7 changed files with 19 additions and 72 deletions
--- a/flake.lock
+++ b/flake.lock
@ -169,11 +169,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1745503349,
-        "narHash": "sha256-bUGjvaPVsOfQeTz9/rLTNLDyqbzhl0CQtJJlhFPhIYw=",
+        "lastModified": 1744633460,
+        "narHash": "sha256-fbWE4Xpw6eH0Q6in+ymNuDwTkqmFmtxcQEmtRuKDTTk=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "f7bee55a5e551bd8e7b5b82c9bc559bc50d868d1",
+        "rev": "9a049b4a421076d27fee3eec664a18b2066824cb",
        "type": "github"
      },
      "original": {
@ -216,11 +216,11 @@
    },
    "nixpkgsUnstable": {
      "locked": {
-        "lastModified": 1745391562,
-        "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=",
+        "lastModified": 1744463964,
+        "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7",
+        "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650",
        "type": "github"
      },
      "original": {
@ -244,11 +244,11 @@
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1745487689,
-        "narHash": "sha256-FQoi3R0NjQeBAsEOo49b5tbDPcJSMWc3QhhaIi9eddw=",
+        "lastModified": 1744440957,
+        "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "5630cf13cceac06cefe9fc607e8dfa8fb342dde3",
+        "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d",
        "type": "github"
      },
      "original": {
--- a/hosts/hub/apps/actual.nix
+++ b/hosts/hub/apps/actual.nix
@ -8,7 +8,7 @@
  virtualisation.oci-containers.containers.actual = {
    image = "actualbudget/actual-server:latest";
    ports = [
-      "127.0.0.1:5006:5006"
+      "5006:5006"
    ];
    environment = {
      ACTUAL_LOGIN_METHOD = "header";
--- a/hosts/hub/apps/grafana.nix
+++ b/hosts/hub/apps/grafana.nix
@ -3,22 +3,19 @@
    grafana = {
      enable = true;
      settings = {
-        server = {
-          root_url = "https://grafana.tailc50184.ts.net";
+        auth.proxy = {
+          enabled = true;
+          header_name = "Remote-User";
+          headers = "Name:Remote-Name Email:Remote-Email Groups:Remote-Groups";
        };
-        # "auth.proxy" = {
-        #   enabled = true;
-        #   header_name = "Remote-User";
-        #   headers = "Name:Remote-Name Email:Remote-Email Groups:Remote-Groups";
-        # };
      };
    };
    caddy.virtualHosts."grafana.tailc50184.ts.net".extraConfig = ''
      bind tailscale/grafana
-      # forward_auth localhost:9091 {
-      #   uri /api/authz/forward-auth
-      #   copy_headers Remote-User Remote-Name Remote-Email Remote-Groups
-      # }
+      forward_auth localhost:9091 {
+        uri /api/authz/forward-auth
+        copy_headers Remote-User Remote-Name Remote-Email Remote-Groups
+      }
      reverse_proxy localhost:3000
    '';
  };
--- a/hosts/hub/apps/karakeep.nix
+++ b/hosts/hub/apps/karakeep.nix
@ -1,23 +0,0 @@
-{ config, ... }:
-
-{
-  systemd.tmpfiles.rules = [
-    "d /var/lib/actual 0755 root root"
-  ];
-
-  virtualisation.oci-containers.containers.actual = {
-    image = "actualbudget/actual-server:latest";
-    ports = [
-      "5006:5006"
-    ];
-    environment = {
-      ACTUAL_LOGIN_METHOD = "header";
-    };
-    volumes = [ "/var/lib/actual:/data" ];
-  };
-
-  services.caddy.virtualHosts."https://budget.tailc50184.ts.net".extraConfig = ''
-    bind tailscale/budget
-    reverse_proxy http://localhost:5006
-  '';
-}
--- a/hosts/hub/apps/open-webui.nix
+++ b/hosts/hub/apps/open-webui.nix
@ -10,7 +10,7 @@ in
  virtualisation.oci-containers.containers.open-webui = {
    image = "ghcr.io/open-webui/open-webui:main";
    ports = [
-      "127.0.0.1:8090:8080"
+      "8090:8080"
    ];
    volumes = [ "/var/lib/open-webui:/app/backend/data" ];
    environment = {
--- a/hosts/hub/apps/prometheus.nix
+++ b/hosts/hub/apps/prometheus.nix
@ -1,23 +0,0 @@
-{ config, ... }:
-
-{
-  services = {
-    prometheus = {
-      enable = true;
-      scrapeConfigs = [
-        {
-          job_name = "thewordnerd";
-          static_configs = [
-            {
-              targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ];
-            }
-          ];
-        }
-      ];
-    };
-    caddy.virtualHosts."prometheus.tailc50184.ts.net".extraConfig = ''
-      bind tailscale/prometheus
-      reverse_proxy localhost:9090
-    '';
-  };
-}
--- a/hosts/hub/default.nix
+++ b/hosts/hub/default.nix
@ -11,10 +11,8 @@
    ../../roles/restic.nix
    ../../base.nix
    ../../users/root.nix
-    ../../roles/restic.nix
    ../../roles/fail2ban.nix
    ../../roles/tailscale.nix
-    ../../roles/prometheus.nix
    ../../roles/lldap.nix
    ../../roles/authelia.nix
    ../../roles/podman.nix
@ -23,8 +21,6 @@
    ../../roles/vscode-remote.nix
    ../../roles/postgres.nix
    ../../roles/syncthing.nix
-    ./apps/grafana.nix
-    ./apps/prometheus.nix
    ./apps/dev.nix
    ./apps/nextcloud.nix
    ./apps/paperless.nix