From 1d0776eb5205fa6210de8bcfe63c8e68911880cd Mon Sep 17 00:00:00 2001
From: Nolan Darilek <nolan@thewordnerd.info>
Date: Fri, 18 Apr 2025 19:39:27 -0500
Subject: [PATCH 1/2] New Tailscale auth key.

---
 secrets/ts_auth_key.age | Bin 397 -> 396 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/secrets/ts_auth_key.age b/secrets/ts_auth_key.age
index 0db964ebdb437c7a8eb4cf08b55861a165d2a2ec..526a1819516685a395cdf8a1660579f2fbb083a4 100644
GIT binary patch
delta 361
zcmeBW?qQywQ=ePtS8iaKo9pISsa=ue>+W0SlkBQp>|^AXl^fvapXQtylo6C?9-(dQ
z$(3c9=H+K*RFr4t<5Cf7Xqi&!8<bY*YhdYWnP!sh<(aH+scmWQ=IR*X$fawiP+Xj$
zo0?)|YHDbyP#NSDU{S6R995Fxl4$Iin3SC4oL3c)U++}uo0yjrkW}oJV`l1-@0C+l
z7?4<%k!tA36<q3H>YwDFRcu~p;%riuU0{@2l$c%Y<DXGflIs|1XddO28fs}|VQ!Yq
zrK_u}U|F1ER+Ss-lv$QqWgb!JZ<y_xZB*&0pW#@X>Q`BnR%)E<Ut#H65^fU8^?w=j
z{Mc`vGn2dm*ymWYUw<3a`{m3HDMg`-v|Byfc>lJQ&7SNNt;Hh$<ipyaFJ4D~2j)v0
z;40t0;>Q99ZsXNStABRiJ*OghX{Y)N^Zn&|jK*89_1Q~w{JuE5t-2#|lbz1gpk?mq
KZ=S^pJp%x^$%knG

delta 362
zcmeBS?q!~!Q=b%&pX+F@U0zgF;B0K_?cyJqYL@R(5$a{=lA96WRpn{mo2j4gWKrrE
z$Yo?4?3=0|YE%*#<!9mV8{`;N=<Mm{6XaJATA&~5<&=_<TalOHZW$gL%B5?kP+Xj$
zo0?)|YHDbyP#NSDU{S7M;Zj+a=H?o1nD6LkkQ)@1Qy-R<X%JLpQ0SZNtDonZoD~q}
zW$5l{mK#>i<!ND&;_v2V?vvzekx}H5q+Obx?Q0TIQIuz#m7ZzhX_6OYs$FKDQ|#)>
zrK_u}P?}U+WT5Szm{Jv0T$o(uADo}&n^a!tpY3NF;^kLZ6_n$d;v5vD?c^KD<$J&~
z^!)muzsYx{g@ksB2nC#Gn|71ojz?yc+s-%>e!J;)j^>AN?l$4zv;TWB$m`GjKDIf>
zy6)FAFSSzr(b>peKB0;8&fz$-x4~>Pms~h?ihF%?uZGwvrp^Gj)e-k6*Z$DjEoIvG
KOf1#U@fQGpB7&m;


From 4b054cc0f8fafd1d363781837a10021290231a06 Mon Sep 17 00:00:00 2001
From: Nolan Darilek <nolan@thewordnerd.info>
Date: Fri, 18 Apr 2025 19:40:45 -0500
Subject: [PATCH 2/2] Add state versions.

---
 hosts/hub/apps/adguard.nix    |  1 +
 hosts/hub/apps/dev.nix        |  1 +
 hosts/hub/apps/grafana.nix    | 22 ++++++++++++++++++++++
 hosts/hub/apps/nextcloud.nix  |  1 +
 hosts/hub/apps/prometheus.nix |  0
 roles/prometheus.nix          |  0
 6 files changed, 25 insertions(+)
 create mode 100644 hosts/hub/apps/grafana.nix
 create mode 100644 hosts/hub/apps/prometheus.nix
 create mode 100644 roles/prometheus.nix

diff --git a/hosts/hub/apps/adguard.nix b/hosts/hub/apps/adguard.nix
index fa0d758..9333912 100644
--- a/hosts/hub/apps/adguard.nix
+++ b/hosts/hub/apps/adguard.nix
@@ -23,6 +23,7 @@
             interfaceName = "userspace-networking";
           };
         };
+        system.stateVersion = "24.11";
       };
   };
 }
diff --git a/hosts/hub/apps/dev.nix b/hosts/hub/apps/dev.nix
index e353cc2..082740d 100644
--- a/hosts/hub/apps/dev.nix
+++ b/hosts/hub/apps/dev.nix
@@ -141,6 +141,7 @@ in
           PATH = [ "${pkgs.forgejo}/bin" ];
           GITEA_WORK_DIR = "/var/lib/gitea";
         };
+        system.stateVersion = "24.11";
       };
     bindMounts = {
       "/run/postgresql" = {
diff --git a/hosts/hub/apps/grafana.nix b/hosts/hub/apps/grafana.nix
new file mode 100644
index 0000000..e37ceb0
--- /dev/null
+++ b/hosts/hub/apps/grafana.nix
@@ -0,0 +1,22 @@
+{
+  services = {
+    grafana = {
+      enable = true;
+      settings = {
+        auth.proxy = {
+          enabled = true;
+          header_name = "Remote-User";
+          headers = "Name:Remote-Name Email:Remote-Email Groups:Remote-Groups";
+        };
+      };
+    };
+    caddy.virtualHosts."grafana.tailc50184.ts.net".extraConfig = ''
+      bind tailscale/grafana
+      forward_auth localhost:9091 {
+        uri /api/authz/forward-auth
+        copy_headers Remote-User Remote-Name Remote-Email Remote-Groups
+      }
+      reverse_proxy localhost:3000
+    '';
+  };
+}
diff --git a/hosts/hub/apps/nextcloud.nix b/hosts/hub/apps/nextcloud.nix
index b842149..fd45046 100644
--- a/hosts/hub/apps/nextcloud.nix
+++ b/hosts/hub/apps/nextcloud.nix
@@ -67,6 +67,7 @@
             exec nextcloud-occ "$@"
           '')
         ];
+        system.stateVersion = "24.11";
       };
     # https://discourse.nixos.org/t/podman-docker-in-nixos-container-ideally-in-unprivileged-one/22909/12
     additionalCapabilities = [
diff --git a/hosts/hub/apps/prometheus.nix b/hosts/hub/apps/prometheus.nix
new file mode 100644
index 0000000..e69de29
diff --git a/roles/prometheus.nix b/roles/prometheus.nix
new file mode 100644
index 0000000..e69de29