nomad/nixcfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nixcfg/hosts/vps/configuration.nix
nomadics9 87d702f4c3 goaccess
2024-10-19 21:48:18 +03:00

208 lines
4.3 KiB
Nix
Raw Blame History

{ pkgs, hostname, user, lib, ... }: {
imports = [
./hardware-configuration.nix
];
hardware.disko.enable = true;
programs.nix-ld.enable = true;
common.services.appimage.enable = true;
systemd.services.arion = {
enable = true;
serviceConfig = {
Restart = "on-failure";
};
};
vps = {
dufs.enable = true;
nextcloud.enable = false;
pairdrop.enable = true;
syncthing.enable = true;
vpn.enable = true;
};
sops = {
age.keyFile = "/etc/nixos/sops/age/keys.txt";
defaultSopsFile = ../../secrets/secrets.yaml;
defaultSopsFormat = "yaml";
};
services.caddy = {
enable = true;
logDir = "/var/log/caddy";
# Configure log format using mkForce to make sure it takes effect
logFormat = lib.mkForce ''
level INFO
output file /var/log/caddy/access.log {
roll_size 50mb
roll_keep 5
roll_keep_for 720h
}
format caddy
'';
# Reverse proxy configuration for each domain
extraConfig = ''
fs.nmd.mov {
reverse_proxy localhost:5000
log
}
vpn.nmd.mov {
reverse_proxy localhost:51821
log
}
s.nmd.mov {
reverse_proxy localhost:8384
log
}
drop.nmd.mov {
reverse_proxy localhost:3000
log
}
dot.nmd.mov {
reverse_proxy localhost:19999
basic_auth /* {
nomad $2a$12$toBh5sfXyxigtHGNY4t8tO7YYQp6i3aZk/O0qd19lgk0LRz5eqDVi
}
}
nmd.mov {
root * /var/www/goaccess
file_server
reverse_proxy /ws localhost:7890
basic_auth /* {
nomad $2a$12$toBh5sfXyxigtHGNY4t8tO7YYQp6i3aZk/O0qd19lgk0LRz5eqDVi
}
}
'';
};
services.netdata = {
enable = true;
package = pkgs.netdata.override {
withCloudUi = true;
};
extraPluginPaths = [ "/etc/netdata/custom-plugins.d" ];
configDir = {
# Add the custom plugin script to the Netdata configuration directory
"plugins.d/caddy_visitors.sh" = pkgs.writeText "caddy_visitors.sh" ''
#!/bin/env/sh
# Path to the Caddy JSON access log file
log_file="/var/log/caddy/access.log"
# Extract unique visitor IPs from JSON log file
unique_visitors=$(jq -r "select(.request.remote_ip != null) | .request.remote_ip" "$log_file" | sort | uniq | wc -l)
# Define the chart
echo CHART caddy_visitors.unique_ips "Unique Visitors from Caddy Logs" "IPs" "Caddy Logs" caddy_visitors line $((netdata_update_every * 10)) 1
echo DIMENSION unique_visitors "" absolute 1 1
# Output the result in a format that Netdata understands
echo BEGIN caddy_visitors.unique_ips
echo SET unique_visitors = $unique_visitors
echo END
'';
};
};
networking.useDHCP = lib.mkForce false;
services.cloud-init = {
enable = true;
network.enable = true;
};
services.openssh = {
enable = true;
settings = {
PermitRootLogin = "yes";
PasswordAuthentication = false;
};
};
boot.loader.grub = {
efiSupport = true;
efiInstallAsRemovable = true;
};
networking.hostName = "vps";
time.timeZone = "Asia/Kuwait";
i18n.defaultLocale = "en_US.UTF-8";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_GB.UTF-8";
LC_IDENTIFICATION = "en_GB.UTF-8";
LC_MEASUREMENT = "en_GB.UTF-8";
LC_MONETARY = "en_GB.UTF-8";
LC_NAME = "en_GB.UTF-8";
LC_NUMERIC = "en_GB.UTF-8";
LC_PAPER = "en_GB.UTF-8";
LC_TELEPHONE = "en_GB.UTF-8";
LC_TIME = "en_GB.UTF-8";
};
services.printing.enable = false;
nixpkgs.config.allowUnfree = true;
environment.systemPackages = with pkgs; [
neovim
git
zsh
arion
sops
jq
];
networking.firewall.enable = true;
networking.firewall.allowedTCPPorts = [
22
80
443
5000
4400
3000
8384
22000
51821
];
networking.firewall.allowedUDPPorts = [
22000
21027
51820
];
networking.firewall.extraCommands = ''
# Allow access to port 19999 from localhost
iptables -A INPUT -p tcp -s 127.0.0.1 --dport 19999 -j ACCEPT
# Block all other access to port 19999
iptables -A INPUT -p tcp --dport 19999 -j DROP
'';
system.stateVersion = "24.05";
}
Reference in a new issue View git blame Copy permalink