CrazyChaoz/NixOS-Configuration
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Enable Scrutiny, InfluxDB2 and homepage dashboard

Browse source 
Open firewall ports for Scrutiny (8185) and homepage (8080).
Add binutils to systemPackages and enable services.influxdb2.
Configure Scrutiny to use InfluxDB.
Enable homepage-dashboard with widgets, bookmarks and an
environmentFile for secrets.
Fix docker pull string formatting and minor whitespace cleanup.
This commit is contained in:
Stefan Kempinger 2026-01-25 23:42:34 +01:00
parent 5da7dbabfb
commit 1ffb260e88
1 changed files with 281 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

289
heimserver/configuration.nix
View file

@ -80,6 +80,8 @@
2055 # ntopng sink 2055 # ntopng sink
8182 # ntopng frontend 8182 # ntopng frontend
8183 # adguardhome frontend 8183 # adguardhome frontend
8185 # scrutiny frontend
8080 # homepage
]; ];
firewall.allowedUDPPorts = [ firewall.allowedUDPPorts = [
53 53
@ -118,6 +120,8 @@
parted parted
borgbackup borgbackup
lshw lshw
binutils
influxdb2
nil nil
]; ];
@ -142,7 +146,6 @@
#services.resolved.enable = true; #services.resolved.enable = true;
services.nginx = { services.nginx = {
enable = true; enable = true;
recommendedTlsSettings = true; recommendedTlsSettings = true;
@ -264,7 +267,6 @@
}; };
}; };
services.fail2ban = { services.fail2ban = {
enable = true; enable = true;
@ -301,7 +303,7 @@
}; };
}; };
}; };
environment.etc."fail2ban/filter.d/immich.local".text = '' environment.etc."fail2ban/filter.d/immich.local".text = ''
[Definition] [Definition]
# Matches: ... Failed login attempt for user ... from ip address <HOST> # Matches: ... Failed login attempt for user ... from ip address <HOST>
@ -310,7 +312,7 @@
ignoreregex = ignoreregex =
''; '';
environment.etc."fail2ban/filter.d/forgejo.local".text = '' environment.etc."fail2ban/filter.d/forgejo.local".text = ''
[Definition] [Definition]
# Matches: ... Failed login attempt for user ... from ip address <HOST> # Matches: ... Failed login attempt for user ... from ip address <HOST>
@ -319,15 +321,15 @@
ignoreregex = ignoreregex =
''; '';
environment.etc."magic-update-script.sh".text = '' environment.etc."magic-update-script.sh".text = ''
#!/usr/bin/env bash #!/usr/bin/env bash
set -euo pipefail set -euo pipefail
echo "Pulling latest container images..." echo "Pulling latest container images..."
${lib.concatMapStringsSep "\n" (name: ${lib.concatMapStringsSep "\n" (
"docker pull ${config.virtualisation.oci-containers.containers.${name}.image}" name: "docker pull ${config.virtualisation.oci-containers.containers.${name}.image}"
) (builtins.attrNames config.virtualisation.oci-containers.containers)} ) (builtins.attrNames config.virtualisation.oci-containers.containers)}
echo "All images updated successfully!" echo "All images updated successfully!"
@ -440,7 +442,19 @@
--local-networks "185.27.122.0/24=WAN,192.168.69.0/24=LAN,192.168.42.0/24=Wireguard"''; --local-networks "185.27.122.0/24=WAN,192.168.69.0/24=LAN,192.168.42.0/24=Wireguard"'';
}; };
services.influxdb.enable = true; services.influxdb2 = {
enable = true;
# provision = {
# enable = true;
# initialSetup = {
# organization = "default";
# bucket = "default";
# passwordFile = pkgs.writeText "admin-pw" "ExAmPl3PA55W0rD";
# tokenFile = pkgs.writeText "admin-token" "verysecureadmintoken";
# };
# };
};
services.geoipupdate = { services.geoipupdate = {
enable = true; enable = true;
@ -458,6 +472,18 @@
}; };
}; };
services.scrutiny = {
enable = true;
settings.web.listen.port = 8185;
influxdb.enable = true;
collector.schedule = "hourly";
settings.web.influxdb = {
bucket = "default";
org = "default";
token = "verysecureadmintoken";
};
};
services.adguardhome = { services.adguardhome = {
enable = true; enable = true;
# You can select any ip and port, just make sure to open firewalls where needed # You can select any ip and port, just make sure to open firewalls where needed
@ -465,6 +491,253 @@
port = 8183; port = 8183;
}; };
services.homepage-dashboard = {
enable = true;
listenPort = 8080;
allowedHosts = "192.168.69.69:8080";
settings = {
title = "Heimserver";
theme = "dark";
color = "slate";
layout = {
"Home Automation" = {
style = "row";
columns = 3;
};
"Media & Storage" = {
style = "row";
columns = 2;
};
"Development" = {
style = "row";
columns = 2;
};
"Network & Monitoring" = {
style = "row";
columns = 3;
};
};
};
services = [
{
"Home Automation" = [
{
"Home Assistant" = {
href = "http://192.168.69.69:8123";
description = "Home automation platform";
icon = "home-assistant.png";
widget = {
type = "homeassistant";
url = "http://192.168.69.69:8123";
key = "{{HOMEPAGE_VAR_HASS_TOKEN}}"; # Create long-lived token in HA
# Shows: entities count, automations, sensors
custom = [
{
state = "sensor.indoor_outdoor_meter_5109_temperature";
label = "Außentemperatur";
}
{
state = "weather.forecast_home";
label = "Windgeschwindigkeit";
value = "{attributes.wind_speed} {attributes.wind_speed_unit}";
}
{
state = "sensor.load_power";
label = "Stromverbrauch";
}
];
};
};
}
{
"Frigate" = {
href = "https://192.168.69.69:8971";
description = "NVR with AI detection";
icon = "frigate.png";
widget = {
type = "frigate";
url = "http://127.0.0.1:5000";
# Shows: camera status, detection counts, storage usage
};
};
}
];
}
{
"Media & Storage" = [
{
"Immich" = {
href = "https://bilder.kempinger.at";
description = "Photo & video management";
icon = "immich.png";
widget = {
type = "immich";
url = "https://bilder.kempinger.at";
key = "{{HOMEPAGE_VAR_IMMICH_API_KEY}}"; # Generate in Immich settings
version = 2;
# Shows: photo count, video count, storage usage, user count
};
};
}
];
}
{
"Development" = [
{
"Forgejo" = {
href = "https://git.kempinger.at";
description = "Git repository hosting";
icon = "forgejo.png";
widget = {
type = "gitea"; # Forgejo uses Gitea API
url = "http://192.168.69.69:8184";
key = "{{HOMEPAGE_VAR_FORGEJO_TOKEN}}"; # Create in Forgejo settings
# Shows: repository count, issue count, pull requests
};
};
}
{
"Github" = {
href = "https://github.com/CrazyChaoz";
description = "Github";
icon = "github.png";
};
}
];
}
{
"Network & Monitoring" = [
{
"AdGuard Home" = {
href = "http://192.168.69.69:8183";
description = "DNS filtering & ad blocking";
icon = "adguard-home.png";
widget = {
type = "adguard";
url = "http://192.168.69.69:8183";
username = "{{HOMEPAGE_VAR_ADGUARD_USER}}";
password = "{{HOMEPAGE_VAR_ADGUARD_PASS}}";
# Shows: queries blocked, % blocked, queries processed
};
};
}
{
"Mikrotik" = {
href = "https://192.168.69.1";
description = "My Router";
icon = "mikrotik.png";
widget = {
type = "mikrotik";
url = "https://192.168.69.1:443";
username = "{{HOMEPAGE_VAR_USER}}";
password = "{{HOMEPAGE_VAR_PASS}}";
};
};
}
{
"Scrutiny" = {
href = "http://192.168.69.69:8185";
description = "S.M.A.R.T Monitoring";
icon = "scrutiny.png";
widget = {
type = "scrutiny";
url = "http://192.168.69.69:8185";
};
};
}
{
"ntopng" = {
href = "http://192.168.69.69:8182";
description = "Network traffic analysis";
icon = "ntopng.png";
# No official widget, but could use iframe or custom API
};
}
];
}
];
widgets = [
{
resources = {
info = true;
cpu = true;
memory = true;
"gpu:0" = true;
disk = "/";
uptime = true;
units = "metric";
refresh = 3000; # Refresh every 3 seconds
};
}
{
search = {
provider = "duckduckgo";
target = "_blank";
};
}
# Optional: Add datetime widget
{
datetime = {
text_size = "xl";
format = {
dateStyle = "long";
timeStyle = "short";
hour12 = false;
};
};
}
];
bookmarks = [
{
"Services" = [
{
"Website" = [
{
abbr = "WEB";
href = "https://kempinger.at";
}
];
}
];
}
{
"Documentation" = [
{
"NixOS" = [
{
abbr = "NX";
href = "https://nixos.org/manual/nixos/stable/";
}
];
}
{
"Home Assistant" = [
{
abbr = "HA";
href = "https://www.home-assistant.io/docs/";
}
];
}
{
"Frigate" = [
{
abbr = "FR";
href = "https://docs.frigate.video/";
}
];
}
];
}
];
# Environment variables for API keys (more secure than hardcoding)
environmentFile = "/var/lib/homepage-dashboard/secrets.env";
};
nixpkgs.config.allowUnfree = true; nixpkgs.config.allowUnfree = true;
nixpkgs.overlays = [ nixpkgs.overlays = [