From 054b18e7638fa7fb7bcf53bdfa19167a4ab67e2a Mon Sep 17 00:00:00 2001
From: Philipp Hochkamp <git@phochkamp.de>
Date: Mon, 25 Jul 2022 10:15:56 +0200
Subject: [PATCH] many many new things

---
 data/monitoring.toml                  |  33 +++++++------
 flake.lock                            |  66 +++++++++++++-------------
 hm-imports/nvim/default.nix           |  34 ++++++-------
 hosts/ds9/default.nix                 |   1 +
 nixos-modules/services/monitoring.nix |  12 ++++-
 nixos-modules/services/photoprism.nix |  44 +++++++++++++++++
 secrets/photoprismEnv.age             | Bin 0 -> 1465 bytes
 secrets/secrets.nix                   |   1 +
 8 files changed, 125 insertions(+), 66 deletions(-)
 create mode 100644 nixos-modules/services/photoprism.nix
 create mode 100644 secrets/photoprismEnv.age

diff --git a/data/monitoring.toml b/data/monitoring.toml
index 3582a369..c2b5394c 100644
--- a/data/monitoring.toml
+++ b/data/monitoring.toml
@@ -1,31 +1,34 @@
 [master]
 hostname = "ds9"
-ip = "10.0.0.2"
+ip = "100.83.96.25" # tailscale
 
 [hostOverrides]
 wormhole = "10.0.0.1"
 picard = "ragon.xyz"
 
-[exporters.nginx]
-hosts = [
-  "ds9",
-  "wormhole"
-]
+#[exporters.nginx]
+#hosts = [
+#  "ds9",
+#  "wormhole"
+#]
 
 [exporters.node]
-hosts = [ "ds9", "wormhole" ]
+hosts = [ "ds9", "picard" ]
 
 [exporters.smartctl]
 hosts = [ "ds9" ]
 
-[exporters.dnsmasq]
-hosts = [ "wormhole" ]
+# [exporters.dnsmasq]
+# hosts = [ "wormhole" ]
+# 
+# [exporters.wireguard]
+# hosts = [ "wormhole"]
+# 
+# [exporters.smokeping]
+# hosts = [ "wormhole"]
 
-[exporters.wireguard]
-hosts = [ "wormhole"]
-
-[exporters.smokeping]
-hosts = [ "wormhole"]
+[exporters.nginxlog]
+hosts = [ "picard", "ds9" ]
 
 [promtail]
-hosts = [ "wormhole", "ds9" ]
+hosts = [ "picard", "ds9" ]
diff --git a/flake.lock b/flake.lock
index 3380362c..8bd1f314 100644
--- a/flake.lock
+++ b/flake.lock
@@ -40,11 +40,11 @@
     "coc-nvim": {
       "flake": false,
       "locked": {
-        "lastModified": 1655204674,
-        "narHash": "sha256-bsrCvgQqIA4jD62PIcLwYdcBM+YLLKLI/x2H5c/bR50=",
+        "lastModified": 1659818816,
+        "narHash": "sha256-HnlyhYTHgbtiKLLiNaPfzyhfKCTm4IFEErEZo+CkKxs=",
         "owner": "neoclide",
         "repo": "coc.nvim",
-        "rev": "87e5dd692ec8ed7be25b15449fd0ab15a48bfb30",
+        "rev": "cf651a31736fc36c441bf307d2babff78280dd59",
         "type": "github"
       },
       "original": {
@@ -98,11 +98,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1658637786,
-        "narHash": "sha256-8FtSpwj6k559s6pujsXM1o7pqrEk4TFAEGLZ4a59zLI=",
+        "lastModified": 1659983351,
+        "narHash": "sha256-FsTn0f0t2B7AKAtCDOYd34ztKa+XOUtzRa4FtO8HgDw=",
         "owner": "nix-community",
         "repo": "emacs-overlay",
-        "rev": "920e88c44073e2a5394d2731c1cac265c6cbf2dd",
+        "rev": "a3770a9a619f508a0828df30cb10858663d4538b",
         "type": "github"
       },
       "original": {
@@ -113,11 +113,11 @@
     },
     "flake-utils": {
       "locked": {
-        "lastModified": 1656928814,
-        "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
         "type": "github"
       },
       "original": {
@@ -134,11 +134,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1658582894,
-        "narHash": "sha256-6iR8KSePwH9O2mClhu2RvDO/Gu5ISqNSB6t4YS/poaA=",
+        "lastModified": 1659978484,
+        "narHash": "sha256-VkErPc8pXcuFQG7jkkaUOEMORe81oweRNlAYZJ2+aRI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "d86c189158cb345e351190e362672a8485a52117",
+        "rev": "c1addfdad3825f75a66f8d73ec7d2f68c78ba6f8",
         "type": "github"
       },
       "original": {
@@ -185,11 +185,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1658401027,
-        "narHash": "sha256-z/sDfzsFOoWNO9nZGfxDCNjHqXvSVZLDBDSgzr9qDXE=",
+        "lastModified": 1659356074,
+        "narHash": "sha256-UwV6hZZEtchvtiTCCD/ODEv1226eam8kEgEyQb7xB0E=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "83009edccc2e24afe3d0165ed98b60ff7471a5f8",
+        "rev": "ea3efc80f8ab83cb73aec39f4e76fe87afb15a08",
         "type": "github"
       },
       "original": {
@@ -201,11 +201,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1658609390,
-        "narHash": "sha256-hMXHtPRNIeAYkBzZ66g+4Tryac/NNbpZvPwd5jvMftw=",
+        "lastModified": 1659987637,
+        "narHash": "sha256-8l+5QiCkackVPu/F3vX7RCKHyYKxEsq/TKMuaG6UX5k=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f4a4245e55660d0a590c17bab40ed08a1d010787",
+        "rev": "a47896bf817e7324471e687fc2bb2312fff682ce",
         "type": "github"
       },
       "original": {
@@ -215,11 +215,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1658648081,
-        "narHash": "sha256-RL5nr4Xhp0zQeEGG/I3t3FmqaI9QrBg5PH31NF+7A/A=",
+        "lastModified": 1660000355,
+        "narHash": "sha256-ht+tJwtceMYgiCs/OUkxXyV3veBJ1vfCRVwgWh7a/8A=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e494a908e8895b9cba18e21d5fc83362f64b3f6a",
+        "rev": "c4e832986f335abf8665788f4d56375d93ac8f33",
         "type": "github"
       },
       "original": {
@@ -231,11 +231,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1658557357,
-        "narHash": "sha256-0gqNef6skYQKJSS2vLojxrXOrc72zoX5VTDKUqEo6Gk=",
+        "lastModified": 1659889440,
+        "narHash": "sha256-O8+FsHZzQIqjQjuh+VXbJtGrpPswm5ta2Z/eo72Lz2U=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "42ca9bef09e780eabe84328dd1b730cef978f098",
+        "rev": "4bdf4169ad2896236895ca607a843f30c9680345",
         "type": "github"
       },
       "original": {
@@ -286,11 +286,11 @@
         "utils": "utils_2"
       },
       "locked": {
-        "lastModified": 1658492037,
-        "narHash": "sha256-i4TL1Tb/q7Y+Jk5JWk6FRWWei6yH0WtYVTnmmAr9B0c=",
+        "lastModified": 1658963292,
+        "narHash": "sha256-4OIpATLdPQvryyhRQPELeqNYC0n6PCyjD6LCPdwOztc=",
         "owner": "nix-community",
         "repo": "rnix-lsp",
-        "rev": "e6a41cbd317a21763ba61a19e594a3e1bf1023ca",
+        "rev": "ff18e04551a39ccdab0ff9c83926db3807b23478",
         "type": "github"
       },
       "original": {
@@ -354,11 +354,11 @@
     },
     "utils_3": {
       "locked": {
-        "lastModified": 1656928814,
-        "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+        "lastModified": 1659877975,
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
         "type": "github"
       },
       "original": {
@@ -390,11 +390,11 @@
     "zsh-completions": {
       "flake": false,
       "locked": {
-        "lastModified": 1658238578,
-        "narHash": "sha256-bw3Fm/OOhHqrT7rAJtLAdFp3FV+9tDrK7+32HwYYpvU=",
+        "lastModified": 1659881821,
+        "narHash": "sha256-Pa5Dm13j2yvGrNGSsIv6JHn2UkePRrRp/Im933MaYzs=",
         "owner": "zsh-users",
         "repo": "zsh-completions",
-        "rev": "11258bcd48521b5bc7b683104bb0f5cb9375edee",
+        "rev": "b5ba0051dcc849cc27be7faf766f5806d99f7884",
         "type": "github"
       },
       "original": {
diff --git a/hm-imports/nvim/default.nix b/hm-imports/nvim/default.nix
index 1a99ff39..446a0a02 100644
--- a/hm-imports/nvim/default.nix
+++ b/hm-imports/nvim/default.nix
@@ -2,14 +2,14 @@
 {
   home.packages = with pkgs;[
     python3 # ultisnips
-    lazygit
-    nodejs
-    inputs.rnix-lsp.packages."${pkgs.system}".rnix-lsp
-    shfmt
-    shellcheck
-    vim-vint
-    nodePackages.write-good
-    ctags
+    #lazygit
+    #nodejs
+    #inputs.rnix-lsp.packages."${pkgs.system}".rnix-lsp
+    #shfmt
+    #shellcheck
+    #vim-vint
+    #nodePackages.write-good
+    #ctags
   ];
   home.file.".config/nvim".source = ./config;
   home.file.".config/nvim".recursive = true;
@@ -32,10 +32,10 @@
             name = "nnn-vim";
             src = inputs.nnn-vim;
           };
-          coc-nvim = pkgs.vimUtils.buildVimPlugin {
-            name = "coc-nvim";
-            src = inputs.coc-nvim;
-          };
+          # coc-nvim = pkgs.vimUtils.buildVimPlugin {
+          #   name = "coc-nvim";
+          #   src = inputs.coc-nvim;
+          # };
           dart-vim = pkgs.vimUtils.buildVimPlugin {
             name = "dart-vim";
             src = inputs.dart-vim;
@@ -62,11 +62,11 @@
           fzfWrapper
           vim-devicons
           toggleterm-nvim
-          undotree
-          vim-pandoc
-          vim-pandoc-syntax
-          ultisnips
-          coc-nvim
+          # undotree
+          # vim-pandoc
+          # vim-pandoc-syntax
+          #  ultisnips
+          # coc-nvim
           dart-vim
         ]);
     };
diff --git a/hosts/ds9/default.nix b/hosts/ds9/default.nix
index 3ef293b1..118ef4ef 100644
--- a/hosts/ds9/default.nix
+++ b/hosts/ds9/default.nix
@@ -223,6 +223,7 @@ in
       ssh.enable = true;
       nginx.enable = true;
       jellyfin.enable = true;
+      photoprism.enable = true;
       tailscale.enable = true;
       tailscale.exitNode = true;
       tailscale.extraUpCommands = "--advertise-routes=10.0.0.0/16";
diff --git a/nixos-modules/services/monitoring.nix b/nixos-modules/services/monitoring.nix
index 289e0765..d0b24dee 100644
--- a/nixos-modules/services/monitoring.nix
+++ b/nixos-modules/services/monitoring.nix
@@ -115,9 +115,19 @@ in
       # some global settings
       services.prometheus.exporters.node.enabledCollectors = [ "systemd" ];
       services.prometheus.exporters.dnsmasq.leasesPath = "/var/lib/dnsmasq/dnsmasq.leases";
+      systemd.services."prometheus-smartctl-exporter".serviceConfig.DeviceAllow = [ "* r" ];
       services.prometheus.exporters.smartctl.user = "root";
+      services.prometheus.exporters.smartctl.group = "root";
       services.prometheus.exporters.smokeping.hosts = [ "1.1.1.1" ];
-      services.nginx.statusPage = true;
+      services.prometheus.exporters.nginxlog.user = "nginx";
+      services.prometheus.exporters.nginxlog.group = "nginx";
+      services.prometheus.exporters.nginxlog.settings = {
+        namespaces = [ {
+          name = "nginx";
+          format = "$remote_addr - $remote_user [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\" \"$http_x_forwarded_for\"";
+          source.files = [ "/var/log/nginx/access.log" ];
+        }];
+      };
     }
     (mkIf (builtins.elem hostName cfg.promtail.hosts) {
       services.promtail = {
diff --git a/nixos-modules/services/photoprism.nix b/nixos-modules/services/photoprism.nix
new file mode 100644
index 00000000..614c63fd
--- /dev/null
+++ b/nixos-modules/services/photoprism.nix
@@ -0,0 +1,44 @@
+{ config, lib, pkgs, ... }:
+with lib;
+with lib.my;
+let
+  cfg = config.ragon.services.photoprism;
+  domain = config.ragon.services.nginx.domain;
+in
+{
+  options.ragon.services.photoprism.enable = mkEnableOption "Enables the hedgedoc BitWarden Server";
+  options.ragon.services.photoprism.domainPrefix =
+    mkOption {
+      type = lib.types.str;
+      default = "photos";
+    };
+  options.ragon.services.photoprism.port =
+    mkOption {
+      type = lib.types.str;
+      default = "28452";
+    };
+  config = lib.mkIf cfg.enable {
+    virtualisation.oci-containers.containers.photoprism = {
+      ports = [ "127.0.0.1:${cfg.port}:2342" ];
+      image = "photoprism/photoprism:latest";
+      environmentFiles = [ config.age.secrets.photoprismEnv.path ];
+      workdir = "/photoprism"; # upstream says so
+      user = "1000:100";
+      volumes = [
+        "/data/pictures:/photoprism/originals"
+        "/data/applications/photoprismimport:/photoprism/import"
+        "/var/lib/photoprism:/photoprism/storage"
+      ];
+    };
+    ragon.agenix.secrets.photoprismEnv.owner = "root";
+    services.nginx.virtualHosts."${cfg.domainPrefix}.${domain}" = {
+      forceSSL = true;
+      useACMEHost = "${domain}";
+      locations."/".proxyWebsockets = true;
+      locations."/".proxyPass = "http://127.0.0.1:${cfg.port}";
+    };
+    ragon.persist.extraDirectories = [
+      "/var/lib/photoprism"
+    ];
+  };
+}
diff --git a/secrets/photoprismEnv.age b/secrets/photoprismEnv.age
new file mode 100644
index 0000000000000000000000000000000000000000..7bab35d8442bcb279713a0e863c44f5a4abff363
GIT binary patch
literal 1465
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlOp2&TD_8Ig@lMkY
z$;&J=HPcV=D{?DL^3K*SD{zWPbu<jONUx|WFG&u|&q=ckO6JNnit;kg$jvu23`{Z$
zi!_VybxR7$c8(~wj3}$rHa9Bqa`j3xtH_Rs3`DoBG~FXSyj;N}MBgbpEH61M!n{1(
zG&3bIF{(7cBh013F)Gr<Kh)K;C?dVkIWNP!vY5-Kz}>$vydc*<P~XKUBebl<BDBP(
zGO^OprLs8FOgkzkBp}$Spv1qlEE(Ol&``^uU`K@#zcR0IFGCmeit@l<PjA;q(?VZY
z!%RQF^i;3Pq$Ia2<I?=7stSJ}V@EF2vh+O5ymX&}G6Q`V{eonFW1nDcGbba*h$^!{
zL(57Nv$EvG5PwTEOGk9uDhqRsO&t~dvU9xhvO;~+gG?%m%(9Zw+|t6rl5zq}QnC#L
z5={-W+;h?`T?~``vqQNeLW<M!4Fb#EOC9|a9gW?K{mjhM6TQrwBa#B5a@{>Dy!~?n
z{d3%$g33X*d0Y5}>82N@CKjhEs7EQ(m20{Mx+s_`spXg?Wh)pcm1)&#xJPqUR7F&U
zYNzX$XP7yfW(S#B<V2VR`WktfIfn;i`FXgeRA!l%MtVmDmWAj$RRk23hb30%Tb5<H
zdxw;U1!VYgg*bY;lo*8sSSID=I=Te-XZU6r26?BHgr<2q8XNl;6eTD7CAqp8q=u(+
z>FVk#ghy0Zq`O&$IhBSMWfcb(nfZn37nZvR8&!H+rg`Lt<|hSvB$kAEM+6pgu^sJC
zm-#KC^J?mznVganwIiOC_Fw4DjFkAY=3D#{kE#}hg7dXIPv^F1bZQ72u6^)?ao!4T
zwdVa*b=xcRo*euc^~j}qt<_?m`(bJRyjs1&Iw^-m-d%kDxg)D4+iQ~TIu_Ol=e)K4
z@#%+O*Id1^%;3AStkFX5n8I5U>Y0tJJWp?(cOy|VXG>Gaf}&Fwf94i=Ul&S>iqtAo
z6wc$^dVki#gi@I^r?+1gIoSD6v?ud%Q@i(Co`dbDWG`K>li%Yf_UuF8`Ph}4j_((n
zv#~}Y;ivE&#@HpdIN4Jc+<0&)H|AeGFZ<4>^qhB+^D2)otGXfG7ddmu+|SiBEV#0M
zxx@*docB%RN<yJu|9fZ2<bt=y9((N<s^XlbyKiEkN1ndN1)1umwVxI)Sf#^R7OOe?
z(Js%8(VdHqH%x7iJ^3hSna<4o=k8^~PTMkCvR{9E{HW{0nTgDrb#9Y?1RXT%^p3c5
zqbKX%1mlChzkNPfd!fC<CT0fXPlH(VZB6gQ3O6$*{FXjhFlVadTU*c8Eo>jwD<9fy
z@qK;M;-aKuZzqOdvB;SCVu_~w?n5tTXXO>#W}EfXJnh)qTNxW!Ym8hS%Is}TRbsa(
znr>M3#L1N9#Pf2Yn)6YKlcv0W@c62b*|PYmWmgm!okZDJuDWFNXxZw#T?r+xayjm3
zyg9Uq<G3!{n~PDQ{eM4x{&w7nsqm@hR6Dtca=dMBC+hro_H)L+-rl_>R(Q?X-JC8<
zCFR1LoF<&>oBsP$gXXMfSNcU%HcjVyw)6Q%wF*67P6n=|n#bpOZ&tKE_c(Fc(CyGO
zA?KrQYN8(byTwj^o5m@2JMHs?gyQ*i4L*rE@jF*9w{&DN^W0+=>>E9+MR?O{o3n@S
zymrzy<NHwmIB_Z4205RC#Gq{%L7~x4bz2V|P(C~7#{78;Vw`SR-#haCg~f$+>>LIY
zQhr}sp87oYqqshUgVCx~lQ#x4K6$K(6qD76JgOG9wC~Qg?x3xaQ-rb(E3p5HIu>el
zRy8nr@hdN5^X83_9q$#lov3RT`DT{Tvuzdk<-!jEuE7_Q*8F}V!1u2+t*D$kTlI?}
PM^1;kl-f+joBiJazH(ul

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 0e2b541b..88738dba 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -10,6 +10,7 @@ in
   "ragonPasswd.age".publicKeys = pubkeys.ragon.computers;
   "tailscaleKey.age".publicKeys = pubkeys.ragon.computers;
   "paperlessAdminPW.age".publicKeys = pubkeys.ragon.host "ds9";
+  "photoprismEnv.age".publicKeys = pubkeys.ragon.host "ds9";
   "ds9OffsiteBackupSSH.age".publicKeys = pubkeys.ragon.host "ds9";
   "hedgedocSecret.age".publicKeys = pubkeys.ragon.host "picard";
   "gitlabInitialRootPassword.age".publicKeys = pubkeys.ragon.host "picard";