feat(madoka): uptime-kuma

2024-08-24 21:26:38 +03:00 · 2024-08-24 21:26:38 +03:00 · 193d89b337
commit 193d89b337
parent 5e82618be2
4 changed files with 44 additions and 0 deletions
--- a/hosts/madohomu/common.nix
+++ b/hosts/madohomu/common.nix
@ -20,6 +20,9 @@
  users.users.root.openssh.authorizedKeys.keyFiles = [
    (abs "ssh/teidesu.pub")
  ];
+
+  virtualisation.docker.enable = true;
+  virtualisation.oci-containers.backend = "docker";
  
  system.stateVersion = "23.11";
 }
--- a/hosts/madohomu/madoka.nix
+++ b/hosts/madohomu/madoka.nix
@ -3,6 +3,7 @@
 {
  imports = [
    ./common.nix
+    ./services/uptime-kuma.nix
  ];
  
  networking.hostName = "madoka";
--- a/hosts/madohomu/services/uptime-kuma.nix
+++ b/hosts/madohomu/services/uptime-kuma.nix
@ -0,0 +1,40 @@
+{ abs, config, ... }:
+
+let 
+  secrets = import (abs "lib/secrets.nix");
+
+  UID = 1100;
+in {
+  # we use cf tunnels because 443 port is used by the proxy,
+  # and it's also generally easier
+  imports = [
+    (secrets.declare [{
+      name = "madohomu-cf-token";
+      owner = "uptime-kuma";
+    }])
+  ];
+
+  users.users.uptime-kuma = {
+    isNormalUser = true;
+    uid = UID;
+  };
+  users.groups.uptime-kuma = {};
+
+  virtualisation.oci-containers.containers.uptime-kuma = {
+    image = "louislam/uptime-kuma:1.23.13-debian";
+    volumes = [
+      "/srv/uptime-kuma:/app/data"
+    ];
+    environment = {
+      PUID = builtins.toString UID;
+      PGID = builtins.toString UID;
+    };
+    environmentFiles = [
+      (secrets.file config "madohomu-cf-token")
+    ];
+  };
+
+  systemd.tmpfiles.rules = [
+    "d /srv/uptime-kuma 0700 ${builtins.toString UID} ${builtins.toString UID} -"
+  ];
+}
--- a/secrets/madohomu-cf-token.age
+++ b/secrets/madohomu-cf-token.age