Add Grafana/Prometheus.

hosts/hub/apps/grafana.nix

@@ -3,19 +3,22 @@
     grafana = {
       enable = true;
       settings = {
-        auth.proxy = {
-          enabled = true;
-          header_name = "Remote-User";
-          headers = "Name:Remote-Name Email:Remote-Email Groups:Remote-Groups";
+        server = {
+          root_url = "https://grafana.tailc50184.ts.net";
         };
+        # "auth.proxy" = {
+        #   enabled = true;
+        #   header_name = "Remote-User";
+        #   headers = "Name:Remote-Name Email:Remote-Email Groups:Remote-Groups";
+        # };
       };
     };
     caddy.virtualHosts."grafana.tailc50184.ts.net".extraConfig = ''
       bind tailscale/grafana
-      forward_auth localhost:9091 {
-        uri /api/authz/forward-auth
-        copy_headers Remote-User Remote-Name Remote-Email Remote-Groups
-      }
+      # forward_auth localhost:9091 {
+      #   uri /api/authz/forward-auth
+      #   copy_headers Remote-User Remote-Name Remote-Email Remote-Groups
+      # }
       reverse_proxy localhost:3000
     '';
   };

hosts/hub/apps/karakeep.nix

@@ -0,0 +1,23 @@
+{ config, ... }:
+
+{
+  systemd.tmpfiles.rules = [
+    "d /var/lib/actual 0755 root root"
+  ];
+
+  virtualisation.oci-containers.containers.actual = {
+    image = "actualbudget/actual-server:latest";
+    ports = [
+      "5006:5006"
+    ];
+    environment = {
+      ACTUAL_LOGIN_METHOD = "header";
+    };
+    volumes = [ "/var/lib/actual:/data" ];
+  };
+
+  services.caddy.virtualHosts."https://budget.tailc50184.ts.net".extraConfig = ''
+    bind tailscale/budget
+    reverse_proxy http://localhost:5006
+  '';
+}

hosts/hub/apps/prometheus.nix

@@ -0,0 +1,23 @@
+{ config, ... }:
+
+{
+  services = {
+    prometheus = {
+      enable = true;
+      scrapeConfigs = [
+        {
+          job_name = "thewordnerd";
+          static_configs = [
+            {
+              targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ];
+            }
+          ];
+        }
+      ];
+    };
+    caddy.virtualHosts."prometheus.tailc50184.ts.net".extraConfig = ''
+      bind tailscale/prometheus
+      reverse_proxy localhost:9090
+    '';
+  };
+}

hosts/hub/default.nix

@@ -11,8 +11,10 @@
     ../../roles/restic.nix
     ../../base.nix
     ../../users/root.nix
+    ../../roles/restic.nix
     ../../roles/fail2ban.nix
     ../../roles/tailscale.nix
+    ../../roles/prometheus.nix
     ../../roles/lldap.nix
     ../../roles/authelia.nix
     ../../roles/podman.nix
@@ -21,6 +23,8 @@
     ../../roles/vscode-remote.nix
     ../../roles/postgres.nix
     ../../roles/syncthing.nix
+    ./apps/grafana.nix
+    ./apps/prometheus.nix
     ./apps/dev.nix
     ./apps/nextcloud.nix
     ./apps/paperless.nix