homelab framework module init (everything is a mess)

2025-07-28 02:05:13 +02:00 · 2025-07-28 02:05:13 +02:00 · bcbcc8b17b
commit bcbcc8b17b
parent 0347f4d325
94 changed files with 7289 additions and 436 deletions
--- a/modules/nixos/services/default.nix
+++ b/modules/nixos/services/default.nix
@ -0,0 +1,4 @@
+{
+  jellyfin = import ./jellyfin.nix;
+  grafana = import ./grafana.nix;
+}
--- a/modules/nixos/services/forgejo-runner.nix
+++ b/modules/nixos/services/forgejo-runner.nix
--- a/modules/nixos/services/forgejo.nix
+++ b/modules/nixos/services/forgejo.nix
@ -0,0 +1 @@
+
--- a/modules/nixos/services/grafana.nix
+++ b/modules/nixos/services/grafana.nix
@ -0,0 +1,72 @@
+# modules/services/grafana.nix
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.services.grafana;
+  helpers = import ../lib/helpers.nix {inherit lib;};
+in {
+  options.services.grafana = {
+    enable = mkEnableOption "Grafana monitoring dashboard";
+    port = mkOption {
+      type = types.port;
+      default = 3000;
+      description = "Grafana web interface port";
+    };
+    adminPassword = mkOption {
+      type = types.str;
+      description = "Admin password for Grafana";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.grafana = {
+      enable = true;
+      settings = {
+        server = {
+          http_port = cfg.port;
+          domain = "${config.homelab.global.hostname}.${config.homelab.global.domain}";
+        };
+        security = {
+          admin_password = cfg.adminPassword;
+        };
+      };
+    };
+
+    homelab.global = {
+      backups.jobs = [
+        {
+          name = "grafana-data";
+          backend = "restic";
+          paths = ["/var/lib/grafana"];
+          schedule = "daily";
+          excludePatterns = ["*/plugins/*" "*/png/*"];
+        }
+      ];
+
+      reverseProxy.entries = [
+        {
+          subdomain = "grafana";
+          port = cfg.port;
+          enableAuth = false; # Grafana handles its own auth
+        }
+      ];
+
+      monitoring.endpoints = [
+        {
+          name = "grafana";
+          port = cfg.port;
+          path = "/metrics";
+          jobName = "grafana";
+          labels = {
+            service = "grafana";
+            type = "monitoring";
+          };
+        }
+      ];
+    };
+  };
+}
--- a/modules/nixos/services/jellyfin.nix
+++ b/modules/nixos/services/jellyfin.nix
@ -0,0 +1,125 @@
+# modules/services/jellyfin.nix
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.services.jellyfin;
+in {
+  options.services.jellyfin = {
+    enable = mkEnableOption "Jellyfin media server";
+
+    port = mkOption {
+      type = types.port;
+      default = 8096;
+      description = "Port for Jellyfin web interface";
+    };
+
+    dataDir = mkOption {
+      type = types.str;
+      default = "/var/lib/jellyfin";
+      description = "Directory to store Jellyfin data";
+    };
+
+    mediaDir = mkOption {
+      type = types.str;
+      default = "/media";
+      description = "Directory containing media files";
+    };
+
+    enableMetrics = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Enable Prometheus metrics";
+    };
+
+    exposeWeb = mkOption {
+      type = types.bool;
+      default = true;
+      description = "Expose web interface through reverse proxy";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # Enable the service
+    services.jellyfin = {
+      enable = true;
+      dataDir = cfg.dataDir;
+    };
+
+    # Configure global settings
+    homelab.global = {
+      # Add backup job for Jellyfin data
+      backups.jobs = [
+        {
+          name = "jellyfin-config";
+          backend = "restic";
+          paths = ["${cfg.dataDir}/config" "${cfg.dataDir}/data"];
+          schedule = "0 2 * * *"; # Daily at 2 AM
+          excludePatterns = [
+            "*/cache/*"
+            "*/transcodes/*"
+            "*/logs/*"
+          ];
+          preHook = ''
+            # Stop jellyfin for consistent backup
+            systemctl stop jellyfin
+          '';
+          postHook = ''
+            # Restart jellyfin after backup
+            systemctl start jellyfin
+          '';
+        }
+        {
+          name = "jellyfin-media";
+          backend = "restic";
+          paths = [cfg.mediaDir];
+          schedule = "0 3 * * 0"; # Weekly on Sunday at 3 AM
+          excludePatterns = [
+            "*.tmp"
+            "*/.@__thumb/*" # Synology thumbnails
+          ];
+        }
+      ];
+
+      # Add reverse proxy entry if enabled
+      reverseProxy.entries = mkIf cfg.exposeWeb [
+        {
+          subdomain = "jellyfin";
+          port = cfg.port;
+          enableAuth = false; # Jellyfin has its own auth
+          websockets = true;
+          customHeaders = {
+            "X-Forwarded-Proto" = "$scheme";
+            "X-Forwarded-Host" = "$host";
+          };
+        }
+      ];
+
+      # Add monitoring endpoint if metrics enabled
+      monitoring.endpoints = mkIf cfg.enableMetrics [
+        {
+          name = "jellyfin";
+          port = cfg.port;
+          path = "/metrics"; # Assuming you have a metrics plugin
+          jobName = "jellyfin";
+          scrapeInterval = "60s";
+          labels = {
+            service = "jellyfin";
+            type = "media-server";
+          };
+        }
+      ];
+    };
+
+    # Open firewall
+    networking.firewall.allowedTCPPorts = [cfg.port];
+
+    # Create media directory
+    systemd.tmpfiles.rules = [
+      "d ${cfg.mediaDir} 0755 jellyfin jellyfin -"
+    ];
+  };
+}
--- a/modules/nixos/services/postgres.nix
+++ b/modules/nixos/services/postgres.nix
--- a/modules/nixos/services/prometheus.nix
+++ b/modules/nixos/services/prometheus.nix
@ -0,0 +1,208 @@
+# modules/services/prometheus.nix
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.homelab.services.prometheus;
+  globalCfg = config.homelab.global;
+in {
+  options.homelab.services.prometheus = {
+    enable = mkEnableOption "Prometheus monitoring server";
+
+    port = mkOption {
+      type = types.port;
+      default = 9090;
+      description = "Prometheus server port";
+    };
+
+    webExternalUrl = mkOption {
+      type = types.str;
+      default = "http://${globalCfg.hostname}:${toString cfg.port}";
+      description = "External URL for Prometheus";
+    };
+
+    retention = mkOption {
+      type = types.str;
+      default = "30d";
+      description = "Data retention period";
+    };
+
+    scrapeConfigs = mkOption {
+      type = types.listOf types.attrs;
+      default = [];
+      description = "Additional scrape configurations";
+    };
+
+    alertmanager = {
+      enable = mkOption {
+        type = types.bool;
+        default = false;
+        description = "Enable Alertmanager integration";
+      };
+
+      url = mkOption {
+        type = types.str;
+        default = "http://localhost:9093";
+        description = "Alertmanager URL";
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    # Register service with global homelab config
+    homelab.global.services.prometheus = {
+      enable = true;
+      description = "Metrics collection and monitoring server";
+      category = "monitoring";
+      ports = [cfg.port];
+      tags = ["metrics" "monitoring" "alerting"];
+      priority = 20;
+      dependencies = ["node-exporter"];
+    };
+
+    # Configure the actual Prometheus service
+    services.prometheus = {
+      enable = true;
+      port = cfg.port;
+      webExternalUrl = cfg.webExternalUrl;
+
+      retentionTime = cfg.retention;
+
+      scrapeConfigs =
+        [
+          # Auto-discover monitoring endpoints from global config
+          {
+            job_name = "homelab-auto";
+            static_configs = [
+              {
+                targets =
+                  map (
+                    endpoint: "${globalCfg.hostname}:${toString endpoint.port}"
+                  )
+                  globalCfg.monitoring.endpoints;
+              }
+            ];
+            scrape_interval = "30s";
+            metrics_path = "/metrics";
+          }
+        ]
+        ++ cfg.scrapeConfigs;
+
+      # Alertmanager configuration
+      alertmanagers = mkIf cfg.alertmanager.enable [
+        {
+          static_configs = [
+            {
+              targets = [cfg.alertmanager.url];
+            }
+          ];
+        }
+      ];
+
+      rules = [
+        # Basic homelab alerting rules
+        (pkgs.writeText "homelab-alerts.yml" ''
+          groups:
+            - name: homelab
+              rules:
+                - alert: ServiceDown
+                  expr: up == 0
+                  for: 5m
+                  labels:
+                    severity: critical
+                  annotations:
+                    summary: "Service {{ $labels.instance }} is down"
+                    description: "{{ $labels.job }} on {{ $labels.instance }} has been down for more than 5 minutes."
+
+                - alert: HighMemoryUsage
+                  expr: (node_memory_MemTotal_bytes - node_memory_MemAvailable_bytes) / node_memory_MemTotal_bytes > 0.9
+                  for: 10m
+                  labels:
+                    severity: warning
+                  annotations:
+                    summary: "High memory usage on {{ $labels.instance }}"
+                    description: "Memory usage is above 90% on {{ $labels.instance }}"
+
+                - alert: HighDiskUsage
+                  expr: (node_filesystem_size_bytes - node_filesystem_free_bytes) / node_filesystem_size_bytes > 0.85
+                  for: 5m
+                  labels:
+                    severity: warning
+                  annotations:
+                    summary: "High disk usage on {{ $labels.instance }}"
+                    description: "Disk usage is above 85% on {{ $labels.instance }} for filesystem {{ $labels.mountpoint }}"
+        '')
+      ];
+    };
+
+    # Add monitoring endpoint to global config
+    homelab.global.monitoring.endpoints = [
+      {
+        name = "prometheus";
+        port = cfg.port;
+        path = "/metrics";
+        jobName = "prometheus";
+        scrapeInterval = "30s";
+        labels = {
+          service = "prometheus";
+          role = "monitoring";
+        };
+      }
+    ];
+
+    # Add reverse proxy entry if configured
+    homelab.global.reverseProxy.entries = mkIf (globalCfg.domain != null) [
+      {
+        subdomain = "prometheus";
+        port = cfg.port;
+        path = "/";
+        enableAuth = true;
+        enableSSL = true;
+        customHeaders = {
+          "X-Frame-Options" = "DENY";
+          "X-Content-Type-Options" = "nosniff";
+        };
+      }
+    ];
+
+    # Add backup job for Prometheus data
+    homelab.global.backups.jobs = [
+      {
+        name = "prometheus-data";
+        backend = "restic";
+        paths = ["/var/lib/prometheus2"];
+        schedule = "daily";
+        retention = {
+          daily = "7";
+          weekly = "4";
+          monthly = "3";
+          yearly = "1";
+        };
+        excludePatterns = [
+          "*.tmp"
+          "*/wal/*"
+        ];
+        preHook = ''
+          # Stop prometheus temporarily for consistent backup
+          systemctl stop prometheus
+        '';
+        postHook = ''
+          # Restart prometheus after backup
+          systemctl start prometheus
+        '';
+      }
+    ];
+
+    # Open firewall port
+    networking.firewall.allowedTCPPorts = [cfg.port];
+
+    # Create prometheus configuration directory
+    systemd.tmpfiles.rules = [
+      "d /var/lib/prometheus2 0755 prometheus prometheus -"
+      "d /etc/prometheus 0755 root root -"
+    ];
+  };
+}