move container addresses to a data file, add journalctl-vaccum-all

hosts/hetzner-vm/containers/music/music.nix

@@ -5,8 +5,9 @@
   config,
   ...
 }: let
-  hostIP = "192.168.100.10";
+  container-addresses = import ../../data/container-addresses.nix {};
-  containerIP = "192.168.100.13";
+  hostIP = container-addresses.host;
+  containerIP = container-addresses.containers.music;
 
   # Using secrets from Host
   secrets = config.services.secrets.secrets;

hosts/hetzner-vm/containers/social/social.nix

@@ -4,8 +4,9 @@
   config,
   ...
 }: let
-  hostIP = "192.168.100.10";
+  container-addresses = import ../../data/container-addresses.nix {};
-  containerIP = "192.168.100.12";
+  hostIP = container-addresses.host;
+  containerIP = container-addresses.containers.social;
 
   # Using secrets from Host
   secrets = config.services.secrets.secrets;

hosts/hetzner-vm/containers/storage/storage.nix

@@ -4,8 +4,10 @@
   inputs,
   ...
 }: let
-  hostIP = "192.168.100.10";
+  container-addresses = import ../../data/container-addresses.nix {};
-  containerIP = "192.168.100.11";
+  hostIP = container-addresses.host;
+  containerIP = container-addresses.containers.storage;
+
   ports = import ./data/ports.nix {};
 in {
   containers.storage = {

hosts/hetzner-vm/data/container-addresses.nix

@@ -0,0 +1,8 @@
+{}: {
+  host = "192.168.100.10";
+  containers = {
+    storage = "192.168.100.11";
+    social = "192.168.100.12";
+    music = "192.168.100.13";
+  };
+}

hosts/hetzner-vm/hetzner-vm.nix

@@ -1,4 +1,10 @@
-{tree, ...}: {
+{
+  tree,
+  lib,
+  pkgs,
+  config,
+  ...
+}: {
   imports = with tree; [
     users.root
 
@@ -27,6 +33,15 @@
     ./secrets.nix
   ];
 
+  environment.systemPackages = with pkgs; [
+    (pkgs.writeShellScriptBin "journalctl-vaccum-all" ''
+      journalctl --vacuum-size=100M
+      ${lib.concatStringsSep "\n" (lib.forEach (lib.attrNames config.containers) (name: ''
+        journalctl --vacuum-size=100M --root /var/lib/nixos-containers/${name}
+      ''))}
+    '')
+  ];
+
   # For Containers
   networking.nat = {
     enable = true;

hosts/hetzner-vm/profiles/mpd-broadcast/broadcast.nix

@@ -1,10 +0,0 @@
-{tree, ...}: {
-  imports = with tree;
-    [
-      # systemwide pulseaudio w/ recv native localhost
-      # to broadcast to all speakers over rtp
-      profiles.sound.pulseaudio.pulse-systemwide
-      profiles.sound.pulseaudio.pulse-recv-native-localhost
-    ]
-    ++ [./hosts/lappy.nix ./hosts/raspberry.nix];
-}

hosts/hetzner-vm/profiles/mpd-broadcast/hosts/lappy.nix

@@ -1,13 +0,0 @@
-{pkgs, ...}: let
-  #sink_name = "roc-lappy";
-  description = "Lappy ROC Output";
-  ip_addr = "100.115.10.34";
-in {
-  services.mpd.extraConfig = ''
-    audio_output {
-      type "pipe"
-      name "${description}"
-      command "${pkgs.roc-send-pcm}/bin/roc-send-pcm s16le 44.1k 2 ${ip_addr}"
-    }
-  '';
-}

hosts/hetzner-vm/profiles/mpd-broadcast/hosts/raspberry.nix

@@ -1,14 +0,0 @@
-{pkgs, ...}: let
-  #sink_name = "roc-raspberry";
-  description = "Raspberry ROC Output";
-  ip_addr = "100.118.202.64";
-  #ip_addr = "100.115.10.34";
-in {
-  services.mpd.extraConfig = ''
-    audio_output {
-      type "pipe"
-      name "${description}"
-      command "${pkgs.roc-send-pcm}/bin/roc-send-pcm s16le 44.1k 2 ${ip_addr}"
-    }
-  '';
-}

hosts/hetzner-vm/profiles/restic.nix

@@ -17,7 +17,9 @@
     '')
   }/bin/backupPrepareCommand";
 in {
-  environment.systemPackages = [
+  environment.systemPackages = with pkgs; [
+    restic
+
     (pkgs.writeShellScriptBin "restic-hetzner-vm" ''
       env \
         RESTIC_PASSWORD_FILE=${secrets.restic_password.path} \
@@ -30,6 +32,7 @@ in {
     user = "root";
     paths = [
       "/var/lib/acme"
+
       # Quassel & Invidious
       "/var/backup/postgresql"
       "/home/quassel/.config/quassel-irc.org"

profiles/nginx.nix

@@ -3,25 +3,38 @@
   lib,
   ...
 }: {
-  options.services.nginx.virtualHosts = lib.mkOption {
+  options = {
-    type = lib.types.attrsOf (lib.types.submodule {
+    services.nginx.virtualHosts = lib.mkOption {
-      config.http3 = lib.mkDefault true;
+      type = lib.types.attrsOf (lib.types.submodule {
-    });
+        config.http3 = lib.mkDefault true;
+      });
+    };
   };
 
-  config.security.acme = {
+  config = {
-    defaults = {email = "chaoticryptidz@owo.monster";};
+    security.acme = {
-    acceptTerms = true;
+      defaults = {email = "chaoticryptidz@owo.monster";};
-  };
+      acceptTerms = true;
-  config.services.nginx = {
+    };
-    enable = true;
+
-    package = pkgs.nginxQuic;
+    services.nginx = {
-    recommendedGzipSettings = true;
+      enable = true;
-    recommendedOptimisation = true;
+      package = pkgs.nginxQuic;
-    recommendedProxySettings = true;
+      recommendedGzipSettings = true;
-    recommendedTlsSettings = true;
+      recommendedOptimisation = true;
-    commonHttpConfig = "";
+      recommendedProxySettings = true;
-    clientMaxBodySize = lib.mkDefault "512m";
+      recommendedTlsSettings = true;
-    serverNamesHashBucketSize = 1024;
+      commonHttpConfig = "";
+      clientMaxBodySize = lib.mkDefault "512m";
+      serverNamesHashBucketSize = 1024;
+    };
+
+    services.logrotate.settings.nginx = {
+      minsize = "50M";
+      rotate = "4"; # 4 files of 50mb each
+      compress = "";
+    };
+
+    services.logrotate.settings.nginx.enable = true;
   };
 }