From 8cb15e97a75552412e274b01dd4c5b4c18d9c7f7 Mon Sep 17 00:00:00 2001 From: mc-fucker Date: Tue, 31 Jan 2023 16:48:31 +0100 Subject: [PATCH] updated tandoor and ihatemoney config --- modules/ihatemoney.nix | 20 ++++++++------------ modules/tandoor.nix | 18 ++++++++++-------- modules/vars.nix | 12 ++++++++++++ 3 files changed, 30 insertions(+), 20 deletions(-) diff --git a/modules/ihatemoney.nix b/modules/ihatemoney.nix index 820633f..938704b 100644 --- a/modules/ihatemoney.nix +++ b/modules/ihatemoney.nix @@ -1,11 +1,14 @@ { ... }: let - port = "8000"; - db = "ihatemoney"; - domain = "geld.mc-fucker.cool"; + cfg = import ./vars.nix; + port = cfg.ihatemoney.port; + db = cfg.ihatemoney.db; + domain = cfg.ihatemoney.domain; in { - services.nginx.enable = true; + + imports = [ ./nginx.nix ]; + services.nginx.virtualHosts."${domain}" = { forceSSL = true; enableACME = true; @@ -18,11 +21,6 @@ in ''; }; - security.acme = { - acceptTerms = true; - defaults.email = "dev@mc-fucker.cool"; - }; - virtualisation.oci-containers.containers.ihatemoney = { image = "cfa3c41cf3ac"; environment = { @@ -34,7 +32,7 @@ in MAIL_USE_TLS = "True"; DEBUG = "False"; }; - ports = [ "${port}:8000" ]; + ports = [ "${port}:${port}" ]; environmentFiles = [ /etc/nixos/keys/ihatemoney-env ]; }; @@ -51,8 +49,6 @@ in authentication = "host ${db} ${db} 10.88.0.0/16 md5"; }; - networking.firewall.allowedTCPPorts = [ 80 443 ]; - services.postgresqlBackup.databases = [ "ihatemoney" ]; } diff --git a/modules/tandoor.nix b/modules/tandoor.nix index 5cbc0a6..89d10f5 100644 --- a/modules/tandoor.nix +++ b/modules/tandoor.nix @@ -1,18 +1,19 @@ { config, lib, ... }: let - pg_user = "tandoor"; - tandoor_port = "8080"; - domain = "kochen.mc-fucker.cool"; + cfg = import ./vars.nix; + pg_user = cfg.tandoor.db; + port = cfg.tandoor.port; + domain = cfg.tandoor.domain; in { virtualisation.oci-containers.containers.tandoor = { - image = "vabene1111/recipes"; + image = "docker.io/vabene1111/recipes"; environment = { DEBUG = "0"; DB_ENGINE = "django.db.backends.postgresql"; - POSTGRES_HOST = "10.88.0.1"; + POSTGRES_HOST = cfg.podman.hostIP; POSTGRES_PORT = "5432"; POSTGRES_USER = pg_user; POSTGRES_DB = pg_user; @@ -20,8 +21,9 @@ in SECRET_KEY = builtins.readFile /etc/nixos/keys/tandoor-secret; }; ports = [ - "${tandoor_port}:${tandoor_port}" + "${port}:${port}" ]; + extraOptions = cfg.podman.extraOptions; volumes = [ "/var/lib/tandoor/mediafiles:/opt/recipes/mediafiles" "/var/lib/tandoor/staticfiles:/opt/recipes/staticfiles" @@ -50,11 +52,11 @@ in enableACME = true; locations = { "/" = { - proxyPass = "http://127.0.0.1:${tandoor_port}"; + proxyPass = "http://127.0.0.1:${port}"; extraConfig = '' proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; - proxy_redirect http://127.0.0.1:${tandoor_port} https://${domain}; + proxy_redirect http://127.0.0.1:${port} https://${domain}; access_log /var/log/nginx/${domain}_access.log; error_log /var/log/nginx/${domain}_error.log; ''; diff --git a/modules/vars.nix b/modules/vars.nix index 5c48bde..22b2183 100644 --- a/modules/vars.nix +++ b/modules/vars.nix @@ -1,5 +1,11 @@ { + ihatemoney = { + db = "ihatemoney"; + domain = "geld.mc-fucker.cool"; + port = "8000"; + }; + invidious = { domain = "yt.mc-fucker.cool"; db_user = "kemal"; @@ -21,6 +27,12 @@ hostIP = "10.88.0.1"; }; + tandoor = { + db = "tandoor"; + domain = "kochen.mc-fucker.cool"; + port = "8080"; + }; + zabbix = { domain = "zbx.mc-fucker.cool"; db = "zabbix";