TheWanderingCrow/CrOS
1
0
Fork 0
mirror of https://github.com/TheWanderingCrow/CrOS.git synced 2026-01-16 12:04:11 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor services

Browse source
This commit is contained in:
TheWanderingCrow 2025-01-23 15:05:53 -05:00
parent 3a8ce53a0b
commit 83817723bf
8 changed files with 323 additions and 258 deletions
Download patch file Download diff file Expand all files Collapse all files

3
modules/users/overseer/default.nix
View file

@ -5,7 +5,8 @@
}: {
imports = [
./user.nix
./setup.nix
./secrets.nix
./services.nix
./services
];
}

19
modules/users/overseer/secrets.nix
View file

@ -15,23 +15,4 @@ lib.mkIf config.user.overseer.enable {
# Restic secrets
sops.secrets."restic/url" = {};
sops.secrets."restic/key" = {};
# Homepage.dev secrets
sops.secrets."homepage/openmeteo/lat" = {};
sops.secrets."homepage/openmeteo/long" = {};
sops.templates."homepage-environment".content = ''
HOMEPAGE_VAR_LAT = ${config.sops.placeholder."homepage/openmeteo/lat"}
HOMEPAGE_VAR_LONG = ${config.sops.placeholder."homepage/openmeteo/long"}
'';
# Meilisearch secrets
sops.secrets."meilisearch/masterkey" = {};
sops.templates."meilisearch-environment".content = ''
MEILI_MASTER_KEY=${config.sops.placeholder."meilisearch/masterkey"}
'';
# Bar Assistant secrets
sops.templates."bar_assistant-env".content = ''
MEILISEARCH_KEY=${config.sops.placeholder."meilisearch/masterkey"}
'';
}

238
modules/users/overseer/services.nix
View file

@ -1,238 +0,0 @@
let
volumePath = "/overseer/services";
in
{
lib,
inputs,
config,
pkgs,
...
}:
lib.mkIf config.user.overseer.enable {
# Create the dirs we need
systemd.tmpfiles.rules = [
"d ${volumePath}"
"d ${volumePath}/bar-assistant 770 33 33"
"d ${volumePath}/meilisearch"
];
# (Arguably) Most Important Service - backups
services.restic.backups = {
homebox = {
user = "root";
timerConfig = {
OnCalendar = "hourly";
Persistent = true;
};
paths = [
"/var/lib/homebox/data"
];
repositoryFile = config.sops.secrets."restic/url".path;
passwordFile = config.sops.secrets."restic/key".path;
};
bar-assistant = {
user = "root";
timerConfig = {
OnCalendar = "daily";
Persistent = true;
};
paths = [
"${volumePath}/bar-assistant"
"${volumePath}/meilisearch"
];
repositoryFile = config.sops.secrets."restic/url".path;
passwordFile = config.sops.secrets."restic/key".path;
};
};
# These ports are needed for NGINX Proxy Manager
networking.firewall.allowedTCPPorts = [
443
80
];
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"homebox.wanderingcrow.net" = {
locations."/" = {
proxyPass = "http://localhost:7745";
proxyWebsockets = true;
};
};
"home.wanderingcrow.net" = {
locations."/" = {
extraConfig = ''
allow 192.168.0.0/16;
deny all;
'';
proxyPass = "http://localhost:8082";
proxyWebsockets = true;
};
};
"bar.wanderingcrow.net" = {
locations = {
"/" = {
proxyPass = "http://10.88.0.5:8080";
};
};
};
"api.bar.wanderingcrow.net" = {
locations = {
"/" = {
proxyPass = "http://10.88.0.4:8080";
};
};
};
"search.bar.wanderingcrow.net" = {
locations = {
"/" = {
proxyPass = "http://10.88.0.3:7700";
};
};
};
};
};
services = {
homebox = {
enable = true;
settings = {
HBOX_OPTIONS_ALLOW_REGISTRATION = "true";
};
};
homepage-dashboard = {
enable = true;
environmentFile = config.sops.templates."homepage-environment".path;
settings = {
theme = "dark";
};
widgets = [
{
search = {
provider = "duckduckgo";
target = "_blank";
};
}
{
openmeteo = {
timezone = "America/New_York";
units = "imperial";
cache = "5";
latitude = "{{HOMEPAGE_VAR_LAT}}";
longitude = "{{HOMEPAGE_VAR_LONG}}";
};
}
];
bookmarks = [
{
WCE = [
{
Homebox = [
{
icon = "http://homebox.wanderingcrow.net/favicon.svg";
href = "http://homebox.wanderingcrow.net";
}
];
}
];
}
{
"Day to Day" = [
{
Messages = [
{
icon = "google-messages.svg";
href = "https://messages.google.com/web";
}
];
}
{
YouTube = [
{
icon = "youtube.svg";
href = "https://youtube.com";
}
];
}
{
"Proton Mail" = [
{
icon = "proton-mail.svg";
href = "https://mail.proton.me";
}
];
}
{
Instagram = [
{
icon = "instagram.svg";
href = "https://instagram.com";
}
];
}
{
Aetolia = [
{
icon = "https://aetolia.com/wp-content/uploads/2020/04/favicon.ico";
href = "https://aetolia.com";
}
];
}
{
Amazon = [
{
icon = "amazon.svg";
href = "https://amazon.com";
}
];
}
];
}
];
};
};
virtualisation.oci-containers = {
backend = "podman";
containers = {
"meilisearch" = {
image = "getmeili/meilisearch:v1.8";
volumes = ["${volumePath}/meilisearch:/meili_data"];
extraOptions = [ "--ip=10.88.0.3" ];
environmentFiles = [config.sops.templates."meilisearch-environment".path];
environment = {
MEILI_ENV = "production";
MEILI_NO_ANALYTICS = "true";
};
};
"bar-assistant" = {
image = "barassistant/server:v4";
volumes = ["${volumePath}/bar-assistant:/var/www/cocktails/storage/bar-assistant"];
dependsOn = ["meilisearch"];
extraOptions = [ "--ip=10.88.0.4" ];
environmentFiles = [config.sops.templates."bar_assistant-env".path];
environment = {
APP_URL = "http://api.bar.wanderingcrow.net";
MEILISEARCH_HOST = "http://search.bar.wanderingcrow.net";
CACHE_DRIVER = "file";
SESSION_DRIVER = "file";
ALLOW_REGISTRATION = "true";
};
};
"salt-rim" = {
image = "barassistant/salt-rim:v3";
dependsOn = ["bar-assistant"];
extraOptions = [ "--ip=10.88.0.5" ];
ports = [ "3001:8080" ];
environment = {
API_URL = "http://api.bar.wanderingcrow.net";
MEILIESEARCH_URL = "http://search.bar.wanderingcrow.net";
};
};
};
};
}

118
modules/users/overseer/services/bar-assistant.nix Normal file
View file

@ -0,0 +1,118 @@
let
volumePath = "/overseer/services";
in
{
lib,
inputs,
config,
pkgs,
...
}:
lib.mkIf config.user.overseer.enable {
###########
# SECRETS #
###########
# Meilisearch secrets
sops.secrets."meilisearch/masterkey" = {};
sops.templates."meilisearch-environment".content = ''
MEILI_MASTER_KEY=${config.sops.placeholder."meilisearch/masterkey"}
'';
# Bar Assistant secrets
sops.templates."bar_assistant-env".content = ''
MEILISEARCH_KEY=${config.sops.placeholder."meilisearch/masterkey"}
'';
systemd.tmpfiles.rules = [
"d ${volumePath}/bar-assistant 770 33 33"
"d ${volumePath}/meilisearch"
];
###########
# Routing #
###########
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"bar.wanderingcrow.net" = {
locations ."/" = {
proxyPass = "http://10.88.0.5:8080";
};
};
"api.bar.wanderingcrow.net" = {
locations."/" = {
proxyPass = "http://10.88.0.4:8080";
};
};
"search.bar.wanderingcrow.net" = {
locations."/" = {
proxyPass = "http://10.88.0.3:7700";
};
};
};
};
##########
# Backup #
##########
services.restic.backups.bar-assistant = {
user = "root";
timerConfig = {
OnCalendar = "daily";
Persistent = true;
};
paths = [
"${volumePath}/bar-assistant"
"${volumePath}/meilisearch"
];
repositoryFile = config.sops.secrets."restic/url".path;
passwordFile = config.sops.secrets."restic/key".path;
};
###########
# Service #
###########
virtualisation.oci-containers = {
backend = "podman";
containers = {
"meilisearch" = {
image = "getmeili/meilisearch:v1.8";
volumes = ["${volumePath}/meilisearch:/meili_data"];
extraOptions = ["--ip=10.88.0.3"];
environmentFiles = [config.sops.templates."meilisearch-environment".path];
environment = {
MEILI_ENV = "production";
MEILI_NO_ANALYTICS = "true";
};
};
"bar-assistant" = {
image = "barassistant/server:v4";
volumes = ["${volumePath}/bar-assistant:/var/www/cocktails/storage/bar-assistant"];
dependsOn = ["meilisearch"];
extraOptions = ["--ip=10.88.0.4"];
environmentFiles = [config.sops.templates."bar_assistant-env".path];
environment = {
APP_URL = "http://api.bar.wanderingcrow.net";
MEILISEARCH_HOST = "http://search.bar.wanderingcrow.net";
CACHE_DRIVER = "file";
SESSION_DRIVER = "file";
ALLOW_REGISTRATION = "true";
};
};
"salt-rim" = {
image = "barassistant/salt-rim:v3";
dependsOn = ["bar-assistant"];
extraOptions = ["--ip=10.88.0.5"];
ports = ["3001:8080"];
environment = {
API_URL = "http://api.bar.wanderingcrow.net";
MEILIESEARCH_URL = "http://search.bar.wanderingcrow.net";
};
};
};
};
}

11
modules/users/overseer/services/default.nix Normal file
View file

@ -0,0 +1,11 @@
{
lib,
config,
...
}: {
imports = [
./bar-assistant.nix
./homebox.nix
./homepage.nix
];
}

41
modules/users/overseer/services/homebox.nix Normal file
View file

@ -0,0 +1,41 @@
{
lib,
inputs,
config,
pkgs,
...
}:
lib.mkIf config.user.overseer.enable {
services.restic.backups.homebox = {
user = "root";
timerConfig = {
OnCalendar = "hourly";
Persistent = true;
};
paths = [
"/var/lib/homebox/data"
];
repositoryFile = config.sops.secrets."restic/url".path;
passwordFile = config.sops.secrets."restic/key".path;
};
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"homebox.wanderingcrow.net" = {
locations."/" = {
proxyPass = "http://localhost:7745";
proxyWebsockets = true;
};
};
};
};
services.homebox = {
enable = true;
settings = {
HBOX_OPTIONS_ALLOW_REGISTRATION = "true";
};
};
}

126
modules/users/overseer/services/homepage.nix Normal file
View file

@ -0,0 +1,126 @@
{
lib,
inputs,
config,
pkgs,
...
}:
lib.mkIf config.user.overseer.enable {
# Homepage.dev secrets
sops.secrets."homepage/openmeteo/lat" = {};
sops.secrets."homepage/openmeteo/long" = {};
sops.templates."homepage-environment".content = ''
HOMEPAGE_VAR_LAT = ${config.sops.placeholder."homepage/openmeteo/lat"}
HOMEPAGE_VAR_LONG = ${config.sops.placeholder."homepage/openmeteo/long"}
'';
services.nginx = {
enable = true;
recommendedProxySettings = true;
virtualHosts = {
"home.wanderingcrow.net" = {
locations."/" = {
extraConfig = ''
allow 192.168.0.0/16;
deny all;
'';
proxyPass = "http://localhost:8082";
proxyWebsockets = true;
};
};
};
};
services = {
homepage-dashboard = {
enable = true;
environmentFile = config.sops.templates."homepage-environment".path;
settings = {
theme = "dark";
};
widgets = [
{
search = {
provider = "duckduckgo";
target = "_blank";
};
}
{
openmeteo = {
timezone = "America/New_York";
units = "imperial";
cache = "5";
latitude = "{{HOMEPAGE_VAR_LAT}}";
longitude = "{{HOMEPAGE_VAR_LONG}}";
};
}
];
bookmarks = [
{
WCE = [
{
Homebox = [
{
icon = "http://homebox.wanderingcrow.net/favicon.svg";
href = "http://homebox.wanderingcrow.net";
}
];
}
];
}
{
"Day to Day" = [
{
Messages = [
{
icon = "google-messages.svg";
href = "https://messages.google.com/web";
}
];
}
{
YouTube = [
{
icon = "youtube.svg";
href = "https://youtube.com";
}
];
}
{
"Proton Mail" = [
{
icon = "proton-mail.svg";
href = "https://mail.proton.me";
}
];
}
{
Instagram = [
{
icon = "instagram.svg";
href = "https://instagram.com";
}
];
}
{
Aetolia = [
{
icon = "https://aetolia.com/wp-content/uploads/2020/04/favicon.ico";
href = "https://aetolia.com";
}
];
}
{
Amazon = [
{
icon = "amazon.svg";
href = "https://amazon.com";
}
];
}
];
}
];
};
};
}

25
modules/users/overseer/setup.nix Normal file
View file

@ -0,0 +1,25 @@
let
volumePath = "/overseer/services";
in
{
lib,
inputs,
config,
pkgs,
...
}:
lib.mkIf config.user.overseer.enable {
# Base dir
systemd.tmpfiles.rules = [
"d ${volumePath}"
];
# NGINX Ports
networking.firewall.allowedTCPPorts = [
443
80
];
# Pin virtualisation backend to podman
virtualisation.oci-containers.backend = "podman";
}