Noratrieb/vps
1
0
Fork 0
mirror of https://github.com/Noratrieb/vps.git synced 2026-01-14 08:45:02 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

cook

Browse source
This commit is contained in:
nora 2025-08-07 19:54:43 +02:00
parent 9856757b52
commit 1e4973049f
9 changed files with 58 additions and 218 deletions
Download patch file Download diff file Expand all files Collapse all files

4
nix/apps/hugo-chat/default.nix
View file

@ -5,7 +5,7 @@ let
"https://github.com/C0RR1T/HugoChat/releases/download/2024-08-05/HugoServer.jar";
hash = "sha256-hCe2UPqrSR6u3/UxsURI2KzRxN5saeTteCRq5Zfay4M=";
};
hugo-chat-client = fetchTarball {
hugo-chat-client = pkgs.fetchzip {
url =
"https://github.com/C0RR1T/HugoChat/releases/download/2024-08-05/hugo-client.tar.xz";
sha256 = "sha256:121ai8q6bm7gp0pl1ajfk0k2nrfg05zid61i20z0j5gpb2qyhsib";
@ -36,7 +36,7 @@ in
environment = {
PGDATA = "/var/lib/postgresql/data/pgdata";
};
extraOptions = [ "--network=hugo-chat" ];
extraOptions = [ "--cgroup-manager=cgroupfs" "--cgroup-parent=/system.slice/podman-hugo-chat-db.service" ];
environmentFiles = [ config.age.secrets.hugochat_db_password.path ];
};
};

4
nix/apps/openolat/default.nix
View file

@ -24,7 +24,7 @@ in
OLAT_HOST = "olat.noratrieb.dev";
};
environmentFiles = [ config.age.secrets.openolat_db_password.path ];
extraOptions = [ "--network=openolat" ];
extraOptions = [ "--network=openolat" "--cgroup-manager=cgroupfs" "--cgroup-parent=/system.slice/podman-openolat.service" ];
dependsOn = [ "openolat-db" ];
login = dockerLogin;
@ -39,7 +39,7 @@ in
# POSTGRES_PASSWORD = from openolat_db_password
PGDATA = "/var/lib/postgresql/data/pgdata";
};
extraOptions = [ "--network=openolat" ];
extraOptions = [ "--network=openolat" "--cgroup-manager=cgroupfs" "--cgroup-parent=/system.slice/podman-openolat-db.service" ];
environmentFiles = [ config.age.secrets.openolat_db_password.path ];
};
};

116
nix/modules/caddy/caddy-build.nix
View file

@ -1,116 +0,0 @@
# Copied from https://github.com/NixOS/nixpkgs/pull/259275 and updated.
{ lib
, buildGoModule
, fetchFromGitHub
, gnused
, nixosTests
, caddy
, stdenv
, testers
, installShellFiles
, externalPlugins ? [ ]
, vendorHash ? "sha256-1Api8bBZJ1/oYk4ZGIiwWCSraLzK9L+hsKXkFtk6iVM="
}:
let
attrsToModules = attrs:
builtins.map ({ name, repo, version }: "${repo}") attrs;
attrsToSources = attrs:
builtins.map ({ name, repo, version }: "${repo}@${version}") attrs;
in
buildGoModule rec {
pname = "caddy";
version = "2.8.4";
dist = fetchFromGitHub {
owner = "caddyserver";
repo = "dist";
rev = "v${version}";
hash = "sha256-O4s7PhSUTXoNEIi+zYASx8AgClMC5rs7se863G6w+l0=";
};
src = fetchFromGitHub {
owner = "caddyserver";
repo = "caddy";
rev = "v${version}";
hash = "sha256-CBfyqtWp3gYsYwaIxbfXO3AYaBiM7LutLC7uZgYXfkQ=";
};
inherit vendorHash;
subPackages = [ "cmd/caddy" ];
ldflags = [
"-s"
"-w"
"-X github.com/caddyserver/caddy/v2.CustomVersion=${version}"
];
# matches upstream since v2.8.0
tags = [ "nobadger" ];
nativeBuildInputs = [ gnused installShellFiles ];
modBuildPhase = ''
for module in ${builtins.toString (attrsToModules externalPlugins)}; do
sed -i "/standard/a _ \"$module\"" ./cmd/caddy/main.go
done
for plugin in ${builtins.toString (attrsToSources externalPlugins)}; do
go get $plugin
done
go generate
go mod vendor
'';
modInstallPhase = ''
mv -t vendor go.mod go.sum
cp -r --reflink=auto vendor "$out"
'';
preBuild = ''
chmod -R u+w vendor
[ -f vendor/go.mod ] && mv -t . vendor/go.{mod,sum}
go generate
for module in ${builtins.toString (attrsToModules externalPlugins)}; do
sed -i "/standard/a _ \"$module\"" ./cmd/caddy/main.go
done
'';
postInstall = ''
install -Dm644 ${dist}/init/caddy.service ${dist}/init/caddy-api.service -t $out/lib/systemd/system
substituteInPlace $out/lib/systemd/system/caddy.service \
--replace-fail "/usr/bin/caddy" "$out/bin/caddy"
substituteInPlace $out/lib/systemd/system/caddy-api.service \
--replace-fail "/usr/bin/caddy" "$out/bin/caddy"
'' + lib.optionalString (stdenv.buildPlatform.canExecute stdenv.hostPlatform) ''
# Generating man pages and completions fail on cross-compilation
# https://github.com/NixOS/nixpkgs/issues/308283
$out/bin/caddy manpage --directory manpages
installManPage manpages/*
installShellCompletion --cmd caddy \
--bash <($out/bin/caddy completion bash) \
--fish <($out/bin/caddy completion fish) \
--zsh <($out/bin/caddy completion zsh)
'';
passthru.tests = {
inherit (nixosTests) caddy;
version = testers.testVersion {
command = "${caddy}/bin/caddy version";
package = caddy;
};
};
meta = with lib; {
homepage = "https://caddyserver.com";
description = "Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS";
license = licenses.asl20;
mainProgram = "caddy";
maintainers = with maintainers; [ Br1ght0ne emilylange techknowlogick ];
};
}

13
nix/modules/caddy/caddy-static-prepare/default.nix
View file

@ -1,13 +0,0 @@
{ pkgs, lib, name, src ? null, ... }: pkgs.stdenv.mkDerivation {
inherit name src;
buildInputs = with pkgs; [ python311 python311Packages.zstandard python311Packages.brotli ];
buildPhase = ''
mkdir -p $out
cp -r $src/* $out/
chmod -R +w $out
${lib.getExe pkgs.python311} ${./prepare.py} $out
chmod -R -w $out
'';
}

60
nix/modules/caddy/caddy-static-prepare/prepare.py
View file

@ -1,60 +0,0 @@
import os
import sys
import gzip
import brotli
import zstandard
import hashlib
def usage():
print("usage: prepare.py [SRC]")
def write_etag(path, content):
shasum = hashlib.sha256(content)
etag_path = path+".sha256"
with open(etag_path, "w") as f:
print(f"Writing ETag {etag_path}")
f.write(f'"{shasum.hexdigest()}"')
def main():
if len(sys.argv) < 2:
usage()
exit(1)
src_dir = sys.argv[1]
for root, dirs, files in os.walk(src_dir):
for file in files:
path = os.path.join(root, file)
# Ignore etags
if path.endswith(".sha256") or path.endswith(".b3sum"):
continue
# Ignore already compressed files
if path.endswith(".gz") or path.endswith(".zst") or path.endswith(".br"):
continue
with open(path, "rb") as f:
content = f.read()
compressions = [
(".gz", gzip),
(".zst", zstandard),
(".br", brotli),
]
for ext, alg in compressions:
new_path = path+ext
with open(new_path, "wb") as out:
print(f"Writing {new_path}")
compressed = alg.compress(content)
out.write(compressed)
write_etag(new_path, compressed)
write_etag(path, content)
if __name__ == "__main__":
main()

16
nix/modules/caddy/default.nix
View file

@ -1,15 +1,11 @@
{ pkgs, config, lib, name, ... }:
let
caddy = pkgs.callPackage ./caddy-build.nix {
externalPlugins = [
{
name = "certmagic-s3";
repo = "github.com/noratrieb-mirrors/certmagic-s3";
version = "e48519f95173e982767cbb881d49335b6a00a599";
}
caddy = pkgs.caddy.withPlugins {
plugins = [
"github.com/noratrieb-mirrors/certmagic-s3@v1.0.0"
];
vendorHash = "sha256-KP9bYitM/Pocw4DxOXPVBigWh4IykNf8yKJiBlTFZmI=";
hash = "sha256-O1SK13hacEkuSpWLhSdq+hu18Bi6+DqYUPu0lzBpvIE=";
};
in
{
@ -39,7 +35,7 @@ in
format json
'';
globalConfig = ''
email noratrieb@proton.me
email tls@noratrieb.dev
auto_https disable_redirects
storage s3 {
@ -73,7 +69,7 @@ in
extraConfig = ''
encode zstd gzip
header -Last-Modified
root * ${import ./caddy-static-prepare {
root * ${import ../../packages/caddy-static-prepare {
name = "debugging-page";
src = ./debugging-page;
inherit pkgs lib;

6
nix/modules/default/default.nix
View file

@ -11,7 +11,7 @@ in
};
imports = [
"${builtins.fetchTarball "https://github.com/ryantm/agenix/archive/de96bd907d5fbc3b14fc33ad37d1b9a3cb15edc6.tar.gz"}/modules/age.nix" # main 2024-07-26
"${builtins.fetchTarball "https://github.com/ryantm/agenix/archive/9edb1787864c4f59ae5074ad498b6272b3ec308d.tar.gz"}/modules/age.nix" # main 2025-08-07
];
nix = {
@ -129,9 +129,7 @@ in
disable = true;
};
clients = [
{
url = "http://loki.internal:3100/loki/api/v1/push";
}
{ url = "http://loki.internal:3100/loki/api/v1/push"; }
];
scrape_configs = [
{

53
nix/modules/prometheus/default.nix
View file

@ -8,42 +8,77 @@
{
job_name = "prometheus";
static_configs = [
{ targets = [ "localhost:9090" ]; }
{ targets = [ "localhost:9090" ]; labels = { server = "vps3"; }; }
];
}
{
job_name = "node";
static_configs = [{ targets = map (name: "${name}.local:9100") (builtins.attrNames networkingConfig); }];
static_configs = map
(name: {
targets = [ "${name}.local:9100" ];
labels = { server = name; };
})
(builtins.attrNames networkingConfig);
}
{
job_name = "cadvisor";
static_configs = [{ targets = map (name: "${name}.local:8080") (builtins.attrNames networkingConfig); }];
static_configs = map
(name: {
targets = [ "${name}.local:8080" ];
labels = { server = name; };
})
(builtins.attrNames networkingConfig);
}
{
job_name = "systemd";
static_configs = [{ targets = map (name: "${name}.local:9558") (builtins.attrNames networkingConfig); }];
static_configs = map
(name: {
targets = [ "${name}.local:9558" ];
labels = { server = name; };
})
(builtins.attrNames networkingConfig);
}
{
job_name = "caddy";
static_configs = [{ targets = map (name: "${name}.local:9010") (hostsWithTag "apps"); }];
static_configs = map
(name: {
targets = [ "${name}.local:9010" ];
labels = { server = name; };
})
(hostsWithTag "apps");
}
{
job_name = "docker-registry";
static_configs = [
{ targets = [ "vps1.local:9011" ]; }
{ targets = [ "vps1.local:9011" ]; labels = { server = "vps1"; }; }
];
}
{
job_name = "garage";
static_configs = [{ targets = map (name: "${name}.local:3903") (hostsWithTag "apps"); }];
static_configs = map
(name: {
targets = [ "${name}.local:3903" ];
labels = { server = name; };
})
(hostsWithTag "apps");
}
{
job_name = "knot";
static_configs = [{ targets = map (name: "${name}.local:9433") (hostsWithTag "dns"); }];
static_configs = map
(name: {
targets = [ "${name}.local:9433" ];
labels = { server = name; };
})
(hostsWithTag "dns");
}
{
job_name = "pretense";
static_configs = [{ targets = map (name: "${name}.local:9150") (builtins.attrNames networkingConfig); }];
static_configs = map
(name: {
targets = [ "${name}.local:9150" ];
labels = { server = name; };
})
(builtins.attrNames networkingConfig);
}
{
job_name = "std-internal-docs-status";

4
shell.nix
View file

@ -16,8 +16,8 @@
(pkgs.fetchFromGitHub {
owner = "ryantm";
repo = "agenix";
rev = "531beac616433bac6f9e2a19feb8e99a22a66baf";
hash = "sha256-9P1FziAwl5+3edkfFcr5HeGtQUtrSdk/MksX39GieoA=";
rev = "9edb1787864c4f59ae5074ad498b6272b3ec308d";
hash = "sha256-NA/FT2hVhKDftbHSwVnoRTFhes62+7dxZbxj5Gxvghs=";
})
{ }).agenix
];