From caac81e445c36bfdd63838fda73b7baae8cbeb84 Mon Sep 17 00:00:00 2001 From: Chaos Date: Tue, 1 Aug 2023 18:48:37 +0000 Subject: [PATCH] move container addresses to a data file, add journalctl-vaccum-all --- hosts/hetzner-vm/containers/music/music.nix | 5 +- hosts/hetzner-vm/containers/social/social.nix | 5 +- .../hetzner-vm/containers/storage/storage.nix | 6 ++- hosts/hetzner-vm/data/container-addresses.nix | 8 +++ hosts/hetzner-vm/hetzner-vm.nix | 17 ++++++- .../profiles/mpd-broadcast/broadcast.nix | 10 ---- .../profiles/mpd-broadcast/hosts/lappy.nix | 13 ----- .../mpd-broadcast/hosts/raspberry.nix | 14 ------ hosts/hetzner-vm/profiles/restic.nix | 5 +- profiles/nginx.nix | 49 ++++++++++++------- 10 files changed, 69 insertions(+), 63 deletions(-) create mode 100644 hosts/hetzner-vm/data/container-addresses.nix delete mode 100644 hosts/hetzner-vm/profiles/mpd-broadcast/broadcast.nix delete mode 100644 hosts/hetzner-vm/profiles/mpd-broadcast/hosts/lappy.nix delete mode 100644 hosts/hetzner-vm/profiles/mpd-broadcast/hosts/raspberry.nix diff --git a/hosts/hetzner-vm/containers/music/music.nix b/hosts/hetzner-vm/containers/music/music.nix index b59b6ee..b199191 100644 --- a/hosts/hetzner-vm/containers/music/music.nix +++ b/hosts/hetzner-vm/containers/music/music.nix @@ -5,8 +5,9 @@ config, ... }: let - hostIP = "192.168.100.10"; - containerIP = "192.168.100.13"; + container-addresses = import ../../data/container-addresses.nix {}; + hostIP = container-addresses.host; + containerIP = container-addresses.containers.music; # Using secrets from Host secrets = config.services.secrets.secrets; diff --git a/hosts/hetzner-vm/containers/social/social.nix b/hosts/hetzner-vm/containers/social/social.nix index 40f2f96..1044952 100644 --- a/hosts/hetzner-vm/containers/social/social.nix +++ b/hosts/hetzner-vm/containers/social/social.nix @@ -4,8 +4,9 @@ config, ... }: let - hostIP = "192.168.100.10"; - containerIP = "192.168.100.12"; + container-addresses = import ../../data/container-addresses.nix {}; + hostIP = container-addresses.host; + containerIP = container-addresses.containers.social; # Using secrets from Host secrets = config.services.secrets.secrets; diff --git a/hosts/hetzner-vm/containers/storage/storage.nix b/hosts/hetzner-vm/containers/storage/storage.nix index ab2e0f0..08571cd 100644 --- a/hosts/hetzner-vm/containers/storage/storage.nix +++ b/hosts/hetzner-vm/containers/storage/storage.nix @@ -4,8 +4,10 @@ inputs, ... }: let - hostIP = "192.168.100.10"; - containerIP = "192.168.100.11"; + container-addresses = import ../../data/container-addresses.nix {}; + hostIP = container-addresses.host; + containerIP = container-addresses.containers.storage; + ports = import ./data/ports.nix {}; in { containers.storage = { diff --git a/hosts/hetzner-vm/data/container-addresses.nix b/hosts/hetzner-vm/data/container-addresses.nix new file mode 100644 index 0000000..f3b72e7 --- /dev/null +++ b/hosts/hetzner-vm/data/container-addresses.nix @@ -0,0 +1,8 @@ +{}: { + host = "192.168.100.10"; + containers = { + storage = "192.168.100.11"; + social = "192.168.100.12"; + music = "192.168.100.13"; + }; +} \ No newline at end of file diff --git a/hosts/hetzner-vm/hetzner-vm.nix b/hosts/hetzner-vm/hetzner-vm.nix index c8a8173..60c2c7d 100644 --- a/hosts/hetzner-vm/hetzner-vm.nix +++ b/hosts/hetzner-vm/hetzner-vm.nix @@ -1,4 +1,10 @@ -{tree, ...}: { +{ + tree, + lib, + pkgs, + config, + ... +}: { imports = with tree; [ users.root @@ -27,6 +33,15 @@ ./secrets.nix ]; + environment.systemPackages = with pkgs; [ + (pkgs.writeShellScriptBin "journalctl-vaccum-all" '' + journalctl --vacuum-size=100M + ${lib.concatStringsSep "\n" (lib.forEach (lib.attrNames config.containers) (name: '' + journalctl --vacuum-size=100M --root /var/lib/nixos-containers/${name} + ''))} + '') + ]; + # For Containers networking.nat = { enable = true; diff --git a/hosts/hetzner-vm/profiles/mpd-broadcast/broadcast.nix b/hosts/hetzner-vm/profiles/mpd-broadcast/broadcast.nix deleted file mode 100644 index d6537b4..0000000 --- a/hosts/hetzner-vm/profiles/mpd-broadcast/broadcast.nix +++ /dev/null @@ -1,10 +0,0 @@ -{tree, ...}: { - imports = with tree; - [ - # systemwide pulseaudio w/ recv native localhost - # to broadcast to all speakers over rtp - profiles.sound.pulseaudio.pulse-systemwide - profiles.sound.pulseaudio.pulse-recv-native-localhost - ] - ++ [./hosts/lappy.nix ./hosts/raspberry.nix]; -} diff --git a/hosts/hetzner-vm/profiles/mpd-broadcast/hosts/lappy.nix b/hosts/hetzner-vm/profiles/mpd-broadcast/hosts/lappy.nix deleted file mode 100644 index fcb7c08..0000000 --- a/hosts/hetzner-vm/profiles/mpd-broadcast/hosts/lappy.nix +++ /dev/null @@ -1,13 +0,0 @@ -{pkgs, ...}: let - #sink_name = "roc-lappy"; - description = "Lappy ROC Output"; - ip_addr = "100.115.10.34"; -in { - services.mpd.extraConfig = '' - audio_output { - type "pipe" - name "${description}" - command "${pkgs.roc-send-pcm}/bin/roc-send-pcm s16le 44.1k 2 ${ip_addr}" - } - ''; -} diff --git a/hosts/hetzner-vm/profiles/mpd-broadcast/hosts/raspberry.nix b/hosts/hetzner-vm/profiles/mpd-broadcast/hosts/raspberry.nix deleted file mode 100644 index 9020c8c..0000000 --- a/hosts/hetzner-vm/profiles/mpd-broadcast/hosts/raspberry.nix +++ /dev/null @@ -1,14 +0,0 @@ -{pkgs, ...}: let - #sink_name = "roc-raspberry"; - description = "Raspberry ROC Output"; - ip_addr = "100.118.202.64"; - #ip_addr = "100.115.10.34"; -in { - services.mpd.extraConfig = '' - audio_output { - type "pipe" - name "${description}" - command "${pkgs.roc-send-pcm}/bin/roc-send-pcm s16le 44.1k 2 ${ip_addr}" - } - ''; -} diff --git a/hosts/hetzner-vm/profiles/restic.nix b/hosts/hetzner-vm/profiles/restic.nix index fd66f3e..5356892 100644 --- a/hosts/hetzner-vm/profiles/restic.nix +++ b/hosts/hetzner-vm/profiles/restic.nix @@ -17,7 +17,9 @@ '') }/bin/backupPrepareCommand"; in { - environment.systemPackages = [ + environment.systemPackages = with pkgs; [ + restic + (pkgs.writeShellScriptBin "restic-hetzner-vm" '' env \ RESTIC_PASSWORD_FILE=${secrets.restic_password.path} \ @@ -30,6 +32,7 @@ in { user = "root"; paths = [ "/var/lib/acme" + # Quassel & Invidious "/var/backup/postgresql" "/home/quassel/.config/quassel-irc.org" diff --git a/profiles/nginx.nix b/profiles/nginx.nix index 7589d17..214718b 100644 --- a/profiles/nginx.nix +++ b/profiles/nginx.nix @@ -3,25 +3,38 @@ lib, ... }: { - options.services.nginx.virtualHosts = lib.mkOption { - type = lib.types.attrsOf (lib.types.submodule { - config.http3 = lib.mkDefault true; - }); + options = { + services.nginx.virtualHosts = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule { + config.http3 = lib.mkDefault true; + }); + }; }; - config.security.acme = { - defaults = {email = "chaoticryptidz@owo.monster";}; - acceptTerms = true; - }; - config.services.nginx = { - enable = true; - package = pkgs.nginxQuic; - recommendedGzipSettings = true; - recommendedOptimisation = true; - recommendedProxySettings = true; - recommendedTlsSettings = true; - commonHttpConfig = ""; - clientMaxBodySize = lib.mkDefault "512m"; - serverNamesHashBucketSize = 1024; + config = { + security.acme = { + defaults = {email = "chaoticryptidz@owo.monster";}; + acceptTerms = true; + }; + + services.nginx = { + enable = true; + package = pkgs.nginxQuic; + recommendedGzipSettings = true; + recommendedOptimisation = true; + recommendedProxySettings = true; + recommendedTlsSettings = true; + commonHttpConfig = ""; + clientMaxBodySize = lib.mkDefault "512m"; + serverNamesHashBucketSize = 1024; + }; + + services.logrotate.settings.nginx = { + minsize = "50M"; + rotate = "4"; # 4 files of 50mb each + compress = ""; + }; + + services.logrotate.settings.nginx.enable = true; }; }