New way to deploy apps in my server

Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
2026-05-20 05:12:34 +02:00 · 2026-04-11 02:26:00 +02:00
parent 29bdd6468a
commit 28b7923e47
22 changed files with 759 additions and 407 deletions
@@ -1,56 +1,100 @@
-# Glance is a self-hosted homepage/dashboard service.
+{ config, lib, ... }:
+let
+  inherit (import ../mk-container.nix { inherit lib config; }) mkContainer;
+  domain = config.var.domain;
+  hostIp = "10.233.12.1";
+
+  # Convert 6-char hex color to "H S L" string for glance (integers, no % sign)
+  hexToGlanceHsl = hex:
+    let
+      h = lib.toLower hex;
+      d = c:
+        if c == "a" then 10 else if c == "b" then 11 else if c == "c" then 12
+        else if c == "d" then 13 else if c == "e" then 14 else if c == "f" then 15
+        else lib.toInt c;
+      byte = pos: d (builtins.substring pos 1 h) * 16 + d (builtins.substring (pos + 1) 1 h);
+      ri = byte 0; gi = byte 2; bi = byte 4;
+      r = ri * 1.0 / 255.0;
+      g = gi * 1.0 / 255.0;
+      b = bi * 1.0 / 255.0;
+      mx = if r >= g && r >= b then "r" else if g >= b then "g" else "b";
+      mn = if r <= g && r <= b then "r" else if g <= b then "g" else "b";
+      cmax = if mx == "r" then r else if mx == "g" then g else b;
+      cmin = if mn == "r" then r else if mn == "g" then g else b;
+      delta = cmax - cmin;
+      l = (cmax + cmin) / 2.0;
+      s = if delta < 0.0001 then 0.0
+          else if l <= 0.5 then delta / (cmax + cmin)
+          else delta / (2.0 - cmax - cmin);
+      hue =
+        if delta < 0.0001 then 0.0
+        else if mx == "r" then let raw = 60.0 * (g - b) / delta; in if raw < 0.0 then raw + 360.0 else raw
+        else if mx == "g" then 60.0 * ((b - r) / delta + 2.0)
+        else 60.0 * ((r - g) / delta + 4.0);
+    in "${toString (builtins.floor (hue + 0.5))} ${toString (builtins.floor (s * 100.0 + 0.5))} ${toString (builtins.floor (l * 100.0 + 0.5))}";
+
+  c = config.stylix.base16Scheme;
+in
 {
-  config,
-  lib,
-  ...
-}: {
-  imports = [./home.nix ./server.nix];
+  # 0444 so the glance user inside the container can read the bind-mounted file
+  sops.secrets.adguard-pwd.mode = "0444";

-  services = {
-    glance = {
-      enable = true;
-      settings = {
-        # theme.contrast-multiplier = lib.mkForce 1.4;
-        server.port = 5678;
+  imports = [
+    (mkContainer {
+      name = "glance";
+      hostIp = hostIp;
+      containerIp = "10.233.12.2";
+      internet = true;
+      bindMounts."/run/secrets/adguard-pwd" = {
+        hostPath = config.sops.secrets.adguard-pwd.path;
+        isReadOnly = true;
      };
-    };
-    cloudflared.tunnels."${config.var.tunnelId}".ingress."home.${config.var.domain}" = "http://localhost:8755";
+      nixosConfig = { lib, ... }: {
+        _module.args.domain = domain;
+        _module.args.adguardUrl = "http://${hostIp}:3000";
+        imports = [ ./home.nix ./server.nix ];

-    nginx.virtualHosts."glance.local" = {
-      listen = [
-        {
-          addr = "127.0.0.1";
-          port = 8755;
-        }
-      ];
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:${toString config.services.glance.settings.server.port}";
-        extraConfig = ''
-          proxy_cache_valid 200 30m;
-          proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
-          add_header X-Cache-Status $upstream_cache_status;
-        '';
+        services.glance = {
+          enable = true;
+          settings = {
+            server = {
+              port = 5678;
+              host = "127.0.0.1";
+            };
+            theme = {
+              light = false;
+              background-color = hexToGlanceHsl c.base00; # background
+              primary-color    = hexToGlanceHsl c.base0D; # accent (iris/purple)
+              positive-color   = hexToGlanceHsl c.base0B; # positive (pine/teal)
+              negative-color   = hexToGlanceHsl c.base08; # negative (love/rose)
+            };
+          };
+        };
+
+        services.nginx = {
+          enable = true;
+          appendHttpConfig = ''
+            proxy_cache_path /var/cache/nginx/glance levels=1:2 keys_zone=glance:1m inactive=30m max_size=100m;
+          '';
+          virtualHosts."glance" = {
+            listen = [{ addr = "0.0.0.0"; port = 8080; }];
+            locations."/" = {
+              proxyPass = "http://127.0.0.1:5678";
+              extraConfig = ''
+                proxy_cache glance;
+                proxy_cache_valid 200 30m;
+                proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
+                add_header X-Cache-Status $upstream_cache_status;
+              '';
+            };
+          };
+        };
+
+        networking.firewall.allowedTCPPorts = [ 8080 ];
+        system.stateVersion = "24.05";
      };
-    };
-  };
+    })
+  ];

-  systemd.services.glance.serviceConfig = {
-    DynamicUser = lib.mkForce false;
-    User = "glance";
-    Group = "glance";
-  };
-
-  users = {
-    groups.glance = {};
-    users.glance = {
-      isSystemUser = true;
-      description = "Glance user";
-      group = "glance";
-    };
-  };
-
-  sops.secrets.adguard-pwd = {
-    owner = "glance";
-    mode = "0600";
-  };
+  services.cloudflared.tunnels."${config.var.tunnelId}".ingress."home.${domain}" = "http://10.233.12.2:8080";
 }