diff --git a/flake.nix b/flake.nix index 935652a..72d46a4 100644 --- a/flake.nix +++ b/flake.nix @@ -83,8 +83,9 @@ ./modules/mail.nix ./modules/monitoring/monitoring.nix # ./modules/calibre.nix - ./modules/wiki.nix + ./modules/paperless.nix ./modules/outline.nix + ./modules/plausible.nix ./modules/vaultwarden.nix ./modules/hledger.nix ./modules/etesync.nix diff --git a/modules/outline.nix b/modules/outline.nix index 5fc18f3..b5f2b22 100644 --- a/modules/outline.nix +++ b/modules/outline.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ config, ... }: { # Open paperless port, but only for local network networking.firewall.extraCommands = '' @@ -7,6 +7,10 @@ iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 9910:9910 -j nixos-fw-accept ''; + systemd.tmpfiles.rules = [ + "f /run/agenix/outline_gmail 0600 outline users -" + ]; + services = { minio = { enable = true; diff --git a/modules/wiki.nix b/modules/paperless.nix similarity index 57% rename from modules/wiki.nix rename to modules/paperless.nix index 95af32b..9d2ce98 100644 --- a/modules/wiki.nix +++ b/modules/paperless.nix @@ -1,4 +1,4 @@ -{ config, pkgs, ... }: +{ ... }: { networking.firewall.extraCommands = '' iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 28981:28981 -j nixos-fw-accept @@ -10,12 +10,7 @@ paperless-web.after = [ "var-lib-paperless.mount" ]; }; - systemd.tmpfiles.rules = [ - "f /run/agenix/outline_gmail 0600 outline users -" - ]; - services = { - # TODO: Change passwordFile location, use agenix paperless = { enable = true; address = "0.0.0.0"; @@ -34,28 +29,6 @@ PAPERLESS_CONSUMER_SUBDIRS_AS_TAGS = true; }; }; - - plausible = { - enable = true; - releaseCookiePath = "/run/agenix/chatgpt_api_key"; - server = { - secretKeybaseFile = "/run/agenix/enterprise-nix-cache-key-sec"; - disableRegistration = true; - port = 13231; - baseUrl = "https://analytics.bhankas.org"; - }; - adminUser = { - activate = true; - name = "root"; - email = "admin@bhankas.org"; - passwordFile = "/run/agenix/maildir_relekarpayas_onedrive"; - }; - database = { - clickhouse.setup = true; - }; - }; - - # TODO: Split to their respective locations nginx = { virtualHosts = { "paperless.bhankas.org" = { @@ -69,18 +42,6 @@ ; }; }; - - "analytics.bhankas.org" = { - addSSL = true; - enableACME = true; - locations."/" = { - proxyPass = "http://127.0.0.1:13231"; - proxyWebsockets = false; - extraConfig = - "proxy_set_header Host $host;" - ; - }; - }; }; }; }; @@ -92,11 +53,6 @@ email = "admin@bhankas.org"; dnsResolver = "1.1.1.1:53"; }; - - "analytics.bhankas.org" = { - email = "admin@bhankas.org"; - dnsResolver = "1.1.1.1:53"; - }; }; }; } diff --git a/modules/plausible.nix b/modules/plausible.nix new file mode 100644 index 0000000..d2b314d --- /dev/null +++ b/modules/plausible.nix @@ -0,0 +1,59 @@ +{ ... }: +{ + services = { + plausible = { + enable = true; + releaseCookiePath = "/run/agenix/chatgpt_api_key"; + server = { + secretKeybaseFile = "/run/agenix/enterprise-nix-cache-key-sec"; + disableRegistration = true; + port = 13231; + baseUrl = "https://analytics.bhankas.org"; + }; + adminUser = { + activate = true; + name = "root"; + email = "admin@bhankas.org"; + passwordFile = "/run/agenix/maildir_relekarpayas_onedrive"; + }; + database = { + clickhouse.setup = true; + }; + mail = { + email = "gandalf@bhankas.org"; + smtp = { + enableSSL = true; + hostAddr = "smtp.purelymail.com"; + hostPort = 587; + passwordFile = "/run/agenix/gandalf_mail"; + user = "gandalf@bhankas.org"; + }; + }; + }; + + nginx = { + virtualHosts = { + "analytics.bhankas.org" = { + addSSL = true; + enableACME = true; + locations."/" = { + proxyPass = "http://127.0.0.1:13231"; + proxyWebsockets = false; + extraConfig = + "proxy_set_header Host $host;" + ; + }; + }; + }; + }; + }; + + security.acme = { + certs = { + "analytics.bhankas.org" = { + email = "admin@bhankas.org"; + dnsResolver = "1.1.1.1:53"; + }; + }; + }; +}