will-holdsworth/dots
1
1
Fork 0
Code Issues 22 Pull requests Projects 1 Releases Packages Wiki Activity Actions 1

Merge pull request #122 from wi11-holdsworth/95

Browse source 
Host gatus
This commit is contained in:
Will 2026-03-04 21:27:32 +11:00 committed by GitHub
commit c30348d810
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
26 changed files with 482 additions and 78 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/nixos/bundles/server.nix
View file

@ -10,6 +10,7 @@
"copyparty" "copyparty"
"couchdb" "couchdb"
"cryptpad" "cryptpad"
"gatus"
"homepage-dashboard" "homepage-dashboard"
"immich" "immich"
"jellyfin" "jellyfin"

18
modules/nixos/features/bazarr.nix
View file

@ -1,6 +1,8 @@
let let
port = 5017; port = 5017;
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "subtitles.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -11,7 +13,21 @@ in
listenPort = port; listenPort = port;
}; };
caddy.virtualHosts."bazarr.fi33.buzz".extraConfig = '' gatus.settings.endpoints = [
{
name = "Bazarr";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port} reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3

18
modules/nixos/features/copyparty.nix
View file

@ -8,6 +8,8 @@
let let
port = 5000; port = 5000;
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "files.fi33.buzz";
url = "https://${hostname}";
in in
{ {
imports = [ inputs.copyparty.nixosModules.default ]; imports = [ inputs.copyparty.nixosModules.default ];
@ -35,7 +37,21 @@ in
}; };
}; };
caddy.virtualHosts."copyparty.fi33.buzz".extraConfig = '' gatus.settings.endpoints = [
{
name = "copyparty";
group = "Private Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port} reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3

20
modules/nixos/features/couchdb.nix
View file

@ -1,6 +1,8 @@
let let
port = 5984; port = 5984;
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "couchdb.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -29,13 +31,27 @@ in
cors = { cors = {
credentials = true; credentials = true;
origins = '' origins = ''
app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://couchdb.fi33.buzz,http://couchdb.fi33.buzz,https://couchdb.fi33.buzz app://obsidian.md,capacitor://localhost,http://localhost,https://localhost,capacitor://${hostname},http://${hostname},${url}
''; '';
}; };
}; };
}; };
caddy.virtualHosts."couchdb.fi33.buzz".extraConfig = '' gatus.settings.endpoints = [
{
name = "CouchDB";
group = "Private Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 401"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port} reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3

22
modules/nixos/features/cryptpad.nix
View file

@ -2,6 +2,8 @@ let
httpPort = 5022; httpPort = 5022;
websocketPort = 5024; websocketPort = 5024;
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "cryptpad.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -10,7 +12,7 @@ in
settings = { settings = {
inherit httpPort; inherit httpPort;
inherit websocketPort; inherit websocketPort;
httpUnsafeOrigin = "https://cryptpad.fi33.buzz"; httpUnsafeOrigin = url;
httpSafeOrigin = "https://cryptpad-ui.fi33.buzz"; httpSafeOrigin = "https://cryptpad-ui.fi33.buzz";
inactiveTime = 7; inactiveTime = 7;
archiveRetentionTime = 7; archiveRetentionTime = 7;
@ -18,7 +20,21 @@ in
}; };
}; };
caddy.virtualHosts."cryptpad.fi33.buzz, cryptpad-ui.fi33.buzz".extraConfig = '' gatus.settings.endpoints = [
{
name = "CryptPad";
group = "Public Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
caddy.virtualHosts."${hostname} cryptpad-ui.fi33.buzz".extraConfig = ''
header Strict-Transport-Security "includeSubDomains; preload" header Strict-Transport-Security "includeSubDomains; preload"
handle /cryptpad_websocket* { handle /cryptpad_websocket* {
@ -36,7 +52,7 @@ in
} }
@register { @register {
host cryptpad.fi33.buzz host ${hostname}
path /register* path /register*
} }
respond @register 403 respond @register 403

21
modules/nixos/features/gatus.nix Normal file
View file

@ -0,0 +1,21 @@
let
port = 5025;
certloc = "/var/lib/acme/fi33.buzz";
hostname = "status.fi33.buzz";
url = "https://${hostname}";
in
{
services = {
gatus = {
enable = true;
settings.web.port = port;
};
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3
}
'';
};
}

122
modules/nixos/features/homepage-dashboard.nix
View file

@ -38,13 +38,15 @@ let
# keep-sorted end # keep-sorted end
]; ];
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "home.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
homepage-dashboard = { homepage-dashboard = {
enable = true; enable = true;
listenPort = port; listenPort = port;
allowedHosts = "homepage-dashboard.fi33.buzz"; allowedHosts = hostname;
services = [ services = [
{ {
"Public Services" = [ "Public Services" = [
@ -80,11 +82,11 @@ in
Radarr = { Radarr = {
description = "Movie organizer/manager"; description = "Movie organizer/manager";
icon = "radarr.svg"; icon = "radarr.svg";
href = "https://radarr.fi33.buzz/"; href = "https://movies.fi33.buzz/";
siteMonitor = "https://radarr.fi33.buzz/"; siteMonitor = "https://movies.fi33.buzz/";
widget = { widget = {
type = "radarr"; type = "radarr";
url = "https://radarr.fi33.buzz/"; url = "https://movies.fi33.buzz/";
key = "@radarr@"; key = "@radarr@";
enableQueue = true; enableQueue = true;
}; };
@ -94,11 +96,11 @@ in
Sonarr = { Sonarr = {
description = "Smart PVR"; description = "Smart PVR";
icon = "sonarr.svg"; icon = "sonarr.svg";
href = "https://sonarr.fi33.buzz/"; href = "https://shows.fi33.buzz/";
siteMonitor = "https://sonarr.fi33.buzz/"; siteMonitor = "https://shows.fi33.buzz/";
widget = { widget = {
type = "sonarr"; type = "sonarr";
url = "https://sonarr.fi33.buzz/"; url = "https://shows.fi33.buzz/";
key = "@sonarr@"; key = "@sonarr@";
enableQueue = true; enableQueue = true;
}; };
@ -108,11 +110,11 @@ in
Lidarr = { Lidarr = {
description = "Like Sonarr but made for music"; description = "Like Sonarr but made for music";
icon = "lidarr.svg"; icon = "lidarr.svg";
href = "https://lidarr.fi33.buzz/"; href = "https://music.fi33.buzz/";
siteMonitor = "https://lidarr.fi33.buzz/"; siteMonitor = "https://music.fi33.buzz/";
widget = { widget = {
type = "lidarr"; type = "lidarr";
url = "https://lidarr.fi33.buzz/"; url = "https://music.fi33.buzz/";
key = "@lidarr@"; key = "@lidarr@";
enableQueue = true; enableQueue = true;
}; };
@ -122,11 +124,11 @@ in
Readarr = { Readarr = {
description = "Book Manager and Automation"; description = "Book Manager and Automation";
icon = "readarr.svg"; icon = "readarr.svg";
href = "https://readarr.fi33.buzz/"; href = "https://books.fi33.buzz/";
siteMonitor = "https://readarr.fi33.buzz/"; siteMonitor = "https://books.fi33.buzz/";
widget = { widget = {
type = "readarr"; type = "readarr";
url = "https://readarr.fi33.buzz/"; url = "https://books.fi33.buzz/";
key = "@readarr@"; key = "@readarr@";
enableQueue = true; enableQueue = true;
}; };
@ -136,11 +138,11 @@ in
Bazarr = { Bazarr = {
description = "Subtitle manager and downloader"; description = "Subtitle manager and downloader";
icon = "bazarr.svg"; icon = "bazarr.svg";
href = "https://bazarr.fi33.buzz/"; href = "https://subtitles.fi33.buzz/";
siteMonitor = "https://bazarr.fi33.buzz/"; siteMonitor = "https://subtitles.fi33.buzz/";
widget = { widget = {
type = "bazarr"; type = "bazarr";
url = "https://bazarr.fi33.buzz/"; url = "https://subtitles.fi33.buzz/";
key = "@subtitles@"; key = "@subtitles@";
}; };
}; };
@ -162,11 +164,11 @@ in
NZBget = { NZBget = {
description = "Usenet Downloader"; description = "Usenet Downloader";
icon = "nzbget.svg"; icon = "nzbget.svg";
href = "https://nzbget.fi33.buzz/"; href = "https://usenet.fi33.buzz/";
siteMonitor = "https://nzbget.fi33.buzz/"; siteMonitor = "https://usenet.fi33.buzz/";
widget = { widget = {
type = "nzbget"; type = "nzbget";
url = "https://nzbget.fi33.buzz/"; url = "https://usenet.fi33.buzz/";
username = "nzbget"; username = "nzbget";
password = "@nzbget@"; password = "@nzbget@";
}; };
@ -176,8 +178,8 @@ in
qBittorrent = { qBittorrent = {
description = "BitTorrent client"; description = "BitTorrent client";
icon = "qbittorrent.svg"; icon = "qbittorrent.svg";
href = "https://qbittorrent.fi33.buzz/"; href = "https://bittorrent.fi33.buzz/";
siteMonitor = "https://qbittorrent.fi33.buzz/"; siteMonitor = "https://bittorrent.fi33.buzz/";
}; };
} }
]; ];
@ -188,8 +190,8 @@ in
copyparty = { copyparty = {
description = "Portable file server"; description = "Portable file server";
icon = "sh-copyparty.svg"; icon = "sh-copyparty.svg";
href = "https://copyparty.fi33.buzz/"; href = "https://files.fi33.buzz/";
siteMonitor = "https://copyparty.fi33.buzz/"; siteMonitor = "https://files.fi33.buzz/";
}; };
} }
{ {
@ -204,32 +206,32 @@ in
ntfy = { ntfy = {
description = "Send push notifications using PUT/POST"; description = "Send push notifications using PUT/POST";
icon = "ntfy.svg"; icon = "ntfy.svg";
href = "https://ntfy-sh.fi33.buzz/"; href = "https://notify.fi33.buzz/";
siteMonitor = "https://ntfy-sh.fi33.buzz/"; siteMonitor = "https://notify.fi33.buzz/";
}; };
} }
{ {
Radicale = { Radicale = {
description = "A simple CalDAV (calendar) and CardDAV (contact) server"; description = "A simple CalDAV (calendar) and CardDAV (contact) server";
icon = "radicale.svg"; icon = "radicale.svg";
href = "https://radicale.fi33.buzz"; href = "https://caldav.fi33.buzz";
siteMonitor = "https://radicale.fi33.buzz"; siteMonitor = "https://caldav.fi33.buzz";
}; };
} }
{ {
Syncthing = { Syncthing = {
description = "Open Source Continuous File Synchronization"; description = "Open Source Continuous File Synchronization";
icon = "syncthing.svg"; icon = "syncthing.svg";
href = "https://syncthing.fi33.buzz/"; href = "https://sync.fi33.buzz/";
siteMonitor = "https://syncthing.fi33.buzz/"; siteMonitor = "https://sync.fi33.buzz/";
}; };
} }
{ {
Vaultwarden = { Vaultwarden = {
description = "Unofficial Bitwarden compatible server"; description = "Unofficial Bitwarden compatible server";
icon = "vaultwarden.svg"; icon = "vaultwarden.svg";
href = "https://vaultwarden.fi33.buzz/"; href = "https://vault.fi33.buzz/";
siteMonitor = "https://vaultwarden.fi33.buzz/"; siteMonitor = "https://vault.fi33.buzz/";
}; };
} }
]; ];
@ -240,8 +242,8 @@ in
Immich = { Immich = {
description = "Photo and video management solution"; description = "Photo and video management solution";
icon = "immich.svg"; icon = "immich.svg";
href = "https://immich.fi33.buzz/"; href = "https://photos.fi33.buzz/";
siteMonitor = "https://immich.fi33.buzz/"; siteMonitor = "https://photos.fi33.buzz/";
widget = { widget = {
type = "immich"; type = "immich";
fields = [ fields = [
@ -250,7 +252,7 @@ in
"videos" "videos"
"storage" "storage"
]; ];
url = "https://immich.fi33.buzz/"; url = "https://photos.fi33.buzz/";
version = 2; version = 2;
key = "@immich@"; key = "@immich@";
}; };
@ -260,11 +262,11 @@ in
Jellyfin = { Jellyfin = {
description = "Media System"; description = "Media System";
icon = "jellyfin.svg"; icon = "jellyfin.svg";
href = "https://jellyfin.fi33.buzz/"; href = "https://media.fi33.buzz/";
siteMonitor = "https://jellyfin.fi33.buzz/"; siteMonitor = "https://media.fi33.buzz/";
widget = { widget = {
type = "jellyfin"; type = "jellyfin";
url = "https://jellyfin.fi33.buzz/"; url = "https://media.fi33.buzz/";
key = "@jellyfin@"; key = "@jellyfin@";
enableBlocks = true; enableBlocks = true;
enableNowPlaying = true; enableNowPlaying = true;
@ -278,11 +280,11 @@ in
Kavita = { Kavita = {
description = "Reading server"; description = "Reading server";
icon = "kavita.svg"; icon = "kavita.svg";
href = "https://kavita.fi33.buzz/"; href = "https://library.fi33.buzz/";
siteMonitor = "https://kavita.fi33.buzz/"; siteMonitor = "https://library.fi33.buzz/";
widget = { widget = {
type = "kavita"; type = "kavita";
url = "https://kavita.fi33.buzz/"; url = "https://library.fi33.buzz/";
key = "@kavita-api@"; key = "@kavita-api@";
}; };
}; };
@ -291,11 +293,11 @@ in
Miniflux = { Miniflux = {
description = "Feed reader"; description = "Feed reader";
icon = "miniflux.svg"; icon = "miniflux.svg";
href = "https://miniflux.fi33.buzz/"; href = "https://feeds.fi33.buzz/";
siteMonitor = "https://miniflux.fi33.buzz/"; siteMonitor = "https://feeds.fi33.buzz/";
widget = { widget = {
type = "miniflux"; type = "miniflux";
url = "https://miniflux.fi33.buzz/"; url = "https://feeds.fi33.buzz/";
key = "@miniflux@"; key = "@miniflux@";
}; };
}; };
@ -304,11 +306,11 @@ in
Paperless = { Paperless = {
description = "Document management system"; description = "Document management system";
icon = "paperless.svg"; icon = "paperless.svg";
href = "https://paperless.fi33.buzz/"; href = "https://documents.fi33.buzz/";
siteMonitor = "https://paperless.fi33.buzz/"; siteMonitor = "https://documents.fi33.buzz/";
widget = { widget = {
type = "paperlessngx"; type = "paperlessngx";
url = "https://paperless.fi33.buzz/"; url = "https://documents.fi33.buzz/";
username = "admin"; username = "admin";
password = "@paperless@"; password = "@paperless@";
}; };
@ -318,6 +320,18 @@ in
} }
{ {
Utilities = [ Utilities = [
{
Gatus = {
description = "Status page";
icon = "gatus.svg";
href = "https://status.fi33.buzz/";
siteMonitor = "https://status.fi33.buzz/";
widget = {
type = "gatus";
url = "https://status.fi33.buzz/";
};
};
}
{ {
NanoKVM = { NanoKVM = {
description = "Remote KVM switch"; description = "Remote KVM switch";
@ -407,7 +421,21 @@ in
]; ];
}; };
caddy.virtualHosts."homepage-dashboard.fi33.buzz".extraConfig = '' gatus.settings.endpoints = [
{
name = "Homepage Dashboard";
group = "Utilities";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port} reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3

18
modules/nixos/features/immich.nix
View file

@ -1,6 +1,8 @@
let let
port = 2283; port = 2283;
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "photos.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -10,6 +12,20 @@ in
mediaLocation = "/srv/immich"; mediaLocation = "/srv/immich";
}; };
gatus.settings.endpoints = [
{
name = "Immich";
group = "Media Streaming";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
borgmatic.settings.postgresql_databases = [ borgmatic.settings.postgresql_databases = [
{ {
name = "immich"; name = "immich";
@ -19,7 +35,7 @@ in
} }
]; ];
caddy.virtualHosts."immich.fi33.buzz".extraConfig = '' caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port} reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3

18
modules/nixos/features/jellyfin.nix
View file

@ -1,6 +1,8 @@
let let
port = 8096; port = 8096;
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "media.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -10,7 +12,21 @@ in
group = "srv"; group = "srv";
}; };
caddy.virtualHosts."jellyfin.fi33.buzz".extraConfig = '' gatus.settings.endpoints = [
{
name = "Jellyfin";
group = "Media Streaming";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port} reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3

18
modules/nixos/features/kavita.nix
View file

@ -5,6 +5,8 @@
let let
port = 5015; port = 5015;
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "library.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -15,7 +17,21 @@ in
tokenKeyFile = config.age.secrets.kavita.path; tokenKeyFile = config.age.secrets.kavita.path;
}; };
caddy.virtualHosts."kavita.fi33.buzz".extraConfig = '' gatus.settings.endpoints = [
{
name = "Kavita";
group = "Media Streaming";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port} reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3

18
modules/nixos/features/libretranslate.nix
View file

@ -1,6 +1,8 @@
let let
port = 5023; port = 5023;
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "translate.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -10,7 +12,21 @@ in
updateModels = true; updateModels = true;
}; };
caddy.virtualHosts."translate.fi33.buzz".extraConfig = '' gatus.settings.endpoints = [
{
name = "LibreTranslate";
group = "Public Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port} reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3

18
modules/nixos/features/lidarr.nix
View file

@ -1,6 +1,8 @@
let let
port = 5012; port = 5012;
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "music.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -13,7 +15,21 @@ in
group = "srv"; group = "srv";
}; };
caddy.virtualHosts."lidarr.fi33.buzz".extraConfig = '' gatus.settings.endpoints = [
{
name = "Lidarr";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port} reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3

20
modules/nixos/features/miniflux.nix
View file

@ -5,6 +5,8 @@
let let
port = 5010; port = 5010;
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "feeds.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -12,11 +14,25 @@ in
enable = true; enable = true;
adminCredentialsFile = config.age.secrets.miniflux-creds.path; adminCredentialsFile = config.age.secrets.miniflux-creds.path;
config = { config = {
BASE_URL = "https://miniflux.fi33.buzz"; BASE_URL = url;
LISTEN_ADDR = "localhost:${toString port}"; LISTEN_ADDR = "localhost:${toString port}";
}; };
}; };
gatus.settings.endpoints = [
{
name = "Miniflux";
group = "Media Streaming";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
borgmatic.settings.postgresql_databases = [ borgmatic.settings.postgresql_databases = [
{ {
name = "miniflux"; name = "miniflux";
@ -26,7 +42,7 @@ in
} }
]; ];
caddy.virtualHosts."miniflux.fi33.buzz".extraConfig = '' caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port} reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3

20
modules/nixos/features/ntfy-sh.nix
View file

@ -1,13 +1,15 @@
let let
port = 5002; port = 5002;
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "notify.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
ntfy-sh = { ntfy-sh = {
enable = true; enable = true;
settings = { settings = {
base-url = "https://ntfy-sh.fi33.buzz"; base-url = url;
listen-http = ":${toString port}"; listen-http = ":${toString port}";
behind-proxy = true; behind-proxy = true;
auth-default-access = "deny-all"; auth-default-access = "deny-all";
@ -19,13 +21,27 @@ in
}; };
}; };
gatus.settings.endpoints = [
{
name = "ntfy";
group = "Private Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
borgmatic.settings = { borgmatic.settings = {
source_directories = [ source_directories = [
"/var/lib/ntfy-sh/user.db" "/var/lib/ntfy-sh/user.db"
]; ];
}; };
caddy.virtualHosts."ntfy-sh.fi33.buzz".extraConfig = '' caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port} reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3

18
modules/nixos/features/nzbget.nix
View file

@ -5,6 +5,8 @@
let let
port = 5018; port = 5018;
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "usenet.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -17,7 +19,21 @@ in
group = "srv"; group = "srv";
}; };
caddy.virtualHosts."nzbget.fi33.buzz".extraConfig = '' gatus.settings.endpoints = [
{
name = "NZBget";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 401"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port} reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3

20
modules/nixos/features/paperless.nix
View file

@ -5,6 +5,8 @@
let let
port = 5013; port = 5013;
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "documents.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -15,10 +17,24 @@ in
passwordFile = config.age.secrets.paperless.path; passwordFile = config.age.secrets.paperless.path;
inherit port; inherit port;
settings = { settings = {
PAPERLESS_URL = "https://paperless.fi33.buzz"; PAPERLESS_URL = url;
}; };
}; };
gatus.settings.endpoints = [
{
name = "Paperless";
group = "Media Streaming";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
borgmatic.settings = { borgmatic.settings = {
postgresql_databases = [ postgresql_databases = [
{ {
@ -30,7 +46,7 @@ in
]; ];
}; };
caddy.virtualHosts."paperless.fi33.buzz".extraConfig = '' caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port} reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3

18
modules/nixos/features/prowlarr.nix
View file

@ -1,6 +1,8 @@
let let
port = 5009; port = 5009;
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "prowlarr.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -11,9 +13,23 @@ in
}; };
}; };
gatus.settings.endpoints = [
{
name = "Prowlarr";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
borgmatic.settings.source_directories = [ "/var/lib/prowlarr" ]; borgmatic.settings.source_directories = [ "/var/lib/prowlarr" ];
caddy.virtualHosts."prowlarr.fi33.buzz".extraConfig = '' caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port} reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3

18
modules/nixos/features/qbittorrent.nix
View file

@ -1,6 +1,8 @@
let let
port = 5005; port = 5005;
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "bittorrent.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -14,7 +16,21 @@ in
]; ];
}; };
caddy.virtualHosts."qbittorrent.fi33.buzz".extraConfig = '' gatus.settings.endpoints = [
{
name = "qBittorrent";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port} reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3

18
modules/nixos/features/radarr.nix
View file

@ -1,6 +1,8 @@
let let
port = 5007; port = 5007;
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "movies.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -13,7 +15,21 @@ in
group = "srv"; group = "srv";
}; };
caddy.virtualHosts."radarr.fi33.buzz".extraConfig = '' gatus.settings.endpoints = [
{
name = "Radarr";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port} reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3

18
modules/nixos/features/radicale.nix
View file

@ -5,6 +5,8 @@
let let
port = 5003; port = 5003;
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "caldav.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -28,7 +30,21 @@ in
}; };
}; };
caddy.virtualHosts."radicale.fi33.buzz".extraConfig = '' gatus.settings.endpoints = [
{
name = "Radicale";
group = "Private Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port} reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3

18
modules/nixos/features/readarr.nix
View file

@ -1,6 +1,8 @@
let let
port = 5016; port = 5016;
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "books.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -13,7 +15,21 @@ in
group = "srv"; group = "srv";
}; };
caddy.virtualHosts."readarr.fi33.buzz".extraConfig = '' gatus.settings.endpoints = [
{
name = "Readarr";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port} reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3

20
modules/nixos/features/send.nix
View file

@ -1,13 +1,15 @@
let let
port = 5020; port = 5020;
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "send.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
send = { send = {
enable = true; enable = true;
inherit port; inherit port;
baseUrl = "https://send.fi33.buzz"; baseUrl = url;
environment = { environment = {
DEFAULT_EXPIRE_SECONDS = 360; DEFAULT_EXPIRE_SECONDS = 360;
EXPIRE_TIMES_SECONDS = "360"; EXPIRE_TIMES_SECONDS = "360";
@ -18,7 +20,21 @@ in
}; };
}; };
caddy.virtualHosts."send.fi33.buzz".extraConfig = '' gatus.settings.endpoints = [
{
name = "Send";
group = "Public Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port} reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3

18
modules/nixos/features/sonarr.nix
View file

@ -1,6 +1,8 @@
let let
port = 5006; port = 5006;
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "shows.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -13,7 +15,21 @@ in
group = "srv"; group = "srv";
}; };
caddy.virtualHosts."sonarr.fi33.buzz".extraConfig = '' gatus.settings.endpoints = [
{
name = "Sonarr";
group = "Media Management";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port} reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3

18
modules/nixos/features/syncthing.nix
View file

@ -41,6 +41,8 @@ let
) (builtins.filter (deviceSet: deviceSet.device != hostName) devicesList) ) (builtins.filter (deviceSet: deviceSet.device != hostName) devicesList)
); );
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "sync.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -56,6 +58,20 @@ in
}; };
}; };
gatus.settings.endpoints = [
{
name = "Syncthing";
group = "Private Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
borgmatic.settings = borgmatic.settings =
if userName == "srv" then if userName == "srv" then
{ {
@ -67,7 +83,7 @@ in
else else
null; null;
caddy.virtualHosts."syncthing.fi33.buzz".extraConfig = '' caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy http://localhost:${toString port} reverse_proxy http://localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3

20
modules/nixos/features/vaultwarden.nix
View file

@ -5,6 +5,8 @@
let let
port = 5001; port = 5001;
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "vault.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -13,7 +15,7 @@ in
backupDir = "/srv/vaultwarden"; backupDir = "/srv/vaultwarden";
config = { config = {
rocketPort = toString port; rocketPort = toString port;
domain = "https://vaultwarden.fi33.buzz"; domain = url;
signupsAllowed = false; signupsAllowed = false;
invitationsAllowed = false; invitationsAllowed = false;
showPasswordHint = false; showPasswordHint = false;
@ -23,7 +25,21 @@ in
}; };
}; };
caddy.virtualHosts."vaultwarden.fi33.buzz".extraConfig = '' gatus.settings.endpoints = [
{
name = "Vaultwarden";
group = "Private Services";
inherit url;
interval = "5m";
conditions = [
"[STATUS] == 200"
"[CONNECTED] == true"
"[RESPONSE_TIME] < 500"
];
}
];
caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port} reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3

4
modules/templates/web-feature.nix
View file

@ -1,6 +1,8 @@
let let
port = 0000; port = 0000;
certloc = "/var/lib/acme/fi33.buzz"; certloc = "/var/lib/acme/fi33.buzz";
hostname = "feature.fi33.buzz";
url = "https://${hostname}";
in in
{ {
services = { services = {
@ -20,7 +22,7 @@ in
# ]; # ];
# }; # };
caddy.virtualHosts."feature.fi33.buzz".extraConfig = '' caddy.virtualHosts.${hostname}.extraConfig = ''
reverse_proxy localhost:${toString port} reverse_proxy localhost:${toString port}
tls ${certloc}/cert.pem ${certloc}/key.pem { tls ${certloc}/cert.pem ${certloc}/key.pem {
protocols tls1.3 protocols tls1.3