new website

2026-05-01 21:31:13 +02:00 · 2026-05-01 21:31:13 +02:00 · 8102d1d009
commit 8102d1d009
parent 4d58ae60b0
17 changed files with 371 additions and 273 deletions
--- a/hosts/fili/services/databases.nix
+++ b/hosts/fili/services/databases.nix
@ -19,7 +19,7 @@
      host all all 10.0.0.0/24    trust

      # and the local network
-      host all all 192.168.0.0/24 trust
+      host all all 192.168.178.0/24 trust
    '';
    settings = {
      listen_addresses = "*";
@ -58,6 +58,10 @@
        name = "immich";
        ensureDBOwnership = true;
      }
+      {
+        name = "homepage";
+        ensureDBOwnership = true;
+      }
    ];
    ensureDatabases = map (i: i.name) ensureUsers;
  };
--- a/hosts/fili/services/metrics.nix
+++ b/hosts/fili/services/metrics.nix
@ -146,118 +146,6 @@ in
    };
  };

-  systemd.services.promtail.serviceConfig.User = lib.mkForce "nginx";
-  services.promtail = {
-    enable = true;
-    configuration = {
-      server = {
-        http_listen_port = 3031;
-        grpc_listen_port = 0;
-      };
-      positions = {
-        filename = "/tmp/positions.yaml";
-      };
-      clients = [
-        {
-          url = "http://127.0.0.1:${toString config.services.loki.configuration.server.http_listen_port}/loki/api/v1/push";
-        }
-      ];
-      scrape_configs = [
-        {
-          job_name = "nginx";
-          static_configs = [
-            {
-              targets = [ "localhost" ];
-              labels = {
-                job = "nginx";
-                host = "fili";
-                __path__ = "/var/log/nginx/json_access.log";
-              };
-            }
-          ];
-          pipeline_stages = [
-            {
-              json = {
-                expressions = {
-                  msec = "msec";
-                  connection = "connection";
-                  connection_requests = "connection_requests";
-                  pid = "pid";
-                  request_id = "request_id";
-                  request_length = "request_length";
-                  remote_addr = "remote_addr";
-                  remote_user = "remote_user";
-                  remote_port = "remote_port";
-                  time_local = "time_local";
-                  time_iso8601 = "time_iso8601";
-                  request = "request";
-                  request_uri = "request_uri";
-                  args = "args";
-                  status = "status";
-                  body_bytes_sent = "body_bytes_sent";
-                  bytes_sent = "bytes_sent";
-                  http_referer = "http_referer";
-                  http_user_agent = "http_user_agent";
-                  http_x_forwarded_for = "http_x_forwarded_for";
-                  http_host = "http_host";
-                  server_name = "server_name";
-                  request_time = "request_time";
-                  upstream = "upstream";
-                  upstream_connect_time = "upstream_connect_time";
-                  upstream_header_time = "upstream_header_time";
-                  upstream_response_time = "upstream_response_time";
-                  upstream_response_length = "upstream_response_length";
-                  upstream_cache_status = "upstream_cache_status";
-                  ssl_protocol = "ssl_protocol";
-                  ssl_cipher = "ssl_cipher";
-                  scheme = "scheme";
-                  request_method = "request_method";
-                  server_protocol = "server_protocol";
-                  pipe = "pipe";
-                  gzip_ratio = "gzip_ratio";
-                  http_cf_ray = "http_cf_ray";
-                };
-              };
-            }
-            {
-              timestamp = {
-                source = "msec";
-                format = "Unix";
-              };
-            }
-            # {
-            #   geoip = {
-            #     db = "/var/lib/geoip-databases/GeoLite2-City.mmdb";
-            #     source = "remote_addr";
-            #     db_type = "city";
-            #   };
-            # }
-            # {
-            #   pack = {
-            #     labels = [ "geoip_country_name" ];
-            #   };
-            # }
-          ];
-        }
-        {
-          job_name = "journal";
-          journal = {
-            max_age = "12h";
-            labels = {
-              job = "systemd-journal";
-              host = "fili";
-            };
-          };
-          relabel_configs = [
-            {
-              source_labels = [ "__journal__systemd_unit" ];
-              target_label = "unit";
-            }
-          ];
-        }
-      ];
-    };
-  };
  services.grafana = {
    enable = false;

--- a/hosts/fili/services/websites/homepage.nix
+++ b/hosts/fili/services/websites/homepage.nix
@ -1,4 +1,10 @@
-{ flakes, pkgs, ... }:
+{
+  flakes,
+  pkgs,
+  config,
+  secrets,
+  ...
+}:
 let
  cache = pkg: ''
    location ~* \.(png|jpg|jpeg|gif|svg|ico|woff|woff2|ttf)$ {
@ -32,15 +38,52 @@ let
      locations."/".return = return;
    }
    // ssl;
+
+  package = flakes.homepage.packages.${pkgs.system};
 in
 {
-  services.nginx = {
-    virtualHosts = {
-      "donsz.nl" = site regular;
-      "jdonszelmann.nl" = site regular;
-      "blog.donsz.nl" = redirect "301 https://donsz.nl/blog";
-      "gay.donsz.nl" = site gay;
-      "jana.is.fckn.gay" = site gay;
+  sops.secrets.homepage = {
+    sopsFile = "${secrets}/homepage.env";
+  };
+
+  systemd.services.homepage = {
+    description = "homepage";
+    wantedBy = [ "multi-user.target" ];
+    serviceConfig = {
+      DynamicUser = "yes";
+      ExecStart = "${pkgs.bash}/bin/bash ${package.website}/bin/run";
+      Restart = "on-failure";
+      RestartSec = "5s";
+      EnvironmentFile = config.sops.secrets.homepage.path;
+      WorkingDirectory = "${package.website}";
+      StateDirectory = "homepage";
+    };
+
+    environment = {
+      BETTER_AUTH_URL = "https://donsz.nl";
+      DATABASE_LOCATION = "/var/lib/homepage/db.sqlite";
+      HOST = "localhost";
+      PORT = "11020";
    };
  };
+
+  services.nginx.virtualHosts = {
+    "donsz.nl" = {
+      forceSSL = true;
+      enableACME = true;
+      extraConfig = ''
+        ${cache "${package.website}/homepage/client"}
+      '';
+      locations."/".proxyPass = "http://localhost:${toString 11020}";
+    };
+    "blog.donsz.nl" = redirect "301 https://donsz.nl/blog";
+  };
+  # services.nginx = {
+  # virtualHosts = {
+  #     "donsz.nl" = site regular;
+  #     "jdonszelmann.nl" = site regular;
+  #     "gay.donsz.nl" = site gay;
+  #     "jana.is.fckn.gay" = site gay;
+  # };
+  # };
 }
--- a/hosts/kili/configuration.nix
+++ b/hosts/kili/configuration.nix
@ -1,12 +1,15 @@
 {
  pkgs,
  config,
+  flakes,
  ...
 }:
 {
  imports = [
    ./hardware-configuration.nix
    ./kanata.nix
+
+    flakes.probe-rs-rules.nixosModules.${pkgs.system}.default
  ];

  boot.loader.systemd-boot.enable = true;
@ -38,11 +41,14 @@
    variant = "";
  };

+  users.groups.plugdev = { };
+
  users.users.jana = {
    extraGroups = [
      "networkmanager"
      "wheel"
      "docker"
+      "plugdev"
    ];
    packages = with pkgs; [ ];
  };
@ -62,6 +68,8 @@
    signal-desktop
    nautilus

+    probe-rs-tools
+
    adwaita-icon-theme
    (pkgs.callPackage (
      { stdenv }:
@ -85,6 +93,7 @@
    rr
  ];

+  hardware.probe-rs.enable = true;
  virtualisation.docker.enable = true;

  services.xserver.enable = true;