nolan/nixos
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Compare commits

base: nolan:ccc9468d43ffb4c8223b3ef4f877785a69b9403c
Branches Tags
nolan:main
..
compare: nolan:7d82ac39a65fffbecd4ebf8e5fb231152c328b67
Branches Tags
nolan:main

3 commits
ccc9468d43 ... 7d82ac39a6

Author SHA1 Message Date
Nolan Darilek
7d82ac39a6 Bump dependencies. 2025-04-24 15:10:34 -05:00
Nolan Darilek
c657a2c301 Only bind to local ports. 2025-04-24 14:59:23 -05:00
Nolan Darilek
557be818da Add Grafana/Prometheus. 2025-04-24 14:58:51 -05:00
7 changed files with 72 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

18
flake.lock generated
View file

@ -169,11 +169,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1744633460, "lastModified": 1745503349,
"narHash": "sha256-fbWE4Xpw6eH0Q6in+ymNuDwTkqmFmtxcQEmtRuKDTTk=", "narHash": "sha256-bUGjvaPVsOfQeTz9/rLTNLDyqbzhl0CQtJJlhFPhIYw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "9a049b4a421076d27fee3eec664a18b2066824cb", "rev": "f7bee55a5e551bd8e7b5b82c9bc559bc50d868d1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -216,11 +216,11 @@
}, },
"nixpkgsUnstable": { "nixpkgsUnstable": {
"locked": { "locked": {
"lastModified": 1744463964, "lastModified": 1745391562,
"narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=", "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650", "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -244,11 +244,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1744440957, "lastModified": 1745487689,
"narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=", "narHash": "sha256-FQoi3R0NjQeBAsEOo49b5tbDPcJSMWc3QhhaIi9eddw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d", "rev": "5630cf13cceac06cefe9fc607e8dfa8fb342dde3",
"type": "github" "type": "github"
}, },
"original": { "original": {

2
hosts/hub/apps/actual.nix
View file

@ -8,7 +8,7 @@
virtualisation.oci-containers.containers.actual = { virtualisation.oci-containers.containers.actual = {
image = "actualbudget/actual-server:latest"; image = "actualbudget/actual-server:latest";
ports = [ ports = [
"5006:5006" "127.0.0.1:5006:5006"
]; ];
environment = { environment = {
ACTUAL_LOGIN_METHOD = "header"; ACTUAL_LOGIN_METHOD = "header";

19
hosts/hub/apps/grafana.nix
View file

@ -3,19 +3,22 @@
grafana = { grafana = {
enable = true; enable = true;
settings = { settings = {
auth.proxy = { server = {
enabled = true; root_url = "https://grafana.tailc50184.ts.net";
header_name = "Remote-User";
headers = "Name:Remote-Name Email:Remote-Email Groups:Remote-Groups";
}; };
# "auth.proxy" = {
# enabled = true;
# header_name = "Remote-User";
# headers = "Name:Remote-Name Email:Remote-Email Groups:Remote-Groups";
# };
}; };
}; };
caddy.virtualHosts."grafana.tailc50184.ts.net".extraConfig = '' caddy.virtualHosts."grafana.tailc50184.ts.net".extraConfig = ''
bind tailscale/grafana bind tailscale/grafana
forward_auth localhost:9091 { # forward_auth localhost:9091 {
uri /api/authz/forward-auth # uri /api/authz/forward-auth
copy_headers Remote-User Remote-Name Remote-Email Remote-Groups # copy_headers Remote-User Remote-Name Remote-Email Remote-Groups
} # }
reverse_proxy localhost:3000 reverse_proxy localhost:3000
''; '';
}; };

23
hosts/hub/apps/karakeep.nix Normal file
View file

@ -0,0 +1,23 @@
{ config, ... }:
{
systemd.tmpfiles.rules = [
"d /var/lib/actual 0755 root root"
];
virtualisation.oci-containers.containers.actual = {
image = "actualbudget/actual-server:latest";
ports = [
"5006:5006"
];
environment = {
ACTUAL_LOGIN_METHOD = "header";
};
volumes = [ "/var/lib/actual:/data" ];
};
services.caddy.virtualHosts."https://budget.tailc50184.ts.net".extraConfig = ''
bind tailscale/budget
reverse_proxy http://localhost:5006
'';
}

2
hosts/hub/apps/open-webui.nix
View file

@ -10,7 +10,7 @@ in
virtualisation.oci-containers.containers.open-webui = { virtualisation.oci-containers.containers.open-webui = {
image = "ghcr.io/open-webui/open-webui:main"; image = "ghcr.io/open-webui/open-webui:main";
ports = [ ports = [
"8090:8080" "127.0.0.1:8090:8080"
]; ];
volumes = [ "/var/lib/open-webui:/app/backend/data" ]; volumes = [ "/var/lib/open-webui:/app/backend/data" ];
environment = { environment = {

23
hosts/hub/apps/prometheus.nix
View file

@ -0,0 +1,23 @@
{ config, ... }:
{
services = {
prometheus = {
enable = true;
scrapeConfigs = [
{
job_name = "thewordnerd";
static_configs = [
{
targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ];
}
];
}
];
};
caddy.virtualHosts."prometheus.tailc50184.ts.net".extraConfig = ''
bind tailscale/prometheus
reverse_proxy localhost:9090
'';
};
}

4
hosts/hub/default.nix
View file

@ -11,8 +11,10 @@
../../roles/restic.nix ../../roles/restic.nix
../../base.nix ../../base.nix
../../users/root.nix ../../users/root.nix
../../roles/restic.nix
../../roles/fail2ban.nix ../../roles/fail2ban.nix
../../roles/tailscale.nix ../../roles/tailscale.nix
../../roles/prometheus.nix
../../roles/lldap.nix ../../roles/lldap.nix
../../roles/authelia.nix ../../roles/authelia.nix
../../roles/podman.nix ../../roles/podman.nix
@ -21,6 +23,8 @@
../../roles/vscode-remote.nix ../../roles/vscode-remote.nix
../../roles/postgres.nix ../../roles/postgres.nix
../../roles/syncthing.nix ../../roles/syncthing.nix
./apps/grafana.nix
./apps/prometheus.nix
./apps/dev.nix ./apps/dev.nix
./apps/nextcloud.nix ./apps/nextcloud.nix
./apps/paperless.nix ./apps/paperless.nix