servius/dotfiles
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

Compare commits

base: servius:4041cc4c6eb68d994743009378411fe6c355d39f
Branches Tags
servius:master
...
compare: servius:0f6ee21a356829244ffe9e84a0daf7cf62ce9d4c
Branches Tags
servius:master

40 Commits
4041cc4c6e ... 0f6ee21a35

Author SHA1 Message Date
uttarayan21
0f6ee21a35 fix: update deploy-rs usage and nix version for mirai and related systems
Some checks failed
Flake checker / Build Nix targets (push) Has been cancelled
Details
2025-11-28 16:30:48 +05:30
uttarayan21
1e3e314411 feat(nixos): enable ssh service with security enhancements 
The commit enables the SSH service on the ryu NixOS configuration with enhanced security settings including disabling password authentication and prohibiting root login. It also adds several font packages to the home configuration.

Changes:
- Enabled SSH service in ryu configuration with security settings
- Added font packages to home programs
- Moved SSH service definition to its own module file
- Removed SSH enablement from main configuration
- Updated service imports to include openssh module
 2025-11-28 15:18:23 +05:30
uttarayan21
96c927c0db feat(nixos): rename configuration from tako to mirai and update service imports 
This commit renames the NixOS configuration from "tako" to "mirai" across all relevant files, updates secret paths, hostnames, and service imports accordingly. The changes reflect a complete renaming of the system configuration while maintaining all functionality.
 2025-11-28 00:55:19 +05:30
uttarayan21
e53c1d2f25 fix(caddy): switch dns provider from hetzner to cloudflare across all services 2025-11-27 22:17:31 +05:30
uttarayan21
9542689024 feat(tako): enable autoLaunch and disable password login for immich 
chore(tako): uncomment excalidraw, flaresolverr, and prowlarr service imports
 2025-11-27 20:53:52 +05:30
uttarayan21
a9616c8564 feat(neovim): enable on tako device 
feat(authelia): configure port and reverse proxy
feat(lldap): force password reset and update settings
fix(nixos): remove root from trusted users on ryu and tako
fix(immich): disable auto launch and enable password login
refactor(tako): enable authelia, immich, and lldap services
chore(secrets): update lldap seed and metadata timestamps
 2025-11-27 20:51:34 +05:30
uttarayan21
f9970ce3af fix: use device.user for trusted users and primary user across configurations 
The changes update the configuration to use a `device.user` variable instead of hardcoded usernames like "fs0c131y" and "servius". This makes the configurations more flexible and reusable across different devices. The changes affect nixos configurations for mirai, ryu, and tako, as well as the darwin configuration for kuro, and the deploy.nix file.

The key changes include:
- Replacing hardcoded usernames with `device.user` in trusted-users lists
- Updating system.primaryUser to use `device.user`
- Modifying user definitions to use the device.user variable
- Adjusting deploy configuration to use "servius" as sshUser for tako
- Commenting out some service modules in tako's services/default.nix
 2025-11-27 17:37:02 +05:30
uttarayan21
bd889f3a5e docs: simplify README to focus on machine list and update flake references 2025-11-27 16:51:22 +05:30
uttarayan21
a8ece6cf19 feat: update flake dependencies and add openssh service config 2025-11-26 21:07:30 +05:30
uttarayan21
6a04621728 feat(builders): add tako builder configuration 
chore(flake): update flake.lock for tako builder and dependency updates

chore(flake): switch hyprmonitors to https url

chore(home): remove unused linux-file-converter-addon

fix(home): remove commented out program enable line
 2025-11-26 20:29:04 +05:30
uttarayan21
18d18ff693 fix: change hyprmonitors fetch method to https 2025-11-26 20:25:49 +05:30
uttarayan21
b555cbe0af chore(nix): remove lfca dependency and add sd_mod kernel module 2025-11-26 20:20:59 +05:30
uttarayan21
d414e862f5 fix(tako): remove nvme from initrd modules and switch cpu microcode update to intel 2025-11-26 19:17:29 +05:30
uttarayan21
eadb0c45ce fix: update handoff dependency to github source 
The commit updates the handoff flake dependency from a local path to a GitHub repository. This changes the source URL from a local path "/home/servius/Projects/handoff" to "github:xatuke/handoff" and updates the corresponding lock file entries with new revision and hash information.

The change affects:
- flake.nix: Updated handoff url from path to github
- flake.lock: Updated handoff locked and original fields to reflect github source

This ensures the project uses the upstream handoff repository instead of a local development path.
 2025-11-26 18:55:04 +05:30
uttarayan21
f1d8ea6069 feat(deploy): update mirai hostname and add tako deployment config 
The commit updates the hostname for the mirai node to include the full domain name and adds a new deployment configuration for a tako node. It also includes changes to the tako configuration file such as updating secret paths, user configuration, timezone, and disk layout settings. Additionally, several services are commented out in the tako configuration.
 2025-11-26 18:43:30 +05:30
uttarayan21
b5399c5cc8 feat: Added tako 2025-11-26 18:15:12 +05:30
uttarayan21
58594d582b feat(chat): implement qwen3-coder-30b model with custom chat template and tool support 
The commit message reflects the main changes:
1. Updated model name from "gpt-oss-20b" to "qwen3-coder-30b" in aichat.nix
2. Changed the default model to ryu:qwen3-coder-30b in aichat.nix
3. Added a new chat template file (chat.hbs) with tool/function calling support
4. Configured llama.cpp to use the new chat template file
5. Enabled HDR display settings in hyprland
6. Modified gamemode to unload lmstudio on start and added custom script for gamemode startup

All changes are focused on implementing Qwen3-Coder-30B model with enhanced tool calling capabilities and system configuration improvements.
 2025-11-26 15:34:10 +05:30
uttarayan21
3a8e182170 feat: enable tinymist and add dualsense service configuration 2025-11-25 23:09:03 +05:30
uttarayan21
106eccf350 chore: remove immich and wivrn dependencies from flake config 2025-11-23 23:42:00 +05:30
uttarayan21
2f870f4f2e feat(nixos): integrate headplane and enhance configs with new services 2025-11-23 05:16:49 +05:30
uttarayan21
a99cc07124 refactor(tailscale): update to use masterPkgs for tailscale 2025-11-22 19:24:29 +05:30
uttarayan21
819c444daf feat(vms): configure libvirt and QEMU settings in default.nix 2025-11-22 16:18:39 +05:30
uttarayan21
d8f045d69e feat(flakes): update crates.io-index 2025-11-22 15:47:02 +05:30
uttarayan21
2721c696d0 feat(programs): add opencode configuration 
Enable 'opencode.nix' and update associated configurations.
 2025-11-22 03:17:53 +05:30
uttarayan21
682531cff4 chore: update flake.lock and refactor GUI service config 2025-11-21 12:05:54 +05:30
uttarayan21
2ff867e6b6 feat(eww): add "Activate Linux" widget and assets 
Add ".gitattributes" for LFS, update flake.nix, and include new eww widget, README, image, SCSS, and Yuck configuration.
 2025-11-20 16:19:21 +05:30
uttarayan21
2ce14b1c70 feat(nixos): add AirPods handoff service configuration 2025-11-17 21:04:56 +05:30
uttarayan21
f653079816 chore: update gnome-shell and stylix sources in flake.lock 2025-11-16 23:59:44 +05:30
uttarayan21
f952623634 docs: remove DEVICE_ARCHITECTURE.md file 2025-11-16 21:30:05 +05:30
uttarayan21
63720605a0 chore: update dependencies and modify OBS plugins configuration 2025-11-16 02:07:17 +05:30
uttarayan21
86a6dc481d chore(nix): update flake.lock and refactor ryu services configuration 2025-11-14 20:00:46 +05:30
uttarayan21
49ef43cf25 feat(home): add vesktop package and configure xdg portal for hyprland 2025-11-13 04:14:07 +05:30
uttarayan21
1a42c54678 feat(neovim): add shortcut for sidekick CLI toggle 
fix(ryu): update filesystem type to ntfs3
 2025-11-12 16:47:27 +05:30
uttarayan21
4edb4e5535 chore: remove deoxys VM server from configuration files 2025-11-12 15:20:58 +05:30
uttarayan21
1f5664502c feat: re-enable and update ddcbacklight integration 2025-11-11 20:17:57 +05:30
uttarayan21
971d5ebb76 fix(hyprland): update path for swaync-client in hyprland config 2025-11-11 19:08:27 +05:30
uttarayan21
bbe44afe28 feat: add wivrn and nixpkgs-xr inputs and update related configs 2025-11-11 18:28:14 +05:30
uttarayan21
ca194088ae feat(nixos): add wlx-overlays and wivrn services, update gamemode settings 2025-11-11 16:55:53 +05:30
uttarayan21
d301d3fd98 chore(nixvim): disable stylix integration in neovim configuration 2025-11-11 16:55:34 +05:30
uttarayan21
ba648817a3 refactor: update dependencies and flake configurations 2025-11-11 13:46:26 +05:30
117 changed files with 3243 additions and 10535 deletions
Expand all files Collapse all files

1
.gitattributes vendored Normal file
View File

@@ -0,0 +1 @@
*.png filter=lfs diff=lfs merge=lfs -text

215
DEVICE_ARCHITECTURE.md
View File

@@ -1,215 +0,0 @@
# Device Architecture Overview
This document provides a comprehensive overview of all devices managed by this NixOS/nix-darwin dotfiles repository.
> **Visual Diagram**: See [assets/devices-diagram.svg](assets/devices-diagram.svg) for a visual representation of this architecture.
## Device Categories
### 🖥️ Server Infrastructure (Headless)
#### mirai (Main Server)
- **Architecture**: x86_64-linux
- **User**: fs0c131y
- **Role**: Primary server hosting various services
- **Configuration**: NixOS + Home Manager
- **Hardware**: AMD CPU with NVME storage
- **Location**: Local network
- **Services**:
- Nextcloud (file storage and sync)
- Gitea (Git hosting)
- Minecraft server
- Immich (photo management)
- Paperless (document management)
- Tailscale VPN node
- ZeroTier network node
- Atuin (shell history sync)
- LLDAP (LDAP server)
- Navidrome (music streaming)
- Searxng (search engine)
- Syncthing
- And many more services
#### deoxys (VM Server)
- **Architecture**: x86_64-linux
- **User**: servius
- **Role**: Virtual machine server for testing and isolation
- **Configuration**: NixOS + Home Manager
- **Location**: Local network
#### tsuba (Raspberry Pi)
- **Architecture**: aarch64-linux
- **User**: servius
- **Role**: ARM-based server for lightweight services
- **Configuration**: NixOS + Home Manager (using stable channel)
- **Hardware**: Raspberry Pi
- **Access**: External via tsuba.darksailor.dev
- **Special**: Uses nixos-raspberrypi input for hardware support
### 💻 Development Workstations
#### ryu (Main Desktop)
- **Architecture**: x86_64-linux
- **User**: servius
- **Role**: Primary development workstation
- **Configuration**: NixOS + Home Manager
- **Desktop Environment**: Hyprland (primary) + GNOME (fallback)
- **Features**:
- Multi-monitor setup:
- Primary: HDMI-A-1 (Gigabyte FO27Q3)
- Secondary: DP-3 (Acer XV272U)
- Tertiary: DP-1 (Gigabyte M27Q)
- Audio production setup (musnix)
- Gaming support (Wine, Steam)
- Virtualization (virt-manager)
- Hardware acceleration (CUDA support)
- Secure boot with Lanzaboote
- TPM2 support
#### shiro (Mac Mini)
- **Architecture**: aarch64-darwin (Apple Silicon)
- **User**: servius
- **Role**: macOS desktop and build server
- **Configuration**: nix-darwin + Home Manager
- **Features**:
- ARM64 build server for distributed builds
- Samba file sharing
- Colima container runtime
- Aerospace window management
### 📱 Portable/Mobile Devices
#### kuro (MacBook)
- **Architecture**: aarch64-darwin (Apple Silicon)
- **User**: fs0c131y
- **Role**: macOS development machine
- **Configuration**: nix-darwin + Home Manager
- **Features**:
- Touch ID for sudo authentication
- Custom keyboard mappings
- Homebrew integration
#### SteamDeck (Gaming Handheld)
- **Architecture**: x86_64-linux
- **User**: deck
- **Role**: Portable gaming device
- **Configuration**: Home Manager only (no NixOS)
- **Special**: Uses SteamOS with Home Manager overlay
## Network Architecture
### VPN Networks
- **Tailscale**: Primary VPN connecting most devices
- Devices: mirai, deoxys, tsuba, deck
- **ZeroTier**: Secondary network layer
- Devices: mirai, ryu
### Local Network
- **Primary connection**: ryu (main desktop)
- **Wake-on-LAN**: Enabled for ryu (eno1 interface)
## Configuration Management
### NixOS Flake
- **Manages**: mirai, deoxys, tsuba, ryu
- **Features**: Unified configuration across Linux devices
- **Inputs**: Multiple flake inputs for extended functionality
### nix-darwin
- **Manages**: kuro, shiro
- **Features**: macOS system configuration
### Home Manager
- **Standalone**: deck (SteamDeck)
- **Integrated**: All other devices
- **Stable channel**: Used for tsuba
## Build Infrastructure
### Distributed Building
- **Build machines**:
- mirai (primary build server)
- shiro (macOS builds)
- tsuba (ARM builds, commented out)
- **Consumers**:
- ryu (uses remote builders)
- kuro (uses remote builders)
### Cache Strategy
- **Substituters**:
- nix-community.cachix.org
- nixos-raspberrypi.cachix.org (for ARM builds)
- **Build optimization**: Auto-optimise-store enabled
## Deployment Strategy
### SSH-based Deployment
Using deploy-rs for automated deployments:
```
ryu → mirai, deoxys, tsuba, deck
kuro → mirai, shiro
```
### Special Access
- **tsuba**: Accessed via external domain (tsuba.darksailor.dev)
- **All servers**: SSH key authentication with authorized_keys
## Hardware-Specific Features
### ryu (Desktop)
- **Graphics**: NVIDIA with CUDA support
- **Audio**: Professional audio setup with musnix
- **Input devices**: QMK keyboard support
- **Monitors**: DDC/CI control with ddcutil
- **Security**: TPM2, secure boot (Lanzaboote)
### mirai (Server)
- **CPU**: AMD with virtualization support
- **Storage**: Custom disk layout with disko
- **Containers**: Docker with custom mount points
- **Emulation**: aarch64-linux binfmt support
### macOS Devices (kuro - MacBook, shiro - Mac Mini)
- **Authentication**: Touch ID integration (kuro)
- **Keyboard**: Custom modifier key mappings
- **Package management**: Homebrew + Nix hybrid approach
- **Build server**: shiro provides ARM64 builds for the network
## Security Features
- **SOPS**: Secrets management across all devices
- **SSH keys**: Centralized key management
- **Fail2ban**: Enabled on mirai
- **Secure boot**: Implemented on ryu
- **TPM**: Hardware security on ryu
## Development Environment
### Shared Tools
- **Editor**: Nixvim (custom Neovim configuration)
- **Shell**: Fish + Nushell support
- **Terminal**: Various per-device preferences
- **Version control**: Git with shared configuration
### Language Support
- **Rust**: Custom overlay with latest toolchain
- **Python**: Python 3 with development tools
- **Nix**: Latest Nix with flakes enabled
- **Web**: Node.js and web development tools
## Monitoring and Observability
- **System metrics**: Collected across all NixOS devices
- **Shell history**: Synchronized via Atuin
- **File synchronization**: Syncthing for selective sync
## Backup and Data Management
- **Nextcloud**: Primary cloud storage on mirai
- **Syncthing**: Decentralized file sync
- **Git repositories**: Self-hosted on Gitea (mirai)
- **Photos**: Immich for photo management
- **Documents**: Paperless for document archival
This architecture provides a robust, scalable, and maintainable infrastructure for development, gaming, media consumption, and server hosting across multiple platforms and architectures.

267
README.md
View File

@@ -1,259 +1,10 @@
# Personal Dotfiles & NixOS Configuration
# Machines
A comprehensive, multi-platform dotfiles repository managing Linux, macOS, and specialized devices through Nix flakes, NixOS, nix-darwin, and Home Manager.
## 📊 Architecture Overview
This repository manages **7 devices** across multiple platforms and architectures:
- **3 Servers**: mirai (main), deoxys (VM), tsuba (Raspberry Pi)
- **1 Workstation**: ryu (primary desktop)
- **3 Portable devices**: kuro (MacBook), SteamDeck, and 1 desktop Mac Mini (shiro)
> 📈 **Visual Architecture**: See [Device Architecture Diagram](assets/devices-diagram.svg) for a complete visual overview.
## 🖥️ Device Portfolio
### Server Infrastructure
| Device | Architecture | Role | Services |
|--------|-------------|------|----------|
| **mirai** | x86_64-linux | Main Server | Nextcloud, Gitea, Minecraft, Immich, Paperless, +20 more |
| **deoxys** | x86_64-linux | VM Server | Testing & isolation environment |
| **tsuba** | aarch64-linux | Raspberry Pi | ARM-based lightweight services |
### Development Environment
| Device | Architecture | Setup | Features |
|--------|-------------|-------|----------|
| **ryu** | x86_64-linux | Main Desktop | Hyprland+GNOME, 3-monitor setup, gaming, audio production |
| **shiro** | aarch64-darwin | Mac Mini Desktop | nix-darwin + Home Manager, build server |
### Portable Devices
| Device | Architecture | Platform | Configuration |
|--------|-------------|----------|---------------|
| **kuro** | aarch64-darwin | MacBook | nix-darwin + Home Manager |
| **SteamDeck** | x86_64-linux | SteamOS | Home Manager only |
## 🚀 Quick Start
### Prerequisites
```bash
# Install Nix with flakes support
curl --proto '=https' --tlsv1.2 -sSf -L https://install.determinate.systems/nix | sh -s -- install
```
### Installation
#### NixOS (Linux)
```bash
sudo nixos-rebuild switch --flake .#<device-name>
```
#### macOS (nix-darwin)
```bash
nix run nix-darwin -- switch --flake .#<device-name>
```
#### Home Manager only (SteamDeck)
```bash
nix run home-manager/master -- switch --flake .#deck
```
### Available Devices
- `mirai` - Main server
- `ryu` - Primary desktop
- `deoxys` - VM server
- `tsuba` - Raspberry Pi
- `kuro` - MacBook (fs0c131y)
- `shiro` - MacBook (servius)
- `deck` - SteamDeck
## 🛠️ Development Tools
### Using Just (Recommended)
```bash
# Install on current system
just install
# Build without switching
just build
# Try Neovim configuration
just nvim
# Home Manager for non-NixOS
just home
```
### Core Technologies
- **OS**: NixOS, macOS, SteamOS
- **Shells**: Fish (primary), Nushell
- **Editor**: Neovim with custom nixvim configuration
- **Desktop**: Hyprland (Linux), Yabai + Aerospace (macOS)
- **Terminals**: Foot, Wezterm, Kitty
- **Package Management**: Nix Flakes with distributed building
## 🎯 Key Features
### 🔧 Multi-Platform Configuration Management
- **NixOS**: Complete system configuration for servers and workstations
- **nix-darwin**: macOS system management with Homebrew integration
- **Home Manager**: User environment configuration across all platforms
### 🌐 Network Infrastructure
- **Tailscale VPN**: Secure mesh networking across all devices
- **ZeroTier**: Secondary network layer for specific services
- **SSH Deployment**: Automated deployment via deploy-rs
### ⚡ Development Environment
- **Nixvim**: Custom Neovim configuration with LSP, tree-sitter, and plugins
- **Multi-monitor support**: Professional 3-monitor setup on ryu
- **Cross-compilation**: ARM64 and x86_64 support with distributed builds
### 🔒 Security & Secrets Management
- **SOPS**: Encrypted secrets management across all devices
- **SSH Keys**: Centralized key distribution
- **Secure Boot**: Lanzaboote implementation on ryu
- **TPM Support**: Hardware security module integration
### 🏗️ Build Infrastructure
- **Distributed Building**: mirai, shiro as build servers
- **Binary Caches**: nix-community and custom caches
- **Cross-platform**: ARM64 and x86_64 builds
## 📦 Self-Hosted Services (mirai)
### Core Services
- **Nextcloud**: File storage and synchronization
- **Gitea**: Self-hosted Git server
- **Immich**: Photo management and AI-powered search
- **Paperless**: Document management and OCR
### Development Tools
- **Atuin**: Shell history synchronization
- **LLDAP**: Lightweight LDAP server
- **VS Code Server**: Remote development environment
### Entertainment & Media
- **Minecraft Server**: Gaming server
- **Navidrome**: Music streaming server
- **Polaris**: Alternative music server
### Networking & Security
- **Tailscale**: VPN coordination node
- **ZeroTier**: Network management
- **Fail2ban**: Intrusion prevention
- **Caddy**: Reverse proxy and SSL termination
## 🎮 Gaming & Entertainment
### Gaming Setup (ryu)
- **Steam**: Native Linux gaming
- **Wine/Proton**: Windows game compatibility
- **Controller support**: Multiple gamepad configurations
- **Performance**: NVIDIA GPU with CUDA support
### Audio Production
- **Musnix**: Real-time audio kernel optimization
- **Professional audio**: Low-latency audio pipeline
- **Hardware support**: Audio interfaces and MIDI controllers
## 📱 Portable Configuration
### macOS Features (kuro - MacBook, shiro - Mac Mini)
- **Touch ID**: Sudo authentication integration (kuro)
- **Keyboard remapping**: Custom modifier key layouts
- **Aerospace/Yabai**: Tiling window management
- **Homebrew**: Package management for macOS-specific applications
- **Build server**: shiro serves as ARM64 build machine
### SteamDeck Integration
- **Home Manager**: User environment without system changes
- **Tailscale**: VPN connectivity for remote access
- **Development tools**: Portable development environment
## 🔄 Deployment & Management
### Automated Deployment
```bash
# Deploy to all servers from ryu
deploy .
# Deploy specific device
deploy .#mirai
```
### Build Management
- **Local builds**: Fast builds on powerful workstations
- **Remote builds**: Offload to build servers for efficiency
- **Binary caches**: Minimize rebuild times across devices
### Configuration Updates
- **Git-based**: All configurations version controlled
- **Atomic updates**: Rollback capability for all changes
- **Testing**: Safe deployment with easy rollback
## 📚 Try My Configurations
### Neovim Configuration
```bash
# Try my Neovim setup without installation
nix run github:uttarayan21/dotfiles#neovim
```
### Standalone Packages
The flake provides packages for:
- Custom Neovim configuration
- Development shells with tools
- Custom applications and scripts
## 🛡️ Security Practices
- **Encrypted secrets**: All sensitive data managed via SOPS
- **SSH hardening**: Key-based authentication only
- **Network segmentation**: VPN-based access control
- **Regular updates**: Automated security updates via Nix channels
- **Hardware security**: TPM and secure boot where available
## 📖 Documentation
- **[Device Architecture](DEVICE_ARCHITECTURE.md)**: Detailed device specifications and relationships
- **[Visual Diagram](assets/devices-diagram.svg)**: Complete infrastructure overview
- **Module documentation**: Inline documentation for custom Nix modules
## 🧰 Included Tools
### Command Line Utilities
| Tool | Purpose | Repository |
|------|---------|------------|
| `bat` | Enhanced cat with syntax highlighting | [sharkdp/bat](https://github.com/sharkdp/bat) |
| `dust` | Intuitive du replacement | [bootandy/dust](https://github.com/bootandy/dust) |
| `eza` | Modern ls replacement | [eza-community/eza](https://github.com/eza-community/eza) |
| `fd` | Simple, fast find alternative | [sharkdp/fd](https://github.com/sharkdp/fd) |
| `fzf` | Command-line fuzzy finder | [junegunn/fzf](https://github.com/junegunn/fzf) |
| `just` | Command runner | [casey/just](https://github.com/casey/just) |
| `ripgrep` | Fast text search | [BurntSushi/ripgrep](https://github.com/BurntSushi/ripgrep) |
| `starship` | Cross-shell prompt | [starship/starship](https://github.com/starship/starship) |
| `zoxide` | Smarter cd command | [ajeetdsouza/zoxide](https://github.com/ajeetdsouza/zoxide) |
### GUI Applications
- **Anyrun**: Application launcher for Hyprland
- **Hyprland**: Modern Wayland compositor
- **Ghostty**: GPU-accelerated terminal
- **Firefox**: Web browser with custom CSS
- **And many more...**
## 🤝 Contributing
This is a personal dotfiles repository, but feel free to:
- Use configurations as inspiration
- Report issues or suggest improvements
- Fork for your own use (please respect licenses)
## 📄 License
This repository contains configurations and scripts for personal use. Individual tools and applications maintain their respective licenses.
---
**Infrastructure Status**: 7 devices managed • 20+ services hosted • Multi-platform deployment ready
1. Ryu Dektop (Intel i9-14900KS / Nvidia 5090 / 64GB CL36@6000MTs)
```
```
2. Mirai Server (AMD Ryzen 7 7700 / 64GB@5200MHz)
3. Tako Server (Intel Xeon E-2236 / 64GB)
4. Tsuba Server (Raspberry Pi 5 / 8GB)
5. Kuro Laptop (Apple M4 Pro macbook / 24GB)
6. Shiro Desktop (Apple M4 macmini / 16GB)

2
builders/mirai.nix
View File

@@ -1,5 +1,5 @@
{
hostName = "sh.darksailor.dev";
hostName = "mirai.darksailor.dev";
sshUser = "remotebuilder";
systems = ["x86_64-linux" "aarch64-linux"];
protocol = "ssh-ng";

7
builders/tako.nix Normal file
View File

@@ -0,0 +1,7 @@
{
hostName = "tako.darksailor.dev";
sshUser = "remotebuilder";
systems = ["x86_64-linux" "aarch64-linux"];
protocol = "ssh-ng";
supportedFeatures = ["nixos-test" "benchmark" "big-parallel" "kvm"];
}

5
darwin/kuro/configuration.nix
View File

@@ -1,6 +1,7 @@
{
config,
pkgs,
device,
...
}: {
imports = [./services ./homebrew.nix ./programs];
@@ -12,7 +13,7 @@
# ids.gids.nixbld = 30000;
experimental-features = "nix-command flakes auto-allocate-uids";
max-jobs = 8;
trusted-users = ["root" "fs0c131y"];
trusted-users = ["root" device.user];
substituters = [
"https://nix-community.cachix.org"
# "https://sh.darksailor.dev"
@@ -58,7 +59,7 @@
# services.nix-daemon.enable = true;
system.stateVersion = 5;
system.primaryUser = "fs0c131y";
system.primaryUser = device.user;
system.keyboard.enableKeyMapping = true;
system.keyboard.remapCapsLockToControl = true;

14
darwin/shiro/services/caddy.nix
View File

@@ -4,31 +4,31 @@
...
}: {
sops = {
secrets."hetzner/api_key".owner = config.services.caddy.user;
secrets."cloudflare/api_key".owner = config.services.caddy.user;
templates = {
"HETZNER_API_KEY.env".content = ''
HETZNER_API_KEY=${config.sops.placeholder."hetzner/api_key"}
"CLOUDFLARE_API_KEY.env".content = ''
CLOUDFLARE_API_KEY=${config.sops.placeholder."cloudflare/api_key"}
'';
};
};
services = {
caddy = {
enable = true;
environmentFile = config.sops.templates."HETZNER_API_KEY.env".path;
environmentFile = config.sops.templates."CLOUDFLARE_API_KEY.env".path;
globalConfig = ''
debug
'';
extraConfig = ''
(hetzner) {
(cloudflare) {
tls {
propagation_timeout -1
propagation_delay 120s
dns hetzner {env.HETZNER_API_KEY}
dns cloudflare {env.CLOUDFLARE_API_KEY}
resolvers 1.1.1.1
}
}
'';
package = pkgs.caddyWithHetzner;
package = pkgs.caddyWithCloudflare;
};
};
}

2
darwin/shiro/services/lmstudio.nix
View File

@@ -1,7 +1,7 @@
{...}: {
services = {
caddy.virtualHosts."lmstudio.shiro.darksailor.dev" = ''
import hetzner
import cloudflare
reverse_proxy localhost:1234
'';
};

67
deploy.nix
View File

@@ -1,14 +1,15 @@
{
inputs,
self,
deploy-rs,
...
}: {
nodes = {
mirai = {
hostname = "mirai";
hostname = "mirai.darksailor.dev";
profiles.system = {
sshUser = "fs0c131y";
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.mirai;
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.mirai;
user = "root";
};
};
@@ -16,7 +17,7 @@
hostname = "tsuba.darksailor.dev";
profiles.system = {
sshUser = "servius";
path = inputs.deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.tsuba;
path = deploy-rs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.tsuba;
user = "root";
};
};
@@ -24,43 +25,43 @@
hostname = "ryu";
profiles.system = {
sshUser = "servius";
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.ryu;
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.ryu;
user = "root";
};
};
kuro = {
hostname = "kuro";
interactiveSudo = true;
profiles.system = {
sshUser = "fs0c131y";
path = inputs.deploy-rs.lib.aarch64-darwin.activate.darwin self.darwinConfigurations.kuro;
user = "root";
};
};
shiro = {
hostname = "shiro";
interactiveSudo = true;
tako = {
hostname = "tako.darksailor.dev";
profiles.system = {
sshUser = "servius";
path = inputs.deploy-rs.lib.aarch64-darwin.activate.darwin self.darwinConfigurations.shiro;
path = deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.tako;
user = "root";
};
};
deoxys = {
hostname = "deoxys";
profiles.system = {
sshUser = "servius";
path = inputs.deploy-rs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.deoxys;
user = "root";
};
};
deck = {
hostname = "steamdeck";
profiles.system = {
sshUser = "deck";
path = inputs.deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations.deck;
user = "deck";
};
};
# kuro = {
# hostname = "kuro";
# interactiveSudo = true;
# profiles.system = {
# sshUser = "fs0c131y";
# path = deploy-rs.lib.aarch64-darwin.activate.darwin self.darwinConfigurations.kuro;
# user = "root";
# };
# };
# shiro = {
# hostname = "shiro";
# interactiveSudo = true;
# profiles.system = {
# sshUser = "servius";
# path = deploy-rs.lib.aarch64-darwin.activate.darwin self.darwinConfigurations.shiro;
# user = "root";
# };
# };
# deck = {
# hostname = "steamdeck";
# profiles.system = {
# sshUser = "deck";
# path = deploy-rs.lib.x86_64-linux.activate.home-manager self.homeConfigurations.deck;
# user = "deck";
# };
# };
};
}

1283
flake.lock generated
View File

File diff suppressed because it is too large Load Diff

60
flake.nix
View File

@@ -3,14 +3,14 @@
inputs = {
nixpkgs.url = "github:nixos/nixpkgs/nixos-unstable";
nixpkgs-master.url = "github:nixos/nixpkgs/master";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.05";
nixpkgs-stable.url = "github:nixos/nixpkgs/nixos-25.11";
flake-utils.url = "github:numtide/flake-utils";
disko = {
url = "github:nix-community/disko/latest";
inputs.nixpkgs.follows = "nixpkgs";
};
home-manager = {
url = "github:nix-community/home-manager";
url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs";
};
stylix = {
@@ -18,11 +18,11 @@
inputs.nixpkgs.follows = "nixpkgs";
};
stylix-stable = {
url = "github:nix-community/stylix/release-25.05";
url = "github:nix-community/stylix/release-25.11";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
home-manager-stable = {
url = "github:nix-community/home-manager/release-25.05";
url = "github:nix-community/home-manager/release-25.11";
inputs.nixpkgs.follows = "nixpkgs-stable";
};
nix-darwin = {
@@ -34,7 +34,7 @@
inputs.nixpkgs.follows = "nixpkgs";
};
ironbar = {
url = "github:da-x/ironbar/correct-gdk-monitor";
url = "github:JakeStanger/ironbar";
inputs.nixpkgs.follows = "nixpkgs";
};
lanzaboote = {
@@ -43,7 +43,7 @@
};
nixvim = {
url = "github:nix-community/nixvim";
inputs.nixpkgs.follows = "nixpkgs";
# inputs.nixpkgs.follows = "nixpkgs";
};
nix-index-database.url = "github:Mic92/nix-index-database";
music-player = {
@@ -174,7 +174,7 @@
inputs.nixpkgs.follows = "nixpkgs";
};
onepassword-shell-plugins = {
url = "github:uttarayan21/shell-plugins";
url = "github:1Password/shell-plugins";
inputs.nixpkgs.follows = "nixpkgs";
};
zeronsd = {
@@ -195,7 +195,7 @@
inputs.nixpkgs.follows = "nixpkgs";
};
hyprmonitors = {
url = "git+ssh://gitea@git.darksailor.dev/servius/hyprmonitors";
url = "git+https://git.darksailor.dev/servius/hyprmonitors";
# url = "path:/home/servius/Projects/hyprmonitors";
inputs.nixpkgs.follows = "nixpkgs";
};
@@ -214,22 +214,27 @@
url = "github:ggml-org/llama.cpp/b6178?submodules=1";
inputs.nixpkgs.follows = "nixpkgs";
};
immich = {
url = "github:immich-app/immich/v1.142.0";
flake = false;
};
yabai = {
url = "github:koekeishiya/yabai";
flake = false;
};
lfca = {
url = "git+ssh://gitea@git.darksailor.dev/servius/lfca";
inputs.nixpkgs.follows = "nixpkgs";
};
nix-auth = {
url = "github:numtide/nix-auth";
inputs.nixpkgs.follows = "nixpkgs";
};
nixpkgs-xr = {
url = "github:nix-community/nixpkgs-xr";
inputs.nixpkgs.follows = "nixpkgs";
};
handoff = {
url = "github:xatuke/handoff";
inputs.nixpkgs.follows = "nixpkgs";
};
crates-nix.url = "github:uttarayan21/crates.nix";
headplane = {
url = "github:tale/headplane";
inputs.nixpkgs.follows = "nixpkgs";
};
};
outputs = {
@@ -254,6 +259,14 @@
isNix = true;
isServer = true;
};
tako = mkDevice {
name = "tako";
system = "x86_64-linux";
user = "servius";
hasGui = false;
isNix = true;
isServer = true;
};
ryu = mkDevice {
name = "ryu";
system = "x86_64-linux";
@@ -268,14 +281,6 @@
tertiary = "DP-1";
};
};
deoxys = mkDevice {
name = "deoxys";
system = "x86_64-linux";
user = "servius";
hasGui = false; # It's a vm so no GUI apps are used
isNix = true;
isServer = true;
};
tsuba = mkDevice {
name = "tsuba";
system = "aarch64-linux";
@@ -340,7 +345,7 @@
};
nixos_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isNix) devices;
linux_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isLinux) devices;
# linux_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isLinux) devices;
darwin_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isDarwin) devices;
rpi_devices = nixpkgs.lib.attrsets.filterAttrs (n: x: x.isArm && x.isLinux) devices;
@@ -348,7 +353,7 @@
inherit inputs;
};
in
rec {
{
nixosConfigurations =
(import ./nixos {
inherit inputs nixpkgs home-manager overlays nur;
@@ -394,7 +399,8 @@
in {
tsuba = mkImage nixos.tsuba;
};
deploy = import ./deploy.nix {inherit inputs self;};
deploy = import ./deploy.nix {inherit inputs self deploy-rs;};
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
inherit devices;
}
// flake-utils.lib.eachDefaultSystem (

1
home/apps/blueman.nix
View File

@@ -5,7 +5,6 @@
}: {
home.packages = lib.optionals pkgs.stdenv.isLinux [
pkgs.blueman
pkgs.webcord
];
services.blueman-applet.enable = pkgs.stdenv.isLinux;
}

21
home/apps/default.nix
View File

@@ -7,36 +7,37 @@ lib.optionalAttrs device.hasGui {
imports = [
# ./audacity.nix
./blueman.nix
./bottles.nix
# ./bottles.nix
./chromium.nix
./cursor.nix
# ./cursor.nix
./discord.nix
./firefox.nix
./ghostty.nix
# ./gimp.nix
./guitarix.nix
./gimp.nix
# ./guitarix.nix
./hyprpicker.nix
./jellyflix.nix
./kicad.nix
# ./jellyflix.nix
# ./kicad.nix
./kitty.nix
./lmstudio.nix
./mpv.nix
./neovide.nix
# ./neovide.nix
./nextcloud.nix
./obs-studio.nix
# ./openscad.nix
./orcaslicer.nix
./pcsx2.nix
# ./pcsx2.nix
# ./rpcs3.nix
# ./shadps4.nix
./slack.nix
./thunderbird.nix
# ./thunderbird.nix
# ./tsukimi.nix
# ./vial.nix
./vlc.nix
./vscode.nix
./wezterm.nix
./zathura.nix
./zed.nix
./zen.nix
./vial.nix
];
}

4
home/apps/discord.nix
View File

@@ -5,6 +5,8 @@
}: {
home.packages = lib.optionals pkgs.stdenv.isLinux [
pkgs.discord
pkgs.webcord
pkgs.vesktop
pkgs.discord-canary
pkgs.discord-ptb
];
}

4
home/apps/firefox.nix
View File

@@ -53,6 +53,8 @@
};
};
in {
programs.librewolf = config // {package = stablePkgs.librewolf;};
stylix.targets.librewolf.profileNames = ["default"];
stylix.targets.zen-browser.profileNames = ["default"];
# programs.librewolf = config // {package = stablePkgs.librewolf;};
# programs.firefox = config;
}

4
home/apps/kitty.nix
View File

@@ -1,8 +1,8 @@
{
lib,
pkgs,
device,
inputs,
# device,
# inputs,
...
}: {
stylix.targets.kitty.enable = false;

5
home/apps/tsukimi.nix Normal file
View File

@@ -0,0 +1,5 @@
{pkgs, ...}: {
home.packages = with pkgs; [
tsukimi
];
}

7
home/programs/aichat.nix
View File

@@ -16,7 +16,8 @@
enableNushellIntegration = false;
settings = {
save_session = true;
model = "openai:gpt-4o";
# model = "openai:gpt-4o";
model = "ryu:qwen3-coder-30b";
rag_embedding_model = "ollama:RobinBially/nomic-embed-text-8k";
clients = [
{
@@ -50,7 +51,7 @@
api_base = "https://llama.ryu.darksailor.dev/v1";
models = [
{
name = "gpt-oss-20b";
name = "qwen3-coder-30b";
type = "chat";
}
# {
@@ -173,7 +174,7 @@
*/
''
---
model: openai:gpt-4o
model: ryu:qwen3-coder-30b
---
Your task is to generate a concise and informative commit message based on the provided diff. Use the conventional commit format, which includes a type (feat, fix, chore, docs, style, refactor, perf, test) and an optional scope. The message should be in the imperative mood and should not exceed 72 characters in the subject line. Don't include any additional text or explanations, just the commit message.
'';

10
home/programs/default.nix
View File

@@ -42,6 +42,7 @@
./yt-dlp.nix
./zoxide.nix
./neovim.nix
./opencode.nix
# ./goread.nix
# ./helix.nix
@@ -64,7 +65,7 @@
bottom
btop
cachix
deploy-rs
deploy-rs.deploy-rs
dust
fd
file
@@ -89,6 +90,13 @@
nerd-fonts.fira-code
nerd-fonts.hasklug
nerd-fonts.symbols-only
noto-fonts
noto-fonts-cjk-sans
noto-fonts-color-emoji
liberation_ttf
fira-code
fira-code-symbols
mplus-outline-fonts.githubRelease
]
++ lib.optionals device.isLinux []
++ lib.optionals device.isDarwin [];

26
home/programs/neovim.nix
View File

@@ -1,7 +1,21 @@
{pkgs, ...}: {
programs.nixvim =
{
enable = true;
}
// (import ./../../neovim {inherit pkgs;});
{
pkgs,
device,
stablePkgs,
lib,
...
}: {
stylix.targets.nixvim.enable = false;
programs = lib.optionalAttrs (device.is "ryu" || device.is "kuro" || device.is "mirai" || device.is "tako") {
nixvim =
{
enable = true;
nixpkgs = {
config = {
allowUnfree = true;
};
};
}
// (import ./../../neovim {inherit pkgs stablePkgs;});
};
}

10
home/programs/opencode.nix Normal file
View File

@@ -0,0 +1,10 @@
{
device,
lib,
...
}:
lib.optionalAttrs (device.is "ryu") {
programs.opencode = {
enable = true;
};
}

12
home/programs/ssh.nix
View File

@@ -15,14 +15,14 @@
user = "git";
host = "github.com";
};
deoxys = {
user = "servius";
hostname = "deoxys";
forwardAgent = true;
};
mirai = {
user = "fs0c131y";
hostname = "sh.darksailor.dev";
hostname = "mirai.darksailor.dev";
forwardAgent = true;
};
tako = {
user = "servius";
hostname = "tako.darksailor.dev";
forwardAgent = true;
};
ryu = {

2
home/services/default.nix
View File

@@ -5,7 +5,7 @@
./kdeconnect.nix
./gtk.nix
./anyrun.nix
./ironbar
# ./ironbar
./gui.nix
./eww.nix
./xdg.nix

18
home/services/eww.nix
View File

@@ -1,19 +1,15 @@
{
pkgs,
device,
lib,
config,
...
}: let
activate_linux = pkgs.fetchFromGitHub {
owner = "Nycta-b424b3c7";
repo = "eww_activate-linux";
rev = "master";
sha256 = "sha256-CHNkRYR4F9JGMrNubHu+XzkwwI3IHzh93nuS7/Plhe4=";
};
in {
}: {
programs.eww = {
enable = device.is "ryu";
enableFishIntegration = true;
configDir = activate_linux;
};
# xdg.configFile = {
# eww = {
# source = "${config.home.homeDirectory}/Projects/dotfiles/home/services/eww";
# };
# };
}

5
home/services/eww/README.md Normal file
View File

@@ -0,0 +1,5 @@
# "Activate Linux"
"Activate Linux" text for [Eww](https://github.com/elkowar/eww/)
![Activate Linux](activate-linux.png)

BIN
home/services/eww/activate-linux.png LFS Normal file
View File

Binary file not shown.

7
home/services/eww/eww.scss Normal file
View File

@@ -0,0 +1,7 @@
.activate-linux {
color: rgba(250, 250, 250, 0.5);
&.background {
background: none;
}
}

41
home/services/eww/eww.yuck Normal file
View File

@@ -0,0 +1,41 @@
(defwidget activate-linux []
(box
:orientation "v"
:halign "start"
:valign "start"
(label :xalign 0 :markup "<span font_size=\"large\">Activate Linux</span>")
(label :xalign 0 :text "Go to Settings to activate Linux")))
(defwindow activate-linux
:monitor 0
:stacking "fg"
:geometry (geometry :x "96px" :y "96px" :width "250px" :anchor "bottom right")
(activate-linux))
(defwidget bar []
(centerbox :orientation "h"
(workspaces)
(music)
(tray)))
;; (defwidget tray []
;; (box :sclass "tray" :orientation "h" :space-evenly false :haligh "end"
;; (system-tray)
;; (battery)
;; (clock)))
(defwidgets workspaces []
(box :class "workspaces" :orientation "h" :space-evenly true :halign "start" :spacing 10
(workspace-indicator :index 0)
(workspace-indicator :index 1)
(workspace-indicator :index 2)
(workspace-indicator :index 3)
(workspace-indicator :index 4)
(workspace-indicator :index 5)
(workspace-indicator :index 6)
(workspace-indicator :index 7)
(workspace-indicator :index 8)
(workspace-indicator :index 9)))

23
home/services/gui.nix
View File

@@ -5,9 +5,6 @@
inputs,
...
}: {
# imports = [
# inputs.lfca.homeManagerModules
# ];
systemd.user.services.onepassword-gui = lib.optionalAttrs (device.is "ryu") {
Unit = {
Description = "1Password GUI";
@@ -23,11 +20,9 @@
WantedBy = ["graphical-session.target"];
};
};
# programs.linux-file-converter-addon.enable = true;
home.packages = with pkgs;
lib.optionals (device.is "ryu") [
nautilus
linux-file-converter-addon
totem
ffmpegthumbnailer
polkit_gnome
@@ -37,14 +32,14 @@
spotify
steam-run
wl-clipboard
(prismlauncher.override {
additionalPrograms = [ffmpeg zenity];
jdks = [
graalvm-ce
zulu8
zulu17
zulu
];
})
# (prismlauncher.override {
# additionalPrograms = [ffmpeg zenity];
# jdks = [
# # graalvm-ce
# zulu8
# zulu17
# zulu
# ];
# })
];
}

8
home/services/hyprland.nix
View File

@@ -51,8 +51,8 @@
transform = 0;
supports_wide_color = 1;
supports_hdr = 1;
# bitdepth = 10;
# cm = "hdr";
bitdepth = 10;
cm = "hdr";
# sdrbrightness = 0.005;
# sdrsaturation = 200;
}
@@ -192,7 +192,7 @@
"$mainModShift, Return, exec, ${lib.getExe pkgs.wezterm}"
# "$mainModShift, Return, exec, ${pkgs.foot}/bin/foot"
"$mainModShift, Q, killactive,"
"$mainModShift, s, exec, ${lib.getExe pkgs.hyprshot} -m region"
"$mainModShift, s, exec, ${lib.getExe pkgs.hyprshot} -m region -o ~/Pictures/Screenshots/"
# "$mainMod, M, exit,"
"$mainModShift, f, togglefloating,"
"$mainModShift, f, pin"
@@ -203,7 +203,7 @@
"$mainMod, Space, exec, ${lib.getExe pkgs.anyrun}"
"$mainMod, p, pseudo, # dwindle"
"$mainMod, v, togglesplit,"
# "$mainMod, a, exec, swaync-client -t"
"$mainMod, a, exec, ${pkgs.swaynotificationcenter}/bin/swaync-client -t"
"$mainMod, Tab, cyclenext"
# Audio
",xf86audiomute, exec, ${pkgs.swayosd}/bin/swayosd-client --output-volume mute-toggle"

2
home/services/ironbar/default.nix
View File

@@ -7,7 +7,7 @@
imports = [inputs.ironbar.homeManagerModules.default];
programs.ironbar = {
enable = device.is "ryu";
package = inputs.ironbar.packages.${pkgs.system}.default;
package = inputs.ironbar.packages.${pkgs.system}.ironbar;
systemd = true;
config.monitors = {
"${device.monitors.secondary}" = {

8
home/services/xdg.nix
View File

@@ -7,11 +7,11 @@
lib.optionalAttrs (device.is "ryu") {
xdg.portal = {
enable = pkgs.stdenv.isLinux;
# config = {
#
# };
config = {
hyprland.default = ["hyprland" "kde"];
};
extraPortals = with pkgs; [
# xdg-desktop-portal-hyprland
xdg-desktop-portal-hyprland
kdePackages.xdg-desktop-portal-kde
];
};

2
justfile
View File

@@ -6,7 +6,7 @@ install:
[linux]
install:
sudo nixos-rebuild switch --flake . --builders ''
sudo nixos-rebuild switch --flake . --builders '' --max-jobs 1
[macos]
build:

28
neovim/default.nix
View File

@@ -1,4 +1,8 @@
{pkgs, ...}: let
{
pkgs,
stablePkgs,
...
}: let
mkMappings = mappings:
[]
++ (pkgs.lib.optionals (builtins.hasAttr "normal" mappings) (mkMode mappings.normal "n"))
@@ -103,6 +107,7 @@ in {
"<C-q>x" = "[[<cmd>tabclose<cr>]]";
"<C-q>n" = "[[<cmd>tabnext<cr>]]";
"<C-q>p" = "[[<cmd>tabprevious<cr>]]";
"<c-.>" = "require('sidekick.cli').toggle";
};
terminal = {
"<C-\\>" = "require('FTerm').toggle";
@@ -173,6 +178,16 @@ in {
trouble.enable = true;
ts-context-commentstring.enable = true;
which-key.enable = true;
sidekick = {
enable = true;
settings = {
nes = {
enabled = false;
};
};
};
conform-nvim = {
enable = true;
settings = {
@@ -199,7 +214,7 @@ in {
enable = true;
settings = {
panel = {
enabled = true;
enabled = false;
};
suggestion = {
enabled = true;
@@ -240,6 +255,7 @@ in {
lualine = {
enable = true;
# package = stablePkgs.vimPlugins.lualine-nvim;
};
neotest = {
@@ -529,6 +545,7 @@ in {
slint_lsp.enable = true;
# sourcekit.enable = true;
openscad_lsp.enable = true;
tinymist.enable = true;
rust_analyzer = {
enable = false;
installCargo = false;
@@ -717,6 +734,12 @@ in {
end,
{})
vim.api.nvim_create_user_command('DapUiToggle',
function()
require('dapui').toggle()
end,
{})
local iron = require("iron.core")
iron.setup({
config = {
@@ -828,5 +851,6 @@ in {
pkgs.lua
pkgs.ripgrep
pkgs.nodejs-slim
pkgs.qwen-code
];
}

5
nixos/default.nix
View File

@@ -11,18 +11,23 @@
specialArgs = {
inherit device inputs;
stablePkgs = inputs.nixpkgs-stable.legacyPackages.${device.system};
masterPkgs = inputs.nixpkgs-master.legacyPackages.${device.system};
lanzaboote = inputs.lanzaboote;
cratesNix = inputs.crates-nix.mkLib {pkgs = nixpkgs.legacyPackages.${device.system};};
};
modules = [
inputs.arion.nixosModules.arion
inputs.disko.nixosModules.disko
inputs.handoff.nixosModules.default
inputs.home-manager.nixosModules.home-manager
inputs.lanzaboote.nixosModules.lanzaboote
inputs.musnix.nixosModules.musnix
inputs.nix-minecraft.nixosModules.minecraft-servers
inputs.nixpkgs-xr.nixosModules.nixpkgs-xr
inputs.nur.modules.nixos.default
inputs.sops-nix.nixosModules.sops
inputs.stylix.nixosModules.stylix
inputs.headplane.nixosModules.headplane
./${device.name}/configuration.nix
../home/module.nix

127
nixos/deoxys/configuration.nix
View File

@@ -1,127 +0,0 @@
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{
pkgs,
lib,
...
}: {
imports = [
# Include the results of the hardware scan.
./deoxys.nix
./services
];
# Bootloader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
systemd.services.NetworkManager-wait-online.enable = lib.mkForce false;
nix = {
settings = {
auto-optimise-store = true;
extra-experimental-features = "nix-command flakes auto-allocate-uids";
trusted-users = ["root" "servius" "fs0c131y"];
};
extraOptions = ''
build-users-group = nixbld
extra-nix-path = nixpkgs=flake:nixpkgs
builders-use-substitutes = true
'';
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than +5";
};
package = pkgs.nixVersions.latest;
buildMachines = [];
distributedBuilds = true;
};
networking.hostName = "deoxys"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Enable networking
networking.networkmanager.enable = true;
# Set your time zone.
time.timeZone = "Asia/Kolkata";
# Select internationalisation properties.
i18n.defaultLocale = "en_US";
i18n.extraLocaleSettings = {
LC_ADDRESS = "en_US";
LC_IDENTIFICATION = "en_US";
LC_MEASUREMENT = "en_US";
LC_MONETARY = "en_US";
LC_NAME = "en_US";
LC_NUMERIC = "en_US";
LC_PAPER = "en_US";
LC_TELEPHONE = "en_US";
LC_TIME = "en_US";
};
# Configure keymap in X11
services.xserver = {
xkb = {
layout = "us";
variant = "";
};
};
security.sudo.wheelNeedsPassword = false;
# Define a user account. Don't forget to set a password with passwd.
users.users.servius = {
isNormalUser = true;
description = "servius";
extraGroups = ["networkmanager" "wheel"];
packages = with pkgs; [];
openssh.authorizedKeys.keyFiles = [
../../secrets/id_ed25519.pub
../../secrets/id_ios.pub
];
};
# Allow unfree packages
nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
services.tailscale.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [22];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. Its perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.11"; # Did you read the comment?
}

3
nixos/deoxys/services/default.nix
View File

@@ -1,3 +0,0 @@
{...}: {
imports = [];
}

6
nixos/mirai/configuration.nix
View File

@@ -42,7 +42,7 @@
cores = 8;
auto-optimise-store = true;
extra-experimental-features = "nix-command flakes auto-allocate-uids";
trusted-users = ["root" "fs0c131y" "remotebuilder"];
trusted-users = [device.user "remotebuilder"];
trusted-substituters = [
"https://nix-community.cachix.org"
"https://nixos-raspberrypi.cachix.org"
@@ -65,11 +65,11 @@
dates = "daily";
options = "--delete-older-than 5d";
};
package = pkgs.nixVersions.nix_2_31; # deploy-rs doesn't work with nix >= 2.32
package = pkgs.nixVersions.latest; # deploy-rs doesn't work with nix >= 2.32
distributedBuilds = true;
};
users.users.fs0c131y = {
users.users.${device.user} = {
isNormalUser = true;
extraGroups = ["wheel" "docker" "media"];
openssh.authorizedKeys.keyFiles = [

912
nixos/mirai/services/dashboards/enhanced-overview.json
View File

@@ -1,912 +0,0 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"max": 100,
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "yellow",
"value": 70
},
{
"color": "red",
"value": 85
}
]
},
"unit": "percent"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "100 - (avg by (instance) (irate(node_cpu_seconds_total{job=\"tsuba-node\",mode=\"idle\"}[5m])) * 100)",
"legendFormat": "Tsuba CPU Usage",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "100 - (avg by (instance) (irate(node_cpu_seconds_total{job=\"ryu-node\",mode=\"idle\"}[5m])) * 100)",
"legendFormat": "Ryu CPU Usage",
"range": true,
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "100 - (avg by (instance) (irate(node_cpu_seconds_total{job=\"mirai-node\",mode=\"idle\"}[5m])) * 100)",
"legendFormat": "Mirai CPU Usage",
"range": true,
"refId": "C"
}
],
"title": "CPU Usage - All Devices",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "percent"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 8
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "(node_memory_MemTotal_bytes{job=\"tsuba-node\"} - node_memory_MemAvailable_bytes{job=\"tsuba-node\"}) / node_memory_MemTotal_bytes{job=\"tsuba-node\"} * 100",
"legendFormat": "Tsuba Memory Usage",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "(node_memory_MemTotal_bytes{job=\"ryu-node\"} - node_memory_MemAvailable_bytes{job=\"ryu-node\"}) / node_memory_MemTotal_bytes{job=\"ryu-node\"} * 100",
"legendFormat": "Ryu Memory Usage",
"range": true,
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "(node_memory_MemTotal_bytes{job=\"mirai-node\"} - node_memory_MemAvailable_bytes{job=\"mirai-node\"}) / node_memory_MemTotal_bytes{job=\"mirai-node\"} * 100",
"legendFormat": "Mirai Memory Usage",
"range": true,
"refId": "C"
}
],
"title": "Memory Usage - All Devices",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "yellow",
"value": 5
},
{
"color": "red",
"value": 10
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Failed Services"
},
"properties": [
{
"id": "unit",
"value": "short"
},
{
"id": "custom.cellOptions",
"value": {
"type": "color-background"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Active Services"
},
"properties": [
{
"id": "unit",
"value": "short"
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 16
},
"id": 3,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": ["sum"],
"show": false
},
"showHeader": true
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "systemd_units{job=~\"tsuba-systemd|ryu-systemd|mirai-systemd\",state=\"active\"}",
"format": "table",
"legendFormat": "__auto",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "systemd_units{job=~\"tsuba-systemd|ryu-systemd|mirai-systemd\",state=\"failed\"}",
"format": "table",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "B"
}
],
"title": "SystemD Service Status",
"transformations": [
{
"id": "merge",
"options": {}
},
{
"id": "groupBy",
"options": {
"fields": {
"Value #A": {
"aggregations": ["sum"],
"operation": "aggregate"
},
"Value #B": {
"aggregations": ["sum"],
"operation": "aggregate"
},
"job": {
"aggregations": [],
"operation": "groupby"
}
}
}
},
{
"id": "organize",
"options": {
"excludeByName": {},
"indexByName": {},
"renameByName": {
"Value #A (sum)": "Active Services",
"Value #B (sum)": "Failed Services",
"job": "Device"
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "percent"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 16
},
"id": 4,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "zfs_dataset_used_bytes{job=~\"tsuba-zfs|ryu-zfs|mirai-zfs\"} / zfs_dataset_available_bytes{job=~\"tsuba-zfs|ryu-zfs|mirai-zfs\"} * 100",
"legendFormat": "{{job}} - {{dataset}}",
"range": true,
"refId": "A"
}
],
"title": "ZFS Pool Usage",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "yellow",
"value": 40
},
{
"color": "red",
"value": 60
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Temperature"
},
"properties": [
{
"id": "unit",
"value": "celsius"
},
{
"id": "custom.cellOptions",
"value": {
"type": "gauge"
}
}
]
},
{
"matcher": {
"id": "byName",
"options": "Health"
},
"properties": [
{
"id": "mappings",
"value": [
{
"options": {
"0": {
"color": "red",
"index": 1,
"text": "FAIL"
},
"1": {
"color": "green",
"index": 0,
"text": "OK"
}
},
"type": "value"
}
]
},
{
"id": "custom.cellOptions",
"value": {
"type": "color-background"
}
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 24
},
"id": 5,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": ["sum"],
"show": false
},
"showHeader": true
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "smartctl_device_smart_healthy{job=~\"tsuba-smartctl|ryu-smartctl|mirai-smartctl\"}",
"format": "table",
"legendFormat": "__auto",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "smartctl_device_temperature{job=~\"tsuba-smartctl|ryu-smartctl|mirai-smartctl\"}",
"format": "table",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "B"
}
],
"title": "Disk Health & Temperature",
"transformations": [
{
"id": "merge",
"options": {}
},
{
"id": "organize",
"options": {
"excludeByName": {
"__name__": true,
"instance": true,
"Time": true
},
"indexByName": {},
"renameByName": {
"Value #A": "Health",
"Value #B": "Temperature",
"device": "Device",
"job": "System"
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "reqps"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 32
},
"id": 6,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "rate(nginx_http_requests_total{job=\"mirai-nginx\"}[5m])",
"legendFormat": "{{server}} - {{status}}",
"range": true,
"refId": "A"
}
],
"title": "Nginx Request Rate",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 32
},
"id": 7,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "nginx_connections_active{job=\"mirai-nginx\"}",
"legendFormat": "Active Connections",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "nginx_connections_reading{job=\"mirai-nginx\"}",
"legendFormat": "Reading",
"range": true,
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "nginx_connections_writing{job=\"mirai-nginx\"}",
"legendFormat": "Writing",
"range": true,
"refId": "C"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "nginx_connections_waiting{job=\"mirai-nginx\"}",
"legendFormat": "Waiting",
"range": true,
"refId": "D"
}
],
"title": "Nginx Connections",
"type": "timeseries"
}
],
"refresh": "30s",
"schemaVersion": 38,
"style": "dark",
"tags": ["monitoring", "overview", "enhanced"],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Enhanced Infrastructure Overview",
"uid": "enhanced-overview",
"version": 0,
"weekStart": ""
}

601
nixos/mirai/services/dashboards/mirai-monitoring.json
View File

@@ -1,601 +0,0 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"max": 100,
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "percent"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "100 - (avg by (instance) (irate(node_cpu_seconds_total{job=\"mirai-node\",mode=\"idle\"}[5m])) * 100)",
"legendFormat": "CPU Usage",
"range": true,
"refId": "A"
}
],
"title": "Mirai CPU Usage",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "bytes"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 0
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_memory_MemTotal_bytes{job=\"mirai-node\"} - node_memory_MemAvailable_bytes{job=\"mirai-node\"}",
"legendFormat": "Used Memory",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_memory_MemTotal_bytes{job=\"mirai-node\"}",
"legendFormat": "Total Memory",
"range": true,
"refId": "B"
}
],
"title": "Mirai Memory Usage",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Memory"
},
"properties": [
{
"id": "unit",
"value": "bytes"
}
]
},
{
"matcher": {
"id": "byName",
"options": "Count"
},
"properties": [
{
"id": "unit",
"value": "short"
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 8
},
"id": 3,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": ["sum"],
"show": false
},
"showHeader": true,
"sortBy": [
{
"desc": true,
"displayName": "Memory"
}
]
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "namedprocess_namegroup_memory_bytes{job=\"mirai-process\"} > 0",
"format": "table",
"legendFormat": "__auto",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "namedprocess_namegroup_num_procs{job=\"mirai-process\"} > 0",
"format": "table",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "B"
}
],
"title": "Mirai Running Processes",
"transformations": [
{
"id": "merge",
"options": {}
},
{
"id": "organize",
"options": {
"excludeByName": {
"__name__": true,
"instance": true,
"job": true,
"Time": true
},
"indexByName": {},
"renameByName": {
"Value #A": "Memory",
"Value #B": "Count",
"groupname": "Process Name"
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 16
},
"id": 4,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load1{job=\"mirai-node\"}",
"legendFormat": "1m load",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load5{job=\"mirai-node\"}",
"legendFormat": "5m load",
"range": true,
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load15{job=\"mirai-node\"}",
"legendFormat": "15m load",
"range": true,
"refId": "C"
}
],
"title": "Mirai System Load",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "bytes"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 16
},
"id": 5,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "rate(node_network_receive_bytes_total{job=\"mirai-node\",device!~\"lo|veth.*|docker.*|virbr.*|br-.*\"}[5m])",
"legendFormat": "{{device}} - Inbound",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "rate(node_network_transmit_bytes_total{job=\"mirai-node\",device!~\"lo|veth.*|docker.*|virbr.*|br-.*\"}[5m])",
"legendFormat": "{{device}} - Outbound",
"range": true,
"refId": "B"
}
],
"title": "Mirai Network I/O",
"type": "timeseries"
}
],
"refresh": "30s",
"schemaVersion": 38,
"style": "dark",
"tags": ["monitoring", "mirai"],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Mirai System Monitoring",
"uid": "mirai-monitoring",
"version": 0,
"weekStart": ""
}

689
nixos/mirai/services/dashboards/overview-monitoring.json
View File

@@ -1,689 +0,0 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"max": 100,
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "yellow",
"value": 70
},
{
"color": "red",
"value": 85
}
]
},
"unit": "percent"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "100 - (avg by (instance) (irate(node_cpu_seconds_total{job=\"tsuba-node\",mode=\"idle\"}[5m])) * 100)",
"legendFormat": "Tsuba CPU Usage",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "100 - (avg by (instance) (irate(node_cpu_seconds_total{job=\"ryu-node\",mode=\"idle\"}[5m])) * 100)",
"legendFormat": "Ryu CPU Usage",
"range": true,
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "100 - (avg by (instance) (irate(node_cpu_seconds_total{job=\"mirai-node\",mode=\"idle\"}[5m])) * 100)",
"legendFormat": "Mirai CPU Usage",
"range": true,
"refId": "C"
}
],
"title": "All Devices - CPU Usage",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "percent"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 8
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "(node_memory_MemTotal_bytes{job=\"tsuba-node\"} - node_memory_MemAvailable_bytes{job=\"tsuba-node\"}) / node_memory_MemTotal_bytes{job=\"tsuba-node\"} * 100",
"legendFormat": "Tsuba Memory Usage",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "(node_memory_MemTotal_bytes{job=\"ryu-node\"} - node_memory_MemAvailable_bytes{job=\"ryu-node\"}) / node_memory_MemTotal_bytes{job=\"ryu-node\"} * 100",
"legendFormat": "Ryu Memory Usage",
"range": true,
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "(node_memory_MemTotal_bytes{job=\"mirai-node\"} - node_memory_MemAvailable_bytes{job=\"mirai-node\"}) / node_memory_MemTotal_bytes{job=\"mirai-node\"} * 100",
"legendFormat": "Mirai Memory Usage",
"range": true,
"refId": "C"
}
],
"title": "All Devices - Memory Usage",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "CPU %"
},
"properties": [
{
"id": "unit",
"value": "percent"
},
{
"id": "custom.cellOptions",
"value": {
"type": "gauge"
}
},
{
"id": "max",
"value": 100
}
]
},
{
"matcher": {
"id": "byName",
"options": "Memory %"
},
"properties": [
{
"id": "unit",
"value": "percent"
},
{
"id": "custom.cellOptions",
"value": {
"type": "gauge"
}
},
{
"id": "max",
"value": 100
}
]
},
{
"matcher": {
"id": "byName",
"options": "Load 1m"
},
"properties": [
{
"id": "unit",
"value": "short"
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 16
},
"id": 3,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "100 - (avg by (instance) (irate(node_cpu_seconds_total{job=~\"tsuba-node|ryu-node|mirai-node\",mode=\"idle\"}[5m])) * 100)",
"format": "table",
"legendFormat": "__auto",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "(node_memory_MemTotal_bytes{job=~\"tsuba-node|ryu-node|mirai-node\"} - node_memory_MemAvailable_bytes{job=~\"tsuba-node|ryu-node|mirai-node\"}) / node_memory_MemTotal_bytes{job=~\"tsuba-node|ryu-node|mirai-node\"} * 100",
"format": "table",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load1{job=~\"tsuba-node|ryu-node|mirai-node\"}",
"format": "table",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "C"
}
],
"title": "System Overview",
"transformations": [
{
"id": "merge",
"options": {}
},
{
"id": "organize",
"options": {
"excludeByName": {
"__name__": true,
"instance": true
},
"indexByName": {},
"renameByName": {
"Value #A": "CPU %",
"Value #B": "Memory %",
"Value #C": "Load 1m",
"job": "Device"
}
}
},
{
"id": "filterFieldsByName",
"options": {
"include": {
"names": [
"Device",
"CPU %",
"Memory %",
"Load 1m"
]
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 24
},
"id": 4,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load1{job=\"tsuba-node\"}",
"legendFormat": "Tsuba 1m load",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load1{job=\"ryu-node\"}",
"legendFormat": "Ryu 1m load",
"range": true,
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load1{job=\"mirai-node\"}",
"legendFormat": "Mirai 1m load",
"range": true,
"refId": "C"
}
],
"title": "System Load Average (1m)",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Process Count"
},
"properties": [
{
"id": "unit",
"value": "short"
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 24
},
"id": 5,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": [
"sum"
],
"show": false
},
"showHeader": true
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "count by (job) (namedprocess_namegroup_num_procs{job=~\"tsuba-process|ryu-process|mirai-process\"})",
"format": "table",
"legendFormat": "__auto",
"range": true,
"refId": "A"
}
],
"title": "Active Process Count by Device",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"__name__": true,
"Time": true
},
"indexByName": {},
"renameByName": {
"Value": "Process Count",
"job": "Device"
}
}
}
],
"type": "table"
}
],
"refresh": "30s",
"schemaVersion": 38,
"style": "dark",
"tags": [
"monitoring",
"overview"
],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Infrastructure Overview",
"uid": "overview-monitoring",
"version": 0,
"weekStart": ""
}

601
nixos/mirai/services/dashboards/ryu-monitoring.json
View File

@@ -1,601 +0,0 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"max": 100,
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "percent"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "100 - (avg by (instance) (irate(node_cpu_seconds_total{job=\"ryu-node\",mode=\"idle\"}[5m])) * 100)",
"legendFormat": "CPU Usage",
"range": true,
"refId": "A"
}
],
"title": "Ryu CPU Usage",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "bytes"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 0
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_memory_MemTotal_bytes{job=\"ryu-node\"} - node_memory_MemAvailable_bytes{job=\"ryu-node\"}",
"legendFormat": "Used Memory",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_memory_MemTotal_bytes{job=\"ryu-node\"}",
"legendFormat": "Total Memory",
"range": true,
"refId": "B"
}
],
"title": "Ryu Memory Usage",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Memory"
},
"properties": [
{
"id": "unit",
"value": "bytes"
}
]
},
{
"matcher": {
"id": "byName",
"options": "Count"
},
"properties": [
{
"id": "unit",
"value": "short"
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 8
},
"id": 3,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": ["sum"],
"show": false
},
"showHeader": true,
"sortBy": [
{
"desc": true,
"displayName": "Memory"
}
]
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "namedprocess_namegroup_memory_bytes{job=\"ryu-process\"} > 0",
"format": "table",
"legendFormat": "__auto",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "namedprocess_namegroup_num_procs{job=\"ryu-process\"} > 0",
"format": "table",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "B"
}
],
"title": "Ryu Running Processes",
"transformations": [
{
"id": "merge",
"options": {}
},
{
"id": "organize",
"options": {
"excludeByName": {
"__name__": true,
"instance": true,
"job": true,
"Time": true
},
"indexByName": {},
"renameByName": {
"Value #A": "Memory",
"Value #B": "Count",
"groupname": "Process Name"
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 16
},
"id": 4,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load1{job=\"ryu-node\"}",
"legendFormat": "1m load",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load5{job=\"ryu-node\"}",
"legendFormat": "5m load",
"range": true,
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load15{job=\"ryu-node\"}",
"legendFormat": "15m load",
"range": true,
"refId": "C"
}
],
"title": "Ryu System Load",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "binBps"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 16
},
"id": 5,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "rate(node_network_receive_bytes_total{job=\"ryu-node\",device!~\"lo|veth.*|docker.*|virbr.*|br-.*\"}[5m])",
"legendFormat": "{{device}} - Inbound",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "rate(node_network_transmit_bytes_total{job=\"ryu-node\",device!~\"lo|veth.*|docker.*|virbr.*|br-.*\"}[5m])",
"legendFormat": "{{device}} - Outbound",
"range": true,
"refId": "B"
}
],
"title": "Ryu Network I/O",
"type": "timeseries"
}
],
"refresh": "30s",
"schemaVersion": 38,
"style": "dark",
"tags": ["monitoring", "ryu"],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Ryu System Monitoring",
"uid": "ryu-monitoring",
"version": 0,
"weekStart": ""
}

616
nixos/mirai/services/dashboards/systemd-monitoring.json
View File

@@ -1,616 +0,0 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [
{
"options": {
"0": {
"color": "red",
"index": 1,
"text": "FAILED"
},
"1": {
"color": "green",
"index": 0,
"text": "ACTIVE"
}
},
"type": "value"
}
],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 0.5
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Status"
},
"properties": [
{
"id": "custom.cellOptions",
"value": {
"type": "color-background"
}
}
]
}
]
},
"gridPos": {
"h": 12,
"w": 24,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": ["sum"],
"show": false
},
"showHeader": true,
"sortBy": [
{
"desc": false,
"displayName": "Device"
}
]
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "systemd_unit_state{job=~\"tsuba-systemd|ryu-systemd|mirai-systemd\",state=~\"active|failed\",name=~\".+\\.(service|timer)$\"}",
"format": "table",
"legendFormat": "__auto",
"range": true,
"refId": "A"
}
],
"title": "SystemD Services Status",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"__name__": true,
"instance": true,
"Time": true
},
"indexByName": {},
"renameByName": {
"Value": "Status",
"job": "Device",
"name": "Service",
"state": "State"
}
}
},
{
"id": "filterFieldsByName",
"options": {
"include": {
"names": [
"Device",
"Service",
"Status"
]
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 12
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "count by (job) (systemd_unit_state{job=~\"tsuba-systemd|ryu-systemd|mirai-systemd\",state=\"active\",name=~\".+\\.service$\"})",
"legendFormat": "{{job}} - Active Services",
"range": true,
"refId": "A"
}
],
"title": "Active Services Count",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": [
{
"matcher": {
"id": "byRegexp",
"options": ".*Failed.*"
},
"properties": [
{
"id": "color",
"value": {
"fixedColor": "red",
"mode": "fixed"
}
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 12
},
"id": 3,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "count by (job) (systemd_unit_state{job=~\"tsuba-systemd|ryu-systemd|mirai-systemd\",state=\"failed\",name=~\".+\\.service$\"})",
"legendFormat": "{{job}} - Failed Services",
"range": true,
"refId": "A"
}
],
"title": "Failed Services Count",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Restart Count"
},
"properties": [
{
"id": "unit",
"value": "short"
},
{
"id": "custom.cellOptions",
"value": {
"type": "color-background"
}
},
{
"id": "thresholds",
"value": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "yellow",
"value": 5
},
{
"color": "red",
"value": 10
}
]
}
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 20
},
"id": 4,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": ["sum"],
"show": false
},
"showHeader": true,
"sortBy": [
{
"desc": true,
"displayName": "Restart Count"
}
]
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "systemd_unit_restart_total{job=~\"tsuba-systemd|ryu-systemd|mirai-systemd\",name=~\".+\\.service$\"} > 0",
"format": "table",
"legendFormat": "__auto",
"range": true,
"refId": "A"
}
],
"title": "Service Restart Count",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"__name__": true,
"instance": true,
"Time": true
},
"indexByName": {},
"renameByName": {
"Value": "Restart Count",
"job": "Device",
"name": "Service"
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "Next Run"
},
"properties": [
{
"id": "unit",
"value": "dateTimeAsIso"
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 28
},
"id": 5,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": ["sum"],
"show": false
},
"showHeader": true
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "systemd_timer_last_trigger_seconds{job=~\"tsuba-systemd|ryu-systemd|mirai-systemd\",name=~\".+\\.timer$\"}",
"format": "table",
"legendFormat": "__auto",
"range": true,
"refId": "A"
}
],
"title": "SystemD Timers",
"transformations": [
{
"id": "organize",
"options": {
"excludeByName": {
"__name__": true,
"instance": true,
"Time": true
},
"indexByName": {},
"renameByName": {
"Value": "Last Trigger",
"job": "Device",
"name": "Timer"
}
}
}
],
"type": "table"
}
],
"refresh": "30s",
"schemaVersion": 38,
"style": "dark",
"tags": ["monitoring", "systemd", "services"],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "SystemD Services Monitoring",
"uid": "systemd-monitoring",
"version": 0,
"weekStart": ""
}

624
nixos/mirai/services/dashboards/tsuba-monitoring.json
View File

@@ -1,624 +0,0 @@
{
"annotations": {
"list": [
{
"builtIn": 1,
"datasource": {
"type": "grafana",
"uid": "-- Grafana --"
},
"enable": true,
"hide": true,
"iconColor": "rgba(0, 211, 255, 1)",
"name": "Annotations & Alerts",
"type": "dashboard"
}
]
},
"editable": true,
"fiscalYearStartMonth": 0,
"graphTooltip": 0,
"id": null,
"links": [],
"liveNow": false,
"panels": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"max": 100,
"min": 0,
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "percent"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 0
},
"id": 1,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "100 - (avg by (instance) (irate(node_cpu_seconds_total{job=\"tsuba-node\",mode=\"idle\"}[5m])) * 100)",
"legendFormat": "CPU Usage",
"range": true,
"refId": "A"
}
],
"title": "Tsuba CPU Usage",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "bytes"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 0
},
"id": 2,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_memory_MemTotal_bytes{job=\"tsuba-node\"} - node_memory_MemAvailable_bytes{job=\"tsuba-node\"}",
"legendFormat": "Used Memory",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_memory_MemTotal_bytes{job=\"tsuba-node\"}",
"legendFormat": "Total Memory",
"range": true,
"refId": "B"
}
],
"title": "Tsuba Memory Usage",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "thresholds"
},
"custom": {
"align": "auto",
"cellOptions": {
"type": "auto"
},
"inspect": false
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
}
},
"overrides": [
{
"matcher": {
"id": "byName",
"options": "CPU %"
},
"properties": [
{
"id": "unit",
"value": "percent"
},
{
"id": "custom.cellOptions",
"value": {
"type": "gauge"
}
},
{
"id": "max",
"value": 100
}
]
},
{
"matcher": {
"id": "byName",
"options": "Memory"
},
"properties": [
{
"id": "unit",
"value": "bytes"
}
]
}
]
},
"gridPos": {
"h": 8,
"w": 24,
"x": 0,
"y": 8
},
"id": 3,
"options": {
"cellHeight": "sm",
"footer": {
"countRows": false,
"fields": "",
"reducer": ["sum"],
"show": false
},
"showHeader": true,
"sortBy": [
{
"desc": true,
"displayName": "CPU %"
}
]
},
"pluginVersion": "10.0.0",
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "rate(namedprocess_namegroup_cpu_seconds_total{job=\"tsuba-process\"}[5m]) * 100",
"format": "table",
"legendFormat": "__auto",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "namedprocess_namegroup_num_procs{job=\"tsuba-process\"} > 0",
"format": "table",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "namedprocess_namegroup_num_procs{job=\"tsuba-process\"}",
"format": "table",
"hide": false,
"legendFormat": "__auto",
"range": true,
"refId": "C"
}
],
"title": "Tsuba Running Processes",
"transformations": [
{
"id": "merge",
"options": {}
},
{
"id": "organize",
"options": {
"excludeByName": {
"__name__": true,
"instance": true,
"job": true
},
"indexByName": {},
"renameByName": {
"Value #A": "CPU %",
"Value #B": "Memory",
"Value #C": "Count",
"groupname": "Process Name"
}
}
}
],
"type": "table"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "short"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 0,
"y": 16
},
"id": 4,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load1{job=\"tsuba-node\"}",
"legendFormat": "1m load",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load5{job=\"tsuba-node\"}",
"legendFormat": "5m load",
"range": true,
"refId": "B"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "node_load15{job=\"tsuba-node\"}",
"legendFormat": "15m load",
"range": true,
"refId": "C"
}
],
"title": "Tsuba System Load",
"type": "timeseries"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"fieldConfig": {
"defaults": {
"color": {
"mode": "palette-classic"
},
"custom": {
"axisCenteredZero": false,
"axisColorMode": "text",
"axisLabel": "",
"axisPlacement": "auto",
"barAlignment": 0,
"drawStyle": "line",
"fillOpacity": 10,
"gradientMode": "none",
"hideFrom": {
"legend": false,
"tooltip": false,
"vis": false
},
"insertNulls": false,
"lineInterpolation": "linear",
"lineWidth": 1,
"pointSize": 5,
"scaleDistribution": {
"type": "linear"
},
"showPoints": "never",
"spanNulls": false,
"stacking": {
"group": "A",
"mode": "none"
},
"thresholdsStyle": {
"mode": "off"
}
},
"mappings": [],
"thresholds": {
"mode": "absolute",
"steps": [
{
"color": "green",
"value": null
},
{
"color": "red",
"value": 80
}
]
},
"unit": "bytes"
},
"overrides": []
},
"gridPos": {
"h": 8,
"w": 12,
"x": 12,
"y": 16
},
"id": 5,
"options": {
"legend": {
"calcs": [],
"displayMode": "list",
"placement": "bottom",
"showLegend": true
},
"tooltip": {
"mode": "single",
"sort": "none"
}
},
"targets": [
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "rate(node_network_receive_bytes_total{job=\"tsuba-node\",device!~\"lo|veth.*|docker.*|virbr.*|br-.*\"}[5m])",
"legendFormat": "{{device}} - Inbound",
"range": true,
"refId": "A"
},
{
"datasource": {
"type": "prometheus",
"uid": "prometheus"
},
"editorMode": "code",
"expr": "rate(node_network_transmit_bytes_total{job=\"tsuba-node\",device!~\"lo|veth.*|docker.*|virbr.*|br-.*\"}[5m])",
"legendFormat": "{{device}} - Outbound",
"range": true,
"refId": "B"
}
],
"title": "Tsuba Network I/O",
"type": "timeseries"
}
],
"refresh": "30s",
"schemaVersion": 38,
"style": "dark",
"tags": ["monitoring", "tsuba"],
"templating": {
"list": []
},
"time": {
"from": "now-1h",
"to": "now"
},
"timepicker": {},
"timezone": "",
"title": "Tsuba System Monitoring",
"uid": "tsuba-monitoring",
"version": 0,
"weekStart": ""
}

39
nixos/mirai/services/default.nix
View File

@@ -1,25 +1,26 @@
{...}: {
imports = [
./atuin.nix
./authelia.nix
./caddy.nix
./excalidraw.nix
./fail2ban.nix
./flaresolverr.nix
./gitea.nix
./homepage.nix
./immich.nix
# ./llama.nix
# ./immich.nix
./lldap.nix
./monitoring.nix
./nextcloud.nix
./prowlarr.nix
./resolved.nix
./searxng.nix
# ./atuin.nix
# ./authelia.nix
# ./caddy.nix
# ./excalidraw.nix
# ./fail2ban.nix
# ./flaresolverr.nix
# ./games
# ./gitea.nix
# ./homepage.nix
# # ./immich.nix
# ./immich.nix
# # ./llama.nix
# ./lldap.nix
# ./nextcloud.nix
# # ./paperless.nix
# ./prowlarr.nix
# ./resolved.nix
# ./searxng.nix
./tailscale.nix
./games
# ./paperless.nix
# ./headscale.nix
# ./shitpost.nix
];
services = {
nix-serve = {

79
nixos/mirai/services/headscale.nix Normal file
View File

@@ -0,0 +1,79 @@
{config, ...}: {
sops = {
secrets.headscale-secret = {
owner = config.systemd.services.headscale.serviceConfig.User;
mode = "0440";
restartUnits = ["headscale.service" "authelia-darksailor.service"];
key = "authelia/oidc/headscale/client_secret";
};
secrets.headscale-authelia = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = ["headscale.service" "authelia-darksailor.service"];
key = "authelia/oidc/headscale/client_secret";
};
};
services = {
headscale = {
enable = true;
port = 8095;
settings = {
dns = {
magic_dns = true;
base_domain = "headscale.darksailor.dev";
nameservers.global = ["1.1.1.1"];
};
oidc = {
issuer = "https://auth.darksailor.dev";
client_id = "headscale";
client_secret_path = "${config.sops.secrets.headscale-secret.path}";
pkce = {
enabled = true;
method = "S256";
};
};
};
};
# headplane = {
# enable = true;
# settings = {
# server.port = 42562;
# };
# };
caddy = {
virtualHosts."headscale.darksailor.dev".extraConfig = ''
reverse_proxy localhost:${toString config.services.headplane.settings.server.port}
'';
};
authelia = {
instances.darksailor = {
settings = {
identity_providers = {
oidc = {
clients = [
{
client_name = "HeadScale";
client_id = "headscale";
client_secret = ''{{ secret "${config.sops.secrets.headscale-authelia.path}" }}'';
public = false;
authorization_policy = "one_factor";
require_pkce = true;
pkce_challenge_method = "S256";
redirect_uris = [
"https://headscale.darksailor.dev/oidc/callback"
];
scopes = ["openid" "email" "profile" "groups"];
response_types = ["code"];
grant_types = ["authorization_code"];
access_token_signed_response_alg = "none";
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_basic";
}
];
};
};
};
};
};
};
}

249
nixos/mirai/services/monitoring.nix
View File

@@ -1,249 +0,0 @@
{
config,
pkgs,
lib,
# devices,
...
}: {
sops.secrets = {
"grafana/adminPassword" = {
owner = "grafana";
group = "grafana";
};
oauth-client-secret-grafana-authelia = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
key = "authelia/oidc/grafana/client_secret";
restartUnits = [
"authelia-darksailor.service"
];
};
oauth-client-secret-grafana = {
owner = config.systemd.services.grafana.serviceConfig.User;
key = "authelia/oidc/grafana/client_secret";
restartUnits = [
"grafana"
];
};
};
services = {
prometheus = {
enable = true;
port = 9090;
listenAddress = "0.0.0.0";
scrapeConfigs = [];
# ++ (lib.mapAttrsToList (name: cfg: {
# job_name = "mirai-" + name;
# static_configs = [
# {
# targets = [("localhost:" + (builtins.toString cfg.port))];
# }
# ];
# })
# (config.services.prometheus.exporters));
retentionTime = "30d";
globalConfig = {
scrape_interval = "15s";
evaluation_interval = "15s";
};
};
prometheus.exporters = {
ping = {
enable = true;
settings = {
targets = [
"1.1.1.1"
"ryu"
"tsuba"
"shiro"
];
ping = {
interval = "5s";
timeout = "5s";
};
};
openFirewall = true;
};
node = {
enable = true;
enabledCollectors = [
"systemd"
"textfile"
"filesystem"
"loadavg"
"meminfo"
"netdev"
"stat"
"time"
"uname"
"vmstat"
];
openFirewall = true;
};
process = {
enable = true;
settings.process_names = [
{
name = "{{.Comm}}";
cmdline = [".*"];
}
];
openFirewall = true;
};
systemd = {
enable = true;
openFirewall = true;
};
};
grafana = {
enable = true;
settings = {
server = {
http_addr = "0.0.0.0";
http_port = 3333;
domain = "monitoring.darksailor.dev";
root_url = "https://monitoring.darksailor.dev";
};
security = {
admin_user = "admin";
admin_password = "$__file{${config.sops.secrets."grafana/adminPassword".path}}";
};
auth = {
disable_login_form = true;
};
"auth.basic" = {
enabled = false;
};
"auth.generic_oauth" = {
enabled = true;
name = "Authelia";
client_id = "grafana";
client_secret = "$__file{${config.sops.secrets.oauth-client-secret-grafana.path}}";
scopes = "openid profile email groups";
empty_scopes = false;
auth_url = "https://auth.darksailor.dev/api/oidc/authorization";
token_url = "https://auth.darksailor.dev/api/oidc/token";
api_url = "https://auth.darksailor.dev/api/oidc/userinfo";
login_attribute_path = "email";
groups_attribute_path = "groups";
name_attribute_path = "name";
email_attribute_path = "email";
username_attribute_path = "preferred_username";
use_pkce = true;
auto_login = true;
allow_sign_up = true;
role_attribute_path = "contains(groups[*], 'sso_admin') && 'Admin' || Viewer";
use_refresh_token = false;
id_token_attribute_name = "";
signout_redirect_url = "https://auth.darksailor.dev/logout";
};
};
provision = {
enable = true;
datasources.settings.datasources = [
{
name = "Prometheus";
type = "prometheus";
access = "proxy";
url = "http://localhost:9090";
isDefault = true;
jsonData = {
timeInterval = "15s";
};
}
];
dashboards.settings = {
apiVersion = 1;
providers = [
{
name = "default";
type = "file";
options.path = "/var/lib/grafana/dashboards";
}
];
};
};
};
caddy.virtualHosts."monitoring.darksailor.dev".extraConfig = ''
reverse_proxy localhost:${builtins.toString config.services.grafana.settings.server.http_port}
'';
authelia = {
instances.darksailor = {
settings = {
identity_providers = {
oidc = {
claims_policies = {
grafana = {
id_token = [
"email"
"name"
"groups"
"preferred_username"
];
};
};
clients = [
{
client_name = "Grafana";
client_id = "grafana";
claims_policy = "grafana";
client_secret = ''{{ secret "${config.sops.secrets.oauth-client-secret-grafana-authelia.path}" }}'';
public = false;
authorization_policy = "one_factor";
require_pkce = true;
pkce_challenge_method = "S256";
redirect_uris = [
"https://monitoring.darksailor.dev/login/generic_oauth"
];
scopes = [
"openid"
"profile"
"email"
"groups"
];
response_types = ["code"];
grant_types = ["authorization_code"];
userinfo_signed_response_alg = "none";
id_token_signed_response_alg = "RS256";
access_token_signed_response_alg = "RS256";
token_endpoint_auth_method = "client_secret_basic";
}
];
};
};
};
};
};
};
# SOPS secrets for Grafana
# Create dashboard directory and copy dashboards
systemd.tmpfiles.rules = [
"d /var/lib/grafana/dashboards 0755 grafana grafana"
"C /var/lib/grafana/dashboards/tsuba-monitoring.json 0644 grafana grafana - ${./dashboards/tsuba-monitoring.json}"
"C /var/lib/grafana/dashboards/ryu-monitoring.json 0644 grafana grafana - ${./dashboards/ryu-monitoring.json}"
"C /var/lib/grafana/dashboards/mirai-monitoring.json 0644 grafana grafana - ${./dashboards/mirai-monitoring.json}"
"C /var/lib/grafana/dashboards/overview-monitoring.json 0644 grafana grafana - ${./dashboards/overview-monitoring.json}"
"C /var/lib/grafana/dashboards/enhanced-overview.json 0644 grafana grafana - ${./dashboards/enhanced-overview.json}"
"C /var/lib/grafana/dashboards/systemd-monitoring.json 0644 grafana grafana - ${./dashboards/systemd-monitoring.json}"
];
# Open firewall ports
networking.firewall = {
# Allow Tailscale traffic for metrics scraping
trustedInterfaces = ["tailscale0"];
};
# Ensure Grafana service starts after PostgreSQL
# systemd.services.grafana.after = ["postgresql.service"];
# systemd.services.grafana.requires = ["postgresql.service"];
}

12
nixos/mirai/services/shitpost.nix Normal file
View File

@@ -0,0 +1,12 @@
{pkgs, ...}: let
src = pkgs.fetchgit {
url = "https://git.darksailor.dev/servius/adarkdayinmylife.public";
rev = "68d972f68cab8f68916b94df05b7ab6a7da4a1da";
sha256 = "sha256-EVis06rmHq1jJK0FVsbgi7TOru7GtEUpbx0PjU2AKEo=";
};
in {
services.caddy.virtualHosts."adarkdayinmy.life".extraConfig = ''
root * ${src}/
file_server
'';
}

3
nixos/mirai/services/tailscale.nix
View File

@@ -1,8 +1,9 @@
{...}: {
{masterPkgs, ...}: {
services.tailscale = {
enable = true;
useRoutingFeatures = "server";
extraUpFlags = "--advertise-exit-node";
package = masterPkgs.tailscale;
};
networking.firewall.trustedInterfaces = [
"tailscale0"

1
nixos/ryu/apps/default.nix
View File

@@ -6,5 +6,6 @@
imports = [
# ./alvr.nix
./easyeffects.nix
./vr.nix
];
}

9
nixos/ryu/apps/vr.nix Normal file
View File

@@ -0,0 +1,9 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
wlx-overlay-s
wayvr-dashboard
bs-manager
monado-vulkan-layers
envision
];
}

12
nixos/ryu/configuration.nix
View File

@@ -10,6 +10,7 @@
./programs
./containers
./apps
# ./vms
];
security.tpm2 = {
@@ -39,10 +40,10 @@
nix = {
settings = {
max-jobs = 1;
cores = 12;
cores = 24;
auto-optimise-store = true;
extra-experimental-features = "nix-command flakes auto-allocate-uids";
trusted-users = ["root" "servius"];
trusted-users = [device.user];
trusted-substituters = [
"https://nix-community.cachix.org"
"https://nixos-raspberrypi.cachix.org"
@@ -66,8 +67,9 @@
dates = "daily";
options = "--delete-older-than +5";
};
package = pkgs.nixVersions.nix_2_31; # deploy-rs doesn't work with nix >= 2.32
package = pkgs.nixVersions.latest; # deploy-rs doesn't work with nix >= 2.32
buildMachines = [
../../builders/tako.nix
../../builders/mirai.nix
../../builders/shiro.nix
# ../../builders/tsuba.nix
@@ -167,8 +169,6 @@
};
};
services.openssh.enable = true;
networking = {
interfaces.eno1.wakeOnLan = {
policy = ["magic"];
@@ -194,7 +194,7 @@
# firewall.enable = false;
nftables.enable = true;
firewall = {
enable = true;
enable = false;
trustedInterfaces = [
"tailscale0"
];

16
nixos/ryu/programs/gamemode.nix
View File

@@ -1,5 +1,19 @@
{...}: {
{pkgs, ...}: {
programs.gamemode = {
enable = true;
settings = {
general = {
renice = 10;
};
custom = {
start = let
out = pkgs.writeScriptBin "gamemode-start" ''
${pkgs.lmstudio}/bin/lms unload
${pkgs.libnotify}/bin/notify-send 'GameMode started'
'';
in "${out}/bin/gamemode-start";
end = "${pkgs.libnotify}/bin/notify-send 'GameMode ended'";
};
};
};
}

4
nixos/ryu/programs/obs-studio.nix
View File

@@ -5,7 +5,9 @@
enableVirtualCamera = true;
plugins = [
pkgs.obs-studio-plugins.wlrobs
pkgs.obs-studio-plugins.droidcam-obs
pkgs.obs-studio-plugins.input-overlay
pkgs.obs-studio-plugins.obs-vkcapture
# pkgs.obs-studio-plugins.droidcam-obs
];
};
};

16
nixos/ryu/ryu.nix
View File

@@ -17,10 +17,13 @@
enable = true;
enable32Bit = true;
extraPackages = with pkgs; [
# intel-vaapi-driver
vpl-gpu-rt
intel-media-driver
nvidia-vaapi-driver
cudatoolkit
# vaapiVdpau
# libvdpau-va-gl
# nvidia-utils
];
};
nvidia = {
@@ -47,20 +50,15 @@
# nixpkgs.localSystem = {system = "x86_64-linux";};
# nixpkgs.crossSystem = {system = "aarch64-linux";};
boot.binfmt.emulatedSystems = ["aarch64-linux"];
services.fprintd.enable = true;
services.sshd.enable = true;
boot.loader.systemd-boot.consoleMode = "max";
environment.sessionVariables = {
# LIBVA_DRIVER_NAME = "i965";
# __EGL_VENDOR_LIBRARY_FILENAMES = "/run/opengl-driver/share/glvnd/egl_vendor.d/50_mesa.json";
LIBVA_DRIVER_NAME = "nvidia";
NVD_BACKEND = "direct";
__GLX_VENDOR_LIBRARY_NAME = "nvidia";
NIXOS_OZONE_WL = "1";
};
virtualisation.libvirtd.enable = true;
users.extraUsers.servius.extraGroups = ["libvirtd" "adbusers" "kvm"];
boot.extraModprobeConfig = ''
@@ -136,6 +134,12 @@
options = ["nofail"];
};
fileSystems."/volumes/windows-games" = {
device = "/dev/disk/by-partuuid/56359fb7-7d33-44d2-bebd-b0c53daeeb73";
fsType = "ntfs3";
options = ["nofail"];
};
swapDevices = [];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking

20
nixos/ryu/services/caddy.nix
View File

@@ -4,10 +4,10 @@
...
}: {
sops = {
secrets."hetzner/api_key".owner = config.services.caddy.user;
secrets."cloudflare/api_key".owner = config.services.caddy.user;
templates = {
"HETZNER_API_KEY.env".content = ''
HETZNER_API_KEY=${config.sops.placeholder."hetzner/api_key"}
"CLOUDFLARE_API_KEY.env".content = ''
CLOUDFLARE_API_KEY=${config.sops.placeholder."cloudflare/api_key"}
'';
};
};
@@ -15,28 +15,22 @@
caddy = {
enable = true;
extraConfig = ''
(hetzner) {
(cloudflare) {
tls {
propagation_timeout -1
propagation_delay 120s
dns hetzner {env.HETZNER_API_KEY}
dns cloudflare {env.CLOUDFLARE_API_KEY}
resolvers 1.1.1.1
}
}
'';
package = pkgs.caddyWithHetzner;
# package = pkgs.caddy.withPlugins {
# plugins = ["github.com/caddy-dns/hetzner@v1.0.0"];
# # hash = "sha256-9ea0CfOHG7JhejB73HjfXQpnonn+ZRBqLNz1fFRkcDQ=";
# # hash = "sha256-9ea0CfOHG7JhejB73HjfXQpnonn+ZRBqLNz1fFRkcDQ="
# hash = "sha256-YUrprDZQL+cX3P8fVLKHouXTMG4rw3sCaQdGqiq37uA=";
# };
package = pkgs.caddyWithCloudflare;
};
};
systemd.services.caddy = {
after = ["sops-install-secrets.service"];
serviceConfig = {
EnvironmentFile = config.sops.templates."HETZNER_API_KEY.env".path;
EnvironmentFile = config.sops.templates."CLOUDFLARE_API_KEY.env".path;
};
};
}

7
nixos/ryu/services/default.nix
View File

@@ -16,5 +16,12 @@
./fwupd.nix
./caddy.nix
./monitoring.nix
./wivrn.nix
./sshd.nix
./fprintd.nix
./handoff.nix
./gstreamer.nix
./dualsense.nix
./openssh.nix
];
}

11
nixos/ryu/services/dualsense.nix Normal file
View File

@@ -0,0 +1,11 @@
{pkgs, ...}: {
environment.systemPackages = with pkgs; [
dualsensectl
];
services.udev.extraRules = ''
# USB
ATTRS{name}=="Sony Interactive Entertainment DualSense Wireless Controller Touchpad", ENV{LIBINPUT_IGNORE_DEVICE}="1"
# Bluetooth
ATTRS{name}=="DualSense Wireless Controller", ENV{LIBINPUT_IGNORE_DEVICE}="1"
'';
}

3
nixos/ryu/services/fprintd.nix Normal file
View File

@@ -0,0 +1,3 @@
{...}: {
services.fprintd.enable = true;
}

22
nixos/ryu/services/gstreamer.nix Normal file
View File

@@ -0,0 +1,22 @@
{pkgs, ...}: {
environment = {
systemPackages = with pkgs; [
gst_all_1.gst-libav
gst_all_1.gst-plugins-bad
gst_all_1.gst-plugins-base
gst_all_1.gst-plugins-good
gst_all_1.gst-plugins-rs
gst_all_1.gst-plugins-ugly
gst_all_1.gstreamer
gst_all_1.gstreamermm
gst_all_1.gst-rtsp-server
gst_all_1.gst-vaapi
# gst_all_1.icamerasrc-ipu6
# gst_all_1.icamerasrc-ipu6ep
# gst_all_1.icamerasrc-ipu6epmtl
];
sessionVariables = {
GST_PLUGIN_PATH = "/run/current-system/sw/lib/gstreamer-1.0/";
};
};
}

7
nixos/ryu/services/handoff.nix Normal file
View File

@@ -0,0 +1,7 @@
{...}: {
services.airpods-handoff = {
enable = true;
user = "servius";
macAddress = "14:14:7D:E5:1A:AC";
};
}

19
nixos/ryu/services/llama.nix
View File

@@ -8,25 +8,26 @@
llama-cpp = {
enable = false;
port = 11345;
model = "/nix/store/ch6z9di3l0k54ad29pzv8k3zv47q30d1-Qwen3-Coder-30B-A3B-Instruct-Q4_K_M.gguf";
# model = pkgs.fetchurl {
# # url = "https://huggingface.co/lmstudio-community/gpt-oss-20b-GGUF/resolve/main/gpt-oss-20b-MXFP4.gguf";
# # sha256 = "65d06d31a3977d553cb3af137b5c26b5f1e9297a6aaa29ae7caa98788cde53ab";
# url = "https://huggingface.co/lmstudio-community/Qwen3-Coder-30B-A3B-Instruct-GGUF/resolve/main/Qwen3-Coder-30B-A3B-Instruct-Q4_K_M.gguf";
# sha256 = "79ad15a5ee3caddc3f4ff0db33a14454a5a3eb503d7fa1c1e35feafc579de486";
# };
# model = "/nix/store/ch6z9di3l0k54ad29pzv8k3zv47q30d1-Qwen3-Coder-30B-A3B-Instruct-Q4_K_M.gguf";
model = pkgs.fetchurl {
# url = "https://huggingface.co/lmstudio-community/gpt-oss-20b-GGUF/resolve/main/gpt-oss-20b-MXFP4.gguf";
# sha256 = "65d06d31a3977d553cb3af137b5c26b5f1e9297a6aaa29ae7caa98788cde53ab";
url = "https://huggingface.co/lmstudio-community/Qwen3-Coder-30B-A3B-Instruct-GGUF/resolve/main/Qwen3-Coder-30B-A3B-Instruct-Q4_K_M.gguf";
sha256 = "79ad15a5ee3caddc3f4ff0db33a14454a5a3eb503d7fa1c1e35feafc579de486";
};
extraFlags = [
"-c"
"98304"
"--jinja"
# "--chat-template-file"
"--chat-template-file"
"${../../../assets/chat.hbs}"
# "/nix/store/4zk1p50hrzghp3jzzysz96pa64i2kmjl-promp.hbs"
];
# package = inputs.llama-cpp.packages.${pkgs.system}.cuda;
};
caddy = {
virtualHosts."llama.ryu.darksailor.dev".extraConfig = ''
import hetzner
import cloudflare
reverse_proxy localhost:${builtins.toString config.services.llama-cpp.port}
'';
};

6
nixos/ryu/services/ollama.nix
View File

@@ -41,15 +41,15 @@
# };
caddy = {
# virtualHosts."llama.ryu.darksailor.dev".extraConfig = ''
# import hetzner
# forward_auth mirai:5555 {
# import cloudflare
# forward_auth tako:5555 {
# uri /api/authz/forward-auth
# copy_headers Remote-User Remote-Groups Remote-Email Remote-Name
# }
# reverse_proxy localhost:${builtins.toString config.services.open-webui.port}
# '';
virtualHosts."ollama.ryu.darksailor.dev".extraConfig = ''
import hetzner
import cloudflare
reverse_proxy localhost:${builtins.toString config.services.ollama.port}
'';
};

7
nixos/ryu/services/openssh.nix Normal file
View File

@@ -0,0 +1,7 @@
{...}: {
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.PermitRootLogin = "prohibit-password";
};
}

3
nixos/ryu/services/sshd.nix Normal file
View File

@@ -0,0 +1,3 @@
{...}: {
services.sshd.enable = true;
}

18
nixos/ryu/services/tailscale.nix
View File

@@ -1,22 +1,8 @@
{
pkgs,
lib,
...
}: {
{masterPkgs, ...}: {
services = {
tailscale = {
enable = true;
# useRoutingFeatures = "both";
# extraUpFlags = ["--advertise-routes=192.168.0.0/24"];
package = masterPkgs.tailscale;
};
# networkd-dispatcher = {
# enable = true;
# rules."50-tailscale" = {
# onState = ["routable"];
# script = ''
# ${lib.getExe pkgs.ethtool} -K en01 rx-udp-gro-forwarding on rg-xgro-list off
# '';
# };
# };
};
}

13
nixos/ryu/services/wivrn.nix Normal file
View File

@@ -0,0 +1,13 @@
{pkgs, ...}: {
services.wivrn = {
enable = true;
openFirewall = true;
defaultRuntime = true;
autoStart = true;
steam = {
importOXRRuntimes = true;
};
highPriority = true;
# package = pkgs.wivrn;
};
}

12
nixos/ryu/vms/default.nix
View File

@@ -1,4 +1,16 @@
{
virtualisation = {
libvirtd = {
enable = true;
qemu = {
runAsRoot = true;
swtpm.enable = true;
# ovmf = {
# enable = true;
# };
};
};
};
imports = [
./win11.nix
];

4
nixos/ryu/vms/win11.nix
View File

@@ -4,10 +4,6 @@
lib,
...
}: {
virtualisation.libvirtd.enable = true;
virtualisation.libvirtd.qemu.ovmf.enable = true;
virtualisation.libvirtd.qemu.swtpm.enable = true;
# IOMMU and VFIO settings
# boot.kernelParams = [
# "amd_iommu=on" # Use "intel_iommu=on" for Intel CPUs

186
nixos/tako/configuration.nix Normal file
View File

@@ -0,0 +1,186 @@
{
config,
pkgs,
device,
...
}: {
imports = [
# Include the results of the hardware scan.
./services
./tako.nix
# ./docker.nix
];
virtualisation.docker.enable = true;
# virtualisation.podman = {
# enable = true;
# dockerSocket.enable = true;
# defaultNetwork.dnsname.enable = true;
# };
users.extraUsers.${device.user}.extraGroups = ["docker"];
environment.systemPackages = with pkgs; [
arion
];
security.sudo.wheelNeedsPassword = false;
sops = {
secrets."builder/mirai/cache/private" = {};
secrets.users = {
sopsFile = ../../secrets/users.yaml;
format = "yaml";
key = "";
};
};
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
nix = {
settings = {
max-jobs = 1;
cores = 8;
auto-optimise-store = true;
extra-experimental-features = "nix-command flakes auto-allocate-uids";
trusted-users = [device.user "remotebuilder"];
trusted-substituters = [
"https://nix-community.cachix.org"
"https://nixos-raspberrypi.cachix.org"
# "https://sh.darksailor.dev"
];
trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"nixos-raspberrypi.cachix.org-1:4iMO9LXa8BqhU+Rpg6LQKiGa2lsNh/j2oiYLNOQ5sPI="
# "tako:bcVPoFGBZ0i7JAKMXIqLj2GY3CulLC4kP7rQyqes1RM="
];
};
extraOptions = ''
build-users-group = nixbld
extra-nix-path = nixpkgs=flake:nixpkgs
builders-use-substitutes = true
secret-key-files = ${config.sops.secrets."builder/mirai/cache/private".path}
'';
gc = {
automatic = true;
dates = "daily";
options = "--delete-older-than 5d";
};
package = pkgs.nixVersions.latest; # deploy-rs doesn't work with nix >= 2.32
distributedBuilds = true;
};
users.users.${device.user} = {
isNormalUser = true;
extraGroups = ["wheel" "docker" "media"];
openssh.authorizedKeys.keyFiles = [
../../secrets/id_ed25519.pub
../../secrets/id_ios.pub
];
};
users.users.remotebuilder = {
isNormalUser = true;
openssh.authorizedKeys.keyFiles = [
../../secrets/id_ed25519.pub
];
};
users.groups.media = {};
nixpkgs.config.allowUnfree = true;
networking.hostName = "tako"; # Define your hostname.
# Pick only one of the below networking options.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# networking.networkmanager.enable = true; # Easiest to use and most distros use this by default.
# Set your time zone.
time.timeZone = "Asia/Singapore";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
# i18n.defaultLocale = "en_US.UTF-8";
# console = {
# font = "Lat2-Terminus16";
# keyMap = "us";
# useXkbConfig = true; # use xkb.options in tty.
# };
# Enable the X11 windowing system.
# services.xserver.enable = true;
# Configure keymap in X11
# services.xserver.xkb.layout = "us";
# services.xserver.xkb.options = "eurosign:e,caps:escape";
# Enable CUPS to print documents.
# services.printing.enable = true;
# Enable sound.
# hardware.pulseaudio.enable = true;
# OR
# services.pipewire = {
# enable = true;
# pulse.enable = true;
# };
# Enable touchpad support (enabled default in most desktopManager).
# services.libinput.enable = true;
# Define a user account. Don't forget to set a password with passwd.
# users.users.alice = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# packages = with pkgs; [
# firefox
# tree
# ];
# };
# List packages installed in system profile. To search, run:
# $ nix search wget
# environment.systemPackages = with pkgs; [
# vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
# wget
# ];
# Some programs need SUID wrappers, can be configured further or are
# started in user sessions.
# programs.mtr.enable = true;
# programs.gnupg.agent = {
# enable = true;
# enableSSHSupport = true;
# };
# List services that you want to enable:
# Enable the OpenSSH daemon.
services.openssh.enable = true;
# Open ports in the firewall.
networking.firewall.allowedTCPPorts = [22 80 443];
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.11"; # Did you read the comment?
}

96
nixos/tako/disk-config.nix Normal file
View File

@@ -0,0 +1,96 @@
{...}: {
disko.devices = {
disk = {
one = {
type = "disk";
device = "/dev/sda";
content = {
type = "gpt";
partitions = {
ESP = {
priority = 1;
name = "ESP";
size = "1G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["umask=0077"];
};
};
primary = {
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
two = {
type = "disk";
device = "/dev/sdb";
content = {
type = "gpt";
partitions = {
primary = {
size = "100%";
content = {
type = "lvm_pv";
vg = "pool";
};
};
};
};
};
};
lvm_vg = {
pool = {
type = "lvm_vg";
lvs = {
root = {
size = "128G";
lvm_type = "mirror";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/";
mountOptions = [
"defaults"
];
};
};
nix = {
size = "256G";
lvm_type = "raid0";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/nix";
};
};
home = {
size = "64G";
lvm_type = "raid0";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/home";
};
};
media = {
size = "100%";
lvm_type = "raid0";
content = {
type = "filesystem";
format = "ext4";
mountpoint = "/media";
};
};
};
};
};
};
}

69
nixos/tako/docker.nix Normal file
View File

@@ -0,0 +1,69 @@
{
config,
lib,
pkgs,
...
}: {
# virtualisation = {
# docker.enable = true;
# podman.enable = true;
# oci-containers = {
# backend = "podman";
# containers.homeassistant = {
# volumes = ["home-assistant:/config"];
# environment.TZ = "Asia/Kolkata";
# image = "ghcr.io/home-assistant/home-assistant:stable"; # Warning: if the tag does not change, the image will not be updated
# extraOptions = [
# "--network=ha-net"
# ];
# };
# };
# };
# networking.firewall.allowedTCPPorts = [8123];
# environment.systemPackages = with pkgs; [
# docker
# podman
# ];
# services.caddy = {
# enable = true;
# virtualHosts."home.darksailor.dev".extraConfig = ''
# reverse_proxy localhost:8123
# '';
# };
# containers.llama = {
# autoStart = true;
# privateNetwork = true;
# hostAddress = "192.168.100.10";
# localAddress = "192.168.100.11";
# hostAddress6 = "fc00::1";
# localAddress6 = "fc00::2";
# config = {
# config,
# pkgs,
# libs,
# ...
# }: {
# system.stateVersion = "24.11";
# networking = {
# firewall = {
# enable = true;
# allowedTCPPorts = [4000];
# };
# # Use systemd-resolved inside the container
# # Workaround for bug https://github.com/NixOS/nixpkgs/issues/162686
# useHostResolvConf = lib.mkForce false;
# };
# services.resolved.enable = true;
# services.llama-cpp = {
# enable = true;
# host = "127.0.0.1";
# port = 4000;
# model = builtins.fetchurl {
# name = "qwen_2.5.1_coder_7b_instruct_gguf";
# sha256 = "61834b88c1a1ce5c277028a98c4a0c94a564210290992a7ba301bbef96ef8eba";
# url = "https://huggingface.co/bartowski/Qwen2.5.1-Coder-7B-Instruct-GGUF/resolve/main/Qwen2.5.1-Coder-7B-Instruct-Q8_0.gguf?download=true";
# };
# };
# };
# };
}

17
nixos/tako/services/attic.nix Normal file
View File

@@ -0,0 +1,17 @@
{...}: {
services = {
atticd = {
enable = false;
listen = "/run/attic.sock";
};
caddy = {
virtualHosts."cache.darksailor.dev".extraConfig = ''
reverse_proxy /run/attic.sock {
transport http {
protocol = "fd"
}
}
'';
};
};
}

13
nixos/tako/services/atuin.nix Normal file
View File

@@ -0,0 +1,13 @@
{...}: {
services = {
atuin = {
enable = true;
openRegistration = false;
};
caddy = {
virtualHosts."atuin.darksailor.dev".extraConfig = ''
reverse_proxy localhost:8888
'';
};
};
}

109
nixos/tako/services/authelia.nix Normal file
View File

@@ -0,0 +1,109 @@
{config, ...}: let
port = 5555;
in {
sops = {
secrets = let
user = config.systemd.services.authelia-darksailor.serviceConfig.User;
in {
"authelia/servers/darksailor/jwtSecret".owner = user;
"authelia/servers/darksailor/storageEncryptionSecret".owner = user;
"authelia/servers/darksailor/sessionSecret".owner = user;
"authelia/users/servius".owner = user;
"lldap/users/authelia".owner = user;
users.owner = user;
"authelia/oidc/jwks".owner = user;
};
};
services = {
authelia = {
instances.darksailor = {
enable = true;
settings = {
authentication_backend = {
password_reset.disable = false;
password_change.disable = false;
ldap = {
address = "ldap://localhost:389";
timeout = "5s";
base_dn = "dc=darksailor,dc=dev";
user = "cn=authelia,ou=people,dc=darksailor,dc=dev";
users_filter = "(&({username_attribute}={input})(objectClass=person))";
groups_filter = "(&(member={dn})(objectClass=groupOfNames))";
additional_users_dn = "OU=people";
additional_groups_dn = "OU=groups";
};
};
session = {
cookies = [
{
domain = "darksailor.dev";
authelia_url = "https://auth.darksailor.dev";
name = "authelia_session";
}
];
};
access_control = {
default_policy = "one_factor";
rules = let
bypass_api = domain: [
{
inherit domain;
policy = "bypass";
resources = [
"^/api([/?].*)?$"
];
}
{
inherit domain;
policy = "one_factor";
}
];
in
(bypass_api "sonarr.tsuba.darksailor.dev")
++ (bypass_api "radarr.tsuba.darksailor.dev")
++ (bypass_api "lidarr.tsuba.darksailor.dev")
++ (bypass_api "bazarr.tsuba.darksailor.dev")
++ (bypass_api "prowlarr.tsuba.darksailor.dev");
};
storage = {
local = {
path = "/var/lib/authelia-darksailor/authelia.sqlite3";
};
};
theme = "dark";
notifier.filesystem.filename = "/var/lib/authelia-darksailor/authelia-notifier.log";
server = {
address = "0.0.0.0:${toString port}";
endpoints.authz = {
forward-auth = {
implementation = "ForwardAuth";
};
auth-request = {
implementation = "AuthRequest";
};
};
};
};
secrets = {
jwtSecretFile = config.sops.secrets."authelia/servers/darksailor/jwtSecret".path;
storageEncryptionKeyFile = config.sops.secrets."authelia/servers/darksailor/storageEncryptionSecret".path;
sessionSecretFile = config.sops.secrets."authelia/servers/darksailor/sessionSecret".path;
oidcHmacSecretFile = config.sops.secrets."authelia/servers/darksailor/sessionSecret".path;
oidcIssuerPrivateKeyFile = config.sops.secrets."authelia/oidc/jwks".path;
};
environmentVariables = {
AUTHELIA_AUTHENTICATION_BACKEND_LDAP_PASSWORD_FILE = config.sops.secrets."lldap/users/authelia".path;
};
};
};
caddy = {
virtualHosts."auth.darksailor.dev".extraConfig = ''
reverse_proxy localhost:${toString port} {
# header_up Host {http.request.header.X-Forwarded-Host}
# header_up X-Forwarded-Host {http.request.header.X-Forwarded-Host}
# header_up X-Forwarded-Proto {http.request.header.X-Forwarded-Proto}
}
'';
};
};
}

15
nixos/tako/services/caddy.nix Normal file
View File

@@ -0,0 +1,15 @@
{...}: {
services = {
caddy = {
enable = true;
extraConfig = ''
(auth) {
forward_auth localhost:5555 {
uri /api/authz/forward-auth?authelia_url=https://auth.darksailor.dev
copy_headers Remote-User Remote-Groups Remote-Name Remote-Email
}
}
'';
};
};
}

31
nixos/tako/services/default.nix Normal file
View File

@@ -0,0 +1,31 @@
{...}: {
imports = [
# ./games
# ./headscale.nix
# ./llama.nix
# ./monitoring.nix
# ./paperless.nix
# ./shitpost.nix
./atuin.nix
./authelia.nix
./caddy.nix
./excalidraw.nix
./fail2ban.nix
./flaresolverr.nix
./gitea.nix
./homepage.nix
./immich.nix
./lldap.nix
./nextcloud.nix
./openssh.nix
./prowlarr.nix
./resolved.nix
./searxng.nix
./tailscale.nix
];
services = {
nix-serve = {
enable = true;
};
};
}

30
nixos/tako/services/excalidraw.nix Normal file
View File

@@ -0,0 +1,30 @@
{...}: {
virtualisation.oci-containers = {
backend = "docker";
containers = {
excalidraw = {
image = "excalidraw/excalidraw:latest";
ports = ["127.0.0.1:5959:80"];
volumes = [];
};
};
};
services.caddy.virtualHosts."draw.darksailor.dev".extraConfig = ''
import auth
reverse_proxy localhost:5959
'';
services.authelia = {
instances.darksailor = {
settings = {
access_control = {
rules = [
{
domain = "draw.darksailor.dev";
policy = "one_factor";
}
];
};
};
};
};
}

21
nixos/tako/services/fail2ban.nix Normal file
View File

@@ -0,0 +1,21 @@
{...}: {
# sops = {
# secrets."ryu/public" = {};
# };
services = {
fail2ban = {
enable = true;
bantime = "24h"; # Ban IPs for one day on the first ban
bantime-increment = {
enable = true; # Enable increment of bantime after each violation
# formula = "ban.Time * math.exp(float(ban.Count+1)*banFactor)/math.exp(1*banFactor)";
multipliers = "1 2 4 8 16 32 64";
maxtime = "168h"; # Do not ban for more than 1 week
overalljails = true; # Calculate the bantime based on all the violations
};
ignoreIP = [
"106.219.121.52"
];
};
};
}

8
nixos/tako/services/flaresolverr.nix Normal file
View File

@@ -0,0 +1,8 @@
{stablePkgs, ...}: {
services = {
flaresolverr = {
enable = true;
package = stablePkgs.flaresolverr;
};
};
}

7
nixos/tako/services/games/default.nix Normal file
View File

@@ -0,0 +1,7 @@
{...}: {
imports = [
./minecraft.nix
./satisfactory.nix
./terraria.nix
];
}

56
nixos/tako/services/games/minecraft.nix Normal file
View File

@@ -0,0 +1,56 @@
{
pkgs,
inputs,
...
}: {
# imports = [inputs.nix-minecraft.nixosModules.minecraft-servers];
services = let
whitelist = {
"AbhinavSE" = "8b6c052e-69b3-4bee-b9dc-12eb94653c9e";
"Serveus" = "79882fb6-d594-4073-a3d0-70a01d0abb67";
"__Shun__" = "1c7a300f-98e4-402c-8741-432f3494bb25";
"shashikant" = "20891e82-203c-4d04-9868-79a5879ecfc3";
};
in {
minecraft-server = {
inherit whitelist;
enable = false;
openFirewall = true;
eula = true;
declarative = true;
serverProperties = {
motd = "Servius's Minecraft Server";
level-seed = "4504535438041489910";
view-distance = 24;
white-list = true;
};
package = let
getJavaVersion = v: (builtins.getAttr "openjdk${toString v}" pkgs.javaPackages.compiler).headless;
in
pkgs.minecraft-server.override {
url = "https://piston-data.mojang.com/v1/objects/6e64dcabba3c01a7271b4fa6bd898483b794c59b/server.jar";
sha1 = "sha1-bmTcq7o8AacnG0+mvYmEg7eUxZs=";
version = "1.21.6";
jre_headless = getJavaVersion 21;
};
};
# minecraft-servers = {
# enable = true;
# eula = true;
# openFirewall = true;
# servers.fabric = {
# inherit whitelist;
# enable = true;
# jvmOpts = "-Xmx4G -Xms4G";
# package = pkgs.fabricServers.fabric-1_21_7;
# serverProperties = {
# motd = "Servius's Fabric Minecraft Server";
# server-port = 25567;
# level-seed = "4504535438041489910";
# view-distance = 24;
# white-list = true;
# };
# };
# };
};
}

10
nixos/tako/services/games/satisfactory.nix Normal file
View File

@@ -0,0 +1,10 @@
{...}: {
imports = [
../../../../modules/nixos/satisfactory.nix
];
services.satisfactory = {
# enable = true;
enable = false;
maxPlayers = 4;
};
}

7
nixos/tako/services/games/terraria.nix Normal file
View File

@@ -0,0 +1,7 @@
{...}: {
services.terraria = {
enable = true;
# port = 7777;
autoCreatedWorldSize = "large";
};
}

185
nixos/tako/services/gitea.nix Normal file
View File

@@ -0,0 +1,185 @@
{
lib,
config,
pkgs,
...
}: {
virtualisation.docker.enable = true;
sops = {
# secrets."gitea/registration".owner = config.systemd.services.gitea-actions-tako.serviceConfig.User;
secrets."gitea/registration" = {};
secrets."authelia/oidc/gitea/client_secret" = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = [
"gitea.service"
"authelia-darksailor.service"
];
};
secrets."authelia/oidc/gitea/client_id" = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = [
"gitea.service"
"authelia-darksailor.service"
];
};
templates = {
"GITEA_REGISTRATION_TOKEN.env".content = ''
TOKEN=${config.sops.placeholder."gitea/registration"}
'';
"GITEA_OAUTH_SETUP.env".content = ''
CLIENT_ID=${config.sops.placeholder."authelia/oidc/gitea/client_id"}
CLIENT_SECRET=${config.sops.placeholder."authelia/oidc/gitea/client_secret"}
'';
};
};
services = {
gitea = {
enable = true;
lfs.enable = true;
settings = {
service = {
DISABLE_REGISTRATION = false;
ALLOW_ONLY_EXTERNAL_REGISTRATION = true;
SHOW_REGISTRATION_BUTTON = false;
ENABLE_REVERSE_PROXY_AUTHENTICATION = false;
ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false;
ENABLE_PASSWORD_SIGNIN_FORM = false;
};
repository = {
ENABLE_PUSH_CREATE_USER = true;
};
mailer = {
ENABLED = true;
PROTOCOL = "sendmail";
};
security = {
REVERSE_PROXY_AUTHENTICATION_USER = "REMOTE-USER";
};
server = {
ROOT_URL = "https://git.darksailor.dev";
DOMAIN = "git.darksailor.dev";
# LFS_START_SERVER = true;
LFS_ALLOW_PURE_SSH = true;
};
oauth2_client = {
ENABLE_AUTO_REGISTRATION = true;
ACCOUNT_LINKING = "auto";
OPENID_CONNECT_SCOPES = "openid profile email";
};
openid = {
ENABLE_OPENID_SIGNIN = false;
ENABLE_OPENID_SIGNUP = true;
WHITELISTED_URIS = "auth.darksailor.dev";
};
};
};
# gitea-actions-runner = {
# instances = {
# tako = {
# enable = true;
# name = "tako";
# url = "https://git.darksailor.dev";
# labels = [
# "ubuntu-latest:docker://catthehacker/ubuntu:full-latest"
# "ubuntu-22.04:docker://catthehacker/ubuntu:full-22.04"
# "ubuntu-20.04:docker://catthehacker/ubuntu:full-20.04"
# "native:host"
# ];
# tokenFile = "${config.sops.templates."GITEA_REGISTRATION_TOKEN.env".path}";
# };
# };
# };
caddy = {
virtualHosts."git.darksailor.dev".extraConfig = ''
reverse_proxy localhost:3000
'';
};
authelia = {
instances.darksailor = {
settings = {
# access_control = {
# rules = [
# {
# domain = "git.darksailor.dev";
# policy = "bypass";
# resources = [
# "^/api([/?].*)?$"
# ];
# }
# {
# domain = "git.darksailor.dev";
# policy = "one_factor";
# }
# ];
# };
identity_providers = {
oidc = {
clients = [
{
client_name = "Gitea: Darksailor";
client_id = ''{{ secret "${config.sops.secrets."authelia/oidc/gitea/client_id".path}" }}'';
client_secret = ''{{ secret "${config.sops.secrets."authelia/oidc/gitea/client_secret".path}" }}'';
public = false;
authorization_policy = "one_factor";
require_pkce = false;
# pkce_challenge_method = "S256";
redirect_uris = [
"https://git.darksailor.dev/user/oauth2/authelia/callback"
];
scopes = [
"openid"
"email"
"profile"
];
response_types = ["code"];
grant_types = ["authorization_code"];
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_post";
}
];
};
};
};
};
};
};
systemd.services.gitea = {
after = ["sops-install-secrets.service"];
};
# systemd.services."gitea-actions-tako" = {
# after = ["gitea.service"];
# };
# systemd.services.gitea-oauth-setup = let
# name = "authelia";
# gitea_oauth_script = pkgs.writeShellApplication {
# name = "gitea_oauth2_script";
# runtimeInputs = [config.services.gitea.package];
# text = ''
# gitea admin auth delete --id "$(gitea admin auth list | grep "${name}" | cut -d "$(printf '\t')" -f1)"
# gitea admin auth add-oauth --provider=openidConnect --name=${name} --key="$CLIENT_ID" --secret="$CLIENT_SECRET" --auto-discover-url=https://auth.darksailor.dev/.well-known/openid-configuration --scopes='openid email profile'
# '';
# };
# in {
# description = "Configure Gitea OAuth with Authelia";
# after = ["gitea.service"];
# wants = ["gitea.service"];
# wantedBy = ["multi-user.target"];
# serviceConfig = {
# Type = "oneshot";
# User = config.services.gitea.user;
# Group = config.services.gitea.group;
# RemainAfterExit = true;
# ExecStart = "${lib.getExe gitea_oauth_script}";
# WorkingDirectory = config.services.gitea.stateDir;
# EnvironmentFile = config.sops.templates."GITEA_OAUTH_SETUP.env".path;
# };
# environment = {
# GITEA_WORK_DIR = config.services.gitea.stateDir;
# GITEA_CUSTOM = config.services.gitea.customDir;
# };
# };
}

79
nixos/tako/services/headscale.nix Normal file
View File

@@ -0,0 +1,79 @@
{config, ...}: {
sops = {
secrets.headscale-secret = {
owner = config.systemd.services.headscale.serviceConfig.User;
mode = "0440";
restartUnits = ["headscale.service" "authelia-darksailor.service"];
key = "authelia/oidc/headscale/client_secret";
};
secrets.headscale-authelia = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = ["headscale.service" "authelia-darksailor.service"];
key = "authelia/oidc/headscale/client_secret";
};
};
services = {
headscale = {
enable = true;
port = 8095;
settings = {
dns = {
magic_dns = true;
base_domain = "headscale.darksailor.dev";
nameservers.global = ["1.1.1.1"];
};
oidc = {
issuer = "https://auth.darksailor.dev";
client_id = "headscale";
client_secret_path = "${config.sops.secrets.headscale-secret.path}";
pkce = {
enabled = true;
method = "S256";
};
};
};
};
# headplane = {
# enable = true;
# settings = {
# server.port = 42562;
# };
# };
caddy = {
virtualHosts."headscale.darksailor.dev".extraConfig = ''
reverse_proxy localhost:${toString config.services.headplane.settings.server.port}
'';
};
authelia = {
instances.darksailor = {
settings = {
identity_providers = {
oidc = {
clients = [
{
client_name = "HeadScale";
client_id = "headscale";
client_secret = ''{{ secret "${config.sops.secrets.headscale-authelia.path}" }}'';
public = false;
authorization_policy = "one_factor";
require_pkce = true;
pkce_challenge_method = "S256";
redirect_uris = [
"https://headscale.darksailor.dev/oidc/callback"
];
scopes = ["openid" "email" "profile" "groups"];
response_types = ["code"];
grant_types = ["authorization_code"];
access_token_signed_response_alg = "none";
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_basic";
}
];
};
};
};
};
};
};
}

181
nixos/tako/services/homepage.nix Normal file
View File

@@ -0,0 +1,181 @@
{config, ...}: {
services = {
homepage-dashboard = {
enable = true;
allowedHosts = "dashboard.darksailor.dev";
settings = {
title = "Servius' Dashboard";
description = "A collection of services and links for quick access.";
};
widgets = [
{
resources = {
cpu = true;
disk = "/";
memory = true;
};
}
];
services = [
{
"Tsuba" = [
{
"Jellyfin" = {
icon = "jellyfin.png";
description = "Jellyfin Media Server";
href = "https://jellyfin.tsuba.darksailor.dev";
};
}
{
"Sonarr" = {
icon = "sonarr.png";
description = "Sonarr: TV Series Management";
href = "https://sonarr.tsuba.darksailor.dev";
};
}
{
"Bazarr" = {
icon = "bazarr.png";
description = "Bazarr: Subtitles and Metadata";
href = "https://bazarr.tsuba.darksailor.dev";
};
}
{
"Radarr" = {
icon = "radarr.png";
description = "Radarr: Movie Management";
href = "https://radarr.tsuba.darksailor.dev";
};
}
{
"Deluge" = {
icon = "deluge.png";
description = "Deluge: Torrent Client";
href = "https://deluge.tsuba.darksailor.dev";
};
}
{
"Prowlarr" = {
icon = "prowlarr.png";
description = "Prowlarr: Indexer Manager";
href = "https://prowlarr.tsuba.darksailor.dev";
};
}
{
"Home Assistant" = {
icon = "home-assistant.png";
description = "Home Automation";
href = "https://home.darksailor.dev";
};
}
];
}
{
"Tako" = [
{
"Gitea" = {
icon = "gitea.png";
description = "Gitea Code Hosting";
href = "https://git.darksailor.dev";
};
}
{
"Nextcloud" = {
icon = "nextcloud.png";
description = "Nextcloud Suite";
href = "https://cloud.darksailor.dev";
};
}
# {
# "Open WebUI" = {
# icon = "open-webui.png";
# description = "Open WebUI for self hosted llms";
# href = "https://llama.darksailor.dev";
# };
# }
{
"Immich" = {
icon = "immich.png";
description = "Immich: Self-hosted Photo and Video Backup";
href = "https://photos.darksailor.dev";
};
}
{
"Excalidraw" = {
icon = "excalidraw.png";
description = "Excalidraw: Self-hosted Collaborative Whiteboard";
href = "https://draw.darksailor.dev";
};
}
];
}
];
bookmarks = [
{
"Nix" = [
{
"Nixpkgs" = [
{
abbr = "pkgs";
href = "https://search.nixos.org/packages?channel=unstable";
}
];
}
{
"NixOS" = [
{
abbr = "nixos";
href = "https://search.nixos.org/options?channel=unstable";
}
];
}
{
"Home Manager" = [
{
abbr = "hm";
href = "https://home-manager-options.extranix.com";
}
];
}
{
"NixVim" = [
{
abbr = "nixvim";
href = "https://nix-community.github.io/nixvim/search";
}
];
}
{
"Tailscale" = [
{
abbr = "ts";
href = "https://login.tailscale.com";
}
];
}
];
}
];
};
caddy = {
virtualHosts."dashboard.darksailor.dev".extraConfig = ''
# import auth
reverse_proxy localhost:${builtins.toString config.services.homepage-dashboard.listenPort}
'';
};
authelia = {
instances.darksailor = {
settings = {
access_control = {
rules = [
{
domain = "dashboard.darksailor.dev";
policy = "one_factor";
}
];
};
};
};
};
};
}

118
nixos/tako/services/immich.nix Normal file
View File

@@ -0,0 +1,118 @@
{
pkgs,
config,
...
}: {
sops = {
secrets."authelia/oidc/immich/client_id" = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = ["immich-server.service" "authelia-darksailor.service"];
};
secrets."authelia/oidc/immich/client_secret" = {
owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
mode = "0440";
restartUnits = ["immich-server.service" "authelia-darksailor.service"];
};
templates = {
"immich-config.json" = {
content =
/*
json
*/
''
{
"oauth": {
"clientId": "${config.sops.placeholder."authelia/oidc/immich/client_id"}",
"clientSecret": "${config.sops.placeholder."authelia/oidc/immich/client_secret"}",
"enabled": true,
"autoLaunch": true,
"autoRegister": true,
"buttonText": "Login with Authelia",
"scope": "openid email profile",
"issuerUrl": "https://auth.darksailor.dev"
},
"passwordLogin" : {
"enabled": false
},
"server": {
"externalDomain": "https://photos.darksailor.dev"
},
{
"machineLearning": {
"enabled": true,
"urls": [
"http://ryu.darksailor.dev:3003",
"http://localhost:3003"
],
}
}
}
'';
mode = "0400";
owner = "immich";
restartUnits = ["immich-server.service"];
};
};
};
virtualisation.oci-containers = {
backend = "docker";
containers = {
immich-machine-learning = {
image = "ghcr.io/immich-app/immich-machine-learning:v${pkgs.immich.version}";
ports = [
"127.0.0.1:3003:3003"
];
volumes = [
"model-cache:/cache"
];
};
};
};
services.immich = {
enable = true;
mediaLocation = "/media/photos/immich";
accelerationDevices = null;
machine-learning.enable = false;
environment = {
IMMICH_CONFIG_FILE = config.sops.templates."immich-config.json".path;
};
package = pkgs.immich;
};
services.caddy = {
virtualHosts."photos.darksailor.dev".extraConfig = ''
reverse_proxy localhost:${builtins.toString config.services.immich.port}
'';
};
services.authelia = {
instances.darksailor = {
settings = {
identity_providers = {
oidc = {
clients = [
{
client_name = "immich";
client_id = ''{{ secret "${config.sops.secrets."authelia/oidc/immich/client_id".path}" }}'';
client_secret = ''{{ secret "${config.sops.secrets."authelia/oidc/immich/client_secret".path}" }}'';
public = false;
authorization_policy = "one_factor";
require_pkce = false;
redirect_uris = [
"https://photos.darksailor.dev/auth/login"
"https://photos.darksailor.dev/user-settings"
"app.immich:///oauth-callback"
];
scopes = ["openid" "profile" "email"];
response_types = ["code"];
grant_types = ["authorization_code"];
# access_token_signed_response_alg = "none";
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_post";
}
];
};
};
};
};
};
}

103
nixos/tako/services/llama.nix Normal file
View File

@@ -0,0 +1,103 @@
{
config,
pkgs,
inputs,
...
}: {
sops = {
secrets."llama/api_key".owner = config.services.caddy.user;
secrets."llama/user".owner = config.services.caddy.user;
secrets."openai/api_key" = {};
templates = {
"LLAMA_API_KEY.env".content = ''
LLAMA_API_KEY=${config.sops.placeholder."llama/api_key"}
'';
api_key_env.owner = config.services.caddy.user;
"OPENAI_API_KEY.env".content = ''
OPENAI_API_KEY="${config.sops.placeholder."openai/api_key"}"
'';
};
};
services = {
llama-cpp = {
enable = false;
port = 11435;
model = pkgs.fetchurl {
url = "https://huggingface.co/lmstudio-community/gpt-oss-20b-GGUF/resolve/main/gpt-oss-20b-MXFP4.gguf";
sha256 = "65d06d31a3977d553cb3af137b5c26b5f1e9297a6aaa29ae7caa98788cde53ab";
};
# package = pkgs.ik_llama;
};
ollama = {
enable = false;
loadModels = [
"deepseek-r1:7b"
"deepseek-r1:14b"
"RobinBially/nomic-embed-text-8k"
"qwen3:8b"
];
port = 11434;
host = "0.0.0.0";
environmentVariables = {
OLLAMA_ORIGINS = "*";
};
};
open-webui = {
enable = false;
port = 7070;
environment = {
SCARF_NO_ANALYTICS = "True";
DO_NOT_TRACK = "True";
ANONYMIZED_TELEMETRY = "False";
WEBUI_AUTH = "False";
ENABLE_LOGIN_FORM = "False";
WEBUI_URL = "https://llama.darksailor.dev";
OPENAI_BASE_URL = "https://ollama.darksailor.dev/v1";
OLLAMA_API_BASE_URL = "https://ollama.ryu.darksailor.dev";
};
environmentFile = "${config.sops.templates."LLAMA_API_KEY.env".path}";
};
caddy = {
virtualHosts."llama.darksailor.dev".extraConfig = ''
import auth
reverse_proxy localhost:${builtins.toString config.services.open-webui.port}
'';
virtualHosts."ollama.darksailor.dev".extraConfig = ''
@apikey {
header Authorization "Bearer {env.LLAMA_API_KEY}"
}
handle @apikey {
header {
# Set response headers or proxy to a different service if API key is valid
Access-Control-Allow-Origin *
-Authorization "Bearer {env.LLAMA_API_KEY}" # Remove the header after validation
}
reverse_proxy localhost:${builtins.toString config.services.llama-cpp.port}
}
respond "Unauthorized" 403
'';
};
authelia = {
instances.darksailor = {
settings = {
access_control = {
rules = [
{
domain = "llama.darksailor.dev";
policy = "one_factor";
}
];
};
};
};
};
};
systemd.services.caddy = {
serviceConfig = {
EnvironmentFile = config.sops.templates."LLAMA_API_KEY.env".path;
};
};
}

56
nixos/tako/services/lldap.nix Normal file
View File

@@ -0,0 +1,56 @@
{
config,
lib,
...
}: {
services.lldap = {
enable = true;
settings = {
force_ldap_user_pass_reset = "always";
ldap_user_dn = "admin";
ldap_base_dn = "dc=darksailor,dc=dev";
ldap_user_email = "admin@darksailor.dev";
http_host = "127.0.0.1";
http_port = 5090;
ldap_port = 389;
ldap_host = "::";
ldap_user_pass_file = config.sops.secrets."lldap/admin".path;
jwt_secret_file = "${config.sops.secrets."lldap/jwt".path}";
};
environment = {
LLDAP_JWT_SECRET_FILE = "${config.sops.secrets."lldap/jwt".path}";
# LLDAP_FORCE_UPDATE_PRIVATE_KEY = "true";
# LLDAP_KEY_SEED_FILE = "${config.sops.secrets."lldap/seed".path}";
};
};
users.users.lldap = {
name = "lldap";
group = "lldap";
description = "LDAP Server User";
isSystemUser = true;
};
users.groups.lldap = {};
systemd.services.lldap = {
serviceConfig = {
AmbientCapabilities = "CAP_NET_BIND_SERVICE";
DynamicUser = lib.mkForce false;
User = "lldap";
Group = "lldap";
};
};
sops = {
secrets = let
owner = config.systemd.services.lldap.serviceConfig.User;
group = config.systemd.services.lldap.serviceConfig.Group;
restartUnits = ["lldap.service"];
cfg = {
inherit owner group restartUnits;
};
in {
"lldap/jwt" = cfg;
"lldap/seed" = cfg;
"lldap/admin" = cfg;
};
};
}

18
nixos/tako/services/navidrome.nix Normal file
View File

@@ -0,0 +1,18 @@
{...}: {
services = {
navidrome = {
enable = true;
settings = {
MusicFolder = "/media/music";
ReverseProxyUserHeader = "Remote-User";
ReverseProxyWhitelist = "127.0.0.1/32";
};
};
caddy = {
virtualHosts."music.darksailor.dev".extraConfig = ''
import auth
reverse_proxy localhost:4533
'';
};
};
}

104
nixos/tako/services/nextcloud.nix Normal file
View File

@@ -0,0 +1,104 @@
{
config,
pkgs,
...
}: {
sops = {
secrets."nextcloud/adminpass".owner = config.users.users.nextcloud.name;
# secrets."authelia/oidc/nextcloud/client_id".owner = config.users.users.nextcloud.name;
secrets."authelia/oidc/nextcloud/client_secret".owner = config.users.users.nextcloud.name;
};
imports = [
"${fetchTarball {
url = "https://github.com/onny/nixos-nextcloud-testumgebung/archive/fa6f062830b4bc3cedb9694c1dbf01d5fdf775ac.tar.gz";
sha256 = "0gzd0276b8da3ykapgqks2zhsqdv4jjvbv97dsxg0hgrhb74z0fs";
}}/nextcloud-extras.nix"
];
services = {
nextcloud = {
enable = true;
package = pkgs.nextcloud32;
extraApps = {
inherit (config.services.nextcloud.package.packages.apps) contacts calendar bookmarks user_oidc;
};
extraAppsEnable = true;
hostName = "cloud.darksailor.dev";
config.adminuser = "servius";
config.adminpassFile = config.sops.secrets."nextcloud/adminpass".path;
config.dbtype = "sqlite";
configureRedis = true;
https = true;
caching = {
redis = true;
apcu = true;
memcached = true;
};
webserver = "caddy";
settings = {};
};
# caddy = {
# virtualHosts."cloud.darksailor.dev".extraConfig = ''
# reverse_proxy localhost:8080
# '';
# };
# nginx.virtualHosts."${config.services.nextcloud.hostName}".listen = [
# {
# addr = "127.0.0.1";
# port = 8080; # NOT an exposed port
# }
# ];
# authelia.instances.darksailor = {
# settings = {
# definitions = {
# user_attributes = {
# is_nextcloud_admin = {
# expression = ''"nextcloud-admins" in groups"'';
# };
# };
# };
# identity_providers = {
# oidc = {
# claims_policies = {
# custom_claims = {
# is_nextcloud_admin = {};
# };
# };
# scopes = {
# nextcloud_userinfo = {
# claims = ["is_nextcloud_admin"];
# };
# };
# clients = [
# {
# client_name = "Nextcloud";
# client_id = "nextcloud";
# client_secret = ''{{ secret "${config.sops.secrets."authelia/oidc/nextcloud/client_secret".path}" }}'';
# public = false;
# authorization_policy = "one_factor";
# require_pkce = true;
# pkce_challenge_method = "S256";
# claims_policy = "nextcloud_userinfo";
# redirect_uris = [
# "https://cloud.darksailor.dev/apps/oidc_login/oidc"
# ];
# scopes = [
# "openid"
# "profile"
# "email"
# "groups"
# "nextcloud_userinfo"
# ];
# response_types = ["code"];
# grant_types = ["authorization_code"];
# # access_token_signed_response_alg = "none";
# userinfo_signed_response_alg = "none";
# token_endpoint_auth_method = "client_secret_basic";
# }
# ];
# };
# };
# };
# };
};
}

7
nixos/tako/services/openssh.nix Normal file
View File

@@ -0,0 +1,7 @@
{...}: {
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
settings.PermitRootLogin = "prohibit-password";
};
}

102
nixos/tako/services/paperless.nix Normal file
View File

@@ -0,0 +1,102 @@
{
pkgs,
config,
lib,
...
}: {
sops = {
secrets."paperless/adminpass".owner = config.users.users.paperless.name;
secrets."paperless/secret_key".owner = config.users.users.paperless.name;
secrets."authelia/oidc/paperless/client_id".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
secrets."authelia/oidc/paperless/client_secret".owner = config.systemd.services.authelia-darksailor.serviceConfig.User;
templates = {
"PAPERLESS.env" = {
content = ''
PAPERLESS_SOCIALACCOUNT_PROVIDERS='${config.sops.templates."PAPERLESS_SOCIALACCOUNT_PROVIDERS.json".content}'
'';
restartUnits = ["paperless-web.service" "authelia-darksailor.service"];
};
"PAPERLESS_SOCIALACCOUNT_PROVIDERS.json" = {
content =
/*
json
*/
builtins.toJSON
{
authelia = {
OAUTH_PKCE_ENABLED = "True";
APPS = [
{
provider_id = "authelia";
name = "Authelia";
"client_id" = "${config.sops.placeholder."authelia/oidc/paperless/client_id"}";
"secret" = "${config.sops.placeholder."authelia/oidc/paperless/client_secret"}";
"settings" = {
"server_url" = "https://auth.darksailor.dev/.well-known/openid-configuration";
};
}
];
};
};
restartUnits = ["paperless-web.service" "authelia-darksailor.service"];
};
};
};
# systemd.services.paperless-web.script = lib.mkBefore ''
# oidcSecret=$(< ${config.sops.secrets."authelia/oidc/paperless/client_secret".path})
# export PAPERLESS_SOCIALACCOUNT_PROVIDERS=$(
# ${pkgs.jq}/bin/jq <<< "$PAPERLESS_SOCIALACCOUNT_PROVIDERS" \
# --compact-output \
# --arg oidcSecret "$oidcSecret" '.openid_connect.APPS.[0].secret = $oidcSecret'
# )
# '';
services = {
paperless = {
enable = true;
passwordFile = config.sops.secrets."paperless/adminpass".path;
settings = {
PAPERLESS_APPS = "allauth.socialaccount.providers.openid_connect";
PAPERLESS_SOCIAL_AUTO_SIGNUP = "True";
PAPERLESS_DISABLE_REGULAR_LOGIN = "True";
PAPERLESS_SOCIALACCOUNT_ALLOW_SIGNUPS = "True";
PAPERLESS_URL = "https://paperless.darksailor.dev";
};
environmentFile = "${config.sops.templates."PAPERLESS.env".path}";
};
caddy = {
virtualHosts."paperless.darksailor.dev".extraConfig = ''
reverse_proxy localhost:28981
'';
};
authelia = {
instances.darksailor = {
settings = {
identity_providers = {
oidc = {
clients = [
{
client_name = "paperless";
client_id = ''{{ secret "${config.sops.secrets."authelia/oidc/paperless/client_id".path}" }}'';
client_secret = ''{{ secret "${config.sops.secrets."authelia/oidc/paperless/client_secret".path}" }}'';
public = false;
authorization_policy = "one_factor";
require_pkce = false;
redirect_uris = [
"https://paperless.darksailor.dev/auth/login"
];
scopes = ["openid" "profile" "email"];
response_types = ["code"];
grant_types = ["authorization_code"];
# access_token_signed_response_alg = "none";
userinfo_signed_response_alg = "none";
token_endpoint_auth_method = "client_secret_post";
}
];
};
};
};
};
};
};
}

21
nixos/tako/services/polaris.nix Normal file
View File

@@ -0,0 +1,21 @@
{...}: {
services = {
polaris = {
enable = false;
port = 5050;
settings = {
mount_dirs = [
{
name = "Music";
source = "/media/music";
}
];
};
};
caddy = {
virtualHosts."music.darksailor.dev".extraConfig = ''
reverse_proxy localhost:5050
'';
};
};
}

13
nixos/tako/services/prowlarr.nix Normal file
View File

@@ -0,0 +1,13 @@
{...}: {
services = {
prowlarr = {
enable = true;
settings = {
auth = {
authentication_enabled = true;
authentication_method = "External";
};
};
};
};
}

9
nixos/tako/services/resolved.nix Normal file
View File

@@ -0,0 +1,9 @@
{...}: {
services.resolved = {
enable = true;
dnssec = "true";
dnsovertls = "true";
domains = ["lemur-newton.ts.net"];
fallbackDns = ["1.1.1.1"];
};
}

66
nixos/tako/services/seafile.nix Normal file
View File

@@ -0,0 +1,66 @@
{config, ...}: {
sops = {
secrets."nextcloud/adminpass".owner = config.users.users.caddy.name;
};
services = {
seafile = {
enable = true;
# group = config.services.caddy.group;
adminEmail = "admin@darksailor.dev";
initialAdminPassword = "foobar";
seahubExtraConf =
/*
python
*/
''
ENABLE_REMOTE_USER_AUTHENTICATION = True
# Optional, HTTP header, which is configured in your web server conf file,
# used for Seafile to get user's unique id, default value is 'HTTP_REMOTE_USER'.
REMOTE_USER_HEADER = "HTTP_REMOTE_USER"
# Optional, when the value of HTTP_REMOTE_USER is not a valid email address
# Seafile will build a email-like unique id from the value of 'REMOTE_USER_HEADER'
# and this domain, e.g. user1@example.com.
REMOTE_USER_DOMAIN = "darksailor.dev"
# Optional, whether to create new user in Seafile system, default value is True.
# If this setting is disabled, users doesn't preexist in the Seafile DB cannot login.
# The admin has to first import the users from external systems like LDAP.
REMOTE_USER_CREATE_UNKNOWN_USER = True
# Optional, whether to activate new user in Seafile system, default value is True.
# If this setting is disabled, user will be unable to login by default.
# the administrator needs to manually activate this user.
REMOTE_USER_ACTIVATE_USER_AFTER_CREATION = True
'';
ccnetSettings = {
General.SERVICE_URL = "https://cloud.darksailor.dev";
};
};
caddy = {
virtualHosts."cloud.darksailor.dev".extraConfig = ''
import auth
reverse_proxy unix//run/seahub/gunicorn.sock
'';
};
authelia = {
instances.darksailor = {
settings = {
access_control = {
rules = [
{
domain = "cloud.darksailor.dev";
policy = "bypass";
resources = [
"^/(api2|seafhttp)([/?].*)?$"
];
}
{
domain = "cloud.darksailor.dev";
policy = "one_factor";
}
];
};
};
};
};
};
}

31
nixos/tako/services/searxng.nix Normal file
View File

@@ -0,0 +1,31 @@
{
config,
pkgs,
...
}: {
systemd.services.websurfx = {
description = "Websurfx";
wantedBy = ["multi-user.target"];
after = ["network.target"];
serviceConfig = {
Type = "simple";
ExecStart = "${pkgs.websurfx}/bin/websurfx";
Restart = "always";
RestartSec = 5;
User = "websurfx";
Group = "websurfx";
};
};
users.users.websurfx = {
group = "websurfx";
home = "/var/lib/websurfx";
isSystemUser = true;
# uid = config.ids.uids.websurfx;
};
users.groups.websurfx = {
# gid = config.ids.gids.websurfx;
};
services.caddy.virtualHosts."search.darksailor.dev".extraConfig = ''
reverse_proxy localhost:8080
'';
}

13
nixos/tako/services/shitpost.nix Normal file
View File

@@ -0,0 +1,13 @@
{pkgs, ...}: let
src = pkgs.fetchgit {
url = "https://git.darksailor.dev/servius/adarkdayinmylife.public";
# repo = "adarkdayinmy.life";
rev = "68d972f68cab8f68916b94df05b7ab6a7da4a1da";
sha256 = "sha256-EVis06rmHq1jJK0FVsbgi7TOru7GtEUpbx0PjU2AKEo=";
};
in {
services.caddy.virtualHosts."adarkdayinmy.life".extraConfig = ''
root * ${src}/
file_server
'';
}

Some files were not shown because too many files have changed in this diff Show More