raffauflabs: enable vaultwarden and homepage

hosts/mauville/raffauflabs.nix

@@ -29,7 +29,7 @@
   };
 in {
   networking = {
-    firewall.allowedTCPPorts = [80 443 2379 2380 3000 6443];
+    firewall.allowedTCPPorts = [80 443 2379 2380 3000 6443 61208];
     firewall.allowedUDPPorts = [8472];
   };
 
@@ -91,12 +91,12 @@ in {
       };
     };
 
-    k3s = {
+    # k3s = {
-      enable = true;
+    #   enable = true;
-      role = "server";
+    #   role = "server";
-      tokenFile = config.age.secrets.k3s.path;
+    #   tokenFile = config.age.secrets.k3s.path;
-      serverAddr = "https://192.168.0.104:6443";
+    #   serverAddr = "https://192.168.0.104:6443";
-    };
+    # };
 
     navidrome = {
       enable = true;
@@ -123,44 +123,53 @@ in {
     };
   };
 
-  systemd.services.navidrome.serviceConfig = let
+  systemd.services = {
-    navidromeConfig = builtins.toFile "navidrome.json" (lib.generators.toJSON {} {
+    glances = {
-      Address = "0.0.0.0";
+      wantedBy = ["multi-user.target"];
-      DefaultTheme = "Auto";
+      after = ["network.target"];
-      MusicFolder = musicDirectory;
+      path = [pkgs.glances];
-      Port = navidrome.port;
+      script = "glances --webserver --bind 0.0.0.0 --port 61208";
-      SubsonicArtistParticipations = true;
+    };
-      UIWelcomeMessage = "Welcome to Navidrome @ ${domain}";
-      "Spotify.ID" = "@spotifyClientId@";
-      "Spotify.Secret" = "@spotifyClientSecret@";
-      "LastFM.Enabled" = true;
-      "LastFM.ApiKey" = "@lastFMApiKey@";
-      "LastFM.Secret" = "@lastFMSecret@";
-      "LastFM.Language" = "en";
-    });
 
-    navidrome-secrets = pkgs.writeShellScript "navidrome-secrets" ''
+    navidrome.serviceConfig = let
-      lastFMApiKey=$(cat "${navidrome.lastfm.idFile}")
+      navidromeConfig = builtins.toFile "navidrome.json" (lib.generators.toJSON {} {
-      lastFMSecret=$(cat "${navidrome.lastfm.secretFile}")
+        Address = "0.0.0.0";
-      spotifyClientId=$(cat "${navidrome.spotify.idFile}")
+        DefaultTheme = "Auto";
-      spotifyClientSecret=$(cat "${navidrome.spotify.secretFile}")
+        MusicFolder = musicDirectory;
-      ${pkgs.gnused}/bin/sed -e "s/@lastFMApiKey@/$lastFMApiKey/" -e "s/@lastFMSecret@/$lastFMSecret/" \
+        Port = navidrome.port;
-        -e "s/@spotifyClientId@/$spotifyClientId/" -e "s/@spotifyClientSecret@/$spotifyClientSecret/" \
+        SubsonicArtistParticipations = true;
-        ${navidromeConfig} > /var/lib/navidrome/navidrome.json
+        UIWelcomeMessage = "Welcome to Navidrome @ ${domain}";
-    '';
+        "Spotify.ID" = "@spotifyClientId@";
-  in {
+        "Spotify.Secret" = "@spotifyClientSecret@";
-    BindReadOnlyPaths = [
+        "LastFM.Enabled" = true;
-      navidrome.lastfm.idFile
+        "LastFM.ApiKey" = "@lastFMApiKey@";
-      navidrome.lastfm.secretFile
+        "LastFM.Secret" = "@lastFMSecret@";
-      navidrome.spotify.idFile
+        "LastFM.Language" = "en";
-      navidrome.spotify.secretFile
+      });
-      musicDirectory
-    ];
 
-    ExecStartPre = navidrome-secrets;
+      navidrome-secrets = pkgs.writeShellScript "navidrome-secrets" ''
-    ExecStart = lib.mkForce ''
+        lastFMApiKey=$(cat "${navidrome.lastfm.idFile}")
-      ${config.services.navidrome.package}/bin/navidrome --configfile /var/lib/navidrome/navidrome.json \
+        lastFMSecret=$(cat "${navidrome.lastfm.secretFile}")
-        --datafolder /var/lib/navidrome/
+        spotifyClientId=$(cat "${navidrome.spotify.idFile}")
-    '';
+        spotifyClientSecret=$(cat "${navidrome.spotify.secretFile}")
+        ${pkgs.gnused}/bin/sed -e "s/@lastFMApiKey@/$lastFMApiKey/" -e "s/@lastFMSecret@/$lastFMSecret/" \
+          -e "s/@spotifyClientId@/$spotifyClientId/" -e "s/@spotifyClientSecret@/$spotifyClientSecret/" \
+          ${navidromeConfig} > /var/lib/navidrome/navidrome.json
+      '';
+    in {
+      BindReadOnlyPaths = [
+        navidrome.lastfm.idFile
+        navidrome.lastfm.secretFile
+        navidrome.spotify.idFile
+        navidrome.spotify.secretFile
+        musicDirectory
+      ];
+
+      ExecStartPre = navidrome-secrets;
+      ExecStart = lib.mkForce ''
+        ${config.services.navidrome.package}/bin/navidrome --configfile /var/lib/navidrome/navidrome.json \
+          --datafolder /var/lib/navidrome/
+      '';
+    };
   };
 }

hosts/slateport/raffauflabs.nix

@@ -20,6 +20,7 @@ in {
         "bt.${domain}"
         "git.${domain}"
         "music.${domain}"
+        "passwords.${domain}"
         "plex.${domain}"
         "podcasts.${domain}"
         domain
@@ -39,13 +40,134 @@ in {
       bantime = "1h";
     };
 
-    k3s = {
+    homepage-dashboard = {
       enable = true;
-      clusterInit = true;
+      openFirewall = true;
-      role = "server";
+
-      tokenFile = config.age.secrets.k3s.path;
+      bookmarks = [
+        # {
+        # Websites = [
+        # {
+        #   "Aly Raffauf" = [
+        #     {
+        #       abbr = "AR";
+        #       description = "Personal website and portfolio.";
+        #       href = "https://aly.raffauflabs.com/";
+        #     }
+        #   ];
+        # }
+        # ];
+        # }
+      ];
+
+      services = [
+        {
+          Websites = [
+            {
+              "Aly Raffauf" = {
+                abbr = "AR";
+                description = "Personal website and portfolio.";
+                href = "https://aly.raffauflabs.com/";
+              };
+            }
+            {
+              "Specular Anomalies" = {
+                abbr = "SA";
+                description = "Academic & tech blog.";
+                href = "https://distort.jp/";
+              };
+            }
+          ];
+        }
+        {
+          Media = [
+            {
+              "Audiobookshelf" = {
+                description = "Audiobooks & podcasts.";
+                href = "https://podcasts.raffauflabs.com";
+                icon = "audiobookshelf";
+              };
+            }
+            {
+              "Plex" = {
+                description = "TV Shows, movies & music.";
+                href = "https://plex.raffauflabs.com";
+                icon = "plex";
+              };
+            }
+            {
+              "Navidrome" = {
+                description = "Subsonic-compatible music streaming.";
+                href = "https://music.raffauflabs.com";
+                icon = "navidrome";
+              };
+            }
+          ];
+        }
+        {
+          Tools = [
+            {
+              "Forĝejo" = {
+                description = "Git forge for open source projects.";
+                href = "https://git.raffauflabs.com";
+                icon = "forgejo";
+              };
+            }
+            {
+              "Transmission (Tailnet only)" = {
+                description = "Torrent client with web UI.";
+                href = "http://mauville:9091";
+                icon = "transmission";
+              };
+            }
+            {
+              "Vaultwarden" = {
+                description = "Secure password manager.";
+                href = "https://passwords.raffauflabs.com";
+                icon = "vaultwarden";
+              };
+            }
+          ];
+        }
+      ];
+
+      settings = {
+        color = "sky";
+        target = "_self";
+        title = "RaffaufLabs.com";
+      };
+
+      widgets = [
+        {
+          glances = {
+            url = "http:/mauville:61208/";
+            cpu = true;
+            mem = true;
+            disk = "/mnt/Media";
+          };
+        }
+        {
+          search = {
+            provider = "brave";
+            showSearchSuggestions = true;
+          };
+        }
+        {
+          datetime = {
+            text_size = "xl";
+            format.timeStyle = "short";
+          };
+        }
+      ];
     };
 
+    # k3s = {
+    #   enable = true;
+    #   clusterInit = true;
+    #   role = "server";
+    #   tokenFile = config.age.secrets.k3s.path;
+    # };
+
     nginx = {
       enable = true;
       recommendedGzipSettings = true;
@@ -53,19 +175,18 @@ in {
       recommendedTlsSettings = true;
 
       virtualHosts = {
-        # "bt.${domain}" = {
+        "${domain}" = {
-        #   enableACME = true;
+          enableACME = true;
-        #   forceSSL = true;
+          forceSSL = true;
 
-        #   locations."/" = {
+          locations."/" = {
-        #     proxyPass = "http://${ip}:${toString 9091}";
+            proxyPass = "http://localhost:${toString config.services.homepage-dashboard.listenPort}";
-        #     proxyWebsockets = true;
 
-        #     extraConfig = ''
+            extraConfig = ''
-        #       proxy_buffering off;
+              client_max_body_size 512M;
-        #     '';
+            '';
-        #   };
+          };
-        # };
+        };
 
         "git.${domain}" = {
           enableACME = true;
@@ -94,6 +215,14 @@ in {
           };
         };
 
+        "passwords.${domain}" = {
+          enableACME = true;
+          forceSSL = true;
+          locations."/" = {
+            proxyPass = "http://127.0.0.1:${toString config.services.vaultwarden.config.ROCKET_PORT}";
+          };
+        };
+
         "plex.${domain}" = {
           enableACME = true;
           forceSSL = true;
@@ -129,5 +258,17 @@ in {
         };
       };
     };
+
+    vaultwarden = {
+      enable = true;
+
+      config = {
+        DOMAIN = "https://passowrds.raffauflabs.com";
+        ROCKET_ADDRESS = "127.0.0.1";
+        ROCKET_LOG = "critical";
+        ROCKET_PORT = 8222;
+        SIGNUPS_ALLOWED = false;
+      };
+    };
   };
 }