From 075a5ff111a125eb2355783298964c53f17ca9eb Mon Sep 17 00:00:00 2001 From: TheWanderingCrow Date: Thu, 2 Jan 2025 09:26:08 -0500 Subject: [PATCH] add some overseer files --- modules/users/overseer/default.nix | 3 +- modules/users/overseer/podman.nix | 11 ----- modules/users/overseer/routing.nix | 23 ++++++++++ modules/users/overseer/services.nix | 71 +++++++++++++++++++++++++++++ 4 files changed, 96 insertions(+), 12 deletions(-) delete mode 100644 modules/users/overseer/podman.nix create mode 100644 modules/users/overseer/routing.nix create mode 100644 modules/users/overseer/services.nix diff --git a/modules/users/overseer/default.nix b/modules/users/overseer/default.nix index ae86a01..af550ff 100644 --- a/modules/users/overseer/default.nix +++ b/modules/users/overseer/default.nix @@ -5,6 +5,7 @@ }: { imports = [ ./user.nix - ./podman.nix + ./routing.nix + ./services.nix ]; } diff --git a/modules/users/overseer/podman.nix b/modules/users/overseer/podman.nix deleted file mode 100644 index f4b94b7..0000000 --- a/modules/users/overseer/podman.nix +++ /dev/null @@ -1,11 +0,0 @@ -{ - lib, - config, - ... -}: { - # virtualisation.oci-containers = { - # backend = "podman"; - # containers = { - # containers.grimoire = { - # -} diff --git a/modules/users/overseer/routing.nix b/modules/users/overseer/routing.nix new file mode 100644 index 0000000..f3b26d8 --- /dev/null +++ b/modules/users/overseer/routing.nix @@ -0,0 +1,23 @@ +let + primary = "wanderingcrow.net"; +in + { + lib, + config, + ... + }: { + services.nginx = { + enable = true; + enableReload = true; + + virtualHosts = { + "vault.${primary}" = { + locations = { + "/" = { + proxyPass = "http://localhost:8200"; + }; + }; + }; + }; + }; + } diff --git a/modules/users/overseer/services.nix b/modules/users/overseer/services.nix new file mode 100644 index 0000000..b375eae --- /dev/null +++ b/modules/users/overseer/services.nix @@ -0,0 +1,71 @@ +let + volumePath = "/overseer/services"; +in + { + lib, + config, + pkgs, + ... + }: { + # Create the dirs we need + systemd.tmpfiles.rules = [ + "d ${volumePath}" + "d ${volumePath}/vault/data 700 overseer overseer" # Vault says this needs to already exist upon boot + + "d ${volumePath}/paperless/data 700 overseer overseer" + "d ${volumePath}/paperless/media 700 overseer overseer" + ]; + + # (Arguably) Most Important Service - backups + services.restic.backups = { + vault = { + user = "root"; + timerConfig = { + OnCalendar = "hourly"; + Persistent = true; + }; + }; + }; + + # Vault Service + #services.vault = { + # enable = true; + # package = pkgs.vault-bin; + # storageBackend = "raft"; + # storagePath = "${volumePath}/vault/data"; + # address = "127.0.0.1:8200"; + # extraConfig = '' + # ui = true + # api_addr = "http://127.0.0.1:8200" + # cluster_addr = "http://127.0.0.1:8201" + # ''; + #}; + + # Paperless-ngx + #services.paperless = { + # enable = true; + # mediaDir = "${volumePath}/paperless/media"; + # dataDir = "${volumePath}/paperless/data"; + #}; + + # OCI services + virtualisation.podman.enable = true; + virtualisation.oci-containers.backend = "podman"; + + virtualisation.oci-containers.containers = { + ## NGINX Proxy Manager + NPM = { + image = "jc21/nginx-proxy-manager:latest"; + autoStart = true; + ports = [ + "80:80" + "443:443" + "81:81" + ]; + volumes = [ + "${volumePath}/NPM/data:/data" + "${volumePath}/NPM/letsencrypt:/etc/letsencrypt" + ]; + }; + }; + }