From 2f3d644234a965a67232e5b6d88e1270fa650824 Mon Sep 17 00:00:00 2001 From: Ryan Yin Date: Wed, 31 Jul 2024 16:51:32 +0800 Subject: [PATCH 1/2] fix: fix nodejs-based apps --- hosts/12kingdoms-rakushun/README.md | 26 +----------- .../oci-containers/dashy/default.nix | 26 ------------ hosts/idols-aquamarine/README.md | 23 ++++++++++- hosts/idols-aquamarine/caddy.nix | 4 +- hosts/idols-aquamarine/homepage/README.md | 1 - hosts/idols-aquamarine/homepage/default.nix | 29 ------------- .../oci-containers/default.nix | 0 .../homepage/config/bookmarks.yaml | 0 .../homepage/config/docker.yaml | 0 .../homepage/config/kubernetes.yaml | 0 .../homepage/config/services.yaml | 0 .../homepage/config/settings.yaml | 0 .../homepage/config/widgets.yaml | 0 .../oci-containers/homepage/default.nix | 41 +++++++++++++++++++ .../oci-containers/uptime-kuma/default.nix | 35 ++++++++++++++++ hosts/idols-aquamarine/uptime-kuma.nix | 12 ------ 16 files changed, 101 insertions(+), 96 deletions(-) delete mode 100644 hosts/12kingdoms-rakushun/oci-containers/dashy/default.nix delete mode 100644 hosts/idols-aquamarine/homepage/README.md delete mode 100644 hosts/idols-aquamarine/homepage/default.nix rename hosts/{12kingdoms-rakushun => idols-aquamarine}/oci-containers/default.nix (100%) rename hosts/idols-aquamarine/{ => oci-containers}/homepage/config/bookmarks.yaml (100%) rename hosts/idols-aquamarine/{ => oci-containers}/homepage/config/docker.yaml (100%) rename hosts/idols-aquamarine/{ => oci-containers}/homepage/config/kubernetes.yaml (100%) rename hosts/idols-aquamarine/{ => oci-containers}/homepage/config/services.yaml (100%) rename hosts/idols-aquamarine/{ => oci-containers}/homepage/config/settings.yaml (100%) rename hosts/idols-aquamarine/{ => oci-containers}/homepage/config/widgets.yaml (100%) create mode 100644 hosts/idols-aquamarine/oci-containers/homepage/default.nix create mode 100644 hosts/idols-aquamarine/oci-containers/uptime-kuma/default.nix delete mode 100644 hosts/idols-aquamarine/uptime-kuma.nix diff --git a/hosts/12kingdoms-rakushun/README.md b/hosts/12kingdoms-rakushun/README.md index 81e36975..17bca0f0 100644 --- a/hosts/12kingdoms-rakushun/README.md +++ b/hosts/12kingdoms-rakushun/README.md @@ -2,36 +2,12 @@ LUKS encrypted SSD for NixOS, on Orange Pi 5 Plus. -Storage, operation and maintenance related services are running on this host: - -1. Storage such as git server, file server/browser, torrent downloader,, etc. -1. Backup or sync my personal data to cloud or NAS. - - For safety, those data should be encrypted before sending to the cloud or my NAS. -1. Collect and monitor the metrics/logs of my homelab. +TODO ## Showcases ![](../../_img/2024-03-07_orangepi5plus_rakushun.webp) -## Features - -Services: - -1. prometheus + alertmanager + grafana + loki: Monitor the metrics/logs of my homelab. -1. restic: Backup my personal data to cloud or NAS. -1. synthing: Sync file between android/macbook/PC and NAS. -1. gitea: Self-hosted git service. -1. sftpgo: SFTP server. -1. transmission & AriaNg: Torrent downloader and HTTP downloader -1. alist/filebrower: File browser for local/SMB/Cloud - -All the services assumes a reverse proxy to be setup in the front, they are all listening on -localhost, and a caddy service is listening on the local network interface and proxy the requests to -the services. - -TODO: create a private PKI for caddy, to achieve end-to-end encryption between caddy and the -services. - ## Misc ```bash diff --git a/hosts/12kingdoms-rakushun/oci-containers/dashy/default.nix b/hosts/12kingdoms-rakushun/oci-containers/dashy/default.nix deleted file mode 100644 index 470cd6ff..00000000 --- a/hosts/12kingdoms-rakushun/oci-containers/dashy/default.nix +++ /dev/null @@ -1,26 +0,0 @@ -{ - # Replace dashy with gethomepage, because dashy is too slow to start/reload. - - # # Install the dashy configuration file instead of symlink it - # system.activationScripts.installDashyConfig = '' - # install -Dm 600 ${./dashy_conf.yml} /etc/dashy/dashy_conf.yml - # ''; - # - # # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/virtualisation/oci-containers.nix - # virtualisation.oci-containers.containers = { - # # check its logs via `journalctl -u podman-dashy` - # dashy = { - # hostname = "dashy"; - # image = "lissy93/dashy:latest"; - # ports = ["127.0.0.1:4000:80"]; - # environment = { - # "NODE_ENV" = "production"; - # }; - # volumes = [ - # "/etc/dashy/dashy_conf.yml:/app/public/conf.yml" - # ]; - # autoStart = true; - # # cmd = []; - # }; - # }; -} diff --git a/hosts/idols-aquamarine/README.md b/hosts/idols-aquamarine/README.md index a665ba82..9689fbbb 100644 --- a/hosts/idols-aquamarine/README.md +++ b/hosts/idols-aquamarine/README.md @@ -1,3 +1,24 @@ # Idols - Aquamarine -TODO +Storage, operation and maintenance related services are running on this host: + +1. Storage such as git server, file server/browser, torrent downloader,, etc. +1. Backup or sync my personal data to cloud or NAS. + - For safety, those data should be encrypted before sending to the cloud or my NAS. +1. Collect and monitor the metrics/logs of my homelab. + +## Features + +Services: + +1. prometheus + alertmanager + grafana + loki: Monitor the metrics/logs of my homelab. +1. restic: Backup my personal data to cloud or NAS. +1. synthing: Sync file between android/macbook/PC and NAS. +1. gitea: Self-hosted git service. +1. sftpgo: SFTP server. +1. transmission & AriaNg: Torrent downloader and HTTP downloader +1. alist/filebrower: File browser for local/SMB/Cloud + +All the services assumes a reverse proxy to be setup in the front, they are all listening on +localhost, and a caddy service is listening on the local network interface and proxy the requests to +the services. diff --git a/hosts/idols-aquamarine/caddy.nix b/hosts/idols-aquamarine/caddy.nix index 3adcbbbc..d4f44937 100644 --- a/hosts/idols-aquamarine/caddy.nix +++ b/hosts/idols-aquamarine/caddy.nix @@ -31,7 +31,7 @@ in { # Dashboard virtualHosts."home.writefor.fun".extraConfig = '' ${hostCommonConfig} - reverse_proxy http://localhost:4401 + reverse_proxy http://localhost:54401 ''; # https://caddyserver.com/docs/caddyfile/directives/file_server @@ -64,7 +64,7 @@ in { # Monitoring virtualHosts."uptime-kuma.writefor.fun".extraConfig = '' encode zstd gzip - reverse_proxy http://localhost:3350 + reverse_proxy http://localhost:53350 ''; virtualHosts."grafana.writefor.fun".extraConfig = '' encode zstd gzip diff --git a/hosts/idols-aquamarine/homepage/README.md b/hosts/idols-aquamarine/homepage/README.md deleted file mode 100644 index 8079368f..00000000 --- a/hosts/idols-aquamarine/homepage/README.md +++ /dev/null @@ -1 +0,0 @@ -# Homepage for my Homelab diff --git a/hosts/idols-aquamarine/homepage/default.nix b/hosts/idols-aquamarine/homepage/default.nix deleted file mode 100644 index 038410cb..00000000 --- a/hosts/idols-aquamarine/homepage/default.nix +++ /dev/null @@ -1,29 +0,0 @@ -{ - lib, - pkgs, - ... -}: let - configDir = "/data/apps/homepage-dashboard"; -in { - # https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/misc/homepage-dashboard.nix - services.homepage-dashboard = { - enable = true; - listenPort = 4401; - openFirewall = false; - }; - systemd.services.homepage-dashboard.environment = { - HOMEPAGE_CONFIG_DIR = lib.mkForce configDir; - - # 1. The value of env var HOMEPAGE_VAR_XXX will replace {{HOMEPAGE_VAR_XXX}} in any config - # HOMEPAGE_VAR_XXX_APIKEY = "myapikey"; - # 2. The value of env var HOMEPAGE_FILE_XXX must be a file path, - # the contents of which will be used to replace {{HOMEPAGE_FILE_XXX}} in any config - }; - # Install the homepage-dashboard configuration files - system.activationScripts.installHomepageDashboardConfig = '' - mkdir -p ${configDir} - ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F600 ${./config}/ ${configDir}/ - - ${pkgs.systemdMinimal}/bin/systemctl restart homepage-dashboard - ''; -} diff --git a/hosts/12kingdoms-rakushun/oci-containers/default.nix b/hosts/idols-aquamarine/oci-containers/default.nix similarity index 100% rename from hosts/12kingdoms-rakushun/oci-containers/default.nix rename to hosts/idols-aquamarine/oci-containers/default.nix diff --git a/hosts/idols-aquamarine/homepage/config/bookmarks.yaml b/hosts/idols-aquamarine/oci-containers/homepage/config/bookmarks.yaml similarity index 100% rename from hosts/idols-aquamarine/homepage/config/bookmarks.yaml rename to hosts/idols-aquamarine/oci-containers/homepage/config/bookmarks.yaml diff --git a/hosts/idols-aquamarine/homepage/config/docker.yaml b/hosts/idols-aquamarine/oci-containers/homepage/config/docker.yaml similarity index 100% rename from hosts/idols-aquamarine/homepage/config/docker.yaml rename to hosts/idols-aquamarine/oci-containers/homepage/config/docker.yaml diff --git a/hosts/idols-aquamarine/homepage/config/kubernetes.yaml b/hosts/idols-aquamarine/oci-containers/homepage/config/kubernetes.yaml similarity index 100% rename from hosts/idols-aquamarine/homepage/config/kubernetes.yaml rename to hosts/idols-aquamarine/oci-containers/homepage/config/kubernetes.yaml diff --git a/hosts/idols-aquamarine/homepage/config/services.yaml b/hosts/idols-aquamarine/oci-containers/homepage/config/services.yaml similarity index 100% rename from hosts/idols-aquamarine/homepage/config/services.yaml rename to hosts/idols-aquamarine/oci-containers/homepage/config/services.yaml diff --git a/hosts/idols-aquamarine/homepage/config/settings.yaml b/hosts/idols-aquamarine/oci-containers/homepage/config/settings.yaml similarity index 100% rename from hosts/idols-aquamarine/homepage/config/settings.yaml rename to hosts/idols-aquamarine/oci-containers/homepage/config/settings.yaml diff --git a/hosts/idols-aquamarine/homepage/config/widgets.yaml b/hosts/idols-aquamarine/oci-containers/homepage/config/widgets.yaml similarity index 100% rename from hosts/idols-aquamarine/homepage/config/widgets.yaml rename to hosts/idols-aquamarine/oci-containers/homepage/config/widgets.yaml diff --git a/hosts/idols-aquamarine/oci-containers/homepage/default.nix b/hosts/idols-aquamarine/oci-containers/homepage/default.nix new file mode 100644 index 00000000..caddfb10 --- /dev/null +++ b/hosts/idols-aquamarine/oci-containers/homepage/default.nix @@ -0,0 +1,41 @@ +{ + config, + pkgs, + ... +}: let + user = "homepage"; + configDir = "/data/apps/homepage-dashboard"; +in { + users.groups.${user} = {}; + users.users.${user} = { + group = user; + home = configDir; + isSystemUser = true; + }; + + # Install the homepage-dashboard configuration files + system.activationScripts.installHomepageDashboardConfig = '' + mkdir -p ${configDir} + ${pkgs.rsync}/bin/rsync -avz --chmod=D2755,F644 ${./config}/ ${configDir}/ + chown -R ${user}:${user} ${configDir} + ''; + + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/virtualisation/oci-containers.nix + virtualisation.oci-containers.containers = { + # check its logs via `journalctl -u podman-homepage` + homepage = { + hostname = "homepage"; + image = "ghcr.io/gethomepage/homepage:latest"; + ports = ["127.0.0.1:54401:3000"]; + # https://github.com/louislam/uptime-kuma/wiki/Environment-Variables + environment = { + # "PUID" = config.users.users.${user}.uid; + # "PGID" = config.users.groups.${user}.gid; + }; + volumes = [ + "${configDir}:/app/config" + ]; + autoStart = true; + }; + }; +} diff --git a/hosts/idols-aquamarine/oci-containers/uptime-kuma/default.nix b/hosts/idols-aquamarine/oci-containers/uptime-kuma/default.nix new file mode 100644 index 00000000..98c360f2 --- /dev/null +++ b/hosts/idols-aquamarine/oci-containers/uptime-kuma/default.nix @@ -0,0 +1,35 @@ +{config, ...}: let + user = "kuma"; + dataDir = "/data/apps/uptime-kuma"; +in { + users.groups.${user} = {}; + users.users.${user} = { + group = user; + home = dataDir; + isSystemUser = true; + }; + + # Create Directories + systemd.tmpfiles.rules = [ + "d ${dataDir} 0755 ${user} ${user}" + ]; + + # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/virtualisation/oci-containers.nix + virtualisation.oci-containers.containers = { + # check its logs via `journalctl -u podman-homepage` + uptime-kuma = { + hostname = "uptime-kuma"; + image = "louislam/uptime-kuma:1"; + ports = ["127.0.0.1:53350:3001"]; + # https://github.com/louislam/uptime-kuma/wiki/Environment-Variables + environment = { + # "PUID" = config.users.users.${user}.uid; + # "PGID" = config.users.groups.${user}.gid; + }; + volumes = [ + "${dataDir}:/app/data" + ]; + autoStart = true; + }; + }; +} diff --git a/hosts/idols-aquamarine/uptime-kuma.nix b/hosts/idols-aquamarine/uptime-kuma.nix deleted file mode 100644 index d4e9c9ac..00000000 --- a/hosts/idols-aquamarine/uptime-kuma.nix +++ /dev/null @@ -1,12 +0,0 @@ -{lib, ...}: { - # https://github.com/NixOS/nixpkgs/blob/nixos-24.05/nixos/modules/services/monitoring/uptime-kuma.nix - services.uptime-kuma = { - enable = true; - # https://github.com/louislam/uptime-kuma/wiki/Environment-Variables - settings = lib.mkForce { - "UPTIME_KUMA_HOST" = "127.0.0.1"; - "UPTIME_KUMA_PORT" = "3350"; - "DATA_DIR" = "/data/apps/uptime-kuma/"; - }; - }; -} From 86ee8132b7230c7a3d82fd2fd2b7d15eb1b97726 Mon Sep 17 00:00:00 2001 From: Ryan Yin Date: Wed, 31 Jul 2024 17:19:35 +0800 Subject: [PATCH 2/2] fix: homelab - use https --- .../homepage/config/services.yaml | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/hosts/idols-aquamarine/oci-containers/homepage/config/services.yaml b/hosts/idols-aquamarine/oci-containers/homepage/config/services.yaml index c02184d9..c7b5dbd3 100644 --- a/hosts/idols-aquamarine/oci-containers/homepage/config/services.yaml +++ b/hosts/idols-aquamarine/oci-containers/homepage/config/services.yaml @@ -6,18 +6,18 @@ - KubeVirt-Shoryu: icon: si-kubevirt description: "CPU: R7-5825U / MEM: 64G / DISK: 1T" - href: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.181:9100 - siteMonitor: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.181:9100 + href: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.181:9100 + siteMonitor: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.181:9100 - KubeVirt-Shushou: icon: si-kubevirt description: "CPU: R9-5900HX / MEM: 64G / DISK: 1T" - href: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.182:9100 - siteMonitor: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.182:9100 + href: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.182:9100 + siteMonitor: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.182:9100 - KubeVirt-Youko: icon: si-kubevirt description: "CPU: R5-5625U / MEM: 32G / DISK: 512G+4T*2" - href: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.183:9100 - siteMonitor: http://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.183:9100 + href: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.183:9100 + siteMonitor: https://grafana.writefor.fun/d/rYdddlPWk/node-exporter-full?orgId=1&var-node=192.168.5.183:9100 - LongHorn-Storage: icon: si-longhorn href: http://longhorn.writefor.fun/ @@ -31,26 +31,26 @@ - Homelab Monitoring: - Grafana: icon: si-grafana - href: http://grafana.writefor.fun + href: https://grafana.writefor.fun description: Data visualised on dashboards - siteMonitor: http://grafana.writefor.fun + siteMonitor: https://grafana.writefor.fun - Prometheus Dashboard: icon: si-prometheus - href: http://prometheus.writefor.fun + href: https://prometheus.writefor.fun description: Monitoring - Prometheus - siteMonitor: http://prometheus.writefor.fun + siteMonitor: https://prometheus.writefor.fun - Uptime Kuma: icon: si-uptimekuma - href: http://uptime-kuma.writefor.fun + href: https://uptime-kuma.writefor.fun description: Uptime Checking - siteMonitor: http://uptime-kuma.writefor.fun + siteMonitor: https://uptime-kuma.writefor.fun - Homelab Applications: - SFTPGO: icon: sftpgo.png - href: "http://sftpgo.writefor.fun/web/admin/folders" + href: "https://sftpgo.writefor.fun/web/admin/folders" description: WebDAV & SFTP server - siteMonitor: http://sftpgo.writefor.fun/ + siteMonitor: https://sftpgo.writefor.fun/ # - Kubernetes Monitoring: # # TODO: Update this # - Emby: