diff --git a/nixos/components/monitor/container.nix b/nixos/components/monitor/container.nix new file mode 100644 index 0000000..9dc46d6 --- /dev/null +++ b/nixos/components/monitor/container.nix @@ -0,0 +1,18 @@ +{ lib, config, ... }: +with lib; +with types; +{ + imports = [ ./default.nix ]; + + options.components.monitor.container.promtail.port = mkOption { + type = int; + }; + + config = { + components.monitor.enable = mkDefault true; + components.monitor.metrics.enable = mkDefault false; + components.monitor.promtail.port = config.components.monitor.container.promtail.port; + components.monitor.opentelemetry.exporter.endpoint = mkDefault "127.0.0.1:4317"; + }; + +} diff --git a/nixos/machines/orbi/media-transmission.nix b/nixos/legacy/media-transmission.nix similarity index 100% rename from nixos/machines/orbi/media-transmission.nix rename to nixos/legacy/media-transmission.nix diff --git a/nixos/machines/orbi/cache.nix b/nixos/machines/orbi/cache.nix deleted file mode 100644 index baa4944..0000000 --- a/nixos/machines/orbi/cache.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ ... }: -{ - services.nix-serve = { - enable = true; - - # needed if i want to trust my own build packages and dirivations - # nix-store --generate-binary-cache-key key-name secret-key-file public-key-file - # secretKeyFile = sops.nixServeSecretKeyFile.path - - }; - - -} diff --git a/nixos/machines/orbi/configuration.nix b/nixos/machines/orbi/configuration.nix index 8dd9ed0..712f6a2 100644 --- a/nixos/machines/orbi/configuration.nix +++ b/nixos/machines/orbi/configuration.nix @@ -8,12 +8,11 @@ ../../components ../../modules - - ./service-hedgedoc.nix ./service-forgejo.nix - ./service-vaultwarden.nix - ./service-taskserver.nix + ./service-hedgedoc.nix ./service-photoprism.nix + ./service-taskserver.nix + ./service-vaultwarden.nix ./nginx-ingolf-wagner-de.nix ./nginx-wkd.nix @@ -21,28 +20,16 @@ ./network-tinc.nix ./network-wireguard.nix - ./media-share.nix - - ./media-syncthing.nix - #./media-transmission.nix - ./media-transmission2.nix - ./media-jellyfin.nix ./media-arr.nix + ./media-jellyfin.nix ./media-nextcloud.nix + ./media-share.nix + ./media-syncthing.nix + ./media-transmission2.nix ./social-jitsi.nix ./social-matrix-terranix.nix - #./sync-opentracker.nix - #./sync-torrent.nix - - # telemetry - # --------- - #./loki.nix - #./loki-promtail.nix - #./grafana.nix - - #./cache.nix ]; networking.hostName = "orbi"; diff --git a/nixos/machines/orbi/container-monitoring.nix b/nixos/machines/orbi/container-monitoring.nix deleted file mode 100644 index d9793b6..0000000 --- a/nixos/machines/orbi/container-monitoring.nix +++ /dev/null @@ -1,22 +0,0 @@ -{ lib, config, ... }: -with lib; -with types; -{ - imports = [ - ../../components/monitor - ]; - - # todo create a the components.monitor.container module. - options.promtail.port = mkOption { - type = int; - }; - - config = { - components.monitor.enable = true; - components.monitor.metrics.enable = false; - components.monitor.promtail.port = config.promtail.port; - components.monitor.opentelemetry.exporter.endpoint = "127.0.0.1:4317"; - }; - - -} diff --git a/nixos/machines/orbi/finance.nix b/nixos/machines/orbi/finance.nix deleted file mode 100644 index 76de251..0000000 --- a/nixos/machines/orbi/finance.nix +++ /dev/null @@ -1,58 +0,0 @@ -{ lib, config, pkgs, ... }: -let - - # find symbols with - # https://www.alphavantage.co/query?function=SYMBOL_SEARCH&apikey=&keywords= - # as described here : https://www.alphavantage.co/documentation/#symbolsearch - # - # example: - # -------- - # stocks = [ - # { - # friendly_name = "google"; - # symbol = "GOOGL.DEX"; - # name = "google"; - # currency = "$"; - # } - # ]; - # results in - # P 2020-01-30 GOOGL $123 - stocks = import ../../private_assets/finance/stocks; - stocksFile = toString /home/syncthing/finance/hledger/stocks.journal; - -in -{ - - systemd.services.pull_stocks = { - enable = true; - description = "pull stocks for hledger"; - serviceConfig = { - User = "syncthing"; - Type = "oneshot"; - }; - - script = - let - command = { symbol, name, currency, ... }: '' - APIKEY=${lib.fileContents ../../private_assets/finance/alphavantage/apiKey} - SYMBOL="${symbol}" - ${pkgs.curl}/bin/curl --location --silent \ - "https://www.alphavantage.co/query?function=GLOBAL_QUOTE&symbol=$SYMBOL&apikey=$APIKEY" \ - | ${pkgs.jq}/bin/jq --raw-output '.["Global Quote"] - | "P \(.["07. latest trading day"]) ${name} ${currency}\(.["05. price"] | tonumber)"' \ - >> ${stocksFile} - sleep 1 - ''; - in - lib.concatStringsSep "\n" (map command stocks); - }; - - systemd.timers.pull_stocks = { - enable = true; - wantedBy = [ "multi-user.target" ]; - timerConfig = { - OnCalendar = "weekly"; - Persistent = "true"; - }; - }; -} diff --git a/nixos/machines/orbi/grafana.nix b/nixos/machines/orbi/grafana.nix deleted file mode 100644 index d8f5642..0000000 --- a/nixos/machines/orbi/grafana.nix +++ /dev/null @@ -1,24 +0,0 @@ -{ config, ... }: -{ - - services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = { - extraConfig = '' - allow ${config.tinc.private.subnet}; - deny all; - ''; - locations."/" = { - proxyPass = "http://localhost:${toString config.services.grafana.settings.server.http_port}"; - proxyWebsockets = true; - }; - }; - - services.grafana = { - enable = true; - settings.server = { - domain = "grafana.robi.private"; - http_port = 2342; - http_addr = "localhost"; - }; - }; - -} diff --git a/nixos/machines/orbi/graylog.nix b/nixos/machines/orbi/graylog.nix deleted file mode 100644 index 8a31746..0000000 --- a/nixos/machines/orbi/graylog.nix +++ /dev/null @@ -1,130 +0,0 @@ -{ config, lib, pkgs, ... }: -let port = 9000; -in { - # configure nginx - services.nginx = { - enable = true; - virtualHosts = { - "graylog.workhorse.private" = { - locations."/" = { - proxyPass = "http://localhost:${toString port}"; - extraConfig = '' - proxy_set_header Host $host:$server_port; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_read_timeout 90; - proxy_redirect http://localhost:${ - toString port - } https://graylog.workhorse.private/; - ''; - }; - }; - }; - }; - - services.mongodb.enable = true; - services.elasticsearch = { - enable = true; - listenAddress = "${config.networking.hostName}.private"; - extraJavaOptions = [ "-Des.http.cname_in_publish_address=true" ]; - }; - - services.graylog.enable = true; - services.graylog.elasticsearchHosts = - [ "http://${config.services.elasticsearch.listenAddress}:9200" ]; - - # https://docs.graylog.org/en/3.0/pages/configuration/server.conf.html - services.graylog.extraConfig = '' - http_bind_address = 0.0.0.0:${toString port} - http_publish_uri = http://workhorse.private:${toString port}/ - ''; - - # other wise this does not work - services.graylog.nodeIdFile = "/var/lib/graylog/node-id"; - - # pwgen -N 1 -s 96 - services.graylog.passwordSecret = - lib.fileContents ../../private_assets/graylog/password-secret; - - # echo -n yourpassword | shasum -a 256 - services.graylog.rootPasswordSha2 = - lib.fileContents ../../private_assets/graylog/root-password-hash; - - services.graylog.plugins = [ pkgs.graylogPlugins.slack ]; - - # not working at the moment - #services.geoip-updater.enable = true; - - # https://wiki.splunk.com/Http_status.csv - environment.etc."graylog/server/httpCodes.csv" = { - enable = true; - text = '' - status,status_description,status_type - 100,Continue,Informational - 101,Switching Protocols,Informational - 200,OK,Successful - 201,Created,Successful - 202,Accepted,Successful - 203,Non-Authoritative Information,Successful - 204,No Content,Successful - 205,Reset Content,Successful - 206,Partial Content,Successful - 300,Multiple Choices,Redirection - 301,Moved Permanently,Redirection - 302,Found,Redirection - 303,See Other,Redirection - 304,Not Modified,Redirection - 305,Use Proxy,Redirection - 307,Temporary Redirect,Redirection - 400,Bad Request,Client Error - 401,Unauthorized,Client Error - 402,Payment Required,Client Error - 403,Forbidden,Client Error - 404,Not Found,Client Error - 405,Method Not Allowed,Client Error - 406,Not Acceptable,Client Error - 407,Proxy Authentication Required,Client Error - 408,Request Timeout,Client Error - 409,Conflict,Client Error - 410,Gone,Client Error - 411,Length Required,Client Error - 412,Precondition Failed,Client Error - 413,Request Entity Too Large,Client Error - 414,Request-URI Too Long,Client Error - 415,Unsupported Media Type,Client Error - 416,Requested Range Not Satisfiable,Client Error - 417,Expectation Failed,Client Error - 500,Internal Server Error,Server Error - 501,Not Implemented,Server Error - 502,Bad Gateway,Server Error - 503,Service Unavailable,Server Error - 504,Gateway Timeout,Server Error - 505,HTTP Version Not Supported,Server Error - ''; - }; - - environment.etc."graylog/server/known_servers.csv" = { - enable = true; - text = '' - "ip","host_name" - "95.216.1.150","lassul.us" - ''; - }; - - environment.etc."graylog/systemd/loglevel.csv" = { - enable = true; - text = '' - "value","Servity","Description" - "0","emergency","System is unusable" - "1","alert","Should be corrected immediately" - "2","cirtical","Critical conditions" - "3","error","Error Condition" - "4","warning","May indicate that an error will occur if action is not taken." - "5","notice","Events that are unusual, but not error conditions." - "6","info","Normal operational messages that require no action." - "7","debug","Information useful to developers for debugging the application." - ''; - }; - -} diff --git a/nixos/machines/orbi/grocy.nix b/nixos/machines/orbi/grocy.nix deleted file mode 100644 index 614a8b9..0000000 --- a/nixos/machines/orbi/grocy.nix +++ /dev/null @@ -1,16 +0,0 @@ -{ config, lib, pkgs, ... }: - -{ - services.grocy = { - enable = true; - settings = { - culture = "de"; - currency = "EUR"; - }; - hostName = "grocy.ingolf-wagner.de"; - nginx.enableSSL = true; - }; - - backup.dirs = [ config.services.grocy.dataDir ]; - -} diff --git a/nixos/machines/orbi/kibana.nix b/nixos/machines/orbi/kibana.nix deleted file mode 100644 index 279aea1..0000000 --- a/nixos/machines/orbi/kibana.nix +++ /dev/null @@ -1,25 +0,0 @@ -{ config, ... }: { - services.nginx = { - enable = true; - statusPage = true; - virtualHosts = { - "kibana.${config.networking.hostName}.private" = { - serverAliases = [ ]; - locations."/" = { - proxyPass = "http://${config.networking.hostName}.private:${ - toString config.services.kibana.port - }"; - }; - }; - }; - }; - - services.elasticsearch.enable = true; - services.elasticsearch.listenAddress = "workhorse.private"; - - services.kibana.enable = true; - services.kibana.elasticsearch.hosts = [ "http://workhorse.private:9200" ]; - services.kibana.listenAddress = "workhorse.private"; - services.kibana.port = 5601; - -} diff --git a/nixos/machines/orbi/loki-promtail.nix b/nixos/machines/orbi/loki-promtail.nix deleted file mode 100644 index 1c64287..0000000 --- a/nixos/machines/orbi/loki-promtail.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ config, ... }: -{ - services.promtail = { - enable = true; - configuration = { - server = { - http_listen_port = 28183; - grpc_listen_port = 0; - }; - positions.filename = "/tmp/positions.yaml"; - clients = [ - { url = "http://127.0.0.1:3100/loki/api/v1/push"; } - ]; - - scrape_configs = [ - { - job_name = "journal"; - journal = { - max_age = "12h"; - labels = { - job = "systemd-journal"; - host = config.networking.hostName; - }; - }; - relabel_configs = [ - { - source_labels = [ "__journal__systemd_unit" ]; - target_label = "unit"; - } - { - source_labels = [ "__journal__transport" ]; - target_label = "transport"; - } - ]; - } - ]; - - }; - - }; -} diff --git a/nixos/machines/orbi/loki.nix b/nixos/machines/orbi/loki.nix deleted file mode 100644 index c0eba2c..0000000 --- a/nixos/machines/orbi/loki.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ config, pkgs, ... }: -{ - - services.loki = { - enable = true; - configuration = { - server = { - http_listen_port = 3100; - log_level = "warn"; - }; - auth_enabled = false; - - ingester = { - lifecycler = { - address = "127.0.0.1"; - ring = { - kvstore = { - store = "inmemory"; - }; - replication_factor = 1; - }; - }; - chunk_idle_period = "1h"; - max_chunk_age = "1h"; - chunk_target_size = 999999; - chunk_retain_period = "30s"; - max_transfer_retries = 0; - }; - - schema_config = { - configs = [{ - from = "2022-06-06"; - store = "boltdb-shipper"; - object_store = "filesystem"; - schema = "v11"; - index = { - prefix = "index_"; - period = "24h"; - }; - }]; - }; - - storage_config = { - boltdb_shipper = { - active_index_directory = "/var/lib/loki/boltdb-shipper-active"; - cache_location = "/var/lib/loki/boltdb-shipper-cache"; - cache_ttl = "24h"; - shared_store = "filesystem"; - }; - - filesystem = { - directory = "/var/lib/loki/chunks"; - }; - }; - - limits_config = { - reject_old_samples = true; - reject_old_samples_max_age = "168h"; - }; - - chunk_store_config = { - max_look_back_period = "0s"; - }; - - table_manager = { - retention_deletes_enabled = false; - retention_period = "0s"; - }; - - compactor = { - working_directory = "/var/lib/loki"; - shared_store = "filesystem"; - compactor_ring = { - kvstore = { - store = "inmemory"; - }; - }; - }; - }; - # user, group, dataDir, extraFlags, (configFile) - }; - - #services.nginx = { - # enable = true; - # virtualHosts.loki = { - # serverName = "loki.pepe.private"; - # locations."/" = { - # proxyWebsockets = true; - # proxyPass = "http://127.0.0.1:3100"; - # #extraConfig = '' - # # access_log off; - # # allow ${config.tinc.private.subnet}; - # # deny all; - # #''; - # }; - # }; - #}; - -} diff --git a/nixos/machines/orbi/mail-fetcher.nix b/nixos/machines/orbi/mail-fetcher.nix deleted file mode 100644 index d8ca3dd..0000000 --- a/nixos/machines/orbi/mail-fetcher.nix +++ /dev/null @@ -1,663 +0,0 @@ -# fetches mails for me -{ lib, pkgs, config, ... }: -let - junk_filter = [ - "from:booking.com" - "subject:Gewinn" - "from:brompton.com" - "from:circleci.com OR (from:noreply@github.com AND to:audio-overlay@googlegroups.com)" - "from:codepen.io" - "from:congstarnews.de" - "from:cronullasurfingacademy.com" - "from:cryptohopper.com" - "from:digitalo.de" - "from:facebook.com OR from:facebookmail.com" - "from:fitnessfirst.de" - "from:flixbus.de" - "from:getdigital.de" - "from:getpocket.com" - "from:ghostinspector.com" - "from:globetrotter.de" - "from:hackster.io" - "from:hostelworld.com" - "from:immobilienscout24.de" - "from:kvraudio.com" - "from:letterboxd.com" - "from:linkedin.com" - "from:magix.net" - "from:mailings.gmx.net" - "from:mailings.web.de" - "from:matrix.org" - "from:menospese.com" - "from:microsoftstoreemail.com" - "from:mixcloudmail.com AND subject:Weekly Update" - "from:oknotify2.com AND NOT subject:New message" - "from:paulaschoice.com" - "from:puppet.com" - "from:runtastic.com" - "from:samplemagic.com OR from:wavealchemy.co.uk OR from:creators.gumroad.com" - "from:ticketmaster.de" - "from:trade4less.de" - "from:tumblr.com" - "from:turners.co.nz" - "from:twitch.tv" - "from:vstbuzz.com" - ]; - filters = [ - { - query = "from:hv-geelen.de"; - tags = [ "+wohnung" ]; - } - { - query = "from:computerfutures.com OR from:computerfutures.de"; - tags = [ "+jobs" "-inbox" ]; - } - { - query = "from:seek.com.au or from:seek.co.nz"; - tags = [ "+jobs" ]; - } - { - query = "from:xing.com"; - tags = [ "+jobs" "-inbox" ]; - } - { - query = "from:no-reply@backtrace.io OR to:sononym@noreply.github.com"; - tags = [ "+sononym" "-inbox" ]; - } - { - query = "from:ebay.com OR from:ebay.de OR from:ebay.net"; - tags = [ "+ebay" "+shop" "+billing" ]; - } - { - query = "from:bahn.de"; - tags = [ "+billing" "+bahn" ]; - } - { - query = - "from:fysitech.atlassian.net OR to:engiadina-pwa@noreply.github.com"; - tags = [ "+mia" "+work" "-unread" "-inbox" ]; - } - { - query = - "from:space-left.org OR to:space-left.org OR subject:/\\[space-left\\]/"; - tags = [ "+spaceleft" "+space-left" ]; - } - { - query = "from:landr.com"; - tags = [ "+landr" "+music" ]; - } - { - query = "tag:landr and tag:billing"; - tags = [ "+billing" ]; - } - { - query = "from:oknotify2.com"; - tags = [ "+okcupid" ]; - } - { - query = "from:taxback.de OR to:taxback.de"; - tags = [ "+steuer" ]; - } - { - query = "from:campact.de"; - tags = [ "+campact" "+politics" ]; - } - { - query = "from:aliexpress.com"; - tags = [ "+shop" "+aliexpress" ]; - } - { - query = "from:congstar.de"; - tags = [ "+billing" "+congstar" "-inbox" "-unread" ]; - } - { - query = - "from:steampowered.com AND NOT ( subject:purchase OR subject:received )"; - tags = [ "-inbox" "-unread" ]; - } - { - query = - "from:steampowered.com AND ( subject:purchase OR subject:received )"; - tags = [ "+billing" "+steam" ]; - } - { - query = "from:gog.com AND NOT subject:Bestellung"; - tags = [ "-inbox" "-unread" ]; - } - { - query = "from:gog.com AND subject:Bestellung"; - tags = [ "+billing" "+gog" ]; - } - { - query = "from:stadtmobil.de"; - tags = [ "+billing" "+stadtmobil" "-inbox" "-unread" ]; - } - { - query = "from:drive-now.com"; - tags = [ "+billing" "+drivenow" "-inbox" "-unread" ]; - } - { - query = "from:data-treuhand.de"; - tags = [ "+mindcurv" "+work" "-inbox" "-unread" "-junk" ]; - } - { - query = "from:immocation.de"; - tags = [ "+immobilien" "-inbox" ]; - } - { - query = "from:tinc-vpn.org"; - tags = [ "+tinc" ]; - } - { - query = "from:mindfactory.de"; - tags = [ "+shop" "+billing" ]; - } - { - query = "from:zalando.de"; - tags = [ "+shop" "+billing" "+zalando" ]; - } - { - query = "from:ing.de"; - tags = [ "+bank" "+ingdiba" ]; - } - { - query = "from:nab.com.au"; - tags = [ "+bank" "+nab" "-inbox" "-unread" ]; - } - { - query = "from:dkb.de"; - tags = [ "+bank" "+dkb" ]; - } - { - query = "from:o2online.de"; - tags = [ "+billing" "+o2" ]; - } - { - query = "from:betfair.com"; - tags = [ "+work" "+betfair" ]; - } - { - query = "from:notifications@github.com"; - tags = [ "+github" ]; - } - { - query = "to:NUR@noreply.github.com"; - tags = [ "+nur" "+nixos" "+list" ]; - } - { - query = "to:nixpkgs@noreply.github.com"; - tags = [ "+nixpkgs" "+nixos" "+list" ]; - } - { - query = "from:travis-ci.org AND subject:mrVanDalo/navi"; - tags = [ "+development" "+navi" ]; - } - { - query = "from:travis-ci.org AND subject:nur-packages"; - tags = [ "+development" "+nixos" "+nur-packages" ]; - } - { - query = "from:travis-ci.org AND subject:csv-to-qif"; - tags = [ "+development" "+csv-to-qif" ]; - } - { - query = "to:proaudio@lists.tuxfamily.org"; - tags = [ "-inbox" "-unread" ]; - } - { - query = "from:nixos1@discoursemail.com"; - tags = [ "+nixos" "+discourse" "+list" ]; - } - { - query = "from:nixos1@discoursemail.com AND subject:Development"; - tags = [ "+nixos" "+discourse" "+development" ]; - } - { - query = "from:nixos1@discoursemail.com AND subject:Français"; - tags = [ "+nixos" "+discourse" "-inbox" "-unread" ]; - } - { - query = "from:nixos1@discoursemail.com AND subject:Announcements"; - tags = [ "+nixos" "+discourse" "+announcements" ]; - } - { - query = "from:nixos1@discoursemail.com AND subject:Links"; - tags = [ "+nixos" "+discourse" "+links" ]; - } - { - query = "from:nixos1@discoursemail.com AND subject:Games"; - tags = [ "+nixos" "+discourse" "+games" ]; - } - { - query = "from:nixos1@discoursemail.com AND subject:Meta"; - tags = [ "+nixos" "+discourse" "+meta" ]; - } - { - query = "from:nixos1@discoursemail.com AND subject:Events"; - tags = [ "+nixos" "+discourse" "+events" ]; - } - { - query = "from:limebike.com AND (subject:Funds OR subject:Receipt)"; - tags = [ "-inbox" "-unread" "+billing" "+limebike" ]; - } - { - query = "from:freemusicarchive.org"; - tags = [ "+FMA" ]; - } - { - query = "from:namecheap.com and subject:auto-renewal"; - tags = [ "+namecheap" "+billing" ]; - } - { - query = "from:namecheap.com and subject:order"; - tags = [ "+namecheap" "+billing" ]; - } - { - query = "tag:namecheap.com and tag:billing and body:gaykraft.com"; - tags = [ "+namecheap" "+billing" ]; - } - { - query = "from:nintendo.com"; - tags = [ "+nintendo" "+billing" ]; - } - { - query = "from:oculus.com AND subject:receipt"; - tags = [ "+oculus" "+billing" ]; - } - { - query = "from:car2go.com"; - tags = [ "-inbox" "-unread" ]; - } - { - query = "from:sixt.de"; - tags = [ "-inbox" "-unread" ]; - } - { - query = "from:meetup.com"; - tags = [ "-inbox" "-unread" "+meetup" ]; - } - { - query = "from:slack.com"; - tags = [ "+slack" ]; - } - { - query = "from:keybase.io"; - tags = [ "+keybase" ]; - } - { - query = "from:jobs2web.com"; - tags = [ "+newzealand" "+jobs" "-inbox" ]; - } - { - query = "from:paypal.de AND subject:Bestätigung"; - tags = [ "-unread" "+paypal" "+billing" ]; - } - { - query = "to:c-base.org"; - tags = [ "+cbase" "+list" ]; - } - { - query = "to:c-base.org AND subject=[auto-report]"; - tags = [ "-unread" "-inbox" ]; - } - { - query = "from:browserstack.com"; - tags = [ "+browserstack" ]; - } - { - query = - "to:renoise@ingolf-wagner.de OR to:root@renoise.com OR from:renoise.com OR to:admin@renoise.com"; - tags = [ "+renoise" ]; - } - { - query = "from:amazon.de OR from:amazon.com AND NOT to:renoise.com"; - tags = [ "+shop" "+amazon" "+billing" ]; - } - { - query = "from:hetzner.com OR from:hetzner.de"; - tags = [ "+hetzner" ]; - } - { - query = - "to:renoise.com AND NOT ( from:renoise.com OR from:root OR from:hetzner.com OR from:hetzner.de OR from:amazon.com OR from:gmail.com )"; - tags = [ "-inbox" "-unread" "+junk" "+renoise" ]; - } - { - query = "tag:hetzner and subject:Invoice"; - tags = [ "+billing" ]; - } - # final rules to make imap sync stuff easier - # there can only be one output folder tag, and theses rules are prioritized - { - query = "tag:fraud"; - tags = [ "-inbox" "-archive" "-junk" "-unread" ]; - message = "clean up tag fraud"; - } - { - query = "tag:junk"; - tags = [ "-inbox" "-archive" "-fraud" "-unread" ]; - message = "clean up tag junk"; - } - { - query = "tag:archive"; - tags = [ "-inbox" "-junk" "-fraud" "-unread" ]; - message = "clean up tag archive"; - } - { - query = "tag:inbox"; - tags = [ "-archive" "-junk" "-fraud" ]; - message = "clean up inbox"; - } - { - query = "tag:killed"; - tags = [ "-inbox" "-unread" ]; - message = "clean up tag killed"; - } - { - query = "tag:muted"; - tags = [ "-inbox" "-unread" ]; - } - # remove new tag at the end - { - query = "tag:new"; - tags = [ "-new" ]; - message = "remove new tag at the end"; - } - ]; - - notmuchTagging = - let - - template = index: - { tags, query, message ? "generic", ... }: - let - command = '' - ${pkgs.notmuch}/bin/notmuch tag ${lib.concatStringsSep " " tags} -- "${query}" - ''; - in - '' - echo '${command}' - ${command} - ''; - junk_template = index: query: - template index { - tags = [ "+junk" "-unread" "-inbox" ]; - query = query; - message = "generic junk filter"; - }; - - in - pkgs.writers.writeBash "notmuch-tagging" (lib.concatStringsSep "\n" - ((lib.imap0 junk_template junk_filter) ++ (lib.imap0 template filters))); - - notmuchTaggingNew = - let - - template = index: - { tags, query, message ? "generic", ... }: - let - command = '' - ${pkgs.notmuch}/bin/notmuch tag ${ - lib.concatStringsSep " " tags - } -- "${query} AND tag:new" - ''; - in - '' - echo '${command}' - ${command} - ''; - - junk_template = index: query: - template index { - tags = [ "+junk" "-unread" "-inbox" ]; - query = query; - message = "generic junk filter"; - }; - in - pkgs.writers.writeBash "notmuch-tagging-new" (lib.concatStringsSep "\n" - ((lib.imap0 junk_template junk_filter) ++ (lib.imap0 template filters))); - -in -{ - - backup.dirs = [ "/home/mailfetcher" ]; - - users.users.mailUser = { - isNormalUser = true; - description = "collects mails for me"; - hashedPassword = "!"; - name = "mailfetcher"; - home = "/home/mailfetcher"; - openssh.authorizedKeys.keyFiles = - config.users.users.root.openssh.authorizedKeys.keyFiles; - group = "mailfetcher"; - }; - - users.groups.mailUser = { - name = "mailfetcher"; - }; - - sops.secrets.mail_terranix = { - owner = config.users.users.mailUser.name; - group = config.users.users.mailUser.group; - }; - sops.secrets.mail_gmail = { - owner = config.users.users.mailUser.name; - group = config.users.users.mailUser.group; - }; - sops.secrets.mail_gmx_palo = { - owner = config.users.users.mailUser.name; - group = config.users.users.mailUser.group; - }; - sops.secrets.mail_gmx_ingolf = { - owner = config.users.users.mailUser.name; - group = config.users.users.mailUser.group; - }; - sops.secrets.mail_web = { - owner = config.users.users.mailUser.name; - group = config.users.users.mailUser.group; - }; - sops.secrets.mail_siteground = { - owner = config.users.users.mailUser.name; - group = config.users.users.mailUser.group; - }; - - environment.systemPackages = [ pkgs.muchsync ]; - - # configure accounts - home-manager.users.mailUser.accounts.email = { - accounts = { - - palo_van_dalo-gmx = { - primary = false; - address = "palo_van_dalo@gmx.de"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "palo_van_dalo@gmx.de"; - passwordCommand = - "cat ${toString config.sops.secrets.mail_gmx_palo.path }"; - imap = { - host = "imap.gmx.net"; - tls.enable = true; - port = 993; - }; - mbsync = { - enable = true; - create = "both"; - }; - notmuch.enable = true; - }; - - ingolf-wagner-gmx = { - primary = false; - address = "ingolf.wagner@gmx.de"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "ingolf.wagner@gmx.de"; - passwordCommand = - "cat ${toString config.sops.secrets.mail_gmx_ingolf.path }"; - imap = { - host = "imap.gmx.net"; - tls.enable = true; - port = 993; - }; - mbsync = { - enable = true; - create = "both"; - }; - notmuch.enable = true; - }; - - pali_palo = { - primary = false; - address = "pali_palo@web.de"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "pali_palo@web.de"; - passwordCommand = - "cat ${toString config.sops.secrets.mail_web.path }"; - imap = { - host = "imap.web.de"; - tls.enable = true; - port = 993; - }; - mbsync = { - enable = true; - create = "both"; - }; - notmuch.enable = true; - }; - - gmail = { - # for google accounts you have to allow 'less secure apps' in accounts.google.com - primary = true; - address = "palipalo9@googlemail.com"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "palipalo9@googlemail.com"; - passwordCommand = - "cat ${toString config.sops.secrets.mail_gmail.path }"; - imap = { - host = "imap.gmail.com"; - tls.enable = true; - port = 993; - }; - mbsync = { - enable = true; - create = "both"; - }; - notmuch.enable = true; - }; - - terranix_org = { - primary = false; - address = "palo@terranix.org"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "palo@terranix.org"; - passwordCommand = "cat ${toString config.sops.secrets.mail_terranix.path }"; - imap = { - host = "mail.privateemail.com"; - tls.enable = true; - port = 993; - }; - mbsync = { - enable = true; - create = "both"; - }; - notmuch.enable = true; - }; - - ingolf-wagner-de = { - primary = false; - address = "contact@ingolf-wagner.de"; - aliases = [ ]; - realName = "Ingolf Wagner"; - userName = "contact@ingolf-wagner.de"; - passwordCommand = - "cat ${toString config.sops.secrets.mail_siteground.path }"; - imap = { - host = "securees5.sgcpanel.com"; - port = 993; - tls.enable = true; - #tls.useStartTls = true; - }; - # make sure the upstream mail is deleted - getmail = { - enable = true; - delete = true; - readAll = false; - mailboxes = [ "ALL" ]; - }; - notmuch.enable = true; - }; - - }; - }; - - home-manager.users.mailUser.home.stateVersion = "22.11"; - - # configure mbsync - home-manager.users.mailUser.programs.mbsync.enable = true; - - # re-tag everything once a day - systemd.services.retagmail = { - enable = true; - serviceConfig = { User = config.users.users.mailUser.name; }; - environment.NOTMUCH_CONFIG = - "${config.users.users.mailUser.home}/.config/notmuch/notmuchrc"; - script = "${notmuchTagging}"; - }; - systemd.timers.retagmail = { - enable = true; - timerConfig = { - OnCalendar = "daily"; - Persistent = "true"; - }; - wantedBy = [ "multi-user.target" ]; - }; - - # fetch mails every 10 minutes - systemd.services.fetchmail = - let - threadTag = tag: '' - echo "tag threads with ${tag}" - ${pkgs.notmuch}/bin/notmuch tag +${tag} $(${pkgs.notmuch}/bin/notmuch search --output=threads tag:${tag}) - ''; - in - { - enable = true; - serviceConfig = { User = config.users.users.mailUser.name; }; - environment.NOTMUCH_CONFIG = - "${config.users.users.mailUser.home}/.config/notmuch/notmuchrc"; - script = '' - echo "run mbsync" - ${pkgs.isync}/bin/mbsync \ - --all - echo "run getmail" - ${pkgs.getmail}/bin/getmail \ - --quiet \ - --rcfile getmailingolf-wagner-de - - echo "run notmuch" - ${pkgs.notmuch}/bin/notmuch new - ${notmuchTaggingNew} - ${threadTag "muted"} - ${threadTag "wohnung"} - ${threadTag "flagged"} - ''; - }; - systemd.timers.fetchmail = { - enable = true; - # timerConfig.OnCalendar = " *-*-* *:00:00"; - timerConfig.OnCalendar = "*:0/10"; - wantedBy = [ "multi-user.target" ]; - }; - - # configure notmuch - home-manager.users.mailUser.programs.notmuch = { - enable = true; - new.tags = [ "unread" "inbox" "new" ]; - }; - -} diff --git a/nixos/machines/orbi/media-nextcloud.nix b/nixos/machines/orbi/media-nextcloud.nix index 5444f8f..265f44b 100644 --- a/nixos/machines/orbi/media-nextcloud.nix +++ b/nixos/machines/orbi/media-nextcloud.nix @@ -89,8 +89,8 @@ in config = { config, lib, ... }: { nixpkgs.pkgs = pkgs; - imports = [ ./container-monitoring.nix ]; - promtail.port = 3502; + imports = [ ../../components/monitor/container.nix ]; + components.monitor.container.promtail.port = 3502; system.stateVersion = "23.11"; # Configuring nameservers for containers is currently broken. diff --git a/nixos/machines/orbi/media-transmission2.nix b/nixos/machines/orbi/media-transmission2.nix index 26afd8c..f29f29b 100644 --- a/nixos/machines/orbi/media-transmission2.nix +++ b/nixos/machines/orbi/media-transmission2.nix @@ -25,8 +25,8 @@ in config = { config, lib, ... }: { nixpkgs.pkgs = pkgs; - imports = [ ./container-monitoring.nix ]; - promtail.port = 3505; + imports = [ ../../components/monitor/container.nix ]; + components.monitor.container.promtail.port = 3505; system.stateVersion = "21.05"; services.journald.extraConfig = "SystemMaxUse=1G"; diff --git a/nixos/machines/orbi/media-unmanic.nix b/nixos/machines/orbi/media-unmanic.nix deleted file mode 100644 index 4662769..0000000 --- a/nixos/machines/orbi/media-unmanic.nix +++ /dev/null @@ -1,40 +0,0 @@ -{ config, lib, pkgs, ... }: -{ - - virtualisation.oci-containers = { - containers.unmanic = { - volumes = [ - "/media/arr/unmanic/config:/config" - #"/media/arr/unmanic/library:/library" - "/media/arr/unmanic/tmp:/tmp/unmanic" - "/media:/library" - ]; - environment = { - PUID = toString config.users.users.media.uid; - PGID = toString config.users.groups.media.gid; - }; - ports = [ - "127.0.0.1:8889:8888" - ]; - image = "josh5/unmanic:latest"; - }; - }; - - #networking.firewall.interfaces.wg0.allowedTCPPorts = [ 8266 ]; - #networking.firewall.interfaces.wg0.allowedUDPPorts = [ 8266 ]; - - #networking.firewall.interfaces.enp0s31f6.allowedTCPPorts = [ 8266 ]; - #networking.firewall.interfaces.enp0s31f6.allowedUDPPorts = [ 8266 ]; - - services.nginx.virtualHosts."unmanic.${config.networking.hostName}.private" = { - extraConfig = '' - allow ${config.tinc.private.subnet}; - deny all; - ''; - locations."/" = { - proxyPass = "http://localhost:8889"; - proxyWebsockets = true; - }; - }; - -} diff --git a/nixos/machines/orbi/mysql.nix b/nixos/machines/orbi/mysql.nix deleted file mode 100644 index 727df98..0000000 --- a/nixos/machines/orbi/mysql.nix +++ /dev/null @@ -1,20 +0,0 @@ -{ pkgs, lib, config, ... }: { - - services.mysql = { - enable = true; - package = pkgs.mysql80; - initialScript = pkgs.writeText "initScript" '' - CREATE USER 'admin'@'%' IDENTIFIED BY 'admin'; - GRANT ALL PRIVILEGES ON * . * TO 'admin'@'%'; - ''; - }; - - services.mysqlBackup = { - enable = true; - databases = [ "property" ]; - #user = "admin"; - }; - - backup.dirs = [ config.services.mysqlBackup.location ]; - -} diff --git a/nixos/machines/orbi/service-photoprism.nix b/nixos/machines/orbi/service-photoprism.nix index e7e6233..4e3b920 100644 --- a/nixos/machines/orbi/service-photoprism.nix +++ b/nixos/machines/orbi/service-photoprism.nix @@ -15,8 +15,8 @@ in config = { config, lib, ... }: { nixpkgs.pkgs = pkgs; - imports = [ ./container-monitoring.nix ]; - promtail.port = 3503; + imports = [ ../../components/monitor/container.nix ]; + components.monitor.container.promtail.port = 3503; system.stateVersion = "23.11"; # Photoprism diff --git a/nixos/machines/orbi/social-matrix-terranix.nix b/nixos/machines/orbi/social-matrix-terranix.nix index 56eb448..80e5f90 100644 --- a/nixos/machines/orbi/social-matrix-terranix.nix +++ b/nixos/machines/orbi/social-matrix-terranix.nix @@ -70,8 +70,8 @@ in config = { config, lib, ... }: { nixpkgs.pkgs = pkgs; - imports = [ ./container-monitoring.nix ]; - promtail.port = 3504; + imports = [ ../../components/monitor/container.nix ]; + components.monitor.container.promtail.port = 3504; system.stateVersion = "23.11"; services.postgresql = { diff --git a/nixos/machines/orbi/sync-opentracker.nix b/nixos/machines/orbi/sync-opentracker.nix deleted file mode 100644 index aaec2bd..0000000 --- a/nixos/machines/orbi/sync-opentracker.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - services.opentracker = { - enable = true; - }; -} diff --git a/nixos/machines/orbi/sync-torrent.nix b/nixos/machines/orbi/sync-torrent.nix deleted file mode 100644 index ee40fe4..0000000 --- a/nixos/machines/orbi/sync-torrent.nix +++ /dev/null @@ -1,111 +0,0 @@ -{ lib, pkgs, config, ... }: -let - uiPort = 9099; - announceIp = "10.23.42.111"; - peerPort = 51433; -in -{ - - containers.sync-torrent = { - - # mount host folders - bindMounts = { - media = { - hostPath = "/media/new"; - mountPoint = "/media"; # must be here otherwise transmission can't see the folder - isReadOnly = false; - }; - lib = { - hostPath = "/srv/sync-torrent"; - mountPoint = "/var/lib/transmission"; - isReadOnly = false; - }; - }; - - autoStart = true; - - config = { config, pkgs, lib, ... }: { - - system.stateVersion = "22.11"; - services.journald.extraConfig = "SystemMaxUse=1G"; - - services.transmission = { - enable = true; - settings = { - download-dir = "/media"; - incomplete-dir = "/var/lib/transmission/incomplete"; # todo put this somewhere with frequent snapshots but low keep. - incomplete-dir-enabled = true; - message-level = 1; - umask = 2; - rpc-whitelist-enabled = false; - rpc-host-whitelist-enabled = false; - rpc-port = uiPort; - rpc-enable = true; - rpc-bind-address = "0.0.0.0"; - - # "normal" speed limits - speed-limit-down-enabled = false; - speed-limit-down = 800; - speed-limit-up-enabled = true; - speed-limit-up = 3000; - upload-slots-per-torrent = 8; - # Queuing - # When true, Transmission will only download - # download-queue-size non-stalled torrents at once. - download-queue-enabled = true; - download-queue-size = 3; - - # When true, torrents that have not shared data for - # queue-stalled-minutes are treated as 'stalled' - # and are not counted against the queue-download-size - # and seed-queue-size limits. - queue-stalled-enabled = true; - queue-stalled-minutes = 60; - - # When true. Transmission will only seed seed-queue-size - # non-stalled torrents at once. - seed-queue-enabled = false; - seed-queue-size = 10; - - # Enable UPnP or NAT-PMP. - peer-port = peerPort; - port-forwarding-enabled = false; - announce-ip = announceIp; - announce-ip-enabled = true; - - # Start torrents as soon as they are added - start-added-torrents = true; - - }; - }; - - }; - }; - - # open ports for logging - #networking.firewall.interfaces."ve-torrent".allowedTCPPorts = - # [ 5044 12304 12305 ]; - #networking.firewall.interfaces."ve-torrent".allowedUDPPorts = - # [ 5044 12304 12305 ]; - - # host nginx setup - # ---------------- - # curl -H "Host: sync.robi.private" https://robi.private/ < will work - # curl -H "Host: sync.robi.private" https://144.76.13.147/ < wont work - services.nginx = { - enable = true; - recommendedProxySettings = true; - virtualHosts = { - "sync.${config.networking.hostName}.private" = { - extraConfig = '' - allow ${config.tinc.private.subnet}; - deny all; - ''; - locations."/" = { - proxyPass = "http://127.0.0.1:${toString uiPort}"; - }; - }; - }; - }; - -} diff --git a/nixos/machines/orbi/webhook-ring.nix b/nixos/machines/orbi/webhook-ring.nix deleted file mode 100644 index 5bf5cd0..0000000 --- a/nixos/machines/orbi/webhook-ring.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ config, pkgs, ... }: -# To create a sign at the door -# "Sorry Doorbell is broken, please scan this QR Code -# -# create QR Code with: -# qrencode -o ./test.png http://ring.ingolf-wagner.de -# -# for secure urls check -# https://www.nginx.com/blog/securing-urls-secure-link-module-nginx-plus/ -{ - - sops.secrets.ringPushover = { - owner = config.services.webhook.user; - }; - - services.webhook = { - enable = true; - hooks = { - ring = { - execute-command = - let - script = pkgs.writers.writeBash "ring-script" '' - . ${config.sops.secrets.ringPushover.path} - ${pkgs.curl}/bin/curl -s \ - --form-string "token=$API_KEY" \ - --form-string "user=$USER_KEY" \ - --form-string "title=Klingeling" \ - --form-string "message=Jemand an der Tür" \ - https://api.pushover.net/1/messages.json - ''; - in - toString script; - response-message = "It's ringing"; - }; - }; - }; - - services.nginx.virtualHosts."ring.ingolf-wagner.de" = { - enableACME = true; - forceSSL = true; - locations."/" = { - proxyPass = "http://localhost:${toString config.services.webhook.port}/${config.services.webhook.urlPrefix}/ring"; - }; - }; -} diff --git a/nixos/machines/orbi/weechat.nix b/nixos/machines/orbi/weechat.nix deleted file mode 100644 index f008033..0000000 --- a/nixos/machines/orbi/weechat.nix +++ /dev/null @@ -1,38 +0,0 @@ -{ config, pkgs, lib, ... }: - -# how to setup a relay -# * ssh on the maching -# * sudo -u weechat screen -r -# /set relay.network.password "mypassword" -# /relay add weechat 10000 - -{ - - # configure weechat - services.weechat = { enable = true; }; - - # configure bitlbee - services.bitlbee = { - enable = true; - libpurple_plugins = [ - #pkgs.pidgin-otr - #pkgs.purple-facebook - #pkgs.purple-discord - #pkgs.purple-matrix - #pkgs.purple-hangouts - #pkgs.pidgin-latex - #pkgs.pidgin-opensteamworks - #pkgs.pidgin-skypeweb - pkgs.telegram-purple - #pkgs.purple-lurch - ]; - plugins = - [ pkgs.bitlbee-facebook pkgs.bitlbee-steam pkgs.bitlbee-mastodon ]; - }; - - # otherwise xterm is the only thing that works - environment.systemPackages = [ pkgs.rxvt_unicode ]; - - backup.dirs = [ config.services.weechat.root ]; - -}