From 73e221716fcfd1877616942c274349a1cf34eb51 Mon Sep 17 00:00:00 2001 From: Richie Cahill Date: Sat, 25 Apr 2026 14:37:26 -0400 Subject: [PATCH] adding nornsight --- systems/jeeves/default.nix | 5 ++++ systems/jeeves/scripts/zfs.sh | 1 + systems/jeeves/web_services/acme.nix | 17 +++++++++-- systems/jeeves/web_services/haproxy.cfg | 8 ++++- systems/rhapsody-in-green/agent_logger.nix | 35 ++++++++++++++++++++++ systems/rhapsody-in-green/open_webui.nix | 1 + users/math/default.nix | 2 ++ users/richie/default.nix | 2 ++ users/richie/home/gui/vscode/settings.json | 3 +- 9 files changed, 70 insertions(+), 4 deletions(-) create mode 100644 systems/rhapsody-in-green/agent_logger.nix diff --git a/systems/jeeves/default.nix b/systems/jeeves/default.nix index 7828bad..61d7499 100644 --- a/systems/jeeves/default.nix +++ b/systems/jeeves/default.nix @@ -37,5 +37,10 @@ in zerotierone.joinNetworks = [ "a09acf02330d37b9" ]; }; + users.groups = { + nornsight = { }; + nornsight-admin = { }; + }; + system.stateVersion = "24.05"; } diff --git a/systems/jeeves/scripts/zfs.sh b/systems/jeeves/scripts/zfs.sh index 71e9ca1..dbb8ce6 100644 --- a/systems/jeeves/scripts/zfs.sh +++ b/systems/jeeves/scripts/zfs.sh @@ -41,3 +41,4 @@ sudo zfs create storage/secure/plex -o recordsize=1M -o compression=zstd-19 sudo zfs create storage/secure/secrets -o compression=zstd-19 -o copies=3 sudo zfs create storage/secure/syncthing -o compression=zstd-19 sudo zfs create storage/secure/transmission -o recordsize=1M -o compression=zstd-9 -o exec=off -o sync=disabled +sudo zfs create storage/secure/important -o compression=zstd-19 -o copies=2 -o mountpoint=/zfs/storage/important diff --git a/systems/jeeves/web_services/acme.nix b/systems/jeeves/web_services/acme.nix index 538c1b6..a5caace 100644 --- a/systems/jeeves/web_services/acme.nix +++ b/systems/jeeves/web_services/acme.nix @@ -5,7 +5,9 @@ let "gitea" "jellyfin" "share" + "verilux" ]; + extraDomains = [ "www.norn-sight.com" ]; makeCert = name: { name = "${name}.tmmworkshop.com"; @@ -16,7 +18,18 @@ let }; }; - acmeServices = map (domain: "acme-${domain}.tmmworkshop.com.service") domains; + makeExtraCert = name: { + inherit name; + value = { + webroot = "/var/lib/acme/.challenges"; + group = "acme"; + reloadServices = [ "haproxy.service" ]; + }; + }; + + acmeServices = + map (domain: "acme-${domain}.tmmworkshop.com.service") domains + ++ map (domain: "acme-${domain}.service") extraDomains; in { users.users.haproxy.extraGroups = [ "acme" ]; @@ -24,7 +37,7 @@ in security.acme = { acceptTerms = true; defaults.email = "Richie@tmmworkshop.com"; - certs = builtins.listToAttrs (map makeCert domains); + certs = builtins.listToAttrs ((map makeCert domains) ++ (map makeExtraCert extraDomains)); }; # Minimal nginx to serve ACME HTTP-01 challenge files for HAProxy diff --git a/systems/jeeves/web_services/haproxy.cfg b/systems/jeeves/web_services/haproxy.cfg index f01ad17..899ef71 100644 --- a/systems/jeeves/web_services/haproxy.cfg +++ b/systems/jeeves/web_services/haproxy.cfg @@ -23,7 +23,7 @@ defaults #Application Setup frontend ContentSwitching bind *:80 v4v6 - bind *:443 v4v6 ssl crt /var/lib/acme/audiobookshelf.tmmworkshop.com/full.pem crt /var/lib/acme/cache.tmmworkshop.com/full.pem crt /var/lib/acme/jellyfin.tmmworkshop.com/full.pem crt /var/lib/acme/share.tmmworkshop.com/full.pem crt /var/lib/acme/gitea.tmmworkshop.com/full.pem + bind *:443 v4v6 ssl crt /var/lib/acme/audiobookshelf.tmmworkshop.com/full.pem crt /var/lib/acme/cache.tmmworkshop.com/full.pem crt /var/lib/acme/jellyfin.tmmworkshop.com/full.pem crt /var/lib/acme/share.tmmworkshop.com/full.pem crt /var/lib/acme/gitea.tmmworkshop.com/full.pem crt /var/lib/acme/www.norn-sight.com/full.pem mode http # ACME challenge routing (must be first) @@ -36,6 +36,7 @@ frontend ContentSwitching acl host_jellyfin hdr(host) -i jellyfin.tmmworkshop.com acl host_share hdr(host) -i share.tmmworkshop.com acl host_gitea hdr(host) -i gitea.tmmworkshop.com + acl host_norn_sight hdr(host) -i www.norn-sight.com # Hosts allowed to serve plain HTTP (add entries to skip the HTTPS redirect) acl allow_http hdr(host) -i __none__ @@ -49,6 +50,7 @@ frontend ContentSwitching use_backend jellyfin if host_jellyfin use_backend share_nodes if host_share use_backend gitea if host_gitea + use_backend norn_sight if host_norn_sight backend acme_challenge mode http @@ -76,3 +78,7 @@ backend share_nodes backend gitea mode http server server 127.0.0.1:6443 + +backend norn_sight + mode http + server server 192.168.90.49:8000 diff --git a/systems/rhapsody-in-green/agent_logger.nix b/systems/rhapsody-in-green/agent_logger.nix new file mode 100644 index 0000000..35fb508 --- /dev/null +++ b/systems/rhapsody-in-green/agent_logger.nix @@ -0,0 +1,35 @@ +{ + pkgs, + inputs, + ... +}: +{ + systemd.services.agent-logger = { + description = "Unified agent logger"; + after = [ "local-fs.target" ]; + wantedBy = [ "multi-user.target" ]; + + environment = { + AGENT_LOG_DB = "/var/lib/agent-logger/agent_log.sqlite"; + HOME = "/home/richie"; + PYTHONPATH = "${inputs.self}"; + }; + + serviceConfig = { + Type = "simple"; + User = "richie"; + WorkingDirectory = "/home/richie"; + ExecStart = "${pkgs.my_python}/bin/python -m python.agent_logger.main"; + StateDirectory = "agent-logger"; + Restart = "on-failure"; + RestartSec = "5s"; + StandardOutput = "journal"; + StandardError = "journal"; + NoNewPrivileges = true; + ProtectSystem = "strict"; + ProtectHome = "read-only"; + PrivateTmp = true; + ReadOnlyPaths = [ "${inputs.self}" ]; + }; + }; +} diff --git a/systems/rhapsody-in-green/open_webui.nix b/systems/rhapsody-in-green/open_webui.nix index 827543b..e1d4065 100644 --- a/systems/rhapsody-in-green/open_webui.nix +++ b/systems/rhapsody-in-green/open_webui.nix @@ -1,6 +1,7 @@ { services.open-webui = { enable = true; + host = "0.0.0.0"; environment = { ANONYMIZED_TELEMETRY = "False"; DO_NOT_TRACK = "True"; diff --git a/users/math/default.nix b/users/math/default.nix index 4f28cbe..a9a1c86 100644 --- a/users/math/default.nix +++ b/users/math/default.nix @@ -36,6 +36,8 @@ in "hass" "libvirtd" "networkmanager" + "nornsight" + "nornsight-admin" "plugdev" "scanner" "transmission" diff --git a/users/richie/default.nix b/users/richie/default.nix index ba21dc8..c8368ff 100644 --- a/users/richie/default.nix +++ b/users/richie/default.nix @@ -36,6 +36,8 @@ in "hass" "libvirtd" "networkmanager" + "nornsight" + "nornsight-admin" "ollama" "plugdev" "scanner" diff --git a/users/richie/home/gui/vscode/settings.json b/users/richie/home/gui/vscode/settings.json index c49309f..43df851 100644 --- a/users/richie/home/gui/vscode/settings.json +++ b/users/richie/home/gui/vscode/settings.json @@ -14,7 +14,7 @@ "git.pruneOnFetch": true, "terminal.integrated.scrollback": 10000, "update.mode": "none", - "workbench.colorTheme": "Default Dark+", + "workbench.colorTheme": "Dark+", "workbench.secondarySideBar.showLabels": false, // turns off all sounds and announcements @@ -98,4 +98,5 @@ "hediet.vscode-drawio.resizeImages": null, "hediet.vscode-drawio.appearance": "automatic", "claudeCode.preferredLocation": "panel", + "docker.extension.enableComposeLanguageServer": false, }