Bump dependencies.

Only bind to local ports.
Add Grafana/Prometheus.
2025-04-24 15:10:34 -05:00 · 2025-04-24 14:59:23 -05:00 · 2025-04-24 14:58:51 -05:00
7 changed files with 72 additions and 19 deletions
--- a/flake.lock
+++ b/flake.lock
@ -169,11 +169,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1744633460,
-        "narHash": "sha256-fbWE4Xpw6eH0Q6in+ymNuDwTkqmFmtxcQEmtRuKDTTk=",
+        "lastModified": 1745503349,
+        "narHash": "sha256-bUGjvaPVsOfQeTz9/rLTNLDyqbzhl0CQtJJlhFPhIYw=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "9a049b4a421076d27fee3eec664a18b2066824cb",
+        "rev": "f7bee55a5e551bd8e7b5b82c9bc559bc50d868d1",
        "type": "github"
      },
      "original": {
@ -216,11 +216,11 @@
    },
    "nixpkgsUnstable": {
      "locked": {
-        "lastModified": 1744463964,
-        "narHash": "sha256-LWqduOgLHCFxiTNYi3Uj5Lgz0SR+Xhw3kr/3Xd0GPTM=",
+        "lastModified": 1745391562,
+        "narHash": "sha256-sPwcCYuiEopaafePqlG826tBhctuJsLx/mhKKM5Fmjo=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "2631b0b7abcea6e640ce31cd78ea58910d31e650",
+        "rev": "8a2f738d9d1f1d986b5a4cd2fd2061a7127237d7",
        "type": "github"
      },
      "original": {
@ -244,11 +244,11 @@
    },
    "nixpkgs_3": {
      "locked": {
-        "lastModified": 1744440957,
-        "narHash": "sha256-FHlSkNqFmPxPJvy+6fNLaNeWnF1lZSgqVCl/eWaJRc4=",
+        "lastModified": 1745487689,
+        "narHash": "sha256-FQoi3R0NjQeBAsEOo49b5tbDPcJSMWc3QhhaIi9eddw=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "26d499fc9f1d567283d5d56fcf367edd815dba1d",
+        "rev": "5630cf13cceac06cefe9fc607e8dfa8fb342dde3",
        "type": "github"
      },
      "original": {
--- a/hosts/hub/apps/actual.nix
+++ b/hosts/hub/apps/actual.nix
@ -8,7 +8,7 @@
  virtualisation.oci-containers.containers.actual = {
    image = "actualbudget/actual-server:latest";
    ports = [
-      "5006:5006"
+      "127.0.0.1:5006:5006"
    ];
    environment = {
      ACTUAL_LOGIN_METHOD = "header";
--- a/hosts/hub/apps/grafana.nix
+++ b/hosts/hub/apps/grafana.nix
@ -3,19 +3,22 @@
    grafana = {
      enable = true;
      settings = {
-        auth.proxy = {
-          enabled = true;
-          header_name = "Remote-User";
-          headers = "Name:Remote-Name Email:Remote-Email Groups:Remote-Groups";
+        server = {
+          root_url = "https://grafana.tailc50184.ts.net";
        };
+        # "auth.proxy" = {
+        #   enabled = true;
+        #   header_name = "Remote-User";
+        #   headers = "Name:Remote-Name Email:Remote-Email Groups:Remote-Groups";
+        # };
      };
    };
    caddy.virtualHosts."grafana.tailc50184.ts.net".extraConfig = ''
      bind tailscale/grafana
-      forward_auth localhost:9091 {
-        uri /api/authz/forward-auth
-        copy_headers Remote-User Remote-Name Remote-Email Remote-Groups
-      }
+      # forward_auth localhost:9091 {
+      #   uri /api/authz/forward-auth
+      #   copy_headers Remote-User Remote-Name Remote-Email Remote-Groups
+      # }
      reverse_proxy localhost:3000
    '';
  };
--- a/hosts/hub/apps/karakeep.nix
+++ b/hosts/hub/apps/karakeep.nix
@ -0,0 +1,23 @@
+{ config, ... }:
+
+{
+  systemd.tmpfiles.rules = [
+    "d /var/lib/actual 0755 root root"
+  ];
+
+  virtualisation.oci-containers.containers.actual = {
+    image = "actualbudget/actual-server:latest";
+    ports = [
+      "5006:5006"
+    ];
+    environment = {
+      ACTUAL_LOGIN_METHOD = "header";
+    };
+    volumes = [ "/var/lib/actual:/data" ];
+  };
+
+  services.caddy.virtualHosts."https://budget.tailc50184.ts.net".extraConfig = ''
+    bind tailscale/budget
+    reverse_proxy http://localhost:5006
+  '';
+}
--- a/hosts/hub/apps/open-webui.nix
+++ b/hosts/hub/apps/open-webui.nix
@ -10,7 +10,7 @@ in
  virtualisation.oci-containers.containers.open-webui = {
    image = "ghcr.io/open-webui/open-webui:main";
    ports = [
-      "8090:8080"
+      "127.0.0.1:8090:8080"
    ];
    volumes = [ "/var/lib/open-webui:/app/backend/data" ];
    environment = {
--- a/hosts/hub/apps/prometheus.nix
+++ b/hosts/hub/apps/prometheus.nix
@ -0,0 +1,23 @@
+{ config, ... }:
+
+{
+  services = {
+    prometheus = {
+      enable = true;
+      scrapeConfigs = [
+        {
+          job_name = "thewordnerd";
+          static_configs = [
+            {
+              targets = [ "127.0.0.1:${toString config.services.prometheus.exporters.node.port}" ];
+            }
+          ];
+        }
+      ];
+    };
+    caddy.virtualHosts."prometheus.tailc50184.ts.net".extraConfig = ''
+      bind tailscale/prometheus
+      reverse_proxy localhost:9090
+    '';
+  };
+}
--- a/hosts/hub/default.nix
+++ b/hosts/hub/default.nix
@ -11,8 +11,10 @@
    ../../roles/restic.nix
    ../../base.nix
    ../../users/root.nix
+    ../../roles/restic.nix
    ../../roles/fail2ban.nix
    ../../roles/tailscale.nix
+    ../../roles/prometheus.nix
    ../../roles/lldap.nix
    ../../roles/authelia.nix
    ../../roles/podman.nix
@ -21,6 +23,8 @@
    ../../roles/vscode-remote.nix
    ../../roles/postgres.nix
    ../../roles/syncthing.nix
+    ./apps/grafana.nix
+    ./apps/prometheus.nix
    ./apps/dev.nix
    ./apps/nextcloud.nix
    ./apps/paperless.nix
Author	SHA1	Message	Date
Nolan Darilek	7d82ac39a6	Bump dependencies.	2025-04-24 15:10:34 -05:00
Nolan Darilek	c657a2c301	Only bind to local ports.	2025-04-24 14:59:23 -05:00
Nolan Darilek	557be818da	Add Grafana/Prometheus.	2025-04-24 14:58:51 -05:00