diff --git a/modules/system/homelab/dash.nix b/modules/system/homelab/dash.nix new file mode 100644 index 0000000..55890c0 --- /dev/null +++ b/modules/system/homelab/dash.nix @@ -0,0 +1,331 @@ +{ timezone, ... }: let + rss = [ + "https://www.raspberrypi.com/news/feed/" + "https://www.jeffgeerling.com/blog.xml" + "https://www.howtogeek.com/feed/" + "https://hackaday.com/feed/rss" + "https://www.xda-developers.com/feed/" + "https://9to5mac.com/feed/" + "https://9to5google.com/feed/" + "https://www.cnx-software.com/feed/" + "https://selfh.st/rss/" + "https://www.joshwcomeau.com/rss.xml" + "https://samwho.dev/rss.xml" + "https://ishadeed.com/feed.xml" + ]; + yt = [ + "UCXuqSBlHAE6Xw-yeJA0Tunw" # LinusTechTips + "UCsBjURrPoezykLs9EqgamOA" # Fireship + "UC2Xd-TjJByJyK2w1zNwY0zQ" # BeyondFireship + "UC6biysICWOJ-C3P4Tyeggzg" # LowLevel + "UCR-DXc1voovS8nhAvccRZhg" # JeffGeerling + "UCzgA9CBrIXPtkB2yNTTiy1w" # Level2Jeff + "UCgdTVe88YVSrOZ9qKumhULQ" # HardwareHaven + "UCOk-gHyjcWZNj3Br4oxwh0A" # TechnoTim + "UCZNhwA1B5YqiY1nLzmM0ZRg" # ChristianLempa + "UC9evhW4JB_UdXSLeZGy8lGw" # RaidOwl + "UCHnyfMqiRRG1u-2MsSQLbXA" # Veritasium + "UCYO_jab_esuFRV4b17AJtAw" # 3Blue1Brown + ]; + gh = [ + "pi-hole/pi-hole" + "tailscale/tailscale" + "nodejs/node" + "denoland/deno" + "oven-sh/bun" + "glanceapp/glance" + "ollama/ollama" + ]; + search = [ + [ "CVE" "!cve" "https://securityvulnerability.io/vulnerability/CVE-{QUERY}" ] + [ "Website" "!!" "https://{QUERY}" ] + [ "YouTube" "!yt" "https://www.youtube.com/results?search_query={QUERY}" ] + [ "GitHub" "!gh" "https://github.com/search?q={QUERY}" ] + [ "Nix Packages" "!nix" "https://search.nixos.org/packages?channel=unstable&type=packages&query={QUERY}" ] + [ "Nix Options" "!opt" "https://mynixos.com/search?q={QUERY}" ] + [ "Flight Radar 24" "!f" "https://www.flightradar24.com/data/flights/{QUERY}" ] + [ "Google Web Results Only" "!s" "https://google.com/search?udm=14&q={QUERY}" ] + ]; + monitor = [ + [ "Hypervisor" "https://10.3.14.69:8006/" ] + [ "Router" "http://10.3.14.1:80/" ] + [ "DNS" "http://10.3.14.42:8088/" ] + [ "Proxy" "http://10.3.14.120:81/" ] + [ "NAS" "http://10.3.14.217/" ] + [ "CDN" "http://10.3.14.217:3000/" ] + ]; + services = [ + [ "PocketID" "si:authentik" "https://auth.satr14.my.id" "http://main.dns.satr14.my.id:1411/" ] + [ "2FAuth" "si:authy" "https://2fa.satr14.my.id" "http://main.dns.satr14.my.id:8090/" ] + [ "VaultWarden" "si:vaultwarden" "https://pass.proxy.satr14.my.id" "http://main.dns.satr14.my.id:8060/" ] + ]; + bookmarks = [ + [ "Tailscale" "tailscale" "https://login.tailscale.com/" ] + [ "Cloudflare" "cloudflare" "https://dash.cloudflare.com/" ] + [ "ZeroTrust" "1dot1dot1dot1" "https://one.dash.cloudflare.com/" ] + [ "PlayIt" "ngrok" "https://playit.gg/account/tunnels" ] + [ "ZeroTier" "zerotier" "https://my.zerotier.com" ] + ]; +in { + services.glance = { + enable = true; + settings = { + server = { + host = "127.0.0.1"; + port = 5070; + assets-path = "/app/assets"; + }; + + theme = { + background-color = "240 21 15"; + contrast-multiplier = 1.2; + primary-color = "217 92 83"; + positive-color = "115 54 76"; + negative-color = "347 70 65"; + }; + + pages = [ + { + name = "Home"; + show-mobile-header = true; + columns = [ + { + size = "small"; + widgets = [ + { + type = "clock"; + hide-header = true; + hour-format = "12h"; + timezone = timezone; + } + { + type = "calendar"; + hide-header = true; + first-day-of-week = "monday"; + } + { + type = "rss"; + hide-header = true; + title = "rss"; + limit = 12; + cache = "12h"; + feeds = map (e: { url = e; }) rss; + } + ]; + } + { + size = "full"; + widgets = [ + { + type = "search"; + hide-header = true; + autofocus = true; + search-engine = "google"; + bangs = map (e: { + title = builtins.elemAt e 0; + shortcut = builtins.elemAt e 1; + url = builtins.elemAt e 2; + }) search; + } + { + type = "hacker-news"; + hide-header = true; + limit = 5; + cache = "1h"; + } + { + type = "videos"; + hide-header = true; + style = "grid-cards"; + limit = 18; + channels = yt; + } + ]; + } + { + size = "small"; + widgets = [ + { + type = "weather"; + hide-header = true; + location = "Jakarta, Indonesia"; + units = "metric"; + hour-format = "12h"; + } + { + type = "to-do"; + id = "tasks"; + hide-header = true; + } + { + type = "repository"; + repository = "partofmyid/register"; + pull-requests-limit = 5; + issues-limit = 3; + commits-limit = 0; + # token = "\${GITHUB_TOKEN}"; + hide-header = true; + } + { + type = "releases"; + cache = "1d"; + # token = "\${GITHUB_TOKEN}"; + hide-header = true; + repositories = gh; + } + ]; + } + ]; + } + { + name = "Start"; + width = "slim"; + center-vertically = true; + columns = [ + { + size = "full"; + widgets = [ + { + type = "to-do"; + id = "tasks"; + hide-header = true; + } + ]; + } + ]; + } + { + name = "Dashboard"; + show-mobile-header = true; + columns = [ + { + size = "small"; + widgets = [ + { + type = "monitor"; + title = "Critical Systems"; + cache = "15s"; + style = "compact"; + show-failing-only = true; + sites = map (e: { + enabled = true; + domain = builtins.elemAt e 0; + answer = builtins.elemAt e 1; + }) monitor; + } + { + type = "dns-stats"; + title = "DNS STATS"; + service = "adguard"; + url = "http://main.dns.satr14.my.id:8088/"; + username = "satr14"; + password = "\${ADGUARD_TOKEN}"; + hour-format = "12h"; + } + { + type = "custom-api"; + title = "PVE Stats"; + cache = "1m"; + allow-insecure = true; + url = "https://homeserver.dns.satr14.my.id:8006/api2/json/cluster/resources"; + headers = { + Accept = "application/json"; + Authorization = "PVEAPIToken=\${PROXVE_TOKEN}"; + }; + template = '' +
+
+
+ {{ $nodes_online := len (.JSON.Array "data.#(type==\"node\")#|#(status==\"online\")#") }} + {{ $nodes_total := len (.JSON.Array "data.#(type==\"node\")#") }} +
{{ $nodes_online }}/{{ $nodes_total }}
+
Nodes
+
+
+ {{ $lxc_running := len (.JSON.Array "data.#(type==\"lxc\")#|#(status==\"running\")#|#(template==0)#") }} + {{ $lxc_total := len (.JSON.Array "data.#(type==\"lxc\")#|#(template==0)#") }} +
{{ $lxc_running }}/{{ $lxc_total }}
+
LXCs
+
+
+ {{ $qemu_running := len (.JSON.Array "data.#(type==\"qemu\")#|#(status==\"running\")#|#(template==0)#") }} + {{ $qemu_total := len (.JSON.Array "data.#(type==\"qemu\")#|#(template==0)#") }} +
{{ $qemu_running }}/{{ $qemu_total }}
+
VMs
+
+
+
+ ''; + } + { + type = "custom-api"; + title = "Immich Usage"; + cache = "30m"; + url = "http://media.dns.satr14.my.id:2283/api/server/statistics"; + headers = { + x-api-key = "\${IMMICH_TOKEN}"; + Accept = "application/json"; + }; + template = '' +
+
+
{{ .JSON.Int "photos" | formatNumber }}
+
PHOTOS
+
+
+
{{ .JSON.Int "videos" | formatNumber }}
+
VIDEOS
+
+
+
{{ div (.JSON.Int "usage" | toFloat) 1073741824 | toInt | formatNumber }}GB
+
USAGE
+
+
+ ''; + } + ]; + } + { + size = "full"; + widgets = [ + { + type = "monitor"; + cache = "1m"; + title = "Services"; + sites = map (e: { + same-tab = true; + allow-insecure = true; + title = builtins.elemAt e 0; + icon = "si:${builtins.elemAt e 1}"; + url = builtins.elemAt e 2; + }) services; + } + ]; + } + { + size = "small"; + widgets = [ + { + type = "bookmarks"; + groups = [{ + links = map (e: { + same-tab = true; + title = builtins.elemAt e 0; + icon = "si:${builtins.elemAt e 1}"; + url = builtins.elemAt e 2; + }) bookmarks; + }]; + } + { + type = "to-do"; + id = "tasks"; + hide-header = true; + } + ]; + } + ]; + } + ]; + }; + }; +} \ No newline at end of file diff --git a/modules/system/homelab/dns.nix b/modules/system/homelab/dns.nix index b4c430b..95eaa62 100644 --- a/modules/system/homelab/dns.nix +++ b/modules/system/homelab/dns.nix @@ -1,14 +1,48 @@ -{ homelab, username, ... }: { +{ homelab, ... }: let + rewrites = [ + [ "router.dns.${homelab.domain}" "10.3.14.1" ] + [ "main.dns.${homelab.domain}" "10.3.14.42" ] + [ "websites.dns.${homelab.domain}" "10.3.14.36" ] + [ "games.dns.${homelab.domain}" "10.3.14.37" ] + [ "media.dns.${homelab.domain}" "10.3.14.55" ] + [ "workspace.dns.${homelab.domain}" "10.3.14.57" ] + [ "server.dns.${homelab.domain}" "10.3.14.69" ] + [ "home.dns.${homelab.domain}" "10.3.14.235" ] + [ "nas.dns.${homelab.domain}" "10.3.14.217" ] + [ "proxy.${homelab.domain}" "10.3.14.215" ] + [ "*.proxy.${homelab.domain}" "proxy.${homelab.domain}" ] + [ "lancache.steamcontent.com" "main.dns.${homelab.domain}" ] + [ "steam.cache.lancache.net" "main.dns.${homelab.domain}" ] + ]; + blacklist = [ + "https://adaway.org/hosts.txt" + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_10.txt" + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_42.txt" + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_31.txt" + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_59.txt" + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_30.txt" + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_50.txt" + "https://adguardteam.github.io/HostlistsRegistry/assets/filter_12.txt" + "https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt" + "https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt" + "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" + "https://v.firebog.net/hosts/static/w3kbl.txt" + "https://v.firebog.net/hosts/Prigent-Ads.txt" + "https://v.firebog.net/hosts/Admiral.txt" + "https://someonewhocares.org/hosts/hosts" + ]; + whitelist = [ + "https://gist.githubusercontent.com/mul14/eb05e88fcec5bb195cbb/raw/75a1fe122a4502e8d5a5268c9d0ec28332b19d5d/hosts" + ]; +in { services.adguardhome = { enable = true; - host = "127.0.0.1"; # bind web ui to localhost since we're using reverse proxy authentication + host = "127.0.0.1"; port = 8088; mutableSettings = false; settings = { - # users = [{ - # name = "${username}"; - # password = "${username}"; - # }]; dns = { upstream_dns = [ "https://security.cloudflare-dns.com/dns-query" ]; bootstrap_dns = [ "1.1.1.2" "1.0.0.2" ]; @@ -25,44 +59,10 @@ rewrites_enabled = true; filtering_enabled = true; safe_search.enabled = true; - rewrites = map (e: { enabled = true; domain = builtins.elemAt e 0; answer = builtins.elemAt e 1; }) [ - [ "router.dns.${homelab.domain}" "10.3.14.1" ] - [ "main.dns.${homelab.domain}" "10.3.14.42" ] - [ "websites.dns.${homelab.domain}" "10.3.14.36" ] - [ "games.dns.${homelab.domain}" "10.3.14.37" ] - [ "media.dns.${homelab.domain}" "10.3.14.55" ] - [ "workspace.dns.${homelab.domain}" "10.3.14.57" ] - [ "server.dns.${homelab.domain}" "10.3.14.69" ] - [ "home.dns.${homelab.domain}" "10.3.14.235" ] - [ "nas.dns.${homelab.domain}" "10.3.14.217" ] - [ "proxy.${homelab.domain}" "10.3.14.215" ] - [ "*.proxy.${homelab.domain}" "proxy.${homelab.domain}" ] - [ "lancache.steamcontent.com" "main.dns.${homelab.domain}" ] - [ "steam.cache.lancache.net" "main.dns.${homelab.domain}" ] - ]; + rewrites = map (e: { enabled = true; domain = builtins.elemAt e 0; answer = builtins.elemAt e 1; }) rewrites; }; - filters = map (url: { enabled = true; url = url; }) [ - "https://adaway.org/hosts.txt" - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_10.txt" - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_42.txt" - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_31.txt" - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_11.txt" - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt" - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_59.txt" - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_30.txt" - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_50.txt" - "https://adguardteam.github.io/HostlistsRegistry/assets/filter_12.txt" - "https://raw.githubusercontent.com/PolishFiltersTeam/KADhosts/master/KADhosts.txt" - "https://raw.githubusercontent.com/anudeepND/blacklist/master/adservers.txt" - "https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts" - "https://v.firebog.net/hosts/static/w3kbl.txt" - "https://v.firebog.net/hosts/Prigent-Ads.txt" - "https://v.firebog.net/hosts/Admiral.txt" - "https://someonewhocares.org/hosts/hosts" - ]; - whitelist_filters = map (url: { enabled = true; url = url; }) [ - "https://gist.githubusercontent.com/mul14/eb05e88fcec5bb195cbb/raw/75a1fe122a4502e8d5a5268c9d0ec28332b19d5d/hosts" - ]; + filters = map (url: { enabled = true; url = url; }) blacklist; + whitelist_filters = map (url: { enabled = true; url = url; }) whitelist; }; }; } \ No newline at end of file diff --git a/modules/system/homelab/idp.nix b/modules/system/homelab/idp.nix index 49afe3d..2ab0893 100644 --- a/modules/system/homelab/idp.nix +++ b/modules/system/homelab/idp.nix @@ -1,3 +1,11 @@ -{ ... }: { - +{ homelab, ... }: { + services.pocket-id = { + enable = true; + settings = { + PORT = "1411"; + HOST = "127.0.0.1"; + APP_URL = "https://auth.proxy.${homelab.domain}"; + TRUST_PROXY = true; + }; + }; } \ No newline at end of file diff --git a/modules/system/homelab/proxy.nix b/modules/system/homelab/proxy.nix index b5bb14b..31e62d8 100644 --- a/modules/system/homelab/proxy.nix +++ b/modules/system/homelab/proxy.nix @@ -1,8 +1,10 @@ { homelab, lib, ... }: let base = "proxy.${homelab.domain}"; proxyMappings = { - "dns" = { dest = "http://localhost:8088"; auth = true; }; - "cdn" = { dest = "http://localhost:3000"; auth = false; }; + "dns" = { dest = "http://localhost:8088"; auth = true; }; + "cdn" = { dest = "http://localhost:3000"; auth = false; }; + "auth" = { dest = "http://localhost:1411"; auth = true; }; + "@" = { dest = "http://localhost:5070"; auth = false; }; }; in { users.users.nginx.extraGroups = [ "acme" ]; @@ -29,7 +31,7 @@ in { useACMEHost = base; locations."/".return = "404"; }; - } // lib.mapAttrs (subdomain: cfg: lib.nameValuePair (if subdomain == "@" then base else "${subdomain}.${base}") { + } // lib.mapAttrs' (subdomain: cfg: lib.nameValuePair (if subdomain == "@" then base else "${subdomain}.${base}") { useACMEHost = base; forceSSL = true; diff --git a/modules/system/server.nix b/modules/system/server.nix index 11f14c1..6526149 100644 --- a/modules/system/server.nix +++ b/modules/system/server.nix @@ -2,6 +2,7 @@ imports = [ ./homelab/share.nix ./homelab/proxy.nix + ./homelab/dash.nix ./homelab/dns.nix ./homelab/git.nix ./homelab/idp.nix