m3tam3re/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

+m3-atlas

Browse Source
This commit is contained in:
m3tam3re
2025-01-15 18:19:03 +01:00
parent 4f39502228
commit 38187bc92c
32 changed files with 593 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
hosts/m3-atlas/services/containers/baserow.nix Normal file
View File

@ -0,0 +1,26 @@
{config, ...}: {
virtualisation.oci-containers.containers."baserow" = {
image = "docker.io/baserow/baserow:1.30.1";
environmentFiles = [config.age.secrets.baserow-env.path];
ports = ["3001:80"];
volumes = ["baserow_data:/baserow/data"];
extraOptions = ["--add-host=postgres:10.89.0.1" "--ip=10.89.0.10" "--network=web"];
};
# Traefik configuration specific to baserow
services.traefik.dynamicConfigOptions.http = {
services.baserow.loadBalancer.servers = [
{
url = "http://localhost:3001/";
}
];
routers.baserow = {
rule = "Host(`br.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "baserow";
entrypoints = "websecure";
};
};
}

12
hosts/m3-atlas/services/containers/default.nix Normal file
View File

@ -0,0 +1,12 @@
{lib, ...}: {
imports = [
./baserow.nix
./ghost.nix
./littlelink.nix
];
system.activationScripts.createPodmanNetworkWeb = lib.mkAfter ''
if ! /run/current-system/sw/bin/podman network exists web; then
/run/current-system/sw/bin/podman network create web --subnet=10.89.0.0/24 --internal
fi
'';
}

26
hosts/m3-atlas/services/containers/ghost.nix Normal file
View File

@ -0,0 +1,26 @@
{config, ...}: {
virtualisation.oci-containers.containers."ghost" = {
image = "docker.io/ghost:5.89";
environmentFiles = [config.age.secrets.ghost-env.path];
ports = ["3002:2368"];
volumes = ["ghost_data:/var/lib/ghost/content"];
extraOptions = ["--add-host=mysql:10.89.0.1" "--ip=10.89.0.11" "--network=web"];
};
# Traefik configuration specific to ghost
services.traefik.dynamicConfigOptions.http = {
services.ghost.loadBalancer.servers = [
{
url = "http://localhost:3002/";
}
];
routers.ghost = {
rule = "Host(`www.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "ghost";
entrypoints = "websecure";
};
};
}

25
hosts/m3-atlas/services/containers/littlelink.nix Normal file
View File

@ -0,0 +1,25 @@
{config, ...}: {
virtualisation.oci-containers.containers."littlelink_m3tam3re" = {
image = "ghcr.io/techno-tim/littlelink-server";
environmentFiles = [config.age.secrets.littlelink-m3tam3re.path];
ports = ["3004:3000"];
extraOptions = ["--ip=10.89.0.12" "--network=web"];
};
# Traefik configuration specific to littlelink
services.traefik.dynamicConfigOptions.http = {
services.littlelink-m3tam3re.loadBalancer.servers = [
{
url = "http://localhost:3004/";
}
];
routers.littlelink-m3tam3re = {
rule = "Host(`links.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "littlelink-m3tam3re";
entrypoints = "websecure";
};
};
}

11
hosts/m3-atlas/services/default.nix Normal file
View File

@ -0,0 +1,11 @@
{
imports = [
./containers
./gitea.nix
./mysql.nix
./postgres.nix
./searx.nix
./traefik.nix
./wastebin.nix
];
}

33
hosts/m3-atlas/services/gitea.nix Normal file
View File

@ -0,0 +1,33 @@
{
services.gitea = {
enable = true;
settings = {
server.ROOT_URL = "https://code.m3tam3re.com";
service.DISABLE_REGISTRATION = true;
};
lfs.enable = true;
dump = {
enable = true;
type = "tar.gz";
interval = "03:30:00";
backupDir = "/var/backup/gitea";
};
};
# Traefik configuration specific to gitea
services.traefik.dynamicConfigOptions.http = {
services.gitea.loadBalancer.servers = [
{
url = "http://localhost:3000/";
}
];
routers.gitea = {
rule = "Host(`code.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "gitea";
entrypoints = "websecure";
};
};
}

23
hosts/m3-atlas/services/mysql.nix Normal file
View File

@ -0,0 +1,23 @@
{pkgs, ...}: {
services.mysql = {
enable = true;
package = pkgs.mysql84;
ensureDatabases = [
"ghost"
"matomo"
];
initialScript = pkgs.writeText "initial-script.sql" ''
CREATE USER 'ghost'@'10.89.%' IDENTIFIED BY 'ghost';
GRANT ALL PRIVILEGES ON ghost.* TO 'ghost'@'10.89.%';
CREATE USER 'matomo'@'10.89.%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON matomo.* TO 'matomo'@'10.89.%';
'';
};
services.mysqlBackup = {
enable = true;
calendar = "03:00:00";
databases = ["ghost" "matomo"];
};
networking.firewall.allowedTCPPorts = [3306];
}

25
hosts/m3-atlas/services/postgres.nix Normal file
View File

@ -0,0 +1,25 @@
{pkgs, ...}: {
services.postgresql = {
enable = true;
enableTCPIP = true;
package = pkgs.postgresql_15;
authentication = pkgs.lib.mkOverride 10 ''
local all all trust
host all all 127.0.0.1/32 trust
host all all ::1/128 trust
host all all 10.89.0.0/16 trust
'';
initialScript = pkgs.writeText "backend-initScript" ''
CREATE USER baserow WITH ENCRYPTED PASSWORD 'baserow';
CREATE DATABASE baserow;
GRANT ALL PRIVILEGES ON DATABASE baserow TO baserow;
ALTER DATABASE baserow OWNER to baserow;
'';
};
services.postgresqlBackup = {
enable = true;
startAt = "03:10:00";
databases = ["baserow"];
};
networking.firewall.allowedTCPPorts = [5432];
}

28
hosts/m3-atlas/services/searx.nix Normal file
View File

@ -0,0 +1,28 @@
{pkgs, ...}: {
services.searx = {
enable = true;
package = pkgs.searxng;
settings = {
server.port = 3005;
server.secret_key = "@SEARX_SECRET_KEY@";
search.formats = ["html" "json"];
};
};
# Traefik configuration specific to searx
services.traefik.dynamicConfigOptions.http = {
services.searx.loadBalancer.servers = [
{
url = "http://localhost:3005/";
}
];
routers.searx = {
rule = "Host(`search.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "searx";
entrypoints = "websecure";
};
};
}

60
hosts/m3-atlas/services/traefik.nix Normal file
View File

@ -0,0 +1,60 @@
{config, ...}: {
services.traefik = {
enable = true;
staticConfigOptions = {
log = {level = "WARN";};
certificatesResolvers = {
godaddy = {
acme = {
email = "letsencrypt.org.btlc2@passmail.net";
storage = "/var/lib/traefik/acme.json";
caserver = "https://acme-v02.api.letsencrypt.org/directory";
dnsChallenge = {
provider = "godaddy";
};
};
};
};
api = {};
entryPoints = {
web = {
address = ":80";
http.redirections.entryPoint = {
to = "websecure";
scheme = "https";
};
};
websecure = {address = ":443";};
};
};
dynamicConfigOptions = {
http = {
middlewares = {
auth = {
basicAuth = {
users = ["m3tam3re:$apr1$1xqdta2b$DIVNvvp5iTUGNccJjguKh."];
};
};
};
routers = {
api = {
rule = "Host(`r.m3tam3re.com`)";
service = "api@internal";
middlewares = ["auth"];
entrypoints = ["websecure"];
tls = {
certResolver = "godaddy";
};
};
};
};
};
};
systemd.services.traefik.serviceConfig = {
EnvironmentFile = ["${config.age.secrets.traefik.path}"];
};
networking.firewall.allowedTCPPorts = [80 443];
}

27
hosts/m3-atlas/services/wastebin.nix Normal file
View File

@ -0,0 +1,27 @@
{
services.wastebin = {
enable = true;
settings = {
WASTEBIN_TITLE = "m3tam3re's wastebin";
WASTEBIN_BASE_URL = "https://bin.m3tam3re.com";
WASTEBIN_ADDRESS_PORT = "0.0.0.0:3003";
};
};
# Traefik configuration specific to wastebin
services.traefik.dynamicConfigOptions.http = {
services.wastebin.loadBalancer.servers = [
{
url = "http://localhost:3003/";
}
];
routers.wastebin = {
rule = "Host(`bin.m3tam3re.com`)";
tls = {
certResolver = "godaddy";
};
service = "wastebin";
entrypoints = "websecure";
};
};
}