a bit of refactoring

This commit is contained in:
Ingolf Wagner 2022-09-20 21:48:36 +02:00
parent 7384c9dd53
commit 6242e3b4d2
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
94 changed files with 85 additions and 288 deletions

View file

@ -145,7 +145,7 @@
colmena.packages.${system}.colmena colmena.packages.${system}.colmena
]; ];
imports = [ imports = [
./nixos/configs/${name}/configuration.nix ./nixos/machines/${name}/configuration.nix
cluster-module.nixosModules.tinc cluster-module.nixosModules.tinc
(sopsModule name) (sopsModule name)
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager

View file

@ -1,45 +0,0 @@
{ pkgs, config, ... }: {
users.users.mainUser.extraGroups = [ "wireshark" ];
programs.wireshark.enable = true;
environment.systemPackages = [
pkgs.wireshark
# alternative packet analyzer (only works with elasticsearch)
pkgs.packetbeat7
];
# elastic search is good for analysing stuff
# https://www.elastic.co/blog/analyzing-network-packets-with-wireshark-elasticsearch-and-kibana
services.elasticsearch.enable = true;
services.elasticsearch.listenAddress =
"${config.networking.hostName}.private";
services.kibana.enable = true;
services.kibana.elasticsearch.hosts =
[ "http://${config.networking.hostName}.private:9200" ];
services.kibana.listenAddress = "${config.networking.hostName}.private";
services.kibana.port = 5601;
# using tshark with elastic search
# --------------------------------
# tshark -r file.pcap -T ek > packages.json
# curl -XPOST "sterni.private:9200/packets/doc/_bulk" -H 'Content-Type: application/json' --data-binary "@packets.json"
services.nginx = {
enable = true;
statusPage = true;
virtualHosts = {
"kibana.${config.networking.hostName}.private" = {
serverAliases = [ ];
locations."/" = {
proxyPass = "http://${config.networking.hostName}.private:${
toString config.services.kibana.port
}";
};
};
};
};
}

View file

@ -0,0 +1,41 @@
{ pkgs, lib, ... }:
let
access_log_sink = "workhorse.private:12304";
error_log_sink = "workhorse.private:12305";
in
{
security.acme.defaults.email = "contact@ingolf-wagner.de";
security.acme.acceptTerms = true;
services.nginx = {
# Use recommended settings
recommendedGzipSettings = lib.mkDefault true;
recommendedOptimisation = lib.mkDefault true;
recommendedProxySettings = lib.mkDefault true;
recommendedTlsSettings = lib.mkDefault true;
# for graylog logging
#commonHttpConfig = ''
# log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
# '"facility": "nginx", '
# '"src_addr": "$remote_addr", '
# '"body_bytes_sent": $body_bytes_sent, '
# '"request_time": $request_time, '
# '"response_status": $status, '
# '"request": "$request", '
# '"request_method": "$request_method", '
# '"host": "$host",'
# '"upstream_cache_status": "$upstream_cache_status",'
# '"upstream_addr": "$upstream_addr",'
# '"http_x_forwarded_for": "$http_x_forwarded_for",'
# '"http_referrer": "$http_referer", '
# '"http_user_agent": "$http_user_agent" }';
# access_log syslog:server=${access_log_sink} graylog2_json;
# error_log syslog:server=${error_log_sink};
#'';
};
services.nginx.package = pkgs.nginxMainline;
}

View file

@ -111,9 +111,5 @@
}; };
}; };
# keybase
services.keybase.enable = false;
services.kbfs.enable = false;
} }

View file

@ -37,10 +37,6 @@
}; };
}; };
# keybase
services.keybase.enable = false;
services.kbfs.enable = false;
programs.custom.steam.enable = true; programs.custom.steam.enable = true;
programs.custom.video.enable = false; programs.custom.video.enable = false;
@ -72,12 +68,8 @@
custom.samba-share = { custom.samba-share = {
enable = true; enable = true;
folders = { folders = {
#public = "/home/palo/movies";
share = "/home/share"; share = "/home/share";
video = "/home/video-material"; video = "/home/video-material";
#syncthing = "/mnt/syncthing";
#movies = "/mnt/syncthing/movies";
#series = "/mnt/syncthing/series";
}; };
}; };
@ -96,8 +88,4 @@
vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; }; vaapiIntel = pkgs.vaapiIntel.override { enableHybridCodec = true; };
}; };
# include all modules from flakes
# documentation.nixos.includeAllModules = true;
} }

View file

@ -1,38 +1,5 @@
{ config, lib, pkgs, ... }: { { config, lib, pkgs, ... }: {
services.nginx.virtualHosts."mia.${config.networking.hostName}.private" = {
locations."/" = {
root = pkgs.landingpage.override {
jsonConfig = {
items = [{
items = [
{
label = "github";
href = "https://github.com/miaEngiadina";
image =
"https://media.giphy.com/media/l0MYEpMgixXtNRgrK/giphy.gif";
}
{
label = "Confluence";
href = "https://fysitech.atlassian.net/wiki/spaces/DI/overview";
image = "https://media.giphy.com/media/TfMcfnr6USBtm/giphy.gif";
}
{
label = "Kanban Board";
href =
"https://fysitech.atlassian.net/jira/software/projects/DPE/boards/1";
image =
"https://media.giphy.com/media/10zsjaH4g0GgmY/giphy.gif";
}
];
}];
};
};
};
};
services.nginx.virtualHosts."${config.networking.hostName}.private" = { services.nginx.virtualHosts."${config.networking.hostName}.private" = {
default = true; default = true;
locations."/" = { locations."/" = {
@ -40,57 +7,38 @@
jsonConfig = { jsonConfig = {
items = [ items = [
{ {
# text = "hallo"; text = "Syncthings";
items = map
({ name, host ? "${name}.private", ... }: {
label = name;
href = "http://${host}:8384/";
image = "https://media.giphy.com/media/JoyU4vuzwj6ZA7Ging/giphy.gif";
})
(map (name: { inherit name; }) (lib.attrNames
config.module.cluster.services.tinc."private".hosts));
}
{
text = "netdata";
items = map
({ name, host ? "${name}.private", ... }: {
label = name;
href = "http://${host}:19999/";
image = "https://media.giphy.com/media/BkjdN6MQCDPaw/giphy.gif";
})
(map (name: { inherit name; }) [
"robi"
"pepe"
]);
}
{
text = "Various Links";
items = [ items = [
{
label = "Dashboard";
href = "http://grafana.workhorse.private";
image =
"https://media.giphy.com/media/eLmaUW5dJak2k/giphy.gif";
}
{
label = "Prometheus";
href = "http://prometheus.workhorse.private/";
image =
"https://media.giphy.com/media/1NLZYcJGLM9mo/giphy.gif";
}
{
label = "Graylog";
href = "http://graylog.workhorse.private/";
image =
"https://media.giphy.com/media/6oeRBKg7mwEZnSnYkn/giphy.gif";
}
{
label = "Jenkins";
href = "http://jenkins.workhorse.private/";
image =
"https://media.giphy.com/media/nQYnLFII2sFcQ/giphy.gif";
}
{
label = "HomeAssistant";
href = "http://pepe.private:8123/lovelace/view_overview";
image =
"https://media.giphy.com/media/3o6ZtosYxN9Eo3AAZq/giphy.gif";
}
{
label = "Kodi";
href = "http://porani.private:8080/";
image =
"https://media.giphy.com/media/d9wPasV7ukkta/giphy.gif";
}
{ {
label = "Hetzner Cloud"; label = "Hetzner Cloud";
href = "https://console.hetzner.cloud/projects"; href = "https://console.hetzner.cloud/projects";
image = image =
"https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif"; "https://media.giphy.com/media/NECZ8crkbXR0k/giphy.gif";
} }
{
label = "Transmission";
href = "http://transmission.kruck.private/";
image =
"https://media.giphy.com/media/9ryQgA3d0BVoe7iZl0/giphy.gif";
}
{ {
label = "Pass the Popcorn"; label = "Pass the Popcorn";
href = "https://passthepopcorn.me/"; href = "https://passthepopcorn.me/";
@ -103,18 +51,6 @@
image = image =
"https://media.giphy.com/media/ku5EcFe4PNGWA/giphy.gif"; "https://media.giphy.com/media/ku5EcFe4PNGWA/giphy.gif";
} }
{
label = "Kibana Workhorse";
href = "http://kibana.workhorse.private/";
image =
"https://media.giphy.com/media/24sVlirH2qPTO/giphy.gif";
}
{
label = "Kibana Workout";
href = "http://kibana.workout.private/";
image =
"https://media.giphy.com/media/24sVlirH2qPTO/giphy.gif";
}
{ {
label = "Cups"; label = "Cups";
href = "http://localhost:631/"; href = "http://localhost:631/";
@ -123,48 +59,6 @@
} }
]; ];
} }
{
text = "Betfair";
items = [
{
label = "betfair";
href = "https://www.betfair.com/exchange/plus/football";
image =
"https://media.giphy.com/media/3og0ILXHf8hmHmET1C/giphy.gif";
}
{
label = "token";
href =
"https://docs.developer.betfair.com/visualisers/api-ng-account-operations/";
image =
"https://media.giphy.com/media/aeIlR57TpTimI/giphy.gif";
}
{
label = "api doku";
href =
"https://docs.developer.betfair.com/display/1smk3cen4v3lu3yomq5qye0ni/Reference+Guide";
image =
"https://media.giphy.com/media/11bKAQfWd0Yo0w/giphy.gif";
}
];
}
{
text = "Lektor";
items = [
{
label = "Terranix";
href = "http://terranix.schasch.private";
image =
"https://media.giphy.com/media/nGtOFccLzujug/giphy.gif";
}
{
label = "tech-blog";
href = "http://techblog.schasch.private";
image =
"https://media.giphy.com/media/nGtOFccLzujug/giphy.gif";
}
];
}
{ {
text = "NixOS"; text = "NixOS";
items = [ items = [
@ -193,12 +87,6 @@
image = image =
"https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif"; "https://media.giphy.com/media/l2YWlohvjPnsvkdEc/giphy.gif";
} }
{
label = "NixOS Options";
href = "https://nixos.org/nixos/options.html";
image =
"https://media.giphy.com/media/3fiw51MvIWcGjMhy9a/giphy.gif";
}
{ {
label = "NixOS Language specific helpers"; label = "NixOS Language specific helpers";
href = href =
@ -226,33 +114,6 @@
} }
]; ];
} }
{
text = "Syncthings";
items = map
({ name, host ? "${name}.private", ... }: {
label = name;
href = "http://${host}:8384/";
image =
"https://media.giphy.com/media/JoyU4vuzwj6ZA7Ging/giphy.gif";
})
(map (name: { inherit name; }) (lib.attrNames
config.module.cluster.services.tinc."private".hosts));
}
{
text = "netdata";
items = map
({ name, host ? "${name}.private", ... }: {
label = name;
href = "http://${host}:19999/";
image = "https://media.giphy.com/media/BkjdN6MQCDPaw/giphy.gif";
})
(map (name: { inherit name; }) [
"workhorse"
"pepe"
]
#(lib.attrNames config.module.cluster.services.tinc."private".hosts)
);
}
]; ];
}; };
}; };

View file

@ -17,24 +17,24 @@ in
recommendedTlsSettings = lib.mkDefault true; recommendedTlsSettings = lib.mkDefault true;
# for graylog logging # for graylog logging
commonHttpConfig = '' #commonHttpConfig = ''
log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", ' # log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
'"facility": "nginx", ' # '"facility": "nginx", '
'"src_addr": "$remote_addr", ' # '"src_addr": "$remote_addr", '
'"body_bytes_sent": $body_bytes_sent, ' # '"body_bytes_sent": $body_bytes_sent, '
'"request_time": $request_time, ' # '"request_time": $request_time, '
'"response_status": $status, ' # '"response_status": $status, '
'"request": "$request", ' # '"request": "$request", '
'"request_method": "$request_method", ' # '"request_method": "$request_method", '
'"host": "$host",' # '"host": "$host",'
'"upstream_cache_status": "$upstream_cache_status",' # '"upstream_cache_status": "$upstream_cache_status",'
'"upstream_addr": "$upstream_addr",' # '"upstream_addr": "$upstream_addr",'
'"http_x_forwarded_for": "$http_x_forwarded_for",' # '"http_x_forwarded_for": "$http_x_forwarded_for",'
'"http_referrer": "$http_referer", ' # '"http_referrer": "$http_referer", '
'"http_user_agent": "$http_user_agent" }'; # '"http_user_agent": "$http_user_agent" }';
access_log syslog:server=${access_log_sink} graylog2_json; # access_log syslog:server=${access_log_sink} graylog2_json;
error_log syslog:server=${error_log_sink}; # error_log syslog:server=${error_log_sink};
''; #'';
}; };
services.nginx.package = pkgs.nginxMainline; services.nginx.package = pkgs.nginxMainline;

View file

@ -38,22 +38,6 @@
]; ];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyHmHJy2Va45p9mn+Hj3DyaY5yxnQIKvXeACHjzgSKt"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDyHmHJy2Va45p9mn+Hj3DyaY5yxnQIKvXeACHjzgSKt";
}; };
"workhorse.private" = {
hostNames = [
"workhorse.private"
"workhorse.secret"
config.module.cluster.services.tinc.private.hosts.workhorse.tincIp
config.module.cluster.services.tinc.secret.hosts.workhorse.tincIp
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDaK0Vv33TuGQa/B5p54sGilgpYvfKkBaBGlEBpIk1QB";
};
"porani.secret" = {
hostNames = [
"porani.secret"
config.module.cluster.services.tinc.secret.hosts.porani.tincIp
];
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOKNtRWVrqADgAMtTSWgnpp8gRKUtn4QUMFzQ78fC+aK";
};
"pepe.private" = { "pepe.private" = {
hostNames = [ hostNames = [
"pepe.private" "pepe.private"

View file

@ -40,14 +40,6 @@ in
tincIp = "10.243.23.3"; tincIp = "10.243.23.3";
publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file; publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file;
}; };
workhorse = {
tincIp = "10.243.23.5";
publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file;
};
workout = {
tincIp = "10.243.23.4";
publicKey = lib.fileContents ../../assets/tinc/retiolum/host_file;
};
}; };
}; };
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096" # nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
@ -70,14 +62,6 @@ in
tincIp = "10.123.42.24"; tincIp = "10.123.42.24";
publicKey = lib.fileContents ../../assets/tinc/workout_host_file; publicKey = lib.fileContents ../../assets/tinc/workout_host_file;
}; };
porani = {
tincIp = "10.123.42.31";
publicKey = lib.fileContents ../../assets/tinc/porani_host_file;
};
workhorse = {
tincIp = "10.123.42.21";
publicKey = lib.fileContents ../../assets/tinc/workhorse_host_file;
};
robi = { robi = {
realAddress = [ "144.76.13.147" ]; realAddress = [ "144.76.13.147" ];
tincIp = "10.123.42.123"; tincIp = "10.123.42.123";
@ -94,10 +78,6 @@ in
privateEd25519KeyFile = toString config.sops.secrets.tinc_ed25519_key.path; privateEd25519KeyFile = toString config.sops.secrets.tinc_ed25519_key.path;
privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path; privateRsaKeyFile = toString config.sops.secrets.tinc_rsa_key.path;
hosts = { hosts = {
workout = {
tincIp = "10.23.42.27";
publicKey = lib.fileContents ../../assets/tinc/workout_host_file;
};
pepe = { pepe = {
tincIp = "10.23.42.26"; tincIp = "10.23.42.26";
publicKey = lib.fileContents ../../assets/tinc/pepe_host_file; publicKey = lib.fileContents ../../assets/tinc/pepe_host_file;
@ -110,14 +90,6 @@ in
tincIp = "10.23.42.23"; tincIp = "10.23.42.23";
publicKey = lib.fileContents ../../assets/tinc/mobi_host_file; publicKey = lib.fileContents ../../assets/tinc/mobi_host_file;
}; };
#porani = {
# tincIp = "10.23.42.31";
# publicKey = lib.fileContents ../../assets/tinc/porani_host_file;
#};
workhorse = {
tincIp = "10.23.42.21";
publicKey = lib.fileContents ../../assets/tinc/workhorse_host_file;
};
robi = { robi = {
realAddress = [ "144.76.13.147" ]; realAddress = [ "144.76.13.147" ];
tincIp = "10.23.42.111"; tincIp = "10.23.42.111";