tmux
vault vault
vim vim
]; ];
#
programs.gnupg.agent = { programs.gnupg.agent = {
enable = true; enable = true;
pinentryFlavor = "curses"; pinentryFlavor = "curses";

17
hosts/bastion/hardware-configuration.nix
View file

@ -4,23 +4,18 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
{ {
imports = imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
[
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/e8427097-8545-4924-b033-2659fcf9adca";
device = "/dev/disk/by-uuid/e8427097-8545-4924-b033-2659fcf9adca"; fsType = "ext4";
fsType = "ext4"; };
};
swapDevices = swapDevices = [{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }];
[{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }];
} }

23
hosts/k3s/configuration.nix
View file

@ -1,13 +1,11 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }: {
{ imports = [
imports = # Include the results of the hardware scan.
[ ./hardware-configuration.nix
# Include the results of the hardware scan. # Import common config
./hardware-configuration.nix ../../common/generic-vm.nix
# Import common config ../../common
../../common/generic-vm.nix ];
../../common
];
# Use the GRUB 2 boot loader. # Use the GRUB 2 boot loader.
boot.loader.grub.enable = true; boot.loader.grub.enable = true;
@ -25,10 +23,7 @@
system.stateVersion = "21.05"; # Did you read the comment? system.stateVersion = "21.05"; # Did you read the comment?
# Additional packages # Additional packages
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [ iptables vim ];
iptables
vim
];
# Disable the firewall as we need all the ports # Disable the firewall as we need all the ports
networking.firewall.enable = false; networking.firewall.enable = false;

17
hosts/k3s/hardware-configuration.nix
View file

@ -4,23 +4,18 @@
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
{ {
imports = imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
[
(modulesPath + "/profiles/qemu-guest.nix")
];
boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ]; boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "virtio_pci" "virtio_scsi" "sd_mod" "sr_mod" ];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ ]; boot.kernelModules = [ ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
fileSystems."/" = fileSystems."/" = {
{ device = "/dev/disk/by-uuid/e8427097-8545-4924-b033-2659fcf9adca";
device = "/dev/disk/by-uuid/e8427097-8545-4924-b033-2659fcf9adca"; fsType = "ext4";
fsType = "ext4"; };
};
swapDevices = swapDevices = [{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }];
[{ device = "/dev/disk/by-uuid/63d90b92-cdde-4795-a3ab-9566ae88f43d"; }];
} }

51
hosts/mosquitto/configuration.nix
View file

@ -3,14 +3,13 @@
# and in the NixOS manual (accessible by running nixos-help). # and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }: { config, pkgs, ... }:
let mosquittoPort = 1883;
{ in {
imports = imports = [
[ # Import common config
# Import common config ../../common/generic-lxc.nix
../../common/generic-lxc.nix ../../common
../../common ];
];
networking.hostName = "mosquitto"; networking.hostName = "mosquitto";
@ -23,24 +22,22 @@
system.stateVersion = "21.05"; # Did you read the comment? system.stateVersion = "21.05"; # Did you read the comment?
# Additional packages # Additional packages
environment.systemPackages = with pkgs; []; environment.systemPackages = with pkgs; [ ];
services.mosquitto = { services.mosquitto = {
users = {
victor = {
acl = ["topic readwrite #"];
};
zigbee2mqtt = {
acl = ["topic readwrite #"];
};
};
enable = true; enable = true;
port = 1883; listeners = [{
host = "0.0.0.0"; port = 1883;
settings.allow_anonymous = true;
allowAnonymous = true; acl = [ "topic readwrite #" ];
aclExtraConf = "topic readwrite #"; users = {
victor = { acl = [ "readwrite #" ]; };
zigbee2mqtt = { acl = [ "readwrite #" ]; };
};
}];
}; };
services.zigbee2mqtt = { services.zigbee2mqtt = {
@ -50,17 +47,17 @@
homeassistant = true; homeassistant = true;
permit_join = true; permit_join = true;
serial = { serial = { port = "/dev/ttyUSB0"; };
port = "/dev/ttyUSB0";
};
mqtt = { mqtt = {
base_topic = "zigbee2mqtt"; base_topic = "zigbee2mqtt";
server = "mqtt://localhost:${toString config.services.mosquitto.port}"; server = "mqtt://localhost:${toString mosquittoPort}";
user = "zigbee2mqtt"; user = "zigbee2mqtt";
}; };
frontend = { port = 8080; };
}; };
}; };
networking.firewall.allowedTCPPorts = [ config.services.mosquitto.port ]; networking.firewall.allowedTCPPorts = [ mosquittoPort config.services.zigbee2mqtt.settings.frontend.port ];
} }

23
hosts/nginx/configuration.nix
View file

@ -5,13 +5,11 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = imports = [
[ # Import common config
# Import common config ../../common/generic-lxc.nix
../../common/generic-lxc.nix ../../common
../../common ];
];
networking.hostName = "nginx"; networking.hostName = "nginx";
@ -24,7 +22,7 @@
system.stateVersion = "21.05"; # Did you read the comment? system.stateVersion = "21.05"; # Did you read the comment?
# Additional packages # Additional packages
environment.systemPackages = with pkgs; []; environment.systemPackages = with pkgs; [ ];
networking.firewall.allowedTCPPorts = [ 80 443 ]; networking.firewall.allowedTCPPorts = [ 80 443 ];
@ -41,6 +39,15 @@
proxyWebsockets = true; proxyWebsockets = true;
}; };
}; };
virtualHosts."zookeeper.0x76.dev" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://10.42.43.28:8085/";
proxyWebsockets = true;
};
};
}; };
security.acme.email = "victorheld12@gmail.com"; security.acme.email = "victorheld12@gmail.com";

14
hosts/vault/configuration.nix
View file

@ -5,13 +5,11 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = imports = [
[ # Import common config
# Import common config ../../common/generic-lxc.nix
../../common/generic-lxc.nix ../../common
../../common ];
];
networking.hostName = "vault"; networking.hostName = "vault";
@ -24,7 +22,7 @@
system.stateVersion = "21.05"; # Did you read the comment? system.stateVersion = "21.05"; # Did you read the comment?
# Additional packages # Additional packages
environment.systemPackages = with pkgs; []; environment.systemPackages = with pkgs; [ ];
# Vault # Vault
networking.firewall.allowedTCPPorts = [ 8200 ]; networking.firewall.allowedTCPPorts = [ 8200 ];