SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-03-22 21:19:07 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Compare commits

base: SebastianStork:d59a644c367e675c71df86de9bfa4bb4f039d743
Branches Tags
SebastianStork:main
SebastianStork:dependabot/github_actions/cachix/cachix-action-17
SebastianStork:deploy
SebastianStork:deployed/srv-core
SebastianStork:deployed/vps-ns
SebastianStork:deployed/vps-www
SebastianStork:testing-srv-core
..
compare: SebastianStork:e2173bd8bc72fd41636e7a56f7ee789250049594
Branches Tags
SebastianStork:dependabot/github_actions/cachix/cachix-action-17
SebastianStork:deploy
SebastianStork:deployed/srv-core
SebastianStork:deployed/vps-ns
SebastianStork:deployed/vps-www
SebastianStork:main
SebastianStork:testing-srv-core

No commits in common. "d59a644c367e675c71df86de9bfa4bb4f039d743" and "e2173bd8bc72fd41636e7a56f7ee789250049594" have entirely different histories.
d59a644c36 ... e2173bd8bc

4 changed files with 331 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

0
external-hosts/fairphone/configuration.nix → external-hosts/fairphone/default.nix
View file

59
modules/nixos/web-services/freshrss.nix Normal file
View file

@ -0,0 +1,59 @@
{
config,
self,
lib,
...
}:
let
cfg = config.custom.web-services.freshrss;
inherit (config.services.freshrss) dataDir;
in
{
options.custom.web-services.freshrss = {
enable = lib.mkEnableOption "";
domain = lib.mkOption {
type = lib.types.nonEmptyStr;
default = "";
};
port = lib.mkOption {
type = lib.types.port;
default = 22055;
};
doBackups = lib.mkEnableOption "";
};
config = lib.mkIf cfg.enable {
assertions = lib.singleton {
assertion = self.lib.isPrivateDomain cfg.domain;
message = self.lib.mkUnprotectedMessage "FreshRSS";
};
services.freshrss = {
enable = true;
baseUrl = "https://${cfg.domain}";
webserver = "caddy";
virtualHost = ":${toString cfg.port}";
defaultUser = "seb";
authType = "none";
};
custom = {
services = {
caddy.virtualHosts.${cfg.domain}.port = cfg.port;
restic.backups.freshrss = lib.mkIf cfg.doBackups {
conflictingService = "freshrss-updater.service";
paths = [ dataDir ];
};
};
persistence.directories = [ dataDir ];
meta.sites.${cfg.domain} = {
title = "FreshRSS";
icon = "sh:freshrss";
};
};
};
}

220
modules/nixos/web-services/gatus.nix Normal file
View file

@ -0,0 +1,220 @@
{
config,
lib,
allHosts,
...
}:
let
cfg = config.custom.web-services.gatus;
dataDir = "/var/lib/gatus";
in
{
options.custom.web-services.gatus = {
enable = lib.mkEnableOption "";
domain = lib.mkOption {
type = lib.types.nonEmptyStr;
default = "";
};
port = lib.mkOption {
type = lib.types.port;
default = 8080;
};
alerts = {
enable = lib.mkEnableOption "";
ntfyUrl = lib.mkOption {
type = lib.types.nonEmptyStr;
default = "https://${config.custom.web-services.ntfy.domain}";
};
};
generateDefaultEndpoints = lib.mkEnableOption "";
endpoints = lib.mkOption {
type = lib.types.attrsOf (
lib.types.submodule (
{ name, ... }:
{
options = {
enable = lib.mkEnableOption "" // {
default = true;
};
name = lib.mkOption {
type = lib.types.nonEmptyStr;
default = name;
};
group = lib.mkOption {
type = lib.types.nonEmptyStr;
default = "";
};
protocol = lib.mkOption {
type = lib.types.nonEmptyStr;
default = "https";
};
domain = lib.mkOption {
type = lib.types.nonEmptyStr;
default = "";
};
path = lib.mkOption {
type = lib.types.str;
default = "";
};
interval = lib.mkOption {
type = lib.types.nonEmptyStr;
default = "30s";
};
extraConditions = lib.mkOption {
type = lib.types.listOf lib.types.nonEmptyStr;
default = [ ];
};
enableAlerts = lib.mkEnableOption "" // {
default = cfg.alerts.enable;
};
};
}
)
);
default = { };
};
};
config = lib.mkIf cfg.enable {
sops = lib.mkIf cfg.alerts.enable {
secrets."healthchecks/ping-key" = { };
templates."gatus.env" = {
content = "HEALTHCHECKS_PING_KEY=${config.sops.placeholder."healthchecks/ping-key"}";
owner = config.users.users.gatus.name;
restartUnits = [ "gatus.service" ];
};
};
users = {
users.gatus = {
isSystemUser = true;
group = config.users.groups.gatus.name;
};
groups.gatus = { };
};
systemd.services.gatus.serviceConfig = {
DynamicUser = lib.mkForce false;
ProtectSystem = "strict";
ProtectHome = "read-only";
PrivateTmp = true;
RemoveIPC = true;
};
services.gatus = {
enable = true;
environmentFile = lib.mkIf cfg.alerts.enable config.sops.templates."gatus.env".path;
settings = {
web = {
address = "localhost";
inherit (cfg) port;
};
storage = {
type = "sqlite";
path = "${dataDir}/data.db";
};
connectivity.checker.target = "1.1.1.1:53"; # Cloudflare DNS
alerting.ntfy = lib.mkIf cfg.alerts.enable {
topic = "uptime";
url = cfg.ntfyUrl;
click = "https://${cfg.domain}";
default-alert = {
enable = true;
failure-threshold = 8;
success-threshold = 4;
send-on-resolved = true;
};
overrides = lib.singleton {
group = config.networking.hostName;
topic = "splitleaf";
url = "https://ntfy.sh";
default-alert = {
failure-threshold = 4;
success-threshold = 2;
};
};
};
ui.default-sort-by = "group";
maintenance = {
start = "03:00";
duration = "1h";
timezone = "Europe/Berlin";
};
endpoints =
let
mkEndpoint = endpoint: {
inherit (endpoint) name group interval;
url = "${endpoint.protocol}://${endpoint.domain}${endpoint.path}";
alerts = lib.mkIf endpoint.enableAlerts [ { type = "ntfy"; } ];
ssh = lib.mkIf (endpoint.protocol == "ssh") {
username = "";
password = "";
};
conditions = lib.concatLists [
endpoint.extraConditions
(lib.optional (lib.elem endpoint.protocol [
"http"
"https"
]) "[STATUS] == 200")
(lib.optional (lib.elem endpoint.protocol [
"tcp"
"ssh"
"icmp"
]) "[CONNECTED] == true")
];
};
in
cfg.endpoints |> lib.attrValues |> lib.filter (endpoint: endpoint.enable) |> lib.map mkEndpoint;
};
};
systemd.services.gatus.environment.GATUS_DELAY_START_SECONDS = "5";
custom = {
web-services.gatus.endpoints =
let
defaultEndpoints =
allHosts
|> lib.mapAttrs (
_: host:
host.config.custom.services.caddy.virtualHosts |> lib.attrValues |> lib.map (vHost: vHost.domain)
)
|> lib.concatMapAttrs (
hostName: domains:
domains
|> lib.filter (domain: domain != cfg.domain)
|> lib.map (
domain:
lib.nameValuePair domain {
inherit domain;
group = hostName;
}
)
|> lib.listToAttrs
);
in
lib.mkIf cfg.generateDefaultEndpoints (
defaultEndpoints
// {
"healthchecks.io" = lib.mkIf cfg.alerts.enable {
group = "external";
domain = "hc-ping.com";
path = "/\${HEALTHCHECKS_PING_KEY}/${config.networking.hostName}-gatus-uptime?create=1";
interval = "2h";
};
}
);
services.caddy.virtualHosts.${cfg.domain}.port = cfg.port;
persistence.directories = [ dataDir ];
meta.sites.${cfg.domain} = {
title = "Gatus";
icon = "sh:gatus";
};
};
};
}

52
modules/nixos/web-services/stirling-pdf.nix Normal file
View file

@ -0,0 +1,52 @@
{ config, lib, ... }:
let
cfg = config.custom.web-services.stirling-pdf;
in
{
options.custom.web-services.stirling-pdf = {
enable = lib.mkEnableOption "";
domain = lib.mkOption {
type = lib.types.nonEmptyStr;
default = "";
};
port = lib.mkOption {
type = lib.types.port;
default = 56191;
};
branding = {
name = lib.mkOption {
type = lib.types.nonEmptyStr;
default = "Stirling PDF";
};
description = lib.mkOption {
type = lib.types.nonEmptyStr;
default = "Your locally hosted one-stop-shop for all your PDF needs.";
};
};
};
config = lib.mkIf cfg.enable {
services.stirling-pdf = {
enable = true;
environment = {
SERVER_ADDRESS = "127.0.0.1";
SERVER_PORT = cfg.port;
SYSTEM_ENABLEANALYTICS = "false";
LANGS = "de_DE";
UI_APPNAME = cfg.branding.name;
UI_APPNAVBARNAME = cfg.branding.name;
UI_HOMEDESCRIPTION = cfg.branding.description;
};
};
custom = {
services.caddy.virtualHosts.${cfg.domain}.port = cfg.port;
meta.sites.${cfg.domain} = {
title = "Stirling PDF";
icon = "sh:stirling-pdf";
};
};
};
}