jahanson/mochi
1
0
Fork 0
Code Issues 1 Pull requests 1 Projects Releases Packages Wiki Activity Actions

services I never really used

Browse source
This commit is contained in:
Joseph Hanson 2024-12-26 09:32:56 -06:00
parent 8e6552e0e3
commit c0cc03fd8d
4 changed files with 0 additions and 311 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

52
.archive/modules/nixos/services/glances/default.nix
View file

@ -1,52 +0,0 @@
{ pkgs, config, lib, ... }:
let
cfg = config.mySystem.services.glances;
in
with lib;
{
options.mySystem.services.glances =
{
enable = mkEnableOption "Glances system monitor";
};
config = mkIf cfg.enable {
environment.systemPackages = with pkgs;
[ glances python310Packages.psutil hddtemp ];
# port 61208
systemd.services.glances = {
script = ''
${pkgs.glances}/bin/glances --enable-plugin smart --webserver --bind 0.0.0.0
'';
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
};
networking = {
firewall.allowedTCPPorts = [ 61208 ];
};
environment.etc."glances/glances.conf" = {
text = ''
[global]
check_update=False
[network]
hide=lo,docker.*
[diskio]
hide=loop.*
[containers]
disable=False
podman_sock=unix:///var/run/podman/podman.sock
[connections]
disable=True
[irq]
disable=True
'';
};
};
}

71
.archive/modules/nixos/services/postgresql/default.nix
View file

@ -1,71 +0,0 @@
{ lib, config, ... }:
with lib;
let
cfg = config.mySystem.${category}.${app};
app = "postgresql";
category = "services";
in
{
options.mySystem.${category}.${app} =
{
enable = mkEnableOption "${app}";
addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; };
prometheus = mkOption
{
type = lib.types.bool;
description = "Enable prometheus scraping";
default = true;
};
backupLocation = mkOption
{
type = lib.types.str;
description = "Location for sql backups to be stored.";
default = "/persist/backup/postgresql";
};
backup = mkOption
{
type = lib.types.bool;
description = "Enable backups";
default = true;
};
};
config = mkIf cfg.enable {
services.postgresql = {
enable = true;
identMap = ''
# ArbitraryMapName systemUser DBUser
superuser_map root postgres
superuser_map postgres postgres
# Let other names login as themselves
superuser_map /^(.*)$ \1
'';
authentication = ''
#type database DBuser auth-method optional_ident_map
local sameuser all peer map=superuser_map
'';
settings = {
max_connections = 200;
random_page_cost = 1.1;
};
};
# enable backups
services.postgresqlBackup = mkIf cfg.backup {
enable = lib.mkForce true;
location = cfg.backupLocation;
};
### firewall config
# networking.firewall = mkIf cfg.openFirewall {
# allowedTCPPorts = [ port ];
# allowedUDPPorts = [ port ];
# };
};
}

102
.archive/modules/nixos/services/radicale/default.nix
View file

@ -1,102 +0,0 @@
{ lib, config, ... }:
with lib;
let
cfg = config.mySystem.${category}.${app};
app = "radicale";
category = "services";
user = app; #string
group = app; #string
port = 5232; #int
appFolder = "/var/lib/${app}";
url = "${app}.jahanson.tech";
in
{
options.mySystem.${category}.${app} =
{
enable = mkEnableOption "${app}";
addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; };
monitor = mkOption
{
type = lib.types.bool;
description = "Enable gatus monitoring";
default = true;
};
prometheus = mkOption
{
type = lib.types.bool;
description = "Enable prometheus scraping";
default = true;
};
backups = mkOption
{
type = lib.types.bool;
description = "Enable local backups";
default = true;
};
};
config = mkIf cfg.enable {
## Secrets
sops.secrets."${category}/${app}/htpasswd" = {
sopsFile = ./secrets.sops.yaml;
owner = user;
inherit group;
restartUnits = [ "${app}.service" ];
};
users.users.jahanson.extraGroups = [ group ];
environment.persistence."${config.mySystem.system.impermanence.persistPath}" = lib.mkIf config.mySystem.system.impermanence.enable {
hideMounts = true;
directories = [ "/var/lib/radicale/" ];
};
services =
{
## service
nginx.virtualHosts.${host} = {
useACMEHost = config.networking.domain;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${builtins.toString port}";
};
};
### Ingress
radicale = {
enable = true;
settings = {
server.hosts = [ "0.0.0.0:${builtins.toString port}" ];
auth = {
type = "htpasswd";
htpasswd_filename = config.sops.secrets."${category}/${app}/htpasswd".path;
htpasswd_encryption = "plain";
realm = "Radicale - Password Required";
};
storage.filesystem_folder = "/var/lib/radicale/collections";
};
};
};
### firewall config
# networking.firewall = mkIf cfg.openFirewall {
# allowedTCPPorts = [ port ];
# allowedUDPPorts = [ port ];
# };
### backups
warnings = [
(mkIf (!cfg.backups && config.mySystem.purpose != "Development")
"WARNING: Backups for ${app} are disabled!")
];
services.restic.backups = mkIf cfg.backups (config.lib.mySystem.mkRestic
{
inherit app user;
paths = [ appFolder ];
inherit appFolder;
});
};
}

86
.archive/modules/nixos/services/radicale/secrets.sops.yaml
View file

@ -1,86 +0,0 @@
services:
radicale:
htpasswd: ENC[AES256_GCM,data:O/bI1CUdpal/aJSiLaWtDQ==,iv:iJ4WrQ2vbjRlICcY21R6NGmtOZwO68zANQv52uwm74k=,tag:c2sMcVCUWOjSALNITdx1dg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1d9p83j52m2xg0vh9k7q0uwlxwhs3y6tlv68yg9s2h9mdw2fmmsqshddz5m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyZUxOSWd5TnFlazlXcjUv
RVBjM01WRjZ4R2d3WGhQWHNheEZWRkdWcWx3CitOekFGZ1RXL1M3QndrWHUzUFNH
QkY2dnYyZlhFMGVvTzBQb05oTjFFZ1UKLS0tIDFYN0pQTHBEMUZTU3QvOEJQS0Rh
Z2p1ZFVvVVBBZXVwTkhVZ05nNVBOQUkK7qFuomZfRvwFXTUc6LWWT10Ws8xIDcCj
AD/HSc9K+lEXHoTNmpHZyUYGnxJljnDNB3d3FS4pKbHujvhvMXwfPQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1m83ups8xn2jy4ayr8gw0pyn34smr0huqc5v76e4887az4vsl4yzsj0dlhd
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGdnRKZUk5Um5HYUwzbmhL
K1A0ZW1YN0d3WllNb28zeDhzS1ppWXhleDBVCmMrRk41WlM1RXN5TkVnVVRYQ3Ev
c2RTeVJ1ays1bzg1ZGozMWI5ZWZ1ZHcKLS0tIFRKRlhFT1VwY2lwbUhRd3A4SEds
Y3BFY2lpQkExL2V4SjJvU3pTSW5WYzAKO8GMLDaoDrxdZzM8unYvq3/OteDGIwra
dRd8c6b5LSoC63Y59WftmmasXFRNrZHZX24vwgwReKapnWmqtQTgrQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age18kj3xhlvgjeg2awwku3r8d95w360uysu0w5ejghnp4kh8qmtge5qwa2vjp
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjVFJQM3BnU2hlTVJvT0RQ
WHRVWkJEd3JacnlVSStQYVU3c2QwOThPOVhvCjZOeEFDdXFzeWNoS3JTbktFMDJV
ZDJKV2RlMDRiTW0vRHRBUUhCUGlPUlEKLS0tIGxWT0VmaUNGMXk0a1NYTDI0WDQw
b2hjeEFPVGdhek8yVEcwN1BzVnFQbFEKNgwnchYNz/afrg6FeFlCikMIaCfsEMYK
PHmfIiM64XReGZGsKL+gxIw33yszbyeOu0vr26tqV3HU/QUE7f19gw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1lp6rrlvmytp9ka6q89m0e0am26222kwrn7aqd45hu07s3a6jv3gqty86eu
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBzTEpra1haektoVFNpMkV6
eGVkQnRpblV5amdMaGZJVVJiMUV1VEYwYkVvCmJZZ1ZvWTRUOVpYRnZkSEcvbzk2
MDZ0MVl5NmNBQnJ5ZkhqejI5Nm5URDgKLS0tIDZPRURpVHp4Q1NsRG9ZeGVqRU9X
WnJ2ejZrZ0hOdDhxZUNnaDhOWVpzVFEKoYnqypCuLKT8OUbtRk6yN9UfWBqbznzE
DgCHiOj590zXsfRpaei/UYx0qdEmtymh7FivkxSRNYylfcngjYiadA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1e4sd6jjd4uxxsh9xmhdsnu6mqd5h8c4zz4gwme7lkw9ee949fc9q4px9df
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2QkpxRHJYTEo5cE9ielZl
a1NYUllWYmp2NzZZejJtby9MRkF4ejNPWmtNCmNDMWk3cGg3eVlYUXBCTjg0TmdG
akRwVFZxMUZMNXAvYzRSYkZlamthVlUKLS0tIHEzYmg3eTFveWppbzk3c3FHM0pn
bTZ4K2xhN2xRU2VDK040cGpDbjVmVUUKuAsZczZzTWKKxISxWOaxjzxM6wLnsbpT
dxCkcqbjL8tWs1hACsWhJ4cNGNP7gkF+9RELZvvAHgSMrlpMv7Y80w==
-----END AGE ENCRYPTED FILE-----
- recipient: age19jm7uuam7gkacm3kh2v7uqgkvmmx0slmm9zwdjhd2ln9r60xzd7qh78c5a
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtZVhZeVdXVXRSWi9tMjRv
dlJFRE5NNDZZdStsOUdmMFZBdC9wL2o1S0hRCkpPNE5ic2t2UHdvanJ5bTdheDk2
SUhsOTlXZnkrTkRvUXRaZE9SbW9EMGsKLS0tIHRZK3ZBQ1UrMlFGWEdIblk1YURV
VUJaWXhJMy9NUC81SjhGR0t0QnZPSDAKnQe+zUSRWvfjwr/c5wIkw/alXelnIK+u
BmvB/bps060r8GWIGYsN5mVzBpLAYwqqB4ylpjoLTfhAx3J3A+fRCw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nwnqxjuaxlt5g7fe8rnspvn2c36uuef4hzwuwa6cfjfalz2lrd4q4n5fpl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBaa2hQWlNhdmpZNHkyQmJI
WGwwZitJaUx5U0xzdURjdlFpN01jMWFvRUZZCndMcHpNclhoR1NXZzVNOWtlY0JD
c1RSNGVzY1RUa0JLYng2a0w0bFozNXcKLS0tIC9Sb0k4MmpaWUVqMkxUbHlEdlgx
M0hoN29oY1FVNVFGZFVyZVJTM2owYjAKsnVoccpgW7RPuJL66Q9iCOG5GZ41K65e
7J8lGbHkalzX63VGIOgtvSViIXIeQxw9+Tmf70GQUqcM6czwX8fu5Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1a8z3p24v32l9yxm5z2l8h7rpc3nhacyfv4jvetk2lenrvsdstd3sdu2kaf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHZWxZWk53cHd1bzhjVmZF
TUk4RmhENGMvNzZnREdKYU9TTDZzS0Jha1I0CnY3NXZzVlJhTGpVNi8yWlZ5SXN1
Z3I4b3BOcGtpek4vK3JzV1JUVWVMZUkKLS0tIHJMOEZraFB2WXdBVUFDUisrMzBM
TUUzcW1GR1JOcG4yMm9EY3R6WFdTeEUKzJerRRS/5eCDOhOxHEB78qiVOx++z4M/
XOEN6X0iDUBDfFJIqtMngMjU9E9DlRIYetMOYLxTpxmdKiv3Njyh/A==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-18T23:57:27Z"
mac: ENC[AES256_GCM,data:f2p4VkJ7RLGPBbkkesqFKNIVow+/7MobH+AqnELAguGxlMAt1XZaU1cLfyMy1RQIrT0UmUV2xjRf/PGXBVNOTK+A2M0zoI90N8daTvk2xrEX5JVNWycgKVnQfztIgUAf5LA+tcvyWQ/Z/sIN1aGNfbl1tCSq+U+3xjIxZ74qmuw=,iv:wcyjoKWNFLb/jGclNWbHP7wwnkz29iINSfKblqhP+bI=,tag:3RrZXX9pAWQG05ZPI5A35Q==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1