feat: Added excalidraw selfhosted

nixos/mirai/configuration.nix

@@ -1,6 +1,7 @@
 {
   config,
   pkgs,
+  device,
   ...
 }: {
   imports = [
@@ -9,6 +10,18 @@
     ./mirai.nix
     # ./docker.nix
   ];
+
+  virtualisation.docker.enable = true;
+  # virtualisation.podman = {
+  #   enable = true;
+  #   dockerSocket.enable = true;
+  #   defaultNetwork.dnsname.enable = true;
+  # };
+  users.extraUsers.${device.user}.extraGroups = ["docker"];
+  environment.systemPackages = with pkgs; [
+    arion
+  ];
+
   security.sudo.wheelNeedsPassword = false;
   sops = {
     defaultSopsFile = ../../secrets/secrets.yaml;

nixos/mirai/services/default.nix

@@ -3,21 +3,21 @@
     ./atuin.nix
     ./authelia.nix
     ./caddy.nix
+    ./excalidraw.nix
     ./fail2ban.nix
+    ./flaresolverr.nix
     ./gitea.nix
     ./homepage.nix
+    ./immich.nix
     ./llama.nix
+    ./lldap.nix
     ./minecraft.nix
     ./nextcloud.nix
-    ./tailscale.nix
     ./prowlarr.nix
-    ./flaresolverr.nix
-    ./searxng.nix
-    ./immich.nix
-    ./lldap.nix
     ./resolved.nix
+    ./searxng.nix
+    ./tailscale.nix
 
-    # ./home-assistant.nix
     # ./jellyfin.nix
     # ./ldap.nix
     # ./llama.nix

nixos/mirai/services/excalidraw.nix

@@ -0,0 +1,46 @@
+{...}: {
+  # virtualisation.arion = {
+  #   projects = {
+  #     excalidraw = {
+  #       excalidraw = {
+  #         service.image = "ghcr.io/excalidraw/excalidraw:latest";
+  #         service.volumes = [
+  #           "/etc/localtime:/etc/localtime:ro"
+  #           "/run/dbus:/run/dbus:ro"
+  #         ];
+  #       };
+  #     };
+  #   };
+  # };
+  virtualisation.oci-containers = {
+    backend = "docker";
+    containers = {
+      excalidraw = {
+        image = "excalidraw/excalidraw:latest";
+        ports = ["127.0.0.1:5959:80"];
+        volumes = [];
+      };
+    };
+  };
+  services.caddy.virtualHosts."draw.darksailor.dev".extraConfig = ''
+    forward_auth localhost:5555 {
+        uri /api/authz/forward-auth
+        copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
+    }
+    reverse_proxy localhost:5959
+  '';
+  services.authelia = {
+    instances.darksailor = {
+      settings = {
+        access_control = {
+          rules = [
+            {
+              domain = "draw.darksailor.dev";
+              policy = "one_factor";
+            }
+          ];
+        };
+      };
+    };
+  };
+}

nixos/mirai/services/home-assistant.nix

@@ -1,86 +0,0 @@
-{pkgs, ...}: {
-  services = {
-    home-assistant = {
-      enable = true;
-      extraComponents = [
-        "esphome"
-        "met"
-        "radio_browser"
-        "wiz"
-        "homekit"
-        "homekit_controller"
-      ];
-      customComponents = [
-        pkgs.home-assistant-custom-components.auth-header
-      ];
-      config = {
-        default_config = {};
-        homeassistant = {
-          external_url = "https://home.darksailor.dev";
-          name = "Home Assistant";
-          time_zone = "Asia/Kolkata";
-        };
-        http = {
-          server_host = "::1";
-          trusted_proxies = ["::1"];
-          use_x_forwarded_for = true;
-        };
-        auth_header = {
-          username_header = "Remote-User";
-        };
-      };
-    };
-    caddy = {
-      virtualHosts."home.darksailor.dev".extraConfig = ''
-        forward_auth localhost:5555 {
-            uri /api/authz/forward-auth
-            copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
-        }
-        reverse_proxy localhost:8123
-      '';
-    };
-  };
-  networking.firewall.allowedTCPPorts = [
-    8888
-    5555
-    5432
-    5000
-    7070
-    6600
-    2019
-    22
-    21064
-    48829
-    11434
-    3000
-    8123
-    5432
-    443
-    22
-    80
-    55447
-    25565
-    21064
-    40000
-  ];
-  networking.firewall.allowedUDPPorts = [
-    5353
-    41641
-    68
-    5353
-    5353
-    41641
-    47663
-    53040
-    443
-    1900
-    1900
-    5555
-  ];
-  networking.firewall.allowedTCPPortRanges = [
-    {
-      from = 21063;
-      to = 21070;
-    }
-  ];
-}