From 934ecb225542d979fb70c847a8b8b7703f4c1617 Mon Sep 17 00:00:00 2001 From: Crow Date: Fri, 12 Sep 2025 09:20:20 -0400 Subject: [PATCH] Maintnance * Nginx to caddy (#5) Convert all nginx instances to caddy instances, setup acme as well * matrix * proxy the unifi controller * matrix * remove unused services --- hosts/nixos/Dragneel/default.nix | 7 ++ hosts/nixos/HandlerOne/default.nix | 56 ------------- modules/services/bar-assistant/default.nix | 92 --------------------- modules/services/ferdium-server/default.nix | 57 ------------- modules/services/matrix/default.nix | 7 +- modules/services/umami/default.nix | 60 -------------- 6 files changed, 13 insertions(+), 266 deletions(-) delete mode 100644 modules/services/bar-assistant/default.nix delete mode 100644 modules/services/ferdium-server/default.nix delete mode 100644 modules/services/umami/default.nix diff --git a/hosts/nixos/Dragneel/default.nix b/hosts/nixos/Dragneel/default.nix index e4cd435..43c2475 100644 --- a/hosts/nixos/Dragneel/default.nix +++ b/hosts/nixos/Dragneel/default.nix @@ -80,4 +80,11 @@ unifiPackage = pkgs.unstable.unifi; mongodbPackage = pkgs.mongodb-7_0; }; + + services.caddy = { + enable = true; + virtualHosts."dragneel.local".extraConfig = '' + reverse_proxy localhost:8080 + ''; + }; } diff --git a/hosts/nixos/HandlerOne/default.nix b/hosts/nixos/HandlerOne/default.nix index 4705cd3..31196bd 100644 --- a/hosts/nixos/HandlerOne/default.nix +++ b/hosts/nixos/HandlerOne/default.nix @@ -41,7 +41,6 @@ # Hosted services "modules/services/the-nest" "modules/services/actualbudget" - "modules/services/bar-assistant" "modules/services/frigate" "modules/services/homebox" "modules/services/homepage" @@ -86,59 +85,4 @@ email = "infrastructure@wanderingcrow.net"; acmeCA = "https://acme-v02.api.letsencrypt.org/directory"; }; - - #FIXME(TODO) Migrate this into another file, probably a module - #sops = { - # secrets = { - # "aws/access_key" = {}; - # "aws/secret_key" = {}; - # "aws/region" = {}; - # }; - # templates = { - # "aws_shared_credentials".content = '' - # [default] - # aws_access_key_id=${config.sops.placeholder."aws/access_key"} - # aws_secret_access_key=${config.sops.placeholder."aws/secret_key"} - # ''; - # "aws_env".content = '' - # AWS_REGION=${config.sops.placeholder."aws/region"} - # ''; - # }; - #}; - - #security.acme = { - # acceptTerms = true; - # defaults = { - # email = "infrastructure@wanderingcrow.net"; - # group = config.services.caddy.group; - # dnsProvider = "route53"; - # credentialFiles = { - # "AWS_SHARED_CREDENTIALS_FILE" = config.sops.templates."aws_shared_credentials".path; - # }; - # environmentFile = config.sops.templates."aws_env".path; - # }; - # certs = { - # "wanderingcrow.net" = {}; - # "umami.wanderingcrow.net" = {}; - # "garage.wanderingcrow.net" = {}; - # "bar.wanderingcrow.net" = {}; - # "home.wanderingcrow.net" = {}; - # "homebox.wanderingcrow.net" = {}; - # "cache.wanderingcrow.net" = {}; - # "openhab.wanderingcrow.net" = {}; - # "frigate.wanderingcrow.net" = {}; - # "notes.wanderingcrow.net" = {}; - # "budget.wanderingcrow.net" = {}; - # "matrix.wanderingcrow.net" = {}; - # "ta.wanderingcrow.net" = {}; - # "chat.wanderingcrow.net" = {}; - # "netbox.wanderingcrow.net" = {}; - # "notify.wanderingcrow.net" = {}; - # "logs.wanderingcrow.net" = {}; - # "psychal.link" = {}; - # # Sites I host for someone else - # "swgalaxyproject.com" = {}; - # "nnsbluegrass.com" = {}; - # }; - #}; } diff --git a/modules/services/bar-assistant/default.nix b/modules/services/bar-assistant/default.nix deleted file mode 100644 index 6271d65..0000000 --- a/modules/services/bar-assistant/default.nix +++ /dev/null @@ -1,92 +0,0 @@ -let - volumePath = "/overseer/services"; -in - { - lib, - inputs, - config, - ... - }: { - ########### - # SECRETS # - ########### - - sops = { - # Meilisearch secrets - secrets."meilisearch/masterkey" = {}; - templates."meilisearch-environment".content = '' - MEILI_MASTER_KEY=${config.sops.placeholder."meilisearch/masterkey"} - ''; - - # Bar Assistant secrets - templates."bar_assistant-env".content = '' - MEILISEARCH_KEY=${config.sops.placeholder."meilisearch/masterkey"} - ''; - }; - - systemd.tmpfiles.rules = [ - "d ${volumePath}/bar-assistant 770 33 33" - "d ${volumePath}/meilisearch" - ]; - - ########### - # Routing # - ########### - - services.caddy = { - enable = true; - virtualHosts = { - "bar.wanderingcrow.net".extraConfig = '' - @block not remote_ip ${inputs.nix-secrets.network.primary.publicIP} private_ranges - abort @block - reverse_proxy /search/ http://10.88.0.3:7700 - reverse_proxy /api/ http://10.88.0.4:8080 - reverse_proxy http://10.88.0.5:8080 - ''; - }; - }; - - ########### - # Service # - ########### - - virtualisation.oci-containers = { - backend = "podman"; - containers = { - "meilisearch" = { - image = "getmeili/meilisearch:v1.8"; - volumes = ["${volumePath}/meilisearch:/meili_data"]; - extraOptions = ["--ip=10.88.0.3"]; - environmentFiles = [config.sops.templates."meilisearch-environment".path]; - environment = { - MEILI_ENV = "production"; - MEILI_NO_ANALYTICS = "true"; - }; - }; - "bar-assistant" = { - image = "barassistant/server:v4"; - volumes = ["${volumePath}/bar-assistant:/var/www/cocktails/storage/bar-assistant"]; - dependsOn = ["meilisearch"]; - extraOptions = ["--ip=10.88.0.4"]; - environmentFiles = [config.sops.templates."bar_assistant-env".path]; - environment = { - APP_URL = "https://bar.wanderingcrow.net/api"; - MEILISEARCH_HOST = "https://bar.wanderingcrow.net/search"; - CACHE_DRIVER = "file"; - SESSION_DRIVER = "file"; - ALLOW_REGISTRATION = "true"; - }; - }; - "salt-rim" = { - image = "barassistant/salt-rim:v3"; - dependsOn = ["bar-assistant"]; - extraOptions = ["--ip=10.88.0.5"]; - ports = ["3001:8080"]; - environment = { - API_URL = "https://bar.wanderingcrow.net/api"; - MEILIESEARCH_URL = "https://bar.wanderingcrow.net/search"; - }; - }; - }; - }; - } diff --git a/modules/services/ferdium-server/default.nix b/modules/services/ferdium-server/default.nix deleted file mode 100644 index 5cf21b1..0000000 --- a/modules/services/ferdium-server/default.nix +++ /dev/null @@ -1,57 +0,0 @@ -{ - lib, - config, - ... -}: let - volumePath = "/overseer/services"; -in { - systemd.tmpfiles.rules = [ - "d ${volumePath}/ferdium-server/data" - "d ${volumePath}/ferdium-server/app/recipes" - ]; - - services.caddy = { - enable = true; - virtualHosts."ferdium.wanderingcrow.net".extraConfig = '' - reverse_proxy http://10.88.0.13:3333 - ''; - }; - - virtualisation.oci-containers = { - backend = "podman"; - containers = { - "ferdium-api" = { - image = "ferdium/ferdium-server:latest"; - volumes = [ - "${volumePath}/ferdium-server/data:/data" - "${volumePath}/ferdium-server/app/recipes:/app/recipes" - ]; - extraOptions = ["--ip=10.88.0.13"]; - environment = { - NODE_ENV = "production"; - APP_URL = "ferdium.wanderingcrow.net"; - DB_CONNECTION = "sqlite"; - DB_HOST = "127.0.0.1"; - DB_PORT = "3306"; - DB_USER = "root"; - DB_PASSWORD = "password"; # Do I need to change this for sqlite I dont think so - DB_DATABASE = "ferdium"; - DB_SSL = "false"; - MAIL_CONNECTION = "smtp"; - SMTP_HOST = "127.0.0.1"; - SMTP_PORT = "2525"; - MAIL_SSL = "false"; - MAIL_USERNAME = "username"; - MAIL_PASSWORD = "password"; - MAIL_SENDER = "noreply@mail.wanderingcrow.net"; - IS_CREATION_ENABLED = "true"; - IS_DASHBOARD_ENABLED = "true"; - IS_REGISTRATION_ENABLED = "true"; - CONNECT_WITH_FRANZ = "false"; - DATA_DIR = "/data"; - JWT_USE_PEM = "true"; - }; - }; - }; - }; -} diff --git a/modules/services/matrix/default.nix b/modules/services/matrix/default.nix index 60f5b89..5c4809d 100644 --- a/modules/services/matrix/default.nix +++ b/modules/services/matrix/default.nix @@ -10,6 +10,7 @@ environment.systemPackages = [ pkgs.unstable.fluffychat-web + pkgs.unstable.element-web ]; sops.secrets."matrix/registration_token" = { @@ -46,10 +47,14 @@ "psychal.link, psychal.link:8448".extraConfig = '' reverse_proxy unix//run/tuwunel/tuwunel.sock ''; - "chat.psychal.link".extraConfig = '' + "fl.psychal.link".extraConfig = '' root * ${pkgs.unstable.fluffychat-web} file_server ''; + "em.psychal.link".extraConfig = '' + root * ${pkgs.unstable.element-web} + file_server + ''; }; }; } diff --git a/modules/services/umami/default.nix b/modules/services/umami/default.nix deleted file mode 100644 index e696840..0000000 --- a/modules/services/umami/default.nix +++ /dev/null @@ -1,60 +0,0 @@ -let - volumePath = "/overseer/services"; -in - { - lib, - config, - ... - }: { - systemd.tmpfiles.rules = [ - "d ${volumePath}/umami" - ]; - ########### - # Service # - ########### - - sops = { - secrets = { - "umami/secret" = {}; - "umami/db_url" = {}; - "umami/db_pass" = {}; - }; - templates."umami-env".content = '' - APP_SECRET=${config.sops.placeholder."umami/secret"} - DATABASE_TYPE=postgresql - DATABASE_URL=${config.sops.placeholder."umami/db_url"} - ''; - templates."umami-db".content = '' - POSTGRES_DB=umami - POSTGRES_USER=umami - POSTGRES_PASSWORD=${config.sops.placeholder."umami/db_pass"} - ''; - }; - - services.caddy = { - enable = true; - virtualHosts."umami.wanderingcrow.net" = { - extraConfig = '' - reverse_proxy http://10.88.0.6:3000 - ''; - }; - }; - - virtualisation.oci-containers = { - backend = "podman"; - containers = { - "umami" = { - image = "ghcr.io/umami-software/umami:postgresql-latest"; - dependsOn = ["umami-db"]; - extraOptions = ["--ip=10.88.0.6"]; - environmentFiles = [config.sops.templates."umami-env".path]; - }; - "umami-db" = { - image = "postgres:15-alpine"; - volumes = ["${volumePath}/umami:/var/lib/postgresql/data"]; - extraOptions = ["--ip=10.88.0.7"]; - environmentFiles = [config.sops.templates."umami-db".path]; - }; - }; - }; - }