webserver: rename to weewx
This commit is contained in:
parent
5497d30b02
commit
6be487f012
SSH key fingerprint:
SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
14 changed files with 90 additions and 60 deletions
|
|
@ -54,6 +54,14 @@
|
|||
group = "matrix-synapse";
|
||||
};
|
||||
|
||||
mosquitto-password-weewx-proxy = {
|
||||
file = ./mosquitto/passwordWeewxProxy.age;
|
||||
};
|
||||
|
||||
mosquitto-password-weewx = {
|
||||
file = ./mosquitto/passwordWeewx.age;
|
||||
};
|
||||
|
||||
atuin-environment = {
|
||||
file = ./atuin/environment.age;
|
||||
owner = "atuin";
|
||||
|
|
|
|||
13
agenix/hosts/sail/mosquitto/passwordWeewx.age
Normal file
13
agenix/hosts/sail/mosquitto/passwordWeewx.age
Normal file
|
|
@ -0,0 +1,13 @@
|
|||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyAyU1ZF
|
||||
UWtzZ3h0R3B1RWVYMWFMWllieHI5WTlVVXFteGhWckhFOVRwQlFFCnZJUUxVdFgr
|
||||
OHUzc3lrSWpwVytMWDc0Z0FoTWhLREtEaVE0bkcxZEdGU2MKLT4gc3NoLWVkMjU1
|
||||
MTkgTmJWNGh3IG5DM2oyTVpnNitSSzU2am8rWDJSMXVmZGgvOGZNdWp3YktvVkNZ
|
||||
TmE2U2MKYlJOUEFKZTF0UjNiVm5SNmpwaEIzaWhWWG9YZldiLzIyUWNxRE5NaHZY
|
||||
YwotPiBRcmVHKS1ncmVhc2UgMyA1TCdCRm5fCllvNXk4RzVVekxGeXRDSWlacFI4
|
||||
U1RvRUQ1dDcvS0ZVZm5FNUt5TUlTNkFXdjVzCi0tLSBxeUowYnpuVG5BYUpOZlFT
|
||||
c2NzOWhlQ1dVUFg0bDA5T2ROeHFvU2lJeE5JCqSG2JIv7FpYbfZ4ERbSW0G5vQeF
|
||||
teqNb71repTGwOW5BiAadvWpiv0o5Oq2Plpq9etsm8Jgm21F8UFR71DlefpTXVOH
|
||||
rIxfm4YTTY68aVGLx90/dxmw8qOZsGZvQ1EoKZQh+p+SO9BwC2//0uKhBFbSbwrK
|
||||
sbRurKBcA+xr0LB1dxZZhEqe8CXLaVlvsMklT7A=
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
12
agenix/hosts/sail/mosquitto/passwordWeewxProxy.age
Normal file
12
agenix/hosts/sail/mosquitto/passwordWeewxProxy.age
Normal file
|
|
@ -0,0 +1,12 @@
|
|||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBzVjZz
|
||||
TG9memlGMXZwZFFVK3pNOXVrYjlkak90NkpLUEVBajVaNTNGdkNNCjdPNVYrdjVk
|
||||
ZUVSeVJmS2QzaitIa014TGFKM01QVWN3bHhEbktjY0UvS1UKLT4gc3NoLWVkMjU1
|
||||
MTkgTmJWNGh3IGFab21mL2FVV3VVYXhYMjI2SGlZWVl3UW9RTzNEbU1qVVFMWHlo
|
||||
eWM4UUEKODl1Zis5VlFtWTR0NWcvSFpHdk1EaG5BekttRk5GNktzNXU0c0xrQkFD
|
||||
TQotPiByW1t4NkssLWdyZWFzZQpvYVBsK3ptYkRsRDEKLS0tIHRQVmhMY3JFYmE1
|
||||
dmdLai9CVkltM0VKcXJzNkEzMjN3TVVGeERvb3lZbTgK6mbrGDx3FqUB8YD+VHR5
|
||||
VcDitTAadwkqAqq6/0Zc0a45M5rJ5P6ThNKsrXpCc50YvtpEQM0kVBWyJIz2qXuE
|
||||
z4/i7DY7MxpndiQhjaD4e2KToDRLa3uGYbnnKYE9ZhsmdDQqyM0lx9dMvo6aV/nt
|
||||
WMRO84wxSi+jPoPYh7659IPOHbwGW1wZiJv1mGZA6bN3Dg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
|
|
@ -1,4 +1,4 @@
|
|||
{ config, secret, ... }:
|
||||
{ config, ... }:
|
||||
|
||||
{
|
||||
virtualisation.arion.projects.proxitok.settings = {
|
||||
|
|
|
|||
|
|
@ -1,33 +0,0 @@
|
|||
{ secret, ... }:
|
||||
|
||||
{
|
||||
systemd.tmpfiles.rules = [
|
||||
"d /etc/container-webserver/weewx 0755 421 421"
|
||||
"d /etc/container-webserver/weewx/html 0755 421 421"
|
||||
];
|
||||
|
||||
# mosquitto
|
||||
|
||||
environment.etc."container-webserver/mosquitto/mosquitto.conf" = {
|
||||
text = ''
|
||||
listener 1883
|
||||
password_file /mosquitto/config/users.conf
|
||||
'';
|
||||
|
||||
mode = "0644";
|
||||
};
|
||||
|
||||
environment.etc."container-webserver/mosquitto/users.conf" = {
|
||||
text = secret.container.webserver.mosquitto.users;
|
||||
mode = "0644";
|
||||
};
|
||||
|
||||
# weewx
|
||||
|
||||
environment.etc."container-webserver/weewx/weewx.conf" = {
|
||||
source = ../../secret/container/webserver/config/weewx.conf;
|
||||
mode = "0644";
|
||||
uid = 421;
|
||||
gid = 421;
|
||||
};
|
||||
}
|
||||
|
|
@ -1,26 +1,12 @@
|
|||
{ config, ... }:
|
||||
|
||||
let
|
||||
secret = import ../../secret/container/webserver;
|
||||
custom-config = import ./config.nix { inherit secret; };
|
||||
secret = import ../../secret/container/weewx;
|
||||
data-dir = "/etc/container-weewx";
|
||||
in
|
||||
{
|
||||
virtualisation.arion.projects.webserver.settings = {
|
||||
virtualisation.arion.projects.weewx.settings = {
|
||||
services = {
|
||||
mosquitto = {
|
||||
service = {
|
||||
image = "eclipse-mosquitto:2";
|
||||
container_name = "mosquitto";
|
||||
restart = "unless-stopped";
|
||||
ports = [ "1883:1883" ];
|
||||
user = "nobody";
|
||||
volumes = [
|
||||
"/etc/container-webserver/mosquitto:/mosquitto/config:ro"
|
||||
];
|
||||
labels = {
|
||||
"com.centurylinklabs.watchtower.enable" = "true";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
weewx = {
|
||||
service = {
|
||||
image = "ghcr.io/nifoc/weewx-docker:master";
|
||||
|
|
@ -32,7 +18,7 @@ in
|
|||
"TZ" = "Europe/Berlin";
|
||||
};
|
||||
volumes = [
|
||||
"/etc/container-webserver/weewx:/data"
|
||||
"${data-dir}:/data"
|
||||
];
|
||||
labels = {
|
||||
"com.centurylinklabs.watchtower.enable" = "true";
|
||||
|
|
@ -42,11 +28,45 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts."${secret.container.webserver.hostname}" = {
|
||||
systemd.tmpfiles.rules = [
|
||||
"d ${data-dir} 0755 421 421"
|
||||
"d ${data-dir}/html 0755 421 421"
|
||||
];
|
||||
|
||||
environment.etc."container-weewx/weewx.conf" = {
|
||||
source = ../../secret/container/weewx/config/weewx.conf;
|
||||
mode = "0644";
|
||||
uid = 421;
|
||||
gid = 421;
|
||||
};
|
||||
|
||||
services.mosquitto.listeners = {
|
||||
weewx-private = {
|
||||
address = "0.0.0.0";
|
||||
port = 1883;
|
||||
|
||||
users = {
|
||||
weewx-proxy = {
|
||||
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx-proxy.path;
|
||||
acl = [ "write weewx/+" ];
|
||||
};
|
||||
|
||||
weewx = {
|
||||
hashedPasswordFile = config.age.secrets.mosquitto-password-weewx.path;
|
||||
acl = [ "read weewx/+" ];
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
networking.firewall.interfaces."enp7s0".allowedTCPPorts = [ 1883 ];
|
||||
networking.firewall.interfaces."tailscale0".allowedTCPPorts = [ 1883 ];
|
||||
|
||||
services.nginx.virtualHosts."${secret.container.weewx.hostname}" = {
|
||||
http3 = true;
|
||||
kTLS = true;
|
||||
|
||||
root = "/etc/container-webserver/weewx/html/wdc";
|
||||
root = "${data-dir}/html/wdc";
|
||||
forceSSL = true;
|
||||
useACMEHost = "kempkens.io";
|
||||
|
||||
|
|
@ -72,4 +92,4 @@ in
|
|||
expires modified 1h;
|
||||
'';
|
||||
};
|
||||
} // custom-config
|
||||
}
|
||||
Binary file not shown.
Binary file not shown.
BIN
secret/container/weewx/config/weewx.conf
Normal file
BIN
secret/container/weewx/config/weewx.conf
Normal file
Binary file not shown.
BIN
secret/container/weewx/default.nix
Normal file
BIN
secret/container/weewx/default.nix
Normal file
Binary file not shown.
|
|
@ -19,6 +19,9 @@ in
|
|||
|
||||
"agenix/hosts/sail/synapse/extraConfig.age".publicKeys = sail;
|
||||
|
||||
"agenix/hosts/sail/mosquitto/passwordWeewxProxy.age".publicKeys = sail;
|
||||
"agenix/hosts/sail/mosquitto/passwordWeewx.age".publicKeys = sail;
|
||||
|
||||
"agenix/hosts/sail/atuin/environment.age".publicKeys = sail;
|
||||
|
||||
"agenix/hosts/sail/freshrss/userPassword.age".publicKeys = sail;
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ in
|
|||
(import ../nixos/tailscale.nix (args // { inherit secret; }))
|
||||
|
||||
(import ../nixos/arion.nix (args // { inherit secret; }))
|
||||
../../container/webserver
|
||||
../../container/weewx
|
||||
../../container/matrix
|
||||
../../container/proxitok
|
||||
];
|
||||
|
|
|
|||
|
|
@ -19,6 +19,7 @@
|
|||
autoPrune = {
|
||||
enable = true;
|
||||
dates = "weekly";
|
||||
flags = [ "--all" ];
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -32,7 +33,7 @@
|
|||
};
|
||||
|
||||
networking.firewall.interfaces."podman+" = {
|
||||
allowedUDPPorts = [ 53 443 ];
|
||||
allowedTCPPorts = [ 53 443 ];
|
||||
allowedUDPPorts = [ 53 ];
|
||||
allowedTCPPorts = [ 53 ];
|
||||
};
|
||||
}
|
||||
|
|
|
|||
6
system/nixos/mosquitto.nix
Normal file
6
system/nixos/mosquitto.nix
Normal file
|
|
@ -0,0 +1,6 @@
|
|||
{
|
||||
services.mosquitto = {
|
||||
enable = true;
|
||||
persistence = true;
|
||||
};
|
||||
}
|
||||
Loading…
Reference in a new issue