tigor/NixOS
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: tigor:ae0b0534448fb63daff3063c715512d9f18fb878
Branches Tags
tigor:main
..
compare: tigor:a930955644ed9fa9a75369284d1c18e8516dc385
Branches Tags
tigor:main

No commits in common. "ae0b0534448fb63daff3063c715512d9f18fb878" and "a930955644ed9fa9a75369284d1c18e8516dc385" have entirely different histories.
ae0b053444 ... a930955644

23 changed files with 107 additions and 400 deletions
Show stats Expand all files Collapse all files

16
flake.lock
View file

@ -420,21 +420,6 @@
"type": "github" "type": "github"
} }
}, },
"nix-flatpak": {
"locked": {
"lastModified": 1721549352,
"narHash": "sha256-nlXJa8RSOX0kykrIYW33ukoHYq+FOSNztHLLgqKwOp8=",
"owner": "gmodena",
"repo": "nix-flatpak",
"rev": "dbce39ea8664820ba9037caaf1e2fad365ed6b4b",
"type": "github"
},
"original": {
"owner": "gmodena",
"repo": "nix-flatpak",
"type": "github"
}
},
"nix-index-database": { "nix-index-database": {
"inputs": { "inputs": {
"nixpkgs": [ "nixpkgs": [
@ -554,7 +539,6 @@
"hyprland": "hyprland", "hyprland": "hyprland",
"hyprland-contrib": "hyprland-contrib", "hyprland-contrib": "hyprland-contrib",
"neovim-nightly-overlay": "neovim-nightly-overlay", "neovim-nightly-overlay": "neovim-nightly-overlay",
"nix-flatpak": "nix-flatpak",
"nix-index-database": "nix-index-database", "nix-index-database": "nix-index-database",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_3",
"nixpkgs-unstable": "nixpkgs-unstable", "nixpkgs-unstable": "nixpkgs-unstable",

3
flake.nix
View file

@ -18,7 +18,6 @@
neovim-nightly-overlay = { neovim-nightly-overlay = {
url = "github:nix-community/neovim-nightly-overlay"; url = "github:nix-community/neovim-nightly-overlay";
}; };
nix-flatpak.url = "github:gmodena/nix-flatpak";
hyprland-contrib = { hyprland-contrib = {
url = "github:hyprwm/contrib"; url = "github:hyprwm/contrib";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
@ -52,13 +51,11 @@
, neovim-nightly-overlay , neovim-nightly-overlay
, nix-index-database , nix-index-database
, rust-overlay , rust-overlay
, nix-flatpak
, ... , ...
}: }:
let let
commonModules = [ commonModules = [
nur.nixosModules.nur nur.nixosModules.nur
nix-flatpak.nixosModules.nix-flatpak
home-manager.nixosModules.home-manager home-manager.nixosModules.home-manager
nix-index-database.nixosModules.nix-index nix-index-database.nixosModules.nix-index
{ {

11
hardware-configuration/homeserver.nix
View file

@ -41,16 +41,6 @@
"bind" "bind"
]; ];
}; };
fileSystems."/nas/public/Public" = {
device = "/nas/Syncthing/Sync/Public";
fsType = "auto";
options = [
"defaults"
"nofail"
"nobootwait"
"bind"
];
};
swapDevices = [ ]; swapDevices = [ ];
@ -96,7 +86,6 @@
}; };
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.enableAllFirmware = true;
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
hardware.opengl = { hardware.opengl = {
enable = true; enable = true;

2
home/modules/hyprland/hyprland.nix
View file

@ -227,7 +227,7 @@ in
]; ];
}; };
extraConfig = /*hyprlang*/ '' extraConfig = /*hyprlang*/ ''
exec-once=dbus-update-activation-environment --all exec-once=dbus-update-activation-enviroment --all
exec-once=${gnome-keyring.path} ${config.sops.secrets."gnome-keyring/${config.home.username}".path} exec-once=${gnome-keyring.path} ${config.sops.secrets."gnome-keyring/${config.home.username}".path}
exec-once=foot --server exec-once=foot --server

88
home/programs/yazi.nix
View file

@ -5,31 +5,32 @@ let
in in
{ {
config = mkIf cfg.enable { config = mkIf cfg.enable {
programs.yazi = { programs.yazi = {
enable = true; enable = true;
enableZshIntegration = true; enableZshIntegration = true;
keymap = { keymap = {
manager.prepend_keymap = [ manager.prepend_keymap = [
# { {
# on = [ "m" ]; on = [ "m" ];
# run = "plugin bookmarks --args=save"; run = "plugin bookmarks --args=save";
# desc = "Save current position as a bookmark"; desc = "Save current position as a bookmark";
# } }
# { {
# on = [ "'" ]; on = [ "'" ];
# run = "plugin bookmarks --args=jump"; run = "plugin bookmarks --args=jump";
# desc = "Jump to a bookmark"; desc = "Jump to a bookmark";
# } }
# { {
# on = [ "b" "d" ]; on = [ "b" "d" ];
# run = "plugin bookmarks --args=delete"; run = "plugin bookmarks --args=delete";
# desc = "Delete a bookmark"; desc = "Delete a bookmark";
# } }
# { {
# on = [ "b" "D" ]; on = [ "b" "D" ];
# run = "plugin bookmarks --args=delete_all"; run = "plugin bookmarks --args=delete_all";
# desc = "Delete all bookmarks"; desc = "Delete all bookmarks";
# } }
]; ];
}; };
settings = { settings = {
@ -79,12 +80,6 @@ in
{ name = "*"; use = "open"; } { name = "*"; use = "open"; }
]; ];
}; };
plugin = {
prepend_previewers = [
{ mime = "{image,audio,video}/*"; run = "mediainfo"; }
{ mime = "application/x-subrip"; run = "mediainfo"; }
];
};
}; };
}; };
home.file = { home.file = {
@ -97,31 +92,22 @@ in
sha256 = "sha256-TSmZwy9jhf0D+6l4KbNQ6BjHbL0Vfo/yL3wt8bjo/EM="; sha256 = "sha256-TSmZwy9jhf0D+6l4KbNQ6BjHbL0Vfo/yL3wt8bjo/EM=";
}; };
}; };
".config/yazi/plugins/mediainfo.yazi" = { ".config/yazi/init.lua".text = /*lua*/ ''
recursive = true; require("bookmarks"):setup({
source = pkgs.fetchFromGitHub { last_directory = { enable = false, persist = false },
owner = "Ape"; persist = "none",
repo = "mediainfo.yazi"; desc_format = "full",
rev = "c69314e80f5b45fe87a0e06a10d064ed54110439"; notify = {
hash = "sha256-8xdBPdKSiwB7iRU8DJdTHY+BjfR9D3FtyVtDL9tNiy4="; enable = false,
}; timeout = 1,
}; message = {
# ".config/yazi/init.lua".text = /*lua*/ '' new = "New bookmark '<key>' -> '<folder>'",
# require("bookmarks"):setup({ delete = "Deleted bookmark in '<key>'",
# last_directory = { enable = false, persist = false }, delete_all = "Deleted all bookmarks",
# persist = "none", },
# desc_format = "full", },
# notify = { })
# enable = false, '';
# timeout = 1,
# message = {
# new = "New bookmark '<key>' -> '<folder>'",
# delete = "Deleted bookmark in '<key>'",
# delete_all = "Deleted all bookmarks",
# },
# },
# })
# '';
}; };
}; };
} }

6
home/programs/zsh.nix
View file

@ -30,11 +30,11 @@ in
shellAliases = { shellAliases = {
ls = "${pkgs.eza}/bin/eza -lah"; ls = "${pkgs.eza}/bin/eza -lah";
cat = "${pkgs.bat}/bin/bat"; cat = "${pkgs.bat}/bin/bat";
update = "nh os switch"; update = "sudo nixos-rebuild switch --flake $HOME/dotfiles";
superupdate = "nh os switch --update"; superupdate = "(cd $HOME/dotfiles && nix flake update && sudo nixos-rebuild switch --flake $HOME/dotfiles)";
uptest = "nh os test";
lg = "${pkgs.lazygit}/bin/lazygit"; lg = "${pkgs.lazygit}/bin/lazygit";
du = "${pkgs.dust}/bin/dust"; du = "${pkgs.dust}/bin/dust";
uptest = "sudo nixos-rebuild test --flake $HOME/dotfiles";
dry = "sudo nixos-rebuild dry-activate --flake $HOME/dotfiles"; dry = "sudo nixos-rebuild dry-activate --flake $HOME/dotfiles";
jq = "${pkgs.gojq}/bin/gojq"; jq = "${pkgs.gojq}/bin/gojq";
n = lib.mkIf config.profile.neovide.enable "neovide"; n = lib.mkIf config.profile.neovide.enable "neovide";

2
options/default.nix
View file

@ -8,7 +8,6 @@
./services.nix ./services.nix
./games.nix ./games.nix
./environments.nix ./environments.nix
./flatpak.nix
]; ];
options.profile = { options.profile = {
@ -64,6 +63,7 @@
android.enable = lib.mkEnableOption "android"; android.enable = lib.mkEnableOption "android";
avahi.enable = lib.mkEnableOption "avahi"; avahi.enable = lib.mkEnableOption "avahi";
bluetooth.enable = lib.mkEnableOption "bluetooth"; bluetooth.enable = lib.mkEnableOption "bluetooth";
flatpak.enable = lib.mkEnableOption "flatpak";
gnome.enable = lib.mkEnableOption "gnome"; gnome.enable = lib.mkEnableOption "gnome";
kde.enable = lib.mkEnableOption "kde"; kde.enable = lib.mkEnableOption "kde";
networking.firewall = { networking.firewall = {

10
options/flatpak.nix
View file

@ -1,10 +0,0 @@
{ lib, ... }:
let
inherit (lib) mkEnableOption;
in
{
options.profile.flatpak = {
enable = mkEnableOption "flatpak";
zen-browser.enable = mkEnableOption "zen-browser";
};
}

24
options/services.nix
View file

@ -22,29 +22,5 @@ in
wireguard.enable = mkEnableOption "wireguard"; wireguard.enable = mkEnableOption "wireguard";
photoprism.enable = mkEnableOption "photoprism"; photoprism.enable = mkEnableOption "photoprism";
navidrome.enable = mkEnableOption "navidrome"; navidrome.enable = mkEnableOption "navidrome";
telemetry = {
enable = mkEnableOption "telemetry";
grafana.enable = mkOption {
type = types.bool;
default = config.profile.services.telemetry.enable;
};
loki.enable = mkOption {
type = types.bool;
default = config.profile.services.telemetry.enable;
};
promtail.enable = mkOption {
type = types.bool;
default = config.profile.services.telemetry.enable;
};
tempo.enable = mkOption {
type = types.bool;
default = config.profile.services.telemetry.enable;
};
minio.enable = mkOption {
type = types.bool;
default = config.profile.services.telemetry.enable;
};
};
}; };
} }

5
profiles/castle.nix
View file

@ -75,11 +75,6 @@ in
dbeaver.enable = true; dbeaver.enable = true;
kde.enable = false; kde.enable = false;
flatpak = {
enable = true;
zen-browser.enable = true;
};
microsoft-edge.enable = true; microsoft-edge.enable = true;
nextcloud.enable = false; nextcloud.enable = false;

1
profiles/homeserver.nix
View file

@ -69,7 +69,6 @@
wireguard.enable = true; wireguard.enable = true;
photoprism.enable = true; photoprism.enable = true;
navidrome.enable = true; navidrome.enable = true;
telemetry.enable = true;
}; };
}; };
} }

31
secrets/telemetry.yaml
View file

@ -1,31 +0,0 @@
grafana:
admin_user: ENC[AES256_GCM,data:pg3WnfsF8L+/Tg==,iv:wh8VM567ClsFz7GS00OCh9kx3HZCz5GZ/BaTtOt3ksk=,tag:k6mJiktl1Met6Kzl738jpQ==,type:str]
admin_password: ENC[AES256_GCM,data:EFJfC78YtBLF5CIxLLhN9deZYcSL7/EfS4w=,iv:qrNi3WsRD26W5L67Fxch7qasEUh9vTj6HUWZs5PGz4o=,tag:bxW1CJyXOcz/pgN39ncQ+w==,type:str]
admin_email: ENC[AES256_GCM,data:2cvoq65K2/mdDuykkPVZryDJeNCK,iv:rU4jUYm+3dcvx1KooN9mWQDoovn7t+V7z1eU1m7VagE=,tag:Bhdbiq4BXO3nDwG9StUOkQ==,type:str]
secret_key: ENC[AES256_GCM,data:f4f1YF27VU/893HASHmCVL8vnsJEaHD33GOdFVpMj81MOutXqb7d03Hb1DYkDV3aMVmEdpvBcFK3SpZdFma3,iv:q6d59H1PniaVhw6tbd1maCelEGlAC4y2i38jMZ9Jn/Q=,tag:uSbCRstKy7C4Vwp+/FxF/Q==,type:str]
loki:
caddy:
basic_auth:
username: ENC[AES256_GCM,data:MRwky3O8LGS/4w==,iv:CUHjGRNc8NU5FqhqvpqbATmVE3Kg9Z0jMBFlzsAwON0=,tag:uZlxw9skd0VNLfZTJ/6ZSQ==,type:str]
#ENC[AES256_GCM,data:t+u4g7nvpq2U27CHgmu1xi2Ppwv7cJf1s6Et,iv:LtwoPoxsQn1MujHRoD6SqDLm8uN4uBpuIVmn23DDgjI=,tag:PKOHF5vcQzHszpp1sfuU0Q==,type:comment]
password: ENC[AES256_GCM,data:GcQ6x8ewxInmAcQwhhwJgXMHxd/ygkscsp2vg7PILEeaOv1heBX0fTHb0sRyAfhLxwKDH84LtGb37656,iv:UEQ7dgqNEKisalpPXFffsVzn6kXDt9DmJP6ec3LOHRE=,tag:CyPPqG2Vf8eeSVzAASintQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB1KzFkak5QQ01MUVV0djVH
cXlveDhxU3RRelhNL3JQbE1xVWNlaFYzem40CmtGYlpZMTJPS2lKUGl2Vy9CVW5j
bFoyNVlJM1lmSGhSM2lGREN3N3VXWTAKLS0tIE9xWFpoTUdrVVBtOS9lckRXWGc1
bzYzSEQrRkN6WVVmN254a2NCcUxGVFkK4aHv8tiFiNEnd7I5LB0Jd/4upkEEEXis
9A5hdTn20EqL62QuHeYRav1TRu42dp+R4iZAlVl9cRzThkzZKJdHlg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-08-29T05:57:46Z"
mac: ENC[AES256_GCM,data:JGrZUe8PLjlcHULvVa8Yi8ORAW5bMKOMxSGbJ2UFji9byRGu+JHaU7gdF45lrR5XKxJZLmZesWI9fRjsnlEd9WDTEroiwFo965mYFcdmbrJb37BIRO6Thy6C77GXMNcOVW2hBgcVDckNIbAk3qgvVG2QOZ5VKwxPLVQPsfWfCFs=,iv:Do05RY+cgahdv8/Nk6RIOxBA6x28GxyErrgSQRoIR80=,tag:HoqhdhZmcS3QxXGfZyxfFw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

28
system/default.nix
View file

@ -1,9 +1,8 @@
{ hardware-configuration, profile-path, config, pkgs, ... }: { hardware-configuration, profile-path, config, ... }:
{ {
imports = [ imports = [
profile-path profile-path
hardware-configuration hardware-configuration
./flatpak
./modules ./modules
./services ./services
./podman ./podman
@ -26,11 +25,11 @@
connect-timeout = 5 connect-timeout = 5
''; '';
# nix.gc = { nix.gc = {
# automatic = true; automatic = true;
# dates = "weekly"; dates = "weekly";
# options = "--delete-older-than 7d"; options = "--delete-older-than 7d";
# }; };
i18n.defaultLocale = "en_US.UTF-8"; i18n.defaultLocale = "en_US.UTF-8";
@ -66,19 +65,4 @@
RestartSec = "10s"; RestartSec = "10s";
}; };
}; };
programs.nh = {
enable = true;
clean.enable = true;
clean.extraArgs = "--keep-since 4d --keep 3";
flake = "/home/${config.profile.user.name}/dotfiles";
};
environment.variables.FLAKE = "/home/${config.profile.user.name}/dotfiles";
environment.systemPackages = with pkgs; [
# Tools for nh
nix-output-monitor
nvd
];
} }

19
system/flatpak/default.nix
View file

@ -1,19 +0,0 @@
{ config, lib, ... }:
let
cfg = config.profile.flatpak;
inherit (lib.lists) optional;
in
{
config = lib.mkIf cfg.enable {
fonts.fontDir.enable = true;
services.flatpak = {
enable = true;
update.auto = {
enable = true;
onCalendar = "weekly"; # Default value
};
packages = [ ]
++ optional cfg.zen-browser.enable "io.github.zen_browser.zen";
};
};
}

1
system/modules/default.nix
View file

@ -7,6 +7,7 @@
./bluetooth.nix ./bluetooth.nix
./boot_loader.nix ./boot_loader.nix
./brightnessctl.nix ./brightnessctl.nix
./flatpak.nix
./font.nix ./font.nix
./gnome.nix ./gnome.nix
./hyprland.nix ./hyprland.nix

55
system/modules/flatpak.nix Normal file
View file

@ -0,0 +1,55 @@
{ config, pkgs, lib, ... }:
let
cfg = config.profile.flatpak;
in
{
config = lib.mkIf cfg.enable {
# Allow flatpak to access fonts
fonts.fontDir.enable = true;
services.flatpak.enable = true;
# system.fsPackages = [ pkgs.bindfs ];
# Allows user installed fonts to be accessed by flatpak
# fileSystems =
# let
# mkRoSymBind = path: {
# device = path;
# fsType = "fuse.bindfs";
# options = [ "ro" "resolve-symlinks" "x-gvfs-hide" ];
# };
# aggregatedFonts = pkgs.buildEnv {
# name = "system-fonts";
# paths = config.fonts.packages;
# pathsToLink = [ "/share/fonts" ];
# };
# in
# {
# # Create an FHS mount to support flatpak host icons/fonts
# "/usr/share/icons" = mkRoSymBind (config.system.path + "/share/icons");
# "/usr/share/fonts" = mkRoSymBind (aggregatedFonts + "/share/fonts");
# };
xdg.portal = {
enable = true;
xdgOpenUsePortal = true;
# extraPortals = with pkgs; [
# # xdg-desktop-portal-gtk
# # xdg-desktop-portal-kde
# # xdg-desktop-portal-gnome
# ];
};
# Auto update flatpak every boot with systemd
# systemd.services.flatpak-update = {
# wantedBy = [ "multi-user.target" ];
# after = [ "network-online.target" ];
# wants = [ "network-online.target" ];
# description = "Auto update flatpak every boot after network is online";
# serviceConfig = {
# Type = "oneshot";
# ExecStart = ''${pkgs.flatpak}/bin/flatpak update --assumeyes --noninteractive --system'';
# };
# };
};
}

4
system/modules/sway.nix
View file

@ -2,11 +2,11 @@
let let
dbus-sway-environment = pkgs.writeTextFile { dbus-sway-environment = pkgs.writeTextFile {
name = "dbus-sway-environment"; name = "dbus-sway-environment";
destination = "/bin/dbus-sway-environment"; destination = "/bin/dbus-sway-enviroment";
executable = true; executable = true;
text = '' text = ''
dbus-update-activation-environment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway dbus-update-activation-enviroment --systemd WAYLAND_DISPLAY XDG_CURRENT_DESKTOP=sway
systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr systemctl --user stop pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr
systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr systemctl --user start pipewire pipewire-media-session xdg-desktop-portal xdg-desktop-portal-wlr
''; '';

6
system/modules/yazi.nix
View file

@ -1,14 +1,10 @@
{ config, lib, pkgs, ... }: { config, lib, ... }:
let let
cfg = config.profile.programs.yazi; cfg = config.profile.programs.yazi;
inherit (lib) mkIf; inherit (lib) mkIf;
in in
{ {
config = mkIf cfg.enable { config = mkIf cfg.enable {
environment.systemPackages = with pkgs; [
mediainfo
ffmpegthumbnailer
];
programs.yazi = { programs.yazi = {
enable = true; enable = true;
settings = { settings = {

2
system/services/default.nix
View file

@ -1,8 +1,6 @@
{ ... }: { ... }:
{ {
imports = [ imports = [
./telemetry
./caddy.nix ./caddy.nix
./cockpit.nix ./cockpit.nix
./forgejo.nix ./forgejo.nix

20
system/services/syncthing.nix
View file

@ -143,26 +143,6 @@ in
"living-room-system" "living-room-system"
]; ];
}; };
"/nas/Syncthing/Sync/General" = {
label = "General";
id = "General";
devices = [
"s20fe"
"work-laptop"
"windows"
"living-room-system"
];
};
"/nas/Syncthing/Sync/Public" = {
label = "Public";
id = "Public";
devices = [
"s20fe"
"work-laptop"
"windows"
"living-room-system"
];
};
}; };
devices = { devices = {
s20fe = { s20fe = {

7
system/services/telemetry/default.nix
View file

@ -1,7 +0,0 @@
{ ... }:
{
imports = [
./grafana.nix
./loki.nix
];
}

59
system/services/telemetry/grafana.nix
View file

@ -1,59 +0,0 @@
{ config, lib, pkgs, ... }:
let
cfg = config.profile.services.telemetry.grafana;
inherit (lib) mkIf;
grafanaDomain = "grafana.tigor.web.id";
in
{
config = mkIf cfg.enable {
sops.secrets =
let
opts = {
sopsFile = ../../../secrets/telemetry.yaml;
owner = "grafana";
};
in
{
"grafana/admin_user" = opts;
"grafana/admin_password" = opts;
"grafana/admin_email" = opts;
"grafana/secret_key" = opts;
};
services.caddy.virtualHosts.${grafanaDomain}.extraConfig = ''
reverse_proxy ${config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}
'';
services.grafana = {
enable = true;
package = pkgs.grafana;
settings = {
# https://grafana.com/docs/grafana/latest/setup-grafana/configure-grafana/
server = {
protocol = "http"; # served behind caddy
http_addr = "0.0.0.0";
http_port = 44518;
domain = grafanaDomain;
root_url = "https://${grafanaDomain}";
enable_gzip = true;
};
database = {
type = "sqlite3";
cache_mode = "shared";
wal = true;
query_retries = 3;
};
security = {
# Admin credentials is already available in the secrets
admin_user = "$__file{${config.sops.secrets."grafana/admin_user".path}}";
admin_password = "$__file{${config.sops.secrets."grafana/admin_password".path}}";
admin_email = "$__file{${config.sops.secrets."grafana/admin_email".path}}";
secret_key = "$__file{${config.sops.secrets."grafana/secret_key".path}}";
cookie_secure = true;
cookie_samesite = "lax";
strict_transport_security = true;
};
};
};
};
}

107
system/services/telemetry/loki.nix
View file

@ -1,107 +0,0 @@
{ config, lib, ... }:
let
cfg = config.profile.services.telemetry.loki;
inherit (lib) mkIf;
lokiDomain = "loki.tigor.web.id";
in
{
config = mkIf cfg.enable {
sops =
let
usernameKey = "loki/caddy/basic_auth/username";
passwordKey = "loki/caddy/basic_auth/password";
in
{
secrets =
let
opts = { sopsFile = ../../../secrets/telemetry.yaml; owner = "grafana"; };
in
{
${usernameKey} = opts;
${passwordKey} = opts;
};
templates = {
"loki/caddy/basic_auth".content = /*sh*/ ''
LOKI_USERNAME=${config.sops.placeholder.${usernameKey}}
LOKI_PASSWORD=${config.sops.placeholder.${passwordKey}}
'';
};
};
systemd.services."caddy".serviceConfig = {
EnvironmentFile = [ config.sops.templates."loki/caddy/basic_auth".path ];
};
services.caddy.virtualHosts.${lokiDomain}.extraConfig = /*caddy*/ ''
basicauth {
{$LOKI_USERNAME} {$LOKI_PASSWORD}
}
reverse_proxy ${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}
'';
services.loki =
let
dataDir = config.services.loki.dataDir;
in
{
enable = true;
configuration = {
# https://grafana.com/docs/loki/latest/configure/examples/configuration-examples/
auth_enabled = false;
server = {
http_listen_address = "0.0.0.0";
http_listen_port = 3100;
grpc_listen_port = 9095;
};
common = {
path_prefix = dataDir;
replication_factor = 1;
ring = {
instance_addr = "127.0.0.1";
kvstore.store = "inmemory";
};
};
schema_config = {
configs = [
{
from = "2024-08-29";
store = "tsdb";
object_store = "filesystem";
schema = "v13";
index = {
prefix = "index_";
period = "24h";
};
}
];
};
storage_config = {
filesystem = {
directory = "${dataDir}/chunks";
};
};
};
};
# https://grafana.com/docs/grafana/latest/datasources/loki/
services.grafana.provision.datasources.settings.datasources = [
{
name = "Loki";
type = "loki";
access = "proxy";
url = "http://${config.services.loki.configuration.server.http_listen_address}:${toString config.services.loki.configuration.server.http_listen_port}";
basicAuth = true;
basicAuthUser = "$__file{${config.sops.secrets."loki/caddy/basic_auth/username".path}}";
jsonData = {
timeout = 60;
maxLines = 1000;
};
secureJsonData = {
basicAuthPassword = "$__file{${config.sops.secrets."loki/caddy/basic_auth/password".path}}";
};
}
];
};
}