move container addresses to a data file, add journalctl-vaccum-all

2023-08-01 18:48:37 +00:00 · 2023-08-01 18:48:37 +00:00 · caac81e445
parent 846677068a
commit caac81e445
10 changed files with 69 additions and 63 deletions
--- a/hosts/hetzner-vm/containers/music/music.nix
+++ b/hosts/hetzner-vm/containers/music/music.nix
@ -5,8 +5,9 @@
  config,
  ...
 }: let
-  hostIP = "192.168.100.10";
-  containerIP = "192.168.100.13";
+  container-addresses = import ../../data/container-addresses.nix {};
+  hostIP = container-addresses.host;
+  containerIP = container-addresses.containers.music;

  # Using secrets from Host
  secrets = config.services.secrets.secrets;
--- a/hosts/hetzner-vm/containers/social/social.nix
+++ b/hosts/hetzner-vm/containers/social/social.nix
@ -4,8 +4,9 @@
  config,
  ...
 }: let
-  hostIP = "192.168.100.10";
-  containerIP = "192.168.100.12";
+  container-addresses = import ../../data/container-addresses.nix {};
+  hostIP = container-addresses.host;
+  containerIP = container-addresses.containers.social;

  # Using secrets from Host
  secrets = config.services.secrets.secrets;
--- a/hosts/hetzner-vm/containers/storage/storage.nix
+++ b/hosts/hetzner-vm/containers/storage/storage.nix
@ -4,8 +4,10 @@
  inputs,
  ...
 }: let
-  hostIP = "192.168.100.10";
-  containerIP = "192.168.100.11";
+  container-addresses = import ../../data/container-addresses.nix {};
+  hostIP = container-addresses.host;
+  containerIP = container-addresses.containers.storage;
+
  ports = import ./data/ports.nix {};
 in {
  containers.storage = {
--- a/hosts/hetzner-vm/data/container-addresses.nix
+++ b/hosts/hetzner-vm/data/container-addresses.nix
@ -0,0 +1,8 @@
+{}: {
+  host = "192.168.100.10";
+  containers = {
+    storage = "192.168.100.11";
+    social = "192.168.100.12";
+    music = "192.168.100.13";
+  };
+}
--- a/hosts/hetzner-vm/hetzner-vm.nix
+++ b/hosts/hetzner-vm/hetzner-vm.nix
@ -1,4 +1,10 @@
-{tree, ...}: {
+{
+  tree,
+  lib,
+  pkgs,
+  config,
+  ...
+}: {
  imports = with tree; [
    users.root

@ -27,6 +33,15 @@
    ./secrets.nix
  ];

+  environment.systemPackages = with pkgs; [
+    (pkgs.writeShellScriptBin "journalctl-vaccum-all" ''
+      journalctl --vacuum-size=100M
+      ${lib.concatStringsSep "\n" (lib.forEach (lib.attrNames config.containers) (name: ''
+        journalctl --vacuum-size=100M --root /var/lib/nixos-containers/${name}
+      ''))}
+    '')
+  ];
+
  # For Containers
  networking.nat = {
    enable = true;
--- a/hosts/hetzner-vm/profiles/mpd-broadcast/broadcast.nix
+++ b/hosts/hetzner-vm/profiles/mpd-broadcast/broadcast.nix
@ -1,10 +0,0 @@
-{tree, ...}: {
-  imports = with tree;
-    [
-      # systemwide pulseaudio w/ recv native localhost
-      # to broadcast to all speakers over rtp
-      profiles.sound.pulseaudio.pulse-systemwide
-      profiles.sound.pulseaudio.pulse-recv-native-localhost
-    ]
-    ++ [./hosts/lappy.nix ./hosts/raspberry.nix];
-}
--- a/hosts/hetzner-vm/profiles/mpd-broadcast/hosts/lappy.nix
+++ b/hosts/hetzner-vm/profiles/mpd-broadcast/hosts/lappy.nix
@ -1,13 +0,0 @@
-{pkgs, ...}: let
-  #sink_name = "roc-lappy";
-  description = "Lappy ROC Output";
-  ip_addr = "100.115.10.34";
-in {
-  services.mpd.extraConfig = ''
-    audio_output {
-      type "pipe"
-      name "${description}"
-      command "${pkgs.roc-send-pcm}/bin/roc-send-pcm s16le 44.1k 2 ${ip_addr}"
-    }
-  '';
-}
--- a/hosts/hetzner-vm/profiles/mpd-broadcast/hosts/raspberry.nix
+++ b/hosts/hetzner-vm/profiles/mpd-broadcast/hosts/raspberry.nix
@ -1,14 +0,0 @@
-{pkgs, ...}: let
-  #sink_name = "roc-raspberry";
-  description = "Raspberry ROC Output";
-  ip_addr = "100.118.202.64";
-  #ip_addr = "100.115.10.34";
-in {
-  services.mpd.extraConfig = ''
-    audio_output {
-      type "pipe"
-      name "${description}"
-      command "${pkgs.roc-send-pcm}/bin/roc-send-pcm s16le 44.1k 2 ${ip_addr}"
-    }
-  '';
-}
--- a/hosts/hetzner-vm/profiles/restic.nix
+++ b/hosts/hetzner-vm/profiles/restic.nix
@ -17,7 +17,9 @@
    '')
  }/bin/backupPrepareCommand";
 in {
-  environment.systemPackages = [
+  environment.systemPackages = with pkgs; [
+    restic
+
    (pkgs.writeShellScriptBin "restic-hetzner-vm" ''
      env \
        RESTIC_PASSWORD_FILE=${secrets.restic_password.path} \
@ -30,6 +32,7 @@ in {
    user = "root";
    paths = [
      "/var/lib/acme"
+
      # Quassel & Invidious
      "/var/backup/postgresql"
      "/home/quassel/.config/quassel-irc.org"
--- a/profiles/nginx.nix
+++ b/profiles/nginx.nix
@ -3,25 +3,38 @@
  lib,
  ...
 }: {
-  options.services.nginx.virtualHosts = lib.mkOption {
-    type = lib.types.attrsOf (lib.types.submodule {
-      config.http3 = lib.mkDefault true;
-    });
+  options = {
+    services.nginx.virtualHosts = lib.mkOption {
+      type = lib.types.attrsOf (lib.types.submodule {
+        config.http3 = lib.mkDefault true;
+      });
+    };
  };

-  config.security.acme = {
-    defaults = {email = "chaoticryptidz@owo.monster";};
-    acceptTerms = true;
-  };
-  config.services.nginx = {
-    enable = true;
-    package = pkgs.nginxQuic;
-    recommendedGzipSettings = true;
-    recommendedOptimisation = true;
-    recommendedProxySettings = true;
-    recommendedTlsSettings = true;
-    commonHttpConfig = "";
-    clientMaxBodySize = lib.mkDefault "512m";
-    serverNamesHashBucketSize = 1024;
+  config = {
+    security.acme = {
+      defaults = {email = "chaoticryptidz@owo.monster";};
+      acceptTerms = true;
+    };
+
+    services.nginx = {
+      enable = true;
+      package = pkgs.nginxQuic;
+      recommendedGzipSettings = true;
+      recommendedOptimisation = true;
+      recommendedProxySettings = true;
+      recommendedTlsSettings = true;
+      commonHttpConfig = "";
+      clientMaxBodySize = lib.mkDefault "512m";
+      serverNamesHashBucketSize = 1024;
+    };
+
+    services.logrotate.settings.nginx = {
+      minsize = "50M";
+      rotate = "4"; # 4 files of 50mb each
+      compress = "";
+    };
+
+    services.logrotate.settings.nginx.enable = true;
  };
 }