From 557be818daab4b62a93c949aaac5eb03358fe2b8 Mon Sep 17 00:00:00 2001 From: Nolan Darilek Date: Thu, 24 Apr 2025 14:58:51 -0500 Subject: [PATCH] Add Grafana/Prometheus. --- hosts/hub/apps/grafana.nix | 19 +++++++++++-------- hosts/hub/apps/karakeep.nix | 23 +++++++++++++++++++++++ hosts/hub/apps/prometheus.nix | 23 +++++++++++++++++++++++ hosts/hub/default.nix | 4 ++++ 4 files changed, 61 insertions(+), 8 deletions(-) create mode 100644 hosts/hub/apps/karakeep.nix diff --git a/hosts/hub/apps/grafana.nix b/hosts/hub/apps/grafana.nix index e37ceb0..a41f8a5 100644 --- a/hosts/hub/apps/grafana.nix +++ b/hosts/hub/apps/grafana.nix @@ -3,19 +3,22 @@ grafana = { enable = true; settings = { - auth.proxy = { - enabled = true; - header_name = "Remote-User"; - headers = "Name:Remote-Name Email:Remote-Email Groups:Remote-Groups"; + server = { + root_url = "https://grafana.tailc50184.ts.net"; }; + # "auth.proxy" = { + # enabled = true; + # header_name = "Remote-User"; + # headers = "Name:Remote-Name Email:Remote-Email Groups:Remote-Groups"; + # }; }; }; caddy.virtualHosts."grafana.tailc50184.ts.net".extraConfig = '' bind tailscale/grafana - forward_auth localhost:9091 { - uri /api/authz/forward-auth - copy_headers Remote-User Remote-Name Remote-Email Remote-Groups - } + # forward_auth localhost:9091 { + # uri /api/authz/forward-auth + # copy_headers Remote-User Remote-Name Remote-Email Remote-Groups + # } reverse_proxy localhost:3000 ''; }; diff --git a/hosts/hub/apps/karakeep.nix b/hosts/hub/apps/karakeep.nix new file mode 100644 index 0000000..8bf4170 --- /dev/null +++ b/hosts/hub/apps/karakeep.nix @@ -0,0 +1,23 @@ +{ config, ... }: + +{ + systemd.tmpfiles.rules = [ + "d /var/lib/actual 0755 root root" + ]; + + virtualisation.oci-containers.containers.actual = { + image = "actualbudget/actual-server:latest"; + ports = [ + "5006:5006" + ]; + environment = { + ACTUAL_LOGIN_METHOD = "header"; + }; + volumes = [ "/var/lib/actual:/data" ]; + }; + + services.caddy.virtualHosts."https://budget.tailc50184.ts.net".extraConfig = '' + bind tailscale/budget + reverse_proxy http://localhost:5006 + ''; +} diff --git a/hosts/hub/apps/prometheus.nix b/hosts/hub/apps/prometheus.nix index e69de29..8a90c38 100644 --- a/hosts/hub/apps/prometheus.nix +++ b/hosts/hub/apps/prometheus.nix @@ -0,0 +1,23 @@ +{ config, ... }: + +{ + services = { + prometheus = { + enable = true; + scrapeConfigs = [ + { + job_name = "thewordnerd"; + static_configs = [ + { + targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ]; + } + ]; + } + ]; + }; + caddy.virtualHosts."prometheus.tailc50184.ts.net".extraConfig = '' + bind tailscale/prometheus + reverse_proxy localhost:9090 + ''; + }; +} diff --git a/hosts/hub/default.nix b/hosts/hub/default.nix index c2feb93..5efc676 100644 --- a/hosts/hub/default.nix +++ b/hosts/hub/default.nix @@ -11,8 +11,10 @@ ../../roles/restic.nix ../../base.nix ../../users/root.nix + ../../roles/restic.nix ../../roles/fail2ban.nix ../../roles/tailscale.nix + ../../roles/prometheus.nix ../../roles/lldap.nix ../../roles/authelia.nix ../../roles/podman.nix @@ -21,6 +23,8 @@ ../../roles/vscode-remote.nix ../../roles/postgres.nix ../../roles/syncthing.nix + ./apps/grafana.nix + ./apps/prometheus.nix ./apps/dev.nix ./apps/nextcloud.nix ./apps/paperless.nix