summary refs log tree commit diff
path: root/host/Rory-nginx/configuration.nix
blob: 7a9425485a5b5e55826ebb0f0cef1ef22c22f2b8 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
{
  pkgs,
  config,
  lib,
  grapevine,
  conduit,
  conduwuit,
  nixpkgs-Draupnir,
  ...
}:

{
  imports = [
    ../../modules/base-server.nix
    ../../modules/users/levi.nix
    ../../modules/users/db2k.nix
    ../../modules/users/ks.nix
    ../../modules/users/Alice.nix

    ./services/postgres.nix
    ./services/matrix/root.nix
    ./services/nginx/nginx.nix
    #./services/jitsi.nix
    ./services/cgit.nix
    #./services/ollama.nix
    ./services/prometheus.nix
  ];
  users.groups.ocp = { };
  networking = {
    hostName = "Rory-nginx";
    interfaces.ens18.ipv4.addresses = [
      {
        address = "192.168.1.2";
        prefixLength = 24;
      }
    ];
    interfaces.ens19.ipv4.addresses = [
      {
        address = "10.10.10.2";
        prefixLength = 16;
      }
    ];
    defaultGateway.interface = "ens18";
    nat = {
      enable = true;
      internalInterfaces = [
        "ve-+"
        "vb-+"
      ];
      externalInterface = "ens18";
      enableIPv6 = false;
    };
    enableIPv6 = lib.mkForce false;
    nameservers = lib.mkOverride [ "192.168.1.1" ];
  };

#  environment.etc."resolv.conf" = lib.mkOverride {
#    text = ''
#      nameserver 192.168.1.1
#    '';
#  };

  monitoring = {
    monitorAll = true;
    localPrometheus = true;
    exposePrometheus = true;
    localGrafana = true;
    exposeGrafana = true;
    nginxHost = "monitoring.rory.gay";
    nginxSsl = true;
  };

  nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];

  services.irqbalance.enable = true;

  environment.memoryAllocator.provider = "jemalloc";

  #containers."pluralcontactbotpoc" = import ./services/containers/pluralcontactbotpoc/container.nix {
  #  inherit pkgs lib;
  #  conduit = grapevine;
  #};

  containers."matrixunittests" = import ./services/containers/matrixunittests/container.nix { inherit pkgs lib grapevine; };

  containers."matrixunittests-conduit" = import ./services/containers/matrixunittests-conduit/container.nix {
    inherit pkgs lib;
    conduit = conduit;
  };

  services.pgadmin = {
    enable = true;
    initialEmail = "root@localhost.localdomain";
    initialPasswordFile = "/etc/matrix-user-pass";
  };
  containers."draupnir-cme" = import ./services/containers/draupnir-cme/container.nix { inherit pkgs lib nixpkgs-Draupnir; };

  #containers."draupnir-linux-mint" = import ./services/containers/draupnir-linux-mint/container.nix { inherit pkgs lib nixpkgs-Draupnir; };

  system.stateVersion = "22.11"; # DO NOT EDIT!

  environment.systemPackages = with pkgs; [ waypipe ];
  nix.nrBuildUsers = 128;
}