New way to deploy apps in my server

Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
2026-05-20 13:22:34 +02:00 · 2026-04-11 02:26:00 +02:00
parent 29bdd6468a
commit 28b7923e47
22 changed files with 759 additions and 407 deletions
@@ -1,56 +1,100 @@
-# Glance is a self-hosted homepage/dashboard service.
+{ config, lib, ... }:
+let
+  inherit (import ../mk-container.nix { inherit lib config; }) mkContainer;
+  domain = config.var.domain;
+  hostIp = "10.233.12.1";
+
+  # Convert 6-char hex color to "H S L" string for glance (integers, no % sign)
+  hexToGlanceHsl = hex:
+    let
+      h = lib.toLower hex;
+      d = c:
+        if c == "a" then 10 else if c == "b" then 11 else if c == "c" then 12
+        else if c == "d" then 13 else if c == "e" then 14 else if c == "f" then 15
+        else lib.toInt c;
+      byte = pos: d (builtins.substring pos 1 h) * 16 + d (builtins.substring (pos + 1) 1 h);
+      ri = byte 0; gi = byte 2; bi = byte 4;
+      r = ri * 1.0 / 255.0;
+      g = gi * 1.0 / 255.0;
+      b = bi * 1.0 / 255.0;
+      mx = if r >= g && r >= b then "r" else if g >= b then "g" else "b";
+      mn = if r <= g && r <= b then "r" else if g <= b then "g" else "b";
+      cmax = if mx == "r" then r else if mx == "g" then g else b;
+      cmin = if mn == "r" then r else if mn == "g" then g else b;
+      delta = cmax - cmin;
+      l = (cmax + cmin) / 2.0;
+      s = if delta < 0.0001 then 0.0
+          else if l <= 0.5 then delta / (cmax + cmin)
+          else delta / (2.0 - cmax - cmin);
+      hue =
+        if delta < 0.0001 then 0.0
+        else if mx == "r" then let raw = 60.0 * (g - b) / delta; in if raw < 0.0 then raw + 360.0 else raw
+        else if mx == "g" then 60.0 * ((b - r) / delta + 2.0)
+        else 60.0 * ((r - g) / delta + 4.0);
+    in "${toString (builtins.floor (hue + 0.5))} ${toString (builtins.floor (s * 100.0 + 0.5))} ${toString (builtins.floor (l * 100.0 + 0.5))}";
+
+  c = config.stylix.base16Scheme;
+in
 {
-  config,
-  lib,
-  ...
-}: {
-  imports = [./home.nix ./server.nix];
+  # 0444 so the glance user inside the container can read the bind-mounted file
+  sops.secrets.adguard-pwd.mode = "0444";

-  services = {
-    glance = {
-      enable = true;
-      settings = {
-        # theme.contrast-multiplier = lib.mkForce 1.4;
-        server.port = 5678;
+  imports = [
+    (mkContainer {
+      name = "glance";
+      hostIp = hostIp;
+      containerIp = "10.233.12.2";
+      internet = true;
+      bindMounts."/run/secrets/adguard-pwd" = {
+        hostPath = config.sops.secrets.adguard-pwd.path;
+        isReadOnly = true;
      };
-    };
-    cloudflared.tunnels."${config.var.tunnelId}".ingress."home.${config.var.domain}" = "http://localhost:8755";
+      nixosConfig = { lib, ... }: {
+        _module.args.domain = domain;
+        _module.args.adguardUrl = "http://${hostIp}:3000";
+        imports = [ ./home.nix ./server.nix ];

-    nginx.virtualHosts."glance.local" = {
-      listen = [
-        {
-          addr = "127.0.0.1";
-          port = 8755;
-        }
-      ];
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:${toString config.services.glance.settings.server.port}";
-        extraConfig = ''
-          proxy_cache_valid 200 30m;
-          proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
-          add_header X-Cache-Status $upstream_cache_status;
-        '';
+        services.glance = {
+          enable = true;
+          settings = {
+            server = {
+              port = 5678;
+              host = "127.0.0.1";
+            };
+            theme = {
+              light = false;
+              background-color = hexToGlanceHsl c.base00; # background
+              primary-color    = hexToGlanceHsl c.base0D; # accent (iris/purple)
+              positive-color   = hexToGlanceHsl c.base0B; # positive (pine/teal)
+              negative-color   = hexToGlanceHsl c.base08; # negative (love/rose)
+            };
+          };
+        };
+
+        services.nginx = {
+          enable = true;
+          appendHttpConfig = ''
+            proxy_cache_path /var/cache/nginx/glance levels=1:2 keys_zone=glance:1m inactive=30m max_size=100m;
+          '';
+          virtualHosts."glance" = {
+            listen = [{ addr = "0.0.0.0"; port = 8080; }];
+            locations."/" = {
+              proxyPass = "http://127.0.0.1:5678";
+              extraConfig = ''
+                proxy_cache glance;
+                proxy_cache_valid 200 30m;
+                proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+                add_header X-Cache-Status $upstream_cache_status;
+              '';
+            };
+          };
+        };
+
+        networking.firewall.allowedTCPPorts = [ 8080 ];
+        system.stateVersion = "24.05";
      };
-    };
-  };
+    })
+  ];

-  systemd.services.glance.serviceConfig = {
-    DynamicUser = lib.mkForce false;
-    User = "glance";
-    Group = "glance";
-  };
-
-  users = {
-    groups.glance = {};
-    users.glance = {
-      isSystemUser = true;
-      description = "Glance user";
-      group = "glance";
-    };
-  };
-
-  sops.secrets.adguard-pwd = {
-    owner = "glance";
-    mode = "0600";
-  };
+  services.cloudflared.tunnels."${config.var.tunnelId}".ingress."home.${domain}" = "http://10.233.12.2:8080";
 }
@@ -1,4 +1,4 @@
-{config, ...}: {
+{ domain, ... }: {
  services.glance.settings.pages = [
    {
      name = "Home";
@@ -97,11 +97,11 @@
                        }
                        {
                          title = "Mazanoke (image downgrading)";
-                          url = "https://mazanoke.${config.var.domain}";
+                          url = "https://mazanoke.${domain}";
                        }
                        {
                          title = "Stirling PDF";
-                          url = "https://pdf.${config.var.domain}";
+                          url = "https://pdf.${domain}";
                        }
                        {
                          title = "Vert (file converter)";
@@ -200,11 +200,11 @@
                      links = [
                        {
                          title = "Nix 4 Cyber";
-                          url = "https://n4c.${config.var.domain}";
+                          url = "https://n4c.${domain}";
                        }
                        {
                          title = "Cyberchef";
-                          url = "https://cyberchef.${config.var.domain}";
+                          url = "https://cyberchef.${domain}";
                        }
                        {
                          title = "TryHackMe";
@@ -1,4 +1,8 @@
-{config, ...}: {
+{
+  domain,
+  adguardUrl,
+  ...
+}: {
  services.glance.settings.pages = [
    {
      name = "Server";
@@ -26,42 +30,62 @@
                  sites = [
                    {
                      title = "Adguard";
-                      url = "https://adguard.${config.var.domain}";
+                      url = "https://adguard.${domain}";
                      icon = "si:adguard";
                    }
+                    {
+                      title = "Blog";
+                      url = "https://${domain}";
+                      icon = "si:blogger";
+                    }
+                    {
+                      title = "Gitea";
+                      url = "https://git.${domain}";
+                      icon = "si:gitea";
+                    }
                    {
                      title = "Mealie";
-                      url = "https://mealie.${config.var.domain}";
+                      url = "https://mealie.${domain}";
                      icon = "si:mealie";
                    }
                    {
-                      title = "Linkding";
-                      url = "https://linkding.${config.var.domain}";
-                      icon = "sh:linkding";
+                      title = "Umami";
+                      url = "https://umami.${domain}";
+                      icon = "si:umami";
+                    }
+                    {
+                      title = "Iknowyou";
+                      url = "https://iknowyou.${domain}";
+                      icon = "sh:iknowyou";
+                    }
+                    {
+                      title = "Iknowyou Prod";
+                      url = "https://iknowyou-prod.${domain}";
+                      icon = "sh:iknowyou";
+                    }
+                    {
+                      title = "Wallpapers";
+                      url = "https://wallpapers.${domain}";
+                      icon = "si:unsplash";
                    }
                    {
                      title = "Mazanoke";
-                      url = "https://mazanoke.${config.var.domain}";
+                      url = "https://mazanoke.${domain}";
                      icon = "sh:mazanoke";
                    }
                    {
                      title = "Stirling PDF";
-                      url = "https://pdf.${config.var.domain}";
+                      url = "https://pdf.${domain}";
                      icon = "sh:stirling-pdf";
                    }
                    {
                      title = "Default-creds";
-                      url = "https://default-creds.${config.var.domain}";
+                      url = "https://default-creds.${domain}";
                      icon = "si:passbolt";
                    }
-                    {
-                      title = "Blog";
-                      url = "https://${config.var.domain}";
-                      icon = "si:blogger";
-                    }
                    {
                      title = "Cyberchef";
-                      url = "https://cyberchef.${config.var.domain}";
+                      url = "https://cyberchef.${domain}";
                      icon = "si:codechef";
                    }
                  ];
@@ -73,37 +97,37 @@
                  sites = [
                    {
                      title = "Jellyfin";
-                      url = "https://media.${config.var.domain}";
+                      url = "https://media.${domain}";
                      icon = "si:jellyfin";
                    }
                    {
                      title = "Jellyseerr";
-                      url = "https://demandemedia.${config.var.domain}";
+                      url = "https://demandemedia.${domain}";
                      icon = "si:odysee";
                    }
                    {
                      title = "Radarr";
-                      url = "https://radarr.${config.var.domain}";
+                      url = "https://radarr.${domain}";
                      icon = "si:radarr";
                    }
                    {
                      title = "Sonarr";
-                      url = "https://sonarr.${config.var.domain}";
+                      url = "https://sonarr.${domain}";
                      icon = "si:sonarr";
                    }
                    {
                      title = "Bazarr";
-                      url = "https://bazarr.${config.var.domain}";
+                      url = "https://bazarr.${domain}";
                      icon = "si:subtitleedit";
                    }
                    {
                      title = "Prowlarr";
-                      url = "https://prowlarr.${config.var.domain}";
+                      url = "https://prowlarr.${domain}";
                      icon = "si:podcastindex";
                    }
                    {
                      title = "Transmission";
-                      url = "https://transmission.${config.var.domain}";
+                      url = "https://transmission.${domain}";
                      icon = "si:transmission";
                    }
                  ];
@@ -114,7 +138,7 @@
            {
              type = "dns-stats";
              service = "adguard";
-              url = "http://localhost:${toString config.services.adguardhome.port}";
+              url = adguardUrl;
              username = "hadi";
              password = "\${secret:adguard-pwd}";
            }