batteredbunny/server.nix
1
0
Fork 0
Code Issues 11 Pull requests Projects Releases Packages Wiki Activity Actions

Add promethus

Browse source
This commit is contained in:
batteredbunny 2024-11-30 15:38:34 +02:00
parent cb41a522fa
commit 7303d7c8e0
14 changed files with 180 additions and 237 deletions
Download patch file Download diff file Expand all files Collapse all files

55
caddy/default.nix
View file

@ -40,6 +40,20 @@ in
plugins = [ "github.com/caddy-dns/cloudflare" ]; plugins = [ "github.com/caddy-dns/cloudflare" ];
}); });
globalConfig = ''
servers {
metrics
}
admin 0.0.0.0:2019
'';
logFormat = ''
output file ${config.services.caddy.logDir}/access.log {
mode 640
}
'';
virtualHosts = { virtualHosts = {
"xn--tdaa.ee" = { "xn--tdaa.ee" = {
extraConfig = '' extraConfig = ''
@ -54,11 +68,6 @@ in
} }
''; '';
serverAliases = [ "üü.ee" ]; serverAliases = [ "üü.ee" ];
logFormat = ''
output file ${config.services.caddy.logDir}/access.log {
mode 640
}
'';
}; };
"kaya.ee" = { "kaya.ee" = {
extraConfig = '' extraConfig = ''
@ -69,12 +78,6 @@ in
respond owo respond owo
''; '';
logFormat = ''
output file ${config.services.caddy.logDir}/access.log {
mode 640
}
'';
}; };
"lastfm.catnip.ee" = { "lastfm.catnip.ee" = {
@ -86,11 +89,6 @@ in
reverse_proxy :${toString config.services.lastfm-status.port} reverse_proxy :${toString config.services.lastfm-status.port}
''; '';
logFormat = ''
output file ${config.services.caddy.logDir}/access.log {
mode 640
}
'';
}; };
"http://syncthing.internal".extraConfig = '' "http://syncthing.internal".extraConfig = ''
@ -153,11 +151,6 @@ in
hide .Trash-1000 hide .Trash-1000
} }
''; '';
logFormat = ''
output file ${config.services.caddy.logDir}/access.log {
mode 640
}
'';
}; };
"chat.catnip.ee".extraConfig = '' "chat.catnip.ee".extraConfig = ''
@ -204,11 +197,6 @@ in
reverse_proxy :${toString settings.ports.mautrix-telegram} reverse_proxy :${toString settings.ports.mautrix-telegram}
} }
''; '';
logFormat = ''
output file ${config.services.caddy.logDir}/access.log {
mode 640
}
'';
}; };
"catnip.ee" = { "catnip.ee" = {
@ -234,11 +222,6 @@ in
respond `{"m.server": "matrix.catnip.ee:443"}` respond `{"m.server": "matrix.catnip.ee:443"}`
} }
''; '';
logFormat = ''
output file ${config.services.caddy.logDir}/access.log {
mode 640
}
'';
}; };
"www.catnip.ee" = { "www.catnip.ee" = {
extraConfig = '' extraConfig = ''
@ -249,11 +232,6 @@ in
redir https://catnip.ee{uri} permanent redir https://catnip.ee{uri} permanent
''; '';
logFormat = ''
output file ${config.services.caddy.logDir}/access.log {
mode 640
}
'';
}; };
"confess.catnip.ee" = { "confess.catnip.ee" = {
@ -265,11 +243,6 @@ in
reverse_proxy :${toString config.services.confess-web.port} reverse_proxy :${toString config.services.confess-web.port}
''; '';
logFormat = ''
output file ${config.services.caddy.logDir}/access.log {
mode 640
}
'';
}; };
":80".extraConfig = '' ":80".extraConfig = ''

15
games/minecraft/default.nix
View file

@ -7,17 +7,12 @@
nixpkgs.overlays = [ inputs.nix-minecraft.overlay ]; nixpkgs.overlays = [ inputs.nix-minecraft.overlay ];
services = { services = {
caddy.virtualHosts."drasl.snailcore.net" = { caddy.virtualHosts."drasl.snailcore.net".extraConfig = ''
extraConfig = ''
reverse_proxy http://${config.services.drasl.settings.ListenAddress} reverse_proxy http://${config.services.drasl.settings.ListenAddress}
''; '';
logFormat = ''
output file ${config.services.caddy.logDir}/access.log { minecraft-servers = {
mode 640 # /srv/minecraft
}
'';
};
minecraft-servers = { # /srv/minecraft
enable = true; enable = true;
eula = true; eula = true;

2
services/blocky.nix
View file

@ -40,6 +40,8 @@
"lidarr.internal" "lidarr.internal"
"syncthing.internal" "syncthing.internal"
"stats.internal" "stats.internal"
"promtail.internal"
"prometheus.internal"
] "100.93.150.89"; ] "100.93.150.89";
}; };
conditional = conditional =

6
services/coturn.nix
View file

@ -17,12 +17,6 @@ in
''; '';
useACMEHost = config.services.coturn.realm; useACMEHost = config.services.coturn.realm;
logFormat = ''
output file ${config.services.caddy.logDir}/access.log {
mode 640
}
'';
}; };
coturn = rec { coturn = rec {

21
services/feishin.nix
View file

@ -18,19 +18,12 @@
]; ];
}; };
services.caddy.virtualHosts."player.catnip.ee" = { services.caddy.virtualHosts."player.catnip.ee".extraConfig = ''
extraConfig = '' tls {
tls { dns cloudflare {env.CLOUDFLARE_API_TOKEN}
dns cloudflare {env.CLOUDFLARE_API_TOKEN} resolvers 1.1.1.1
resolvers 1.1.1.1 }
}
reverse_proxy :${toString settings.ports.feishin} reverse_proxy :${toString settings.ports.feishin}
''; '';
logFormat = ''
output file ${config.services.caddy.logDir}/access.log {
mode 640
}
'';
};
} }

23
services/forgejo.nix
View file

@ -54,23 +54,14 @@
}; };
}; };
caddy.virtualHosts = { caddy.virtualHosts."forge.catnip.ee".extraConfig = ''
"forge.catnip.ee" = { tls {
extraConfig = '' dns cloudflare {env.CLOUDFLARE_API_TOKEN}
tls { resolvers 1.1.1.1
dns cloudflare {env.CLOUDFLARE_API_TOKEN} }
resolvers 1.1.1.1
}
reverse_proxy :${toString config.services.forgejo.settings.server.HTTP_PORT} reverse_proxy :${toString config.services.forgejo.settings.server.HTTP_PORT}
''; '';
logFormat = ''
output file ${config.services.caddy.logDir}/access.log {
mode 640
}
'';
};
};
borgbackup.jobs."borgbase" = { borgbackup.jobs."borgbase" = {
paths = [ paths = [

57
services/grafana.nix
View file

@ -6,6 +6,12 @@
provision = { provision = {
enable = true; enable = true;
datasources.settings.datasources = [ datasources.settings.datasources = [
{
name = "Prometheus";
type = "prometheus";
access = "proxy";
url = "http://127.0.0.1:${toString config.services.prometheus.port}";
}
{ {
name = "loki"; name = "loki";
type = "loki"; type = "loki";
@ -124,14 +130,57 @@
}; };
}; };
caddy.virtualHosts."http://stats.internal".extraConfig = '' prometheus = {
@local remote_ip private_ranges 100.64.0.0/10 port = 3020;
reverse_proxy @local http://${config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port} enable = true;
'';
exporters = {
node = {
port = 3021;
enabledCollectors = [ "systemd" ];
enable = true;
};
};
scrapeConfigs = [
{
job_name = "caddy";
static_configs = [{
targets = [
"127.0.0.1:2019"
];
}];
}
{
job_name = "nodes";
static_configs = [{
targets = [
"127.0.0.1:${toString config.services.prometheus.exporters.node.port}"
];
}];
}
];
};
caddy.virtualHosts = {
"http://prometheus.internal".extraConfig = ''
@local remote_ip private_ranges 100.64.0.0/10
reverse_proxy @local http://127.0.0.1:${toString config.services.prometheus.port}
'';
"http://promtail.internal".extraConfig = ''
@local remote_ip private_ranges 100.64.0.0/10
reverse_proxy @local http://127.0.0.1:${toString config.services.promtail.configuration.server.http_listen_port}
'';
"http://stats.internal".extraConfig = ''
@local remote_ip private_ranges 100.64.0.0/10
reverse_proxy @local http://${config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}
'';
};
borgbackup.jobs."borgbase".paths = [ borgbackup.jobs."borgbase".paths = [
"/var/lib/loki" "/var/lib/loki"
"/var/lib/grafana" "/var/lib/grafana"
"/var/lib/prometheus2"
]; ];
}; };

42
services/jellyfin.nix
View file

@ -34,36 +34,22 @@
jellyfin.enable = true; jellyfin.enable = true;
caddy.virtualHosts = { caddy.virtualHosts = {
"vue.jellyfin.catnip.ee" = { "vue.jellyfin.catnip.ee".extraConfig = ''
extraConfig = '' tls {
tls { dns cloudflare {env.CLOUDFLARE_API_TOKEN}
dns cloudflare {env.CLOUDFLARE_API_TOKEN} resolvers 1.1.1.1
resolvers 1.1.1.1 }
}
reverse_proxy :${toString settings.ports.jellyfin_vue} reverse_proxy :${toString settings.ports.jellyfin_vue}
''; '';
logFormat = '' "jellyfin.catnip.ee".extraConfig = ''
output file ${config.services.caddy.logDir}/access.log { tls {
mode 640 dns cloudflare {env.CLOUDFLARE_API_TOKEN}
} resolvers 1.1.1.1
''; }
};
"jellyfin.catnip.ee" = {
extraConfig = ''
tls {
dns cloudflare {env.CLOUDFLARE_API_TOKEN}
resolvers 1.1.1.1
}
reverse_proxy :${toString settings.ports.jellyfin} reverse_proxy :${toString settings.ports.jellyfin}
''; '';
logFormat = ''
output file ${config.services.caddy.logDir}/access.log {
mode 640
}
'';
};
}; };
borgbackup.jobs."borgbase" = { borgbackup.jobs."borgbase" = {

71
services/mastodon.nix
View file

@ -21,53 +21,46 @@
}; };
}; };
caddy.virtualHosts."fedi.catnip.ee" = { caddy.virtualHosts."fedi.catnip.ee".extraConfig = ''
extraConfig = '' tls {
tls { dns cloudflare {env.CLOUDFLARE_API_TOKEN}
dns cloudflare {env.CLOUDFLARE_API_TOKEN} resolvers 1.1.1.1
resolvers 1.1.1.1 }
}
handle_path /system/* { handle_path /system/* {
file_server * { file_server * {
root /var/lib/mastodon/public-system root /var/lib/mastodon/public-system
}
} }
}
handle /api/v1/streaming/* { handle /api/v1/streaming/* {
reverse_proxy unix//run/mastodon-streaming/streaming.socket reverse_proxy unix//run/mastodon-streaming/streaming.socket
} }
route * { route * {
file_server * { file_server * {
root ${pkgs.mastodon}/public root ${pkgs.mastodon}/public
pass_thru pass_thru
}
reverse_proxy :${toString config.services.mastodon.webPort}
} }
reverse_proxy :${toString config.services.mastodon.webPort}
}
handle_errors { handle_errors {
root * ${pkgs.mastodon}/public root * ${pkgs.mastodon}/public
rewrite 500.html rewrite 500.html
file_server file_server
} }
encode gzip encode gzip
header /* { header /* {
Strict-Transport-Security "max-age=31536000;" Strict-Transport-Security "max-age=31536000;"
} }
header /emoji/* Cache-Control "public, max-age=31536000, immutable" header /emoji/* Cache-Control "public, max-age=31536000, immutable"
header /packs/* Cache-Control "public, max-age=31536000, immutable" header /packs/* Cache-Control "public, max-age=31536000, immutable"
header /system/accounts/avatars/* Cache-Control "public, max-age=31536000, immutable" header /system/accounts/avatars/* Cache-Control "public, max-age=31536000, immutable"
header /system/media_attachments/files/* Cache-Control "public, max-age=31536000, immutable" header /system/media_attachments/files/* Cache-Control "public, max-age=31536000, immutable"
''; '';
logFormat = ''
output file ${config.services.caddy.logDir}/access.log {
mode 640
}
'';
};
borgbackup.jobs."borgbase" = { borgbackup.jobs."borgbase" = {
paths = [ paths = [

21
services/mautrix.nix
View file

@ -12,21 +12,14 @@
services = { services = {
# mautrix-discord media proxy https://docs.mau.fi/bridges/go/discord/direct-media.html # mautrix-discord media proxy https://docs.mau.fi/bridges/go/discord/direct-media.html
caddy.virtualHosts."discord-media.catnip.ee" = { caddy.virtualHosts."discord-media.catnip.ee".extraConfig = ''
extraConfig = '' tls {
tls { dns cloudflare {env.CLOUDFLARE_API_TOKEN}
dns cloudflare {env.CLOUDFLARE_API_TOKEN} resolvers 1.1.1.1
resolvers 1.1.1.1 }
}
reverse_proxy :29334 reverse_proxy :29334
''; '';
logFormat = ''
output file ${config.services.caddy.logDir}/access.log {
mode 640
}
'';
};
# /var/lib/mautrix-telegram # /var/lib/mautrix-telegram
mautrix-telegram = { mautrix-telegram = {

41
services/nextcloud.nix
View file

@ -4,33 +4,26 @@
]; ];
services = { services = {
caddy.virtualHosts."cloud.catnip.ee" = { caddy.virtualHosts."cloud.catnip.ee".extraConfig = ''
extraConfig = '' tls {
tls { dns cloudflare {env.CLOUDFLARE_API_TOKEN}
dns cloudflare {env.CLOUDFLARE_API_TOKEN} resolvers 1.1.1.1
resolvers 1.1.1.1 }
}
redir /.well-known/carddav /remote.php/dav 301 redir /.well-known/carddav /remote.php/dav 301
redir /.well-known/caldav /remote.php/dav 301 redir /.well-known/caldav /remote.php/dav 301
header { header {
Strict-Transport-Security "max-age=31536000; includeSubDomains" Strict-Transport-Security "max-age=31536000; includeSubDomains"
Referrer-Policy no-referrer Referrer-Policy no-referrer
Referrer-Policy same-origin Referrer-Policy same-origin
Referrer-Policy strict-origin Referrer-Policy strict-origin
Referrer-Policy strict-origin-when-cross-origin Referrer-Policy strict-origin-when-cross-origin
Referrer-Policy no-referrer-when-downgrade Referrer-Policy no-referrer-when-downgrade
} }
reverse_proxy 127.0.0.1:${toString settings.ports.nextcloud} reverse_proxy 127.0.0.1:${toString settings.ports.nextcloud}
''; '';
logFormat = ''
output file ${config.services.caddy.logDir}/access.log {
mode 640
}
'';
};
# /var/lib/nextcloud # /var/lib/nextcloud
nextcloud = { nextcloud = {

37
services/ntfy.nix
View file

@ -8,30 +8,23 @@
base-url = "https://ntfy.catnip.ee"; base-url = "https://ntfy.catnip.ee";
}; };
}; };
caddy.virtualHosts."ntfy.catnip.ee" = { caddy.virtualHosts."ntfy.catnip.ee".extraConfig = ''
extraConfig = '' tls {
tls { dns cloudflare {env.CLOUDFLARE_API_TOKEN}
dns cloudflare {env.CLOUDFLARE_API_TOKEN} resolvers 1.1.1.1
resolvers 1.1.1.1 }
}
reverse_proxy ${config.services.ntfy-sh.settings.listen-http} reverse_proxy ${config.services.ntfy-sh.settings.listen-http}
# Redirect HTTP to HTTPS, but only for GET topic addresses, since we want # Redirect HTTP to HTTPS, but only for GET topic addresses, since we want
# it to work with curl without the annoying https:// prefix. # it to work with curl without the annoying https:// prefix.
@httpget { @httpget {
protocol http protocol http
method GET method GET
path_regexp ^/([-_a-z0-9]{0,64}$|docs/|static/) path_regexp ^/([-_a-z0-9]{0,64}$|docs/|static/)
} }
redir @httpget https://{host}{uri} redir @httpget https://{host}{uri}
''; '';
logFormat = ''
output file ${config.services.caddy.logDir}/access.log {
mode 640
}
'';
};
borgbackup.jobs."borgbase".paths = [ borgbackup.jobs."borgbase".paths = [
"/var/lib/ntfy-sh" "/var/lib/ntfy-sh"

5
services/pds.nix
View file

@ -44,11 +44,6 @@
} }
''; '';
serverAliases = [ "*.bsky.ee" ]; serverAliases = [ "*.bsky.ee" ];
logFormat = ''
output file ${config.services.caddy.logDir}/access.log {
mode 640
}
'';
}; };
borgbackup.jobs."borgbase".paths = [ borgbackup.jobs."borgbase".paths = [

21
services/wakapi.nix
View file

@ -1,20 +1,13 @@
{ config, ... }: { { config, ... }: {
services = { services = {
caddy.virtualHosts."waka.catnip.ee" = { caddy.virtualHosts."waka.catnip.ee".extraConfig = ''
extraConfig = '' tls {
tls { dns cloudflare {env.CLOUDFLARE_API_TOKEN}
dns cloudflare {env.CLOUDFLARE_API_TOKEN} resolvers 1.1.1.1
resolvers 1.1.1.1 }
}
reverse_proxy :${toString config.services.wakapi.settings.server.port} reverse_proxy :${toString config.services.wakapi.settings.server.port}
''; '';
logFormat = ''
output file ${config.services.caddy.logDir}/access.log {
mode 640
}
'';
};
wakapi = { wakapi = {
enable = true; enable = true;