tux/tawm
1
0
Fork 0
mirror of https://github.com/tuxdotrs/tawm.git synced 2025-07-06 04:56:34 +05:30
Code Issues Packages Projects Releases Wiki Activity

add postgres and plausible

Browse Source
This commit is contained in:
0xTux
2024-09-29 10:33:46 +05:30
parent 856be27a3f
commit eef2a71a66
4 changed files with 151 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
hosts/arcturus/default.nix
View File

@ -7,9 +7,11 @@
imports = [ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
../common ../common
../../modules/nixos/postgresql.nix
../../modules/nixos/headscale.nix ../../modules/nixos/headscale.nix
../../modules/nixos/vaultwarden.nix ../../modules/nixos/vaultwarden.nix
../../modules/nixos/gitea.nix ../../modules/nixos/gitea.nix
../../modules/nixos/plausible.nix
../../modules/nixos/monitoring/grafana.nix ../../modules/nixos/monitoring/grafana.nix
../../modules/nixos/monitoring/loki.nix ../../modules/nixos/monitoring/loki.nix
../../modules/nixos/monitoring/promtail.nix ../../modules/nixos/monitoring/promtail.nix
@ -33,6 +35,14 @@
"cloudflare_credentials/dns_api_token" = { "cloudflare_credentials/dns_api_token" = {
sopsFile = ./secrets.yaml; sopsFile = ./secrets.yaml;
}; };
plausible_password = {
sopsFile = ./secrets.yaml;
};
plausible_key = {
sopsFile = ./secrets.yaml;
};
}; };
boot = { boot = {

6
hosts/arcturus/secrets.yaml
View File

@ -1,5 +1,7 @@
borg_encryption_key: ENC[AES256_GCM,data:7DZQaoS2a5mPjTej25vr1aO1yAAPyXT2tf/VxKrLxF0=,iv:it8JlyEj4r4Z+qDvoEWMQlGkbVh08M/BCkGLVzRCVKQ=,tag:81gRhru8J3hkQhIbgUOgBg==,type:str] borg_encryption_key: ENC[AES256_GCM,data:7DZQaoS2a5mPjTej25vr1aO1yAAPyXT2tf/VxKrLxF0=,iv:it8JlyEj4r4Z+qDvoEWMQlGkbVh08M/BCkGLVzRCVKQ=,tag:81gRhru8J3hkQhIbgUOgBg==,type:str]
searx_secret_key: ENC[AES256_GCM,data:Z49PJ2gNI5CI0IfzOta+r67VNUvjoPpMVv5lajGhUMPzSy1KWZC5wIM3d02jWwCOsNjXdU5hE3j9W0rkoy5ZhFPXBJRUEv5b6IcaLA==,iv:364zGZkD2LO189nkvizl8yjedi1IgYEEQMA67SexSSI=,tag:qPqefG6jUaBOpUy6d7E++w==,type:str] searx_secret_key: ENC[AES256_GCM,data:Z49PJ2gNI5CI0IfzOta+r67VNUvjoPpMVv5lajGhUMPzSy1KWZC5wIM3d02jWwCOsNjXdU5hE3j9W0rkoy5ZhFPXBJRUEv5b6IcaLA==,iv:364zGZkD2LO189nkvizl8yjedi1IgYEEQMA67SexSSI=,tag:qPqefG6jUaBOpUy6d7E++w==,type:str]
plausible_password: ENC[AES256_GCM,data:B0r2UuFqmz9i5yxbTCg=,iv:u6jZKJ1n15W0xH+UzNfvU1fHy3jDHZjs55nSW+0KoEo=,tag:tN0dunetZUPm/tsYAvDOzg==,type:str]
plausible_key: ENC[AES256_GCM,data:Ynf2aJ6RLRdAkT9ltLpCXTl8zg/VESDchlf67PmKjc93rSfDgq9tFqv1q55Km2lDo7y9iLu5WyLLg24CSSwy8Q==,iv:yW5hgP4dhfkvunv3iYmXGEH9w29OOmrG4ourPagslVg=,tag:C5PVfEseP5gJdoQQL4gERQ==,type:str]
cloudflare_credentials: cloudflare_credentials:
email: ENC[AES256_GCM,data:qesgxkzUglKdYPI=,iv:2XDEoQzmtagSiILWZzJPswdhkQ+qjdZfNd+LL1nHPx8=,tag:K1F23Za2Zq78tzf0fl5zEw==,type:str] email: ENC[AES256_GCM,data:qesgxkzUglKdYPI=,iv:2XDEoQzmtagSiILWZzJPswdhkQ+qjdZfNd+LL1nHPx8=,tag:K1F23Za2Zq78tzf0fl5zEw==,type:str]
dns_api_token: ENC[AES256_GCM,data:ibSL4KWYhqgHjo27fiSqB1iN9NWU3/qGGuLpmiMpBf+qCuh8uxR7Yw==,iv:NapMvfUSm5rgeROK7KuxGyog8s2PW9CCKtjRG87FoCQ=,tag:/Oah7PRCe4XPts0IYt83zw==,type:str] dns_api_token: ENC[AES256_GCM,data:ibSL4KWYhqgHjo27fiSqB1iN9NWU3/qGGuLpmiMpBf+qCuh8uxR7Yw==,iv:NapMvfUSm5rgeROK7KuxGyog8s2PW9CCKtjRG87FoCQ=,tag:/Oah7PRCe4XPts0IYt83zw==,type:str]
@ -27,8 +29,8 @@ sops:
NGprRGVyZ2plWVNrM3drM3JSUjM2L0UKuNk5DqYn2DIfRpY72zDRP5BKoVAXtNv9 NGprRGVyZ2plWVNrM3drM3JSUjM2L0UKuNk5DqYn2DIfRpY72zDRP5BKoVAXtNv9
uLI//8wc7f4I3uBdARQdpRE1fapY1UOJOn3i0yndrZARPEbdohRK1Q== uLI//8wc7f4I3uBdARQdpRE1fapY1UOJOn3i0yndrZARPEbdohRK1Q==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-26T14:25:03Z" lastmodified: "2024-09-29T03:57:54Z"
mac: ENC[AES256_GCM,data:UOxh1tIsFmYJ8i5HKhK8ckSZTbXsl6BmJATuLIJhfT93ir/sh58E9a9D6p6+Uyl6lt9qRESKRpeHUsdy4kKtXmmutQACzUHgVobzgL/1KpGYM4A/Wj5pSWGiT6D/zDkR0pJNFEshHxNfTJE8B6ZKFkHXy85nY22DW4fLjuMD4Y4=,iv:X4ArW4afDSHZ84rnn8Cuh+4Sgmk+7NXqcewgemlW+VI=,tag:2yorv0yFRAQkTZm06TQNiA==,type:str] mac: ENC[AES256_GCM,data:rQe7AKr5nY2hgIlVndBizG7Qnh4NgWerav/7VfU9n5ZqY8FO2ojPO7HCIRJggsMUXNNcsrj7oxLvsEDH4IwCnOySM5zrouQY20RL4eBBZ8W+fZERRGEZ8sQCey6Jt/w1sIP/eCVQMlL6RDqX7yTy0my0Ufu6pkGNELl4i+kui9c=,iv:bq64/7j23uF/Qm6xTv9xnrjTKyaFjI2HjTSSVfTw8aE=,tag:N6SQk+QSq0zCZZRA5DNouw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.0 version: 3.9.0

45
modules/nixos/plausible.nix Normal file
View File

@ -0,0 +1,45 @@
{
config,
lib,
...
}: {
services = {
plausible = {
enable = true;
server = {
baseUrl = "https://plausible.tux.rs";
port = 2100;
disableRegistration = true;
secretKeybaseFile = config.sops.secrets.plausible_key.path;
};
adminUser = {
activate = true;
name = "tux";
email = "0xtux@pm.me";
passwordFile = config.sops.secrets.plausible_password.path;
};
database.postgres = {
dbname = "plausible";
socket = "/run/postgresql";
};
};
nginx = {
enable = lib.mkForce true;
virtualHosts = {
"plausible.tux.rs" = {
forceSSL = true;
useACMEHost = "tux.rs";
locations = {
"/" = {
proxyPass = "http://localhost:2100";
};
};
};
};
};
};
}

92
modules/nixos/postgresql.nix Normal file
View File

@ -0,0 +1,92 @@
{
lib,
pkgs,
...
}: {
services.postgresql = {
enable = true;
package = pkgs.postgresql_16;
ensureDatabases = [
"plausible"
];
ensureUsers = [
{
name = "postgres";
ensureClauses = {
superuser = true;
login = true;
createrole = true;
createdb = true;
replication = true;
};
}
{
name = "plausible";
ensureDBOwnership = true;
}
];
checkConfig = true;
enableTCPIP = false;
settings = {
max_connections = 100;
superuser_reserved_connections = 3;
shared_buffers = "1024 MB";
work_mem = "32 MB";
maintenance_work_mem = "320 MB";
huge_pages = "off";
effective_cache_size = "3 GB";
effective_io_concurrency = 100;
random_page_cost = 1.25;
shared_preload_libraries = "pg_stat_statements";
track_io_timing = "on";
track_functions = "pl";
wal_level = "replica";
max_wal_senders = 0;
synchronous_commit = "on";
checkpoint_timeout = "15 min";
checkpoint_completion_target = 0.9;
max_wal_size = "1024 MB";
min_wal_size = "512 MB";
wal_compression = "on";
wal_buffers = -1;
wal_writer_delay = "200ms";
wal_writer_flush_after = "1MB";
bgwriter_delay = "200ms";
bgwriter_lru_maxpages = 100;
bgwriter_lru_multiplier = 2.0;
bgwriter_flush_after = 0;
max_worker_processes = 3;
max_parallel_workers_per_gather = 2;
max_parallel_maintenance_workers = 2;
max_parallel_workers = 3;
parallel_leader_participation = "on";
enable_partitionwise_join = "on";
enable_partitionwise_aggregate = "on";
jit = "on";
jit_above_cost = 100000;
jit_inline_above_cost = 150000;
jit_optimize_above_cost = 500000;
log_min_duration_statement = 100;
"auto_explain.log_min_duration" = 100;
log_connections = true;
log_statement = "all";
logging_collector = true;
log_disconnections = true;
log_destination = lib.mkForce "syslog";
};
};
}