From 83817723bf77cbacf9c73384383d054cd9ca538f Mon Sep 17 00:00:00 2001 From: TheWanderingCrow Date: Thu, 23 Jan 2025 15:05:53 -0500 Subject: [PATCH] refactor services --- modules/users/overseer/default.nix | 3 +- modules/users/overseer/secrets.nix | 19 -- modules/users/overseer/services.nix | 238 ------------------ .../users/overseer/services/bar-assistant.nix | 118 +++++++++ modules/users/overseer/services/default.nix | 11 + modules/users/overseer/services/homebox.nix | 41 +++ modules/users/overseer/services/homepage.nix | 126 ++++++++++ modules/users/overseer/setup.nix | 25 ++ 8 files changed, 323 insertions(+), 258 deletions(-) delete mode 100644 modules/users/overseer/services.nix create mode 100644 modules/users/overseer/services/bar-assistant.nix create mode 100644 modules/users/overseer/services/default.nix create mode 100644 modules/users/overseer/services/homebox.nix create mode 100644 modules/users/overseer/services/homepage.nix create mode 100644 modules/users/overseer/setup.nix diff --git a/modules/users/overseer/default.nix b/modules/users/overseer/default.nix index 1caeaef..2ae2dc3 100644 --- a/modules/users/overseer/default.nix +++ b/modules/users/overseer/default.nix @@ -5,7 +5,8 @@ }: { imports = [ ./user.nix + ./setup.nix ./secrets.nix - ./services.nix + ./services ]; } diff --git a/modules/users/overseer/secrets.nix b/modules/users/overseer/secrets.nix index 0dba2a4..5995322 100644 --- a/modules/users/overseer/secrets.nix +++ b/modules/users/overseer/secrets.nix @@ -15,23 +15,4 @@ lib.mkIf config.user.overseer.enable { # Restic secrets sops.secrets."restic/url" = {}; sops.secrets."restic/key" = {}; - - # Homepage.dev secrets - sops.secrets."homepage/openmeteo/lat" = {}; - sops.secrets."homepage/openmeteo/long" = {}; - sops.templates."homepage-environment".content = '' - HOMEPAGE_VAR_LAT = ${config.sops.placeholder."homepage/openmeteo/lat"} - HOMEPAGE_VAR_LONG = ${config.sops.placeholder."homepage/openmeteo/long"} - ''; - - # Meilisearch secrets - sops.secrets."meilisearch/masterkey" = {}; - sops.templates."meilisearch-environment".content = '' - MEILI_MASTER_KEY=${config.sops.placeholder."meilisearch/masterkey"} - ''; - - # Bar Assistant secrets - sops.templates."bar_assistant-env".content = '' - MEILISEARCH_KEY=${config.sops.placeholder."meilisearch/masterkey"} - ''; } diff --git a/modules/users/overseer/services.nix b/modules/users/overseer/services.nix deleted file mode 100644 index f97523a..0000000 --- a/modules/users/overseer/services.nix +++ /dev/null @@ -1,238 +0,0 @@ -let - volumePath = "/overseer/services"; -in - { - lib, - inputs, - config, - pkgs, - ... - }: - lib.mkIf config.user.overseer.enable { - - # Create the dirs we need - systemd.tmpfiles.rules = [ - "d ${volumePath}" - - "d ${volumePath}/bar-assistant 770 33 33" - "d ${volumePath}/meilisearch" - ]; - - # (Arguably) Most Important Service - backups - services.restic.backups = { - homebox = { - user = "root"; - timerConfig = { - OnCalendar = "hourly"; - Persistent = true; - }; - paths = [ - "/var/lib/homebox/data" - ]; - repositoryFile = config.sops.secrets."restic/url".path; - passwordFile = config.sops.secrets."restic/key".path; - }; - bar-assistant = { - user = "root"; - timerConfig = { - OnCalendar = "daily"; - Persistent = true; - }; - paths = [ - "${volumePath}/bar-assistant" - "${volumePath}/meilisearch" - ]; - repositoryFile = config.sops.secrets."restic/url".path; - passwordFile = config.sops.secrets."restic/key".path; - }; - }; - - # These ports are needed for NGINX Proxy Manager - networking.firewall.allowedTCPPorts = [ - 443 - 80 - ]; - - services.nginx = { - enable = true; - recommendedProxySettings = true; - virtualHosts = { - "homebox.wanderingcrow.net" = { - locations."/" = { - proxyPass = "http://localhost:7745"; - proxyWebsockets = true; - }; - }; - "home.wanderingcrow.net" = { - locations."/" = { - extraConfig = '' - allow 192.168.0.0/16; - deny all; - ''; - proxyPass = "http://localhost:8082"; - proxyWebsockets = true; - }; - }; - "bar.wanderingcrow.net" = { - locations = { - "/" = { - proxyPass = "http://10.88.0.5:8080"; - }; - }; - }; - "api.bar.wanderingcrow.net" = { - locations = { - "/" = { - proxyPass = "http://10.88.0.4:8080"; - }; - }; - }; - "search.bar.wanderingcrow.net" = { - locations = { - "/" = { - proxyPass = "http://10.88.0.3:7700"; - }; - }; - }; - }; - }; - - services = { - homebox = { - enable = true; - settings = { - HBOX_OPTIONS_ALLOW_REGISTRATION = "true"; - }; - }; - homepage-dashboard = { - enable = true; - environmentFile = config.sops.templates."homepage-environment".path; - settings = { - theme = "dark"; - }; - widgets = [ - { - search = { - provider = "duckduckgo"; - target = "_blank"; - }; - } - { - openmeteo = { - timezone = "America/New_York"; - units = "imperial"; - cache = "5"; - latitude = "{{HOMEPAGE_VAR_LAT}}"; - longitude = "{{HOMEPAGE_VAR_LONG}}"; - }; - } - ]; - bookmarks = [ - { - WCE = [ - { - Homebox = [ - { - icon = "http://homebox.wanderingcrow.net/favicon.svg"; - href = "http://homebox.wanderingcrow.net"; - } - ]; - } - ]; - } - { - "Day to Day" = [ - { - Messages = [ - { - icon = "google-messages.svg"; - href = "https://messages.google.com/web"; - } - ]; - } - { - YouTube = [ - { - icon = "youtube.svg"; - href = "https://youtube.com"; - } - ]; - } - { - "Proton Mail" = [ - { - icon = "proton-mail.svg"; - href = "https://mail.proton.me"; - } - ]; - } - { - Instagram = [ - { - icon = "instagram.svg"; - href = "https://instagram.com"; - } - ]; - } - { - Aetolia = [ - { - icon = "https://aetolia.com/wp-content/uploads/2020/04/favicon.ico"; - href = "https://aetolia.com"; - } - ]; - } - { - Amazon = [ - { - icon = "amazon.svg"; - href = "https://amazon.com"; - } - ]; - } - ]; - } - ]; - }; - }; - - virtualisation.oci-containers = { - backend = "podman"; - containers = { - "meilisearch" = { - image = "getmeili/meilisearch:v1.8"; - volumes = ["${volumePath}/meilisearch:/meili_data"]; - extraOptions = [ "--ip=10.88.0.3" ]; - environmentFiles = [config.sops.templates."meilisearch-environment".path]; - environment = { - MEILI_ENV = "production"; - MEILI_NO_ANALYTICS = "true"; - }; - }; - "bar-assistant" = { - image = "barassistant/server:v4"; - volumes = ["${volumePath}/bar-assistant:/var/www/cocktails/storage/bar-assistant"]; - dependsOn = ["meilisearch"]; - extraOptions = [ "--ip=10.88.0.4" ]; - environmentFiles = [config.sops.templates."bar_assistant-env".path]; - environment = { - APP_URL = "http://api.bar.wanderingcrow.net"; - MEILISEARCH_HOST = "http://search.bar.wanderingcrow.net"; - CACHE_DRIVER = "file"; - SESSION_DRIVER = "file"; - ALLOW_REGISTRATION = "true"; - }; - }; - "salt-rim" = { - image = "barassistant/salt-rim:v3"; - dependsOn = ["bar-assistant"]; - extraOptions = [ "--ip=10.88.0.5" ]; - ports = [ "3001:8080" ]; - environment = { - API_URL = "http://api.bar.wanderingcrow.net"; - MEILIESEARCH_URL = "http://search.bar.wanderingcrow.net"; - }; - }; - }; - }; - } diff --git a/modules/users/overseer/services/bar-assistant.nix b/modules/users/overseer/services/bar-assistant.nix new file mode 100644 index 0000000..ed2e9ce --- /dev/null +++ b/modules/users/overseer/services/bar-assistant.nix @@ -0,0 +1,118 @@ +let + volumePath = "/overseer/services"; +in + { + lib, + inputs, + config, + pkgs, + ... + }: + lib.mkIf config.user.overseer.enable { + ########### + # SECRETS # + ########### + + # Meilisearch secrets + sops.secrets."meilisearch/masterkey" = {}; + sops.templates."meilisearch-environment".content = '' + MEILI_MASTER_KEY=${config.sops.placeholder."meilisearch/masterkey"} + ''; + + # Bar Assistant secrets + sops.templates."bar_assistant-env".content = '' + MEILISEARCH_KEY=${config.sops.placeholder."meilisearch/masterkey"} + ''; + + systemd.tmpfiles.rules = [ + "d ${volumePath}/bar-assistant 770 33 33" + "d ${volumePath}/meilisearch" + ]; + + ########### + # Routing # + ########### + + services.nginx = { + enable = true; + recommendedProxySettings = true; + virtualHosts = { + "bar.wanderingcrow.net" = { + locations ."/" = { + proxyPass = "http://10.88.0.5:8080"; + }; + }; + "api.bar.wanderingcrow.net" = { + locations."/" = { + proxyPass = "http://10.88.0.4:8080"; + }; + }; + "search.bar.wanderingcrow.net" = { + locations."/" = { + proxyPass = "http://10.88.0.3:7700"; + }; + }; + }; + }; + + ########## + # Backup # + ########## + services.restic.backups.bar-assistant = { + user = "root"; + timerConfig = { + OnCalendar = "daily"; + Persistent = true; + }; + paths = [ + "${volumePath}/bar-assistant" + "${volumePath}/meilisearch" + ]; + repositoryFile = config.sops.secrets."restic/url".path; + passwordFile = config.sops.secrets."restic/key".path; + }; + + ########### + # Service # + ########### + + virtualisation.oci-containers = { + backend = "podman"; + containers = { + "meilisearch" = { + image = "getmeili/meilisearch:v1.8"; + volumes = ["${volumePath}/meilisearch:/meili_data"]; + extraOptions = ["--ip=10.88.0.3"]; + environmentFiles = [config.sops.templates."meilisearch-environment".path]; + environment = { + MEILI_ENV = "production"; + MEILI_NO_ANALYTICS = "true"; + }; + }; + "bar-assistant" = { + image = "barassistant/server:v4"; + volumes = ["${volumePath}/bar-assistant:/var/www/cocktails/storage/bar-assistant"]; + dependsOn = ["meilisearch"]; + extraOptions = ["--ip=10.88.0.4"]; + environmentFiles = [config.sops.templates."bar_assistant-env".path]; + environment = { + APP_URL = "http://api.bar.wanderingcrow.net"; + MEILISEARCH_HOST = "http://search.bar.wanderingcrow.net"; + CACHE_DRIVER = "file"; + SESSION_DRIVER = "file"; + ALLOW_REGISTRATION = "true"; + }; + }; + "salt-rim" = { + image = "barassistant/salt-rim:v3"; + dependsOn = ["bar-assistant"]; + extraOptions = ["--ip=10.88.0.5"]; + ports = ["3001:8080"]; + environment = { + API_URL = "http://api.bar.wanderingcrow.net"; + MEILIESEARCH_URL = "http://search.bar.wanderingcrow.net"; + }; + }; + }; + }; + } diff --git a/modules/users/overseer/services/default.nix b/modules/users/overseer/services/default.nix new file mode 100644 index 0000000..98beebb --- /dev/null +++ b/modules/users/overseer/services/default.nix @@ -0,0 +1,11 @@ +{ + lib, + config, + ... +}: { + imports = [ + ./bar-assistant.nix + ./homebox.nix + ./homepage.nix + ]; +} diff --git a/modules/users/overseer/services/homebox.nix b/modules/users/overseer/services/homebox.nix new file mode 100644 index 0000000..27fffd5 --- /dev/null +++ b/modules/users/overseer/services/homebox.nix @@ -0,0 +1,41 @@ +{ + lib, + inputs, + config, + pkgs, + ... +}: +lib.mkIf config.user.overseer.enable { + services.restic.backups.homebox = { + user = "root"; + timerConfig = { + OnCalendar = "hourly"; + Persistent = true; + }; + paths = [ + "/var/lib/homebox/data" + ]; + repositoryFile = config.sops.secrets."restic/url".path; + passwordFile = config.sops.secrets."restic/key".path; + }; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + virtualHosts = { + "homebox.wanderingcrow.net" = { + locations."/" = { + proxyPass = "http://localhost:7745"; + proxyWebsockets = true; + }; + }; + }; + }; + + services.homebox = { + enable = true; + settings = { + HBOX_OPTIONS_ALLOW_REGISTRATION = "true"; + }; + }; +} diff --git a/modules/users/overseer/services/homepage.nix b/modules/users/overseer/services/homepage.nix new file mode 100644 index 0000000..6c8dc99 --- /dev/null +++ b/modules/users/overseer/services/homepage.nix @@ -0,0 +1,126 @@ +{ + lib, + inputs, + config, + pkgs, + ... +}: +lib.mkIf config.user.overseer.enable { + # Homepage.dev secrets + sops.secrets."homepage/openmeteo/lat" = {}; + sops.secrets."homepage/openmeteo/long" = {}; + sops.templates."homepage-environment".content = '' + HOMEPAGE_VAR_LAT = ${config.sops.placeholder."homepage/openmeteo/lat"} + HOMEPAGE_VAR_LONG = ${config.sops.placeholder."homepage/openmeteo/long"} + ''; + + services.nginx = { + enable = true; + recommendedProxySettings = true; + virtualHosts = { + "home.wanderingcrow.net" = { + locations."/" = { + extraConfig = '' + allow 192.168.0.0/16; + deny all; + ''; + proxyPass = "http://localhost:8082"; + proxyWebsockets = true; + }; + }; + }; + }; + + services = { + homepage-dashboard = { + enable = true; + environmentFile = config.sops.templates."homepage-environment".path; + settings = { + theme = "dark"; + }; + widgets = [ + { + search = { + provider = "duckduckgo"; + target = "_blank"; + }; + } + { + openmeteo = { + timezone = "America/New_York"; + units = "imperial"; + cache = "5"; + latitude = "{{HOMEPAGE_VAR_LAT}}"; + longitude = "{{HOMEPAGE_VAR_LONG}}"; + }; + } + ]; + bookmarks = [ + { + WCE = [ + { + Homebox = [ + { + icon = "http://homebox.wanderingcrow.net/favicon.svg"; + href = "http://homebox.wanderingcrow.net"; + } + ]; + } + ]; + } + { + "Day to Day" = [ + { + Messages = [ + { + icon = "google-messages.svg"; + href = "https://messages.google.com/web"; + } + ]; + } + { + YouTube = [ + { + icon = "youtube.svg"; + href = "https://youtube.com"; + } + ]; + } + { + "Proton Mail" = [ + { + icon = "proton-mail.svg"; + href = "https://mail.proton.me"; + } + ]; + } + { + Instagram = [ + { + icon = "instagram.svg"; + href = "https://instagram.com"; + } + ]; + } + { + Aetolia = [ + { + icon = "https://aetolia.com/wp-content/uploads/2020/04/favicon.ico"; + href = "https://aetolia.com"; + } + ]; + } + { + Amazon = [ + { + icon = "amazon.svg"; + href = "https://amazon.com"; + } + ]; + } + ]; + } + ]; + }; + }; +} diff --git a/modules/users/overseer/setup.nix b/modules/users/overseer/setup.nix new file mode 100644 index 0000000..5eb25f9 --- /dev/null +++ b/modules/users/overseer/setup.nix @@ -0,0 +1,25 @@ +let + volumePath = "/overseer/services"; +in + { + lib, + inputs, + config, + pkgs, + ... + }: + lib.mkIf config.user.overseer.enable { + # Base dir + systemd.tmpfiles.rules = [ + "d ${volumePath}" + ]; + + # NGINX Ports + networking.firewall.allowedTCPPorts = [ + 443 + 80 + ]; + + # Pin virtualisation backend to podman + virtualisation.oci-containers.backend = "podman"; + }