Compare commits
8 commits
a930955644
...
ae0b053444
Author | SHA1 | Date | |
---|---|---|---|
Tigor Hutasuhut | ae0b053444 | ||
Tigor Hutasuhut | 126fd41dec | ||
Tigor Hutasuhut | 0972de6d7b | ||
Tigor Hutasuhut | 224c83fe82 | ||
Tigor Hutasuhut | 860884c688 | ||
Tigor Hutasuhut | bd535914c0 | ||
Tigor Hutasuhut | 8074e9f01e | ||
Tigor Hutasuhut | 03d35a039a |
16
flake.lock
16
flake.lock
|
@ -420,6 +420,21 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-flatpak": {
|
||||
"locked": {
|
||||
"lastModified": 1721549352,
|
||||
"narHash": "sha256-nlXJa8RSOX0kykrIYW33ukoHYq+FOSNztHLLgqKwOp8=",
|
||||
"owner": "gmodena",
|
||||
"repo": "nix-flatpak",
|
||||
"rev": "dbce39ea8664820ba9037caaf1e2fad365ed6b4b",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "gmodena",
|
||||
"repo": "nix-flatpak",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nix-index-database": {
|
||||
"inputs": {
|
||||
"nixpkgs": [
|
||||
|
@ -539,6 +554,7 @@
|
|||
"hyprland": "hyprland",
|
||||
"hyprland-contrib": "hyprland-contrib",
|
||||
"neovim-nightly-overlay": "neovim-nightly-overlay",
|
||||
"nix-flatpak": "nix-flatpak",
|
||||
"nix-index-database": "nix-index-database",
|
||||
"nixpkgs": "nixpkgs_3",
|
||||
"nixpkgs-unstable": "nixpkgs-unstable",
|
||||
|
|
|
@ -18,6 +18,7 @@
|
|||
neovim-nightly-overlay = {
|
||||
url = "github:nix-community/neovim-nightly-overlay";
|
||||
};
|
||||
nix-flatpak.url = "github:gmodena/nix-flatpak";
|
||||
hyprland-contrib = {
|
||||
url = "github:hyprwm/contrib";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
|
@ -51,11 +52,13 @@
|
|||
, neovim-nightly-overlay
|
||||
, nix-index-database
|
||||
, rust-overlay
|
||||
, nix-flatpak
|
||||
, ...
|
||||
}:
|
||||
let
|
||||
commonModules = [
|
||||
nur.nixosModules.nur
|
||||
nix-flatpak.nixosModules.nix-flatpak
|
||||
home-manager.nixosModules.home-manager
|
||||
nix-index-database.nixosModules.nix-index
|
||||
{
|
||||
|
|
|
@ -41,6 +41,16 @@
|
|||
"bind"
|
||||
];
|
||||
};
|
||||
fileSystems."/nas/public/Public" = {
|
||||
device = "/nas/Syncthing/Sync/Public";
|
||||
fsType = "auto";
|
||||
options = [
|
||||
"defaults"
|
||||
"nofail"
|
||||
"nobootwait"
|
||||
"bind"
|
||||
];
|
||||
};
|
||||
|
||||
swapDevices = [ ];
|
||||
|
||||
|
@ -86,6 +96,7 @@
|
|||
};
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.enableAllFirmware = true;
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
hardware.opengl = {
|
||||
enable = true;
|
||||
|
|
|
@ -227,7 +227,7 @@ in
|
|||
];
|
||||
};
|
||||
extraConfig = /*hyprlang*/ ''
|
||||
exec-once=dbus-update-activation-enviroment --all
|
||||
exec-once=dbus-update-activation-environment --all
|
||||
exec-once=${gnome-keyring.path} ${config.sops.secrets."gnome-keyring/${config.home.username}".path}
|
||||
exec-once=foot --server
|
||||
|
||||
|
|
|
@ -5,32 +5,31 @@ let
|
|||
in
|
||||
{
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
programs.yazi = {
|
||||
enable = true;
|
||||
enableZshIntegration = true;
|
||||
keymap = {
|
||||
manager.prepend_keymap = [
|
||||
{
|
||||
on = [ "m" ];
|
||||
run = "plugin bookmarks --args=save";
|
||||
desc = "Save current position as a bookmark";
|
||||
}
|
||||
{
|
||||
on = [ "'" ];
|
||||
run = "plugin bookmarks --args=jump";
|
||||
desc = "Jump to a bookmark";
|
||||
}
|
||||
{
|
||||
on = [ "b" "d" ];
|
||||
run = "plugin bookmarks --args=delete";
|
||||
desc = "Delete a bookmark";
|
||||
}
|
||||
{
|
||||
on = [ "b" "D" ];
|
||||
run = "plugin bookmarks --args=delete_all";
|
||||
desc = "Delete all bookmarks";
|
||||
}
|
||||
# {
|
||||
# on = [ "m" ];
|
||||
# run = "plugin bookmarks --args=save";
|
||||
# desc = "Save current position as a bookmark";
|
||||
# }
|
||||
# {
|
||||
# on = [ "'" ];
|
||||
# run = "plugin bookmarks --args=jump";
|
||||
# desc = "Jump to a bookmark";
|
||||
# }
|
||||
# {
|
||||
# on = [ "b" "d" ];
|
||||
# run = "plugin bookmarks --args=delete";
|
||||
# desc = "Delete a bookmark";
|
||||
# }
|
||||
# {
|
||||
# on = [ "b" "D" ];
|
||||
# run = "plugin bookmarks --args=delete_all";
|
||||
# desc = "Delete all bookmarks";
|
||||
# }
|
||||
];
|
||||
};
|
||||
settings = {
|
||||
|
@ -80,6 +79,12 @@ in
|
|||
{ name = "*"; use = "open"; }
|
||||
];
|
||||
};
|
||||
plugin = {
|
||||
prepend_previewers = [
|
||||
{ mime = "{image,audio,video}/*"; run = "mediainfo"; }
|
||||
{ mime = "application/x-subrip"; run = "mediainfo"; }
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
home.file = {
|
||||
|
@ -92,22 +97,31 @@ in
|
|||
sha256 = "sha256-TSmZwy9jhf0D+6l4KbNQ6BjHbL0Vfo/yL3wt8bjo/EM=";
|
||||
};
|
||||
};
|
||||
".config/yazi/init.lua".text = /*lua*/ ''
|
||||
require("bookmarks"):setup({
|
||||
last_directory = { enable = false, persist = false },
|
||||
persist = "none",
|
||||
desc_format = "full",
|
||||
notify = {
|
||||
enable = false,
|
||||
timeout = 1,
|
||||
message = {
|
||||
new = "New bookmark '<key>' -> '<folder>'",
|
||||
delete = "Deleted bookmark in '<key>'",
|
||||
delete_all = "Deleted all bookmarks",
|
||||
},
|
||||
},
|
||||
})
|
||||
'';
|
||||
".config/yazi/plugins/mediainfo.yazi" = {
|
||||
recursive = true;
|
||||
source = pkgs.fetchFromGitHub {
|
||||
owner = "Ape";
|
||||
repo = "mediainfo.yazi";
|
||||
rev = "c69314e80f5b45fe87a0e06a10d064ed54110439";
|
||||
hash = "sha256-8xdBPdKSiwB7iRU8DJdTHY+BjfR9D3FtyVtDL9tNiy4=";
|
||||
};
|
||||
};
|
||||
# ".config/yazi/init.lua".text = /*lua*/ ''
|
||||
# require("bookmarks"):setup({
|
||||
# last_directory = { enable = false, persist = false },
|
||||
# persist = "none",
|
||||
# desc_format = "full",
|
||||
# notify = {
|
||||
# enable = false,
|
||||
# timeout = 1,
|
||||
# message = {
|
||||
# new = "New bookmark '<key>' -> '<folder>'",
|
||||
# delete = "Deleted bookmark in '<key>'",
|
||||
# delete_all = "Deleted all bookmarks",
|
||||
# },
|
||||
# },
|
||||
# })
|
||||
# '';
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -30,11 +30,11 @@ in
|
|||
shellAliases = {
|
||||
ls = "${pkgs.eza}/bin/eza -lah";
|
||||
cat = "${pkgs.bat}/bin/bat";
|
||||
update = "sudo nixos-rebuild switch --flake $HOME/dotfiles";
|
||||
superupdate = "(cd $HOME/dotfiles && nix flake update && sudo nixos-rebuild switch --flake $HOME/dotfiles)";
|
||||
update = "nh os switch";
|
||||
superupdate = "nh os switch --update";
|
||||
uptest = "nh os test";
|
||||
lg = "${pkgs.lazygit}/bin/lazygit";
|
||||
du = "${pkgs.dust}/bin/dust";
|
||||
uptest = "sudo nixos-rebuild test --flake $HOME/dotfiles";
|
||||
dry = "sudo nixos-rebuild dry-activate --flake $HOME/dotfiles";
|
||||
jq = "${pkgs.gojq}/bin/gojq";
|
||||
n = lib.mkIf config.profile.neovide.enable "neovide";
|
||||
|
|
|
@ -8,6 +8,7 @@
|
|||
./services.nix
|
||||
./games.nix
|
||||
./environments.nix
|
||||
./flatpak.nix
|
||||
];
|
||||
options.profile = {
|
||||
|
||||
|
@ -63,7 +64,6 @@
|
|||
android.enable = lib.mkEnableOption "android";
|
||||
avahi.enable = lib.mkEnableOption "avahi";
|
||||
bluetooth.enable = lib.mkEnableOption "bluetooth";
|
||||
flatpak.enable = lib.mkEnableOption "flatpak";
|
||||
gnome.enable = lib.mkEnableOption "gnome";
|
||||
kde.enable = lib.mkEnableOption "kde";
|
||||
networking.firewall = {
|
||||
|
|
10
options/flatpak.nix
Normal file
10
options/flatpak.nix
Normal file
|
@ -0,0 +1,10 @@
|
|||
{ lib, ... }:
|
||||
let
|
||||
inherit (lib) mkEnableOption;
|
||||
in
|
||||
{
|
||||
options.profile.flatpak = {
|
||||
enable = mkEnableOption "flatpak";
|
||||
zen-browser.enable = mkEnableOption "zen-browser";
|
||||
};
|
||||
}
|
|
@ -22,5 +22,29 @@ in
|
|||
wireguard.enable = mkEnableOption "wireguard";
|
||||
photoprism.enable = mkEnableOption "photoprism";
|
||||
navidrome.enable = mkEnableOption "navidrome";
|
||||
|
||||
telemetry = {
|
||||
enable = mkEnableOption "telemetry";
|
||||
grafana.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = config.profile.services.telemetry.enable;
|
||||
};
|
||||
loki.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = config.profile.services.telemetry.enable;
|
||||
};
|
||||
promtail.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = config.profile.services.telemetry.enable;
|
||||
};
|
||||
tempo.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = config.profile.services.telemetry.enable;
|
||||
};
|
||||
minio.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = config.profile.services.telemetry.enable;
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -75,6 +75,11 @@ in
|
|||
dbeaver.enable = true;
|
||||
kde.enable = false;
|
||||
|
||||
flatpak = {
|
||||
enable = true;
|
||||
zen-browser.enable = true;
|
||||
};
|
||||
|
||||
microsoft-edge.enable = true;
|
||||
nextcloud.enable = false;
|
||||
|
||||
|
|
|
@ -69,6 +69,7 @@
|
|||
wireguard.enable = true;
|
||||
photoprism.enable = true;
|
||||
navidrome.enable = true;
|
||||
telemetry.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
31
secrets/telemetry.yaml
Normal file
31
secrets/telemetry.yaml
Normal file
|
@ -0,0 +1,31 @@
|
|||
grafana:
|
||||
admin_user: ENC[AES256_GCM,data:pg3WnfsF8L+/Tg==,iv:wh8VM567ClsFz7GS00OCh9kx3HZCz5GZ/BaTtOt3ksk=,tag:k6mJiktl1Met6Kzl738jpQ==,type:str]
|
||||
admin_password: ENC[AES256_GCM,data:EFJfC78YtBLF5CIxLLhN9deZYcSL7/EfS4w=,iv:qrNi3WsRD26W5L67Fxch7qasEUh9vTj6HUWZs5PGz4o=,tag:bxW1CJyXOcz/pgN39ncQ+w==,type:str]
|
||||
admin_email: ENC[AES256_GCM,data:2cvoq65K2/mdDuykkPVZryDJeNCK,iv:rU4jUYm+3dcvx1KooN9mWQDoovn7t+V7z1eU1m7VagE=,tag:Bhdbiq4BXO3nDwG9StUOkQ==,type:str]
|
||||
secret_key: ENC[AES256_GCM,data:f4f1YF27VU/893HASHmCVL8vnsJEaHD33GOdFVpMj81MOutXqb7d03Hb1DYkDV3aMVmEdpvBcFK3SpZdFma3,iv:q6d59H1PniaVhw6tbd1maCelEGlAC4y2i38jMZ9Jn/Q=,tag:uSbCRstKy7C4Vwp+/FxF/Q==,type:str]
|
||||
loki:
|
||||
caddy:
|
||||
basic_auth:
|
||||
username: ENC[AES256_GCM,data:MRwky3O8LGS/4w==,iv:CUHjGRNc8NU5FqhqvpqbATmVE3Kg9Z0jMBFlzsAwON0=,tag:uZlxw9skd0VNLfZTJ/6ZSQ==,type:str]
|
||||
#ENC[AES256_GCM,data:t+u4g7nvpq2U27CHgmu1xi2Ppwv7cJf1s6Et,iv:LtwoPoxsQn1MujHRoD6SqDLm8uN4uBpuIVmn23DDgjI=,tag:PKOHF5vcQzHszpp1sfuU0Q==,type:comment]
|
||||
password: ENC[AES256_GCM,data:GcQ6x8ewxInmAcQwhhwJgXMHxd/ygkscsp2vg7PILEeaOv1heBX0fTHb0sRyAfhLxwKDH84LtGb37656,iv:UEQ7dgqNEKisalpPXFffsVzn6kXDt9DmJP6ec3LOHRE=,tag:CyPPqG2Vf8eeSVzAASintQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1KzFkak5QQ01MUVV0djVH
|
||||
cXlveDhxU3RRelhNL3JQbE1xVWNlaFYzem40CmtGYlpZMTJPS2lKUGl2Vy9CVW5j
|
||||
bFoyNVlJM1lmSGhSM2lGREN3N3VXWTAKLS0tIE9xWFpoTUdrVVBtOS9lckRXWGc1
|
||||
bzYzSEQrRkN6WVVmN254a2NCcUxGVFkK4aHv8tiFiNEnd7I5LB0Jd/4upkEEEXis
|
||||
9A5hdTn20EqL62QuHeYRav1TRu42dp+R4iZAlVl9cRzThkzZKJdHlg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-08-29T05:57:46Z"
|
||||
mac: ENC[AES256_GCM,data:JGrZUe8PLjlcHULvVa8Yi8ORAW5bMKOMxSGbJ2UFji9byRGu+JHaU7gdF45lrR5XKxJZLmZesWI9fRjsnlEd9WDTEroiwFo965mYFcdmbrJb37BIRO6Thy6C77GXMNcOVW2hBgcVDckNIbAk3qgvVG2QOZ5VKwxPLVQPsfWfCFs=,iv:Do05RY+cgahdv8/Nk6RIOxBA6x28GxyErrgSQRoIR80=,tag:HoqhdhZmcS3QxXGfZyxfFw==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -1,8 +1,9 @@
|
|||
{ hardware-configuration, profile-path, config, ... }:
|
||||
{ hardware-configuration, profile-path, config, pkgs, ... }:
|
||||
{
|
||||
imports = [
|
||||
profile-path
|
||||
hardware-configuration
|
||||
./flatpak
|
||||
./modules
|
||||
./services
|
||||
./podman
|
||||
|
@ -25,11 +26,11 @@
|
|||
connect-timeout = 5
|
||||
'';
|
||||
|
||||
nix.gc = {
|
||||
automatic = true;
|
||||
dates = "weekly";
|
||||
options = "--delete-older-than 7d";
|
||||
};
|
||||
# nix.gc = {
|
||||
# automatic = true;
|
||||
# dates = "weekly";
|
||||
# options = "--delete-older-than 7d";
|
||||
# };
|
||||
|
||||
i18n.defaultLocale = "en_US.UTF-8";
|
||||
|
||||
|
@ -65,4 +66,19 @@
|
|||
RestartSec = "10s";
|
||||
};
|
||||
};
|
||||
|
||||
programs.nh = {
|
||||
enable = true;
|
||||
clean.enable = true;
|
||||
clean.extraArgs = "--keep-since 4d --keep 3";
|
||||
flake = "/home/${config.profile.user.name}/dotfiles";
|
||||
};
|
||||
|
||||
environment.variables.FLAKE = "/home/${config.profile.user.name}/dotfiles";
|
||||
|
||||
environment.systemPackages = with pkgs; [
|
||||
# Tools for nh
|
||||
nix-output-monitor
|
||||
nvd
|
||||
];
|
||||
}
|
||||
|
|
19
system/flatpak/default.nix
Normal file
19
system/flatpak/default.nix
Normal file
|
@ -0,0 +1,19 @@
|
|||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.profile.flatpak;
|
||||
inherit (lib.lists) optional;
|
||||
in
|
||||
{
|
||||
config = lib.mkIf cfg.enable {
|
||||
fonts.fontDir.enable = true;
|
||||
services.flatpak = {
|
||||
enable = true;
|
||||
update.auto = {
|
||||
enable = true;
|
||||
onCalendar = "weekly"; # Default value
|
||||
};
|
||||
packages = [ ]
|
||||
++ optional cfg.zen-browser.enable "io.github.zen_browser.zen";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -7,7 +7,6 @@
|
|||
./bluetooth.nix
|
||||
./boot_loader.nix
|
||||
./brightnessctl.nix
|
||||
./flatpak.nix
|
||||
./font.nix
|
||||
./gnome.nix
|
||||
./hyprland.nix
|
||||
|
|
|
@ -1,55 +0,0 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
cfg = config.profile.flatpak;
|
||||
in
|
||||
{
|
||||
config = lib.mkIf cfg.enable {
|
||||
# Allow flatpak to access fonts
|
||||
fonts.fontDir.enable = true;
|
||||
|
||||
services.flatpak.enable = true;
|
||||
# system.fsPackages = [ pkgs.bindfs ];
|
||||
|
||||
# Allows user installed fonts to be accessed by flatpak
|
||||
# fileSystems =
|
||||
# let
|
||||
# mkRoSymBind = path: {
|
||||
# device = path;
|
||||
# fsType = "fuse.bindfs";
|
||||
# options = [ "ro" "resolve-symlinks" "x-gvfs-hide" ];
|
||||
# };
|
||||
# aggregatedFonts = pkgs.buildEnv {
|
||||
# name = "system-fonts";
|
||||
# paths = config.fonts.packages;
|
||||
# pathsToLink = [ "/share/fonts" ];
|
||||
# };
|
||||
# in
|
||||
# {
|
||||
# # Create an FHS mount to support flatpak host icons/fonts
|
||||
# "/usr/share/icons" = mkRoSymBind (config.system.path + "/share/icons");
|
||||
# "/usr/share/fonts" = mkRoSymBind (aggregatedFonts + "/share/fonts");
|
||||
# };
|
||||
|
||||
xdg.portal = {
|
||||
enable = true;
|
||||
xdgOpenUsePortal = true;
|
||||
# extraPortals = with pkgs; [
|
||||
# # xdg-desktop-portal-gtk
|
||||
# # xdg-desktop-portal-kde
|
||||
# # xdg-desktop-portal-gnome
|
||||
# ];
|
||||
};
|
||||
|
||||
# Auto update flatpak every boot with systemd
|
||||
# systemd.services.flatpak-update = {
|
||||
# wantedBy = [ "multi-user.target" ];
|
||||
# after = [ "network-online.target" ];
|
||||
# wants = [ "network-online.target" ];
|
||||
# description = "Auto update flatpak every boot after network is online";
|
||||
# serviceConfig = {
|
||||
# Type = "oneshot";
|
||||
# ExecStart = ''${pkgs.flatpak}/bin/flatpak update --assumeyes --noninteractive --system'';
|
||||
# };
|
||||
# };
|
||||
};
|
||||
}
|
|
@ -2,11 +2,11 @@
|
|||
let
|
||||
dbus-sway-environment = pkgs.writeTextFile {
|
||||
name = "dbus-sway-environment";
|
||||
destination = "/bin/dbus-sway-enviroment";
|
||||
destination = "/bin/dbus-sway-environment";
|
||||
executable = true;
|
||||
|
||||
text = ''
|
||||
dbus-update-activation-enviroment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
|
||||
dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
|
||||
systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr
|
||||
systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr
|
||||
'';
|
||||
|
|
|
@ -1,10 +1,14 @@
|
|||
{ config, lib, ... }:
|
||||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
cfg = config.profile.programs.yazi;
|
||||
inherit (lib) mkIf;
|
||||
in
|
||||
{
|
||||
config = mkIf cfg.enable {
|
||||
environment.systemPackages = with pkgs; [
|
||||
mediainfo
|
||||
ffmpegthumbnailer
|
||||
];
|
||||
programs.yazi = {
|
||||
enable = true;
|
||||
settings = {
|
||||
|
|
|
@ -1,6 +1,8 @@
|
|||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./telemetry
|
||||
|
||||
./caddy.nix
|
||||
./cockpit.nix
|
||||
./forgejo.nix
|
||||
|
|
|
@ -143,6 +143,26 @@ in
|
|||
"living-room-system"
|
||||
];
|
||||
};
|
||||
"/nas/Syncthing/Sync/General" = {
|
||||
label = "General";
|
||||
id = "General";
|
||||
devices = [
|
||||
"s20fe"
|
||||
"work-laptop"
|
||||
"windows"
|
||||
"living-room-system"
|
||||
];
|
||||
};
|
||||
"/nas/Syncthing/Sync/Public" = {
|
||||
label = "Public";
|
||||
id = "Public";
|
||||
devices = [
|
||||
"s20fe"
|
||||
"work-laptop"
|
||||
"windows"
|
||||
"living-room-system"
|
||||
];
|
||||
};
|
||||
};
|
||||
devices = {
|
||||
s20fe = {
|
||||
|
|
7
system/services/telemetry/default.nix
Normal file
7
system/services/telemetry/default.nix
Normal file
|
@ -0,0 +1,7 @@
|
|||
{ ... }:
|
||||
{
|
||||
imports = [
|
||||
./grafana.nix
|
||||
./loki.nix
|
||||
];
|
||||
}
|
59
system/services/telemetry/grafana.nix
Normal file
59
system/services/telemetry/grafana.nix
Normal file
|
@ -0,0 +1,59 @@
|
|||
{ config, lib, pkgs, ... }:
|
||||
let
|
||||
cfg = config.profile.services.telemetry.grafana;
|
||||
inherit (lib) mkIf;
|
||||
grafanaDomain = "grafana.tigor.web.id";
|
||||
in
|
||||
{
|
||||
config = mkIf cfg.enable {
|
||||
sops.secrets =
|
||||
let
|
||||
opts = {
|
||||
sopsFile = ../../../secrets/telemetry.yaml;
|
||||
owner = "grafana";
|
||||
};
|
||||
in
|
||||
{
|
||||
"grafana/admin_user" = opts;
|
||||
"grafana/admin_password" = opts;
|
||||
"grafana/admin_email" = opts;
|
||||
"grafana/secret_key" = opts;
|
||||
};
|
||||
|
||||
services.caddy.virtualHosts.${grafanaDomain}.extraConfig = ''
|
||||
reverse_proxy ${config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}
|
||||
'';
|
||||
|
||||
services.grafana = {
|
||||
enable = true;
|
||||
package = pkgs.grafana;
|
||||
settings = {
|
||||
# https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/
|
||||
server = {
|
||||
protocol = "http"; # served behind caddy
|
||||
http_addr = "0.0.0.0";
|
||||
http_port = 44518;
|
||||
domain = grafanaDomain;
|
||||
root_url = "https://${grafanaDomain}";
|
||||
enable_gzip = true;
|
||||
};
|
||||
database = {
|
||||
type = "sqlite3";
|
||||
cache_mode = "shared";
|
||||
wal = true;
|
||||
query_retries = 3;
|
||||
};
|
||||
security = {
|
||||
# Admin credentials is already available in the secrets
|
||||
admin_user = "$__file{${config.sops.secrets."grafana/admin_user".path}}";
|
||||
admin_password = "$__file{${config.sops.secrets."grafana/admin_password".path}}";
|
||||
admin_email = "$__file{${config.sops.secrets."grafana/admin_email".path}}";
|
||||
secret_key = "$__file{${config.sops.secrets."grafana/secret_key".path}}";
|
||||
cookie_secure = true;
|
||||
cookie_samesite = "lax";
|
||||
strict_transport_security = true;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
107
system/services/telemetry/loki.nix
Normal file
107
system/services/telemetry/loki.nix
Normal file
|
@ -0,0 +1,107 @@
|
|||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.profile.services.telemetry.loki;
|
||||
inherit (lib) mkIf;
|
||||
lokiDomain = "loki.tigor.web.id";
|
||||
in
|
||||
{
|
||||
config = mkIf cfg.enable {
|
||||
|
||||
sops =
|
||||
let
|
||||
usernameKey = "loki/caddy/basic_auth/username";
|
||||
passwordKey = "loki/caddy/basic_auth/password";
|
||||
in
|
||||
{
|
||||
secrets =
|
||||
let
|
||||
opts = { sopsFile = ../../../secrets/telemetry.yaml; owner = "grafana"; };
|
||||
in
|
||||
{
|
||||
${usernameKey} = opts;
|
||||
${passwordKey} = opts;
|
||||
};
|
||||
templates = {
|
||||
"loki/caddy/basic_auth".content = /*sh*/ ''
|
||||
LOKI_USERNAME=${config.sops.placeholder.${usernameKey}}
|
||||
LOKI_PASSWORD=${config.sops.placeholder.${passwordKey}}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
systemd.services."caddy".serviceConfig = {
|
||||
EnvironmentFile = [ config.sops.templates."loki/caddy/basic_auth".path ];
|
||||
};
|
||||
services.caddy.virtualHosts.${lokiDomain}.extraConfig = /*caddy*/ ''
|
||||
basicauth {
|
||||
{$LOKI_USERNAME} {$LOKI_PASSWORD}
|
||||
}
|
||||
reverse_proxy ${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}
|
||||
'';
|
||||
|
||||
services.loki =
|
||||
let
|
||||
dataDir = config.services.loki.dataDir;
|
||||
in
|
||||
{
|
||||
enable = true;
|
||||
configuration = {
|
||||
# https://grafana.com/docs/loki/latest/configure/examples/configuration-examples/
|
||||
auth_enabled = false;
|
||||
server = {
|
||||
http_listen_address = "0.0.0.0";
|
||||
http_listen_port = 3100;
|
||||
grpc_listen_port = 9095;
|
||||
};
|
||||
|
||||
common = {
|
||||
path_prefix = dataDir;
|
||||
replication_factor = 1;
|
||||
ring = {
|
||||
instance_addr = "127.0.0.1";
|
||||
kvstore.store = "inmemory";
|
||||
};
|
||||
};
|
||||
|
||||
schema_config = {
|
||||
configs = [
|
||||
{
|
||||
from = "2024-08-29";
|
||||
store = "tsdb";
|
||||
object_store = "filesystem";
|
||||
schema = "v13";
|
||||
index = {
|
||||
prefix = "index_";
|
||||
period = "24h";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
|
||||
storage_config = {
|
||||
filesystem = {
|
||||
directory = "${dataDir}/chunks";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
# https://grafana.com/docs/grafana/latest/datasources/loki/
|
||||
services.grafana.provision.datasources.settings.datasources = [
|
||||
{
|
||||
name = "Loki";
|
||||
type = "loki";
|
||||
access = "proxy";
|
||||
url = "http://${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}";
|
||||
basicAuth = true;
|
||||
basicAuthUser = "$__file{${config.sops.secrets."loki/caddy/basic_auth/username".path}}";
|
||||
jsonData = {
|
||||
timeout = 60;
|
||||
maxLines = 1000;
|
||||
};
|
||||
secureJsonData = {
|
||||
basicAuthPassword = "$__file{${config.sops.secrets."loki/caddy/basic_auth/password".path}}";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
Loading…
Reference in a new issue