diff --git a/nixos/server/package-configs/dashboard/default.nix b/nixos/server/package-configs/dashboard/default.nix new file mode 100644 index 0000000..5bbfb09 --- /dev/null +++ b/nixos/server/package-configs/dashboard/default.nix @@ -0,0 +1,14 @@ +{ + inputs, + outputs, + lib, + config, + pkgs, + ... +}: { + imports = [ + ./grafana + #./loki + ./prometheus + ]; +} diff --git a/nixos/server/package-configs/dashboard/grafana/default.nix b/nixos/server/package-configs/dashboard/grafana/default.nix new file mode 100644 index 0000000..5589873 --- /dev/null +++ b/nixos/server/package-configs/dashboard/grafana/default.nix @@ -0,0 +1,48 @@ +{ + config, + pkgs, + ... +}: { + # grafana configuration + services.grafana = { + enable = true; + settings.server = { + domain = "grafana.lillianviolet.dev"; + http_port = 2342; + http_addr = "127.0.0.1"; + }; + provision = { + datasources.settings = { + apiVersion = 1; + datasources = [ + { + name = "Prometheus"; + type = "prometheus"; + access = "proxy"; + url = "http://localhost:${toString config.services.prometheus.port}"; + isDefault = true; + } + # { + # name = "Loki"; + # type = "loki"; + # access = "proxy"; + # url = "http://localhost:${config.services.loki.port}"; + # isDefault = true; + # } + ]; + }; + }; + }; + + # nginx reverse proxy + services.nginx.virtualHosts.${config.services.grafana.settings.server.domain} = { + ## Force HTTP redirect to HTTPS + forceSSL = true; + ## LetsEncrypt + enableACME = true; + locations."/" = { + proxyPass = "http://${toString config.services.grafana.settings.server.http_addr}:${toString config.services.grafana.settings.server.http_port}"; + proxyWebsockets = true; + }; + }; +} diff --git a/nixos/server/package-configs/dashboard/loki/default.nix b/nixos/server/package-configs/dashboard/loki/default.nix new file mode 100644 index 0000000..6e68716 --- /dev/null +++ b/nixos/server/package-configs/dashboard/loki/default.nix @@ -0,0 +1,10 @@ +{ + config, + pkgs, + ... +}: { + services.loki = { + enable = true; + configFile = ./loki.yaml; + }; +} diff --git a/nixos/server/package-configs/dashboard/loki/loki.yaml b/nixos/server/package-configs/dashboard/loki/loki.yaml new file mode 100644 index 0000000..d0e9699 --- /dev/null +++ b/nixos/server/package-configs/dashboard/loki/loki.yaml @@ -0,0 +1,40 @@ +# Enables authentication through the X-Scope-OrgID header, which must be present +# if true. If false, the OrgID will always be set to "fake". +auth_enabled: false + +server: + http_listen_address: "0.0.0.0" + http_listen_port: 3100 + +ingester: + lifecycler: + address: "127.0.0.1" + ring: + kvstore: + store: inmemory + replication_factor: 1 + final_sleep: 0s + chunk_idle_period: 5m + chunk_retain_period: 30s + +schema_config: + configs: + - from: 2020-05-15 + store: boltdb + object_store: filesystem + schema: v11 + index: + prefix: index_ + period: 168h + +storage_config: + boltdb: + directory: /tmp/loki/index + + filesystem: + directory: /tmp/loki/chunks + +limits_config: + enforce_metric_name: false + reject_old_samples: true + reject_old_samples_max_age: 168h \ No newline at end of file diff --git a/nixos/server/package-configs/dashboard/prometheus/default.nix b/nixos/server/package-configs/dashboard/prometheus/default.nix new file mode 100644 index 0000000..5ea9535 --- /dev/null +++ b/nixos/server/package-configs/dashboard/prometheus/default.nix @@ -0,0 +1,38 @@ +{ + config, + pkgs, + ... +}: { + services.prometheus = { + enable = true; + port = 9001; + # Export the current system metrics + exporters = { + node = { + enable = true; + enabledCollectors = ["systemd"]; + port = 9002; + }; + }; + scrapeConfigs = [ + # Scrape the current system + { + job_name = "GrafanaService system"; + static_configs = [ + { + targets = ["127.0.0.1:9002"]; + } + ]; + } + # Scrape the Loki service + # { + # job_name = "Loki service"; + # static_configs = [ + # { + # targets = ["127.0.0.1:3100"]; + # } + # ]; + # } + ]; + }; +} diff --git a/nixos/server/package-configs/default.nix b/nixos/server/package-configs/default.nix index b0104c5..ff7d535 100644 --- a/nixos/server/package-configs/default.nix +++ b/nixos/server/package-configs/default.nix @@ -15,5 +15,6 @@ ./postgres ./roundcube ./coturn + ./dashboard ]; } diff --git a/pkgs/fcast/default.nix b/pkgs/fcast/default.nix new file mode 100644 index 0000000..3919a72 --- /dev/null +++ b/pkgs/fcast/default.nix @@ -0,0 +1,202 @@ +{ + lib, + buildNpmPackage, + cargo, + copyDesktopItems, + dbus, + electron_28, + fetchFromGitLab, + glib, + gnome, + gtk3, + jq, + libsecret, + makeDesktopItem, + makeWrapper, + moreutils, + napi-rs-cli, + nodejs_18, + patchutils_0_4_2, + pkg-config, + python3, + runCommand, + rustc, + rustPlatform, +}: let + description = "A secure and free password manager for all of your devices"; + icon = "bitwarden"; + electron = electron_28; +in + buildNpmPackage rec { + pname = "bitwarden-desktop"; + version = "2024.3.0"; + + src = fetchFromGitLab { + owner = "videostreaming"; + repo = "fcast"; + rev = "b13d0f7e8150c279d377a78f89d338b7fc0f5539"; + hash = "sha256-XEZB95GnfSy/wtTWpF8KlUQwyephUZmSLtbOwbcvd7g="; + }; + + patches = [ + ./electron-builder-package-lock.patch + ]; + + # The nested package-lock.json from upstream is out-of-date, so copy the + # lock metadata from the root package-lock.json. + postPatch = '' + cat {,apps/desktop/src/}package-lock.json \ + | ${lib.getExe jq} -s ' + .[1].packages."".dependencies.argon2 = .[0].packages."".dependencies.argon2 + | .[0].packages."" = .[1].packages."" + | .[1].packages = .[0].packages + | .[1] + ' \ + | ${moreutils}/bin/sponge apps/desktop/src/package-lock.json + ''; + + nodejs = nodejs_18; + + makeCacheWritable = true; + npmFlags = ["--legacy-peer-deps"]; + npmWorkspace = "apps/desktop"; + npmDepsHash = "sha256-EpZXA+GkmHl5eqwIPTGHJZqrpr6k8gXneJG+GXumlkc="; + + cargoDeps = rustPlatform.fetchCargoTarball { + name = "${pname}-${version}"; + inherit src; + patches = + map + ( + patch: + runCommand + (builtins.baseNameOf patch) + {nativeBuildInputs = [patchutils_0_4_2];} + '' + < ${patch} filterdiff -p1 --include=${lib.escapeShellArg cargoRoot}'/*' > $out + '' + ) + patches; + patchFlags = ["-p4"]; + sourceRoot = "${src.name}/${cargoRoot}"; + hash = "sha256-qAqEFlUzT28fw6kLB8d7U8yXWevAU+q03zjN2xWsGyI="; + }; + cargoRoot = "apps/desktop/desktop_native"; + + env.ELECTRON_SKIP_BINARY_DOWNLOAD = "1"; + + nativeBuildInputs = [ + cargo + copyDesktopItems + jq + makeWrapper + moreutils + napi-rs-cli + pkg-config + python3 + rustc + rustPlatform.cargoCheckHook + rustPlatform.cargoSetupHook + ]; + + buildInputs = [ + glib + gtk3 + libsecret + ]; + + preBuild = '' + if [[ $(jq --raw-output '.devDependencies.electron' < package.json | grep -E --only-matching '^[0-9]+') != ${lib.escapeShellArg (lib.versions.major electron.version)} ]]; then + echo 'ERROR: electron version mismatch' + exit 1 + fi + ''; + + postBuild = '' + pushd apps/desktop + + # desktop_native/index.js loads a file of that name regarldess of the libc being used + mv desktop_native/desktop_native.* desktop_native/desktop_native.linux-x64-musl.node + + npm exec electron-builder -- \ + --dir \ + -c.electronDist=${electron}/libexec/electron \ + -c.electronVersion=${electron.version} + + popd + ''; + + doCheck = true; + + nativeCheckInputs = [ + dbus + (gnome.gnome-keyring.override {useWrappedDaemon = false;}) + ]; + + checkFlags = [ + "--skip=password::password::tests::test" + ]; + + checkPhase = '' + runHook preCheck + + pushd ${cargoRoot} + export HOME=$(mktemp -d) + export -f cargoCheckHook runHook _eval _callImplicitHook + export cargoCheckType=release + dbus-run-session \ + --config-file=${dbus}/share/dbus-1/session.conf \ + -- bash -e -c cargoCheckHook + popd + + runHook postCheck + ''; + + installPhase = '' + runHook preInstall + + mkdir $out + + pushd apps/desktop/dist/linux-unpacked + mkdir -p $out/opt/Bitwarden + cp -r locales resources{,.pak} $out/opt/Bitwarden + popd + + makeWrapper '${electron}/bin/electron' "$out/bin/bitwarden" \ + --add-flags $out/opt/Bitwarden/resources/app.asar \ + --add-flags "\''${NIXOS_OZONE_WL:+\''${WAYLAND_DISPLAY:+--ozone-platform-hint=auto --enable-features=WaylandWindowDecorations}}" \ + --set-default ELECTRON_IS_DEV 0 \ + --inherit-argv0 + + pushd apps/desktop/resources/icons + for icon in *.png; do + dir=$out/share/icons/hicolor/"''${icon%.png}"/apps + mkdir -p "$dir" + cp "$icon" "$dir"/${icon}.png + done + popd + + runHook postInstall + ''; + + desktopItems = [ + (makeDesktopItem { + name = "bitwarden"; + exec = "bitwarden %U"; + inherit icon; + comment = description; + desktopName = "Bitwarden"; + categories = ["Utility"]; + }) + ]; + + meta = { + changelog = "https://github.com/bitwarden/clients/releases/tag/${src.rev}"; + inherit description; + homepage = "https://bitwarden.com"; + license = lib.licenses.gpl3; + maintainers = with lib.maintainers; [amarshall kiwi]; + platforms = ["x86_64-linux"]; + mainProgram = "bitwarden"; + }; + }