diff --git a/hosts/madohomu/common.nix b/hosts/madohomu/common.nix index 7c86e42..28903bf 100644 --- a/hosts/madohomu/common.nix +++ b/hosts/madohomu/common.nix @@ -20,6 +20,9 @@ users.users.root.openssh.authorizedKeys.keyFiles = [ (abs "ssh/teidesu.pub") ]; + + virtualisation.docker.enable = true; + virtualisation.oci-containers.backend = "docker"; system.stateVersion = "23.11"; } \ No newline at end of file diff --git a/hosts/madohomu/madoka.nix b/hosts/madohomu/madoka.nix index bf94d64..77609b2 100644 --- a/hosts/madohomu/madoka.nix +++ b/hosts/madohomu/madoka.nix @@ -3,6 +3,7 @@ { imports = [ ./common.nix + ./services/uptime-kuma.nix ]; networking.hostName = "madoka"; diff --git a/hosts/madohomu/services/uptime-kuma.nix b/hosts/madohomu/services/uptime-kuma.nix new file mode 100644 index 0000000..f003821 --- /dev/null +++ b/hosts/madohomu/services/uptime-kuma.nix @@ -0,0 +1,40 @@ +{ abs, config, ... }: + +let + secrets = import (abs "lib/secrets.nix"); + + UID = 1100; +in { + # we use cf tunnels because 443 port is used by the proxy, + # and it's also generally easier + imports = [ + (secrets.declare [{ + name = "madohomu-cf-token"; + owner = "uptime-kuma"; + }]) + ]; + + users.users.uptime-kuma = { + isNormalUser = true; + uid = UID; + }; + users.groups.uptime-kuma = {}; + + virtualisation.oci-containers.containers.uptime-kuma = { + image = "louislam/uptime-kuma:1.23.13-debian"; + volumes = [ + "/srv/uptime-kuma:/app/data" + ]; + environment = { + PUID = builtins.toString UID; + PGID = builtins.toString UID; + }; + environmentFiles = [ + (secrets.file config "madohomu-cf-token") + ]; + }; + + systemd.tmpfiles.rules = [ + "d /srv/uptime-kuma 0700 ${builtins.toString UID} ${builtins.toString UID} -" + ]; +} \ No newline at end of file diff --git a/secrets/madohomu-cf-token.age b/secrets/madohomu-cf-token.age new file mode 100644 index 0000000..a83682b Binary files /dev/null and b/secrets/madohomu-cf-token.age differ