raphael/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

style(nixfmt): formatting using nixfmt cli tools

Browse source
This commit is contained in:
Raphael 2025-10-09 00:09:26 +02:00
parent b804520f4c
commit fbe803b928
No known key found for this signature in database
46 changed files with 2133 additions and 1700 deletions
Download patch file Download diff file Expand all files Collapse all files

35
services/self_host/htop.nix
View file

@ -1,21 +1,26 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.service.selfhost.monitor;
cfg = config.service.selfhost.monitor;
in
{
config = lib.mkIf cfg {
services = {
glances.enable = true;
config = lib.mkIf cfg {
services = {
glances.enable = true;
nginx.virtualHosts."htop.enium.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:61208";
proxyWebsockets = true;
};
};
};
};
nginx.virtualHosts."htop.enium.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:61208";
proxyWebsockets = true;
};
};
};
};
}

77
services/self_host/mail.nix
View file

@ -1,42 +1,47 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.service.selfhost.mail;
cfg = config.service.selfhost.mail;
in
{
config = lib.mkIf cfg {
services.rspamd.enable = true;
mailserver = {
enable = true;
stateVersion = 3;
fqdn = "mail.enium.eu";
domains = [
"enium.eu"
];
loginAccounts = {
"no-reply@enium.eu" = {
hashedPasswordFile = "/root/mail-passwd.txt";
};
};
certificateScheme = "acme-nginx";
};
config = lib.mkIf cfg {
services.rspamd.enable = true;
mailserver = {
enable = true;
stateVersion = 3;
fqdn = "mail.enium.eu";
domains = [
"enium.eu"
];
loginAccounts = {
"no-reply@enium.eu" = {
hashedPasswordFile = "/root/mail-passwd.txt";
};
};
certificateScheme = "acme-nginx";
};
services = {
roundcube = {
enable = true;
hostName = "mail.enium.eu";
extraConfig = ''
$config['smtp_host'] = "tls://mail.enium.eu";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
nginx = {
virtualHosts."mail.enium.eu" = {
forceSSL = true;
enableACME = true;
};
};
};
};
services = {
roundcube = {
enable = true;
hostName = "mail.enium.eu";
extraConfig = ''
$config['smtp_host'] = "tls://mail.enium.eu";
$config['smtp_user'] = "%u";
$config['smtp_pass'] = "%p";
'';
};
nginx = {
virtualHosts."mail.enium.eu" = {
forceSSL = true;
enableACME = true;
};
};
};
};
}

341
services/self_host/monitor.nix
View file

@ -1,170 +1,189 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.service.selfhost.monitor;
monitored = [ "nginx" "grafana" ];
email = "raphael@enium.eu";
cfg = config.service.selfhost.monitor;
monitored = [
"nginx"
"grafana"
];
email = "raphael@enium.eu";
in
{
config = lib.mkIf cfg {
services.grafana = {
enable = true;
package = pkgs.grafana;
dataDir = "/var/lib/grafana";
};
environment.etc."process-exporter.json".text = builtins.toJSON {
procMatchers = lib.map (svc: {
name = svc;
cmdline = [
"${svc}:"
];
}) monitored;
};
systemd.services.process_exporter = {
description = "Prometheus Process Exporter";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.prometheus-process-exporter}/bin/process-exporter --config.path /etc/process-exporter.json";
Restart = "always";
};
};
services.prometheus = {
enable = true;
checkConfig = false;
exporters = {
blackbox = {
enable = true;
configFile = pkgs.writeText "blackbox-exporter.yml" ''
modules:
http_2xx:
prober: http
timeout: 5s
http:
valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
valid_status_codes: []
method: GET
no_follow_redirects: false
fail_if_not_ssl: false
'';
};
node.enable = true;
systemd.enable = true;
};
scrapeConfigs = [
{
job_name = "systemd_exporter";
metrics_path = "/metrics";
static_configs = [{
targets = [
"127.0.0.1:9558"
];
}];
}
{
job_name = "node_exporter";
static_configs = [{
targets = [
"127.0.0.1:9100"
];
}];
}
{
job_name = "process_exporter";
metrics_path = "/metrics";
scheme = "http";
static_configs = [{
targets = [
"127.0.0.1:9256"
];
}];
}
{
job_name = "blackbox_http_probe";
metrics_path = "/probe";
params = {
module = [
"http_2xx"
];
};
static_configs = [{
targets = [
"https://raphael.parodi.pro"
"https://nextcloud.enium.eu"
"https://htop.enium.eu"
"https://monitor.enium.eu"
"https://ollama.enium.eu"
"http://relance-pas-stp.me:4242"
];
}];
relabel_configs = [
{ source_labels = [ "__address__" ];
target_label = "__param_target";
}
{ source_labels = [ "__param_target" ];
target_label = "instance";
}
{ target_label = "__address__";
replacement = "127.0.0.1:9115";
}
];
proxy_url = "http://127.0.0.1:9115";
}
];
ruleFiles = lib.mkForce [ "/etc/prometheus/services.rules" ];
};
environment.etc."prometheus/services.rules".text = ''
groups:
- name: services
rules:
- alert: nginxServiceDown
expr: process_up{job="process_exporter",name="nginx"} == 0
for: 1m
labels:
severity: critical
annotations:
summary: "Processus nginx arrêté"
description: "Le processus nginx ne tourne plus depuis >1m."
config = lib.mkIf cfg {
services.grafana = {
enable = true;
package = pkgs.grafana;
dataDir = "/var/lib/grafana";
};
- alert: nginxServiceUp
expr: process_up{job="process_exporter",name="nginx"} == 1
for: 1m
labels:
severity: info
annotations:
summary: "Processus nginx rétabli"
description: "Le processus nginx tourne de nouveau."
environment.etc."process-exporter.json".text = builtins.toJSON {
procMatchers = lib.map (svc: {
name = svc;
cmdline = [
"${svc}:"
];
}) monitored;
};
- alert: grafanaServiceDown
expr: process_up{job="process_exporter",name="grafana"} == 0
for: 1m
labels:
severity: critical
annotations:
summary: "Processus grafana arrêté"
description: "Le processus grafana ne tourne plus depuis >1m."
systemd.services.process_exporter = {
description = "Prometheus Process Exporter";
after = [ "network.target" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
ExecStart = "${pkgs.prometheus-process-exporter}/bin/process-exporter --config.path /etc/process-exporter.json";
Restart = "always";
};
};
- alert: grafanaServiceUp
expr: process_up{job="process_exporter",name="grafana"} == 1
for: 1m
labels:
severity: info
annotations:
summary: "Processus grafana rétabli"
description: "Le processus grafana tourne de nouveau."
'';
services.prometheus = {
enable = true;
checkConfig = false;
exporters = {
blackbox = {
enable = true;
configFile = pkgs.writeText "blackbox-exporter.yml" ''
modules:
http_2xx:
prober: http
timeout: 5s
http:
valid_http_versions: ["HTTP/1.1", "HTTP/2.0"]
valid_status_codes: []
method: GET
no_follow_redirects: false
fail_if_not_ssl: false
'';
};
node.enable = true;
systemd.enable = true;
};
scrapeConfigs = [
{
job_name = "systemd_exporter";
metrics_path = "/metrics";
static_configs = [
{
targets = [
"127.0.0.1:9558"
];
}
];
}
{
job_name = "node_exporter";
static_configs = [
{
targets = [
"127.0.0.1:9100"
];
}
];
}
{
job_name = "process_exporter";
metrics_path = "/metrics";
scheme = "http";
static_configs = [
{
targets = [
"127.0.0.1:9256"
];
}
];
}
{
job_name = "blackbox_http_probe";
metrics_path = "/probe";
params = {
module = [
"http_2xx"
];
};
static_configs = [
{
targets = [
"https://raphael.parodi.pro"
"https://nextcloud.enium.eu"
"https://htop.enium.eu"
"https://monitor.enium.eu"
"https://ollama.enium.eu"
"http://relance-pas-stp.me:4242"
];
}
];
relabel_configs = [
{
source_labels = [ "__address__" ];
target_label = "__param_target";
}
{
source_labels = [ "__param_target" ];
target_label = "instance";
}
{
target_label = "__address__";
replacement = "127.0.0.1:9115";
}
];
proxy_url = "http://127.0.0.1:9115";
}
];
ruleFiles = lib.mkForce [ "/etc/prometheus/services.rules" ];
};
services.nginx.virtualHosts."monitor.enium.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
};
};
};
environment.etc."prometheus/services.rules".text = ''
groups:
- name: services
rules:
- alert: nginxServiceDown
expr: process_up{job="process_exporter",name="nginx"} == 0
for: 1m
labels:
severity: critical
annotations:
summary: "Processus nginx arrêté"
description: "Le processus nginx ne tourne plus depuis >1m."
- alert: nginxServiceUp
expr: process_up{job="process_exporter",name="nginx"} == 1
for: 1m
labels:
severity: info
annotations:
summary: "Processus nginx rétabli"
description: "Le processus nginx tourne de nouveau."
- alert: grafanaServiceDown
expr: process_up{job="process_exporter",name="grafana"} == 0
for: 1m
labels:
severity: critical
annotations:
summary: "Processus grafana arrêté"
description: "Le processus grafana ne tourne plus depuis >1m."
- alert: grafanaServiceUp
expr: process_up{job="process_exporter",name="grafana"} == 1
for: 1m
labels:
severity: info
annotations:
summary: "Processus grafana rétabli"
description: "Le processus grafana tourne de nouveau."
'';
services.nginx.virtualHosts."monitor.enium.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
proxyWebsockets = true;
};
};
};
}

71
services/self_host/nextcloud.nix
View file

@ -1,38 +1,43 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.service.selfhost.nextcloud;
dataDir = "/mnt/data/nextcloud";
cfg = config.service.selfhost.nextcloud;
dataDir = "/mnt/data/nextcloud";
in
{
config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [
php
];
services = {
nextcloud = {
enable = true;
https = true;
package = pkgs.nextcloud31;
hostName = "nextcloud.enium.eu";
datadir = "/mnt/data/nextcloud/";
config = {
adminpassFile = "/etc/nextcloud-pass.txt";
adminuser = "OwnedByTheEniumTeam";
dbtype = "sqlite";
};
settings = {
trusted_domains = [
"192.168.1.254"
];
default_phone_region = "FR";
};
};
nginx.virtualHosts."nextcloud.enium.eu".enableACME = true;
nginx.virtualHosts."nextcloud.enium.eu".forceSSL = true;
nginx.virtualHosts."nextcloud.enium.eu".locations."~ \.php$".extraConfig = ''
fastcgi_pass unix:/run/phpfpm-nextcloud.sock;
'';
};
};
config = lib.mkIf cfg {
environment.systemPackages = with pkgs; [
php
];
services = {
nextcloud = {
enable = true;
https = true;
package = pkgs.nextcloud31;
hostName = "nextcloud.enium.eu";
datadir = "/mnt/data/nextcloud/";
config = {
adminpassFile = "/etc/nextcloud-pass.txt";
adminuser = "OwnedByTheEniumTeam";
dbtype = "sqlite";
};
settings = {
trusted_domains = [
"192.168.1.254"
];
default_phone_region = "FR";
};
};
nginx.virtualHosts."nextcloud.enium.eu".enableACME = true;
nginx.virtualHosts."nextcloud.enium.eu".forceSSL = true;
nginx.virtualHosts."nextcloud.enium.eu".locations."~ \.php$".extraConfig = ''
fastcgi_pass unix:/run/phpfpm-nextcloud.sock;
'';
};
};
}

55
services/self_host/ollama.nix
View file

@ -1,31 +1,36 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.service.selfhost.ollama;
cfg = config.service.selfhost.ollama;
in
{
config = lib.mkIf cfg {
services = {
ollama = {
enable = true;
loadModels = [
"qwen2.5:3b"
];
acceleration = "cuda";
};
config = lib.mkIf cfg {
services = {
ollama = {
enable = true;
loadModels = [
"qwen2.5:3b"
];
acceleration = "cuda";
};
open-webui = {
enable = true;
port = 13007;
};
nginx.virtualHosts."ollama.enium.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:13007";
proxyWebsockets = true;
};
};
};
};
open-webui = {
enable = true;
port = 13007;
};
nginx.virtualHosts."ollama.enium.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:13007";
proxyWebsockets = true;
};
};
};
};
}

39
services/self_host/teamspeak.nix
View file

@ -1,23 +1,28 @@
{ config, pkgs, lib, ... }:
{
config,
pkgs,
lib,
...
}:
let
cfg = config.service.selfhost.monitor;
cfg = config.service.selfhost.monitor;
in
{
config = lib.mkIf cfg {
services = {
teamspeak3 = {
enable = true;
};
config = lib.mkIf cfg {
services = {
teamspeak3 = {
enable = true;
};
nginx.virtualHosts."ts.enium.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:9987";
proxyWebsockets = true;
};
};
};
};
nginx.virtualHosts."ts.enium.eu" = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://127.0.0.1:9987";
proxyWebsockets = true;
};
};
};
};
}