From 48315cfb8e067cf310c75b5270b9a02e1378d11e Mon Sep 17 00:00:00 2001 From: Will Holdsworth Date: Wed, 4 Mar 2026 21:26:18 +1100 Subject: [PATCH] feat: add gatus entry for each subdomain --- modules/nixos/features/bazarr.nix | 18 ++- modules/nixos/features/copyparty.nix | 18 ++- modules/nixos/features/couchdb.nix | 20 ++- modules/nixos/features/cryptpad.nix | 22 +++- modules/nixos/features/gatus.nix | 34 +---- modules/nixos/features/homepage-dashboard.nix | 122 +++++++++++------- modules/nixos/features/immich.nix | 18 ++- modules/nixos/features/jellyfin.nix | 18 ++- modules/nixos/features/kavita.nix | 18 ++- modules/nixos/features/libretranslate.nix | 18 ++- modules/nixos/features/lidarr.nix | 18 ++- modules/nixos/features/miniflux.nix | 20 ++- modules/nixos/features/ntfy-sh.nix | 20 ++- modules/nixos/features/nzbget.nix | 18 ++- modules/nixos/features/paperless.nix | 20 ++- modules/nixos/features/prowlarr.nix | 18 ++- modules/nixos/features/qbittorrent.nix | 18 ++- modules/nixos/features/radarr.nix | 18 ++- modules/nixos/features/radicale.nix | 18 ++- modules/nixos/features/readarr.nix | 18 ++- modules/nixos/features/send.nix | 20 ++- modules/nixos/features/sonarr.nix | 18 ++- modules/nixos/features/syncthing.nix | 18 ++- modules/nixos/features/vaultwarden.nix | 20 ++- modules/templates/web-feature.nix | 4 +- 25 files changed, 464 insertions(+), 108 deletions(-) diff --git a/modules/nixos/features/bazarr.nix b/modules/nixos/features/bazarr.nix index 541235c..c25b32d 100644 --- a/modules/nixos/features/bazarr.nix +++ b/modules/nixos/features/bazarr.nix @@ -1,6 +1,8 @@ let port = 5017; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "subtitles.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -11,7 +13,21 @@ in listenPort = port; }; - caddy.virtualHosts."bazarr.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "Bazarr"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/copyparty.nix b/modules/nixos/features/copyparty.nix index ac21d2c..d06aadf 100644 --- a/modules/nixos/features/copyparty.nix +++ b/modules/nixos/features/copyparty.nix @@ -8,6 +8,8 @@ let port = 5000; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "files.fi33.buzz"; + url = "https://${hostname}"; in { imports = [ inputs.copyparty.nixosModules.default ]; @@ -35,7 +37,21 @@ in }; }; - caddy.virtualHosts."copyparty.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "copyparty"; + group = "Private Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/couchdb.nix b/modules/nixos/features/couchdb.nix index 0f0d44d..9a53e77 100644 --- a/modules/nixos/features/couchdb.nix +++ b/modules/nixos/features/couchdb.nix @@ -1,6 +1,8 @@ let port = 5984; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "couchdb.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -29,13 +31,27 @@ in cors = { credentials = true; origins = '' - app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://couchdb.fi33.buzz,http://couchdb.fi33.buzz,https://couchdb.fi33.buzz + app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://${hostname},http://${hostname},${url} ''; }; }; }; - caddy.virtualHosts."couchdb.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "CouchDB"; + group = "Private Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 401" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/cryptpad.nix b/modules/nixos/features/cryptpad.nix index 8c031ff..a74d2ba 100644 --- a/modules/nixos/features/cryptpad.nix +++ b/modules/nixos/features/cryptpad.nix @@ -2,6 +2,8 @@ let httpPort = 5022; websocketPort = 5024; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "cryptpad.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -10,7 +12,7 @@ in settings = { inherit httpPort; inherit websocketPort; - httpUnsafeOrigin = "https://cryptpad.fi33.buzz"; + httpUnsafeOrigin = url; httpSafeOrigin = "https://cryptpad-ui.fi33.buzz"; inactiveTime = 7; archiveRetentionTime = 7; @@ -18,7 +20,21 @@ in }; }; - caddy.virtualHosts."cryptpad.fi33.buzz, cryptpad-ui.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "CryptPad"; + group = "Public Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts."${hostname} cryptpad-ui.fi33.buzz".extraConfig = '' header Strict-Transport-Security "includeSubDomains; preload" handle /cryptpad_websocket* { @@ -36,7 +52,7 @@ in } @register { - host cryptpad.fi33.buzz + host ${hostname} path /register* } respond @register 403 diff --git a/modules/nixos/features/gatus.nix b/modules/nixos/features/gatus.nix index c06fb6e..9de288c 100644 --- a/modules/nixos/features/gatus.nix +++ b/modules/nixos/features/gatus.nix @@ -1,43 +1,17 @@ let port = 5025; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "status.fi33.buzz"; + url = "https://${hostname}"; in { services = { gatus = { enable = true; - settings = { - web = { - inherit port; - }; - endpoints = [ - { - name = "website"; - url = "https://twin.sh/health"; - interval = "5m"; - conditions = [ - "[STATUS] == 200" - "[BODY].status == UP" - "[RESPONSE_TIME] < 300" - ]; - } - ]; - }; + settings.web.port = port; }; - # borgmatic.settings = { - # source_directories = [ ]; - # postgresql_databases = [ - # { - # name = "gatus"; - # hostname = "localhost"; - # username = "root"; - # password = "{credential systemd borgmatic-pg}"; - # } - # ]; - # }; - - caddy.virtualHosts."uptime.fi33.buzz".extraConfig = '' + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/homepage-dashboard.nix b/modules/nixos/features/homepage-dashboard.nix index d24f8f3..c329bba 100644 --- a/modules/nixos/features/homepage-dashboard.nix +++ b/modules/nixos/features/homepage-dashboard.nix @@ -38,13 +38,15 @@ let # keep-sorted end ]; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "home.fi33.buzz"; + url = "https://${hostname}"; in { services = { homepage-dashboard = { enable = true; listenPort = port; - allowedHosts = "homepage-dashboard.fi33.buzz"; + allowedHosts = hostname; services = [ { "Public Services" = [ @@ -80,11 +82,11 @@ in Radarr = { description = "Movie organizer/manager"; icon = "radarr.svg"; - href = "https://radarr.fi33.buzz/"; - siteMonitor = "https://radarr.fi33.buzz/"; + href = "https://movies.fi33.buzz/"; + siteMonitor = "https://movies.fi33.buzz/"; widget = { type = "radarr"; - url = "https://radarr.fi33.buzz/"; + url = "https://movies.fi33.buzz/"; key = "@radarr@"; enableQueue = true; }; @@ -94,11 +96,11 @@ in Sonarr = { description = "Smart PVR"; icon = "sonarr.svg"; - href = "https://sonarr.fi33.buzz/"; - siteMonitor = "https://sonarr.fi33.buzz/"; + href = "https://shows.fi33.buzz/"; + siteMonitor = "https://shows.fi33.buzz/"; widget = { type = "sonarr"; - url = "https://sonarr.fi33.buzz/"; + url = "https://shows.fi33.buzz/"; key = "@sonarr@"; enableQueue = true; }; @@ -108,11 +110,11 @@ in Lidarr = { description = "Like Sonarr but made for music"; icon = "lidarr.svg"; - href = "https://lidarr.fi33.buzz/"; - siteMonitor = "https://lidarr.fi33.buzz/"; + href = "https://music.fi33.buzz/"; + siteMonitor = "https://music.fi33.buzz/"; widget = { type = "lidarr"; - url = "https://lidarr.fi33.buzz/"; + url = "https://music.fi33.buzz/"; key = "@lidarr@"; enableQueue = true; }; @@ -122,11 +124,11 @@ in Readarr = { description = "Book Manager and Automation"; icon = "readarr.svg"; - href = "https://readarr.fi33.buzz/"; - siteMonitor = "https://readarr.fi33.buzz/"; + href = "https://books.fi33.buzz/"; + siteMonitor = "https://books.fi33.buzz/"; widget = { type = "readarr"; - url = "https://readarr.fi33.buzz/"; + url = "https://books.fi33.buzz/"; key = "@readarr@"; enableQueue = true; }; @@ -136,11 +138,11 @@ in Bazarr = { description = "Subtitle manager and downloader"; icon = "bazarr.svg"; - href = "https://bazarr.fi33.buzz/"; - siteMonitor = "https://bazarr.fi33.buzz/"; + href = "https://subtitles.fi33.buzz/"; + siteMonitor = "https://subtitles.fi33.buzz/"; widget = { type = "bazarr"; - url = "https://bazarr.fi33.buzz/"; + url = "https://subtitles.fi33.buzz/"; key = "@subtitles@"; }; }; @@ -162,11 +164,11 @@ in NZBget = { description = "Usenet Downloader"; icon = "nzbget.svg"; - href = "https://nzbget.fi33.buzz/"; - siteMonitor = "https://nzbget.fi33.buzz/"; + href = "https://usenet.fi33.buzz/"; + siteMonitor = "https://usenet.fi33.buzz/"; widget = { type = "nzbget"; - url = "https://nzbget.fi33.buzz/"; + url = "https://usenet.fi33.buzz/"; username = "nzbget"; password = "@nzbget@"; }; @@ -176,8 +178,8 @@ in qBittorrent = { description = "BitTorrent client"; icon = "qbittorrent.svg"; - href = "https://qbittorrent.fi33.buzz/"; - siteMonitor = "https://qbittorrent.fi33.buzz/"; + href = "https://bittorrent.fi33.buzz/"; + siteMonitor = "https://bittorrent.fi33.buzz/"; }; } ]; @@ -188,8 +190,8 @@ in copyparty = { description = "Portable file server"; icon = "sh-copyparty.svg"; - href = "https://copyparty.fi33.buzz/"; - siteMonitor = "https://copyparty.fi33.buzz/"; + href = "https://files.fi33.buzz/"; + siteMonitor = "https://files.fi33.buzz/"; }; } { @@ -204,32 +206,32 @@ in ntfy = { description = "Send push notifications using PUT/POST"; icon = "ntfy.svg"; - href = "https://ntfy-sh.fi33.buzz/"; - siteMonitor = "https://ntfy-sh.fi33.buzz/"; + href = "https://notify.fi33.buzz/"; + siteMonitor = "https://notify.fi33.buzz/"; }; } { Radicale = { description = "A simple CalDAV (calendar) and CardDAV (contact) server"; icon = "radicale.svg"; - href = "https://radicale.fi33.buzz"; - siteMonitor = "https://radicale.fi33.buzz"; + href = "https://caldav.fi33.buzz"; + siteMonitor = "https://caldav.fi33.buzz"; }; } { Syncthing = { description = "Open Source Continuous File Synchronization"; icon = "syncthing.svg"; - href = "https://syncthing.fi33.buzz/"; - siteMonitor = "https://syncthing.fi33.buzz/"; + href = "https://sync.fi33.buzz/"; + siteMonitor = "https://sync.fi33.buzz/"; }; } { Vaultwarden = { description = "Unofficial Bitwarden compatible server"; icon = "vaultwarden.svg"; - href = "https://vaultwarden.fi33.buzz/"; - siteMonitor = "https://vaultwarden.fi33.buzz/"; + href = "https://vault.fi33.buzz/"; + siteMonitor = "https://vault.fi33.buzz/"; }; } ]; @@ -240,8 +242,8 @@ in Immich = { description = "Photo and video management solution"; icon = "immich.svg"; - href = "https://immich.fi33.buzz/"; - siteMonitor = "https://immich.fi33.buzz/"; + href = "https://photos.fi33.buzz/"; + siteMonitor = "https://photos.fi33.buzz/"; widget = { type = "immich"; fields = [ @@ -250,7 +252,7 @@ in "videos" "storage" ]; - url = "https://immich.fi33.buzz/"; + url = "https://photos.fi33.buzz/"; version = 2; key = "@immich@"; }; @@ -260,11 +262,11 @@ in Jellyfin = { description = "Media System"; icon = "jellyfin.svg"; - href = "https://jellyfin.fi33.buzz/"; - siteMonitor = "https://jellyfin.fi33.buzz/"; + href = "https://media.fi33.buzz/"; + siteMonitor = "https://media.fi33.buzz/"; widget = { type = "jellyfin"; - url = "https://jellyfin.fi33.buzz/"; + url = "https://media.fi33.buzz/"; key = "@jellyfin@"; enableBlocks = true; enableNowPlaying = true; @@ -278,11 +280,11 @@ in Kavita = { description = "Reading server"; icon = "kavita.svg"; - href = "https://kavita.fi33.buzz/"; - siteMonitor = "https://kavita.fi33.buzz/"; + href = "https://library.fi33.buzz/"; + siteMonitor = "https://library.fi33.buzz/"; widget = { type = "kavita"; - url = "https://kavita.fi33.buzz/"; + url = "https://library.fi33.buzz/"; key = "@kavita-api@"; }; }; @@ -291,11 +293,11 @@ in Miniflux = { description = "Feed reader"; icon = "miniflux.svg"; - href = "https://miniflux.fi33.buzz/"; - siteMonitor = "https://miniflux.fi33.buzz/"; + href = "https://feeds.fi33.buzz/"; + siteMonitor = "https://feeds.fi33.buzz/"; widget = { type = "miniflux"; - url = "https://miniflux.fi33.buzz/"; + url = "https://feeds.fi33.buzz/"; key = "@miniflux@"; }; }; @@ -304,11 +306,11 @@ in Paperless = { description = "Document management system"; icon = "paperless.svg"; - href = "https://paperless.fi33.buzz/"; - siteMonitor = "https://paperless.fi33.buzz/"; + href = "https://documents.fi33.buzz/"; + siteMonitor = "https://documents.fi33.buzz/"; widget = { type = "paperlessngx"; - url = "https://paperless.fi33.buzz/"; + url = "https://documents.fi33.buzz/"; username = "admin"; password = "@paperless@"; }; @@ -318,6 +320,18 @@ in } { Utilities = [ + { + Gatus = { + description = "Status page"; + icon = "gatus.svg"; + href = "https://status.fi33.buzz/"; + siteMonitor = "https://status.fi33.buzz/"; + widget = { + type = "gatus"; + url = "https://status.fi33.buzz/"; + }; + }; + } { NanoKVM = { description = "Remote KVM switch"; @@ -407,7 +421,21 @@ in ]; }; - caddy.virtualHosts."homepage-dashboard.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "Homepage Dashboard"; + group = "Utilities"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/immich.nix b/modules/nixos/features/immich.nix index de5443f..f06222d 100644 --- a/modules/nixos/features/immich.nix +++ b/modules/nixos/features/immich.nix @@ -1,6 +1,8 @@ let port = 2283; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "photos.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -10,6 +12,20 @@ in mediaLocation = "/srv/immich"; }; + gatus.settings.endpoints = [ + { + name = "Immich"; + group = "Media Streaming"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + borgmatic.settings.postgresql_databases = [ { name = "immich"; @@ -19,7 +35,7 @@ in } ]; - caddy.virtualHosts."immich.fi33.buzz".extraConfig = '' + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/jellyfin.nix b/modules/nixos/features/jellyfin.nix index 9fab896..c2c9df3 100644 --- a/modules/nixos/features/jellyfin.nix +++ b/modules/nixos/features/jellyfin.nix @@ -1,6 +1,8 @@ let port = 8096; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "media.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -10,7 +12,21 @@ in group = "srv"; }; - caddy.virtualHosts."jellyfin.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "Jellyfin"; + group = "Media Streaming"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/kavita.nix b/modules/nixos/features/kavita.nix index bbb2322..769a1da 100644 --- a/modules/nixos/features/kavita.nix +++ b/modules/nixos/features/kavita.nix @@ -5,6 +5,8 @@ let port = 5015; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "library.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -15,7 +17,21 @@ in tokenKeyFile = config.age.secrets.kavita.path; }; - caddy.virtualHosts."kavita.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "Kavita"; + group = "Media Streaming"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/libretranslate.nix b/modules/nixos/features/libretranslate.nix index 5372e1e..8cda40a 100644 --- a/modules/nixos/features/libretranslate.nix +++ b/modules/nixos/features/libretranslate.nix @@ -1,6 +1,8 @@ let port = 5023; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "translate.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -10,7 +12,21 @@ in updateModels = true; }; - caddy.virtualHosts."translate.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "LibreTranslate"; + group = "Public Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/lidarr.nix b/modules/nixos/features/lidarr.nix index 78aa609..2945dda 100644 --- a/modules/nixos/features/lidarr.nix +++ b/modules/nixos/features/lidarr.nix @@ -1,6 +1,8 @@ let port = 5012; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "music.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -13,7 +15,21 @@ in group = "srv"; }; - caddy.virtualHosts."lidarr.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "Lidarr"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/miniflux.nix b/modules/nixos/features/miniflux.nix index 82aeeb5..e58fad1 100644 --- a/modules/nixos/features/miniflux.nix +++ b/modules/nixos/features/miniflux.nix @@ -5,6 +5,8 @@ let port = 5010; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "feeds.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -12,11 +14,25 @@ in enable = true; adminCredentialsFile = config.age.secrets.miniflux-creds.path; config = { - BASE_URL = "https://miniflux.fi33.buzz"; + BASE_URL = url; LISTEN_ADDR = "localhost:${toString port}"; }; }; + gatus.settings.endpoints = [ + { + name = "Miniflux"; + group = "Media Streaming"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + borgmatic.settings.postgresql_databases = [ { name = "miniflux"; @@ -26,7 +42,7 @@ in } ]; - caddy.virtualHosts."miniflux.fi33.buzz".extraConfig = '' + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/ntfy-sh.nix b/modules/nixos/features/ntfy-sh.nix index b82a4f0..4ee0a1b 100644 --- a/modules/nixos/features/ntfy-sh.nix +++ b/modules/nixos/features/ntfy-sh.nix @@ -1,13 +1,15 @@ let port = 5002; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "notify.fi33.buzz"; + url = "https://${hostname}"; in { services = { ntfy-sh = { enable = true; settings = { - base-url = "https://ntfy-sh.fi33.buzz"; + base-url = url; listen-http = ":${toString port}"; behind-proxy = true; auth-default-access = "deny-all"; @@ -19,13 +21,27 @@ in }; }; + gatus.settings.endpoints = [ + { + name = "ntfy"; + group = "Private Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + borgmatic.settings = { source_directories = [ "/var/lib/ntfy-sh/user.db" ]; }; - caddy.virtualHosts."ntfy-sh.fi33.buzz".extraConfig = '' + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/nzbget.nix b/modules/nixos/features/nzbget.nix index ba469f2..fd0b01f 100644 --- a/modules/nixos/features/nzbget.nix +++ b/modules/nixos/features/nzbget.nix @@ -5,6 +5,8 @@ let port = 5018; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "usenet.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -17,7 +19,21 @@ in group = "srv"; }; - caddy.virtualHosts."nzbget.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "NZBget"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 401" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/paperless.nix b/modules/nixos/features/paperless.nix index 174eb40..0bf057c 100644 --- a/modules/nixos/features/paperless.nix +++ b/modules/nixos/features/paperless.nix @@ -5,6 +5,8 @@ let port = 5013; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "documents.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -15,10 +17,24 @@ in passwordFile = config.age.secrets.paperless.path; inherit port; settings = { - PAPERLESS_URL = "https://paperless.fi33.buzz"; + PAPERLESS_URL = url; }; }; + gatus.settings.endpoints = [ + { + name = "Paperless"; + group = "Media Streaming"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + borgmatic.settings = { postgresql_databases = [ { @@ -30,7 +46,7 @@ in ]; }; - caddy.virtualHosts."paperless.fi33.buzz".extraConfig = '' + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/prowlarr.nix b/modules/nixos/features/prowlarr.nix index a7f409f..5dcc180 100644 --- a/modules/nixos/features/prowlarr.nix +++ b/modules/nixos/features/prowlarr.nix @@ -1,6 +1,8 @@ let port = 5009; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "prowlarr.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -11,9 +13,23 @@ in }; }; + gatus.settings.endpoints = [ + { + name = "Prowlarr"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + borgmatic.settings.source_directories = [ "/var/lib/prowlarr" ]; - caddy.virtualHosts."prowlarr.fi33.buzz".extraConfig = '' + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/qbittorrent.nix b/modules/nixos/features/qbittorrent.nix index 577f0c9..bee470a 100644 --- a/modules/nixos/features/qbittorrent.nix +++ b/modules/nixos/features/qbittorrent.nix @@ -1,6 +1,8 @@ let port = 5005; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "bittorrent.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -14,7 +16,21 @@ in ]; }; - caddy.virtualHosts."qbittorrent.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "qBittorrent"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/radarr.nix b/modules/nixos/features/radarr.nix index 30063eb..1d7301a 100644 --- a/modules/nixos/features/radarr.nix +++ b/modules/nixos/features/radarr.nix @@ -1,6 +1,8 @@ let port = 5007; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "movies.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -13,7 +15,21 @@ in group = "srv"; }; - caddy.virtualHosts."radarr.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "Radarr"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/radicale.nix b/modules/nixos/features/radicale.nix index 73155e6..787c809 100644 --- a/modules/nixos/features/radicale.nix +++ b/modules/nixos/features/radicale.nix @@ -5,6 +5,8 @@ let port = 5003; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "caldav.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -28,7 +30,21 @@ in }; }; - caddy.virtualHosts."radicale.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "Radicale"; + group = "Private Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/readarr.nix b/modules/nixos/features/readarr.nix index 42a884b..1ec6fa2 100644 --- a/modules/nixos/features/readarr.nix +++ b/modules/nixos/features/readarr.nix @@ -1,6 +1,8 @@ let port = 5016; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "books.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -13,7 +15,21 @@ in group = "srv"; }; - caddy.virtualHosts."readarr.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "Readarr"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/send.nix b/modules/nixos/features/send.nix index defb025..f7b3d50 100644 --- a/modules/nixos/features/send.nix +++ b/modules/nixos/features/send.nix @@ -1,13 +1,15 @@ let port = 5020; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "send.fi33.buzz"; + url = "https://${hostname}"; in { services = { send = { enable = true; inherit port; - baseUrl = "https://send.fi33.buzz"; + baseUrl = url; environment = { DEFAULT_EXPIRE_SECONDS = 360; EXPIRE_TIMES_SECONDS = "360"; @@ -18,7 +20,21 @@ in }; }; - caddy.virtualHosts."send.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "Send"; + group = "Public Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/sonarr.nix b/modules/nixos/features/sonarr.nix index 691b4b8..8c2b746 100644 --- a/modules/nixos/features/sonarr.nix +++ b/modules/nixos/features/sonarr.nix @@ -1,6 +1,8 @@ let port = 5006; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "shows.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -13,7 +15,21 @@ in group = "srv"; }; - caddy.virtualHosts."sonarr.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "Sonarr"; + group = "Media Management"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/syncthing.nix b/modules/nixos/features/syncthing.nix index adabfa1..af882c0 100644 --- a/modules/nixos/features/syncthing.nix +++ b/modules/nixos/features/syncthing.nix @@ -41,6 +41,8 @@ let ) (builtins.filter (deviceSet: deviceSet.device != hostName) devicesList) ); certloc = "/var/lib/acme/fi33.buzz"; + hostname = "sync.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -56,6 +58,20 @@ in }; }; + gatus.settings.endpoints = [ + { + name = "Syncthing"; + group = "Private Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + borgmatic.settings = if userName == "srv" then { @@ -67,7 +83,7 @@ in else null; - caddy.virtualHosts."syncthing.fi33.buzz".extraConfig = '' + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy http://localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/nixos/features/vaultwarden.nix b/modules/nixos/features/vaultwarden.nix index be8cb7a..d080ada 100644 --- a/modules/nixos/features/vaultwarden.nix +++ b/modules/nixos/features/vaultwarden.nix @@ -5,6 +5,8 @@ let port = 5001; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "vault.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -13,7 +15,7 @@ in backupDir = "/srv/vaultwarden"; config = { rocketPort = toString port; - domain = "https://vaultwarden.fi33.buzz"; + domain = url; signupsAllowed = false; invitationsAllowed = false; showPasswordHint = false; @@ -23,7 +25,21 @@ in }; }; - caddy.virtualHosts."vaultwarden.fi33.buzz".extraConfig = '' + gatus.settings.endpoints = [ + { + name = "Vaultwarden"; + group = "Private Services"; + inherit url; + interval = "5m"; + conditions = [ + "[STATUS] == 200" + "[CONNECTED] == true" + "[RESPONSE_TIME] < 500" + ]; + } + ]; + + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3 diff --git a/modules/templates/web-feature.nix b/modules/templates/web-feature.nix index 8fa5ed6..5a2ddbf 100644 --- a/modules/templates/web-feature.nix +++ b/modules/templates/web-feature.nix @@ -1,6 +1,8 @@ let port = 0000; certloc = "/var/lib/acme/fi33.buzz"; + hostname = "feature.fi33.buzz"; + url = "https://${hostname}"; in { services = { @@ -20,7 +22,7 @@ in # ]; # }; - caddy.virtualHosts."feature.fi33.buzz".extraConfig = '' + caddy.virtualHosts.${hostname}.extraConfig = '' reverse_proxy localhost:${toString port} tls ${certloc}/cert.pem ${certloc}/key.pem { protocols tls1.3