From 11028080bb255eb1ec78999312574890d724bb12 Mon Sep 17 00:00:00 2001 From: blake Date: Sat, 11 Oct 2025 15:27:52 -0500 Subject: [PATCH] 299 current 2025-10-11 14:41:20 25.05.20251006.20c4598 6.12.50 * --- .../services/glance/default.nix.WORKING | 230 ++++++++++++++++++ .../services/glance/default.nix.hardswing | 230 ++++++++++++++++++ 2 files changed, 460 insertions(+) create mode 100644 modules/homelab/services/glance/default.nix.WORKING create mode 100644 modules/homelab/services/glance/default.nix.hardswing diff --git a/modules/homelab/services/glance/default.nix.WORKING b/modules/homelab/services/glance/default.nix.WORKING new file mode 100644 index 0000000..30ce449 --- /dev/null +++ b/modules/homelab/services/glance/default.nix.WORKING @@ -0,0 +1,230 @@ +{ pkgs, config, lib, ... }: + +let + service = "glance"; + cfg = config.modules.services.${service}; + sec = config.sops.secrets; + homelab = config.modules.homelab; +in +{ + options.modules.services.${service} = { + enable = lib.mkEnableOption "enables ${service}"; + + # set port options + port = lib.mkOption { + type = lib.types.int; + default = 7700; + description = "set port for ${service} (default: ${toString cfg.port}"; + }; + url = lib.mkOption { + type = lib.types.str; + default = "${homelab.base_domain}"; + description = "set domain for ${service}"; + }; + data_dir = lib.mkOption { + type = lib.types.str; + default = "/var/lib/${service}"; + description = "set data directory for ${service}"; + }; + ids = lib.mkOption { + type = lib.types.int; + default = cfg.port; + description = "set uid and pid of ${service} user (matches port by default)"; + }; + backup = lib.mkOption { + type = lib.types.bool; + default = true; + description = "enable backups for ${service}"; + }; + pages = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule { + options.description = lib.mkOption { type = lib.types.str; }; + options.url = lib.mkOption { type = lib.types.str; }; + options.icon = lib.mkOption { type = lib.types.str; }; + options.category = lib.mkOption { type = lib.types.str; }; + }); + default = {}; + description = "configure the service for use in ${service}"; + }; + }; + + config = lib.mkIf cfg.enable { + + # declare ${service} group + users.groups.${service} = { gid = lib.mkForce cfg.ids; }; + + # declare ${service} user + users.users.${service} = { + description = "${service} server user"; + uid = lib.mkForce cfg.ids; + isSystemUser = true; + home = cfg.data_dir; + createHome = true; + group = "${service}"; + extraGroups = []; + }; + + services.${service} = { + enable = true; + openFirewall = true; + settings = { + server = { + host = "0.0.0.0"; + port = cfg.port; + }; + pages = [ + { + name = "violet"; + hide-desktop-navigation = true; + columns = [ + { + size = "small"; + widgets = [ + { type = "calendar"; first-day-of-week = "monday"; } + { type = "server-stats"; servers = [ { type = "local"; name = "violet"; } ]; } + { + type = "clock"; + hour-format = "24h"; + timezones = [ + { timezone = "America/Chicago"; label = "HTX"; } + { timezone = "America/Denver"; label = "AF"; } + ]; + } + { type = "twitch-channels"; channels = [ "mang0" "SaltSSBM" "thewaffle77" "ironmouse" "linustech" ]; } + ]; + } + { + size = "full"; + widgets = [ + { + type = "search"; + autofocus = true; + search-engine = "https://www.ecosia.org/search?q={QUERY}"; + new-tab = true; + bangs = [ + { title = "YouTube"; shortcut = "!y"; url = "https://www.youtube.com/results?search_query={QUERY}"; } + { title = "Google"; shortcut = "!g"; url = "https://www.google.com/search?q={QUERY}"; } + { title = "Github"; shortcut = "!gh"; url = "https://github.com/search?q={QUERY}&type=repositories"; } + ]; + } + { + type = "monitor"; + cache = "1m"; + title = "mediastack"; + sites = [ + { title = "jellyfin"; url = "https://media.blakedheld.xyz"; icon = "di:jellyfin"; } + { title = "audiobookshelf"; url = "https://audiobooks.blakedheld.xyz"; icon = "di:audiobookshelf"; } + { title = "yacreader"; url = "http://10.10.0.30:3434"; icon = "/assets/icons/yacreader.png"; } + { title = "sonarr"; url = "http://10.10.0.30:3636"; icon = "di:sonarr"; } + { title = "qbittorrent"; url = "http://10.10.0.40:3333"; icon = "di:qbittorrent"; } + { title = "radarr"; url = "http://10.10.0.30:3737"; icon = "di:radarr"; } + { title = "kiwix"; url = "http://10.10.0.30:5050"; icon = "di:kiwix"; } + { title = "prowlarr"; url = "http://10.10.0.30:3535"; icon = "di:prowlarr"; } + { title = "bazarr"; url = "http://10.10.0.30:3838"; icon = "di:bazarr"; } + ]; + } + { + type = "monitor"; + cache = "1m"; + title = "services"; + sites = [ + { title = "immich"; url = "https://pics.blakedheld.xyz"; icon = "di:immich"; } + { title = "vaultwarden"; url = "https://pass.blakedheld.xyz"; icon = "di:vaultwarden"; } + { title = "gitea"; url = "https://git.blakedheld.xyz"; icon = "di:gitea"; } + { title = "home assistant"; url = "https://home.blakedheld.xyz"; icon = "di:home-assistant"; } + { title = "zigbee2mqtt"; url = "http://10.10.0.30:4142"; icon = "di:zigbee2mqtt"; } + { title = "syncthing"; url = "http://10.10.0.20:2222"; icon = "di:syncthing"; } + { title = "archivebox"; url = "http://10.10.0.30:5656"; icon = "sh:archivebox"; } + { title = "copyparty"; url = "http://10.10.0.20:3923"; icon = "sh:copyparty"; } + ]; + } + { + type = "monitor"; + cache = "1m"; + title = "system"; + sites = [ + { title = "proxmox"; url = "http://10.10.0.10:8006"; icon = "di:proxmox"; allow-insecure = true; } + { title = "nginx"; url = "http://10.10.0.30:8080"; icon = "di:nginx"; } + { title = "uptime kuma"; url = "http://10.10.0.30:8181"; icon = "di:uptime-kuma"; } + { title = "tn holocron"; url = "https://10.10.0.20"; icon = "di:truenas"; allow-insecure = true; } + { title = "bebe"; url = "https://10.10.0.1"; icon = "di:unifi"; allow-insecure = true; } + ]; + } + ]; + } + { + size = "small"; + widgets = [ + { type = "weather"; location = "Pearland, Texas, United States"; units = "imperial"; hour-format = "24h"; } + { + type = "markets"; + markets = [ + { symbol = "SPY"; name = "S&P 500"; } + { symbol = "XMR-USD"; name = "Monero"; } + { symbol = "NVDA"; name = "NVIDIA"; } + { symbol = "AAPL"; name = "Apple"; } + { symbol = "MSFT"; name = "Microsoft"; } + ]; + } + { + type = "releases"; + cache = "1d"; + repositories = [ + "glanceapp/glance" + "go-gitea/gitea" + "immich-app/immich" + "syncthing/syncthing" + ]; + } + ]; + } + ]; + } + ]; + }; + }; + + + + # override umask to make permissions work out + systemd.services.${service}.serviceConfig = { + UMask = lib.mkForce "0007"; +# User = "${service}"; +# Group = "${service}"; + }; + +# # open firewall +# networking.firewall.allowedTCPPorts = [ cfg.port ]; + + # internal reverse proxy entry + services.nginx.virtualHosts."${cfg.url}" = { + forceSSL = true; + sslCertificate = sec."ssl_blakedheld_crt".path; + sslCertificateKey = sec."ssl_blakedheld_key".path; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.port}"; + }; + }; +# # external reverse proxy entry +# services.nginx.virtualHosts."${service}.blakedheld.xyz" = { +# forceSSL = true; +# sslCertificate = sec."ssl_blakedheld_crt".path; +# sslCertificateKey = sec."ssl_blakedheld_key".path; +# locations."/" = { +# proxyPass = "http://127.0.0.1:${toString cfg.port}"; +# }; +# }; +# +# sops.secrets = { +# "${service}_" = { +# owner = "${service}"; +# group = "${service}"; +# }; +# }; + + # add to backups + modules.system.backups.baks = { + ${service} = { paths = [ cfg.data_dir ]; }; + }; + }; +} diff --git a/modules/homelab/services/glance/default.nix.hardswing b/modules/homelab/services/glance/default.nix.hardswing new file mode 100644 index 0000000..30ce449 --- /dev/null +++ b/modules/homelab/services/glance/default.nix.hardswing @@ -0,0 +1,230 @@ +{ pkgs, config, lib, ... }: + +let + service = "glance"; + cfg = config.modules.services.${service}; + sec = config.sops.secrets; + homelab = config.modules.homelab; +in +{ + options.modules.services.${service} = { + enable = lib.mkEnableOption "enables ${service}"; + + # set port options + port = lib.mkOption { + type = lib.types.int; + default = 7700; + description = "set port for ${service} (default: ${toString cfg.port}"; + }; + url = lib.mkOption { + type = lib.types.str; + default = "${homelab.base_domain}"; + description = "set domain for ${service}"; + }; + data_dir = lib.mkOption { + type = lib.types.str; + default = "/var/lib/${service}"; + description = "set data directory for ${service}"; + }; + ids = lib.mkOption { + type = lib.types.int; + default = cfg.port; + description = "set uid and pid of ${service} user (matches port by default)"; + }; + backup = lib.mkOption { + type = lib.types.bool; + default = true; + description = "enable backups for ${service}"; + }; + pages = lib.mkOption { + type = lib.types.attrsOf (lib.types.submodule { + options.description = lib.mkOption { type = lib.types.str; }; + options.url = lib.mkOption { type = lib.types.str; }; + options.icon = lib.mkOption { type = lib.types.str; }; + options.category = lib.mkOption { type = lib.types.str; }; + }); + default = {}; + description = "configure the service for use in ${service}"; + }; + }; + + config = lib.mkIf cfg.enable { + + # declare ${service} group + users.groups.${service} = { gid = lib.mkForce cfg.ids; }; + + # declare ${service} user + users.users.${service} = { + description = "${service} server user"; + uid = lib.mkForce cfg.ids; + isSystemUser = true; + home = cfg.data_dir; + createHome = true; + group = "${service}"; + extraGroups = []; + }; + + services.${service} = { + enable = true; + openFirewall = true; + settings = { + server = { + host = "0.0.0.0"; + port = cfg.port; + }; + pages = [ + { + name = "violet"; + hide-desktop-navigation = true; + columns = [ + { + size = "small"; + widgets = [ + { type = "calendar"; first-day-of-week = "monday"; } + { type = "server-stats"; servers = [ { type = "local"; name = "violet"; } ]; } + { + type = "clock"; + hour-format = "24h"; + timezones = [ + { timezone = "America/Chicago"; label = "HTX"; } + { timezone = "America/Denver"; label = "AF"; } + ]; + } + { type = "twitch-channels"; channels = [ "mang0" "SaltSSBM" "thewaffle77" "ironmouse" "linustech" ]; } + ]; + } + { + size = "full"; + widgets = [ + { + type = "search"; + autofocus = true; + search-engine = "https://www.ecosia.org/search?q={QUERY}"; + new-tab = true; + bangs = [ + { title = "YouTube"; shortcut = "!y"; url = "https://www.youtube.com/results?search_query={QUERY}"; } + { title = "Google"; shortcut = "!g"; url = "https://www.google.com/search?q={QUERY}"; } + { title = "Github"; shortcut = "!gh"; url = "https://github.com/search?q={QUERY}&type=repositories"; } + ]; + } + { + type = "monitor"; + cache = "1m"; + title = "mediastack"; + sites = [ + { title = "jellyfin"; url = "https://media.blakedheld.xyz"; icon = "di:jellyfin"; } + { title = "audiobookshelf"; url = "https://audiobooks.blakedheld.xyz"; icon = "di:audiobookshelf"; } + { title = "yacreader"; url = "http://10.10.0.30:3434"; icon = "/assets/icons/yacreader.png"; } + { title = "sonarr"; url = "http://10.10.0.30:3636"; icon = "di:sonarr"; } + { title = "qbittorrent"; url = "http://10.10.0.40:3333"; icon = "di:qbittorrent"; } + { title = "radarr"; url = "http://10.10.0.30:3737"; icon = "di:radarr"; } + { title = "kiwix"; url = "http://10.10.0.30:5050"; icon = "di:kiwix"; } + { title = "prowlarr"; url = "http://10.10.0.30:3535"; icon = "di:prowlarr"; } + { title = "bazarr"; url = "http://10.10.0.30:3838"; icon = "di:bazarr"; } + ]; + } + { + type = "monitor"; + cache = "1m"; + title = "services"; + sites = [ + { title = "immich"; url = "https://pics.blakedheld.xyz"; icon = "di:immich"; } + { title = "vaultwarden"; url = "https://pass.blakedheld.xyz"; icon = "di:vaultwarden"; } + { title = "gitea"; url = "https://git.blakedheld.xyz"; icon = "di:gitea"; } + { title = "home assistant"; url = "https://home.blakedheld.xyz"; icon = "di:home-assistant"; } + { title = "zigbee2mqtt"; url = "http://10.10.0.30:4142"; icon = "di:zigbee2mqtt"; } + { title = "syncthing"; url = "http://10.10.0.20:2222"; icon = "di:syncthing"; } + { title = "archivebox"; url = "http://10.10.0.30:5656"; icon = "sh:archivebox"; } + { title = "copyparty"; url = "http://10.10.0.20:3923"; icon = "sh:copyparty"; } + ]; + } + { + type = "monitor"; + cache = "1m"; + title = "system"; + sites = [ + { title = "proxmox"; url = "http://10.10.0.10:8006"; icon = "di:proxmox"; allow-insecure = true; } + { title = "nginx"; url = "http://10.10.0.30:8080"; icon = "di:nginx"; } + { title = "uptime kuma"; url = "http://10.10.0.30:8181"; icon = "di:uptime-kuma"; } + { title = "tn holocron"; url = "https://10.10.0.20"; icon = "di:truenas"; allow-insecure = true; } + { title = "bebe"; url = "https://10.10.0.1"; icon = "di:unifi"; allow-insecure = true; } + ]; + } + ]; + } + { + size = "small"; + widgets = [ + { type = "weather"; location = "Pearland, Texas, United States"; units = "imperial"; hour-format = "24h"; } + { + type = "markets"; + markets = [ + { symbol = "SPY"; name = "S&P 500"; } + { symbol = "XMR-USD"; name = "Monero"; } + { symbol = "NVDA"; name = "NVIDIA"; } + { symbol = "AAPL"; name = "Apple"; } + { symbol = "MSFT"; name = "Microsoft"; } + ]; + } + { + type = "releases"; + cache = "1d"; + repositories = [ + "glanceapp/glance" + "go-gitea/gitea" + "immich-app/immich" + "syncthing/syncthing" + ]; + } + ]; + } + ]; + } + ]; + }; + }; + + + + # override umask to make permissions work out + systemd.services.${service}.serviceConfig = { + UMask = lib.mkForce "0007"; +# User = "${service}"; +# Group = "${service}"; + }; + +# # open firewall +# networking.firewall.allowedTCPPorts = [ cfg.port ]; + + # internal reverse proxy entry + services.nginx.virtualHosts."${cfg.url}" = { + forceSSL = true; + sslCertificate = sec."ssl_blakedheld_crt".path; + sslCertificateKey = sec."ssl_blakedheld_key".path; + locations."/" = { + proxyPass = "http://127.0.0.1:${toString cfg.port}"; + }; + }; +# # external reverse proxy entry +# services.nginx.virtualHosts."${service}.blakedheld.xyz" = { +# forceSSL = true; +# sslCertificate = sec."ssl_blakedheld_crt".path; +# sslCertificateKey = sec."ssl_blakedheld_key".path; +# locations."/" = { +# proxyPass = "http://127.0.0.1:${toString cfg.port}"; +# }; +# }; +# +# sops.secrets = { +# "${service}_" = { +# owner = "${service}"; +# group = "${service}"; +# }; +# }; + + # add to backups + modules.system.backups.baks = { + ${service} = { paths = [ cfg.data_dir ]; }; + }; + }; +}