diff --git a/hosts/hub/apps/adguard.nix b/hosts/hub/apps/adguard.nix index fa0d758..9333912 100644 --- a/hosts/hub/apps/adguard.nix +++ b/hosts/hub/apps/adguard.nix @@ -23,6 +23,7 @@ interfaceName = "userspace-networking"; }; }; + system.stateVersion = "24.11"; }; }; } diff --git a/hosts/hub/apps/dev.nix b/hosts/hub/apps/dev.nix index e353cc2..082740d 100644 --- a/hosts/hub/apps/dev.nix +++ b/hosts/hub/apps/dev.nix @@ -141,6 +141,7 @@ in PATH = [ "${pkgs.forgejo}/bin" ]; GITEA_WORK_DIR = "/var/lib/gitea"; }; + system.stateVersion = "24.11"; }; bindMounts = { "/run/postgresql" = { diff --git a/hosts/hub/apps/grafana.nix b/hosts/hub/apps/grafana.nix new file mode 100644 index 0000000..e37ceb0 --- /dev/null +++ b/hosts/hub/apps/grafana.nix @@ -0,0 +1,22 @@ +{ + services = { + grafana = { + enable = true; + settings = { + auth.proxy = { + enabled = true; + header_name = "Remote-User"; + headers = "Name:Remote-Name Email:Remote-Email Groups:Remote-Groups"; + }; + }; + }; + caddy.virtualHosts."grafana.tailc50184.ts.net".extraConfig = '' + bind tailscale/grafana + forward_auth localhost:9091 { + uri /api/authz/forward-auth + copy_headers Remote-User Remote-Name Remote-Email Remote-Groups + } + reverse_proxy localhost:3000 + ''; + }; +} diff --git a/hosts/hub/apps/nextcloud.nix b/hosts/hub/apps/nextcloud.nix index b842149..fd45046 100644 --- a/hosts/hub/apps/nextcloud.nix +++ b/hosts/hub/apps/nextcloud.nix @@ -67,6 +67,7 @@ exec nextcloud-occ "$@" '') ]; + system.stateVersion = "24.11"; }; # https://discourse.nixos.org/t/podman-docker-in-nixos-container-ideally-in-unprivileged-one/22909/12 additionalCapabilities = [ diff --git a/hosts/hub/apps/prometheus.nix b/hosts/hub/apps/prometheus.nix new file mode 100644 index 0000000..e69de29 diff --git a/roles/prometheus.nix b/roles/prometheus.nix new file mode 100644 index 0000000..e69de29