tigor/NixOS
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: tigor:ae5b09d7ab667188b53344c16cf3c929ee4f3a14
Branches Tags
tigor:main
...
compare: tigor:3d52e2fbf6bb55b2c3c9c09bcbb38e8c7d77ef81
Branches Tags
tigor:main

17 commits
ae5b09d7ab ... 3d52e2fbf6

Author SHA1 Message Date
Tigor Hutasuhut 3d52e2fbf6 flake: update lockfile 2024-09-10 10:40:49 +07:00
Tigor Hutasuhut 9dde4d9c9b qbittorrent: update notify script 2024-09-09 22:14:59 +07:00
Tigor Hutasuhut ed49fe7496 mimir: fix wrong url endpoint for grafana data source 2024-09-09 19:31:22 +07:00
Tigor Hutasuhut 0f45241285 telemetry: removed promtail in favor of Alloy 2024-09-09 17:53:38 +07:00
Tigor Hutasuhut 4da42e98a0 podman: auto update scheduled at 4am 2024-09-09 00:07:55 +07:00
Tigor Hutasuhut 9d55bc2bee valheim: added container 2024-09-08 19:42:57 +07:00
Tigor Hutasuhut b3cf043866 flake: update lockfile 2024-09-07 20:23:39 +07:00
Tigor Hutasuhut 7f58e16a39 qbittorrent: add start notification script 2024-09-07 20:12:52 +07:00
Tigor Hutasuhut cb6479e4a4 qbittorrent: simplify notification title 2024-09-07 19:59:13 +07:00
Tigor Hutasuhut 94a69d6f65 qbittorrent: added ntfy support 2024-09-07 19:57:38 +07:00
Tigor Hutasuhut 49542ac462 grafana: registered Mimir datasource 2024-09-07 10:41:59 +07:00
Tigor Hutasuhut dda26cfc65 telemetry: added mimir backend 2024-09-07 10:27:25 +07:00
Tigor Hutasuhut 49bbe6364e caddy: hosted sites now supports mobile view 2024-09-07 10:01:28 +07:00
Tigor Hutasuhut 89c2b3076b caddy: make the hosts list website a bit nicer 2024-09-07 09:55:12 +07:00
Tigor Hutasuhut 9706e7f2b3 tempo: require basic auth for all requests except from private ranges 2024-09-07 09:55:03 +07:00
Tigor Hutasuhut e8fc018fb4 alloy: integrated with tempo 2024-09-07 08:59:44 +07:00
Tigor Hutasuhut 227e610024 telemetry: deployed alloy 2024-09-06 21:13:44 +07:00
17 changed files with 573 additions and 168 deletions
Show stats Expand all files Collapse all files

86
flake.lock
View file

@ -121,11 +121,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1724857454, "lastModified": 1725513492,
"narHash": "sha256-Qyl9Q4QMTLZnnBb/8OuQ9LSkzWjBU1T5l5zIzTxkkhk=", "narHash": "sha256-tyMUA6NgJSvvQuzB7A1Sf8+0XCHyfSPRx/b00o6K0uo=",
"owner": "cachix", "owner": "cachix",
"repo": "git-hooks.nix", "repo": "git-hooks.nix",
"rev": "4509ca64f1084e73bc7a721b20c669a8d4c5ebe6", "rev": "7570de7b9b504cfe92025dd1be797bf546f66528",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -185,11 +185,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1720042825, "lastModified": 1725703823,
"narHash": "sha256-A0vrUB6x82/jvf17qPCpxaM+ulJnD8YZwH9Ci0BsAzE=", "narHash": "sha256-tDgM4d8mLK0Hd6YMB2w1BqMto1XBXADOzPEaLl10VI4=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "e1391fb22e18a36f57e6999c7a9f966dc80ac073", "rev": "208df2e558b73b6a1f0faec98493cb59a25f62ba",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -240,11 +240,11 @@
"xdph": "xdph" "xdph": "xdph"
}, },
"locked": { "locked": {
"lastModified": 1725310138, "lastModified": 1725913740,
"narHash": "sha256-LgX5xG/xdfWxie6ia9M+Fc825EH93kcwu5CFzFqIe5g=", "narHash": "sha256-Fa3hcydGj16itZx7Q8zWfRUz6WZus+ZBXYHj8qAYIuM=",
"ref": "refs/heads/main", "ref": "refs/heads/main",
"rev": "8f9887b0c9443d6c2559feeec411daecb9780a97", "rev": "8237d7e1a4994f70636b2e91584775308f24a584",
"revCount": 5181, "revCount": 5206,
"submodules": true, "submodules": true,
"type": "git", "type": "git",
"url": "https://github.com/hyprwm/Hyprland" "url": "https://github.com/hyprwm/Hyprland"
@ -262,11 +262,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1725276753, "lastModified": 1725551787,
"narHash": "sha256-kcV2M7xIoQvLRIrMndysM4E0d2zGSwIDejamT4LKnDg=", "narHash": "sha256-6LgsZHz8w3g4c9bRUwRAR+WIMwFGGf3P1VZQcKNRf2o=",
"owner": "hyprwm", "owner": "hyprwm",
"repo": "contrib", "repo": "contrib",
"rev": "ae618eafa81b596db034c5df1d75d4eddf785824", "rev": "1e531dc49ad36c88b45bf836081a7a2c8927e072",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -391,11 +391,11 @@
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs_2"
}, },
"locked": { "locked": {
"lastModified": 1725346719, "lastModified": 1725862290,
"narHash": "sha256-+QUffIvhBPdJNPbTUPdheijA1eQeAHlgvJqZ0qMPL34=", "narHash": "sha256-7mj1CbLcPxym+QkQvrZrtgeXubVFNbZSGBQhx4ULEfM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "neovim-nightly-overlay", "repo": "neovim-nightly-overlay",
"rev": "ce477ade892d794fd21725d0525bc45739fdf64e", "rev": "b43af0a09c285fddfc5352fee7e41b41daef05dd",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -407,11 +407,11 @@
"neovim-src": { "neovim-src": {
"flake": false, "flake": false,
"locked": { "locked": {
"lastModified": 1725317538, "lastModified": 1725824912,
"narHash": "sha256-tRRSljYBy1GxQGaCvSywtCSJ+OQa6clYilJLMxTe+nM=", "narHash": "sha256-JCniLZOBjDY/H/lmihZ5EhPJF/1aOnEKJ1+XuwdjN/I=",
"owner": "neovim", "owner": "neovim",
"repo": "neovim", "repo": "neovim",
"rev": "ae9674704ac5586438f60c883e918d448ef0e237", "rev": "8a2aec99748229ad9d1e12c1cbc0768d063e8eed",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -442,11 +442,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1725161148, "lastModified": 1725765290,
"narHash": "sha256-WfAHq3Ag3vLNFfWxKHjFBFdPI6JIideWFJod9mx1eoo=", "narHash": "sha256-hwX53i24KyWzp2nWpQsn8lfGQNCP0JoW/bvQmcR1DPY=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-index-database", "repo": "nix-index-database",
"rev": "32058e9138248874773630c846563b1a78ee7a5b", "rev": "642275444c5a9defce57219c944b3179bf2adaa9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -473,11 +473,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1721524707, "lastModified": 1725762081,
"narHash": "sha256-5NctRsoE54N86nWd0psae70YSLfrOek3Kv1e8KoXe/0=", "narHash": "sha256-vNv+aJUW5/YurRy1ocfvs4q/48yVESwlC/yHzjkZSP8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "556533a23879fc7e5f98dd2e0b31a6911a213171", "rev": "dc454045f5b5d814e5862a6d057e7bb5c29edc05",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -489,11 +489,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1725103162, "lastModified": 1725634671,
"narHash": "sha256-Ym04C5+qovuQDYL/rKWSR+WESseQBbNAe5DsXNx5trY=", "narHash": "sha256-v3rIhsJBOMLR8e/RNWxr828tB+WywYIoajrZKFM+0Gg=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "12228ff1752d7b7624a54e9c1af4b222b3c1073b", "rev": "574d1eac1c200690e27b8eb4e24887f8df7ac27c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -504,11 +504,11 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1725194671, "lastModified": 1725816686,
"narHash": "sha256-tLGCFEFTB5TaOKkpfw3iYT9dnk4awTP/q4w+ROpMfuw=", "narHash": "sha256-0Kq2MkQ/sQX1rhWJ/ySBBQlBJBUK8mPMDcuDhhdBkSU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "b833ff01a0d694b910daca6e2ff4a3f26dee478c", "rev": "add0443ee587a0c44f22793b8c8649a0dbc3bb00",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -520,11 +520,11 @@
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": { "locked": {
"lastModified": 1725001927, "lastModified": 1725826545,
"narHash": "sha256-eV+63gK0Mp7ygCR0Oy4yIYSNcum2VQwnZamHxYTNi+M=", "narHash": "sha256-L64N1rpLlXdc94H+F6scnrbuEu+utC03cDDVvvJGOME=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "6e99f2a27d600612004fbd2c3282d614bfee6421", "rev": "f4c846aee8e1e29062aa8514d5e0ab270f4ec2f9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -535,11 +535,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1725346708, "lastModified": 1725937606,
"narHash": "sha256-rhLiFjrLBA+3Dc9NVsa3v3XDGB/Tn780dAttcNY1f9k=", "narHash": "sha256-wGTk7wEfDSdWFtfKHA6xIPw2Yeg38UIZl13AjPfDDXw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "079d47b2fe664a1e8b16eac5eb32726bcb2774d1", "rev": "5c4cc0b0b53d20fa71c421f732b902b767dddf63",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -570,11 +570,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1725330199, "lastModified": 1725935143,
"narHash": "sha256-oUkdPJIxP3r3YyVOBLkDVLIJiQV9YlrVqA+jNcdpCvM=", "narHash": "sha256-mVtTVQMlXkydSXVwFClE0ckxHrOQ9nb2DrCjNwW5pUE=",
"owner": "oxalica", "owner": "oxalica",
"repo": "rust-overlay", "repo": "rust-overlay",
"rev": "a562172c72d00350f9f2ff830e6515b6e7bee6d5", "rev": "c3c175c74cd0e8c2c40a0e22bc6e3005c4d28d64",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -591,11 +591,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1725201042, "lastModified": 1725922448,
"narHash": "sha256-lj5pxOwidP0W//E7IvyhbhXrnEUW99I07+QpERnzTS4=", "narHash": "sha256-ruvh8tlEflRPifs5tlpa0gkttzq4UtgXkJQS7FusgFE=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "5db5921e40ae382d6716dce591ea23b0a39d96f7", "rev": "cede1a08039178ac12957733e97ab1006c6b6892",
"type": "github" "type": "github"
}, },
"original": { "original": {

11
hardware-configuration/homeserver.nix
View file

@ -84,6 +84,17 @@
"bind" "bind"
]; ];
}; };
"/nas/telemetry/mimir" = lib.mkIf config.profile.services.telemetry.mimir.enable {
device = "/var/lib/mimir";
fsType = "auto";
options = [
"defaults"
"nofail"
"nobootwait"
"bind"
];
};
}; };
swapDevices = [ ]; swapDevices = [ ];

1
options/podman.nix
View file

@ -17,6 +17,7 @@ in
memos.enable = mkEnableOption "memos podman"; memos.enable = mkEnableOption "memos podman";
morphos.enable = mkEnableOption "morphos podman"; morphos.enable = mkEnableOption "morphos podman";
soulseek.enable = mkEnableOption "soulseek podman"; soulseek.enable = mkEnableOption "soulseek podman";
valheim.enable = mkEnableOption "valheim";
servarr = { servarr = {
enable = mkEnableOption "servarr group"; enable = mkEnableOption "servarr group";

6
options/services.nix
View file

@ -47,7 +47,11 @@ in
type = types.bool; type = types.bool;
default = config.profile.services.telemetry.enable; default = config.profile.services.telemetry.enable;
}; };
minio.enable = mkOption { mimir.enable = mkOption {
type = types.bool;
default = config.profile.services.telemetry.enable;
};
alloy.enable = mkOption {
type = types.bool; type = types.bool;
default = config.profile.services.telemetry.enable; default = config.profile.services.telemetry.enable;
}; };

3
profiles/homeserver.nix
View file

@ -37,10 +37,11 @@
servarr.real-debrid-manager.enable = false; servarr.real-debrid-manager.enable = false;
servarr.rdtclient.enable = true; servarr.rdtclient.enable = true;
openobserve.enable = true; openobserve.enable = true;
minecraft.enable = true; minecraft.enable = false;
memos.enable = true; memos.enable = true;
morphos.enable = true; morphos.enable = true;
soulseek.enable = true; soulseek.enable = true;
valheim.enable = true;
}; };
docker = { docker = {

7
secrets/ntfy.yaml
View file

@ -2,6 +2,9 @@ ntfy:
default: default:
user: ENC[AES256_GCM,data:M9XiXH3/Nr3/3A==,iv:Ealcewpj/GCWU+U6F+7onCfVaraE+f5Wkt63tlitnlQ=,tag:ARwnlFs1VfwcQKlIkeQQeg==,type:str] user: ENC[AES256_GCM,data:M9XiXH3/Nr3/3A==,iv:Ealcewpj/GCWU+U6F+7onCfVaraE+f5Wkt63tlitnlQ=,tag:ARwnlFs1VfwcQKlIkeQQeg==,type:str]
password: ENC[AES256_GCM,data:56el7+jh6TcI9UzeXZW5aa7cUG9ycd8a2mw=,iv:iYpkWG37dpZ4dEN5zjg4P8On969hWqWcumJ7h5hLmjk=,tag:tlGDQmJ0+xl9yO42FTp19w==,type:str] password: ENC[AES256_GCM,data:56el7+jh6TcI9UzeXZW5aa7cUG9ycd8a2mw=,iv:iYpkWG37dpZ4dEN5zjg4P8On969hWqWcumJ7h5hLmjk=,tag:tlGDQmJ0+xl9yO42FTp19w==,type:str]
tokens:
homeserver: ENC[AES256_GCM,data:nQlSIXKKzTX+Ucums5IPuBcn8va6GlfGQmRZrlQsleU=,iv:KD+PmttUmCt3l6cbjjRgp6IaF5WvfJ6oSHxpzbvtDA8=,tag:ZFSGY8gDu46GTYa59v0K+Q==,type:str]
tigor: ENC[AES256_GCM,data:zDFlF8aQFzMdmwKk0xwxMQxnCIXA0sy45jMKEzDNFzs=,iv:KWveN6sbH1NTCMK+XkVUPbIIR7L2e9y6sq/WiFY9bQA=,tag:sTpuFyQ9Hwuzjvem/DO3jw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []
@ -17,8 +20,8 @@ sops:
VW9lVkh5eTkyLzdtK0RScHlhMTBaR28KHyMRxCQe65ZM1v4iB6mgiQxZ84/sEdr0 VW9lVkh5eTkyLzdtK0RScHlhMTBaR28KHyMRxCQe65ZM1v4iB6mgiQxZ84/sEdr0
k0tBwcBlgGK/SF6P9GdCVopFHN8os25YEYMNg8kjAh/qs4N2gTXMEQ== k0tBwcBlgGK/SF6P9GdCVopFHN8os25YEYMNg8kjAh/qs4N2gTXMEQ==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-05T02:52:58Z" lastmodified: "2024-09-07T11:09:18Z"
mac: ENC[AES256_GCM,data:CCLd4p+6V4P2ioE2lKoPctbQ9/d/DcS7m895l3+ty48JT0iZMx32gBubn0TGvdjp6x705uSYZySkM2YACFMhkifuLMxeGLGJu1rBfrXO2bYuHDAhni5fLP/XIsC+FlPbHEOXAnYpAO0y1TLBw7xKz8Tjl3yAC0L00LzIS6URir0=,iv:akFHjwnO9gtZ73NMI8pj0J87q5D6U9SiNLzfRfJUE90=,tag:CMNqOnREytCrEo+bh2l1BA==,type:str] mac: ENC[AES256_GCM,data:CcmQ0JFeuXMZ1VmBiGrLFw/8fiTOLervBtmlXmpl/GvfsDk3JeTTUqPV3RoVmw4yfQ/lCpjpXKrEOrVxO+/oc+NWcuQ9OGRuluDiFg7A2GLk9vniDEtrCbk/0oibL4Hu3P4K8oDcVuJkZhoqgTwN98suk3go7RCA9VhUDtejxTM=,iv:6gVmT1I5suLGG3nS4dX5S1v6bYPzxwZw08/yHkm75pU=,tag:f1wDeoFpFVWTU/HUah3Prw==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.8.1 version: 3.8.1

30
secrets/valheim.yaml Normal file
View file

@ -0,0 +1,30 @@
valheim:
server:
password: ENC[AES256_GCM,data:S1bD+TSUxq8=,iv:dFMlNfFuS/1S9lD0uX8ag3hflGpAOyGk77O6CxxTaXM=,tag:KyRrtZIx7yNF5m+qTHafJA==,type:str]
admins:
#ENC[AES256_GCM,data:1xnixtjNoI/7knh9VA==,iv:8SZ12M5OR/umplY87nDqooc17atVX6fCoxo+eJYidkc=,tag:AuI5bfBrGvXtPzwrwzKV6Q==,type:comment]
admin_1: ENC[AES256_GCM,data:9lC1kJDiILyDHrrg9x987jo=,iv:6zu9r9JbFaJ/821H1uEw1LjG7yJZb9x/oj31JW8frRY=,tag:q26AjmbSgQOm8x++U0PLXA==,type:str]
#ENC[AES256_GCM,data:Yb0OhTDqdCICgRY=,iv:f/WWOGf2in4w2ZNTyDmulBTHd97zGpeQ6RVVvl7yAmk=,tag:LCsTO/HKXLzIR9OVPSB3tA==,type:comment]
admin_2: ENC[AES256_GCM,data:Lg1zqeIgi7biUO6vNeVyl9g=,iv:viJEQ+ow6XbhwvD4FHYMDnyvVupdxA1fHK+WHreOzkc=,tag:VAysj1syU+RCKh/Byrn8LQ==,type:str]
#ENC[AES256_GCM,data:VMtru88mMiFgTIiWSvA=,iv:o+76QEXzt9vSx3S3NqgI43QCIDOWdTrTnE4GX6u3mtE=,tag:fuNUkR6zPFcJIYFjRz2dxw==,type:comment]
admin_3: ENC[AES256_GCM,data:4roXiJ0cln8S/AGit56/NMQ=,iv:H6Cw16blxUvjM82zYRnTLRRFuo2Os5XQViF5sQ/7WZg=,tag:5YnKrWfMS11HblX52mLXAw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtUjBwVmZ0RXlWMWdaZ3JW
WlJUWVI4SGN1THB0NTRmcTdzbFF1THhzR0UwCm1iU1QwNlFncFVSeFpCUzdNKzhw
dGlOV3ZyTnZNazhYWUpwVE9xZi9kU1kKLS0tIFlTdy9zWVRYUFkzUmRGQnpDbnRH
VGJzK0pkOGpTUElBV09EdURkOGhCYU0KNHqjED8G1HKI/tB9kH/K9ZoSYho26JZ8
bobGVyPbPnYsAPmzmFA+F+aw+dslaqHk+5dlKjWwFBguK2r389U3SQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-08T12:30:48Z"
mac: ENC[AES256_GCM,data:trtu4Foo8E/X/Utxhqf8dmTzVy3ozCq4RlHFhZ9PHvx+3kVX/delZspS2QK81fxehR62hD/aTMGP2Zlxsv4gU/eMV3Iv5h5GbIYtVuDb+ZyFNdEgh2QtZ86rndGMHhdHP5Nv2oQqsrcNkQAlYqlQaeRoz6AjzOmmavEAoIrHd7M=,iv:gyyYXnavN7TvL27E1QuhEN+/NPdCiJi3oYA0vtitAy8=,tag:+Vg6xqOKpy/jUOs43hxFKw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

4
system/podman/default.nix
View file

@ -15,6 +15,9 @@ in
systemd.timers."podman-auto-update" = { systemd.timers."podman-auto-update" = {
enable = true; enable = true;
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
timerConfig = {
OnCalendar = "*-*-* 04:00:00";
};
}; };
virtualisation.containers.enable = true; virtualisation.containers.enable = true;
virtualisation.oci-containers.backend = "podman"; virtualisation.oci-containers.backend = "podman";
@ -53,5 +56,6 @@ in
./soulseek.nix ./soulseek.nix
./suwayomi.nix ./suwayomi.nix
./ytptube.nix ./ytptube.nix
./valheim.nix
]; ];
} }

61
system/podman/qbittorrent.nix
View file

@ -1,10 +1,11 @@
{ config, lib, ... }: { config, lib, pkgs, ... }:
let let
name = "qbittorrent"; name = "qbittorrent";
domain = "${name}.tigor.web.id"; domain = "${name}.tigor.web.id";
podman = config.profile.podman; podman = config.profile.podman;
qbittorrent = podman.qbittorrent; qbittorrent = podman.qbittorrent;
inherit (lib) mkIf; inherit (lib) mkIf;
inherit (lib.strings) optionalString;
ip = "10.88.0.7"; ip = "10.88.0.7";
image = "lscr.io/linuxserver/qbittorrent:latest"; image = "lscr.io/linuxserver/qbittorrent:latest";
volume = "/nas/torrents"; volume = "/nas/torrents";
@ -23,7 +24,58 @@ in
chown ${uid}:${gid} ${volume} ${volume}/{config,downloads,progress,watch} chown ${uid}:${gid} ${volume} ${volume}/{config,downloads,progress,watch}
''; '';
virtualisation.oci-containers.containers.${name} = {
sops = {
secrets =
let
opts = { sopsFile = ../../secrets/ntfy.yaml; };
in
{
"ntfy/tokens/homeserver" = opts;
};
templates = {
"qbittorrent-ntfy-env".content = /*sh*/ ''
NTFY_TOKEN=${config.sops.placeholder."ntfy/tokens/homeserver"}
'';
};
};
virtualisation.oci-containers.containers.${name} =
let
finish-notify-script = pkgs.writeScriptBin "notify-finish.sh" (optionalString config.services.ntfy-sh.enable /*sh*/ ''
#!/bin/bash
# $1 = %N | Torrent Name
# $2 = %L | Category
# $3 = %G | Tags
# $4 = %F | Content Path
# $5 = %R | Root Path
# $6 = %D | Save Path
# $7 = %C | Number of files
# $8 = %Z | Torrent Size
# $9 = %T | Current Tracker
# $10 = %I | Info Hash v1
# $11 = %J | Info Hash v2
# $12 = %K | Torrent ID
size=$(echo $8 | numfmt --to=iec)
curl -X POST \
-H "Authorization: Bearer $NTFY_TOKEN" \
-H "X-Title: $1" \
-H "X-Tags: white_check_mark,$2" \
-d "Number of Files: $7, Size: $size" \
https://ntfy.tigor.web.id/qbittorrent
'');
start-notify-script = pkgs.writeScriptBin "notify-start.sh" (optionalString config.services.ntfy-sh.enable /*sh*/ ''
#!/bin/bash
curl -X POST \
-H "Authorization: Bearer $NTFY_TOKEN" \
-H "X-Title: $1" \
-H "X-Tags: rocket,$2" \
-d "Starts downloading" \
https://ntfy.tigor.web.id/qbittorrent
'');
in
{
inherit image; inherit image;
hostname = name; hostname = name;
autoStart = true; autoStart = true;
@ -39,6 +91,8 @@ in
"${volume}/downloads:/downloads" "${volume}/downloads:/downloads"
"${volume}/progress:/progress" "${volume}/progress:/progress"
"${volume}/watch:/watch" "${volume}/watch:/watch"
"${finish-notify-script}/bin/notify-finish.sh:/bin/notify-finish"
"${start-notify-script}/bin/notify-start.sh:/bin/notify-start"
]; ];
ports = [ ports = [
"6881:6881" "6881:6881"
@ -48,6 +102,9 @@ in
"--ip=${ip}" "--ip=${ip}"
"--network=podman" "--network=podman"
]; ];
environmentFiles = [
config.sops.templates."qbittorrent-ntfy-env".path
];
labels = { labels = {
"io.containers.autoupdate" = "registry"; "io.containers.autoupdate" = "registry";
}; };

4
system/podman/soulseek.nix
View file

@ -46,10 +46,6 @@ in
}; };
}; };
# systemd.services."caddy".serviceConfig = {
# EnvironmentFile = [ config.sops.templates.${basic_auth.template}.path ];
# };
system.activationScripts."podman-${name}" = '' system.activationScripts."podman-${name}" = ''
mkdir -p ${rootVolume}/{config,downloads,incomplete} mkdir -p ${rootVolume}/{config,downloads,incomplete}
chown ${uid}:${gid} ${rootVolume} ${rootVolume}/{config,downloads,incomplete} chown ${uid}:${gid} ${rootVolume} ${rootVolume}/{config,downloads,incomplete}

82
system/podman/valheim.nix Normal file
View file

@ -0,0 +1,82 @@
{ config, lib, pkgs, ... }:
let
name = "valheim";
podman = config.profile.podman;
inherit (lib) mkIf strings;
ip = "10.88.200.10";
image = "docker.io/lloesche/valheim-server";
domain = "${name}.tigor.web.id";
user = config.profile.user;
uid = toString user.uid;
gid = toString user.gid;
base_dir = "/var/lib/${name}";
in
{
config = mkIf (podman.enable && podman.${name}.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:80
'';
sops =
let
opts = { sopsFile = ../../secrets/valheim.yaml; };
in
{
secrets = {
"valheim/server/password" = opts;
"valheim/admins/admin_1" = opts;
"valheim/admins/admin_2" = opts;
"valheim/admins/admin_3" = opts;
};
templates."valheim-env".content =
let
placeholder = config.sops.placeholder;
in
/*sh*/ ''
SERVER_PASS=${placeholder."valheim/server/password"}
ADMINLIST_IDS=${placeholder."valheim/admins/admin_1"} ${placeholder."valheim/admins/admin_2"} ${placeholder."valheim/admins/admin_3"}
'';
};
systemd.tmpfiles.settings."podman-${name}".${base_dir}.d = {
group = config.profile.user.name;
mode = "0755";
user = config.profile.user.name;
};
virtualisation.oci-containers.containers.${name} =
{
inherit image;
hostname = name;
autoStart = true;
ports = [
"2456:2456/udp"
"2457:2457/udp"
];
volumes = [
"${base_dir}/config:/config"
"${base_dir}/data:/opt/valheim"
];
environment = {
TZ = "Asia/Jakarta";
SERVER_NAME = "Three Musketeers";
WORLD_NAME = "Bebas";
STATUS_HTTP = "true";
PUID = uid;
PGID = gid;
};
extraOptions = [
"--network=podman"
"--ip=${ip}"
"--cap-add=sys_nice"
];
environmentFiles = [
config.sops.templates."valheim-env".path
];
labels = {
"io.containers.autoupdate" = "registry";
};
};
};
}

14
system/services/caddy.nix
View file

@ -17,13 +17,19 @@ in
reverse_proxy 192.168.100.1 reverse_proxy 192.168.100.1
''; '';
services.caddy.virtualHosts."hosts.tigor.web.id".extraConfig = services.caddy.virtualHosts."tigor.web.id".extraConfig =
let let
domains = attrsets.mapAttrsToList (name: _: strings.removePrefix "https://" name) config.services.caddy.virtualHosts; domains = attrsets.mapAttrsToList (name: _: strings.removePrefix "https://" name) config.services.caddy.virtualHosts;
sortedDomains = lists.sort (a: b: a < b) domains; sortedDomains = lists.sort (a: b: a < b) domains;
list = map (domain: /*html*/ ''<div class="col col-sm-6 col-md-4 col-lg-3"><a href="https://${domain}">${domain}</a></div>'') sortedDomains; list = map
(domain: /*html*/ ''
<div class="col-12 col-sm-6 col-md-4 col-lg-3 text-center align-middle">
<a href="https://${domain}">${domain}</a>
</div>'')
sortedDomains;
items = strings.concatStringsSep "\n" list; items = strings.concatStringsSep "\n" list;
html = /*html*/ ''<!DOCTYPE html> html = /*html*/
''<!DOCTYPE html>
<html> <html>
<head> <head>
<title>Hosted Sites</title> <title>Hosted Sites</title>
@ -35,7 +41,7 @@ in
</head> </head>
<body class="container"> <body class="container">
<h1 class="text-center">Hosted Sites</h1> <h1 class="text-center">Hosted Sites</h1>
<div class="row g-2"> <div class="row g-4">
${items} ${items}
</div> </div>
</body> </body>

154
system/services/telemetry/alloy.nix Normal file
View file

@ -0,0 +1,154 @@
{ config, lib, inputs, unstable, ... }:
let
cfg = config.profile.services.telemetry.alloy;
webguiListenAddress = "0.0.0.0:5319";
domain = "alloy.tigor.web.id";
inherit (lib.strings) optionalString;
in
{
imports = [
# Grafana Alloy is still in unstable options.
"${inputs.nixpkgs-unstable}/nixos/modules/services/monitoring/alloy.nix"
];
config = lib.mkIf cfg.enable {
services.alloy = {
enable = true;
extraFlags = [
''--server.http.listen-addr=${webguiListenAddress}''
];
package = unstable.grafana-alloy;
};
sops = {
secrets =
let
opts = { };
in
{
"caddy/basic_auth/username" = opts;
"caddy/basic_auth/password" = opts;
};
templates = {
"alloy-basic-auth".content = /*sh*/ ''
ALLOY_USERNAME=${config.sops.placeholder."caddy/basic_auth/username"}
ALLOY_PASSWORD=${config.sops.placeholder."caddy/basic_auth/password"}
'';
};
};
services.caddy.virtualHosts.${domain}.extraConfig = ''
@require_auth not remote_ip private_ranges
basicauth @require_auth {
{$ALLOY_USERNAME} {$ALLOY_PASSWORD}
}
reverse_proxy ${webguiListenAddress}
'';
systemd.services.caddy.serviceConfig.EnvironmentFile = [
config.sops.templates."alloy-basic-auth".path
];
environment.etc."alloy/config.alloy".text =
let
lokiConfig = config.services.loki.configuration;
tempoServer = config.services.tempo.settings.server;
mimirServer = config.services.mimir.configuration.server;
in
/*hcl*/ ''
otelcol.receiver.otlp "homeserver" {
grpc {
endpoint = "0.0.0.0:5317"
}
http {
endpoint = "0.0.0.0:5318"
}
output {
metrics = [otelcol.processor.batch.default.input]
logs = [otelcol.processor.batch.default.input]
traces = [otelcol.processor.batch.default.input]
}
}
otelcol.processor.batch "default" {
output {
metrics = [otelcol.exporter.prometheus.mimir.input]
logs = [otelcol.exporter.loki.default.input]
traces = [otelcol.exporter.otlp.tempo.input]
}
}
otelcol.exporter.loki "default" {
forward_to = [loki.write.default.receiver]
}
otelcol.exporter.prometheus "mimir" {
forward_to = [prometheus.remote_write.mimir.receiver]
}
loki.write "default" {
endpoint {
url = "http://${lokiConfig.server.http_listen_address}:${toString lokiConfig.server.http_listen_port}/loki/api/v1/push"
}
}
loki.relabel "journal" {
forward_to = []
rule {
source_labels = ["__journal__systemd_unit"]
target_label = "unit"
}
rule {
source_labels = ["__journal__hostname"]
target_label = "host"
}
rule {
source_labels = [ "__journal__systemd_user_unit" ]
target_label = "user_unit"
}
rule {
source_labels = [ "__journal__transport" ]
target_label = "transport"
}
rule {
source_labels = [ "__journal_priority_keyword" ]
target_label = "severity"
}
}
loki.source.journal "read" {
forward_to = [loki.write.default.receiver]
relabel_rules = loki.relabel.journal.rules
labels = {
job = "systemd-journal",
component = "loki.source.journal",
}
}
otelcol.exporter.otlp "tempo" {
client {
endpoint = "${tempoServer.http_listen_address}:${toString tempoServer.http_listen_port}"
}
}
prometheus.exporter.unix "system" {}
prometheus.scrape "system" {
targets = prometheus.exporter.unix.system.targets
forward_to = [prometheus.remote_write.mimir.receiver]
}
prometheus.remote_write "mimir" {
endpoint {
url = "http://${mimirServer.http_listen_address}:${toString mimirServer.http_listen_port}/api/v1/push"
}
}
'';
};
}

2
system/services/telemetry/default.nix
View file

@ -4,5 +4,7 @@
./grafana.nix ./grafana.nix
./loki.nix ./loki.nix
./tempo.nix ./tempo.nix
./alloy.nix
./mimir.nix
]; ];
} }

68
system/services/telemetry/loki.nix
View file

@ -39,74 +39,6 @@ in
reverse_proxy ${server.http_listen_address}:${toString server.http_listen_port} reverse_proxy ${server.http_listen_address}:${toString server.http_listen_port}
''; '';
systemd.tmpfiles.settings = {
"promtail-dir" = {
"/var/lib/promtail" = {
d = {
group = "promtail";
mode = "0755";
user = "promtail";
};
};
};
};
services.promtail = {
enable = true;
configuration = {
server = {
http_listen_port = 3031;
grpc_listen_port = 0;
};
clients = [
{
url = "http://${server.http_listen_address}:${toString server.http_listen_port}/loki/api/v1/push";
}
];
positions = {
filename = "/var/lib/promtail/positions.yaml";
};
scrape_configs = [
{
job_name = "systemd-journal";
relabel_configs = [
{
source_labels = [ "__journal__hostname" ];
target_label = "host";
}
{
source_labels = [ "__journal__systemd_unit" ];
target_label = "systemd_unit";
regex = ''(.+)'';
}
{
source_labels = [ "__journal__systemd_user_unit" ];
target_label = "systemd_user_unit";
regex = ''(.+)'';
}
{
source_labels = [ "__journal__transport" ];
target_label = "transport";
regex = ''(.+)'';
}
{
source_labels = [ "__journal_priority_keyword" ];
target_label = "severity";
regex = ''(.+)'';
}
];
journal = {
labels = {
job = "systemd-journal";
};
path = "/var/log/journal";
};
}
];
};
};
services.loki = services.loki =
let let
dataDir = config.services.loki.dataDir; dataDir = config.services.loki.dataDir;

120
system/services/telemetry/mimir.nix Normal file
View file

@ -0,0 +1,120 @@
{ config, lib, ... }:
let
cfg = config.profile.services.telemetry.mimir;
inherit (lib) mkIf;
baseDir = "/var/lib/mimir";
domain = "mimir.tigor.web.id";
in
{
config = mkIf cfg.enable {
sops = {
secrets =
let
opts = { };
in
{
"caddy/basic_auth/username" = opts;
"caddy/basic_auth/password" = opts;
};
templates = {
"mimir-basic-auth".content = /*sh*/ ''
MIMIR_USERNAME=${config.sops.placeholder."caddy/basic_auth/username"}
MIMIR_PASSWORD=${config.sops.placeholder."caddy/basic_auth/password"}
'';
};
};
systemd.services."caddy".serviceConfig = {
EnvironmentFile = [ config.sops.templates."mimir-basic-auth".path ];
};
services.caddy.virtualHosts.${domain}.extraConfig =
let
mimirServerConfig = config.services.mimir.configuration.server;
hostAddress = "${mimirServerConfig.http_listen_address}:${toString mimirServerConfig.http_listen_port}";
in
''
@require_auth not remote_ip private_ranges
basicauth @require_auth {
{$ALLOY_USERNAME} {$ALLOY_PASSWORD}
}
reverse_proxy ${hostAddress}
'';
services.mimir = {
enable = true;
configuration = {
multitenancy_enabled = false;
server = {
http_listen_address = "0.0.0.0";
http_listen_port = 4400;
grpc_listen_port = 4401;
};
common = {
storage = {
backend = "filesystem";
filesystem.dir = "${baseDir}/metrics";
};
};
blocks_storage = {
backend = "filesystem";
bucket_store.sync_dir = "${baseDir}/tsdb-sync";
filesystem.dir = "${baseDir}/data/tsdb";
tsdb.dir = "${baseDir}/tsdb";
};
compactor = {
data_dir = "${baseDir}/data/compactor";
sharding_ring.kvstore.store = "memberlist";
};
distributor = {
ring = {
instance_addr = "127.0.0.1";
kvstore.store = "memberlist";
};
};
ingester = {
ring = {
instance_addr = "127.0.0.1";
kvstore.store = "memberlist";
replication_factor = 1;
};
};
ruler_storage = {
backend = "filesystem";
filesystem.dir = "${baseDir}/data/rules";
};
store_gateway.sharding_ring.replication_factor = 1;
};
};
services.grafana.provision.datasources.settings.datasources =
let
server = config.services.mimir.configuration.server;
in
[
{
name = "Mimir";
type = "prometheus";
uid = "mimir";
access = "proxy";
url = "http://${server.http_listen_address}:${toString server.http_listen_port}/prometheus";
basicAuth = false;
jsonData = {
httpMethod = "POST";
prometheusType = "Mimir";
timeout = 30;
};
}
];
};
}

6
system/services/telemetry/tempo.nix
View file

@ -34,11 +34,13 @@ in
}; };
services.caddy.virtualHosts.${domain}.extraConfig = '' services.caddy.virtualHosts.${domain}.extraConfig = ''
basicauth { @require_auth not remote_ip private_ranges
basicauth @require_auth {
{$TEMPO_USERNAME} {$TEMPO_PASSWORD} {$TEMPO_USERNAME} {$TEMPO_PASSWORD}
} }
reverse_proxy ${server.http_listen_address}:${toString server.http_listen_port} reverse_proxy ${server.http_listen_address}:3200
''; '';
services.tempo = { services.tempo = {