fix: fix nodejs-based apps

hosts/12kingdoms-rakushun/README.md

@@ -2,36 +2,12 @@
 
 LUKS encrypted SSD for NixOS, on Orange Pi 5 Plus.
 
-Storage, operation and maintenance related services are running on this host:
-
-1. Storage such as git server, file server/browser, torrent downloader,, etc.
-1. Backup or sync my personal data to cloud or NAS.
-   - For safety, those data should be encrypted before sending to the cloud or my NAS.
-1. Collect and monitor the metrics/logs of my homelab.
+TODO
 
 ## Showcases
 
 ![](../../_img/2024-03-07_orangepi5plus_rakushun.webp)
 
-## Features
-
-Services:
-
-1. prometheus + alertmanager + grafana + loki: Monitor the metrics/logs of my homelab.
-1. restic: Backup my personal data to cloud or NAS.
-1. synthing: Sync file between android/macbook/PC and NAS.
-1. gitea: Self-hosted git service.
-1. sftpgo: SFTP server.
-1. transmission & AriaNg: Torrent downloader and HTTP downloader
-1. alist/filebrower: File browser for local/SMB/Cloud
-
-All the services assumes a reverse proxy to be setup in the front, they are all listening on
-localhost, and a caddy service is listening on the local network interface and proxy the requests to
-the services.
-
-TODO: create a private PKI for caddy, to achieve end-to-end encryption between caddy and the
-services.
-
 ## Misc
 
 ```bash

hosts/12kingdoms-rakushun/oci-containers/dashy/default.nix

@@ -1,26 +0,0 @@
-{
-  # Replace dashy with gethomepage, because dashy is too slow to start/reload.
-
-  # # Install the dashy configuration file instead of symlink it
-  # system.activationScripts.installDashyConfig = ''
-  #   install -Dm 600 ${./dashy_conf.yml} /etc/dashy/dashy_conf.yml
-  # '';
-  #
-  # # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/virtualisation/oci-containers.nix
-  # virtualisation.oci-containers.containers = {
-  #   # check its logs via `journalctl -u podman-dashy`
-  #   dashy = {
-  #     hostname = "dashy";
-  #     image = "lissy93/dashy:latest";
-  #     ports = ["127.0.0.1:4000:80"];
-  #     environment = {
-  #       "NODE_ENV" = "production";
-  #     };
-  #     volumes = [
-  #       "/etc/dashy/dashy_conf.yml:/app/public/conf.yml"
-  #     ];
-  #     autoStart = true;
-  #     # cmd = [];
-  #   };
-  # };
-}

hosts/idols-aquamarine/README.md

@@ -1,3 +1,24 @@
 # Idols - Aquamarine
 
-TODO
+Storage, operation and maintenance related services are running on this host:
+
+1. Storage such as git server, file server/browser, torrent downloader,, etc.
+1. Backup or sync my personal data to cloud or NAS.
+   - For safety, those data should be encrypted before sending to the cloud or my NAS.
+1. Collect and monitor the metrics/logs of my homelab.
+
+## Features
+
+Services:
+
+1. prometheus + alertmanager + grafana + loki: Monitor the metrics/logs of my homelab.
+1. restic: Backup my personal data to cloud or NAS.
+1. synthing: Sync file between android/macbook/PC and NAS.
+1. gitea: Self-hosted git service.
+1. sftpgo: SFTP server.
+1. transmission & AriaNg: Torrent downloader and HTTP downloader
+1. alist/filebrower: File browser for local/SMB/Cloud
+
+All the services assumes a reverse proxy to be setup in the front, they are all listening on
+localhost, and a caddy service is listening on the local network interface and proxy the requests to
+the services.

hosts/idols-aquamarine/caddy.nix

@@ -31,7 +31,7 @@ in {
     # Dashboard
     virtualHosts."home.writefor.fun".extraConfig = ''
       ${hostCommonConfig}
-      reverse_proxy http://localhost:4401
+      reverse_proxy http://localhost:54401
     '';
 
     # https://caddyserver.com/docs/caddyfile/directives/file_server
@@ -64,7 +64,7 @@ in {
     # Monitoring
     virtualHosts."uptime-kuma.writefor.fun".extraConfig = ''
       encode zstd gzip
-      reverse_proxy http://localhost:3350
+      reverse_proxy http://localhost:53350
     '';
     virtualHosts."grafana.writefor.fun".extraConfig = ''
       encode zstd gzip

hosts/idols-aquamarine/homepage/README.md

@@ -1 +0,0 @@
-# Homepage for my Homelab

hosts/idols-aquamarine/homepage/default.nix

@@ -1,29 +0,0 @@
-{
-  lib,
-  pkgs,
-  ...
-}: let
-  configDir = "/data/apps/homepage-dashboard";
-in {
-  # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/misc/homepage-dashboard.nix
-  services.homepage-dashboard = {
-    enable = true;
-    listenPort = 4401;
-    openFirewall = false;
-  };
-  systemd.services.homepage-dashboard.environment = {
-    HOMEPAGE_CONFIG_DIR = lib.mkForce configDir;
-
-    # 1. The value of env var HOMEPAGE_VAR_XXX will replace {{HOMEPAGE_VAR_XXX}} in any config
-    # HOMEPAGE_VAR_XXX_APIKEY = "myapikey";
-    # 2. The value of env var HOMEPAGE_FILE_XXX must be a file path,
-    # the contents of which will be used to replace {{HOMEPAGE_FILE_XXX}} in any config
-  };
-  # Install the homepage-dashboard configuration files
-  system.activationScripts.installHomepageDashboardConfig = ''
-    mkdir -p ${configDir}
-    ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F600 ${./config}/ ${configDir}/
-
-    ${pkgs.systemdMinimal}/bin/systemctl restart homepage-dashboard
-  '';
-}

hosts/idols-aquamarine/oci-containers/homepage/default.nix

@@ -0,0 +1,41 @@
+{
+  config,
+  pkgs,
+  ...
+}: let
+  user = "homepage";
+  configDir = "/data/apps/homepage-dashboard";
+in {
+  users.groups.${user} = {};
+  users.users.${user} = {
+    group = user;
+    home = configDir;
+    isSystemUser = true;
+  };
+
+  # Install the homepage-dashboard configuration files
+  system.activationScripts.installHomepageDashboardConfig = ''
+    mkdir -p ${configDir}
+    ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F644 ${./config}/ ${configDir}/
+    chown -R ${user}:${user} ${configDir}
+  '';
+
+  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/virtualisation/oci-containers.nix
+  virtualisation.oci-containers.containers = {
+    # check its logs via `journalctl -u podman-homepage`
+    homepage = {
+      hostname = "homepage";
+      image = "ghcr.io/gethomepage/homepage:latest";
+      ports = ["127.0.0.1:54401:3000"];
+      # https://github.com/louislam/uptime-kuma/wiki/Environment-Variables
+      environment = {
+        # "PUID" = config.users.users.${user}.uid;
+        # "PGID" = config.users.groups.${user}.gid;
+      };
+      volumes = [
+        "${configDir}:/app/config"
+      ];
+      autoStart = true;
+    };
+  };
+}

hosts/idols-aquamarine/oci-containers/uptime-kuma/default.nix

@@ -0,0 +1,35 @@
+{config, ...}: let
+  user = "kuma";
+  dataDir = "/data/apps/uptime-kuma";
+in {
+  users.groups.${user} = {};
+  users.users.${user} = {
+    group = user;
+    home = dataDir;
+    isSystemUser = true;
+  };
+
+  # Create Directories
+  systemd.tmpfiles.rules = [
+    "d ${dataDir} 0755 ${user} ${user}"
+  ];
+
+  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/virtualisation/oci-containers.nix
+  virtualisation.oci-containers.containers = {
+    # check its logs via `journalctl -u podman-homepage`
+    uptime-kuma = {
+      hostname = "uptime-kuma";
+      image = "louislam/uptime-kuma:1";
+      ports = ["127.0.0.1:53350:3001"];
+      # https://github.com/louislam/uptime-kuma/wiki/Environment-Variables
+      environment = {
+        # "PUID" = config.users.users.${user}.uid;
+        # "PGID" = config.users.groups.${user}.gid;
+      };
+      volumes = [
+        "${dataDir}:/app/data"
+      ];
+      autoStart = true;
+    };
+  };
+}

hosts/idols-aquamarine/uptime-kuma.nix

@@ -1,12 +0,0 @@
-{lib, ...}: {
-  # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/uptime-kuma.nix
-  services.uptime-kuma = {
-    enable = true;
-    # https://github.com/louislam/uptime-kuma/wiki/Environment-Variables
-    settings = lib.mkForce {
-      "UPTIME_KUMA_HOST" = "127.0.0.1";
-      "UPTIME_KUMA_PORT" = "3350";
-      "DATA_DIR" = "/data/apps/uptime-kuma/";
-    };
-  };
-}