blake/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update "${services}"

Browse Source
This commit is contained in:
blake
2025-10-13 16:25:33 -05:00
parent 3b2460f97a
commit 2f627902f3
21 changed files with 321 additions and 492 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
modules/homelab/services/.default.nix.template → modules/homelab/services/.default.nix.template.nix
View File

@@ -1,4 +1,9 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
let
service = "";
@@ -39,9 +44,11 @@ in
};
config = lib.mkIf cfg.enable {
# declare ${service} group
users.groups.${service} = { gid = lib.mkForce cfg.ids; };
users.groups.${service} = {
gid = lib.mkForce cfg.ids;
};
# declare ${service} user
users.users.${service} = {
@@ -50,7 +57,7 @@ in
isSystemUser = true;
home = cfg.data_dir;
createHome = true;
group = "${service}";
group = service;
extraGroups = [ "media" ];
};
@@ -58,8 +65,8 @@ in
services.${service} = {
enable = true;
openFirewall = true;
user = "${service}";
group = "${service}";
user = service;
group = service;
dataDir = cfg.data_dir;
settings = {
server.port = cfg.port;
@@ -69,40 +76,52 @@ in
# override umask to make permissions work out
systemd.services.${service}.serviceConfig = {
UMask = lib.mkForce "0007";
# User = "${service}";
# Group = "${service}";
# User = service;
# Group = service;
};
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = {
serverAliases = [ "${service}.${homelab.public_domain}" ];
extraConfig = ''
tls /etc/ssl/blakedheld.xyz.crt /etc/ssl/blakedheld.xyz.key
reverse_proxy 127.0.0.1:${toString cfg.port}
'';
};
# # add to glance public service
# modules.services.glance.links.<category> = [{
# title = service;
# url = "https://${service}.${homelab.public_domain}";
# error-url = "http://${homelab.host_ip}:${toString cfg.port}";
# check-url = "http://${homelab.host_ip}:${toString cfg.port}";
# icon = "di:${service}"; }];
#---------------------------------------------------------------------------
# # add to glance local service
# modules.services.glance.links.<category> = [{
# title = service;
# url = "https://${cfg.url}";
# error-url = "http://${homelab.host_ip}:${toString cfg.port}";
# check-url = "http://${homelab.host_ip}:${toString cfg.port}";
# icon = "di:${service}"; }];
#
# sops.secrets = {
# "${service}_" = {
# owner = "${service}";
# group = "${service}";
# };
# };
#---------------------------------------------------------------------------
# # add to glance (public service)
# modules.services.glance.links.<category> = [{
# title = service;
# url = "https://${service}.${homelab.public_domain}";
# error-url = "http://${homelab.host_ip}:${toString cfg.port}";
# check-url = "http://${homelab.host_ip}:${toString cfg.port}";
# icon = "di:${service}"; }];
#---------------------------------------------------------------------------
# # add to glance (local service)
# modules.services.glance.links.<category> = [{
# title = service;
# url = "https://${cfg.url}";
# error-url = "http://${homelab.host_ip}:${toString cfg.port}";
# check-url = "http://${homelab.host_ip}:${toString cfg.port}";
# icon = "di:${service}"; }];
#---------------------------------------------------------------------------
#
# sops.secrets = {
# "${service}_" = {
# owner = ;
# group = ;
# };
# };
# add to backups
modules.system.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };
${service} = {
paths = [ cfg.data_dir ];
};
};
};
}

6
modules/homelab/services/arr/bazarr/default.nix
View File

@@ -50,7 +50,7 @@ in
isSystemUser = true;
home = cfg.data_dir;
createHome = true;
group = "${service}";
group = service;
extraGroups = [ "media" ];
};
@@ -58,8 +58,8 @@ in
services.${service} = {
enable = true;
openFirewall = true;
user = "${service}";
group = "${service}";
user = service;
group = service;
listenPort = cfg.port;
};

6
modules/homelab/services/arr/flaresolverr/default.nix
View File

@@ -48,7 +48,7 @@ in
description = "${service} server user";
uid = lib.mkForce cfg.ids;
isSystemUser = true;
group = "${service}";
group = service;
};
# enable the ${service} service
@@ -60,8 +60,8 @@ in
# override umask to make permissions work out
systemd.services.${service}.serviceConfig = {
User = "${service}";
Group = "${service}";
User = service;
Group = service;
};
# # open firewall

6
modules/homelab/services/arr/prowlarr/default.nix
View File

@@ -50,7 +50,7 @@ in
isSystemUser = true;
home = cfg.data_dir;
createHome = true;
group = "${service}";
group = service;
extraGroups = [ "media" ];
};
@@ -66,8 +66,8 @@ in
# override umask to make permissions work out
systemd.services.${service}.serviceConfig = {
UMask = lib.mkForce "0007";
User = "${service}";
Group = "${service}";
User = service;
Group = service;
};
# # open firewall

10
modules/homelab/services/arr/radarr/default.nix
View File

@@ -50,7 +50,7 @@ in
isSystemUser = true;
home = cfg.data_dir;
createHome = true;
group = "${service}";
group = service;
extraGroups = [ "media" ];
};
@@ -58,8 +58,8 @@ in
services.${service} = {
enable = true;
openFirewall = true;
user = "${service}";
group = "${service}";
user = service;
group = service;
dataDir = cfg.data_dir;
settings = {
server.port = cfg.port;
@@ -69,8 +69,8 @@ in
# override umask to make permissions work out
systemd.services.${service}.serviceConfig = {
UMask = lib.mkForce "0007";
# User = "${service}";
# Group = "${service}";
# User = service;
# Group = service;
};
# # open firewall

6
modules/homelab/services/arr/sonarr/default.nix
View File

@@ -50,7 +50,7 @@ in
isSystemUser = true;
home = cfg.data_dir;
createHome = true;
group = "${service}";
group = service;
extraGroups = [ "media" ];
};
@@ -58,8 +58,8 @@ in
services.${service} = {
enable = true;
openFirewall = true;
user = "${service}";
group = "${service}";
user = service;
group = service;
dataDir = cfg.data_dir;
settings = {
server.port = cfg.port;

10
modules/homelab/services/audiobookshelf/default.nix
View File

@@ -50,7 +50,7 @@ in
isSystemUser = true;
# home = cfg.data_dir;
createHome = true;
group = "${service}";
group = service;
extraGroups = [ "media" ];
};
@@ -58,8 +58,8 @@ in
services.${service} = {
enable = true;
openFirewall = true;
user = "${service}";
group = "${service}";
user = service;
group = service;
# dataDir = cfg.data_dir;
host = "0.0.0.0";
port = cfg.port;
@@ -68,8 +68,8 @@ in
# override umask to make permissions work out
systemd.services.${service}.serviceConfig = {
UMask = lib.mkForce "0007";
# User = "${service}";
# Group = "${service}";
# User = service;
# Group = service;
};
# # open firewall

6
modules/homelab/services/caddy/default.nix
View File

@@ -34,15 +34,15 @@ in
isSystemUser = true;
home = cfg.data_dir;
createHome = true;
group = "${service}";
group = service;
extraGroups = [];
};
# enable the ${service} service
services.${service} = {
enable = true;
user = "${service}";
group = "${service}";
user = service;
group = service;
dataDir = cfg.data_dir;
email = "me@blakedheld.xyz";
globalConfig = ''

6
modules/homelab/services/gitea/default.nix
View File

@@ -56,7 +56,7 @@ in
shell = pkgs.bash;
home = cfg.data_dir;
createHome = true;
group = "${service}";
group = service;
extraGroups = [];
};
@@ -112,8 +112,8 @@ in
# manage secrets with sops
sops.secrets = {
"${service}_database_password" = {
owner = "${service}";
group = "${service}";
owner = service;
group = service;
};
};

162
modules/homelab/services/glance/default.nix
View File

@@ -1,19 +1,24 @@
{ pkgs, config, lib, ... }:
{
pkgs,
config,
lib,
...
}:
/*
this is a wrapper module for glance that allows you to
to pass monitor entries in with nix, all declaratively!
this is a wrapper module for glance that allows you to
to pass monitor entries in with nix, all declaratively!
| <8yy> |
V V
# add to glance
modules.services.glance.links.mediastack = [{
title = service;
url = "https://${cfg.url}";
error-url = "http://${homelab.host_ip}:${toString cfg.port}";
check-url = "http://${homelab.host_ip}:${toString cfg.port}";
icon = "di:${service}";
allow-insecure = true; }];
| <8yy> |
V V
# add to glance
modules.services.glance.links.mediastack = [{
title = service;
url = "https://${cfg.url}";
error-url = "http://${homelab.host_ip}:${toString cfg.port}";
check-url = "http://${homelab.host_ip}:${toString cfg.port}";
icon = "di:${service}";
allow-insecure = true; }];
*/
let
@@ -58,27 +63,28 @@ in
links = {
services = lib.mkOption {
type = lib.types.listOf lib.types.attrs;
default = [];
default = [ ];
description = "list of links for ${service}";
};
mediastack = lib.mkOption {
type = lib.types.listOf lib.types.attrs;
default = [];
default = [ ];
description = "list of links for ${service}";
};
system = lib.mkOption {
type = lib.types.listOf lib.types.attrs;
default = [];
default = [ ];
description = "list of links for ${service}";
};
};
};
config = lib.mkIf cfg.enable {
# declare ${service} group
users.groups.${service} = { gid = lib.mkForce cfg.ids; };
users.groups.${service} = {
gid = lib.mkForce cfg.ids;
};
# declare ${service} user
users.users.${service} = {
@@ -87,11 +93,11 @@ in
isSystemUser = true;
home = cfg.data_dir;
createHome = true;
group = "${service}";
extraGroups = [];
group = service;
extraGroups = [ ];
};
services.${service} = {
services.${service} = {
enable = true;
openFirewall = true;
settings = {
@@ -100,16 +106,20 @@ in
port = cfg.port;
assets-path = "${cfg.data_dir}/assets";
};
# theme = {custom-css-file = "/assets/user.css";};
# theme = {custom-css-file = "/assets/user.css";};
auth = {
secret-key = "+mYVAc1uO85hUUz5Ij6Lpelv1RqiLlneYqZD5Jv45buoF2+LZtIt2okRrbFCppiRQbqXkGoRMtSI0bROg4uFUw==";
users = {blake = {password-hash = "$2a$10$RwPCkcto35DCp4vNTDpH6.G3TpecPJ/zUL1jI93uzr.lg6v233Sie";};};
users = {
blake = {
password-hash = "$2a$10$RwPCkcto35DCp4vNTDpH6.G3TpecPJ/zUL1jI93uzr.lg6v233Sie";
};
};
};
branding = {
logo-url = "/assets/icons/snowbelle.png";
favicon-url = "/assets/icons/favicon.ico";
};
pages = [
pages = [
{
name = "snowbelle";
hide-desktop-navigation = true;
@@ -117,17 +127,43 @@ in
{
size = "small";
widgets = [
{ type = "calendar"; first-day-of-week = "monday"; }
{ type = "server-stats"; servers = [ { type = "local"; name = "snowbelle"; } ]; }
{
type = "calendar";
first-day-of-week = "monday";
}
{
type = "server-stats";
servers = [
{
type = "local";
name = "snowbelle";
}
];
}
{
type = "clock";
hour-format = "24h";
timezones = [
{ timezone = "America/Chicago"; label = "HTX"; }
{ timezone = "America/Denver"; label = "AF"; }
{
timezone = "America/Chicago";
label = "HTX";
}
{
timezone = "America/Denver";
label = "AF";
}
];
}
{
type = "twitch-channels";
channels = [
"mang0"
"SaltSSBM"
"thewaffle77"
"ironmouse"
"linustech"
];
}
{ type = "twitch-channels"; channels = [ "mang0" "SaltSSBM" "thewaffle77" "ironmouse" "linustech" ]; }
];
}
{
@@ -139,9 +175,21 @@ in
search-engine = "https://www.ecosia.org/search?q={QUERY}";
new-tab = true;
bangs = [
{ title = "YouTube"; shortcut = "!y"; url = "https://www.youtube.com/results?search_query={QUERY}"; }
{ title = "Google"; shortcut = "!g"; url = "https://www.google.com/search?q={QUERY}"; }
{ title = "Github"; shortcut = "!gh"; url = "https://github.com/search?q={QUERY}&type=repositories"; }
{
title = "YouTube";
shortcut = "!y";
url = "https://www.youtube.com/results?search_query={QUERY}";
}
{
title = "Google";
shortcut = "!g";
url = "https://www.google.com/search?q={QUERY}";
}
{
title = "Github";
shortcut = "!gh";
url = "https://github.com/search?q={QUERY}&type=repositories";
}
];
}
{
@@ -174,24 +222,48 @@ in
{
size = "small";
widgets = [
{ type = "weather"; location = "Pearland, Texas, United States"; units = "imperial"; hour-format = "24h"; }
{
type = "weather";
location = "Pearland, Texas, United States";
units = "imperial";
hour-format = "24h";
}
{
type = "custom-api";
title = "uptime";
title-url = "\${uptimekuma_url}";
url = "\${uptimekuma_url}/api/status-page/\${uptimekuma_page}";
subrequests = {heartbeats = {url = "\${uptimekuma_url}/api/status-page/heartbeat/\${uptimekuma_page}";};};
subrequests = {
heartbeats = {
url = "\${uptimekuma_url}/api/status-page/heartbeat/\${uptimekuma_page}";
};
};
cache = "10m";
template = "{{ $hb := .Subrequest \"heartbeats\" }}\n\n{{ if not (.JSON.Exists \"publicGroupList\") }}\n<p class=\"color-negative\">Error reading response</p>\n{{ else if eq (len (.JSON.Array \"publicGroupList\")) 0 }}\n<p>No monitors found</p>\n{{ else }}\n\n<ul class=\"dynamic-columns list-gap-8\">\n {{ range .JSON.Array \"publicGroupList\" }}\n {{ range .Array \"monitorList\" }}\n {{ $id := .String \"id\" }}\n {{ $hbArray := $hb.JSON.Array (print \"heartbeatList.\" $id) }}\n <div class=\"flex items-center gap-12\">\n <a class=\"size-title-dynamic color-highlight text-truncate block grow\" href=\"\${uptimekuma_url}/dashboard/{{ $id }}\"\n target=\"_blank\" rel=\"noreferrer\">\n {{ .String \"name\" }} </a>\n\n {{ if gt (len $hbArray) 0 }}\n {{ $latest := index $hbArray (sub (len $hbArray) 1) }}\n {{ if eq ($latest.Int \"status\") 1 }}\n <div>{{ $latest.Int \"ping\" }}ms</div>\n <div class=\"monitor-site-status-icon-compact\" title=\"OK\">\n <svg fill=\"var(--color-positive)\" xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 20 20\">\n <path fill-rule=\"evenodd\"\n d=\"M10 18a8 8 0 1 0 0-16 8 8 0 0 0 0 16Zm3.857-9.809a.75.75 0 0 0-1.214-.882l-3.483 4.79-1.88-1.88a.75.75 0 1 0-1.06 1.061l2.5 2.5a.75.75 0 0 0 1.137-.089l4-5.5Z\"\n clip-rule=\"evenodd\"></path>\n </svg>\n </div>\n {{ else }}\n <div><span class=\"color-negative\">DOWN</span></div>\n <div class=\"monitor-site-status-icon-compact\" title=\"{{ if $latest.Exists \"msg\" }}{{ $latest.String \"msg\" }}{{ else\n }}Error{{ end }}\">\n <svg fill=\"var(--color-negative)\" xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 20 20\">\n <path fill-rule=\"evenodd\"\n d=\"M8.485 2.495c.673-1.167 2.357-1.167 3.03 0l6.28 10.875c.673 1.167-.17 2.625-1.516 2.625H3.72c-1.347 0-2.189-1.458-1.515-2.625L8.485 2.495ZM10 5a.75.75 0 0 1 .75.75v3.5a.75.75 0 0 1-1.5 0v-3.5A.75.75 0 0 1 10 5Zm0 9a1 1 0 1 0 0-2 1 1 0 0 0 0 2Z\"\n clip-rule=\"evenodd\"></path>\n </svg>\n </div>\n {{ end }}\n {{ else }}\n <div><span class=\"color-negative\">No data</span></div>\n <div class=\"monitor-site-status-icon-compact\" title=\"No data available\">\n <svg fill=\"var(--color-negative)\" xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 20 20\">\n <path d=\"M10 18a8 8 0 1 1 0-16 8 8 0 0 1 0 16zm0-2a6 6 0 1 0 0-12 6 6 0 0 0 0 12zm-.75-8a.75.75 0 0 1 1.5 0v3a.75.75 0 0 1-1.5 0V8zm.75 5a1 1 0 1 1 0 2 1 1 0 0 1 0-2z\"/>\n </svg>\n </div>\n {{ end }}\n </div>\n {{ end }}\n {{ end }}\n</ul>\n{{ end }}\n";
}
{
type = "markets";
markets = [
{ symbol = "SPY"; name = "S&P 500"; }
{ symbol = "XMR-USD"; name = "Monero"; }
{ symbol = "NVDA"; name = "NVIDIA"; }
{ symbol = "AAPL"; name = "Apple"; }
{ symbol = "MSFT"; name = "Microsoft"; }
{
symbol = "SPY";
name = "S&P 500";
}
{
symbol = "XMR-USD";
name = "Monero";
}
{
symbol = "NVDA";
name = "NVIDIA";
}
{
symbol = "AAPL";
name = "Apple";
}
{
symbol = "MSFT";
name = "Microsoft";
}
];
}
{
@@ -209,10 +281,8 @@ in
];
}
];
};
};
};
};
# override umask to make permissions work out
systemd.services.${service}.serviceConfig = {
@@ -223,7 +293,7 @@ in
# add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = {
# serverAliases = [ "${homelab.public_domain}" ];
# serverAliases = [ "${homelab.public_domain}" ];
extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
reverse_proxy 127.0.0.1:${toString cfg.port}
@@ -232,7 +302,9 @@ in
# add to backups
modules.system.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };
${service} = {
paths = [ cfg.data_dir ];
};
};
};
}

247
modules/homelab/services/glance/default.nix.bak
View File

@@ -1,247 +0,0 @@
{ pkgs, config, lib, ... }:
/*
this is a wrapper module for glance that allows you to
to pass monitor entries in with nix, all declaratively!
| <8yy> |
V V
# add to glance
modules.services.glance.links.mediastack = [{
title = service;
url = "https://${cfg.url}";
error-url = "http://${homelab.host_ip}:${toString cfg.port}";
check-url = "http://${homelab.host_ip}:${toString cfg.port}";
icon = "di:${service}";
allow-insecure = true; }];
*/
let
service = "glance";
cfg = config.modules.services.${service};
sec = config.sops.secrets;
homelab = config.modules.homelab;
in
{
options.modules.services.${service} = {
enable = lib.mkEnableOption "enables ${service}";
# set port options
port = lib.mkOption {
type = lib.types.int;
default = 7700;
description = "set port for ${service} (default: ${toString cfg.port}";
};
url = lib.mkOption {
type = lib.types.str;
default = "${homelab.base_domain}";
description = "set domain for ${service}";
};
data_dir = lib.mkOption {
type = lib.types.str;
default = "/var/lib/${service}";
description = "set data directory for ${service}";
};
ids = lib.mkOption {
type = lib.types.int;
default = cfg.port;
description = "set uid and pid of ${service} user (matches port by default)";
};
backup = lib.mkOption {
type = lib.types.bool;
default = true;
description = "enable backups for ${service}";
};
links = {
services = lib.mkOption {
type = lib.types.listOf lib.types.attrs;
default = [];
description = "list of links for ${service}";
};
mediastack = lib.mkOption {
type = lib.types.listOf lib.types.attrs;
default = [];
description = "list of links for ${service}";
};
system = lib.mkOption {
type = lib.types.listOf lib.types.attrs;
default = [];
description = "list of links for ${service}";
};
};
};
config = lib.mkIf cfg.enable {
# declare ${service} group
users.groups.${service} = { gid = lib.mkForce cfg.ids; };
# declare ${service} user
users.users.${service} = {
description = "${service} server user";
uid = lib.mkForce cfg.ids;
isSystemUser = true;
home = cfg.data_dir;
createHome = true;
group = "${service}";
extraGroups = [];
};
services.${service} = {
enable = true;
openFirewall = true;
settings = {
server = {
host = "0.0.0.0";
port = cfg.port;
};
pages = [
{
name = "violet";
hide-desktop-navigation = true;
columns = [
{
size = "small";
widgets = [
{ type = "calendar"; first-day-of-week = "monday"; }
{ type = "server-stats"; servers = [ { type = "local"; name = "violet"; } ]; }
{
type = "clock";
hour-format = "24h";
timezones = [
{ timezone = "America/Chicago"; label = "HTX"; }
{ timezone = "America/Denver"; label = "AF"; }
];
}
{ type = "twitch-channels"; channels = [ "mang0" "SaltSSBM" "thewaffle77" "ironmouse" "linustech" ]; }
];
}
{
size = "full";
widgets = [
{
type = "search";
autofocus = true;
search-engine = "https://www.ecosia.org/search?q={QUERY}";
new-tab = true;
bangs = [
{ title = "YouTube"; shortcut = "!y"; url = "https://www.youtube.com/results?search_query={QUERY}"; }
{ title = "Google"; shortcut = "!g"; url = "https://www.google.com/search?q={QUERY}"; }
{ title = "Github"; shortcut = "!gh"; url = "https://github.com/search?q={QUERY}&type=repositories"; }
];
}
{
type = "monitor";
cache = "1m";
title = "services";
sites = cfg.links.services;
# sites = [
# { title = "jellyfin"; url = "https://media.blakedheld.xyz"; icon = "di:jellyfin"; }
# { title = "audiobookshelf"; url = "https://audiobooks.blakedheld.xyz"; icon = "di:audiobookshelf"; }
# { title = "yacreader"; url = "http://10.10.0.30:3434"; icon = "/assets/icons/yacreader.png"; }
# { title = "sonarr"; url = "http://10.10.0.30:3636"; icon = "di:sonarr"; }
# { title = "qbittorrent"; url = "http://10.10.0.40:3333"; icon = "di:qbittorrent"; }
# { title = "radarr"; url = "http://10.10.0.30:3737"; icon = "di:radarr"; }
# { title = "kiwix"; url = "http://10.10.0.30:5050"; icon = "di:kiwix"; }
# { title = "prowlarr"; url = "http://10.10.0.30:3535"; icon = "di:prowlarr"; }
# { title = "bazarr"; url = "http://10.10.0.30:3838"; icon = "di:bazarr"; }
# ];
}
{
type = "monitor";
cache = "1m";
title = "mediastack";
sites = cfg.links.mediastack;
# [
# { title = "immich"; url = "https://pics.blakedheld.xyz"; icon = "di:immich"; }
# { title = "vaultwarden"; url = "https://pass.blakedheld.xyz"; icon = "di:vaultwarden"; }
# { title = "gitea"; url = "https://git.blakedheld.xyz"; icon = "di:gitea"; }
# { title = "home assistant"; url = "https://home.blakedheld.xyz"; icon = "di:home-assistant"; }
# { title = "zigbee2mqtt"; url = "http://10.10.0.30:4142"; icon = "di:zigbee2mqtt"; }
# { title = "syncthing"; url = "http://10.10.0.20:2222"; icon = "di:syncthing"; }
# { title = "archivebox"; url = "http://10.10.0.30:5656"; icon = "sh:archivebox"; }
# { title = "copyparty"; url = "http://10.10.0.20:3923"; icon = "sh:copyparty"; }
# ];
}
{
type = "monitor";
cache = "1m";
title = "system";
sites = cfg.links.system;
# [
# { title = "proxmox"; url = "http://10.10.0.10:8006"; icon = "di:proxmox"; allow-insecure = true; }
# { title = "nginx"; url = "http://10.10.0.30:8080"; icon = "di:nginx"; }
# { title = "uptime kuma"; url = "http://10.10.0.30:8181"; icon = "di:uptime-kuma"; }
# { title = "tn holocron"; url = "https://10.10.0.20"; icon = "di:truenas"; allow-insecure = true; }
# { title = "bebe"; url = "https://10.10.0.1"; icon = "di:unifi"; allow-insecure = true; }
# ];
}
];
}
{
size = "small";
widgets = [
{ type = "weather"; location = "Pearland, Texas, United States"; units = "imperial"; hour-format = "24h"; }
{
type = "markets";
markets = [
{ symbol = "SPY"; name = "S&P 500"; }
{ symbol = "XMR-USD"; name = "Monero"; }
{ symbol = "NVDA"; name = "NVIDIA"; }
{ symbol = "AAPL"; name = "Apple"; }
{ symbol = "MSFT"; name = "Microsoft"; }
];
}
{
type = "releases";
cache = "1d";
repositories = [
"glanceapp/glance"
"go-gitea/gitea"
"immich-app/immich"
"syncthing/syncthing"
];
}
];
}
];
}
];
};
};
# override umask to make permissions work out
systemd.services.${service}.serviceConfig = {
UMask = lib.mkForce "0007";
# User = "${service}";
# Group = "${service}";
};
# # open firewall
# networking.firewall.allowedTCPPorts = [ cfg.port ];
# sops.secrets = {
# "${service}_" = {
# owner = "${service}";
# group = "${service}";
# };
# };
# add to caddy for reverse proxy
services.caddy.virtualHosts."${cfg.url}" = {
# serverAliases = [ "${homelab.public_domain}" ];
extraConfig = ''
tls ${sec."ssl_blakedheld_crt".path} ${sec."ssl_blakedheld_key".path}
reverse_proxy http://127.0.0.1:${toString cfg.port}
'';
};
# add to backups
modules.system.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };
};
};
}

11
modules/homelab/services/glance/test.nix
View File

@@ -1,11 +0,0 @@
[
{
type = "custom-api";
title = "Uptime Kumas";
title-url = "\${UPTIME_KUMA_URL}";
url = "\${UPTIME_KUMA_URL}/api/status-page/\${UPTIME_KUMA_STATUS_SLUG}";
subrequests = {heartbeats = {url = "\${UPTIME_KUMA_URL}/api/status-page/heartbeat/\${UPTIME_KUMA_STATUS_SLUG}";};};
cache = "10m";
template = "{{ $hb := .Subrequest \"heartbeats\" }}\n\n{{ if not (.JSON.Exists \"publicGroupList\") }}\n<p class=\"color-negative\">Error reading response</p>\n{{ else if eq (len (.JSON.Array \"publicGroupList\")) 0 }}\n<p>No monitors found</p>\n{{ else }}\n\n<ul class=\"dynamic-columns list-gap-8\">\n {{ range .JSON.Array \"publicGroupList\" }}\n {{ range .Array \"monitorList\" }}\n {{ $id := .String \"id\" }}\n {{ $hbArray := $hb.JSON.Array (print \"heartbeatList.\" $id) }}\n <div class=\"flex items-center gap-12\">\n <a class=\"size-title-dynamic color-highlight text-truncate block grow\" href=\"\${UPTIME_KUMA_URL}/dashboard/{{ $id }}\"\n target=\"_blank\" rel=\"noreferrer\">\n {{ .String \"name\" }} </a>\n\n {{ if gt (len $hbArray) 0 }}\n {{ $latest := index $hbArray (sub (len $hbArray) 1) }}\n {{ if eq ($latest.Int \"status\") 1 }}\n <div>{{ $latest.Int \"ping\" }}ms</div>\n <div class=\"monitor-site-status-icon-compact\" title=\"OK\">\n <svg fill=\"var(--color-positive)\" xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 20 20\">\n <path fill-rule=\"evenodd\"\n d=\"M10 18a8 8 0 1 0 0-16 8 8 0 0 0 0 16Zm3.857-9.809a.75.75 0 0 0-1.214-.882l-3.483 4.79-1.88-1.88a.75.75 0 1 0-1.06 1.061l2.5 2.5a.75.75 0 0 0 1.137-.089l4-5.5Z\"\n clip-rule=\"evenodd\"></path>\n </svg>\n </div>\n {{ else }}\n <div><span class=\"color-negative\">DOWN</span></div>\n <div class=\"monitor-site-status-icon-compact\" title=\"{{ if $latest.Exists \"msg\" }}{{ $latest.String \"msg\" }}{{ else\n }}Error{{ end }}\">\n <svg fill=\"var(--color-negative)\" xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 20 20\">\n <path fill-rule=\"evenodd\"\n d=\"M8.485 2.495c.673-1.167 2.357-1.167 3.03 0l6.28 10.875c.673 1.167-.17 2.625-1.516 2.625H3.72c-1.347 0-2.189-1.458-1.515-2.625L8.485 2.495ZM10 5a.75.75 0 0 1 .75.75v3.5a.75.75 0 0 1-1.5 0v-3.5A.75.75 0 0 1 10 5Zm0 9a1 1 0 1 0 0-2 1 1 0 0 0 0 2Z\"\n clip-rule=\"evenodd\"></path>\n </svg>\n </div>\n {{ end }}\n {{ else }}\n <div><span class=\"color-negative\">No data</span></div>\n <div class=\"monitor-site-status-icon-compact\" title=\"No data available\">\n <svg fill=\"var(--color-negative)\" xmlns=\"http://www.w3.org/2000/svg\" viewBox=\"0 0 20 20\">\n <path d=\"M10 18a8 8 0 1 1 0-16 8 8 0 0 1 0 16zm0-2a6 6 0 1 0 0-12 6 6 0 0 0 0 12zm-.75-8a.75.75 0 0 1 1.5 0v3a.75.75 0 0 1-1.5 0V8zm.75 5a1 1 0 1 1 0 2 1 1 0 0 1 0-2z\"/>\n </svg>\n </div>\n {{ end }}\n </div>\n {{ end }}\n {{ end }}\n</ul>\n{{ end }}\n";
}
]

63
modules/homelab/services/glance/yml.yaml
View File

@@ -1,63 +0,0 @@
- type: custom-api
title: Uptime Kumas
title-url: ${UPTIME_KUMA_URL}
url: ${UPTIME_KUMA_URL}/api/status-page/${UPTIME_KUMA_STATUS_SLUG}
subrequests:
heartbeats:
url: ${UPTIME_KUMA_URL}/api/status-page/heartbeat/${UPTIME_KUMA_STATUS_SLUG}
cache: 10m
template: |
{{ $hb := .Subrequest "heartbeats" }}
{{ if not (.JSON.Exists "publicGroupList") }}
<p class="color-negative">Error reading response</p>
{{ else if eq (len (.JSON.Array "publicGroupList")) 0 }}
<p>No monitors found</p>
{{ else }}
<ul class="dynamic-columns list-gap-8">
{{ range .JSON.Array "publicGroupList" }}
{{ range .Array "monitorList" }}
{{ $id := .String "id" }}
{{ $hbArray := $hb.JSON.Array (print "heartbeatList." $id) }}
<div class="flex items-center gap-12">
<a class="size-title-dynamic color-highlight text-truncate block grow" href="${UPTIME_KUMA_URL}/dashboard/{{ $id }}"
target="_blank" rel="noreferrer">
{{ .String "name" }} </a>
{{ if gt (len $hbArray) 0 }}
{{ $latest := index $hbArray (sub (len $hbArray) 1) }}
{{ if eq ($latest.Int "status") 1 }}
<div>{{ $latest.Int "ping" }}ms</div>
<div class="monitor-site-status-icon-compact" title="OK">
<svg fill="var(--color-positive)" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20">
<path fill-rule="evenodd"
d="M10 18a8 8 0 1 0 0-16 8 8 0 0 0 0 16Zm3.857-9.809a.75.75 0 0 0-1.214-.882l-3.483 4.79-1.88-1.88a.75.75 0 1 0-1.06 1.061l2.5 2.5a.75.75 0 0 0 1.137-.089l4-5.5Z"
clip-rule="evenodd"></path>
</svg>
</div>
{{ else }}
<div><span class="color-negative">DOWN</span></div>
<div class="monitor-site-status-icon-compact" title="{{ if $latest.Exists "msg" }}{{ $latest.String "msg" }}{{ else
}}Error{{ end }}">
<svg fill="var(--color-negative)" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20">
<path fill-rule="evenodd"
d="M8.485 2.495c.673-1.167 2.357-1.167 3.03 0l6.28 10.875c.673 1.167-.17 2.625-1.516 2.625H3.72c-1.347 0-2.189-1.458-1.515-2.625L8.485 2.495ZM10 5a.75.75 0 0 1 .75.75v3.5a.75.75 0 0 1-1.5 0v-3.5A.75.75 0 0 1 10 5Zm0 9a1 1 0 1 0 0-2 1 1 0 0 0 0 2Z"
clip-rule="evenodd"></path>
</svg>
</div>
{{ end }}
{{ else }}
<div><span class="color-negative">No data</span></div>
<div class="monitor-site-status-icon-compact" title="No data available">
<svg fill="var(--color-negative)" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20">
<path d="M10 18a8 8 0 1 1 0-16 8 8 0 0 1 0 16zm0-2a6 6 0 1 0 0-12 6 6 0 0 0 0 12zm-.75-8a.75.75 0 0 1 1.5 0v3a.75.75 0 0 1-1.5 0V8zm.75 5a1 1 0 1 1 0 2 1 1 0 0 1 0-2z"/>
</svg>
</div>
{{ end }}
</div>
{{ end }}
{{ end }}
</ul>
{{ end }}

10
modules/homelab/services/home/mosquitto/default.nix
View File

@@ -50,7 +50,7 @@ in
isSystemUser = true;
home = cfg.data_dir;
createHome = true;
group = "${service}";
group = service;
extraGroups = [];
};
@@ -73,8 +73,8 @@ in
# override umask to make permissions work out
systemd.services.${service}.serviceConfig = {
UMask = lib.mkForce "0007";
User = "${service}";
Group = "${service}";
User = service;
Group = service;
};
# open firewall
@@ -82,8 +82,8 @@ in
sops.secrets = {
"${service}_hashed_passwd" = {
owner = "${service}";
group = "${service}";
owner = service;
group = service;
};
};

10
modules/homelab/services/home/zigbee2mqtt/default.nix
View File

@@ -50,7 +50,7 @@ in
isSystemUser = true;
home = cfg.data_dir;
createHome = true;
group = "${service}";
group = service;
extraGroups = [];
};
@@ -87,8 +87,8 @@ in
# override umask to make permissions work out
systemd.services.${service}.serviceConfig = {
UMask = lib.mkForce "0007";
User = "${service}";
Group = "${service}";
User = service;
Group = service;
};
# # open firewall
@@ -113,8 +113,8 @@ in
sops.secrets = {
"mosquitto_passwd.yaml" = {
owner = "${service}";
group = "${service}";
owner = service;
group = service;
};
};

6
modules/homelab/services/immich/default.nix
View File

@@ -50,7 +50,7 @@ in
isSystemUser = true;
home = cfg.data_dir;
createHome = true;
group = "${service}";
group = service;
extraGroups = [ "video" "render" ];
};
@@ -59,8 +59,8 @@ in
enable = true;
package = inputs.nixpkgs-unstable.legacyPackages.${pkgs.system}.immich;
openFirewall = true;
user = "${service}";
group = "${service}";
user = service;
group = service;
mediaLocation = cfg.data_dir;
host = "0.0.0.0";
port = cfg.port;

6
modules/homelab/services/jellyfin/default.nix
View File

@@ -50,7 +50,7 @@ in
isSystemUser = true;
home = cfg.data_dir;
createHome = true;
group = "${service}";
group = service;
extraGroups = [ "media" "video" "render" ];
};
@@ -58,8 +58,8 @@ in
services.${service} = {
enable = true;
openFirewall = true;
user = "${service}";
group = "${service}";
user = service;
group = service;
dataDir = cfg.data_dir;
};

6
modules/homelab/services/qbittorrent/default.nix
View File

@@ -60,7 +60,7 @@ in
isSystemUser = true;
home = cfg.data_dir;
createHome = true;
group = "${service}";
group = service;
extraGroups = [ "media" ];
};
@@ -68,8 +68,8 @@ in
services.${service} = {
enable = true;
openFirewall = true;
user = "${service}";
group = "${service}";
user = service;
group = service;
profileDir = cfg.data_dir;
webuiPort = cfg.port;
# torrentingPort = cfg.torrenting_port;

2
modules/homelab/services/vaultwarden/default.nix
View File

@@ -51,7 +51,7 @@ in
isSystemUser = true;
home = cfg.data_dir;
createHome = true;
group = "${service}";
group = service;
extraGroups = [];
};

7
modules/homelab/services/yacreader/default.nix
View File

@@ -96,13 +96,6 @@ in
check-url = "http://${homelab.host_ip}:${toString cfg.port}";
icon = "di:yac-reader"; }];
# sops.secrets = {
# "${service}_" = {
# owner = "${service}";
# group = "${service}";
# };
# };
# add to backups
modules.system.backups.baks = {
${service} = { paths = [ cfg.data_dir ]; };

142
users/blake/dots/neovim/default.nix
View File

@@ -1,8 +1,13 @@
{ pkgs, config, lib, inputs, ... }:
{
pkgs,
config,
lib,
inputs,
...
}:
{
imports = [
inputs.nvf.homeManagerModules.default
inputs.nvf.homeManagerModules.default
];
programs.nvf = {
@@ -16,59 +21,114 @@
vimAlias = true;
lsp = {
enable = true;
servers.nix = {
enable = true;
format = {
enable = true;
command = "alejandra";
args = [];
};
};
};
lsp.enable = true;
statusline.lualine.enable = true;
telescope.enable = true;
autocomplete.nvim-cmp.enable = true;
keymaps = [
# visual line movement (insert mode)
{ key = "<Up>"; mode = [ "i" ]; action = "<C-o>gk"; desc = "Visual Line Up (Insert)"; }
{ key = "<Down>"; mode = [ "i" ]; action = "<C-o>gj"; desc = "Visual Line Down (Insert)"; }
{
key = "<Up>";
mode = [ "i" ];
action = "<C-o>gk";
desc = "Visual Line Up (Insert)";
}
{
key = "<Down>";
mode = [ "i" ];
action = "<C-o>gj";
desc = "Visual Line Down (Insert)";
}
# visual line movement (normal/visual)
{ key = "<Up>"; mode = [ "n" "v" ]; action = "g<Up>"; desc = "Visual Line Up"; }
{ key = "<Down>"; mode = [ "n" "v" ]; action = "g<Down>"; desc = "Visual Line Down"; }
{
key = "<Up>";
mode = [
"n"
"v"
];
action = "g<Up>";
desc = "Visual Line Up";
}
{
key = "<Down>";
mode = [
"n"
"v"
];
action = "g<Down>";
desc = "Visual Line Down";
}
# lsp
#{ key = "gd"; mode = [ "n" ]; action = "<cmd>lua vim.lsp.buf.definition()<CR>"; desc = "Go to definition"; }
#{ key = "K"; mode = [ "n" ]; action = "<cmd>lua vim.lsp.buf.hover()<CR>"; desc = "Hover info"; }
#{ key = "<leader>f"; mode = [ "n" ]; action = "<cmd>lua vim.lsp.buf.format({ async = true })<CR>"; desc = "Format buffer"; }
{ key = "gd"; mode = [ "n" ]; silent = true; action = "<cmd>lua vim.lsp.buf.definition()<CR>"; desc = "Go to definition"; }
{
key = "gd";
mode = [ "n" ];
silent = true;
action = "<cmd>lua vim.lsp.buf.definition()<CR>";
desc = "Go to definition";
}
# Hover info
{ key = "K"; mode = [ "n" ]; silent = true; action = "<cmd>lua vim.lsp.buf.hover()<CR>"; desc = "Hover info"; }
{
key = "K";
mode = [ "n" ];
silent = true;
action = "<cmd>lua vim.lsp.buf.hover()<CR>";
desc = "Hover info";
}
# Format buffer (Alejandra for Nix)
{ key = "<leader>F"; mode = [ "n" ]; silent = true; action = "<cmd>lua vim.lsp.buf.format({ async = true })<CR>"; desc = "Format buffer"; }
{
key = "<leader>F";
mode = [ "n" ];
silent = true;
action = "<cmd>lua vim.lsp.buf.format({ async = true })<CR>";
desc = "Format buffer";
}
# Code actions / quickfix
{ key = "<leader>a"; mode = [ "n" ]; silent = true; action = "<cmd>lua vim.lsp.buf.code_action()<CR>"; desc = "Code action"; }
{
key = "<leader>a";
mode = [ "n" ];
silent = true;
action = "<cmd>lua vim.lsp.buf.code_action()<CR>";
desc = "Code action";
}
# Rename symbol
{ key = "<leader>r"; mode = [ "n" ]; silent = true; action = "<cmd>lua vim.lsp.buf.rename()<CR>"; desc = "Rename symbol"; }
{
key = "<leader>r";
mode = [ "n" ];
silent = true;
action = "<cmd>lua vim.lsp.buf.rename()<CR>";
desc = "Rename symbol";
}
# Diagnostics
{ key = "<leader>e"; mode = [ "n" ]; silent = true; action = "<cmd>lua vim.diagnostic.open_float()<CR>"; desc = "Show diagnostic"; }
{ key = "[d"; mode = [ "n" ]; silent = true; action = "<cmd>lua vim.diagnostic.goto_prev()<CR>"; desc = "Previous diagnostic"; }
{ key = "]d"; mode = [ "n" ]; silent = true; action = "<cmd>lua vim.diagnostic.goto_next()<CR>"; desc = "Next diagnostic"; }
{
key = "<leader>e";
mode = [ "n" ];
silent = true;
action = "<cmd>lua vim.diagnostic.open_float()<CR>";
desc = "Show diagnostic";
}
{
key = "[d";
mode = [ "n" ];
silent = true;
action = "<cmd>lua vim.diagnostic.goto_prev()<CR>";
desc = "Previous diagnostic";
}
{
key = "]d";
mode = [ "n" ];
silent = true;
action = "<cmd>lua vim.diagnostic.goto_next()<CR>";
desc = "Next diagnostic";
}
];
options = {
clipboard = "unnamedplus";
@@ -99,7 +159,7 @@
wrap = true;
linebreak = true;
breakindent = true;
termguicolors = true;
autoread = true;
};
@@ -109,12 +169,18 @@
nix = {
enable = true;
format = {
enable = true;
#type = "alejandra";
type = "nixfmt";
};
};
markdown.enable = true;
rust.enable = true;
lua.enable = true;
};
};
};
};
};