feat: atuin

truxnell · Dec 17, 2024 · a9aad74 · a9aad74
1 parent f452db6
commit a9aad74
Show file tree

Hide file tree

Showing 4 changed files with 163 additions and 1 deletion.
diff --git a/nixos/hosts/daedalus/default.nix b/nixos/hosts/daedalus/default.nix
@@ -36,6 +36,7 @@
       maintainerr.enable = true;
       immich.enable = true;
       filebrowser.enable = true;
+      atuin.enable = true;
       syncthing = {
         enable = true;
         syncPath = "/zfs/syncthing/";

diff --git a/nixos/modules/nixos/services/atuin/default.nix b/nixos/modules/nixos/services/atuin/default.nix
@@ -0,0 +1,160 @@
+{ lib
+, config
+, pkgs
+, ...
+}:
+with lib;
+let
+  cfg = config.mySystem.${category}.${app};
+  app = "atuin";
+  category = "services";
+  description = "synced terminal history";
+  # image = "";
+  user = "568"; #string
+  group = "568"; #string
+  port = config.services.atuin.port; #int
+  appFolder = "/var/lib/${app}";
+  # persistentFolder = "${config.mySystem.persistentFolder}/var/lib/${appFolder}";
+  host = "${app}" + (if cfg.dev then "-dev" else "");
+  url = "${host}.${config.networking.domain}";
+in
+{
+  options.mySystem.${category}.${app} =
+    {
+      enable = mkEnableOption "${app}";
+      addToHomepage = mkEnableOption "Add ${app} to homepage" // { default = true; };
+      monitor = mkOption
+        {
+          type = lib.types.bool;
+          description = "Enable gatus monitoring";
+          default = true;
+        };
+      prometheus = mkOption
+        {
+          type = lib.types.bool;
+          description = "Enable prometheus scraping";
+          default = true;
+        };
+      addToDNS = mkOption
+        {
+          type = lib.types.bool;
+          description = "Add to DNS list";
+          default = true;
+        };
+      dev = mkOption
+        {
+          type = lib.types.bool;
+          description = "Development instance";
+          default = false;
+        };
+      backup = mkOption
+        {
+          type = lib.types.bool;
+          description = "Enable backups";
+          default = true;
+        };
+
+
+
+    };
+
+  config = mkIf cfg.enable {
+
+    ## Secrets
+    # sops.secrets."${category}/${app}/env" = {
+    #   sopsFile = ./secrets.sops.yaml;
+    #   owner = user;
+    #   group = group;
+    #   restartUnits = [ "${app}.service" ];
+    # };
+
+    # users.users.truxnell.extraGroups = [ group ];
+
+
+    # Folder perms - only for containers
+    # systemd.tmpfiles.rules = [
+    # "d ${appFolder}/ 0750 ${user} ${group} -"
+    # ];
+
+    environment.persistence."${config.mySystem.system.impermanence.persistPath}" = lib.mkIf config.mySystem.system.impermanence.enable {
+      directories = [{ directory = appFolder; inherit user; inherit group; mode = "750"; }];
+    };
+
+
+    ## service
+    services.atuin = {
+      enable = true;
+      openFirewall = false;
+      openRegistration = true;
+    };
+
+    ## OR
+
+    # virtualisation.oci-containers.containers = config.lib.mySystem.mkContainer {
+    #   inherit app image user group;
+    #   env = { };
+    #   ports = [ ];
+    #   environmentFiles = [ ];
+    # };
+
+
+    # homepage integration
+    mySystem.services.homepage.infrastructure = mkIf cfg.addToHomepage [
+      {
+        ${app} = {
+          icon = "${app}.svg";
+          href = "https://${url}";
+          inherit description;
+        };
+      }
+    ];
+
+    ### gatus integration
+    mySystem.services.gatus.monitors = mkIf cfg.monitor [
+      {
+        name = app;
+        group = "${category}";
+        url = "https://${url}";
+        interval = "1m";
+        conditions = [ "[CONNECTED] == true" "[STATUS] == 200" "[RESPONSE_TIME] < 50" ];
+      }
+    ];
+
+    ### Ingress
+    services.nginx.virtualHosts.${url} = {
+      forceSSL = true;
+      useACMEHost = config.networking.domain;
+      locations."^~ /" = {
+        proxyPass = "http://127.0.0.1:${builtins.toString port}";
+      };
+    };
+
+    ### firewall config
+
+    # networking.firewall = mkIf cfg.openFirewall {
+    #   allowedTCPPorts = [ port ];
+    #   allowedUDPPorts = [ port ];
+    # };
+
+    ### backups
+    warnings = [
+      (mkIf (!cfg.backup && config.mySystem.purpose != "Development")
+        "WARNING: Backups for ${app} are disabled!")
+    ];
+
+    services.restic.backups = mkIf cfg.backup (config.lib.mySystem.mkRestic
+      {
+        inherit app user;
+        paths = [ appFolder ];
+        inherit appFolder;
+      });
+
+
+    # services.postgresqlBackup = {
+    #   databases = [ app ];
+    # };
+
+
+
+  };
+}
diff --git a/nixos/modules/nixos/services/default.nix b/nixos/modules/nixos/services/default.nix
@@ -46,5 +46,6 @@
     ./navidrome
     ./vikunja
     ./steam
+    ./atuin
   ];
 }
diff --git a/nixos/modules/nixos/services/syncthing/default.nix b/nixos/modules/nixos/services/syncthing/default.nix
@@ -118,7 +118,7 @@ in
             "daedalus" = { id = "HJOBCTW-NZHZLUU-HOUBWYC-R3MX3PL-EI4R6PN-74RN7EW-UBEUY7H-TNMEPQB"; };
             "rickenbacker" = { id = "WTL2NPD-QDY26QZ-NNGRK7R-Z6A7U67-3RBP5PN-BE2VO2V-XFQMT7H-3LMZKQH"; };
             "citadel" = { id = "OPJO4SQ-ZWGUZXL-XHF25ES-RNLF5TR-AOEY4O6-2TJEFU5-AVDOQ52-AOSJWAI"; };
-            "citadel-bazzite" = { id = "7E4I5SR-O5EFNCY-CJY2ZTY-2GBARFC-K774V4C-PMS6NL5-WS4GLXA-BLLU3AV"; };
+            "citadel-bazzite" = { id = "VJ4IMR3-HDZISJJ-BVM5LIN-BOHYS6M-F4AE6JY-TCK6KH4-DLNWI5I-WP5OSQIV"; };
             "steam-deck" = { id = "4TD66JX-TO4NBCX-2HSAXJL-JK43SVI-F5QYEWU-GTDPUNQ-BTLAM7Z-DLTEOAR"; };
           };
         folders = {
-Original file line number
+Diff line change
@@ Expand Up / @@ -46,5 +46,6 @@ @@
         ./navidrome
         ./vikunja
         ./steam
+        ./atuin
       ];
     }