diff --git a/hosts/common/default.nix b/hosts/common/default.nix index 85e2793..6c7e627 100644 --- a/hosts/common/default.nix +++ b/hosts/common/default.nix @@ -4,7 +4,6 @@ imports = [ ./users ./services - ./homelab ./vps inputs.home-manager.nixosModules.home-manager ]; diff --git a/hosts/vps/configuration.nix b/hosts/vps/configuration.nix index 5119238..9f81b62 100644 --- a/hosts/vps/configuration.nix +++ b/hosts/vps/configuration.nix @@ -33,24 +33,80 @@ services.caddy = { enable = true; + logDir = "/var/log/caddy"; + + # Configure log format using mkForce to make sure it takes effect + logFormat = lib.mkForce '' + level INFO + output file /var/log/caddy/access.log { + roll_size 50mb + roll_keep 5 + roll_keep_for 720h + } + format json + ''; + + # Reverse proxy configuration for each domain extraConfig = '' fs.nmd.mov { reverse_proxy localhost:5000 + log } + vpn.nmd.mov { reverse_proxy localhost:51821 + log } + s.nmd.mov { reverse_proxy localhost:8384 + log } + drop.nmd.mov { reverse_proxy localhost:3000 - } + log + } + dot.nmd.mov { - reverse_proxy localhost:4400 + reverse_proxy localhost:19999 + log + + basic_auth /* { + nomad $2a$12$toBh5sfXyxigtHGNY4t8tO7YYQp6i3aZk/O0qd19lgk0LRz5eqDVi + } } ''; }; + services.netdata = { + enable = true; + package = pkgs.netdata.override { + withCloudUi = true; + }; + extraPluginPaths = [ "/etc/netdata/custom-plugins.d" ]; + configDir = { + # Add the custom plugin script to the Netdata configuration directory + "plugins.d/caddy_visitors.sh" = pkgs.writeText "caddy_visitors.sh" '' + #!/bin/env/sh + + # Path to the Caddy JSON access log file + log_file="/var/log/caddy/access.log" + + # Extract unique visitor IPs from JSON log file + unique_visitors=$(jq -r "select(.request.remote_ip != null) | .request.remote_ip" "$log_file" | sort | uniq | wc -l) + + # Define the chart + echo CHART caddy_visitors.unique_ips "Unique Visitors from Caddy Logs" "IPs" "Caddy Logs" caddy_visitors line $((netdata_update_every * 10)) 1 + echo DIMENSION unique_visitors "" absolute 1 1 + + # Output the result in a format that Netdata understands + echo BEGIN caddy_visitors.unique_ips + echo SET unique_visitors = $unique_visitors + echo END + ''; + }; + }; + networking.useDHCP = lib.mkForce false; @@ -107,10 +163,11 @@ zsh arion sops + jq ]; - networking.firewall.enable = false; + networking.firewall.enable = true; networking.firewall.allowedTCPPorts = [ 22 80 @@ -127,6 +184,12 @@ 21027 51820 ]; + networking.firewall.extraCommands = '' + # Allow access to port 19999 from localhost + iptables -A INPUT -p tcp -s 127.0.0.1 --dport 19999 -j ACCEPT + # Block all other access to port 19999 + iptables -A INPUT -p tcp --dport 19999 -j DROP + ''; system.stateVersion = "24.05"; } diff --git a/update-report.sh b/update-report.sh index 21fe654..c3c5446 100755 --- a/update-report.sh +++ b/update-report.sh @@ -1 +1,25 @@ -nix store diff-closures $(ls -d /nix/var/nix/profiles/*|tail -2) +output=$(nix store diff-closures $(ls -d /nix/var/nix/profiles/* | tail -2) | sed -r "s/\x1B\[[0-9;]*[mK]//g") + +# Replace newline characters with spaces for a more horizontal notification +formatted_output=$(echo "$output" | awk ' +{ + # Extract package name, version, and size from the input line + if (match($0, /^([^:]+):.*→ ([^,]+), \+([0-9.]+) KiB/, arr)) { + package = arr[1] + full_version = arr[2] + size_kib = arr[3] + + # Extract only the first and second numbers of the version + split(full_version, version_parts, ".") + version = version_parts[1] "." version_parts[2] + + # Convert KiB to MiB and round to the nearest whole number if needed + size_mib = size_kib / 1024 + size_mib_rounded = (size_mib >= 1) ? sprintf("%.0f", size_mib) "M" : size_kib "KiB" + + # Create the formatted output line with special characters to make it stand out + printf "🔹 %s: %s +%s\n", package, version, size_mib_rounded + } +}') +dunstify -u low -h string:x-dunst-stack-tag:diff -a "💫 Updated Packages" "$formatted_output" +