Compare commits
8 commits
fe75c68740
...
41fa538e30
Author | SHA1 | Date | |
---|---|---|---|
Tigor Hutasuhut | 41fa538e30 | ||
Tigor Hutasuhut | 0f56e29da7 | ||
Tigor Hutasuhut | b566cdb15c | ||
Tigor Hutasuhut | 57fa4724dd | ||
Tigor Hutasuhut | 13938b108c | ||
Tigor Hutasuhut | 534ed89730 | ||
Tigor Hutasuhut | eb2b08a587 | ||
Tigor Hutasuhut | 9e9906819d |
|
@ -27,27 +27,31 @@ in
|
|||
if cfg.autoAttach then
|
||||
/*bash*/
|
||||
''
|
||||
if [[ -z "$ZELLIJ" ]]; then
|
||||
ZJ_SESSIONS=$(zellij list-sessions --no-formatting)
|
||||
NO_SESSIONS=$(echo "$ZJ_SESSIONS" | wc -l)
|
||||
if [ "$NO_SESSIONS" -ge 2 ]; then
|
||||
SELECTED_SESSION=$(echo "$ZJ_SESSIONS" | ${pkgs.skim}/bin/sk | awk '{print $1}')
|
||||
if [[ -n "''${SELECTED_SESSION// /}" ]]; then
|
||||
zellij attach -c "$SELECTED_SESSION"
|
||||
else
|
||||
zellij attach -c --index 0
|
||||
fi
|
||||
else
|
||||
zellij attach -c
|
||||
fi
|
||||
exit
|
||||
if [[ ! -z "$SSH_CLIENT" ]]; then
|
||||
if [[ -z "$ZELLIJ" ]]; then
|
||||
ZJ_SESSIONS=$(zellij list-sessions --no-formatting)
|
||||
NO_SESSIONS=$(echo "$ZJ_SESSIONS" | wc -l)
|
||||
if [ "$NO_SESSIONS" -ge 2 ]; then
|
||||
SELECTED_SESSION=$(echo "$ZJ_SESSIONS" | ${pkgs.skim}/bin/sk | awk '{print $1}')
|
||||
if [[ -n "''${SELECTED_SESSION// /}" ]]; then
|
||||
zellij attach -c "$SELECTED_SESSION"
|
||||
else
|
||||
zellij attach -c --index 0
|
||||
fi
|
||||
else
|
||||
zellij attach -c
|
||||
fi
|
||||
exit
|
||||
fi
|
||||
fi
|
||||
''
|
||||
else
|
||||
/*bash*/ ''
|
||||
if [[ -z "$ZELLIJ" ]]; then
|
||||
zellij attach -c default
|
||||
exit
|
||||
if [[ ! -z "$SSH_CLIENT" ]]; then
|
||||
if [[ -z "$ZELLIJ" ]]; then
|
||||
zellij attach -c default
|
||||
exit
|
||||
fi
|
||||
fi
|
||||
''
|
||||
);
|
||||
|
|
|
@ -23,6 +23,12 @@ in
|
|||
photoprism.enable = mkEnableOption "photoprism";
|
||||
navidrome.enable = mkEnableOption "navidrome";
|
||||
|
||||
ntfy-sh.enable = mkEnableOption "ntfy-sh";
|
||||
ntfy-sh.client.enable = mkOption {
|
||||
type = types.bool;
|
||||
default = config.profile.services.ntfy-sh.enable;
|
||||
};
|
||||
|
||||
telemetry = {
|
||||
enable = mkEnableOption "telemetry";
|
||||
grafana.enable = mkOption {
|
||||
|
|
|
@ -96,5 +96,6 @@ in
|
|||
programs.easyeffects.enable = true;
|
||||
programs.wezterm.enable = true;
|
||||
podman.enable = true;
|
||||
services.ntfy-sh.client.enable = true;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -11,7 +11,7 @@
|
|||
user = {
|
||||
name = "homeserver";
|
||||
fullName = "Homeserver";
|
||||
getty.autoLogin = true;
|
||||
getty.autoLogin = false;
|
||||
};
|
||||
system.stateVersion = "24.05";
|
||||
|
||||
|
@ -70,6 +70,7 @@
|
|||
photoprism.enable = true;
|
||||
navidrome.enable = true;
|
||||
telemetry.enable = true;
|
||||
ntfy-sh.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
24
secrets/ntfy.yaml
Normal file
24
secrets/ntfy.yaml
Normal file
|
@ -0,0 +1,24 @@
|
|||
ntfy:
|
||||
default:
|
||||
user: ENC[AES256_GCM,data:M9XiXH3/Nr3/3A==,iv:Ealcewpj/GCWU+U6F+7onCfVaraE+f5Wkt63tlitnlQ=,tag:ARwnlFs1VfwcQKlIkeQQeg==,type:str]
|
||||
password: ENC[AES256_GCM,data:56el7+jh6TcI9UzeXZW5aa7cUG9ycd8a2mw=,iv:iYpkWG37dpZ4dEN5zjg4P8On969hWqWcumJ7h5hLmjk=,tag:tlGDQmJ0+xl9yO42FTp19w==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOQXV1QXNCZmFFWGJzUXM2
|
||||
TWNvd1ppeUNFMitFK0dUd1UvYmpOeS9xK0RNClAydkMvQm1ZbEJTbUZnVmN1TDJ2
|
||||
NEI3L25FWlExaSt2bWg2ekRxNVZGcGMKLS0tIFVzMXdDMXZWdXZkZ1lrZE5obmMw
|
||||
VW9lVkh5eTkyLzdtK0RScHlhMTBaR28KHyMRxCQe65ZM1v4iB6mgiQxZ84/sEdr0
|
||||
k0tBwcBlgGK/SF6P9GdCVopFHN8os25YEYMNg8kjAh/qs4N2gTXMEQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-09-05T02:52:58Z"
|
||||
mac: ENC[AES256_GCM,data:CCLd4p+6V4P2ioE2lKoPctbQ9/d/DcS7m895l3+ty48JT0iZMx32gBubn0TGvdjp6x705uSYZySkM2YACFMhkifuLMxeGLGJu1rBfrXO2bYuHDAhni5fLP/XIsC+FlPbHEOXAnYpAO0y1TLBw7xKz8Tjl3yAC0L00LzIS6URir0=,iv:akFHjwnO9gtZ73NMI8pj0J87q5D6U9SiNLzfRfJUE90=,tag:CMNqOnREytCrEo+bh2l1BA==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
|
@ -6,6 +6,11 @@ spotify:
|
|||
username: ENC[AES256_GCM,data:7uYX5Co=,iv:zc03i9P/nX6hIe/SfUulH2T3BkxD/1xiqG2izmaJbho=,tag:/djGWrxvsG9L5x3vHc9TwQ==,type:str]
|
||||
password: ENC[AES256_GCM,data:Yf2NCLuXVd28kPCHLLc=,iv:Ip4tAMOW5h8TPKavB7pTMt/ojtCq1wxw3Syhey4dGQI=,tag:b2FGiXAo66S6goiH43NQBA==,type:str]
|
||||
copilot: ENC[AES256_GCM,data:wxevVVvWYQv5iGH5I4BldwBJWMwL2BYH2b5GbemzbZRhTzNkgvNovQ2fE9gWqBginQwW5TSLgIHJnAqCYEokS26jOHXI7c1r2C1CKEp44AIwD2wb61KACH4nFCa71Blx/w==,iv:QvcwaasP8sVz8qdRWdt3aAMXV+E9eMotc74ARsSRLbw=,tag:OiktpnOw2UovNod3W41zZQ==,type:str]
|
||||
caddy:
|
||||
basic_auth:
|
||||
username: ENC[AES256_GCM,data:EB17m1q/RVK9RA==,iv:5tZm640K3X44otNB85UVGTJrDd/hwpS7lPhnzvDdqps=,tag:E0u1KjM2XP7c1h3SkPxN1g==,type:str]
|
||||
#ENC[AES256_GCM,data:uATOQMrhNQTWWtE3vIo4QnCM/W55eAUKQk1t,iv:RP/MYFWahIie1m7TJgr7QXWgeTi4g/qLp0IdJNILQWk=,tag:UsJzYRaJjha9xNc0+5kzvQ==,type:comment]
|
||||
password: ENC[AES256_GCM,data:CNquBB3XWlcIgsXp7Emt9i1Oz0Bws4J6mRszWeNh5HJ11ccTAbiPN2fJSISybHY0J2Rzeuzy+FvX5Ccx,iv:1oX9MTU13FUarX0DRlfsPNS6qT5xz5GpGxlMH5UsANA=,tag:TUmFfJR9WAoX/fXgRRvdQw==,type:str]
|
||||
docker:
|
||||
config: ENC[AES256_GCM,data:H/m7lUf5UQY61QhKV9zOBnsHhrzwowj7sJ8iTwejNdUlL/JFOTCymsPA0ND4GBGAlInMMSsfBf3HYTSlTx9izjM203Hh09kjFkUxgvrJPFwATsBswQz09GBE5Rk7qxcEIKlhsEMP8I0lwJRNzqpfw/i+dLYzDiboYnNxZ9wbRKEc7pOxbboDAJkwNLyIsQP+JbVXOYw1cyieXhP4VB0h95qukP+5RWA+0REPeUVYObDI1ZWm7rU0KjwYM0E1ZlwC7Tnu1N5A5UC5zkSCv4U21lkTLYVaesgYqp3qg50SEM2cQFygfFzZ1j7H0kKKKzO4d9d0MtLYLAfcq2v/cWUuB7dQPjcbhpBD5jnF03twLAH0ynMpvzinncCG00YTqrNWUJqsPwn7/enKmIsl55zPd0fc,iv:pJzMZrq+V7yPR+czDTTZspUTcajELPRHZevB5a7CtOo=,tag:jtSJZQ3lsuBUtFDGHuWibQ==,type:str]
|
||||
sops:
|
||||
|
@ -23,8 +28,8 @@ sops:
|
|||
UFFON2V5UWp1UUpETzZNSnVJdk5GcWsKupkOEN8OI/EOeu4Kkjo/SNhxMw2pa/gs
|
||||
DzlsQRvytwCvAtr7zqHJvS6oeWlyjbirAHlpSzNS4QcqtbtK3mHC/Q==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-06-13T09:09:57Z"
|
||||
mac: ENC[AES256_GCM,data:Ovi5vtxADk/vb899WuaU8uWCsM/zN7jTWF47ivJxbgtGlIbQQWeI9eY0s+VaPSdGSshJCP4RYasoJBeL0CiZ64wdLtwsDqfbAB6k8LtS/YRY/hDVGvUG+5GDP+I12q5xbHzJbjiKFN4yLRuK9WVyBQp7TRr484zkdjDDkApoC6w=,iv:FCc/9Xq4xsKQ+Hwi4VpCY8/F4+zHezv42wWpSaGsrjc=,tag:m+dnpB6LjzSvf7cgugEk7g==,type:str]
|
||||
lastmodified: "2024-09-04T13:29:44Z"
|
||||
mac: ENC[AES256_GCM,data:zzOhlLYUtfietpg6Rszbv8/D0vJ0ghbA00ce+U1CJQZ1z7fbK9K7gjrapCl3CzLQLLfIClad+aUYhtHrNxSbq4W+VbtBtUtXdCgOsnF7+3MMPk+LcngPKuO25AgfS7EZQ8EYoazJB2lmlU+9Cd84k6RHvmaFSCJ8o0PSA77Kuk0=,iv:pphrY5oOAPLyCeGhaqg28G7xGN7Y4vkJBcJBjtFMI30=,tag:ZSlEkZsaDWwSwBQtQ/Xt3w==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
soulseek:
|
||||
env: ENC[AES256_GCM,data:r9AABW2U8Zr4fnYwF66SkJts/ljRyLsqpXQZWMQdtRpe6bkSY+s7hwXYVexjp1UVruLcAu+x7A==,iv:rngXQd3Xn/8nl5fE33BDQl++EGdHMMJPvg9KQfDA/II=,tag:r5WvaCGpo6pq8SgYEwv3UA==,type:str]
|
||||
caddy:
|
||||
username: ENC[AES256_GCM,data:c6yEVdiFjKt3pA==,iv:Wf+OSRliVuDicFcbqDFGn/KjRUQeF3DNx7P/sDXV8wA=,tag:9eepU589jS9HhQ7I7SsOsg==,type:str]
|
||||
#ENC[AES256_GCM,data:ulRtu2Yg41GuclGqJJehbZgYdtdxtFv+LHeC,iv:64IncaTWsU9wcL1HNAMYDVMXelJuDUzeXGqx1FMHeag=,tag:B9bGHIQlEKV44it90KKZKg==,type:comment]
|
||||
password: ENC[AES256_GCM,data:mOWu5RcnVKne3uLFdidI53F/6h4q22aST9Eo3n96IHBf2Y0+KSOhdlWSqQECTcTYqUb/GD6luA/tjgUV,iv:JAAF/vWUJ3yTAYLwaZT2GPqeZ9NCkXDct8Alxpt7tWw=,tag:6n2WrY5ZAbPNTDEhJ/6wVQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
|
@ -15,8 +19,8 @@ sops:
|
|||
M3NzdHlsL2hENll3QnVBaXBiN2JPRzgKytdiV9iYS69v1+ub790lu4sPaMe4Auac
|
||||
dnYZHUyMBFqvHjdQH+y4wYZ+k/O6vLwWJE0uR7ErhShrpLQmYVwdAw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-08-20T12:21:42Z"
|
||||
mac: ENC[AES256_GCM,data:n4zNdElxX38hgAUpVNpbfSlyFedriNoB1jXB8whrXVVu/X7Y5GX2Jg1sxNjLGrY/UXHen2sc7v25iz+2eM/IGXZhKn9ZOfuLUedRyR4wJP48h1RsPt9a20Mo6dTsUKHnyHBbbGA2iLlmt815yUtEwQPbj28SMGh1Ir6ppxNrLvI=,iv:3lC6pSyB1K7gN8yHhfaLL8JEa9pwTSKqMKgTlxDK9XU=,tag:fALAy3QdW0iTIu+vv4T5qw==,type:str]
|
||||
lastmodified: "2024-09-04T13:21:43Z"
|
||||
mac: ENC[AES256_GCM,data:s+d/Y+Rgyaut70WVHWL0P/XORW6d5lZSeCZOlQhGL1/M10VH4wADGK08JSqdUoUsD3kWmAw0ARrnEiNeqX3daTATkgYIq6mTiAP51bDX6d0qlvi5qddYjgq0AjEyHL6GGQVeFel7bZ/fGT7Q+BTLMq+A/YJkhk+EgFVSVywSTbc=,iv:8u2o4KhSSf/XaLaR24n0aloAdtbz87wbECmFKf9R8Z4=,tag:B+ONOjbtPdraV28PvEbdYg==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.8.1
|
||||
|
|
|
@ -11,13 +11,45 @@ let
|
|||
user = config.profile.user;
|
||||
uid = toString user.uid;
|
||||
gid = toString user.gid;
|
||||
basic_auth = {
|
||||
username = "soulseek/caddy/username";
|
||||
password = "soulseek/caddy/password";
|
||||
template = "soulseek/caddy/basic_auth";
|
||||
};
|
||||
in
|
||||
{
|
||||
config = mkIf (podman.enable && podman.${name}.enable) {
|
||||
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
||||
@require_auth not remote_ip private_ranges
|
||||
|
||||
basicauth @require_auth {
|
||||
{$SOULSEEK_USERNAME} {$SOULSEEK_PASSWORD}
|
||||
}
|
||||
|
||||
reverse_proxy ${ip}:6080
|
||||
'';
|
||||
|
||||
sops = {
|
||||
secrets =
|
||||
let
|
||||
opts = { sopsFile = ../../secrets/soulseek.yaml; };
|
||||
in
|
||||
{
|
||||
${basic_auth.username} = opts;
|
||||
${basic_auth.password} = opts;
|
||||
};
|
||||
templates = {
|
||||
${basic_auth.template}.content = /*sh*/ ''
|
||||
SOULSEEK_USERNAME=${config.sops.placeholder.${basic_auth.username}}
|
||||
SOULSEEK_PASSWORD=${config.sops.placeholder.${basic_auth.password}}
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
# systemd.services."caddy".serviceConfig = {
|
||||
# EnvironmentFile = [ config.sops.templates.${basic_auth.template}.path ];
|
||||
# };
|
||||
|
||||
system.activationScripts."podman-${name}" = ''
|
||||
mkdir -p ${rootVolume}/{config,downloads,incomplete}
|
||||
chown ${uid}:${gid} ${rootVolume} ${rootVolume}/{config,downloads,incomplete}
|
||||
|
@ -32,6 +64,9 @@ in
|
|||
serviceName = "podman-${name}-autorestart";
|
||||
in
|
||||
{
|
||||
services."caddy".serviceConfig = {
|
||||
EnvironmentFile = [ config.sops.templates.${basic_auth.template}.path ];
|
||||
};
|
||||
services.${serviceName} = {
|
||||
description = "Podman container ${name} autorestart";
|
||||
serviceConfig = {
|
||||
|
|
|
@ -10,10 +10,37 @@ let
|
|||
user = config.profile.user;
|
||||
uid = toString user.uid;
|
||||
gid = toString user.gid;
|
||||
basic_auth = {
|
||||
username = "caddy/basic_auth/username";
|
||||
password = "caddy/basic_auth/password";
|
||||
template = "caddy/basic_auth";
|
||||
};
|
||||
in
|
||||
{
|
||||
config = mkIf (podman.enable && podman.${name}.enable) {
|
||||
sops = {
|
||||
secrets =
|
||||
let
|
||||
opts = { };
|
||||
in
|
||||
{
|
||||
${basic_auth.username} = opts;
|
||||
${basic_auth.password} = opts;
|
||||
};
|
||||
templates = {
|
||||
${basic_auth.template}.content = /*sh*/ ''
|
||||
YTPTUBE_USERNAME=${config.sops.placeholder.${basic_auth.username}}
|
||||
YTPTUBE_PASSWORD=${config.sops.placeholder.${basic_auth.password}}
|
||||
'';
|
||||
};
|
||||
};
|
||||
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
||||
@require_auth not remote_ip private_ranges
|
||||
|
||||
basicauth @require_auth {
|
||||
{$YTPTUBE_USERNAME} {$YTPTUBE_PASSWORD}
|
||||
}
|
||||
|
||||
reverse_proxy ${ip}:8081
|
||||
'';
|
||||
system.activationScripts."podman-${name}" = ''
|
||||
|
@ -21,6 +48,10 @@ in
|
|||
chown -R ${uid}:${gid} ${volume}
|
||||
'';
|
||||
|
||||
systemd.services."caddy".serviceConfig = {
|
||||
EnvironmentFile = [ config.sops.templates.${basic_auth.template}.path ];
|
||||
};
|
||||
|
||||
environment.etc."podman/${name}/ytdlp.json" = {
|
||||
# https://github.com/arabcoders/ytptube?tab=readme-ov-file#ytdlpjson-file
|
||||
source = (pkgs.formats.json { }).generate "config.json" {
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ config, lib, ... }:
|
||||
let
|
||||
cfg = config.profile.services.caddy;
|
||||
inherit (lib) mkIf;
|
||||
inherit (lib) mkIf attrsets strings lists;
|
||||
in
|
||||
{
|
||||
config = mkIf cfg.enable {
|
||||
|
@ -16,5 +16,36 @@ in
|
|||
|
||||
reverse_proxy 192.168.100.1
|
||||
'';
|
||||
|
||||
services.caddy.virtualHosts."hosts.tigor.web.id".extraConfig =
|
||||
let
|
||||
domains = attrsets.mapAttrsToList (name: _: strings.removePrefix "https://" name) config.services.caddy.virtualHosts;
|
||||
sortedDomains = lists.sort (a: b: a < b) domains;
|
||||
list = map (domain: /*html*/ ''<div class="col col-sm-6 col-md-4 col-lg-3"><a href="https://${domain}">${domain}</a></div>'') sortedDomains;
|
||||
items = strings.concatStringsSep "\n" list;
|
||||
html = /*html*/ ''<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
<title>Hosted Sites</title>
|
||||
<link
|
||||
rel="stylesheet"
|
||||
href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css"
|
||||
integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH"
|
||||
crossorigin="anonymous">
|
||||
</head>
|
||||
<body class="container">
|
||||
<h1 class="text-center">Hosted Sites</h1>
|
||||
<div class="row g-2">
|
||||
${items}
|
||||
</div>
|
||||
</body>
|
||||
</html>'';
|
||||
in
|
||||
''
|
||||
header Content-Type text/html
|
||||
respond <<EOF
|
||||
${html}
|
||||
EOF 200
|
||||
'';
|
||||
};
|
||||
}
|
||||
|
|
|
@ -17,5 +17,6 @@
|
|||
./syncthing.nix
|
||||
./wireguard.nix
|
||||
./photoprism.nix
|
||||
./ntfy-sh.nix
|
||||
];
|
||||
}
|
||||
|
|
77
system/services/ntfy-sh.nix
Normal file
77
system/services/ntfy-sh.nix
Normal file
|
@ -0,0 +1,77 @@
|
|||
{ config, pkgs, lib, ... }:
|
||||
let
|
||||
cfg = config.profile.services.ntfy-sh;
|
||||
client = cfg.client;
|
||||
inherit (lib) mkIf;
|
||||
domain = "ntfy.tigor.web.id";
|
||||
listenAddress = "0.0.0.0:15150";
|
||||
in
|
||||
lib.mkMerge [
|
||||
(mkIf cfg.enable {
|
||||
services.caddy.virtualHosts.${domain}.extraConfig = ''
|
||||
reverse_proxy ${listenAddress}
|
||||
'';
|
||||
|
||||
services.ntfy-sh = {
|
||||
enable = true;
|
||||
settings =
|
||||
let
|
||||
base-dir = "/var/lib/ntfy-sh";
|
||||
in
|
||||
rec {
|
||||
listen-http = listenAddress;
|
||||
behind-proxy = true;
|
||||
base-url = "https://${domain}";
|
||||
|
||||
# Performance. Cache and Batching.
|
||||
cache-file = "${base-dir}/cache.db";
|
||||
cache-duration = "24h";
|
||||
cache-batch-size = 10;
|
||||
cache-batch-timeout = "1s";
|
||||
|
||||
# Auth
|
||||
auth-file = "${base-dir}/auth.db";
|
||||
auth-default-access = "deny-all";
|
||||
|
||||
# Attachments
|
||||
attachment-cache-dir = "${base-dir}/attachments";
|
||||
attachment-expiry-duration = cache-duration;
|
||||
};
|
||||
};
|
||||
})
|
||||
(mkIf client.enable {
|
||||
environment.systemPackages = with pkgs; [
|
||||
# Access to `ntfy` cli tool
|
||||
ntfy-sh
|
||||
];
|
||||
|
||||
environment.sessionVariables = {
|
||||
NTFY_CONFIG = "/etc/ntfy/client.yml";
|
||||
};
|
||||
|
||||
sops = {
|
||||
secrets =
|
||||
let
|
||||
opts = { sopsFile = ../../secrets/ntfy.yaml; };
|
||||
in
|
||||
{
|
||||
"ntfy/default/user" = opts;
|
||||
"ntfy/default/password" = opts;
|
||||
};
|
||||
|
||||
templates =
|
||||
let filename = "ntfy-client.yaml"; in
|
||||
{
|
||||
${filename} = {
|
||||
content = builtins.readFile ((pkgs.formats.yaml { }).generate filename {
|
||||
default-host = "https://${domain}";
|
||||
default-user = config.sops.placeholder."ntfy/default/user";
|
||||
default-password = config.sops.placeholder."ntfy/default/password";
|
||||
});
|
||||
path = "/etc/ntfy/client.yml";
|
||||
owner = config.profile.user.name;
|
||||
};
|
||||
};
|
||||
};
|
||||
})
|
||||
]
|
|
@ -39,6 +39,74 @@ in
|
|||
reverse_proxy ${server.http_listen_address}:${toString server.http_listen_port}
|
||||
'';
|
||||
|
||||
|
||||
systemd.tmpfiles.settings = {
|
||||
"promtail-dir" = {
|
||||
"/var/lib/promtail" = {
|
||||
d = {
|
||||
group = "promtail";
|
||||
mode = "0755";
|
||||
user = "promtail";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
services.promtail = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
server = {
|
||||
http_listen_port = 3031;
|
||||
grpc_listen_port = 0;
|
||||
};
|
||||
clients = [
|
||||
{
|
||||
url = "http://${server.http_listen_address}:${toString server.http_listen_port}/loki/api/v1/push";
|
||||
}
|
||||
];
|
||||
positions = {
|
||||
filename = "/var/lib/promtail/positions.yaml";
|
||||
};
|
||||
scrape_configs = [
|
||||
{
|
||||
job_name = "systemd-journal";
|
||||
relabel_configs = [
|
||||
{
|
||||
source_labels = [ "__journal__hostname" ];
|
||||
target_label = "host";
|
||||
}
|
||||
{
|
||||
source_labels = [ "__journal__systemd_unit" ];
|
||||
target_label = "systemd_unit";
|
||||
regex = ''(.+)'';
|
||||
}
|
||||
{
|
||||
source_labels = [ "__journal__systemd_user_unit" ];
|
||||
target_label = "systemd_user_unit";
|
||||
regex = ''(.+)'';
|
||||
}
|
||||
{
|
||||
source_labels = [ "__journal__transport" ];
|
||||
target_label = "transport";
|
||||
regex = ''(.+)'';
|
||||
}
|
||||
{
|
||||
source_labels = [ "__journal_priority_keyword" ];
|
||||
target_label = "severity";
|
||||
regex = ''(.+)'';
|
||||
}
|
||||
];
|
||||
journal = {
|
||||
labels = {
|
||||
job = "systemd-journal";
|
||||
};
|
||||
path = "/var/log/journal";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
services.loki =
|
||||
let
|
||||
dataDir = config.services.loki.dataDir;
|
||||
|
|
Loading…
Reference in a new issue