ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

bunch of random crap

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-02-11 17:05:41 -06:00
parent dc0fbcf679
commit 343f5d7b52
8 changed files with 410 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

0
hosts/lio/containers/affine.nix → components/containers/affine.nix
View file

166
components/containers/inventory.nix Normal file
View file

@ -0,0 +1,166 @@
{
config,
lib,
...
}:
let
name = "inventory";
app = "pg-${name}";
hostDataDir = "/var/lib/${name}";
localAddress = "192.168.100.110";
pg_port = 54433;
pg_dataDir = "/var/lib/postgres";
# pgadmin_port = 5050;
# pgadmin_dataDir = "/var/lib/pgadmin";
binds = [
{
host = "${hostDataDir}/postgres";
container = pg_dataDir;
user = "postgres";
uid = config.ids.uids.postgres;
}
# {
# host = "${hostDataDir}/pgadmin";
# container = pgadmin_dataDir;
# user = "pgadmin";
# uid = 1020;
# }
];
in
{
users = lib.foldl (
acc: bind:
{
users.${bind.user} = {
isSystemUser = true;
home = bind.host;
createHome = true;
uid = bind.uid;
group = bind.user;
};
groups.${bind.user}.gid = bind.uid;
}
// acc
) { } binds;
containers.${app} = {
ephemeral = true;
autoStart = true;
privateNetwork = true;
hostAddress = "192.168.100.2";
localAddress = localAddress;
bindMounts = lib.foldl (
acc: bind:
{
"${bind.container}" = {
hostPath = bind.host;
isReadOnly = false;
};
}
// acc
) { } binds;
config =
{ config, pkgs, ... }:
{
system.stateVersion = "24.11";
users = lib.foldl (
acc: bind:
{
users.${bind.user} = {
isSystemUser = true;
home = bind.container;
uid = bind.uid;
group = bind.user;
};
groups.${bind.user}.gid = bind.uid;
}
// acc
) { } binds;
services.postgresql = {
enable = true;
package = pkgs.postgresql_17.withJIT;
enableJIT = true;
extensions = with pkgs.postgresql17Packages; [
# NOTE add extensions here
pgvector
postgis
];
settings.port = pg_port;
enableTCPIP = true;
authentication = ''
local all all trust
host all all 127.0.0.1/8 trust
host all all ::1/128 trust
host all all 192.168.100.0/24 trust
'';
identMap = ''
# ArbitraryMapName systemUser dbUser
superuser_map root ${name}
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';
ensureDatabases = [ name ];
ensureUsers = [
{
name = name;
ensureDBOwnership = true;
ensureClauses = {
login = true;
superuser = true;
};
}
];
dataDir =
(lib.findFirst (bind: bind.user == "postgres") (throw "No postgres bind found") binds).container;
};
# services.pgadmin = {
# enable = true;
# port = pgadmin_port;
# openFirewall = true;
# initialEmail = "admin@test.com";
# initialPasswordFile = (builtins.toFile "password" "password");
# };
# TODO set this up, had issues since it shares users with postgres service and my bind mounts relys on createhome in that exact directory.
# services.postgresqlBackup = {
# enable = true;
# compression = "gzip";
# compressionLevel = 9;
# databases = [ cfg.database ];
# location = "${cfg.dataDir}/backup";
# startAt = "02:30"; # Adjust the backup time as needed
# };
networking.firewall = {
enable = true;
allowedTCPPorts = [ pg_port ];
};
# Health check to ensure database is ready
systemd.services.postgresql-healthcheck = {
description = "PostgreSQL Health Check";
after = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
ExecStart = ''
${pkgs.postgresql_17}/bin/pg_isready \
-U ${name} \
-d ${name} \
-h localhost \
-p ${toString pg_port}
'';
};
};
};
};
}

2
hosts/lio/containers/librechat.nix → components/containers/librechat.nix
View file

@ -15,7 +15,7 @@ in
port = lib.mkOption { port = lib.mkOption {
type = lib.types.port; type = lib.types.port;
default = 3080; default = 3080;
description = "Port number for the LibreChat API service"; description = "Port number for the LibreChat";
}; };
ragPort = lib.mkOption { ragPort = lib.mkOption {
type = lib.types.port; type = lib.types.port;

159
components/containers/mathesar.nix Normal file
View file

@ -0,0 +1,159 @@
{
config,
pkgs,
...
}:
let
cfg = config.services.mathesar;
in
{
options.services.mathesar =
let
lib = pkgs.lib;
in
{
port = lib.mkOption {
type = lib.types.port;
default = 3081;
description = "Port number for the Mathesar";
};
dataDir = lib.mkOption {
type = lib.types.path;
default = "/var/lib/mathesar";
description = "Directory to store Mathesar data";
};
secretKey = lib.mkOption {
type = lib.types.str;
# echo $(cat /dev/urandom | LC_CTYPE=C tr -dc 'a-zA-Z0-9' | head -c 50)
# https://docs.djangoproject.com/en/4.2/ref/settings/#secret-key
description = "Secret key for Django security features";
};
domainName = lib.mkOption {
type = lib.types.str;
default = "http://10.20.40.104";
description = "Custom domain(s) for accessing Mathesar";
};
postgresDb = lib.mkOption {
type = lib.types.str;
default = "mathesar_django";
description = "Database name for Mathesar";
};
postgresUser = lib.mkOption {
type = lib.types.str;
default = "mathesar";
description = "Database user for Mathesar";
};
postgresPassword = lib.mkOption {
type = lib.types.str;
default = "mathesar";
description = "Database password for Mathesar";
};
postgresHost = lib.mkOption {
type = lib.types.str;
default = "mathesar_db";
description = "Host running the PostgreSQL database";
};
postgresPort = lib.mkOption {
type = lib.types.port;
default = 3082;
description = "Port on which PostgreSQL is running";
};
allowedHosts = lib.mkOption {
type = lib.types.str;
default = "*";
description = "Allowed hosts for Mathesar web service. ";
};
};
config = {
systemd.services.create-mathesar-network = {
description = "Create Docker network for Mathesar";
serviceConfig.Type = "oneshot";
wantedBy = [ "multi-user.target" ];
script = ''
if ! ${pkgs.docker}/bin/docker network inspect mathesar_network >/dev/null 2>&1; then
${pkgs.docker}/bin/docker network create mathesar_network
fi
'';
};
virtualisation.oci-containers.containers = {
################
# mathesar_service
################
mathesar_service = {
user = "root";
image = "mathesar/mathesar:latest";
dependsOn = [ "mathesar_db" ];
environment = {
SECRET_KEY = cfg.secretKey;
DOMAIN_NAME = cfg.domainName;
POSTGRES_DB = cfg.postgresDb;
POSTGRES_USER = cfg.postgresUser;
POSTGRES_PASSWORD = cfg.postgresPassword;
POSTGRES_HOST = cfg.postgresHost;
POSTGRES_PORT = (toString cfg.postgresPort);
DJANGO_SETTINGS_MODULE = "config.settings.production";
# Allowed hosts is * to allow all traffic on service.
# The caddy proxy handles the rest.
ALLOWED_HOSTS = "*";
};
volumes = [
"${cfg.dataDir}/static:/code/static"
"${cfg.dataDir}/media:/code/media"
];
extraOptions = [
"--network=mathesar_network"
"--expose=8000"
];
};
################
# mathesar_db (PostgreSQL Database)
################
mathesar_db = {
user = "root";
image = "postgres:13";
environment = {
POSTGRES_DB = cfg.postgresDb;
POSTGRES_USER = cfg.postgresUser;
POSTGRES_PASSWORD = cfg.postgresPassword;
PGPORT = toString cfg.postgresPort;
};
volumes = [
"${cfg.dataDir}/pgdata:/var/lib/postgresql/data"
];
extraOptions = [
"--network=mathesar_network"
"--expose=${toString cfg.postgresPort}"
];
};
##############
# caddy-reverse-proxy
##############
caddy_reverse_proxy = {
user = "root";
image = "mathesar/mathesar-caddy:latest";
ports = [
"10.20.40.104:${toString cfg.port}:80"
];
environment = {
SECRET_KEY = cfg.secretKey;
DOMAIN_NAME = cfg.domainName;
POSTGRES_DB = cfg.postgresDb;
POSTGRES_USER = cfg.postgresUser;
POSTGRES_PASSWORD = cfg.postgresPassword;
POSTGRES_HOST = cfg.postgresHost;
POSTGRES_PORT = toString cfg.postgresPort;
};
volumes = [
"${cfg.dataDir}/media:/code/media"
"${cfg.dataDir}/static:/code/static"
"${cfg.dataDir}/caddy:/data"
];
extraOptions = [ "--network=mathesar_network" ];
};
};
};
}

53
components/containers/pgadmin.nix Normal file
View file

@ -0,0 +1,53 @@
{
config,
pkgs,
...
}:
let
cfg = config.customServices.pgadmin;
in
{
options.customServices.pgadmin =
let
lib = pkgs.lib;
in
{
port = lib.mkOption {
type = lib.types.port;
default = 3085;
description = "Port number for the PGAdmin interface";
};
dataDir = lib.mkOption {
type = lib.types.path;
default = "/var/lib/pgadmin";
description = "Directory to store PGAdmin data";
};
};
config = {
virtualisation.oci-containers.containers = {
#############
# pgadmin #
#############
# NOTE settings live in `/var/lib/librechat` manually right now
pgadmin = {
user = "root";
image = "dpage/pgadmin4:latest";
ports = [
"10.20.40.104:${toString cfg.port}:${toString cfg.port}"
];
environment = {
PGADMIN_LISTEN_PORT = toString cfg.port;
PGADMIN_DEFAULT_EMAIL = "admin@db.joshuabell.xyz";
PGADMIN_DEFAULT_PASSWORD = "password";
};
volumes = [
"${cfg.dataDir}:/var/lib/pgadmin"
];
extraOptions = [
"--network=host"
];
};
};
};
}

0
hosts/lio/containers/tests.nix → components/containers/tests.nix
View file

8
hosts/linode/l002/nginx.nix
View file

@ -54,6 +54,14 @@
proxyPass = "http://10.20.40.104:3080"; proxyPass = "http://10.20.40.104:3080";
}; };
}; };
"db.joshuabell.xyz" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyWebsockets = true;
proxyPass = "http://10.20.40.104:3085";
};
};
"gist.joshuabell.xyz" = { "gist.joshuabell.xyz" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;

44
hosts/lio/containers.nix
View file

@ -1,5 +1,4 @@
{ {
config,
... ...
}: }:
{ {
@ -7,12 +6,12 @@
# NOTE some useful links # NOTE some useful links
# nixos containers: https://blog.beardhatcode.be/2020/12/Declarative-Nixos-Containers.html # nixos containers: https://blog.beardhatcode.be/2020/12/Declarative-Nixos-Containers.html
# https://nixos.wiki/wiki/NixOS_Containers # https://nixos.wiki/wiki/NixOS_Containers
options = {}; options = { };
imports = [ imports = [
./containers/tests.nix ../../components/containers/librechat.nix
./containers/librechat.nix ../../components/containers/inventory.nix
# ./containers/affine.nix ../../components/containers/pgadmin.nix
]; ];
config = { config = {
@ -21,6 +20,9 @@
# networking.nat.internalInterfaces = [ "ve-*" ]; # networking.nat.internalInterfaces = [ "ve-*" ];
# networking.nat.externalInterface = "eth0"; # networking.nat.externalInterface = "eth0";
# mathesar
# services.mathesar.secretKey = "mImvhwyu0cFmtUNOAyOjm6qozWjEmHyrGIpOTZXWW7lnkj5RP3";
virtualisation.oci-containers.backend = "docker"; virtualisation.oci-containers.backend = "docker";
security.acme.acceptTerms = true; security.acme.acceptTerms = true;
@ -32,22 +34,22 @@
recommendedProxySettings = true; recommendedProxySettings = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
virtualHosts = { virtualHosts = {
"local.belljm.com" = { # "local.belljm.com" = {
# enableACME = true; # # enableACME = true;
# forceSSL = true; # # forceSSL = true;
locations."/".proxyPass = "http://${config.containers.wasabi.localAddress}:80"; # locations."/".proxyPass = "http://${config.containers.wasabi.localAddress}:80";
}; # };
"127.0.0.1" = { # "127.0.0.1" = {
locations."/wasabi/" = { # locations."/wasabi/" = {
extraConfig = '' # extraConfig = ''
rewrite ^/wasabi/(.*) /$1 break; # rewrite ^/wasabi/(.*) /$1 break;
''; # '';
proxyPass = "http://${config.containers.wasabi.localAddress}:80/"; # proxyPass = "http://${config.containers.wasabi.localAddress}:80/";
}; # };
locations."/" = { # locations."/" = {
return = "404"; # or 444 for drop # return = "404"; # or 444 for drop
}; # };
}; # };
"_" = { "_" = {
default = true; default = true;
locations."/" = { locations."/" = {