From 46d50954f7ff3e707dd9b207023aebc29c4b96b0 Mon Sep 17 00:00:00 2001 From: eyjhb Date: Wed, 26 Feb 2025 21:45:28 +0100 Subject: [PATCH] uptime-kuma: added --- machines/gerd.nix | 4 + machines/gerd/services/uptime-kuma.nix | 97 +++++++++++++++++++++++++ secrets/default.nix | 3 + secrets/secrets.nix | 3 + secrets/uptime-kuma/ldap-pass.age | Bin 0 -> 563 bytes 5 files changed, 107 insertions(+) create mode 100644 machines/gerd/services/uptime-kuma.nix create mode 100644 secrets/uptime-kuma/ldap-pass.age diff --git a/machines/gerd.nix b/machines/gerd.nix index e2d670b..58332cc 100644 --- a/machines/gerd.nix +++ b/machines/gerd.nix @@ -26,6 +26,8 @@ ./gerd/services/element.nix ./gerd/services/matrix-synapse.nix + + ./gerd/services/uptime-kuma.nix ]; networking.hostName = "gerd"; @@ -36,12 +38,14 @@ disks = { disk = "/dev/sda"; pools.rpool.datasets = { + # zfs create -o quota=1G rpool/safe/svcs/uptime-kuma "safe/svcs/forgejo" = { mountpoint = "/srv/forgejo"; extra.options.quota = "5G"; }; "safe/svcs/hedgedoc" = { mountpoint = "/srv/hedgedoc"; extra.options.quota = "5G"; }; "safe/svcs/nextcloud" = { mountpoint = "/srv/nextcloud"; extra.options.quota = "5G"; }; "safe/svcs/stalwart" = { mountpoint = "/srv/stalwart"; extra.options.quota = "5G"; }; "safe/svcs/synapse" = { mountpoint = "/srv/synapse"; extra.options.quota = "5G"; }; "safe/svcs/wger" = { mountpoint = "/srv/wger"; extra.options.quota = "5G"; }; + "safe/svcs/uptime-kuma" = { mountpoint = "/srv/uptime-kuma"; extra.options.quota = "1G"; }; "safe/svcs/postgresql" = { mountpoint = "/srv/postgresql"; extra.options.quota = "5G"; }; "backup/postgresql" = { mountpoint = "/media/backup/postgresqlbackup"; extra.options.quota = "5G"; }; }; diff --git a/machines/gerd/services/uptime-kuma.nix b/machines/gerd/services/uptime-kuma.nix new file mode 100644 index 0000000..78f0663 --- /dev/null +++ b/machines/gerd/services/uptime-kuma.nix @@ -0,0 +1,97 @@ +{ config, lib, pkgs, ... }: + +let + svc_domain = "uptime-kuma.${config.mine.shared.settings.domain}"; + + stateDir = config.mine.zfsMounts."rpool/safe/svcs/uptime-kuma"; +in { + services.uptime-kuma = { + enable = true; + appriseSupport = true; + + settings = { + DATA_DIR = lib.mkForce stateDir; + }; + + package = pkgs.uptime-kuma.overrideAttrs (old: rec { + pname = "uptime-kuma"; + version = "2.0.0-dev"; + src = pkgs.fetchFromGitHub { + owner = "M1CK431"; + repo = "uptime-kuma"; + rev = "5a16af40fdddcaa61d197242840344804a246d01"; + hash = "sha256-W7ieVrfm/SZU/MNB7dJW3V3vq0RBrAJVqv0gK7H4Xik="; + }; + npmDepsHash = "sha256-Q2u6ClG6g8yoGvSJ/LGlKTL4XkJGWY+DAojpM1xBwQ0="; + npmDeps = pkgs.fetchNpmDeps { + inherit src; + name = "${pname}-${version}-npm-deps"; + hash = npmDepsHash; + }; + patches = [ + (pkgs.writeText "authelia.patch" '' + diff --git a/server/database.js b/server/database.js + index 3374aff9..9e890d28 100644 + --- a/server/database.js + +++ b/server/database.js + @@ -221,6 +221,7 @@ class Database { + if (! fs.existsSync(Database.sqlitePath)) { + log.info("server", "Copying Database"); + fs.copyFileSync(Database.templatePath, Database.sqlitePath); + + fs.chmodSync(Database.path, 0o640); + } + + const Dialect = require("knex/lib/dialects/sqlite3/index.js"); + '') + ]; + }); + }; + + # setup state dir + systemd.services.uptime-kuma.serviceConfig = { + ExecStartPre = [ + "+${pkgs.coreutils}/bin/chown %u:%g -R ${stateDir}" + "+${pkgs.coreutils}/bin/chmod 777 -R ${stateDir}" + ]; + ReadWritePaths = [ stateDir ]; + BindPaths = [ stateDir ]; + }; + + + # TODO: Could maybe use this instead? + # environment.persistence.root.directories = [ + # { directory = "/var/lib/private/lldap"; mode = "0700"; } + # ]; + + + # setup ldap user for email + services.lldap.provision.users = config.mine.shared.lib.ldap.mkScope (lconfig: llib: { + uptime-kuma = llib.mkProvisionUserSystem "uptime-kuma" config.age.secrets.uptime-kuma-ldap-pass.path; + }); + + # nginx + services.nginx.virtualHosts."${svc_domain}" = config.mine.shared.lib.authelia.mkProtectedWebsite { + forceSSL = true; + enableACME = true; + + locations."/" = config.mine.shared.lib.authelia.mkProtectedLocation { + proxyPass = "http://localhost:${builtins.toString config.services.uptime-kuma.settings.PORT}"; + }; + }; + + mine.shared.meta.uptime-kuma = { + name = "Uptime Kuma"; + description = ''Fancy self-hosted monitoring tool, which supports VARIOUS methods of monitoring, as well as getting notifications. Multiple users is not officially support, so reach out to admins, and they will create a user for you. Abuse will NOT be tolerated.''; + url = svc_domain; + + package = let + pkg = config.services.uptime-kuma.package; + in { + name = pkg.pname; + version = pkg.version; + meta = pkg.meta; + }; + }; + + +} diff --git a/secrets/default.nix b/secrets/default.nix index e0b0f92..312fecd 100644 --- a/secrets/default.nix +++ b/secrets/default.nix @@ -51,6 +51,9 @@ # searx searx-env.file = ./searx/env.age; + + # uptime-kuma + uptime-kuma-ldap-pass.file = ./uptime-kuma/ldap-pass.age; }; users.groups.secrets-lldap-bind-user-pass = {}; diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 1a40ace..c6a3edd 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -61,4 +61,7 @@ in # searx "searx/env.age".publicKeys = defaultAccess; + + # uptime-kuma + "uptime-kuma/ldap-pass.age".publicKeys = defaultAccess; } diff --git a/secrets/uptime-kuma/ldap-pass.age b/secrets/uptime-kuma/ldap-pass.age new file mode 100644 index 0000000000000000000000000000000000000000..ddd7536de5b0ad453a8ded3015c93e04a1dcff1f GIT binary patch literal 563 zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCR+40eeqOjoD~s>sa= zG0Al_GOF|~$@fU~@-_%CjPUa-s!FUZEpRqS&op)l*DkRLiR8+53Gs4I)=w=mNHs1@ z3QNh(DJn56sw~Tj%Jngc2=eku@lUkKEKGJZas}BI0kNpU%(dLH$}u&h$|5Mo+{?Ep z+aO9i&BdU?)u}4GvO?Q4AS2PgI5WUEIGM{VGCeQN(9Aq6Bgj-gGCwEDFCx^;TRX?S zB;B*nq_QNpG|k^LE7;w|tr%njvVZa{@+@5f6+C>(BP~p;@{2t~%FK$xGyFq~@{G#^ z@}h#1&7334+_JqaB3w%Sb4#4_xsn~VU5h;m3VgK7{Vl@ujiR!&^OAkCeUtrik}I+z zUDAUx)5BeY3nPLtY;y`JFbj252=ddeG){Ij$<){OcK0d{^bT<}i>kf$afDY$;%2)GzxT1tod@SFE^dx=Vgh`M;dnT V*H-rbR#+zF!SD94U+j`W5df#|z%c*- literal 0 HcmV?d00001