Merge pull request #145 from ryan4yin/migrate-services-to-aqua

feat: migrate grafana & prometheus to aqua

flake.lock

@@ -686,10 +686,10 @@
     "mysecrets": {
       "flake": false,
       "locked": {
-        "lastModified": 1722319213,
-        "narHash": "sha256-yiG+fBKr8ChhZPNREPQFuSLsYxNLjQIx3BabUIr5dp8=",
+        "lastModified": 1722412796,
+        "narHash": "sha256-bV+DbfqItujekh62XWpqC2ldkw6KqAo6LOpKLh9M7Sc=",
         "ref": "refs/heads/main",
-        "rev": "bbdba5e791ef8bdfc5e285c7cb651222453b49d8",
+        "rev": "8e3cf78c9f6b016625681f668e154b3705851a0d",
         "shallow": true,
         "type": "git",
         "url": "ssh://git@github.com/ryan4yin/nix-secrets.git"

hosts/idols-aquamarine/caddy.nix

@@ -17,7 +17,7 @@ in {
     # Reload Caddy instead of restarting it when configuration file changes.
     enableReload = true;
     user = "caddy"; # User account under which caddy runs.
-    dataDir = "/var/lib/caddy";
+    dataDir = "/data/apps/caddy";
     logDir = "/var/log/caddy";
 
     # Additional lines of configuration appended to the global config section of the Caddyfile.
@@ -36,7 +36,7 @@ in {
 
     # https://caddyserver.com/docs/caddyfile/directives/file_server
     virtualHosts."file.writefor.fun".extraConfig = ''
-      root * /var/lib/caddy/fileserver/
+      root * /data/apps/caddy/fileserver/
       ${hostCommonConfig}
       file_server browse {
         hide .git
@@ -83,15 +83,15 @@ in {
 
   # Create Directories
   systemd.tmpfiles.rules = [
-    "d /var/lib/caddy/fileserver/ 0755 caddy caddy"
+    "d /data/apps/caddy/fileserver/ 0755 caddy caddy"
     # directory for virtual machine's images
-    "d /var/lib/caddy/fileserver/vms 0755 caddy caddy"
+    "d /data/apps/caddy/fileserver/vms 0755 caddy caddy"
   ];
 
-  # Add all my wallpapers into /var/lib/caddy/fileserver/wallpapers
+  # Add all my wallpapers into /data/apps/caddy/fileserver/wallpapers
   # Install the homepage-dashboard configuration files
   system.activationScripts.installCaddyWallpapers = ''
-    mkdir -p /var/lib/caddy/fileserver/wallpapers
-    ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F644 ${wallpapers}/ /var/lib/caddy/fileserver/wallpapers/
+    mkdir -p /data/apps/caddy/fileserver/wallpapers
+    ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F644 ${wallpapers}/ /data/apps/caddy/fileserver/wallpapers/
   '';
 }

hosts/idols-aquamarine/default.nix

@@ -2,6 +2,7 @@
   mylib,
   myvars,
   pkgs,
+  disko,
   ...
 }:
 #############################################################
@@ -12,7 +13,11 @@
 let
   hostName = "aquamarine"; # Define your hostname.
 in {
-  imports = mylib.scanPaths ./.;
+  imports =
+    (mylib.scanPaths ./.)
+    ++ [
+      disko.nixosModules.default
+    ];
 
   # supported file systems, so we can mount any removable disks with these filesystems
   boot.supportedFilesystems = [

hosts/idols-aquamarine/disko-fs.nix

@@ -0,0 +1,62 @@
+# auto disk partitioning:
+#   nix run github:nix-community/disko -- --mode disko ./disko-fs.nix
+{
+  disko.devices = {
+    disk.data-apps = {
+      type = "disk";
+      device = "/dev/disk/by-id/ata-WDC_WD40EJRX-89T1XY0_WD-WCC7K0XDCZE6";
+      content = {
+        type = "gpt";
+        partitions.data-apps = {
+          size = "100%";
+          content = {
+            type = "btrfs";
+            # extraArgs = ["-f"]; # Override existing partition
+            subvolumes = {
+              "@persistent" = {
+                mountpoint = "/data/apps";
+                mountOptions = [
+                  "compress-force=zstd:1"
+                  # https://www.freedesktop.org/software/systemd/man/latest/systemd.mount.html
+                  "nofail"
+                ];
+              };
+              "@backups" = {
+                mountpoint = "/data/backups";
+                mountOptions = ["compress-force=zstd:1" "noatime" "nofail"];
+              };
+              "@snapshots" = {
+                mountpoint = "/data/apps-snapshots";
+                mountOptions = ["compress-force=zstd:1" "noatime" "nofail"];
+              };
+            };
+          };
+        };
+      };
+    };
+    disk.data-fileshare = {
+      type = "disk";
+      device = "/dev/disk/by-id/ata-WDC_WD40EZRZ-22GXCB0_WD-WCC7K7VV9613";
+      content = {
+        type = "gpt";
+        partitions.data-fileshare = {
+          size = "100%";
+          content = {
+            type = "btrfs";
+            # extraArgs = ["-f"]; # Override existing partition
+            subvolumes = {
+              "@persistent" = {
+                mountpoint = "/data/fileshare";
+                mountOptions = ["compress-force=zstd:1" "nofail"];
+              };
+              "@snapshots" = {
+                mountpoint = "/data/fileshare-snapshots";
+                mountOptions = ["compress-force=zstd:1" "noatime" "nofail"];
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}

hosts/idols-aquamarine/filesystems.nix

@@ -1,12 +0,0 @@
-{
-  fileSystems."/data/downloads" = {
-    device = "/dev/disk/by-label/Downloads";
-    fsType = "ntfs-3g";
-    options = ["rw" "uid=1000"];
-  };
-  fileSystems."/data/games" = {
-    device = "/dev/disk/by-label/Games";
-    fsType = "ntfs-3g";
-    options = ["rw" "uid=1000"];
-  };
-}

hosts/idols-aquamarine/gitea.nix

@@ -5,7 +5,7 @@ in {
     enable = true;
     user = "gitea";
     group = "gitea";
-    stateDir = "/var/lib/gitea";
+    stateDir = "/data/apps/gitea";
     appName = "Ryan Yin's Gitea Service";
     lfs.enable = true;
     # Enable a timer that runs gitea dump to generate backup-files of the current gitea database and repositories.

hosts/idols-aquamarine/grafana/default.nix

@@ -5,7 +5,7 @@
 }: {
   services.grafana = {
     enable = true;
-    dataDir = "/var/lib/grafana";
+    dataDir = "/data/apps/grafana";
     # DeclarativePlugins = with pkgs.grafanaPlugins; [ grafana-piechart-panel ];
     settings = {
       server = {

hosts/idols-aquamarine/homepage/default.nix

@@ -1,5 +1,9 @@
-{pkgs, ...}: let
-  configDir = "/var/lib/homepage-dashboard";
+{
+  lib,
+  pkgs,
+  ...
+}: let
+  configDir = "/data/apps/homepage-dashboard";
 in {
   # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/misc/homepage-dashboard.nix
   services.homepage-dashboard = {
@@ -8,7 +12,7 @@ in {
     openFirewall = false;
   };
   systemd.services.homepage-dashboard.environment = {
-    HOMEPAGE_CONFIG_DIR = configDir;
+    HOMEPAGE_CONFIG_DIR = lib.mkForce configDir;
 
     # 1. The value of env var HOMEPAGE_VAR_XXX will replace {{HOMEPAGE_VAR_XXX}} in any config
     # HOMEPAGE_VAR_XXX_APIKEY = "myapikey";

hosts/idols-aquamarine/prometheus/default.nix

@@ -83,7 +83,7 @@
         metrics_path = "/metrics";
         static_configs = [
           {
-            targets = ["${myvars.networking.hostsAddr.rakushun.ipv4}:9153"];
+            targets = ["${myvars.networking.hostsAddr.aquamarine.ipv4}:9153"];
             labels.type = "app";
             labels.app = "v2ray";
           }
@@ -96,7 +96,7 @@
         metrics_path = "/metrics";
         static_configs = [
           {
-            targets = ["${myvars.networking.hostsAddr.rakushun.ipv4}:10000"];
+            targets = ["${myvars.networking.hostsAddr.aquamarine.ipv4}:10000"];
             labels.type = "app";
             labels.app = "v2ray";
           }

hosts/idols-aquamarine/sftpgo.nix

@@ -1,11 +1,18 @@
-{config, ...}: {
+{config, ...}: let
+  user = "sftpgo";
+  dataDir = "/data/apps/sftpgo";
+in {
   # Read SFTPGO_DEFAULT_ADMIN_USERNAME and SFTPGO_DEFAULT_ADMIN_PASSWORD from a file
   systemd.services.sftpgo.serviceConfig.EnvironmentFile = config.age.secrets."sftpgo.env".path;
 
+  # Create Directories
+  systemd.tmpfiles.rules = [
+    "d ${dataDir} 0755 ${user} ${user}"
+  ];
+
   services.sftpgo = {
     enable = true;
-    user = "sftpgo";
-    dataDir = "/var/lib/sftpgo";
+    inherit user dataDir;
     extraArgs = [
       "--log-level"
       "info"

hosts/idols-aquamarine/transmission.nix

@@ -3,7 +3,7 @@
   myvars,
   ...
 }: let
-  dataDir = "/var/lib/transmission";
+  dataDir = "/data/apps/transmission";
   name = "transmission";
 in {
   # the headless Transmission BitTorrent daemon

hosts/idols-aquamarine/uptime-kuma.nix

@@ -1,12 +1,12 @@
-{
+{lib, ...}: {
   # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/uptime-kuma.nix
   services.uptime-kuma = {
     enable = true;
     # https://github.com/louislam/uptime-kuma/wiki/Environment-Variables
-    settings = {
+    settings = lib.mkForce {
       "UPTIME_KUMA_HOST" = "127.0.0.1";
       "UPTIME_KUMA_PORT" = "3350";
-      "DATA_DIR" = "/var/lib/uptime-kuma/";
+      "DATA_DIR" = "/data/apps/uptime-kuma/";
     };
   };
 }

outputs/aarch64-linux/src/12kingdoms-rakushun.nix

@@ -24,13 +24,10 @@
         "hosts/12kingdoms-${name}"
       ])
       ++ [
-        {modules.secrets.server.application.enable = true;}
-        {modules.secrets.server.operation.enable = true;}
-        {modules.secrets.server.webserver.enable = true;}
       ];
-    home-modules = map mylib.relativeToRoot [
-      "home/linux/tui.nix"
-    ];
+    home-modules =
+      map mylib.relativeToRoot [
+      ];
   };
 
   inherit (inputs) nixos-rk3588;

outputs/x86_64-linux/src/idols-aquamarine.nix

@@ -26,7 +26,13 @@
         "hosts/idols-${name}"
       ])
       ++ [
+        {modules.secrets.server.application.enable = true;}
+        {modules.secrets.server.operation.enable = true;}
+        {modules.secrets.server.webserver.enable = true;}
       ];
+    home-modules = map mylib.relativeToRoot [
+      "home/linux/tui.nix"
+    ];
   };
 
   systemArgs = modules // args;