adding nornsight

systems/jeeves/default.nix

@@ -37,5 +37,10 @@ in
     zerotierone.joinNetworks = [ "a09acf02330d37b9" ];
   };
 
+  users.groups = {
+    nornsight = { };
+    nornsight-admin = { };
+  };
+
   system.stateVersion = "24.05";
 }

systems/jeeves/scripts/zfs.sh

@@ -41,3 +41,4 @@ sudo zfs create storage/secure/plex -o recordsize=1M -o compression=zstd-19
 sudo zfs create storage/secure/secrets -o compression=zstd-19 -o copies=3
 sudo zfs create storage/secure/syncthing -o compression=zstd-19
 sudo zfs create storage/secure/transmission -o recordsize=1M -o compression=zstd-9 -o exec=off -o sync=disabled
+sudo zfs create storage/secure/important -o compression=zstd-19 -o copies=2 -o mountpoint=/zfs/storage/important

systems/jeeves/web_services/acme.nix

@@ -5,7 +5,9 @@ let
     "gitea"
     "jellyfin"
     "share"
+    "verilux"
   ];
+  extraDomains = [ "www.norn-sight.com" ];
 
   makeCert = name: {
     name = "${name}.tmmworkshop.com";
@@ -16,7 +18,18 @@ let
     };
   };
 
-  acmeServices = map (domain: "acme-${domain}.tmmworkshop.com.service") domains;
+  makeExtraCert = name: {
+    inherit name;
+    value = {
+      webroot = "/var/lib/acme/.challenges";
+      group = "acme";
+      reloadServices = [ "haproxy.service" ];
+    };
+  };
+
+  acmeServices =
+    map (domain: "acme-${domain}.tmmworkshop.com.service") domains
+    ++ map (domain: "acme-${domain}.service") extraDomains;
 in
 {
   users.users.haproxy.extraGroups = [ "acme" ];
@@ -24,7 +37,7 @@ in
   security.acme = {
     acceptTerms = true;
     defaults.email = "Richie@tmmworkshop.com";
-    certs = builtins.listToAttrs (map makeCert domains);
+    certs = builtins.listToAttrs ((map makeCert domains) ++ (map makeExtraCert extraDomains));
   };
 
   # Minimal nginx to serve ACME HTTP-01 challenge files for HAProxy

systems/jeeves/web_services/haproxy.cfg

@@ -23,7 +23,7 @@ defaults
 #Application Setup
 frontend ContentSwitching
   bind *:80 v4v6
-  bind *:443 v4v6 ssl crt /var/lib/acme/audiobookshelf.tmmworkshop.com/full.pem crt /var/lib/acme/cache.tmmworkshop.com/full.pem crt /var/lib/acme/jellyfin.tmmworkshop.com/full.pem crt /var/lib/acme/share.tmmworkshop.com/full.pem crt /var/lib/acme/gitea.tmmworkshop.com/full.pem
+  bind *:443 v4v6 ssl crt /var/lib/acme/audiobookshelf.tmmworkshop.com/full.pem crt /var/lib/acme/cache.tmmworkshop.com/full.pem crt /var/lib/acme/jellyfin.tmmworkshop.com/full.pem crt /var/lib/acme/share.tmmworkshop.com/full.pem crt /var/lib/acme/gitea.tmmworkshop.com/full.pem crt /var/lib/acme/www.norn-sight.com/full.pem
   mode  http
 
   # ACME challenge routing (must be first)
@@ -36,6 +36,7 @@ frontend ContentSwitching
   acl host_jellyfin  hdr(host) -i jellyfin.tmmworkshop.com
   acl host_share  hdr(host) -i share.tmmworkshop.com
   acl host_gitea  hdr(host) -i gitea.tmmworkshop.com
+  acl host_norn_sight  hdr(host) -i www.norn-sight.com
 
   # Hosts allowed to serve plain HTTP (add entries to skip the HTTPS redirect)
   acl allow_http hdr(host) -i __none__
@@ -49,6 +50,7 @@ frontend ContentSwitching
   use_backend jellyfin if host_jellyfin
   use_backend share_nodes  if host_share
   use_backend gitea  if host_gitea
+  use_backend norn_sight  if host_norn_sight
 
 backend acme_challenge
   mode http
@@ -76,3 +78,7 @@ backend share_nodes
 backend gitea
   mode http
   server server 127.0.0.1:6443
+
+backend norn_sight
+  mode http
+  server server 192.168.90.49:8000

systems/rhapsody-in-green/agent_logger.nix

@@ -0,0 +1,35 @@
+{
+  pkgs,
+  inputs,
+  ...
+}:
+{
+  systemd.services.agent-logger = {
+    description = "Unified agent logger";
+    after = [ "local-fs.target" ];
+    wantedBy = [ "multi-user.target" ];
+
+    environment = {
+      AGENT_LOG_DB = "/var/lib/agent-logger/agent_log.sqlite";
+      HOME = "/home/richie";
+      PYTHONPATH = "${inputs.self}";
+    };
+
+    serviceConfig = {
+      Type = "simple";
+      User = "richie";
+      WorkingDirectory = "/home/richie";
+      ExecStart = "${pkgs.my_python}/bin/python -m python.agent_logger.main";
+      StateDirectory = "agent-logger";
+      Restart = "on-failure";
+      RestartSec = "5s";
+      StandardOutput = "journal";
+      StandardError = "journal";
+      NoNewPrivileges = true;
+      ProtectSystem = "strict";
+      ProtectHome = "read-only";
+      PrivateTmp = true;
+      ReadOnlyPaths = [ "${inputs.self}" ];
+    };
+  };
+}

systems/rhapsody-in-green/open_webui.nix

@@ -1,6 +1,7 @@
 {
   services.open-webui = {
     enable = true;
+    host = "0.0.0.0";
     environment = {
       ANONYMIZED_TELEMETRY = "False";
       DO_NOT_TRACK = "True";

users/math/default.nix

@@ -36,6 +36,8 @@ in
         "hass"
         "libvirtd"
         "networkmanager"
+        "nornsight"
+        "nornsight-admin"
         "plugdev"
         "scanner"
         "transmission"

users/richie/default.nix

@@ -36,6 +36,8 @@ in
         "hass"
         "libvirtd"
         "networkmanager"
+        "nornsight"
+        "nornsight-admin"
         "ollama"
         "plugdev"
         "scanner"

users/richie/home/gui/vscode/settings.json

@@ -14,7 +14,7 @@
   "git.pruneOnFetch": true,
   "terminal.integrated.scrollback": 10000,
   "update.mode": "none",
-  "workbench.colorTheme": "Default Dark+",
+  "workbench.colorTheme": "Dark+",
   "workbench.secondarySideBar.showLabels": false,
 
   // turns off all sounds and announcements
@@ -98,4 +98,5 @@
   "hediet.vscode-drawio.resizeImages": null,
   "hediet.vscode-drawio.appearance": "automatic",
   "claudeCode.preferredLocation": "panel",
+  "docker.extension.enableComposeLanguageServer": false,
 }