many many new things

2022-07-25 10:15:56 +02:00 · 2022-07-25 10:15:56 +02:00 · 054b18e763
commit 054b18e763
parent 2e16f22d37
8 changed files with 125 additions and 66 deletions
--- a/data/monitoring.toml
+++ b/data/monitoring.toml
@ -1,31 +1,34 @@
 [master]
 hostname = "ds9"
-ip = "10.0.0.2"
+ip = "100.83.96.25" # tailscale

 [hostOverrides]
 wormhole = "10.0.0.1"
 picard = "ragon.xyz"

-[exporters.nginx]
-hosts = [
-  "ds9",
-  "wormhole"
-]
+#[exporters.nginx]
+#hosts = [
+#  "ds9",
+#  "wormhole"
+#]

 [exporters.node]
-hosts = [ "ds9", "wormhole" ]
+hosts = [ "ds9", "picard" ]

 [exporters.smartctl]
 hosts = [ "ds9" ]

-[exporters.dnsmasq]
-hosts = [ "wormhole" ]
+# [exporters.dnsmasq]
+# hosts = [ "wormhole" ]
+# 
+# [exporters.wireguard]
+# hosts = [ "wormhole"]
+# 
+# [exporters.smokeping]
+# hosts = [ "wormhole"]

-[exporters.wireguard]
-hosts = [ "wormhole"]
-
-[exporters.smokeping]
-hosts = [ "wormhole"]
+[exporters.nginxlog]
+hosts = [ "picard", "ds9" ]

 [promtail]
-hosts = [ "wormhole", "ds9" ]
+hosts = [ "picard", "ds9" ]
--- a/flake.lock
+++ b/flake.lock
@ -40,11 +40,11 @@
    "coc-nvim": {
      "flake": false,
      "locked": {
-        "lastModified": 1655204674,
-        "narHash": "sha256-bsrCvgQqIA4jD62PIcLwYdcBM+YLLKLI/x2H5c/bR50=",
+        "lastModified": 1659818816,
+        "narHash": "sha256-HnlyhYTHgbtiKLLiNaPfzyhfKCTm4IFEErEZo+CkKxs=",
        "owner": "neoclide",
        "repo": "coc.nvim",
-        "rev": "87e5dd692ec8ed7be25b15449fd0ab15a48bfb30",
+        "rev": "cf651a31736fc36c441bf307d2babff78280dd59",
        "type": "github"
      },
      "original": {
@ -98,11 +98,11 @@
        "nixpkgs": "nixpkgs"
      },
      "locked": {
-        "lastModified": 1658637786,
-        "narHash": "sha256-8FtSpwj6k559s6pujsXM1o7pqrEk4TFAEGLZ4a59zLI=",
+        "lastModified": 1659983351,
+        "narHash": "sha256-FsTn0f0t2B7AKAtCDOYd34ztKa+XOUtzRa4FtO8HgDw=",
        "owner": "nix-community",
        "repo": "emacs-overlay",
-        "rev": "920e88c44073e2a5394d2731c1cac265c6cbf2dd",
+        "rev": "a3770a9a619f508a0828df30cb10858663d4538b",
        "type": "github"
      },
      "original": {
@ -113,11 +113,11 @@
    },
    "flake-utils": {
      "locked": {
-        "lastModified": 1656928814,
-        "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
        "type": "github"
      },
      "original": {
@ -134,11 +134,11 @@
        "utils": "utils"
      },
      "locked": {
-        "lastModified": 1658582894,
-        "narHash": "sha256-6iR8KSePwH9O2mClhu2RvDO/Gu5ISqNSB6t4YS/poaA=",
+        "lastModified": 1659978484,
+        "narHash": "sha256-VkErPc8pXcuFQG7jkkaUOEMORe81oweRNlAYZJ2+aRI=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "d86c189158cb345e351190e362672a8485a52117",
+        "rev": "c1addfdad3825f75a66f8d73ec7d2f68c78ba6f8",
        "type": "github"
      },
      "original": {
@ -185,11 +185,11 @@
    },
    "nixos-hardware": {
      "locked": {
-        "lastModified": 1658401027,
-        "narHash": "sha256-z/sDfzsFOoWNO9nZGfxDCNjHqXvSVZLDBDSgzr9qDXE=",
+        "lastModified": 1659356074,
+        "narHash": "sha256-UwV6hZZEtchvtiTCCD/ODEv1226eam8kEgEyQb7xB0E=",
        "owner": "NixOS",
        "repo": "nixos-hardware",
-        "rev": "83009edccc2e24afe3d0165ed98b60ff7471a5f8",
+        "rev": "ea3efc80f8ab83cb73aec39f4e76fe87afb15a08",
        "type": "github"
      },
      "original": {
@ -201,11 +201,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1658609390,
-        "narHash": "sha256-hMXHtPRNIeAYkBzZ66g+4Tryac/NNbpZvPwd5jvMftw=",
+        "lastModified": 1659987637,
+        "narHash": "sha256-8l+5QiCkackVPu/F3vX7RCKHyYKxEsq/TKMuaG6UX5k=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "f4a4245e55660d0a590c17bab40ed08a1d010787",
+        "rev": "a47896bf817e7324471e687fc2bb2312fff682ce",
        "type": "github"
      },
      "original": {
@ -215,11 +215,11 @@
    },
    "nixpkgs-master": {
      "locked": {
-        "lastModified": 1658648081,
-        "narHash": "sha256-RL5nr4Xhp0zQeEGG/I3t3FmqaI9QrBg5PH31NF+7A/A=",
+        "lastModified": 1660000355,
+        "narHash": "sha256-ht+tJwtceMYgiCs/OUkxXyV3veBJ1vfCRVwgWh7a/8A=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "e494a908e8895b9cba18e21d5fc83362f64b3f6a",
+        "rev": "c4e832986f335abf8665788f4d56375d93ac8f33",
        "type": "github"
      },
      "original": {
@ -231,11 +231,11 @@
    },
    "nixpkgs_2": {
      "locked": {
-        "lastModified": 1658557357,
-        "narHash": "sha256-0gqNef6skYQKJSS2vLojxrXOrc72zoX5VTDKUqEo6Gk=",
+        "lastModified": 1659889440,
+        "narHash": "sha256-O8+FsHZzQIqjQjuh+VXbJtGrpPswm5ta2Z/eo72Lz2U=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "42ca9bef09e780eabe84328dd1b730cef978f098",
+        "rev": "4bdf4169ad2896236895ca607a843f30c9680345",
        "type": "github"
      },
      "original": {
@ -286,11 +286,11 @@
        "utils": "utils_2"
      },
      "locked": {
-        "lastModified": 1658492037,
-        "narHash": "sha256-i4TL1Tb/q7Y+Jk5JWk6FRWWei6yH0WtYVTnmmAr9B0c=",
+        "lastModified": 1658963292,
+        "narHash": "sha256-4OIpATLdPQvryyhRQPELeqNYC0n6PCyjD6LCPdwOztc=",
        "owner": "nix-community",
        "repo": "rnix-lsp",
-        "rev": "e6a41cbd317a21763ba61a19e594a3e1bf1023ca",
+        "rev": "ff18e04551a39ccdab0ff9c83926db3807b23478",
        "type": "github"
      },
      "original": {
@ -354,11 +354,11 @@
    },
    "utils_3": {
      "locked": {
-        "lastModified": 1656928814,
-        "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
        "owner": "numtide",
        "repo": "flake-utils",
-        "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
        "type": "github"
      },
      "original": {
@ -390,11 +390,11 @@
    "zsh-completions": {
      "flake": false,
      "locked": {
-        "lastModified": 1658238578,
-        "narHash": "sha256-bw3Fm/OOhHqrT7rAJtLAdFp3FV+9tDrK7+32HwYYpvU=",
+        "lastModified": 1659881821,
+        "narHash": "sha256-Pa5Dm13j2yvGrNGSsIv6JHn2UkePRrRp/Im933MaYzs=",
        "owner": "zsh-users",
        "repo": "zsh-completions",
-        "rev": "11258bcd48521b5bc7b683104bb0f5cb9375edee",
+        "rev": "b5ba0051dcc849cc27be7faf766f5806d99f7884",
        "type": "github"
      },
      "original": {
--- a/hm-imports/nvim/default.nix
+++ b/hm-imports/nvim/default.nix
@ -2,14 +2,14 @@
 {
  home.packages = with pkgs;[
    python3 # ultisnips
-    lazygit
-    nodejs
-    inputs.rnix-lsp.packages."${pkgs.system}".rnix-lsp
-    shfmt
-    shellcheck
-    vim-vint
-    nodePackages.write-good
-    ctags
+    #lazygit
+    #nodejs
+    #inputs.rnix-lsp.packages."${pkgs.system}".rnix-lsp
+    #shfmt
+    #shellcheck
+    #vim-vint
+    #nodePackages.write-good
+    #ctags
  ];
  home.file.".config/nvim".source = ./config;
  home.file.".config/nvim".recursive = true;
@ -32,10 +32,10 @@
            name = "nnn-vim";
            src = inputs.nnn-vim;
          };
-          coc-nvim = pkgs.vimUtils.buildVimPlugin {
-            name = "coc-nvim";
-            src = inputs.coc-nvim;
-          };
+          # coc-nvim = pkgs.vimUtils.buildVimPlugin {
+          #   name = "coc-nvim";
+          #   src = inputs.coc-nvim;
+          # };
          dart-vim = pkgs.vimUtils.buildVimPlugin {
            name = "dart-vim";
            src = inputs.dart-vim;
@ -62,11 +62,11 @@
          fzfWrapper
          vim-devicons
          toggleterm-nvim
-          undotree
-          vim-pandoc
-          vim-pandoc-syntax
-          ultisnips
-          coc-nvim
+          # undotree
+          # vim-pandoc
+          # vim-pandoc-syntax
+          #  ultisnips
+          # coc-nvim
          dart-vim
        ]);
    };
--- a/hosts/ds9/default.nix
+++ b/hosts/ds9/default.nix
@ -223,6 +223,7 @@ in
      ssh.enable = true;
      nginx.enable = true;
      jellyfin.enable = true;
+      photoprism.enable = true;
      tailscale.enable = true;
      tailscale.exitNode = true;
      tailscale.extraUpCommands = "--advertise-routes=10.0.0.0/16";
--- a/nixos-modules/services/monitoring.nix
+++ b/nixos-modules/services/monitoring.nix
@ -115,9 +115,19 @@ in
      # some global settings
      services.prometheus.exporters.node.enabledCollectors = [ "systemd" ];
      services.prometheus.exporters.dnsmasq.leasesPath = "/var/lib/dnsmasq/dnsmasq.leases";
+      systemd.services."prometheus-smartctl-exporter".serviceConfig.DeviceAllow = [ "* r" ];
      services.prometheus.exporters.smartctl.user = "root";
+      services.prometheus.exporters.smartctl.group = "root";
      services.prometheus.exporters.smokeping.hosts = [ "1.1.1.1" ];
-      services.nginx.statusPage = true;
+      services.prometheus.exporters.nginxlog.user = "nginx";
+      services.prometheus.exporters.nginxlog.group = "nginx";
+      services.prometheus.exporters.nginxlog.settings = {
+        namespaces = [ {
+          name = "nginx";
+          format = "$remote_addr - $remote_user [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\" \"$http_x_forwarded_for\"";
+          source.files = [ "/var/log/nginx/access.log" ];
+        }];
+      };
    }
    (mkIf (builtins.elem hostName cfg.promtail.hosts) {
      services.promtail = {
--- a/nixos-modules/services/photoprism.nix
+++ b/nixos-modules/services/photoprism.nix
@ -0,0 +1,44 @@
+{ config, lib, pkgs, ... }:
+with lib;
+with lib.my;
+let
+  cfg = config.ragon.services.photoprism;
+  domain = config.ragon.services.nginx.domain;
+in
+{
+  options.ragon.services.photoprism.enable = mkEnableOption "Enables the hedgedoc BitWarden Server";
+  options.ragon.services.photoprism.domainPrefix =
+    mkOption {
+      type = lib.types.str;
+      default = "photos";
+    };
+  options.ragon.services.photoprism.port =
+    mkOption {
+      type = lib.types.str;
+      default = "28452";
+    };
+  config = lib.mkIf cfg.enable {
+    virtualisation.oci-containers.containers.photoprism = {
+      ports = [ "127.0.0.1:${cfg.port}:2342" ];
+      image = "photoprism/photoprism:latest";
+      environmentFiles = [ config.age.secrets.photoprismEnv.path ];
+      workdir = "/photoprism"; # upstream says so
+      user = "1000:100";
+      volumes = [
+        "/data/pictures:/photoprism/originals"
+        "/data/applications/photoprismimport:/photoprism/import"
+        "/var/lib/photoprism:/photoprism/storage"
+      ];
+    };
+    ragon.agenix.secrets.photoprismEnv.owner = "root";
+    services.nginx.virtualHosts."${cfg.domainPrefix}.${domain}" = {
+      forceSSL = true;
+      useACMEHost = "${domain}";
+      locations."/".proxyWebsockets = true;
+      locations."/".proxyPass = "http://127.0.0.1:${cfg.port}";
+    };
+    ragon.persist.extraDirectories = [
+      "/var/lib/photoprism"
+    ];
+  };
+}
--- a/secrets/photoprismEnv.age
+++ b/secrets/photoprismEnv.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -10,6 +10,7 @@ in
  "ragonPasswd.age".publicKeys = pubkeys.ragon.computers;
  "tailscaleKey.age".publicKeys = pubkeys.ragon.computers;
  "paperlessAdminPW.age".publicKeys = pubkeys.ragon.host "ds9";
+  "photoprismEnv.age".publicKeys = pubkeys.ragon.host "ds9";
  "ds9OffsiteBackupSSH.age".publicKeys = pubkeys.ragon.host "ds9";
  "hedgedocSecret.age".publicKeys = pubkeys.ragon.host "picard";
  "gitlabInitialRootPassword.age".publicKeys = pubkeys.ragon.host "picard";