many many new things

data/monitoring.toml

@@ -1,31 +1,34 @@
 [master]
 hostname = "ds9"
-ip = "10.0.0.2"
+ip = "100.83.96.25" # tailscale
 
 [hostOverrides]
 wormhole = "10.0.0.1"
 picard = "ragon.xyz"
 
-[exporters.nginx]
+#[exporters.nginx]
-hosts = [
+#hosts = [
-  "ds9",
+#  "ds9",
-  "wormhole"
+#  "wormhole"
-]
+#]
 
 [exporters.node]
-hosts = [ "ds9", "wormhole" ]
+hosts = [ "ds9", "picard" ]
 
 [exporters.smartctl]
 hosts = [ "ds9" ]
 
-[exporters.dnsmasq]
+# [exporters.dnsmasq]
-hosts = [ "wormhole" ]
+# hosts = [ "wormhole" ]
+# 
+# [exporters.wireguard]
+# hosts = [ "wormhole"]
+# 
+# [exporters.smokeping]
+# hosts = [ "wormhole"]
 
-[exporters.wireguard]
+[exporters.nginxlog]
-hosts = [ "wormhole"]
+hosts = [ "picard", "ds9" ]
-
-[exporters.smokeping]
-hosts = [ "wormhole"]
 
 [promtail]
-hosts = [ "wormhole", "ds9" ]
+hosts = [ "picard", "ds9" ]

flake.lock

@@ -40,11 +40,11 @@
     "coc-nvim": {
       "flake": false,
       "locked": {
-        "lastModified": 1655204674,
+        "lastModified": 1659818816,
-        "narHash": "sha256-bsrCvgQqIA4jD62PIcLwYdcBM+YLLKLI/x2H5c/bR50=",
+        "narHash": "sha256-HnlyhYTHgbtiKLLiNaPfzyhfKCTm4IFEErEZo+CkKxs=",
         "owner": "neoclide",
         "repo": "coc.nvim",
-        "rev": "87e5dd692ec8ed7be25b15449fd0ab15a48bfb30",
+        "rev": "cf651a31736fc36c441bf307d2babff78280dd59",
         "type": "github"
       },
       "original": {
@@ -98,11 +98,11 @@
         "nixpkgs": "nixpkgs"
       },
       "locked": {
-        "lastModified": 1658637786,
+        "lastModified": 1659983351,
-        "narHash": "sha256-8FtSpwj6k559s6pujsXM1o7pqrEk4TFAEGLZ4a59zLI=",
+        "narHash": "sha256-FsTn0f0t2B7AKAtCDOYd34ztKa+XOUtzRa4FtO8HgDw=",
         "owner": "nix-community",
         "repo": "emacs-overlay",
-        "rev": "920e88c44073e2a5394d2731c1cac265c6cbf2dd",
+        "rev": "a3770a9a619f508a0828df30cb10858663d4538b",
         "type": "github"
       },
       "original": {
@@ -113,11 +113,11 @@
     },
     "flake-utils": {
       "locked": {
-        "lastModified": 1656928814,
+        "lastModified": 1659877975,
-        "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
         "type": "github"
       },
       "original": {
@@ -134,11 +134,11 @@
         "utils": "utils"
       },
       "locked": {
-        "lastModified": 1658582894,
+        "lastModified": 1659978484,
-        "narHash": "sha256-6iR8KSePwH9O2mClhu2RvDO/Gu5ISqNSB6t4YS/poaA=",
+        "narHash": "sha256-VkErPc8pXcuFQG7jkkaUOEMORe81oweRNlAYZJ2+aRI=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "d86c189158cb345e351190e362672a8485a52117",
+        "rev": "c1addfdad3825f75a66f8d73ec7d2f68c78ba6f8",
         "type": "github"
       },
       "original": {
@@ -185,11 +185,11 @@
     },
     "nixos-hardware": {
       "locked": {
-        "lastModified": 1658401027,
+        "lastModified": 1659356074,
-        "narHash": "sha256-z/sDfzsFOoWNO9nZGfxDCNjHqXvSVZLDBDSgzr9qDXE=",
+        "narHash": "sha256-UwV6hZZEtchvtiTCCD/ODEv1226eam8kEgEyQb7xB0E=",
         "owner": "NixOS",
         "repo": "nixos-hardware",
-        "rev": "83009edccc2e24afe3d0165ed98b60ff7471a5f8",
+        "rev": "ea3efc80f8ab83cb73aec39f4e76fe87afb15a08",
         "type": "github"
       },
       "original": {
@@ -201,11 +201,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1658609390,
+        "lastModified": 1659987637,
-        "narHash": "sha256-hMXHtPRNIeAYkBzZ66g+4Tryac/NNbpZvPwd5jvMftw=",
+        "narHash": "sha256-8l+5QiCkackVPu/F3vX7RCKHyYKxEsq/TKMuaG6UX5k=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "f4a4245e55660d0a590c17bab40ed08a1d010787",
+        "rev": "a47896bf817e7324471e687fc2bb2312fff682ce",
         "type": "github"
       },
       "original": {
@@ -215,11 +215,11 @@
     },
     "nixpkgs-master": {
       "locked": {
-        "lastModified": 1658648081,
+        "lastModified": 1660000355,
-        "narHash": "sha256-RL5nr4Xhp0zQeEGG/I3t3FmqaI9QrBg5PH31NF+7A/A=",
+        "narHash": "sha256-ht+tJwtceMYgiCs/OUkxXyV3veBJ1vfCRVwgWh7a/8A=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "e494a908e8895b9cba18e21d5fc83362f64b3f6a",
+        "rev": "c4e832986f335abf8665788f4d56375d93ac8f33",
         "type": "github"
       },
       "original": {
@@ -231,11 +231,11 @@
     },
     "nixpkgs_2": {
       "locked": {
-        "lastModified": 1658557357,
+        "lastModified": 1659889440,
-        "narHash": "sha256-0gqNef6skYQKJSS2vLojxrXOrc72zoX5VTDKUqEo6Gk=",
+        "narHash": "sha256-O8+FsHZzQIqjQjuh+VXbJtGrpPswm5ta2Z/eo72Lz2U=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "42ca9bef09e780eabe84328dd1b730cef978f098",
+        "rev": "4bdf4169ad2896236895ca607a843f30c9680345",
         "type": "github"
       },
       "original": {
@@ -286,11 +286,11 @@
         "utils": "utils_2"
       },
       "locked": {
-        "lastModified": 1658492037,
+        "lastModified": 1658963292,
-        "narHash": "sha256-i4TL1Tb/q7Y+Jk5JWk6FRWWei6yH0WtYVTnmmAr9B0c=",
+        "narHash": "sha256-4OIpATLdPQvryyhRQPELeqNYC0n6PCyjD6LCPdwOztc=",
         "owner": "nix-community",
         "repo": "rnix-lsp",
-        "rev": "e6a41cbd317a21763ba61a19e594a3e1bf1023ca",
+        "rev": "ff18e04551a39ccdab0ff9c83926db3807b23478",
         "type": "github"
       },
       "original": {
@@ -354,11 +354,11 @@
     },
     "utils_3": {
       "locked": {
-        "lastModified": 1656928814,
+        "lastModified": 1659877975,
-        "narHash": "sha256-RIFfgBuKz6Hp89yRr7+NR5tzIAbn52h8vT6vXkYjZoM=",
+        "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=",
         "owner": "numtide",
         "repo": "flake-utils",
-        "rev": "7e2a3b3dfd9af950a856d66b0a7d01e3c18aa249",
+        "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0",
         "type": "github"
       },
       "original": {
@@ -390,11 +390,11 @@
     "zsh-completions": {
       "flake": false,
       "locked": {
-        "lastModified": 1658238578,
+        "lastModified": 1659881821,
-        "narHash": "sha256-bw3Fm/OOhHqrT7rAJtLAdFp3FV+9tDrK7+32HwYYpvU=",
+        "narHash": "sha256-Pa5Dm13j2yvGrNGSsIv6JHn2UkePRrRp/Im933MaYzs=",
         "owner": "zsh-users",
         "repo": "zsh-completions",
-        "rev": "11258bcd48521b5bc7b683104bb0f5cb9375edee",
+        "rev": "b5ba0051dcc849cc27be7faf766f5806d99f7884",
         "type": "github"
       },
       "original": {

hm-imports/nvim/default.nix

@@ -2,14 +2,14 @@
 {
   home.packages = with pkgs;[
     python3 # ultisnips
-    lazygit
+    #lazygit
-    nodejs
+    #nodejs
-    inputs.rnix-lsp.packages."${pkgs.system}".rnix-lsp
+    #inputs.rnix-lsp.packages."${pkgs.system}".rnix-lsp
-    shfmt
+    #shfmt
-    shellcheck
+    #shellcheck
-    vim-vint
+    #vim-vint
-    nodePackages.write-good
+    #nodePackages.write-good
-    ctags
+    #ctags
   ];
   home.file.".config/nvim".source = ./config;
   home.file.".config/nvim".recursive = true;
@@ -32,10 +32,10 @@
             name = "nnn-vim";
             src = inputs.nnn-vim;
           };
-          coc-nvim = pkgs.vimUtils.buildVimPlugin {
+          # coc-nvim = pkgs.vimUtils.buildVimPlugin {
-            name = "coc-nvim";
+          #   name = "coc-nvim";
-            src = inputs.coc-nvim;
+          #   src = inputs.coc-nvim;
-          };
+          # };
           dart-vim = pkgs.vimUtils.buildVimPlugin {
             name = "dart-vim";
             src = inputs.dart-vim;
@@ -62,11 +62,11 @@
           fzfWrapper
           vim-devicons
           toggleterm-nvim
-          undotree
+          # undotree
-          vim-pandoc
+          # vim-pandoc
-          vim-pandoc-syntax
+          # vim-pandoc-syntax
-          ultisnips
+          #  ultisnips
-          coc-nvim
+          # coc-nvim
           dart-vim
         ]);
     };

hosts/ds9/default.nix

@@ -223,6 +223,7 @@ in
       ssh.enable = true;
       nginx.enable = true;
       jellyfin.enable = true;
+      photoprism.enable = true;
       tailscale.enable = true;
       tailscale.exitNode = true;
       tailscale.extraUpCommands = "--advertise-routes=10.0.0.0/16";

nixos-modules/services/monitoring.nix

@@ -115,9 +115,19 @@ in
       # some global settings
       services.prometheus.exporters.node.enabledCollectors = [ "systemd" ];
       services.prometheus.exporters.dnsmasq.leasesPath = "/var/lib/dnsmasq/dnsmasq.leases";
+      systemd.services."prometheus-smartctl-exporter".serviceConfig.DeviceAllow = [ "* r" ];
       services.prometheus.exporters.smartctl.user = "root";
+      services.prometheus.exporters.smartctl.group = "root";
       services.prometheus.exporters.smokeping.hosts = [ "1.1.1.1" ];
-      services.nginx.statusPage = true;
+      services.prometheus.exporters.nginxlog.user = "nginx";
+      services.prometheus.exporters.nginxlog.group = "nginx";
+      services.prometheus.exporters.nginxlog.settings = {
+        namespaces = [ {
+          name = "nginx";
+          format = "$remote_addr - $remote_user [$time_local] \"$request\" $status $body_bytes_sent \"$http_referer\" \"$http_user_agent\" \"$http_x_forwarded_for\"";
+          source.files = [ "/var/log/nginx/access.log" ];
+        }];
+      };
     }
     (mkIf (builtins.elem hostName cfg.promtail.hosts) {
       services.promtail = {

nixos-modules/services/photoprism.nix

@@ -0,0 +1,44 @@
+{ config, lib, pkgs, ... }:
+with lib;
+with lib.my;
+let
+  cfg = config.ragon.services.photoprism;
+  domain = config.ragon.services.nginx.domain;
+in
+{
+  options.ragon.services.photoprism.enable = mkEnableOption "Enables the hedgedoc BitWarden Server";
+  options.ragon.services.photoprism.domainPrefix =
+    mkOption {
+      type = lib.types.str;
+      default = "photos";
+    };
+  options.ragon.services.photoprism.port =
+    mkOption {
+      type = lib.types.str;
+      default = "28452";
+    };
+  config = lib.mkIf cfg.enable {
+    virtualisation.oci-containers.containers.photoprism = {
+      ports = [ "127.0.0.1:${cfg.port}:2342" ];
+      image = "photoprism/photoprism:latest";
+      environmentFiles = [ config.age.secrets.photoprismEnv.path ];
+      workdir = "/photoprism"; # upstream says so
+      user = "1000:100";
+      volumes = [
+        "/data/pictures:/photoprism/originals"
+        "/data/applications/photoprismimport:/photoprism/import"
+        "/var/lib/photoprism:/photoprism/storage"
+      ];
+    };
+    ragon.agenix.secrets.photoprismEnv.owner = "root";
+    services.nginx.virtualHosts."${cfg.domainPrefix}.${domain}" = {
+      forceSSL = true;
+      useACMEHost = "${domain}";
+      locations."/".proxyWebsockets = true;
+      locations."/".proxyPass = "http://127.0.0.1:${cfg.port}";
+    };
+    ragon.persist.extraDirectories = [
+      "/var/lib/photoprism"
+    ];
+  };
+}

secrets/secrets.nix

@@ -10,6 +10,7 @@ in
   "ragonPasswd.age".publicKeys = pubkeys.ragon.computers;
   "tailscaleKey.age".publicKeys = pubkeys.ragon.computers;
   "paperlessAdminPW.age".publicKeys = pubkeys.ragon.host "ds9";
+  "photoprismEnv.age".publicKeys = pubkeys.ragon.host "ds9";
   "ds9OffsiteBackupSSH.age".publicKeys = pubkeys.ragon.host "ds9";
   "hedgedocSecret.age".publicKeys = pubkeys.ragon.host "picard";
   "gitlabInitialRootPassword.age".publicKeys = pubkeys.ragon.host "picard";